Skip to content
This repository has been archived by the owner on May 21, 2024. It is now read-only.

Commit

Permalink
Merge pull request #1769 from advancedtelematic/feat/prep-2020.10
Browse files Browse the repository at this point in the history
preparing 2020.10
  • Loading branch information
aodukha authored Oct 27, 2020
2 parents ebb75ad + 3aeb7ac commit 1255aa2
Show file tree
Hide file tree
Showing 8 changed files with 54 additions and 5 deletions.
16 changes: 15 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,21 @@ Our versioning scheme is `YEAR.N` where `N` is incremented whenever a new releas

## [upcoming release]

- Update garage-push and garage-deploy tools to support the latest backend changes. Both are backward compatible. Previous versions have the server URL *without* the token path, so it needs to be hardcoded. The new version has the full URL with the */oauth2/token* path at the end. Also, treehub.json has an additional parameter *scope*: [PR](https://github.com/advancedtelematic/aktualizr/pull/1767)
## [2020.10] - 2020-10-27

### Added
- Updated the `garage-push` and `garage-deploy` tools. Now, they support new back-end token generation to authenticate API requests. Also, we updated the `treehub.json` format for the new back-end. It now has the additional `scope` parameter. The changes are backward compatible. Previous versions have the server URL **without** the token path, so it needs to be hardcoded. The new version has the full URL with the `/oauth2/token` path at the end: [PR](https://github.com/advancedtelematic/aktualizr/pull/1767)

### Changed
- Ubuntu Focal Dockerfile now uses the default OSTree package: [PR](https://github.com/advancedtelematic/aktualizr/pull/1751)
- Improved libaktualizr API exceptions: [PR](https://github.com/advancedtelematic/aktualizr/pull/1754)
- Improved binary file download progress: [PR](https://github.com/advancedtelematic/aktualizr/pull/1756)
- Allowed passing HTTP headers in `aktualizr-get`: [PR](https://github.com/advancedtelematic/aktualizr/pull/1762)
- Moved aktualizr-lite to its own [aktualizr-lite repository](https://github.com/foundriesio/aktualizr-lite): [PR](https://github.com/advancedtelematic/aktualizr/pull/1763)

### Fixed
- Fixed the issue with the parameters check in `aktualizr-get`: [PR](https://github.com/advancedtelematic/aktualizr/pull/1760)
- Fixed the output of the pacman configuration: [PR](https://github.com/advancedtelematic/aktualizr/pull/1761)

## [2020.9] - 2020-08-26

Expand Down
1 change: 1 addition & 0 deletions docs/README.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ The link above is for the doxygen docs on master. Doxygen docs for the following
* https://advancedtelematic.github.io/aktualizr/2020.7/index.html[2020.7]
* https://advancedtelematic.github.io/aktualizr/2020.8/index.html[2020.8]
* https://advancedtelematic.github.io/aktualizr/2020.9/index.html[2020.9]
* https://advancedtelematic.github.io/aktualizr/2020.10/index.html[2020.10]
====

== Release process
Expand Down
2 changes: 1 addition & 1 deletion docs/ota-client-guide/antora.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
name: ota-client
title: OTA Connect Developer Guide
version: latest
display_version: 2020.9 (latest)
display_version: 2020.10 (latest)
nav:
- modules/ROOT/nav.adoc
1 change: 1 addition & 0 deletions docs/ota-client-guide/modules/ROOT/nav.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@ ifndef::env-github[:pageroot:]
** xref:{pageroot}install-garage-sign-deploy.adoc[Install the garage-deploy tool]
** xref:{pageroot}keep-local-repo-on-external-storage.adoc[Keep your repository on external storage]
** xref:{pageroot}rotating-signing-keys.adoc[Rotate keys for Root and Targets metadata]
** xref:{pageroot}finding-unsigned-metadata.adoc[Find the unsigned Root and Targets metadata]
** xref:{pageroot}change-signature-thresholds.adoc[Change signature thresholds]
** xref:{pageroot}metadata-expiry.adoc[Manage metadata expiry dates]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
// the version being viewed, but when we are referencing aktualizr from
// the other, non-versioned docs, we want to make sure we're using the
// latest version.
:aktualizr-version: 2020.9
:aktualizr-version: 2020.10

:yocto-version: 3.1

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -206,5 +206,6 @@ Options for configuring boot-specific behavior
| `rollback_mode` | `"none"` | Controls rollback on supported platforms, see xref:rollback.adoc[]. Options: `"none"`, `"uboot_generic"`, `"uboot_masked"`
| `reboot_sentinel_dir` | `"/var/run/aktualizr-session"` | Base directory for reboot detection sentinel. Must reside in a temporary file system.
| `reboot_sentinel_name` | `"need_reboot"` | Name of the reboot detection sentinel.
| `reboot_command` | `"/sbin/reboot"` | Command to reboot the system after update completes. Applicable only if `uptane::force_install_completion` is set to `true`.
|==========================================================================================

Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
= Find the unsigned Root and Targets metadata
ifdef::env-github[]

[NOTE]
====
We recommend that you link:https://docs.ota.here.com/ota-client/latest/{docname}.html[view this article in our documentation portal]. Not all of our articles render correctly in GitHub.
====
endif::[]

If you want to use your own PKI, you need to know where in your local repository you can find the metadata that you want to sign.
It may be the `root.json` or `targets.json` files. You can find both files in the `tuf/<reponame>/roles/unsigned` folder.

NOTE: <reponame> is the name you specified when you initialized your repository using `garage-sign init`.

If the `unsigned/` folder is empty, you need to pull the metadata files:

* To pull the unsigned `root.json` file, use `garage-sign root pull`.
* To pull the unsigned `targets.json` file, use `garage-sign targets pull`.
If you have not created any targets, to create the unsigned `targets.json` file, use `garage-sign targets init`.

To learn more about the `garage-sign` commands and options, see its xref:garage-sign-reference.adoc[reference] documentation.

== Generate Root and Targets metadata in a canonical form

To generate unsigned metadata in a canonical form, use the `garage-sign root get-unsigned` and `garage-sign targets get-unsigned` commands
for the unsigned `root.json` and `targets.json` files respectively. The files that you get are stored in the `unsigned/` folder.
Original file line number Diff line number Diff line change
Expand Up @@ -194,13 +194,15 @@ Global options
+++</div></details>+++

+++<details><summary>+++
`root [pull|push|key|sign]`: Manages root-of-trust metadata for a repository.
`root [pull|push|get-unsigned|key|sign]`: Manages root-of-trust metadata for a repository.
+++</summary><div>+++

`root pull`: Pulls the current `root.json` file from OTA Connect.

`root push`: Uploads local `root.json` file to OTA Connect. If the file does not have a valid signature, it will be rejected by the server.

`root get-unsigned`: Generates an unsigned `root.json` file in a canonical JSON form.

+++<details><summary>+++
`root key [add|remove]`: Manages keys that are permitted to sign the root-of-trust metadata.
+++</summary><div>+++
Expand Down Expand Up @@ -256,7 +258,7 @@ Global options
+++</div></details>+++

+++<details><summary>+++
`targets [init|add|add-uploaded|delete|sign|pull|push|upload|delegations]`: (Only for repositories of type `reposerver`) Manages Targets metadata.
`targets [init|add|add-uploaded|delete|sign|pull|push|get-unsigned|upload|delegations]`: (Only for repositories of type `reposerver`) Manages Targets metadata.
// tag::target-term[]
*Target* is a term from Uptane. Each Target corresponds to a software version available in your OTA Connect software repository.
// end::target-term[]
Expand Down Expand Up @@ -322,6 +324,8 @@ Global options
`targets push`: Pushes the latest `targets.json` file to the server.
If the Targets file is invalid, for example because of a bad signature or a non-increasing version number, this `push` will fail with exit code 2.

`targets get-unsigned`: Generates the unsigned `targets.json` file in a canonical JSON form.

+++<details><summary>+++
`targets upload`: Uploads a binary to the repository.
// tag::targets-upload-note[]
Expand Down Expand Up @@ -393,6 +397,7 @@ To learn how to use the garage-sign tool, see the following documentation:

* xref:keep-local-repo-on-external-storage.adoc[Keep your repository on external storage]
* xref:rotating-signing-keys.adoc[Rotate keys for Root and Targets metadata]
* xref:finding-unsigned-metadata.adoc[Find the unsigned Root and Targets metadata]
* xref:change-signature-thresholds.adoc[Change signature thresholds]
* xref:metadata-expiry.adoc[Manage metadata expiry dates]
* xref:customise-targets-metadata.adoc[Add custom metadata fields to Targets metadata]
Expand Down

0 comments on commit 1255aa2

Please sign in to comment.