RAUC v1.2 Released
Right before the ELC-E starts tomorrow, we used the time in the hotel to bake a brand new RAUC release for you (and your embedded devices)! Well, here it is: RAUC v1.2
Are there any good reasons for updating to it? Of course! As always there is a good mix of bug fixes and new features your setups will benefit from:
We fixed some leaking file descriptors that may have caused RAUC to be killed with ‘Too many open files’ errors when executing a significant number of 'rauc status' or 'rauc install' actions without reboot.
RAUC now also will abort earlier in case of errors that are detectable before actually entering the atomic region and writing slots. This allows RAUC to fail earlier without leaving behind a disabled slot group with incomplete contents.
Another noteworthy change is that we changed the default of one of RAUC's most discussed optimization features: The skipping of slot updates where the intended and the current slots hash matches exactly. The past showed that this behaviour was often perceived as 'unexpected'. It is now disabled by default but may be explicitly enabled with install-same=false.
The command line interface received some new features and polishing so that we now have a more structured status output and an optional installation progress, activatable with rauc install --progress [...].
For devices that boot from the first MBR partition, RAUC now also supports atomic bootloader updates by manipulating the MBR to switch between redundant partition regions.
Thanks to all contributors since v1.1: Bastian Krause, Ellie Reeves, Enrico Jörns, Fabian Knapp, Gaël PORTAY, Jan Lübbe, Leif Middelschulte, Michael Heimpold , Stephan Michaelsen , Thomas Hämmerle, Thorsten Scherer, Tobias Junghans, Uwe Kleine-König
Being able to robustly and securely update embedded systems and IoT devices in the field is a key requirement of every product today. The update framework RAUC is the basis for a modern and future-proof solution. In this showcase we present the basic principles of a fail-safe update system and how Pengutronix can support you with implement this for your platform.
This release fixes a vulnerability in RAUC that can be exploited under certain circumstances to achieve a local privilege escalation. It provides both a mitigation for the vulnerability when using the existing bundle format as well as a new bundle format that uses dm-verity to continuously authenticate the update data while it is installed.
It's been 3 weeks ago now since the tag for RAUC 1.4 was created. But it is vacation time and so we have a good excuse for communicating things with some delay. Fortunately, the media team is back now and so also those of you who haven't noticed the new release yet will be informed about notable changes.