From: Enrico Joerns <ejo@pengutronix.de>
To: "rauc@pengutronix.de" <rauc@pengutronix.de>
Subject: [RAUC] [ANNOUNCE] RAUC v1.0 Release Candidate 1 Available
Date: Fri, 12 Oct 2018 15:47:51 +0200 [thread overview]
Message-ID: <c802b6ec-985e-c30e-1f22-2b82c05a6031@pengutronix.de> (raw)
Hi,
we are (really) proud to announce that we've just prepared the first release
candidate for RAUC v1.0:
https://github.com/rauc/rauc/releases/tag/v1.0-rc1
This version adds several enhancements and new features concerning signing and
signature handling.
One of the most important improvements is the support for passing
Keys/Certificates stored on PKCS#11 tokens (e.g. for using a smart card
or HSM).
Also the boot selection interface gained several fixes and enhancements,
especially concerning the U-Boot integration that now implements the full
feature set of obtaining and setting the boot status.
Several extensions of the D-Bus API and some code refactoring now allow 'rauc
status' to fully work over D-Bus (if enabled) and finalizes the clear
separation between client and service.
Another topic that got a lot attention is easing RAUC debugging by providing
more targeted debugging and error messages, adding documentation, etc.
It is important to note that also several potential issues for the actual
installation process were fixed, e.g. by adding proper fsync() handling, using
O_EXCL for opening devices, or by fixing uid/gid handling during tar
extraction.
RAUC now also fully supports using file:// URI's and allows to open bundles
that have a custom file name extensions for cases where this really mandatory
of any reason.
The rest are 'only' minor new options, bug fixes, documentation updates,
typo fixes, etc.
Find more details in the full changes list below.
Note, as this is an RC for the upcoming 1.0 version of RAUC, please help
by testing this pre-release on all environments you want it to work
in and give us feedback in case of any issues.
Best regards and happy (and robust) updating,
The RAUC Team
---
RELEASE 1.0-RC1 (RELEASED OCT 12, 2018)
ENHANCEMENTS
- Bundle creation
- Add support for passing Keys/Certificates stored on PKCS#11
tokens (e.g. for using a smart card or HSM). See the PKCS#11
Support section for details.
- Print a warning during signing if a certificate in the chain
will expire within one month
- If keyring is given during bundle creation, automatically verify
bundle signature and trust chain
- Configuration (see the reference for the [system],[keyring] and
[slot.*.*] sections for details)
- Add extra-mount-opts argument to slot config to allow passing
custom options to mount calls (such as user_xattr or seclabel)
- Implement support for readonly slots that are part of the slot
description but should never be written by RAUC
- Add option use-bundle-signing-time to use singing time for
verification instead of the current time
- Introduce max-bundle-download-size config setting (by
Michael Heimpold)
- Rename confusing force-install-same flag to ignore-checksum (old
remains valid of course) (by Jan Remmet)
- Add strict parsing of config files as we do for manifests
already. This will reject configs with invalid keys,
groups, etc. to prevent unintentional behavior
- Installation
- Remove strict requirement of using .raucb file extension,
although it is still recommended
- Export RAUC slot type to handlers and hooks (by
Rasmus Villemoes)
- Add *.squashfs to raw slot handling (by Emmanuel Roullit)
- Add checking of RAUC bundle identifier (squashfs identifier)
- *.img files can now be installed to ext4, ubifs or vfat slots
(by Michael Heimpold)
- Warn if downloaded bundle could not be deleted
- Expose system information (variant, compatible, booted slot) over
D-Bus (by Jan Remmet)
- The rauc status command line call now only uses the D-Bus API
(when enabled) to obtain status information instead of loading
configuration and performing operations itself. This finalizes the
clear separations between client and service and also allows calling
the command line client wihout requiring any configuration.
- Add debug log domain rauc-subprocess for printing RAUC subprocess
invocations. This can be activated bysetting the environment
variable G_MESSAGES_DEBUG=rauc-subprocess. See the Debugging
RAUC section for details.
- Enhancement of many debug and error messages to be more precise and
helpful
- Let U-Boot boot selection handler remove slot from BOOT_ORDER when
marking it bad
- Implemented obtaining state and primary information for U-Boot boot
selection interface (by Timothy Lee)
- Also show certificate validity times when the certificate chain is
displayed
- Added a simple CGI as an example on how to code against the D-Bus
API in RAUC contrib/ folder. (by Bastian Stender)
BUG FIXES
- Bootchooser EFI handler error messages and segfault fixed (by
Arnaud Rebillout)
- Fix preserving of primary errors while printing follow-up errors in
update_handlers (by Rasmus Villemoes)
- Make not finding (all) appropriate target slots a fatal error again
- Prevent non-installation operations from touching the installation
progress information (by Bastian Stender)
- Call fsync() when writing raw images to assure content is fully
written to disk before exiting (by Jim Brennan)
- Fix casync store initialization for extraction without seeds (by
Arnaud Rebillout)
- Fix slot status path generation for external mounts (by
Vyacheslav Yurkov)
- Do not try to mount already mounted slots when loading slot status
information from per-slot file
- Fix invalid return value in case of failed mark_active()
- Fix bootname detection for missing root= command line parameter
- Fix passing intermediate certificates via command line which got
broken by a faulty input check (by Marcel Hamer)
- Preserve original uid/gid during extraction to be independent of the
running system. This was only problematic if the name to ID mapping
changed with an update. Note that this requires to enable
CONFIG_FEATURE_TAR_LONG_OPTIONS when using busybox tar.
- Block device paths are now opened with O_EXCL to ensure exclusive
access
- Fix handling for file:// URI's
- Build-fix workaround for ancient (< 3.4) kernels (by Yann E. MORIN)
- Various internal error handling fixes (by Ulrich Ölmann,
Bastian Stender)
- Several memory leak fixes
TESTING
- Abort on g_critical() to detect issues early
- Extended and restructured testing for barebox and u-boot boot
selection handling
- Basic rauc convert (casync) testing
- Switch to Travis xenial environment
- Make diffs created by uncrustify fatal to enforce coding style
- Fix hanging rauc.t in case of failed tests for fixing sharness
cleanup function handling
- Run sharness (rauc.t) tests with verbose output
- Show make-check log on error
CODE
- Add GError handling to download functions
- Prepare support for tracing log level
- Start more detailed annotation of function parameter direction and
transfer
- Simplified return handling as result of cleanup helper rework
- Treewide introduction of Glib automatic cleanup helpers. Increases
minimum required GLib version to 2.45.8 (by Philipp Zabel)
- Prepare deprecation of RAUC ancient non-bundle 'network mode'
DOCUMENTATION
- Add a debugging chapter on how to debug RAUC
- Add a bootloader-interaction section describing the boot selection
layer and the special handling for the supported bootloaders
- Add hint on how to run RAUC without D-Bus to FAQ
- Document sec_ref_host_tools and sec_ref_target_tools
- Tons of typo fixes, minor enhancements, clarifications, example
fixes, etc.
Contributions from: Alexander Dahl, Arnaud Rebillout, Bastian Stender,
Emmanuel Roullit, Enrico Jörns, Jan Lübbe, Jan Remmet, Jim Brennan,
Marcel Hamer, Michael Heimpold, Philip Downer, Philipp Zabel, Rasmus
Villemoes, Thomas Petazzoni, Timothy Lee, Ulrich Ölmann, Vyacheslav
Yurkov, Yann E. MORIN
--
Pengutronix e.K. | Enrico Jörns |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-5080 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
RAUC mailing list
reply other threads:[~2018-10-12 13:47 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c802b6ec-985e-c30e-1f22-2b82c05a6031@pengutronix.de \
--to=ejo@pengutronix.de \
--cc=rauc@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox