Skip to content

Latest commit

 

History

History
515 lines (307 loc) · 29.2 KB

CHANGELOG.md

File metadata and controls

515 lines (307 loc) · 29.2 KB

Changelog

This file summarizes notable changes introduced in aktualizr version. It roughly follows the guidelines from Keep a Changelog.

Our versioning scheme is YEAR.N where N is incremented whenever a new release is issued. Thus N does not necessarily map to months of the year.

[upcoming release]

[2020.10] - 2020-10-27

Added

  • Updated the garage-push and garage-deploy tools. Now, they support new back-end token generation to authenticate API requests. Also, we updated the treehub.json format for the new back-end. It now has the additional scope parameter. The changes are backward compatible. Previous versions have the server URL without the token path, so it needs to be hardcoded. The new version has the full URL with the /oauth2/token path at the end: PR

Changed

  • Ubuntu Focal Dockerfile now uses the default OSTree package: PR
  • Improved libaktualizr API exceptions: PR
  • Improved binary file download progress: PR
  • Allowed passing HTTP headers in aktualizr-get: PR
  • Moved aktualizr-lite to its own aktualizr-lite repository: PR

Fixed

  • Fixed the issue with the parameters check in aktualizr-get: PR
  • Fixed the output of the pacman configuration: PR

[2020.9] - 2020-08-26

Added

  • Exceptions thrown through the API are now documented: PR
  • The client TLS certifcate and key can be re-imported from the filesystem as long as the device ID is unchanged: PR

Changed

  • More required headers for libaktualizr usage have been refactored for easier use: PR
  • All code is now checked with clang-tidy-10: PR
  • Default/recommended Yocto branch is dunfell (3.1): PR

Removed

  • The Debain package manager has been removed as it was never fully functional: PR
  • Android support has been removed as it was an unfinished prototype: PR
  • The ISO-TP Secondary has been removed as it was an unmaintained prototype: PR

[2020.8] - 2020-07-09

Special considerations

As a result of changes to the IP/POSIX Secondary protocol (see below), users of these Secondaries will need to take special care when upgrading their devices. The new version of aktualizr is backwards compatible and will work with both old and new versions of the protocol. However, aktualizr-secondary is not. This means that if you are upgrading a device with IP/POSIX Secondaries, you should update the Primary ECU running aktualizr first, and if that is successful, then update your Secondaries.

Added

  • You can now use the SetInstallationRawReport API function to set a custom raw report field in the device installation result: PR
  • You can now re-register ECUs, which supports replacing the Primary and adding, removing, and replacing Secondaries: PR
  • gcc version 9 is now supported: PR

Changed

  • Improved the Secondary interface and error reporting: PR
  • Improved the Secondary IP/POSIX communication protocol, including streaming binary updates from the Primary to the Secondary: PR
  • Moved the binary update logic to the package manager (and added images_path to the configuration): PR
  • The shared provisioning p12 file is now removed from the credentials archive after use. This can be disabled for testing. PR
  • Errors encountered while sending metadata to Secondaries are now reported to the server with greater detail: PR
  • The headers required to include for API users have been simplified: PR #1707, PR #1713, and PR #1716

[2020.7] - 2020-05-29

Changed

  • Cache device data (network, hardware info...) as much as we can to save bandwidth: PR
  • Stricter matching of Uptane metadata with installed images: PR

Fixed

  • Various docker-app fixes: PR #1664 and PR #1665
  • Use ED25519 to sign manifests when set as key type: PR

[2020.6] - 2020-04-30

Added

  • libaktualizr API and aktualizr-primary command line parameter to provide custom hardware information in JSON format: PR

Changed

  • Improved garage-deploy object fetching performance by reusing the curl handle: PR
  • Added an SQL busy handler with 2 seconds timeout: PR
  • Improved internal exception handling: PR #1654 and PR #1658

Fixed

  • Prevented more failure states from resulting in an installation loop: PR #1632 and PR #1635
  • Allow installaton of 0-byte binary files: PR
  • Refuse to download OSTree targets with the fake/binary package manager: PR

Removed

  • No longer fetch unnumbered Root metadata from the Director: PR

[2020.5] - 2020-04-01

Changed

Fixed

  • Abort update immediately if Secondary metadata verification fails: PR

[2020.4] - 2020-03-24

Added

  • aktualizr-secondary can now reboot automatically after triggering an update: PR
  • Reports are now stored in the SQL database so they persist through unexpected shutdown: PR

Changed

  • garage-push now always pushes the OSTree ref to Treehub: PR
  • Consistently follow the Uptane standard's style guide when using Uptane concepts, including the metadata output options of aktualizr-info: PR
  • Public contributions now are tested with Github Actions instead of Travis CI: PR
  • Default/recommended Yocto branch is zeus (3.0): PR
  • Improved logging for aktualizr-secondary: PR

Fixed

  • Abort initialization if ECUs are already registered: PR
  • Always use 64-bit integers for disk space arithmetic: PR
  • Reject Director Targets metadata with delegations or repeated ECU IDs: PR

[2020.3] - 2020-02-27

Added

  • Pluggable package managers for the Primary: PR
  • Log basic device information when starting aktualizr: PR

Changed

  • Wait for Secondaries to come online before attempting installation: PR #1533 and PR #1562
  • Renamed shared libraries to remove the extraneous "_lib": PR

Fixed

  • Apply pending updates even if their metadata expired if the installation was initiated before the expiration: PR
  • Add a missing include to fix building libaktualizr out-of-tree: PR
  • Restore interrupted downloads correctly: PR
  • Use uintmax_t for storing file length to support files greater than 4 GB: PR

[2020.2] - 2020-01-30

Changed

  • Require OpenSSL >= 1.0.2 explicitly: PR

Fixed

  • Catch the disk space availability exception: PR
  • Correct Secondary target name/filepath in a manifest: PR

[2020.1] - 2020-01-17

Added

  • Basic file update on IP Secondaries: PR

Changed

  • Increased Targets metadata file size limit: PR
  • Check and fetch Root metadata according to the Uptane standard: PR
  • Don't fetch Snapshot or Targets metadata if we already have the latest: PR
  • Dynamically link aktualizr and the tests with libaktualizr as shared library: PR
  • Reject all targets if one doesn't match: PR

Fixed

  • Do not provision if the Primary times out while connecting to Secondaries: PR
  • Use a bool type instead of a string in the virtual Secondary config: PR
  • Correctly read blob data with null terminators from the SQL database: PR
  • Report installation failure if download or target matching fails: PR
  • Disk space is now checked before downloading binary files to ensure sufficient available disk space: PR
  • Fixed several issues with OSTree updates on IP Secondaries: PR

[2019.11] - 2019-12-12

Added

  • Allow logger to use stderr: PR
  • Full metadata verification on IP Secondaries: PR
  • Log when connectivity is restored after an interruption: PR
  • Aktualizr now sends its configuration to the backend at boot, for audit purposes: PR

Changed

  • The jsoncpp library is now included as a submodule and was updated to v1.8.4: PR
  • PKCS11 engine paths auto-detection is not done at runtime anymore, but at configure time when possible: PR

Fixed

  • Removed bogus warning at boot when using OSTree: PR
  • Updated the docker-app package manager to work with docker-app v0.8: PR
  • Overriding of log level when using the docker-app package manager: PR
  • Report correct hash of the currently installed version on IP Secondary:: PR

[2019.10] - 2019-11-15

Added

Changed

  • Hardware information is only sent if it has changed: PR
  • Builds without OSTree now default to using the binary package manager: PR
  • New endpoint for reporting hardware information: PR

Removed

  • libsystemd dependency and socket activation support: PR

Fixed

  • Enforce a limit of 10 HTTP redirects: PR
  • Reject malformed root.json: PR
  • Fall back on full file download if byte range requests are not supported: PR

[2019.9] - 2019-10-16

Added

  • Handle POSIX signals: PR
  • Store target custom metadata when installing: PR

Fixed

  • Incorrect installation status reported if installation interrupted: PR
  • Binary updates of Secondaries from an OSTree Primary is again possible: PR
  • Applications built from release tarballs now report a valid version: PR

[2019.8] - 2019-09-12

Fixed

  • garage-deploy logic with checking for keys and verifying successful push: PR

[2019.7] - 2019-09-10

Added

  • GetInstallationLog API method: PR
  • The aktualizr daemon will now automatically remove old downloaded targets to free up disk space: PR
  • CA path is now always supplied to curl and can be overwritten: PR

Changed

  • garage-push and garage-deploy can now stream OSTree objects to S3 via Treehub (instead of getting copied): PR

Removed

Fixed

  • Uptane metadata is now rechecked (offline) before downloading and installing: PR
  • Downloaded target hashes are rechecked before installation: PR
  • Failed downloads are now reported to the backend in the installation report: PR
  • Binary targets for an OSTree-based Primary are now rejected immediately: PR

[2019.6] - 2019-08-21

Added

  • garage-sign metadata expiration parameters: PR
  • aktualizr-info --wait-until-provisioned flag: PR
  • aktualizr-repo image command now requires a hardware ID: PR
  • GetStoredTargets and DeleteStoredTarget aktualizr API methods: PR
  • aktualizr-get debugging tool: PR
  • Automatic reboot command is now customizable: PR
  • Basic C API: PR
  • Ability to pass custom headers in HTTP requests: PR
  • Mutual TLS support in garage tools: PR #1243 and PR #1288

Changed

  • Renamed GetStoredTarget to OpenStoredTarget in aktualizr API: PR
  • Renamed aktualizr-repo to uptane-generator: PR
  • Documentation substantially restructed: PR
  • Target matching between the Director and Image repositories is now done as early as possible during the check for updates: PR
  • Target matching requires the hardware IDs to match: PR
  • Custom URL logic now prefers the Director and if it is empty, only then checks the Image repository value: PR

[2019.5] - 2019-07-12

Added

  • TLS support by aktualizr-lite: PR
  • automatic garage-check usage at the end of garage-push/deploy: PR
  • ccache support: PR #1248 and PR #1249
  • doc on Primary and Secondary bitbaking for RPi: PR

Changed

  • Stripping of executables in release mode: PR
  • VirtualSecondary configuration: PR

Removed

  • Jenkins pipeline and a few references: PR
  • Hardcoded repo metadata used for testing: PR
  • SecondaryFactory and VirtualSecondary out of libaktualizr: PR
  • Fallback on clang-{tidy,format}: PR

Fixed

  • Logic of finding the latest version by aktualizr-lite: PR
  • Test regression in docker-app-mgr: PR
  • Some more lintian fixes: PR

[2019.4] - 2019-06-14

Added

Changed

  • Provisioning methods have been renamed. "Autoprovisioning" or "automatic provisioning" is now known as "shared credential provisioning". "Implicit provisioning" is now known as "device credential provisioning". "HSM provisioning" was always a misnomer, so it is now refered to as "device credential provisioning with an HSM". PR #1208 and PR #1220
  • aktualizr-cert-provider is now included in the garage_deploy.deb releases: PR
  • aktualizr-info metadata and key output is now printed without additional text for easier machine parsing (and piping to jq): PR
  • The IP Secondary implementation has been substantially refactored and improved with support for POSIX sockets and easier configuration: PR #1183 and PR #1198

Removed

  • aktualizr-check-discovery (due to obsolescence): PR

[2019.3] - 2019-04-29

Added

Changed

  • Device installation failure result codes are deduced as concatenation of ECU failure result codes: PR
  • No longer require hashes and sizes of Tagets objects in Snapshot metadata: PR
  • Updated documentation: PR

Removed

  • example.com is no longer set as the default URL when using garage-sign via garage-deploy: PR
  • OPC-UA Secondary support: PR

Fixed

[2019.2] - 2019-02-21

Added

  • A new configuration parameter force_install_completion that triggers a system reboot at the end of the installation process for update mechanisms that need one to complete (e.g. OSTree package manager)
  • Support for delegations: PR #1074 and PR #1089
  • Backward migrations of the SQL storage is now supported. It should allow rollbacking updates up to versions containing the feature: PR

Changed

  • Image files are now stored on the filesystem instead of SQL. This was necessitated by blob size limits in SQLite. PR
  • The Pause and Resume can now be called at any time and will also pause the internal event queue. API calls during the pause period will be queued up and resumed in order at the end. PR
  • Boost libraries are now linked dynamically (as with all other dependencies): PR

[2019.1] - 2019-01-10

Changed

Added

  • Auto retry for more robust download: PR
  • Expanded functionality of aktualizr-repo: PR #1028 and PR #1035
  • Option to run garage-push and garage-check to walk the full repository tree: PR
  • Ability to pause and resume OSTree update downloads: PR

Removed

  • Downloads are no longer done in parallel, as this substantially impacted the download speed: PR

Fixed

  • Correctly download targets with characters disallowed in URI in their name: PR

[2018.13] - 2018-11-05

Added

Changed

  • Secondaries configuration files must now lie in a common directory and specified in command line arguments or in static configuration: documentation
  • API has been upgraded: FetchMeta has been merged with CheckUpdates and most functions now have meaningful return values.

Removed

  • implicit_writer has been removed as it was no longer being used.

Fixed

[2018.12] - 2018-10-10

Changed

  • Various updates in API
  • sota_implicit_prov is deprecated
  • All the imported data should be under /var/sota/import

Fixed

  • HSM provisioning should not import certificate and private key, they belong to HSM, not to storage
  • Make cert provider respect path to import directory

[2018.11] - 2018-09-05

Fixed

  • Really remove the local tuf repo before and after garage-sign.

[2018.10] - 2018-09-04

Added

  • garage-deploy and aktualizr releases for Ubuntu 18.04

Fixed

  • Prevent re-use of existing tuf repos

[2018.9] - 2018-08-30

Fixed

  • Fixes to garage-deploy to improve reliability and logging

[2018.8] - 2018-08-16

Fixed

  • Bug with path concatenation in garage-deploy

[2018.7] - 2018-05-31

Changed

  • garage-deploy package is now built against Ubuntu 16.04

[2018.6] - 2018-05-28

Fixed

  • Expiration in garage-sign

[2018.5] - 2018-02-26

[2018.4] - 2018-02-23

[2018.3] - 2018-02-16

[2018.2] - 2018-02-16

[2018.1] - 2018-02-05