RAUC v1.1 Released
Just before the beautiful shine of the new has fully disappeared from RAUC 1.0, it is now time to bring out a new release: v1.1.
This release comes with some remarkable memory leakage fixes you should not miss.
As new features, we now have full support for reading GRUB2 status like we had for the other bootloader implementations already.
A minor feature but quite useful for debugging certificate issues is the new ability to use --dump-cert without requiring successful verification.
Especially system integrators may like the support for using multiple keyring certificates from a directory. This will avoid conflicts when installing multiple certificates from different build system packages.
As a result of various community feedback and discussion, this release adds a bunch of documentation updates targeting potential misunderstandings and explains some unclear topics in more detail.
We would like to say thank you to everyone who tested for v1.1, reported issues or contributed new features!
For those using A+B+recovery setups where A+B are controlled via the default boot selection logic and recovery is booted as fallback without this mechanism, RAUC also allows specifying the booted slot's name (not only the bootname) via commandline (e.g. rauc.slot=recovery.0).
Thanks to all contributors since v1.0: Angus Lees, Arnaud Rebillout, Beralt Meppelink, Enrico Jörns, Evan Edstrom, Ian Abbott, Jan Lübbe, Michael Heimpold, Rasmus Villemoes, Ulrich Ölmann, Vitaly Ogoltsov
Eingebettete Systeme und IoT-Geräte robust und sicher im Feld updaten zu können ist heute eine Kernanforderung jedes Produkts. Das Update-Framework RAUC ist die Basis für eine moderne und zukunftsfähige Lösung. In diesem Showcase zeigen wir die Grundprinzipien eines ausfallsicheren Update-Systems und wie Sie dieses mit Unterstützung von Pengutronix für Ihre Plattform realisieren können.
This release fixes a vulnerability in RAUC that can be exploited under certain circumstances to achieve a local privilege escalation. It provides both a mitigation for the vulnerability when using the existing bundle format as well as a new bundle format that uses dm-verity to continuously authenticate the update data while it is installed.
It's been 3 weeks ago now since the tag for RAUC 1.4 was created. But it is vacation time and so we have a good excuse for communicating things with some delay. Fortunately, the media team is back now and so also those of you who haven't noticed the new release yet will be informed about notable changes.