Releases: rauc/rauc
v1.11.3
Bug fixes
- Fix service startup when using symlinks in
system.conf
androot=
in the kernel commandline.
Systems usingrauc.slot=<bootname>
orbootchooser.active=<bootname>
are not affected.
See issue #1360 for more details.
Contributions from: Enrico Jörns
Full Changelog: v1.11.2...v1.11.3
v1.11.2
Bug fixes
- Fix
rauc info
when used with streaming. - Fix streaming helper shutdown when used with
rauc info
. This avoids anbd server failed
message. - Fix handling of streaming request retries.
- Remove a redundant event log message when trying to install an encrypted bundle with an unencrypted manifest.
Contributions from: Enrico Jörns
Full Changelog: v1.11.1...v1.11.2
v1.11.1
Bug fixes
- Ensure that only bootable slots can be marked with
rauc staus mark-*
. - Fix boot detection when using the
rauc.external
kernel command-line flag. - Fix compatibility with OpenSSL 3.2 when using the
codesign
certificate purpose. - Fix a double free when trying to install two bundles using casync without a service restart. (by Arseniy Lartsev)
Testing
- Run service tests only when running as root.
Documentation
- Improve description of current
pre-install
hook implementation.
Contributions from: Arseniy Lartsev, Enrico Jörns, Jan Lübbe
Full Changelog: v1.11...v1.11.1
v1.11
Enhancements
- Send additional information as HTTP headers to the server on the first streaming request (if enabled in the config).
- Add persistent system status information to detect reboots using the kernel's
boot_id
. - Add an
--ignore-image=<slotclass>
option to keep images as they are when usingrauc convert
. This can be used to exclude some images (such as bootloaders) from the casync conversion. - Create links for active slot devices in
/run/rauc/slots/active
. This should avoid the need for parsingrauc status
output in some cases. - Expose transaction ID to hooks during installation. (by Zygmunt Krynicki)
- Add support for
get-current
to the custom bootloader backend. (by Angelo Compagnucci) - Implement
resign
andreplace-signature
for encrypted bundles. - Explicit
rauc status
output when no slot is activated (instead of printingnull
). - Detect runtime config file change and warn in the service log.
- Improve various warning and error messages to better guide users. (by Angelo Compagnucci and others)
- Remove autotools build system. Support for meson was added in 1.9 and supported in parallel to autotools until 1.10.1.
- Add log events for slot update, start/end of an installation, good/bad/active marking and boot/service restart. For an overview over the event logging framework in RAUC and its purpose, have a look at the Installation History and Event Logging section.
Note
We don't consider the details of the new log events fixed yet, so please use them as a preview and for testing. In a future release, they will be documented in a journald message catalog.
Bug fixes
- Fix invalidation of slot status information during installation.
- Fix
--no-verify
forrauc resign
, to allow omitting the keyring. - Fix installation of manual page when using meson.
Testing
- Improve coverage for sanitizer builds.
- Add support for fuzzing. (initial setup by René Fischer)
- Integrate RAUC into OSS-Fuzz.
- Add
asan
option to theqemu-test
script to allow running with address sanitizer. - Optimize
qemu-test
startup.
Code
- Introduce structured event logging.
- Introduce an internal API for using the existing status file for global information (system status).
- Fix minor memory leaks.
Documentation
- Improve introductory and image type sections.
- Document
CONFIG_DM_CRYPT
as a required kernel config option for encrypted bundles. (by Angelo Compagnucci) - Allow installing HTML user documentation (
-Dhtmldocs=true
) (by Emil Velikov) - Explicitly mention LGPL as the license for the project in the README.rst. (by Roland Hieber)
- Update sphinx and dependencies.
New Contributors
- @angeloc made their first contribution in #1215
- @evelikov made their first contribution in #1269
- @BigPapa314 made their first contribution in #1295
Contributions from: Angelo Compagnucci (@angeloc), Emil Velikov (@evelikov), Enrico Jörns (@ejoerns), Jan Lübbe (@jluebbe), René Fischer (@securitykernel), Roland Hieber (@rohieb), Thomas Kilian (@BigPapa314), Uwe Kleine-König (@ukleinek), Zygmunt Krynicki (@zyga)
Full Changelog: v1.10.1...v1.11
v1.10.1
Bug fixes
- Fix variant configuration via the system config. In 1.10, only variants set via the system info handler worked correctly. (by Hans Christian Lonstad)
- Fix compatibility with efibootmgr version 18. (by David Runge)
- Fix the help text of the
--with-streaming_user
configure option. - Fix some minor memory leaks discovered with address sanitizer.
- Fix D-Bus default directories when using meson.
- Fix build against OpenSSL installed in non-standard locations when using autotools.
Testing
- Enable address sanitizer for install tests.
Documentation
- Improve understandability, fix typos and missing words. (by Roland Hieber)
- Document an alternative to
meson compile -C build
for old meson versions. - Document possible filesystem incompatibility with ext4 in the FAQ.
New Contributors
- @swaeberle made their first contribution in #1184
- @hcl-dr made their first contribution in #1183
- @dvzrv made their first contribution in #1197
Contributions from: David Runge (@dvzrv), Enrico Jörns (@ejoerns), Hans Christian Lonstad (@hcl-dr), Jan Lübbe (@jluebbe), Roland Hieber (@rohieb), Stephan Wurm (@swaeberle), Ulrich Ölmann (@OnkelUlla)
Full Changelog: v1.10...v1.10.1
v1.10
Enhancements
- Print sizes in
rauc info
also in human-readable form. - Add FTPS support for bundle download (only for use with casync, not for streaming). (by Christian Meusel)
- Improve progress granularity to provide more realistic weighting of substeps.
- Add fine-grained progress updates during image copying and archive extraction. (based on work by Lars Pöschel)
- Return manifest meta data in
rauc info
and via the InspectBundle D-Bus method. - Add new 'json-2' output format for
rauc info
that matches the InspectBundle D-Bus method structure. - Improve error message for failed boot slot detection.
- Allow exFAT as a local filesystem for plain bundles. (by Stefan Wahren)
- Add optional pre-check for verity bundles. This is useful if the same bundle needs to be transferred and installed to multiple systems in sync. (by Christian Hitz)
- Add support for custom variables in the system-info handler and pass them to other handlers.
- Show a warning during bundle creation if no format is specified in the manifest. This should hopefully encourage migration to the verity format.
- Introduce an installation transaction UUID, which is stored in the slot status. This can be used to infer which slots have been updated by the same transaction. In a future release, this will be useful to correlate log messages.
- Use a shorter connect timeout for streaming to avoid waiting for 25 minutes.
Bug fixes
- Fix some issues in the meson build support:
- missing man page installation
- missing dependency for tests on D-Bus header generation
- missing executable bit for D-Bus wrapper
rauc-service.sh
- Fix external mount point detection which could have caused a number of mounts to be not detected properly.
- Fix double-initialization of context.
- Fix memory leaks (mainly in the test suite).
- Fix a confusing error message when using
rauc extract
with an existing output directory. - Fix building with musl by not using
off64_t
with_FILE_OFFSET_BITS=64
. (by Christian Hohnstädt) - Fix unintentional forwarding of full custom handler args (defined in the manifest) to the
system.conf
-defined handlers. - Re-add missing
--key
argument (used to set the decryption key) to help and man page.
Testing
- Add Debian 'buster', 'bullseye' and 'testing' to test stable test matrix.
- Add test run with address sanitizer. This currently uses a large part of the existing test suite.
Code
- Refactor installation handling with the introduction of installation plans. This also allows testing for invalid image/slot combinations earlier.
- Add a helper for atomic symlink updates.
- Refactor slot state determination and split from mount point updates. Let slot state determination happen earlier and only once.
- Require at least glib 2.56.0 for
g_ptr_array_find
andg_autolist
. Debian buster, Ubuntu bionic and Yocto dunfell have newer versions already. - Refactor boot slot marking.
- Consistently initialize variables to avoid static checker warning. (by b4yuan)
Documentation
- Document some Linux distributions which provide RAUC packages.
- Document deprecation of the
statusfile
option. (by Ulrich Ölmann) - Extend and fix documentation for the full custom handler.
New Contributors
- @securitykernel made their first contribution in #1119
- @chris2511 made their first contribution in #1164
Contributions from: Christian Hitz (@chhitz), Christian Hohnstädt (@chris2511), Christian Meusel (@sirhcel), Enrico Jörns (@ejoerns), Jan Lübbe (@jluebbe), Lars Pöschel (@poeschel), René Fischer (@securitykernel), Stefan Wahren (@lategoodbye), Ulrich Ölmann (@OnkelUlla), @b4yuan
Full Changelog: v1.9...v1.10
v1.9
Enhancements
- Add new
InspectBundle
D-Bus method, which takes the same bundle access options as the existingInstallBundle
method. This makes it possible to inspect bundles stored on HTTP servers which need authentication. It returns information from the manifest as a nested dictionary (for now, this is onlycompatible
,version
,description
andbuild
), but can be extended as needed. (by Stefan Ursella) - Add support for loading and storing metadata entries in the manifest. They are not yet exposed to the user.
- Add a manifest hash value and expose it via
rauc info
andrauc status
. This can be used to identify a specific bundle. - Support configurable boot attempt counters for barebox (using
boot-attempts
in thesystem.conf
). - Add meson as an alternative build system. We intend to drop autotools in 1.10, unless there are good reasons to keep it for longer. As the tar archive generated by meson does not contain a configure script, you may need to run
autogen.sh
to generate it. To simplify the migration, we also provide a-autotools
archive variant which is generated using autotool'smake dist
(and does not contain the meson build support). - Abort earlier if the image is too large for the target slot.
- Add warnings for some configuration issues when using adaptive updates.
Bug fixes
- Fix a NULL dereference error caused by images larger than the target slot. (by Kevin Hsieh)
- Fix compatibility with libcurl when built without proxy support. (by Christian Meusel)
- Do not invoke any target-related context setup steps if no config is required. This avoids unnecessary checks and removes the misleading messages about unresolved paths.
- Fix number format for bootchooser when using U-Boot. (by Christian Meusel)
- Fix handling of partitioned loop devices, which caused incorrect aborts during installation.
- Fix error handling when attempting to encrypt plain bundles.
Testing
- Improve robustness of dm-verity/-crypt test setup.
- Enable scan-build for tests in GitHub Actions.
- Handle floating point comparisons in tests better.
- Add a GitHub Actions workflow for CodeQL scanning as a replacement for LGTM.
- Run the cross-architecture tests on Debian bullseye instead of buster.
Code
- Move the
--intermediate
option to the subcommand level and update the manual page. - Improve error handling for invalid
boot-attempts
configuration. - Fix some minor memory leaks.
Documentation
- Document our approach to bundle compatibility.
- Add links to public example integrations of RAUC into different build systems and boards.
- Add an issue template and a SUPPORT.rst file.
- Improve the documentation on slot skipping with regard to streaming.
- Update README.rst with new features.
New Contributors
Contributions from: Christian Meusel (@sirhcel), Enrico Jörns (@ejoerns), Jan Lübbe (@jluebbe), Jung-Te Hsieh (@jungte), Stefan Ursella (@stefanu21), Ulrich Ölmann (@OnkelUlla), Uwe Kleine-König (@ukleinek)
Full Changelog: v1.8...v1.9
v1.8
Enhancements
- Implement adaptive image updates based on block hash indices. This works by adding an index file containing the hashes of each 4kiB image block in the image to the bundle and then using this to check whether a block is available locally during installation. If that's the case, RAUC doesn't need to download this block. Together with streaming, this means that only a small part of the bundle needs to be downloaded as long as the changes are localized. See the documentation for details.
- Add a slot type which provides atomic bootloader updates for SoCs (like the Rockchip RK3568) which search for a valid image at multiple fixed offsets. (by Matthias Fend) See the documentation for details.
- Add a configuration option for additional arguments to pass to
casync extract
. (by Ludovico de Nittis) - Add initial support for desync (an alternative casync implementation). (by Ludovico de Nittis)
- Add support for a RAUC data-directory on a shared partition. Unless otherwise configured, this is also used to store the central slot status data. See the documentation for details.
- Allow setting a passphrase for encrypted PEM files via the environment (
RAUC_KEY_PASSPHRASE
). (by Marc Kleine-Budde) - Ignore
meta.<label>
sections in the manifest. Themeta.<label>
sections are intended to provide a forwards-compatible way to add data to the manifest which is not interpreted by RAUC in any way. Currently, they are just ignored when reading a manifest. In future releases, they will be accessible viarauc info
, the D-Bus API and in hooks/handlers.
Bug fixes
- Avoid retrying on HTTP 404 errors during streaming.
- Improve error handling during loop device block size configuration. (by Ahmad Fatoum)
- Fix handling of empty partitions for
boot-mbr-switch
slots. - Do not attempt to take ownership of plain bundles if running as non-root.
- Unmount seed slots if casync fails during installation. (by Jonas Licht)
- Add missing test files to the dist .tar.xz. (by Uwe Kleine-König)
Testing
- Refactor the statistics code to make it useful for testing as well.
- Replace Ubuntu 21.10 test container with 22.04
- Add more tests for casync conversion and installation.
Code
- Log error messages from CURL for failed streaming requests.
- Add doctype to D-Bus XML specification. (by Morgan Bengtsson)
- Improve error messages related to bootloader communication.
- Improve error reporting for directory creation failures.
Documentation
- Document that the required kernel features can be configured as modules as well.
- Document how to load and store the GRUB environment from a shared partition.
- Document some best practices regarding storage partitioning.
- Explain differences between casync and streaming & adaptive updates.
New Contributors
- @emfend made their first contribution in #918
- @morganbengtsson made their first contribution in #939
- @marckleinebudde made their first contribution in #945
- @BubuOT made their first contribution in #964
Contributions from: Ahmad Fatoum, Enrico Jörns, Jan Lübbe, Jonas Licht,
Ludovico de Nittis, Marc Kleine-Budde, Marcus Hoffmann, Matthias Fend,
Morgan Bengtsson, Ulrich Ölmann, Uwe Kleine-König
Full Changelog: v1.7...v1.8
v1.7
Enhancements
- Add support for streaming installation from a HTTP(S) server for bundles in
verity
andcrypt
formats. This avoids the need for a temporary bundle storage location and prepares for more efficient incremental updates. See the documentation for details. - Add support for bundle encryption (
crypt
format). This is useful when bundles contain confidential data and are not otherwise protected during transport (for example, via HTTP, unauthenticated HTTPS or USB storage). See the documentation for details. - Optionally allow verification with partial chains. If enabled, RAUC will also treat intermediate certificates in the keyring as trust-anchors, in addition to self-signed root CA certificates. This makes it possible to trust only one (or more) sub-tree(s) in a larger PKI. See the documentation for details.
- Divert log messages to stderr, which is useful for machine readable output (
rauc status --output-format=json
). This is only enabled when built with glib 2.68 or newer. (by Ludovico de Nittis) - Only allow the root step to report 100% progress. (by Steven Rau)
- Add the
--trust-environment
option torauc extract
andrauc extract-signature
. - Improve the error message printed on compatible mismatch.
Bug fixes
- Don't enforce bundle exclusivity if the environment is trusted. (by Ludovico de Nittis)
- Clean up error handling for 'rauc status'.
- Fix some memory leaks. (by Zygmunt Krynicki)
- Fix unintentional removal of existing bundles on error.
- Fix build error when PRIu64 is not defined. (by Fabrice Fontaine)
Testing
- Make some tests conditional on the existence of the openssl binary.
- Access rauc.io instead of example.com.
- Explicitly use Python 3 in coverity checks. (by Thorsten Scherer)
- Add build tests on Ubuntu 21.10.
Code
- Add some missing files to the dist tar.gz. (by Uwe Kleine-König)
- Change minimum glib version from 2.49.3 to 2.50, allowing use of g_autoptr with the auto-generated DBus code.
- Use g_autofree/g_autoptr in more places.
- Use more specific error codes for device mapper error reporting.
- Prepare for incremental methods by adding an optional per-image
manifest option.
Documentation
- Fix some broken internal links. (by Thorsten Scherer)
- Mention Buildroot support for RAUC. (by Thomas Petazzoni)
- Fix some typos. (by Bastian Krause and Michael Riesch)
- Clean up some inconsistencies between README and main documentation.
- Fix misleading rescue slot example. (by Sean Nyekjaer)
- Fix broken links to external pages. (by Bastian Krause)
New Contributors
- @mriesch-wv made their first contribution in #861
- @zyga made their first contribution in #868
- @sknsean made their first contribution in #896
- @stevenrau made their first contribution in #784
Contributions from: Bastian Krause, Fabrice Fontaine, Ludovico de
Nittis, Michael Riesch, Sean Nyekjaer, Steven Rau, Thomas Petazzoni,
Thorsten Scherer, Uwe Kleine-König, Zygmunt Krynicki
Full Changelog: v1.6...v1.7
v1.6
Enhancements
- Added support for extracting and replacing the bundle signature, which is useful for scenarios with strict limitations on how HSMs can be used. (by Jean-Pierre Geslin)
- Added support for NOR flash devices. (by Ladislav Michl)
- Added support for configuring the number of boot attempts for U-Boot. (by Daniel Mack)
- Implemented passing the image size to hooks as
RAUC_IMAGE_SIZE
. (by Marcel Hellwig) - Added support to use
systemd.verity_root_data=
to find the booted slot. (by Arnaud Rebillout) - Implemented passing additional information to hooks for the
boot-*
slot types. (by Bastian Krause) - Implemented a
rauc mount
command to allow inspection of bundles without extraction. - Allowed omitting the image filename when using the
install
slot hook. - Implemented support for extracting tar archives to jffs2 slots. (by Holger Assmann)
- Added option for the
resign
andinfo
commands to ignore expired certificates (--no-check-time
). (by Michael Heimpold) - Added option for the
convert
command to disable the concurrent access checks for plain bundles (--trust-environment
). - Simplified usage of compressed SquashFS images with extensions as created by OpenEmbedded. (by Omer Akram)
- Improved checks of the manifest contents to avoid common misconfigurations.
- Improved handling of
system.conf
loading according to the use-cases of the different commands.
Bug fixes
- Fixed installing plain bundles from ZFS partitions. (by Daniel Mack)
- Fixed the order of pre-/post-install hooks for the
boot-*
slot types. (by Bastian Krause) - Fixed generation of VFAT filesystem labels which were rejected by newer
mkfs.vfat
. - Added checking of slot types configured in
system.conf
. - Fixed installing plain bundles from ramfs. (by Ian Abbott)
- Fixed curl download size limit handling. (by Christoph Steiger)
- Fixed missing file descriptor closing in some error cases. (by Christian Hitz)
- Fixed an issue with slot boot status determination that could accidentally detect 'good' slots as 'bad'.
- Fixed inconsistent slot status reporting via the D-Bus API.
Testing
- Updated kernel used for qemu testing.
- Introduced an interactive mode for qemu-test.
- Moved testing container building to GitHub Actions.
- Updated testing container to Debian bullseye. (by Ludovico de Nitti)
- Added a scan-build workflow.
Code
- Removed some code left over after the removal of the deprecated file support.
- Refactored bundle opening as preparation for HTTP streaming.
- Added infrastructure for HTTP streaming tests.
- Completed D-Bus interface definitions. (by Taras Zaporozhets)
Documentation
- Improved documentation of the
boot-mbr/gpt-switch
slot types. - Fixed and improved documentation and comments in several places. (by Alexander Dahl)
- Documented a common approach to handle UBIFS device names via udev.
- Added a FAQ entry covering the use of dm-crypt partitions. (by Fabian Büttner)
New Contributors
- @zonque made their first contribution in #689
- @rohieb made their first contribution in #695
- @SijmenHuizenga made their first contribution in #698
- @hellow554 made their first contribution in #703
- @livioso made their first contribution in #714
- @pascalhuerst made their first contribution in #716
- @rforro made their first contribution in #744
- @Jarsop made their first contribution in #749
- @vivien made their first contribution in #759
- @zaporozhets made their first contribution in #786
- @h-assmann made their first contribution in #826
- @RyuzakiKK made their first contribution in #821
- @chhitz made their first contribution in #762
- @om26er made their first contribution in #747
- @fabianbuettner made their first contribution in #835
Contributions from: Ahmad Fatoum, Alexander Dahl, Arnaud Rebillout,
Bastian Krause, Christian Hitz, Christoph Steiger, Daniel Mack, Enrico
Jörns, Fabian Büttner, Holger Assmann, Ian Abbott, Jan Lübbe,
Jean-Pierre Geslin, Ladislav Michl, Livio Bieri, Ludovico de Nittis,
Marcel Hellwig, Michael Heimpold, Michael Tretter, Omer Akram, Pascal
Huerst, Richard Forro, Roland Hieber, Rouven Czerwinski, Sijmen
Huizenga, Taras Zaporozhets, Vivien Didelot, Vyacheslav Yurkov
Full Changelog: v1.5.1...v1.6