This file summarizes notable changes introduced in aktualizr version. It roughly follows the guidelines from Keep a Changelog.
Our versioning scheme is YEAR.N
where N
is incremented whenever a new release is issued. Thus N
does not necessarily map to months of the year.
- Updated the
garage-push
andgarage-deploy
tools. Now, they support new back-end token generation to authenticate API requests. Also, we updated thetreehub.json
format for the new back-end. It now has the additionalscope
parameter. The changes are backward compatible. Previous versions have the server URL without the token path, so it needs to be hardcoded. The new version has the full URL with the/oauth2/token
path at the end: PR
- Ubuntu Focal Dockerfile now uses the default OSTree package: PR
- Improved libaktualizr API exceptions: PR
- Improved binary file download progress: PR
- Allowed passing HTTP headers in
aktualizr-get
: PR - Moved aktualizr-lite to its own aktualizr-lite repository: PR
- Fixed the issue with the parameters check in
aktualizr-get
: PR - Fixed the output of the pacman configuration: PR
- Exceptions thrown through the API are now documented: PR
- The client TLS certifcate and key can be re-imported from the filesystem as long as the device ID is unchanged: PR
- More required headers for libaktualizr usage have been refactored for easier use: PR
- All code is now checked with clang-tidy-10: PR
- Default/recommended Yocto branch is dunfell (3.1): PR
- The Debain package manager has been removed as it was never fully functional: PR
- Android support has been removed as it was an unfinished prototype: PR
- The ISO-TP Secondary has been removed as it was an unmaintained prototype: PR
As a result of changes to the IP/POSIX Secondary protocol (see below), users of these Secondaries will need to take special care when upgrading their devices. The new version of aktualizr is backwards compatible and will work with both old and new versions of the protocol. However, aktualizr-secondary is not. This means that if you are upgrading a device with IP/POSIX Secondaries, you should update the Primary ECU running aktualizr first, and if that is successful, then update your Secondaries.
- You can now use the
SetInstallationRawReport
API function to set a custom raw report field in the device installation result: PR - You can now re-register ECUs, which supports replacing the Primary and adding, removing, and replacing Secondaries: PR
- gcc version 9 is now supported: PR
- Improved the Secondary interface and error reporting: PR
- Improved the Secondary IP/POSIX communication protocol, including streaming binary updates from the Primary to the Secondary: PR
- Moved the binary update logic to the package manager (and added
images_path
to the configuration): PR - The shared provisioning p12 file is now removed from the credentials archive after use. This can be disabled for testing. PR
- Errors encountered while sending metadata to Secondaries are now reported to the server with greater detail: PR
- The headers required to include for API users have been simplified: PR #1707, PR #1713, and PR #1716
- Cache device data (network, hardware info...) as much as we can to save bandwidth: PR
- Stricter matching of Uptane metadata with installed images: PR
- Various docker-app fixes: PR #1664 and PR #1665
- Use ED25519 to sign manifests when set as key type: PR
- libaktualizr API and aktualizr-primary command line parameter to provide custom hardware information in JSON format: PR
- Improved garage-deploy object fetching performance by reusing the curl handle: PR
- Added an SQL busy handler with 2 seconds timeout: PR
- Improved internal exception handling: PR #1654 and PR #1658
- Prevented more failure states from resulting in an installation loop: PR #1632 and PR #1635
- Allow installaton of 0-byte binary files: PR
- Refuse to download OSTree targets with the fake/binary package manager: PR
- No longer fetch unnumbered Root metadata from the Director: PR
- Abort update immediately if Secondary metadata verification fails: PR
- aktualizr-secondary can now reboot automatically after triggering an update: PR
- Reports are now stored in the SQL database so they persist through unexpected shutdown: PR
- garage-push now always pushes the OSTree ref to Treehub: PR
- Consistently follow the Uptane standard's style guide when using Uptane concepts, including the metadata output options of aktualizr-info: PR
- Public contributions now are tested with Github Actions instead of Travis CI: PR
- Default/recommended Yocto branch is zeus (3.0): PR
- Improved logging for aktualizr-secondary: PR
- Abort initialization if ECUs are already registered: PR
- Always use 64-bit integers for disk space arithmetic: PR
- Reject Director Targets metadata with delegations or repeated ECU IDs: PR
- Pluggable package managers for the Primary: PR
- Log basic device information when starting aktualizr: PR
- Wait for Secondaries to come online before attempting installation: PR #1533 and PR #1562
- Renamed shared libraries to remove the extraneous "_lib": PR
- Apply pending updates even if their metadata expired if the installation was initiated before the expiration: PR
- Add a missing include to fix building libaktualizr out-of-tree: PR
- Restore interrupted downloads correctly: PR
- Use
uintmax_t
for storing file length to support files greater than 4 GB: PR
- Require OpenSSL >= 1.0.2 explicitly: PR
- Catch the disk space availability exception: PR
- Correct Secondary target name/filepath in a manifest: PR
- Basic file update on IP Secondaries: PR
- Increased Targets metadata file size limit: PR
- Check and fetch Root metadata according to the Uptane standard: PR
- Don't fetch Snapshot or Targets metadata if we already have the latest: PR
- Dynamically link aktualizr and the tests with libaktualizr as shared library: PR
- Reject all targets if one doesn't match: PR
- Do not provision if the Primary times out while connecting to Secondaries: PR
- Use a bool type instead of a string in the virtual Secondary config: PR
- Correctly read blob data with null terminators from the SQL database: PR
- Report installation failure if download or target matching fails: PR
- Disk space is now checked before downloading binary files to ensure sufficient available disk space: PR
- Fixed several issues with OSTree updates on IP Secondaries: PR
- Allow logger to use stderr: PR
- Full metadata verification on IP Secondaries: PR
- Log when connectivity is restored after an interruption: PR
- Aktualizr now sends its configuration to the backend at boot, for audit purposes: PR
- The jsoncpp library is now included as a submodule and was updated to v1.8.4: PR
- PKCS11 engine paths auto-detection is not done at runtime anymore, but at configure time when possible: PR
- Removed bogus warning at boot when using OSTree: PR
- Updated the docker-app package manager to work with docker-app v0.8: PR
- Overriding of log level when using the docker-app package manager: PR
- Report correct hash of the currently installed version on IP Secondary:: PR
- Hardware information is only sent if it has changed: PR
- Builds without OSTree now default to using the binary package manager: PR
- New endpoint for reporting hardware information: PR
- libsystemd dependency and socket activation support: PR
- Enforce a limit of 10 HTTP redirects: PR
- Reject malformed root.json: PR
- Fall back on full file download if byte range requests are not supported: PR
- Incorrect installation status reported if installation interrupted: PR
- Binary updates of Secondaries from an OSTree Primary is again possible: PR
- Applications built from release tarballs now report a valid version: PR
- garage-deploy logic with checking for keys and verifying successful push: PR
GetInstallationLog
API method: PR- The aktualizr daemon will now automatically remove old downloaded targets to free up disk space: PR
- CA path is now always supplied to curl and can be overwritten: PR
- garage-push and garage-deploy can now stream OSTree objects to S3 via Treehub (instead of getting copied): PR
- hmi-stub (replaced by libaktualizr-demo-app): PR
- Uptane metadata is now rechecked (offline) before downloading and installing: PR
- Downloaded target hashes are rechecked before installation: PR
- Failed downloads are now reported to the backend in the installation report: PR
- Binary targets for an OSTree-based Primary are now rejected immediately: PR
- garage-sign metadata expiration parameters: PR
- aktualizr-info --wait-until-provisioned flag: PR
- aktualizr-repo image command now requires a hardware ID: PR
GetStoredTargets
andDeleteStoredTarget
aktualizr API methods: PR- aktualizr-get debugging tool: PR
- Automatic reboot command is now customizable: PR
- Basic C API: PR
- Ability to pass custom headers in HTTP requests: PR
- Mutual TLS support in garage tools: PR #1243 and PR #1288
- Renamed
GetStoredTarget
toOpenStoredTarget
in aktualizr API: PR - Renamed aktualizr-repo to uptane-generator: PR
- Documentation substantially restructed: PR
- Target matching between the Director and Image repositories is now done as early as possible during the check for updates: PR
- Target matching requires the hardware IDs to match: PR
- Custom URL logic now prefers the Director and if it is empty, only then checks the Image repository value: PR
- TLS support by aktualizr-lite: PR
- automatic garage-check usage at the end of garage-push/deploy: PR
- ccache support: PR #1248 and PR #1249
- doc on Primary and Secondary bitbaking for RPi: PR
- Jenkins pipeline and a few references: PR
- Hardcoded repo metadata used for testing: PR
- SecondaryFactory and VirtualSecondary out of libaktualizr: PR
- Fallback on clang-{tidy,format}: PR
- Logic of finding the latest version by aktualizr-lite: PR
- Test regression in docker-app-mgr: PR
- Some more lintian fixes: PR
- Campaigns can be declined and postponed via the API: PR
- Warn when running two libaktualizr instances simultaneously: PR #1217 and PR #1229
- aktualizr-info can output the Snapshot and Timestamp metadata from the Image repository: PR
- aktualizr-info can output the current and pending image versions for Secondaries: PR
- Support for docker-app package management on top of OSTree: PR
- Provisioning methods have been renamed. "Autoprovisioning" or "automatic provisioning" is now known as "shared credential provisioning". "Implicit provisioning" is now known as "device credential provisioning". "HSM provisioning" was always a misnomer, so it is now refered to as "device credential provisioning with an HSM". PR #1208 and PR #1220
- aktualizr-cert-provider is now included in the garage_deploy.deb releases: PR
- aktualizr-info metadata and key output is now printed without additional text for easier machine parsing (and piping to jq): PR
- The IP Secondary implementation has been substantially refactored and improved with support for POSIX sockets and easier configuration: PR #1183 and PR #1198
- aktualizr-check-discovery (due to obsolescence): PR
- New tool aktualizr-lite for anonymous TUF-only updates: PR
- Abort() API call: PR
- Option to print delegation metadata with aktualizr-info: PR
- Support for custom URIs for downloading targets: PR
- SendManifest() API call: PR
- Support for Android package management: PR
- Device installation failure result codes are deduced as concatenation of ECU failure result codes: PR
- No longer require hashes and sizes of Tagets objects in Snapshot metadata: PR
- Updated documentation: PR
- example.com is no longer set as the default URL when using garage-sign via garage-deploy: PR
- OPC-UA Secondary support: PR
- Check for updates even if sending the manifest fails: PR
- Correctly handle empty Targets metadata: PR #1186 and PR #1192
- Various OSTree-related memory leaks and suppressions: PR #1114, PR #1120, and PR #1179
- Various spurious and/or confusing log messages, e.g.: PR #1112, PR #1137, and PR #1180
- A new configuration parameter
force_install_completion
that triggers a system reboot at the end of the installation process for update mechanisms that need one to complete (e.g. OSTree package manager) - Support for delegations: PR #1074 and PR #1089
- Backward migrations of the SQL storage is now supported. It should allow rollbacking updates up to versions containing the feature: PR
- Image files are now stored on the filesystem instead of SQL. This was necessitated by blob size limits in SQLite. PR
- The Pause and Resume can now be called at any time and will also pause the internal event queue. API calls during the pause period will be queued up and resumed in order at the end. PR
- Boost libraries are now linked dynamically (as with all other dependencies): PR
- Most API calls refactored to return immediately with a future
- With an OSTree Primary, an installation is now considered successful when the device reboots with the new file system version. Before that, the installation is still considered in progress.
- Running modes in libaktualizr have been replaced by simpler logic in the aktualizr wrapper: PR
- Tests now use ed25519 as the default key type: PR
- Improved performance of garage-deploy: PR
- Auto retry for more robust download: PR
- Expanded functionality of aktualizr-repo: PR #1028 and PR #1035
- Option to run garage-push and garage-check to walk the full repository tree: PR
- Ability to pause and resume OSTree update downloads: PR
- Downloads are no longer done in parallel, as this substantially impacted the download speed: PR
- Correctly download targets with characters disallowed in URI in their name: PR
- Ability to pause and resume binary update downloads
- Expose download binary targets in API
- Secondaries configuration files must now lie in a common directory and specified in command line arguments or in static configuration: documentation
- API has been upgraded: FetchMeta has been merged with CheckUpdates and most functions now have meaningful return values.
- implicit_writer has been removed as it was no longer being used.
- Now trim whitespaces in some of our configuration and provisioning files (from meta-updater #420)
- Various updates in API
sota_implicit_prov
is deprecated- All the imported data should be under /var/sota/import
- HSM provisioning should not import certificate and private key, they belong to HSM, not to storage
- Make cert provider respect path to import directory
- Really remove the local tuf repo before and after garage-sign.
- garage-deploy and aktualizr releases for Ubuntu 18.04
- Prevent re-use of existing tuf repos
- Fixes to garage-deploy to improve reliability and logging
- Bug with path concatenation in garage-deploy
- garage-deploy package is now built against Ubuntu 16.04
- Expiration in garage-sign