meta-updater
OSTree is a tool for atomic full file system upgrades with rollback capability. OSTree has several advantages over traditional dual-bank systems, but the most important one is that it minimizes network bandwidth and data storage footprint by sharing files with the same contents across file system deployments.
Aktualizr (and RVI SOTA client) add authentication and provisioning capabilities to OTA and are integrated with OSTree. You can connect with the open-source RVI SOTA server or sign up for a free account at ATS Garage to get started.
Build
Quickstart
If you don’t already have a Yocto project that you want to add OTA to, you can use the ATS Garage Quickstart project to rapidly get up and running on a Raspberry Pi. It takes a standard poky distribution, and adds OTA and OSTree capabilities.
Adding meta-updater capabilities to your build
If you already have a Yocto-based project and you want to add atomic filesystem updates to it, you just need to do three things:
-
Clone the
meta-updaterlayer and add it to your bblayers.conf. -
Clone BSP integration layer (meta-updater-${PLATFORM}, e.g. meta-updater-raspberrypi) and add it to your conf/bblayers.conf. If your board isn’t supported yet, you could write a BSP integration for it yourself. See the Adding support for your board section for the details.
-
Set up your distro. If you are using "poky", the default distro in Yocto, you can change it in your conf/local.conf to "poky-sota". Alternatively, if you are using your own or third party distro configuration, you can add 'INHERIT += " sota"' to it, thus combining capabilities of your distro with meta-updater features.
You can then build your image as usual, with bitbake. After building the root file system, bitbake will then create an OSTree-enabled version of it, commit it to your local OSTree repo and (optionally) push it to a remote server. Additionally, a live disk image will be created (normally named ${IMAGE_NAME}.-sdimg-ota e.g. core-image-raspberrypi3.rpi-sdimg-ota). You can control this behaviour through OSTree-related variables in your local.conf.
Build in AGL
With AGL you can just add agl-sota feature while configuring your build environment:
source meta-agl/scripts/aglsetup.sh -m porter agl-demo agl-appfw-smack agl-devel agl-sota
you can then run
bitbake agl-demo-platform
and get as a result an "ostree_repo" folder in your images directory (tmp/deploy/images/${MACHINE}/ostree_repo). It will contain
-
your OSTree repository, with the rootfs committed as an OSTree deployment,
-
an 'otaimg' bootstrap image, which is an OSTree physical sysroot as a burnable filesystem image, and optionally
-
some machine-dependent live images (e.g. '.rpi-sdimg-ota' for Raspberry Pi or '.porter-sdimg-ota' Renesas Porter board).
Although aglsetup.sh hooks provide reasonable defaults for SOTA-related variables, you may want to tune some of them.
Build problems
Multilib systems may require adding this line to local.conf:
HOSTTOOLS += "x86_64-linux-gnu-gcc"
Ubuntu users that encounter an error due to missing Python.h should install libpython2.7-dev on their host machine.
Supported boards
Currently supported platforms are
Adding support for your board
If your board isn’t supported yet, you can add board integration code yourself. The main purpose of this code is to provide a bootloader that will be able to use OSTree’s boot directory. In the meta-updater integration layers we have written so far, the basic steps are:
-
Make the board boot into U-Boot
-
Make U-boot import variables from /boot/loader/uEnv.txt and load the kernel with initramfs and kernel command line arguments according to what is set in this file.
You may take a look into Minnowboard or Raspberry Pi integration layers for examples.
Although we have used U-Boot so far, other boot loaders can be configured work with OSTree as well.
SOTA-related variables in local.conf
-
OSTREE_REPO- path to your OSTree repository. Defaults to${DEPLOY_DIR_IMAGE}/ostree_repo -
OSTREE_OSNAME- OS deployment name on your target device. For more information about deployments and osnames see the OSTree documentation. Defaults to "poky". -
OSTREE_INITRAMFS_IMAGE- initramfs/initrd image that is used as a proxy while booting into OSTree deployment. Do not change this setting unless you are sure that your initramfs can serve as such a proxy. -
SOTA_PACKED_CREDENTIALS- when set, your ostree commit will be pushed to a remote repo as a bitbake step. This should be the path to a zipped credentials file in the format accepted by garage-push. -
SOTA_CLIENT_PROV- which provisioning method to use. Valid options areaktualizr-auto-prov,aktualizr-implicit-prov, andaktualizr-hsm-prov. The default isaktualizr-auto-prov. This can also be set to an empty string to avoid using a provisioning recipe. -
SOTA_CLIENT_FEATURES- extensions to aktualizr. Multiple can be specified if separated by spaces. Valid options arehsm(to build with HSM support) andsecondary-example(to install an example legacy secondary interface in the image). -
SOTA_LEGACY_SECONDARY_INTERFACE- path to a legacy secondary interface installed on the device. To use the example interface from the Aktualizr repo, use/usr/bin/example-interfaceand make sureSOTA_CLIENT_FEATURES = "secondary-example". -
SOTA_SECONDARY_ECUS- a list of paths separated by spaces of JSON configuration files for virtual secondaries on the host. These will be installed into/var/sota/ecuson the device. -
SOTA_VIRTUAL_SECONDARIES- a list of paths separated by spaces of JSON configuration files for virtual secondaries installed on the device. IfSOTA_SECONDARY_ECUSis used to install them, then you can expect them to be installed in/var/sota/ecus.
Usage
OSTree
OSTree used to include a simple HTTP server as part of the ostree binary, but this has been removed in more recent versions. However, OSTree repositories are self-contained directories, and can be trivially served over the network using any HTTP server. For example, you could use Python’s SimpleHTTPServer:
cd tmp/deploy/images/qemux86-64/ostree_repo python -m SimpleHTTPServer <port> # port defaults to 8000
You can then run ostree from inside your device by adding your repo:
# This behaves like adding a Git remote; you can name it anything ostree remote add --no-gpg-verify my-remote http://<your-ip>:<port> # If OSTREE_BRANCHNAME is set in local.conf, that will be the name of the # branch. If not set, it defaults to the value of MACHINE (e.g. qemux86-64). ostree pull my-remote <branch> # poky is the OS name as set in OSTREE_OSNAME ostree admin deploy --os=poky my-remote:<branch>
After restarting, you will boot into the newly deployed OS image.
For example, on the raspberry pi you can try this sequence:
# add remote ostree remote add --no-gpg-verify agl-snapshot https://download.automotivelinux.org/AGL/snapshots/master/latest/raspberrypi3/deploy/images/raspberrypi3/ostree_repo/ agl-ota # pull ostree pull agl-snapshot agl-ota # deploy ostree admin deploy --os=agl agl-snapshot:agl-ota
garage-push
The aktualizr repo contains a tool, garage-push, which lets you push the changes in OSTree repository generated by bitbake process. It communicates with an http server capable of querying files with HEAD requests and uploading them with POST requests. In particular, this can be used with ATS Garage. garage-push is used as follows:
garage-push --repo=/path/to/ostree-repo --ref=mybranch --credentials=/path/to/credentials.zip
You can set SOTA_PACKED_CREDENTIALS in your local.conf to make your build results be automatically synchronized with a remote server. Credentials are stored in the JSON format described in the garage-push README. This JSON file can be optionally stored inside a zip file, although if it is stored this way, the JSON file must be named treehub.json.
QA
This layer relies on the test framework oe-selftest for quality assurance. Follow the steps below to run the tests:
-
Append the line below to conf/local.conf
SANITY_TESTED_DISTROS=""-
Run oe-selftest:
oe-selftest --run-tests updater
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent