Rauc Versions Save

Safe and secure software updates for embedded Linux

v1.11.3

2 months ago

Bug fixes

  • Fix service startup when using symlinks in system.conf and root= in the kernel commandline. Systems using rauc.slot=<bootname> or bootchooser.active=<bootname> are not affected. See issue #1360 for more details.

Contributions from: Enrico Jörns

Full Changelog: https://github.com/rauc/rauc/compare/v1.11.2...v1.11.3

v1.11.2

2 months ago

Bug fixes

  • Fix rauc info when used with streaming.
  • Fix streaming helper shutdown when used with rauc info. This avoids a nbd server failed message.
  • Fix handling of streaming request retries.
  • Remove a redundant event log message when trying to install an encrypted bundle with an unencrypted manifest.

Contributions from: Enrico Jörns

Full Changelog: https://github.com/rauc/rauc/compare/v1.11.1...v1.11.2

v1.11.1

4 months ago

Bug fixes

  • Ensure that only bootable slots can be marked with rauc staus mark-*.
  • Fix boot detection when using the rauc.external kernel command-line flag.
  • Fix compatibility with OpenSSL 3.2 when using the codesign certificate purpose.
  • Fix a double free when trying to install two bundles using casync without a service restart. (by Arseniy Lartsev)

Testing

  • Run service tests only when running as root.

Documentation

  • Improve description of current pre-install hook implementation.

Contributions from: Arseniy Lartsev, Enrico Jörns, Jan Lübbe

Full Changelog: https://github.com/rauc/rauc/compare/v1.11...v1.11.1

v1.11

4 months ago

Enhancements

  • Send additional information as HTTP headers to the server on the first streaming request (if enabled in the config).
  • Add persistent system status information to detect reboots using the kernel's boot_id.
  • Add an --ignore-image=<slotclass> option to keep images as they are when using rauc convert. This can be used to exclude some images (such as bootloaders) from the casync conversion.
  • Create links for active slot devices in /run/rauc/slots/active. This should avoid the need for parsing rauc status output in some cases.
  • Expose transaction ID to hooks during installation. (by Zygmunt Krynicki)
  • Add support for get-current to the custom bootloader backend. (by Angelo Compagnucci)
  • Implement resign and replace-signature for encrypted bundles.
  • Explicit rauc status output when no slot is activated (instead of printing null).
  • Detect runtime config file change and warn in the service log.
  • Improve various warning and error messages to better guide users. (by Angelo Compagnucci and others)
  • Remove autotools build system. Support for meson was added in 1.9 and supported in parallel to autotools until 1.10.1.
  • Add log events for slot update, start/end of an installation, good/bad/active marking and boot/service restart. For an overview over the event logging framework in RAUC and its purpose, have a look at the Installation History and Event Logging section.

[!NOTE] We don't consider the details of the new log events fixed yet, so please use them as a preview and for testing. In a future release, they will be documented in a journald message catalog.

Bug fixes

  • Fix invalidation of slot status information during installation.
  • Fix --no-verify for rauc resign, to allow omitting the keyring.
  • Fix installation of manual page when using meson.

Testing

  • Improve coverage for sanitizer builds.
  • Add support for fuzzing. (initial setup by René Fischer)
  • Integrate RAUC into OSS-Fuzz.
  • Add asan option to the qemu-test script to allow running with address sanitizer.
  • Optimize qemu-test startup.

Code

  • Introduce structured event logging.
  • Introduce an internal API for using the existing status file for global information (system status).
  • Fix minor memory leaks.

Documentation

  • Improve introductory and image type sections.
  • Document CONFIG_DM_CRYPT as a required kernel config option for encrypted bundles. (by Angelo Compagnucci)
  • Allow installing HTML user documentation (-Dhtmldocs=true) (by Emil Velikov)
  • Explicitly mention LGPL as the license for the project in the README.rst. (by Roland Hieber)
  • Update sphinx and dependencies.

New Contributors

Contributions from: Angelo Compagnucci (@angeloc), Emil Velikov (@evelikov), Enrico Jörns (@ejoerns), Jan Lübbe (@jluebbe), René Fischer (@securitykernel), Roland Hieber (@rohieb), Thomas Kilian (@BigPapa314), Uwe Kleine-König (@ukleinek), Zygmunt Krynicki (@zyga)

Full Changelog: https://github.com/rauc/rauc/compare/v1.10.1...v1.11

v1.10.1

9 months ago

Bug fixes

  • Fix variant configuration via the system config. In 1.10, only variants set via the system info handler worked correctly. (by Hans Christian Lonstad)
  • Fix compatibility with efibootmgr version 18. (by David Runge)
  • Fix the help text of the --with-streaming_user configure option.
  • Fix some minor memory leaks discovered with address sanitizer.
  • Fix D-Bus default directories when using meson.
  • Fix build against OpenSSL installed in non-standard locations when using autotools.

Testing

  • Enable address sanitizer for install tests.

Documentation

  • Improve understandability, fix typos and missing words. (by Roland Hieber)
  • Document an alternative to meson compile -C build for old meson versions.
  • Document possible filesystem incompatibility with ext4 in the FAQ.

New Contributors

Contributions from: David Runge (@dvzrv), Enrico Jörns (@ejoerns), Hans Christian Lonstad (@hcl-dr), Jan Lübbe (@jluebbe), Roland Hieber (@rohieb), Stephan Wurm (@swaeberle), Ulrich Ölmann (@OnkelUlla)

Full Changelog: https://github.com/rauc/rauc/compare/v1.10...v1.10.1

v1.10

10 months ago

Enhancements

  • Print sizes in rauc info also in human-readable form.
  • Add FTPS support for bundle download (only for use with casync, not for streaming). (by Christian Meusel)
  • Improve progress granularity to provide more realistic weighting of substeps.
  • Add fine-grained progress updates during image copying and archive extraction. (based on work by Lars Pöschel)
  • Return manifest meta data in rauc info and via the InspectBundle D-Bus method.
  • Add new 'json-2' output format for rauc info that matches the InspectBundle D-Bus method structure.
  • Improve error message for failed boot slot detection.
  • Allow exFAT as a local filesystem for plain bundles. (by Stefan Wahren)
  • Add optional pre-check for verity bundles. This is useful if the same bundle needs to be transferred and installed to multiple systems in sync. (by Christian Hitz)
  • Add support for custom variables in the system-info handler and pass them to other handlers.
  • Show a warning during bundle creation if no format is specified in the manifest. This should hopefully encourage migration to the verity format.
  • Introduce an installation transaction UUID, which is stored in the slot status. This can be used to infer which slots have been updated by the same transaction. In a future release, this will be useful to correlate log messages.
  • Use a shorter connect timeout for streaming to avoid waiting for 25 minutes.

Bug fixes

  • Fix some issues in the meson build support:
    • missing man page installation
    • missing dependency for tests on D-Bus header generation
    • missing executable bit for D-Bus wrapper rauc-service.sh
  • Fix external mount point detection which could have caused a number of mounts to be not detected properly.
  • Fix double-initialization of context.
  • Fix memory leaks (mainly in the test suite).
  • Fix a confusing error message when using rauc extract with an existing output directory.
  • Fix building with musl by not using off64_t with _FILE_OFFSET_BITS=64. (by Christian Hohnstädt)
  • Fix unintentional forwarding of full custom handler args (defined in the manifest) to the system.conf-defined handlers.
  • Re-add missing --key argument (used to set the decryption key) to help and man page.

Testing

  • Add Debian 'buster', 'bullseye' and 'testing' to test stable test matrix.
  • Add test run with address sanitizer. This currently uses a large part of the existing test suite.

Code

  • Refactor installation handling with the introduction of installation plans. This also allows testing for invalid image/slot combinations earlier.
  • Add a helper for atomic symlink updates.
  • Refactor slot state determination and split from mount point updates. Let slot state determination happen earlier and only once.
  • Require at least glib 2.56.0 for g_ptr_array_find and g_autolist. Debian buster, Ubuntu bionic and Yocto dunfell have newer versions already.
  • Refactor boot slot marking.
  • Consistently initialize variables to avoid static checker warning. (by b4yuan)

Documentation

  • Document some Linux distributions which provide RAUC packages.
  • Document deprecation of the statusfile option. (by Ulrich Ölmann)
  • Extend and fix documentation for the full custom handler.

New Contributors

Contributions from: Christian Hitz (@chhitz), Christian Hohnstädt (@chris2511), Christian Meusel (@sirhcel), Enrico Jörns (@ejoerns), Jan Lübbe (@jluebbe), Lars Pöschel (@poeschel), René Fischer (@securitykernel), Stefan Wahren (@lategoodbye), Ulrich Ölmann (@OnkelUlla), @b4yuan

Full Changelog: https://github.com/rauc/rauc/compare/v1.9...v1.10

v1.9

1 year ago

Enhancements

  • Add new InspectBundle D-Bus method, which takes the same bundle access options as the existing InstallBundle method. This makes it possible to inspect bundles stored on HTTP servers which need authentication. It returns information from the manifest as a nested dictionary (for now, this is only compatible, version, description and build), but can be extended as needed. (by Stefan Ursella)
  • Add support for loading and storing metadata entries in the manifest. They are not yet exposed to the user.
  • Add a manifest hash value and expose it via rauc info and rauc status. This can be used to identify a specific bundle.
  • Support configurable boot attempt counters for barebox (using boot-attempts in the system.conf).
  • Add meson as an alternative build system. We intend to drop autotools in 1.10, unless there are good reasons to keep it for longer. As the tar archive generated by meson does not contain a configure script, you may need to run autogen.sh to generate it. To simplify the migration, we also provide a -autotools archive variant which is generated using autotool's make dist (and does not contain the meson build support).
  • Abort earlier if the image is too large for the target slot.
  • Add warnings for some configuration issues when using adaptive updates.

Bug fixes

  • Fix a NULL dereference error caused by images larger than the target slot. (by Kevin Hsieh)
  • Fix compatibility with libcurl when built without proxy support. (by Christian Meusel)
  • Do not invoke any target-related context setup steps if no config is required. This avoids unnecessary checks and removes the misleading messages about unresolved paths.
  • Fix number format for bootchooser when using U-Boot. (by Christian Meusel)
  • Fix handling of partitioned loop devices, which caused incorrect aborts during installation.
  • Fix error handling when attempting to encrypt plain bundles.

Testing

  • Improve robustness of dm-verity/-crypt test setup.
  • Enable scan-build for tests in GitHub Actions.
  • Handle floating point comparisons in tests better.
  • Add a GitHub Actions workflow for CodeQL scanning as a replacement for LGTM.
  • Run the cross-architecture tests on Debian bullseye instead of buster.

Code

  • Move the --intermediate option to the subcommand level and update the manual page.
  • Improve error handling for invalid boot-attempts configuration.
  • Fix some minor memory leaks.

Documentation

  • Document our approach to bundle compatibility.
  • Add links to public example integrations of RAUC into different build systems and boards.
  • Add an issue template and a SUPPORT.rst file.
  • Improve the documentation on slot skipping with regard to streaming.
  • Update README.rst with new features.

New Contributors

Contributions from: Christian Meusel (@sirhcel), Enrico Jörns (@ejoerns), Jan Lübbe (@jluebbe), Jung-Te Hsieh (@jungte), Stefan Ursella (@stefanu21), Ulrich Ölmann (@OnkelUlla), Uwe Kleine-König (@ukleinek)

Full Changelog: https://github.com/rauc/rauc/compare/v1.8...v1.9

v1.8

1 year ago

Enhancements

  • Implement adaptive image updates based on block hash indices. This works by adding an index file containing the hashes of each 4kiB image block in the image to the bundle and then using this to check whether a block is available locally during installation. If that's the case, RAUC doesn't need to download this block. Together with streaming, this means that only a small part of the bundle needs to be downloaded as long as the changes are localized. See the documentation for details.
  • Add a slot type which provides atomic bootloader updates for SoCs (like the Rockchip RK3568) which search for a valid image at multiple fixed offsets. (by Matthias Fend) See the documentation for details.
  • Add a configuration option for additional arguments to pass to casync extract. (by Ludovico de Nittis)
  • Add initial support for desync (an alternative casync implementation). (by Ludovico de Nittis)
  • Add support for a RAUC data-directory on a shared partition. Unless otherwise configured, this is also used to store the central slot status data. See the documentation for details.
  • Allow setting a passphrase for encrypted PEM files via the environment (RAUC_KEY_PASSPHRASE). (by Marc Kleine-Budde)
  • Ignore meta.<label> sections in the manifest. The meta.<label> sections are intended to provide a forwards-compatible way to add data to the manifest which is not interpreted by RAUC in any way. Currently, they are just ignored when reading a manifest. In future releases, they will be accessible via rauc info, the D-Bus API and in hooks/handlers.

Bug fixes

  • Avoid retrying on HTTP 404 errors during streaming.
  • Improve error handling during loop device block size configuration. (by Ahmad Fatoum)
  • Fix handling of empty partitions for boot-mbr-switch slots.
  • Do not attempt to take ownership of plain bundles if running as non-root.
  • Unmount seed slots if casync fails during installation. (by Jonas Licht)
  • Add missing test files to the dist .tar.xz. (by Uwe Kleine-König)

Testing

  • Refactor the statistics code to make it useful for testing as well.
  • Replace Ubuntu 21.10 test container with 22.04
  • Add more tests for casync conversion and installation.

Code

  • Log error messages from CURL for failed streaming requests.
  • Add doctype to D-Bus XML specification. (by Morgan Bengtsson)
  • Improve error messages related to bootloader communication.
  • Improve error reporting for directory creation failures.

Documentation

  • Document that the required kernel features can be configured as modules as well.
  • Document how to load and store the GRUB environment from a shared partition.
  • Document some best practices regarding storage partitioning.
  • Explain differences between casync and streaming & adaptive updates.

New Contributors

Contributions from: Ahmad Fatoum, Enrico Jörns, Jan Lübbe, Jonas Licht, Ludovico de Nittis, Marc Kleine-Budde, Marcus Hoffmann, Matthias Fend, Morgan Bengtsson, Ulrich Ölmann, Uwe Kleine-König

Full Changelog: https://github.com/rauc/rauc/compare/v1.7...v1.8

v1.7

1 year ago

Enhancements

  • Add support for streaming installation from a HTTP(S) server for bundles in verity and crypt formats. This avoids the need for a temporary bundle storage location and prepares for more efficient incremental updates. See the documentation for details.
  • Add support for bundle encryption (crypt format). This is useful when bundles contain confidential data and are not otherwise protected during transport (for example, via HTTP, unauthenticated HTTPS or USB storage). See the documentation for details.
  • Optionally allow verification with partial chains. If enabled, RAUC will also treat intermediate certificates in the keyring as trust-anchors, in addition to self-signed root CA certificates. This makes it possible to trust only one (or more) sub-tree(s) in a larger PKI. See the documentation for details.
  • Divert log messages to stderr, which is useful for machine readable output (rauc status --output-format=json). This is only enabled when built with glib 2.68 or newer. (by Ludovico de Nittis)
  • Only allow the root step to report 100% progress. (by Steven Rau)
  • Add the --trust-environment option to rauc extract and rauc extract-signature.
  • Improve the error message printed on compatible mismatch.

Bug fixes

  • Don't enforce bundle exclusivity if the environment is trusted. (by Ludovico de Nittis)
  • Clean up error handling for 'rauc status'.
  • Fix some memory leaks. (by Zygmunt Krynicki)
  • Fix unintentional removal of existing bundles on error.
  • Fix build error when PRIu64 is not defined. (by Fabrice Fontaine)

Testing

  • Make some tests conditional on the existence of the openssl binary.
  • Access rauc.io instead of example.com.
  • Explicitly use Python 3 in coverity checks. (by Thorsten Scherer)
  • Add build tests on Ubuntu 21.10.

Code

  • Add some missing files to the dist tar.gz. (by Uwe Kleine-König)
  • Change minimum glib version from 2.49.3 to 2.50, allowing use of g_autoptr with the auto-generated DBus code.
  • Use g_autofree/g_autoptr in more places.
  • Use more specific error codes for device mapper error reporting.
  • Prepare for incremental methods by adding an optional per-image manifest option.

Documentation

  • Fix some broken internal links. (by Thorsten Scherer)
  • Mention Buildroot support for RAUC. (by Thomas Petazzoni)
  • Fix some typos. (by Bastian Krause and Michael Riesch)
  • Clean up some inconsistencies between README and main documentation.
  • Fix misleading rescue slot example. (by Sean Nyekjaer)
  • Fix broken links to external pages. (by Bastian Krause)

New Contributors

Contributions from: Bastian Krause, Fabrice Fontaine, Ludovico de Nittis, Michael Riesch, Sean Nyekjaer, Steven Rau, Thomas Petazzoni, Thorsten Scherer, Uwe Kleine-König, Zygmunt Krynicki

Full Changelog: https://github.com/rauc/rauc/compare/v1.6...v1.7

v1.6

2 years ago

Enhancements

  • Added support for extracting and replacing the bundle signature, which is useful for scenarios with strict limitations on how HSMs can be used. (by Jean-Pierre Geslin)
  • Added support for NOR flash devices. (by Ladislav Michl)
  • Added support for configuring the number of boot attempts for U-Boot. (by Daniel Mack)
  • Implemented passing the image size to hooks as RAUC_IMAGE_SIZE. (by Marcel Hellwig)
  • Added support to use systemd.verity_root_data= to find the booted slot. (by Arnaud Rebillout)
  • Implemented passing additional information to hooks for the boot-* slot types. (by Bastian Krause)
  • Implemented a rauc mount command to allow inspection of bundles without extraction.
  • Allowed omitting the image filename when using the install slot hook.
  • Implemented support for extracting tar archives to jffs2 slots. (by Holger Assmann)
  • Added option for the resign and info commands to ignore expired certificates (--no-check-time). (by Michael Heimpold)
  • Added option for the convert command to disable the concurrent access checks for plain bundles (--trust-environment).
  • Simplified usage of compressed SquashFS images with extensions as created by OpenEmbedded. (by Omer Akram)
  • Improved checks of the manifest contents to avoid common misconfigurations.
  • Improved handling of system.conf loading according to the use-cases of the different commands.

Bug fixes

  • Fixed installing plain bundles from ZFS partitions. (by Daniel Mack)
  • Fixed the order of pre-/post-install hooks for the boot-* slot types. (by Bastian Krause)
  • Fixed generation of VFAT filesystem labels which were rejected by newer mkfs.vfat.
  • Added checking of slot types configured in system.conf.
  • Fixed installing plain bundles from ramfs. (by Ian Abbott)
  • Fixed curl download size limit handling. (by Christoph Steiger)
  • Fixed missing file descriptor closing in some error cases. (by Christian Hitz)
  • Fixed an issue with slot boot status determination that could accidentally detect 'good' slots as 'bad'.
  • Fixed inconsistent slot status reporting via the D-Bus API.

Testing

  • Updated kernel used for qemu testing.
  • Introduced an interactive mode for qemu-test.
  • Moved testing container building to GitHub Actions.
  • Updated testing container to Debian bullseye. (by Ludovico de Nitti)
  • Added a scan-build workflow.

Code

  • Removed some code left over after the removal of the deprecated file support.
  • Refactored bundle opening as preparation for HTTP streaming.
  • Added infrastructure for HTTP streaming tests.
  • Completed D-Bus interface definitions. (by Taras Zaporozhets)

Documentation

  • Improved documentation of the boot-mbr/gpt-switch slot types.
  • Fixed and improved documentation and comments in several places. (by Alexander Dahl)
  • Documented a common approach to handle UBIFS device names via udev.
  • Added a FAQ entry covering the use of dm-crypt partitions. (by Fabian Büttner)

New Contributors

Contributions from: Ahmad Fatoum, Alexander Dahl, Arnaud Rebillout, Bastian Krause, Christian Hitz, Christoph Steiger, Daniel Mack, Enrico Jörns, Fabian Büttner, Holger Assmann, Ian Abbott, Jan Lübbe, Jean-Pierre Geslin, Ladislav Michl, Livio Bieri, Ludovico de Nittis, Marcel Hellwig, Michael Heimpold, Michael Tretter, Omer Akram, Pascal Huerst, Richard Forro, Roland Hieber, Rouven Czerwinski, Sijmen Huizenga, Taras Zaporozhets, Vivien Didelot, Vyacheslav Yurkov

Full Changelog: https://github.com/rauc/rauc/compare/v1.5.1...v1.6