13. Changes in RAUC¶
13.1. Release 1.3 (released Apr 23, 2020)¶
Enhancements
- Added a new D-Bus method (InstallBundle) which supports optional parameters (“ignore-compatible” for now).
- Added support for X.509 key usage attributes (code signing and others).
- Added a
check-crl
configuration option to require Certificate Revocation List (CRL) checking during installation. If the keyring already contains a CRL, but checking is not enabled, a warning will be printed. - Support updating of already mounted slots via a custom install hook when enabled with “allow-mounted=true” in the system configuration. This can be useful for updating bootloaders in a boot partition (for example on the Raspberry Pi or BeagleBone). (by Martin Hundebøll and Rasmus Villemoes)
- Added the
--mksquashfs-args
option for bundle creation. This can be used to configure the details of the squashfs compression. (by Louis des Landes) - Added the
--casync-args
option for therauc convert
command. This can be used to configure the details of the casync conversion. (by Christopher Obbard) - Added support for installing UBIFS images via casync (depends on the casync PR https://github.com/systemd/casync/pull/227). (by Ulrich Ölmann)
- Enabled usage of
--no-verify
withrauc resign
. This can be useful for resigning of bundles signed with expired certificates. - Exposed the
RAUC_BUNDLE_MOUNT_POINT
environment variable to hook scripts. This also deprecates the old nameRAUC_UPDATE_SOURCE
for this value in handler scripts. (by Rasmus Villemoes) - Reduced size of the installed
rauc
binary. This was done by using--gc-sections
and adding a configure switch to disable thebundle
,resign
andconvert
commands. (by Rasmus Villemoes) - Added support for explicitly telling RAUC that all slots are inactive on the
kernel command line (
rauc.external
). This is useful for using RAUC in a factory installer. (by Marco Felsch) - Improved layout of the
rauc status
output.
Bug fixes
- Fixed SD/eMMC detection when using /dev/disk/by-path/ symlinks. (by Marco Felsch)
- Fixed handling of HTTP Content-Encoding: gzip. (by Jan Kundrát)
- Fixed reporting of errors during bundle verification. This solves a
rauc-ERROR **: Not enough substeps: check_bundle
abort. (by Rouven Czerwinski) - Fixed handling of surrounding whitespace in the system variant by removing it. A warning is printed in this case.
- Fixed the RAUC D-Bus interface introspection file name to be consistent with the interface name. (by Michael Tretter)
Testing
- Switched testing environment from user-mode-linux (UML) to QEMU. This allows us to use our own kernel configuration and avoids the (unusual) dependency.
- Reenabled support for coverity, as they have added support for GCC 8.
- Added some more tests in several areas.
Code
- Removed support for OpenSSL versions < 1.1.1. OpenSSL versions 1.0.2 and 1.1.0 are no longer supported by the OpenSSL project: https://www.openssl.org/policies/releasestrat.html
- Improved support for large bundles on 32 bit systems, but some work remains to be done.
- Disabled automatic
-Werror
and-O0
when building from a git repository. This caused confusion in several cases. - Updated uncrustify and enabled some additional formatting rules.
- Reduced redundant prefixes in error messages.
- Removed unused verification functions left over from the old network mode.
- Removed minor memory leaks.
Documentation
- Clarified documentation about hooks and handlers (and the available environment variables).
- Fixed minor typos and inconsistencies.
Contributions from: Arnaud Rebillout, Christopher Obbard, Enrico Jörns, Jan Kundrát, Jan Lübbe, Louis des Landes, Marco Felsch, Martin Hundebøll, Michael Heimpold, Michael Tretter, Rasmus Villemoes, Rouven Czerwinski, Trent Piepho, Ulrich Ölmann
13.2. Release 1.2 (released Oct 27, 2019)¶
Enhancements
- Added
--signing-keyring
argument to specify a distinct keyring for post-signing verification. This allows for example to userauc resign
with certs not verifying against the original keyring. - Output of ‘rauc status’ is now grouped by slot groups to make it easier to identify the redundancy setup. Previously, the present slots were printed in a random order which was confusing, especially when having more than three or four slots.
- Use pkg-config to obtain valid D-Bus install directories and clean up D-Bus directory handling. This adds libdbus-1-dev as new build dependency. (by Michael Heimpold)
- Moved various checks that could be performed before actually starting the installation out of the atomic update region. This allows RAUC to fail earlier without leaving behind a disabled slot group with incomplete contents.
- Added optional
--progress
argument torauc install
that enables a basic text progress bar instead of the default line-by-line log. - Added
tmppath
to casync system config options to allow setting TMPDIR for casync. (by Gaël PORTAY) - Slot skipping was deactivated by default as it turned out to be unexpected behaviour for many users. The corresponding setting was renamed to ‘install-same=’ (‘force-install-same’ will remain valid, too). The means skipping writing for slots whose current and intended slot hashes are equal must now be enabled explicitly. This optimization is mainly useful for use-cases with a read-only rootfs.
- Added new slot type
boot-mbr-switch
to support atomic updating of boot partitions in the MBR. (by Thomas Hämmerle) See here for details.
Bug fixes
- Fixed detection of whether the bundle path is located in input directory for a corner case.
- Fixed off-by-one error in printing the remaining attempts counter in the uboot.sh contrib script (by Ellie Reeves)
- Fixed detection of mount points disappearing during the service’s runtime.
- Added missing entry of ‘service’ subcommand to RAUC help text (if compiled with service support).
- Fixed inappropriate resetting of BOOT_ACK flag in eMMC extCSD register handling which could have prevented proper booting on some SoCs. (by Stephan Michaelsen)
- Fixed leaking GDataInputStreams in boot selection and install handling that led to steadily increasing number of open file descriptors in some scenarios until exceeding system limits and leading to ‘Too many open files’ errors. This was only problematic when installing many times without rebooting.
- Fixed ‘uninitialized local’ bugs in update_handler and config_file module. (by Gaël PORTAY)
- PKCS#11 handling now does not silently accept missing (empty) PINs anymore, but allows interactive prompt for entering it.
- Fixed bundle detection on big endian systems.
- Fixed size mismatches in printf formatter and struct packing on ARM32.
Testing
- Fix checks that depended on implicit assumptions regarding the GHashTable behaviour that are not valid anymore for newer glib versions.
- Added notes on required tools for unit testing and added check for grub-editenv being present.
- Travis now also runs cross-compilation tests for platforms armhf, i386, arm64, armel to allow early detection of cross-compilation issues with endianness, 32 vs. 64 bit, etc.
Code
- Reworked subprocess call logging for debugging and added remaining missing log output to users of r_subprocess_new().
- Refactored slot handling code in new ‘slot.c’ module to be used for both install and status information handling.
- Added qdbusxml2cpp annotations to rauc-installer.xml for interface class generation. (by Tobias Junghans)
- Removed the deprecated ‘network mode’. Note that this does not affect RAUC’s bundle network capabilities (casync, etc.).
- Fixed clang compilation warnings (unused variable, printf formatter, non-obvious invert statements).
- Various code cleanups, structural simplifications
Documentation
- Added hints for creating
/dev/data
symlink to mount the right data partition in dual data partition setups. (by Fabian Knapp) - Extended manpage to cover ‘rauc status’ subcommands. (by Michael Heimpold)
- Fixed various typos.
Contributions from: Bastian Krause, Ellie Reeves, Enrico Jörns, Fabian Knapp, Gaël PORTAY, Jan Lübbe, Leif Middelschulte, Michael Heimpold , Stephan Michaelsen , Thomas Hämmerle, Thorsten Scherer, Tobias Junghans, Uwe Kleine-König
13.3. Release 1.1 (released Jun 5, 2019)¶
Enhancements
- Check that we do not generate a bundle inside a source directory
- Added full GRUB2 support, including status and primary slot readback (by Vitaly Ogoltsov and Beralt Meppelink)
- Allow passing a slot’s name via commandline instead of it’s bootname
- Show each slot’s name in
Booted from
line ofrauc status
to simplify identification - Add
resize
option for ext4 slots to let RAUC run resize2fs on an ext4 slot after copying the image. - Allow dumping the signer certificate (
--dump-cert
) without verification - Allow specifying a keyring directory with multiple files to support non-conflicting installations of certificates from different packages (by Evan Edstrom)
- Add a bootloader option
efi-use-bootnext
(only valid when bootloader is ‘efi’) to disable usage of BootNext for marking slots primary. - Support setting a system variant in the
system-info
handler viaRAUC_SYSTEM_VARIANT
- D-Bus “mountpoint” property now also exports external mount point
- Made slot state, compatible and variant available as environment variables for slot hooks
- Made system variant variable available as an environment variable for bundle hooks
Bug fixes
- Fix memory leaks in D-Bus notification callbacks (by Michael Heimpold)
- Fix memory leaks in resolve_bundle_path (by Michael Heimpold)
- Do not print misleading status dump when calling
mark-*
subcommands - Avoid mmap’ing potentially huge files (by Rasmus Villemoes)
- Fix and cleanup checksum verification and handling (by Rasmus Villemoes)
- Avoid assertion error caused by unconditional slot status hash table freeing
- Make a-month-from-now validity check in signature verification more robust (by Rasmus Villemoes)
Testing
- Enable lgtm analysis for tests
- Restructure signature tests with set_up and tear_down (by Evan Edstrom)
- Move from gcc-6 to gcc-7
- Build environment fixes and workarounds
Code
- A failure in calling barebox_state bootchooser implementation should be propagated
- Update to latest
git-version-gen
upstream version - Tail-call real rauc suprocess in
rauc-service.sh
(by Angus Lees) - Consistently return newly-allocated objects in
resolve_path()
- Enforce space between
if
and(
via uncrustify
Documentation
- Added an initial version of a man page (by Michael Heimpold)
- Extended D-Bus API documentation
- Improve description of how RAUC detects the booted slot
- Added lgtm badge
- Add hints on library dependencies
- Clarifications on how to build and install RAUC
- Add note on basic RAUC buildroot support
- Clarification on usage of RAUC on host and target side
- Clarified documentation of ‘use-bundle-signing-time’ option (by Michael Heimpold)
- Typos fixed
Contributions from: Angus Lees, Arnaud Rebillout, Beralt Meppelink, Enrico Jörns, Evan Edstrom, Ian Abbott, Jan Lübbe, Michael Heimpold, Rasmus Villemoes, Ulrich Ölmann, Vitaly Ogoltsov
13.4. Release 1.0 (released Dec 20, 2018)¶
Enhancements
- Support OpenSSL 1.1
- Use OPENSSL_config() instead of OPENSSL_no_config()
- Handle curl_global_init() return code
Bug fixes
- Fix error handling when resolving the backing file for a loop device
- Fix error reporting when no primary slot is found with u-boot (by Matthias Bolte)
- Fix memory leaks when parsing handler output
- Fix compiler error when building with –disable-network
- Handle fatal errors during curl or openssl initialization
- Fix boot selection handling for asymmetric update setups
- Fix default variant string in case of failure when obtaining
- Fix return codes when giving excess arguments to CLI functions
- Let ‘rauc service’ return exit code != 0 in case of failure
- Print ‘rauc service’ user error output with g_printerr()
- Fix showing primary slot (obtained via D-Bus) in ‘rauc status’
- Fix showing inverted boot-status (obtained via D-Bus) in ‘rauc status’
- Minor output and error handling fixes and enhancements
Testing
- Fake entropy in uml tests to fix and speed up testing
- Fix creating and submitting coverity report data
- Migrate to using Docker images for testing
- Changed coverage service from coveralls to codecov.io
- Switch to uncrustify 0.68.1
Documentation
- Provided slot configuration examples for common scenarios
- Fixes and enhancements of README.rst to match current state
- Add sphinx DTS lexer for fixing and improving dts example code parsing
Contributions from: Ahmad Fatoum, Enrico Jörns, Jan Lübbe, Matthias Bolte
13.5. Release 1.0-rc1 (released Oct 12, 2018)¶
Enhancements
- Bundle creation
- Add support for passing Keys/Certificates stored on PKCS#11 tokens (e.g. for using a smart card or HSM). See PKCS#11 Support for details.
- Print a warning during signing if a certificate in the chain will expire within one month
- If keyring is given during bundle creation, automatically verify bundle signature and trust chain
- Configuration
(see the reference for the [system], [keyring] and [slot.*.*] sections for details)
- Add
extra-mount-opts
argument to slot config to allow passing custom options tomount
calls (such as user_xattr or seclabel) - Implement support for
readonly
slots that are part of the slot description but should never be written by RAUC - Add option
use-bundle-signing-time
to use signing time for verification instead of the current time - Introduce
max-bundle-download-size
config setting (by Michael Heimpold) - Rename confusing
ignore-checksum
flag toforce-install-same
(old remains valid of course) (by Jan Remmet) - Add strict parsing of config files as we do for manifests already. This will reject configs with invalid keys, groups, etc. to prevent unintentional behavior
- Add
- Installation
- Remove strict requirement of using
.raucb
file extension, although it is still recommended - Export RAUC slot type to handlers and hooks (by Rasmus Villemoes)
- Add
*.squashfs
toraw
slot handling (by Emmanuel Roullit) - Add checking of RAUC bundle identifier (squashfs identifier)
*.img
files can now be installed toext4
,ubifs
orvfat
slots (by Michael Heimpold)- Warn if downloaded bundle could not be deleted
- Remove strict requirement of using
- Expose system information (variant, compatible, booted slot) over D-Bus (by Jan Remmet)
- The
rauc status
command line call now only uses the D-Bus API (when enabled) to obtain status information instead of loading configuration and performing operations itself. This finalizes the clear separations between client and service and also allows calling the command line client without requiring any configuration. - Add debug log domain
rauc-subprocess
for printing RAUC subprocess invocations. This can be activated by setting the environment variableG_MESSAGES_DEBUG=rauc-subprocess
. See Debugging RAUC for details. - Enhancement of many debug and error messages to be more precise and helpful
- Let U-Boot boot selection handler remove slot from
BOOT_ORDER
when marking it bad - Implemented obtaining state and primary information for U-Boot boot selection interface (by Timothy Lee)
- Also show certificate validity times when the certificate chain is displayed
- Added a simple CGI as an example on how to code against the D-Bus API in RAUC contrib/ folder. (by Bastian Stender)
Bug fixes
- Bootchooser EFI handler error messages and segfault fixed (by Arnaud Rebillout)
- Fix preserving of primary errors while printing follow-up errors in update_handlers (by Rasmus Villemoes)
- Make not finding (all) appropriate target slots a fatal error again
- Prevent non-installation operations from touching the installation progress information (by Bastian Stender)
- Call
fsync()
when writing raw images to assure content is fully written to disk before exiting (by Jim Brennan) - Fix casync store initialization for extraction without seeds (by Arnaud Rebillout)
- Fix slot status path generation for external mounts (by Vyacheslav Yurkov)
- Do not try to mount already mounted slots when loading slot status information from per-slot file
- Fix invalid return value in case of failed
mark_active()
- Fix bootname detection for missing
root=
command line parameter - Fix passing intermediate certificates via command line which got broken by a faulty input check (by Marcel Hamer)
- Preserve original uid/gid during extraction to be independent of the running system.
This was only problematic if the name to ID mapping changed with an update.
Note that this requires to enable
CONFIG_FEATURE_TAR_LONG_OPTIONS
when using busybox tar. - Block device paths are now opened with
O_EXCL
to ensure exclusive access - Fix handling for
file://
URIs - Build-fix workaround for ancient (< 3.4) kernels (by Yann E. MORIN)
- Various internal error handling fixes (by Ulrich Ölmann, Bastian Stender)
- Several memory leak fixes
Testing
- Abort on
g_critical()
to detect issues early - Extended and restructured testing for barebox and u-boot boot selection handling
- Basic
rauc convert
(casync) testing - Switch to Travis xenial environment
- Make diffs created by uncrustify fatal to enforce coding style
- Fix hanging rauc.t in case of failed tests for fixing sharness cleanup function handling
- Run sharness (rauc.t) tests with verbose output
- Show make-check log on error
Code
- Add GError handling to download functions
- Prepare support for tracing log level
- Start more detailed annotation of function parameter direction and transfer
- Simplified return handling as result of cleanup helper rework
- Treewide introduction of Glib automatic cleanup helpers. Increases minimum required GLib version to 2.45.8 (by Philipp Zabel)
- Prepare deprecation of RAUC ancient non-bundle ‘network mode’
Documentation
- Add a Debugging RAUC chapter on how to debug RAUC
- Add a Bootloader Interaction section describing the boot selection layer and the special handling for the supported bootloaders
- Add hint on how to run RAUC without D-Bus to FAQ
- Document Required Host Tools and Required Target Tools
- Tons of typo fixes, minor enhancements, clarifications, example fixes, etc.
Contributions from: Alexander Dahl, Arnaud Rebillout, Bastian Stender, Emmanuel Roullit, Enrico Jörns, Jan Lübbe, Jan Remmet, Jim Brennan, Marcel Hamer, Michael Heimpold, Philip Downer, Philipp Zabel, Rasmus Villemoes, Thomas Petazzoni, Timothy Lee, Ulrich Ölmann, Vyacheslav Yurkov, Yann E. MORIN
13.6. Release 0.4 (released Apr 9, 2018)¶
Enhancements
- Add
barebox-statename
key to[system]
section of system.conf in order to allow using non-default names for barebox state - Support atomic bootloader updates for eMMCs.
The newly introduced slot type
boot-emmc
will tell RAUC to handle bootloader updates on eMMC by using themmcblkXboot0/-boot1
partitions and the EXT_CSD registers for alternating updates. - Support writing
*.vfat
images to vfat slots - Add basic support for streaming bundles using casync tool.
Using the casync tool allows streaming bundle updates chunk-wise over
http/https/sftp etc.
By using the source slot as a seed for the reproducible casync chunking
algorithm, the actual chunks to download get reduced to only those that
differ from the original system.
- Add
rauc convert
command to convert conventional bundles to casync bundle and chunk store - Extend update handler to handle
.caibx
and.caidx
suffix image types in bundle
- Add
- Added
--detailed
argument torauc status
to obtain newly added slot status information - Added D-Bus Methods
GetSlotStatus
to obtain collected status of all slots - Extended information stored in slot status files (installed bundle info, installation and activation timestamps and counters)
- Optionally use a central status file located in a storage location not
touched during RAUC updates instead of per-slot files (enabled by setting
statusfile
key in[system]
section ofsystem.conf
). - Add
write-slot
command to write images directly to defined slots (for use during development)
Bug fixes
- Fix documentation out-of-tree builds
- Fixed packaging for dbus wrapper script rauc-service.sh
- Some double-free and error handling fixes
Testing
- Create uncrustify report during Travis run
Code
- Unified hash table iteration and variable usage
- Add uncrustify code style configuration checker script to gain consistent coding style. Committed changes revealed by initial run.
Documentation
- Updated and extended D-Bus interface documentation
- Added documentation for newly added features (casync, central slot status, etc.)
- Fixed and extended Yocto (meta-rauc) integration documentation
- Add link to IRC/Matrix channel
- Some minor spelling errors fixed
13.7. Release 0.3 (released Feb 1, 2018)¶
Enhancements
- Added support for intermediate certificates, improved bundle resigning and certificate information for hooks. This makes it easier to use a multi-level PKI with separate intermediate certificates for development and releases. See Resigning Bundles for details.
- Added support for image variants, which allow creating a single bundle which supports multiple hardware variants by selecting the matching image from a set contained in the bundle. See Handling Board Variants With a Single Bundle for details.
- Added support for redundant booting by using EFI boot entries directly. See EFI for details.
- Added boot information to
rauc status
- Added
rauc extract
command to extract bundles - Support detection of the booted slot by using the
UUID=
andPARTUUID=
kernel options. - Improved the status and error output
- Improved internal error cause propagation
Bug fixes
- Fixed boot slot detection for
root=<symlink>
boot parameters (such asroot=/dev/disk/by-path/pci-0000:00:17.0-ata-1-part1
) - Removed redundant image checksum verification during installation.
Testing
- Improve robustness and test coverage
- Use gcc-7 for testing
Documentation
- Added documentation for
- intermediate certificates
- re-signing bundles
- image variants
- UEFI support
- Minor fixes and clarifications
13.8. Release 0.2 (released Nov 7, 2017)¶
Enhancements
- Added
--override-boot-slot
argument to force booted slot - Display installation progress and error cause in CLI
- Allow installing uncompressed tar balls
- Error reporting for network handling and fail on HTTP errors
- Added
--keyring
command line argument - Added
activate-installed
key and handling forsystem.conf
that allows installing updates without immediately switching boot partitions. - Extended
rauc status mark-{good,bad}
with an optional slot identifier argument - Added subcommand
rauc status mark-active
to explicitly activate slots - New D-Bus method
mark
introduced that allows slot activation via D-Bus - Added
tar
archive update handler forvfat
slots - Introduced
rauc resign
command that allows to exchange RAUC signature without modifying bundle content - Display signature verification trust chain in output of
rauc info
. Also generate and display SPKI hash for each certificate - Added
--dump-cert
argument torauc info
to allow displaying signer certificate info
Documentation
- Added docs/, CHANGES and README to tarball
- Added and reworked a bunch of documentation chapters
- Help text for
rauc bundle
fixed - Added short summary for command help
Bug fixes
- Flush D-Bus interface to not drop property updates
- Set proper PATH when starting service on non-systemd systems
- Include config.h on top of each file to fix largefile support and more
- Let CLI properly fail on excess arguments provided
- Do not disable bundle checking for
rauc info --no-verify
- Properly clean up mount points after failures
- Abort on inconsistent slot parent configuration
- Misc memory leak fixes
- Fixes in error handling and debug printout
- Some code cleanups
Testing
- Miscellaneous cleanups, fixes and refactoring
- Add tests for installation via D-Bus
- Let Travis build documentation with treating warnings as errors
- Allow skipping sharness tests requiring service enabled
- Explicitly install dbus-x11 package to fix Travis builds
- Fix coveralls builds by using
--upgrade
duringpip install cpp-coveralls
- Use gcc-6 for testing
13.9. Release 0.1.1 (released May 11, 2017)¶
Enhancements
- systemd service: allow systemd to manage and cleanup RAUCs mount directory
Documentation
- Added contribution guideline
- Added CHANGES file
- Converted README.md to README.rst
- Added RAUC logo
- Several typos fixed
- Updated documentation for mainline PTXdist recipes
Bug fixes
- Fix signature verification with OpenSSL 1.1.x by adding missing binary flag
- Fix typo in json status output formatter (“mountpint” -> “mountpoint”)
- Fixed packaging of systemd service files by removing generated service files from distribution
- src/context: initialize datainstream to NULL
- Added missing git-version-gen script to automake distribution which made autoreconf runs on release packages fail
- Fixed D-Bus activation of RAUC service for non-systemd systems
13.10. Release 0.1 (released Feb 24, 2017)¶
This is the initial release of RAUC.