RAUC v0.2 Released
We proudly just sent out a new release of the RAUC update framework.
With 171 individual changes since v0.1.1 we have put much effort in enhancing both the usability and the stability of RAUC while adding a set of useful features making RAUC applicable for even more use cases.
Scroll through the following list to get an overview of the most significant changes for this release:
For those who use RAUC from the command line, the tool now provides an output of the installation progress as well as improved error reporting to ease quickly finding configuration or runtime issues.
RAUC now supports splitting up the installation and the actual activation of an update. This can be quite useful for scenarios where you first want to roll out updates to all devices in the field and then enable it for all devices together at a defined point in time.
Therefor both the system configuration option activate-installed as well as new D-Bus method mark along with the new rauc status mark-active sub command were introduced.
The changes not only allow to handle delayed activation but also enable you to use the RAUC bootloader abstraction to modify the target to boot, e.g. for testing.
When dealing with certificates, you might have asked yourself often in the past if you signed your update correctly, if the verification works as expected, etc.
Now, the RAUC commandline tool provides features and options to ease dealing with certificate debugging:
A newly introduced --keyring argument allows you to directly define the keyring to use for verification without the need to have a system.conf file. This is especially useful for inspecting bundles on your build host.
The output of rauc info now dumps the trust chain (with subject, issuer, and calculated SPKI (SubjectPublicKeyInfo) hash) successfully verify the inspected bundle.
If passing the newly introduced --dump-cert argument, you will also get the full signer cert of the bundle printed.
But, debug printout is not the only improvement targeting certificate support:
When scrolling through the help text of the RAUC tool, you may encounter a fully new command rauc resign. We finally added (after we've already mentioned it in the documentation) support for resigning bundles. This can be quite useful when changing a bundle (after having tested it successfully) from development/testing state to production state without actually having to touch its well-proven content anymore.
RAUC resign allows you to verify the bundle on your build host, remove the signature and add a new one created from a different key.
Last but not least, a significant effort we've put in enhancing the documentation, as you could already read in this blog post.
For an extended list of all changes (especially the bugfixes) contained in the v0.2 release, see the CHANGES file.
For the next release we already have a bunch of new features planned or already prepared, including a central comprehensive status file for storing slot checksum and metadata, support for placing and honoring intermediate certificates in bundles, streaming support based on casync and much more.
In its current master branch, RAUC now supports encrypted Bundles. This tutorial will introduce you to the basics of using encryption in RAUC and show how to use it in a simplified Yocto setup with the meta-rauc Layer.