From 3aeb7acf48f08f195026d4ea95091475eb8738f1 Mon Sep 17 00:00:00 2001 From: Anatoliy Odukha Date: Tue, 27 Oct 2020 13:15:53 +0200 Subject: [PATCH] preparing 2020.10 release Signed-off-by: Anatoliy Odukha Restore reboot_command to aktualizr config doc. It was lost during the docs transition last year. See 056b80d4c749358daff8c13b14b1b3b1a7236300 or https://github.com/advancedtelematic/aktualizr/pull/1274 for the original feature. Signed-off-by: Patrick Vacek add "Find the unsigned Root and Targets metadata" page to docs Signed-off-by: Danylo Tereshchenko Add a link List all of the garage-sign-related instructions on the reference page. Relates-to: OTA-5253 Signed-off-by: Halyna Dumych fixed PR review comments Signed-off-by: Anatoliy Odukha --- CHANGELOG.md | 16 ++++++++++- docs/README.adoc | 1 + docs/ota-client-guide/antora.yml | 2 +- docs/ota-client-guide/modules/ROOT/nav.adoc | 1 + .../pages/_partials/aktualizr-version.adoc | 2 +- .../ROOT/pages/aktualizr-config-options.adoc | 1 + .../ROOT/pages/finding-unsigned-metadata.adoc | 27 +++++++++++++++++++ .../ROOT/pages/garage-sign-reference.adoc | 9 +++++-- 8 files changed, 54 insertions(+), 5 deletions(-) create mode 100644 docs/ota-client-guide/modules/ROOT/pages/finding-unsigned-metadata.adoc diff --git a/CHANGELOG.md b/CHANGELOG.md index b7ec18c0d0..258d6b2ef3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,21 @@ Our versioning scheme is `YEAR.N` where `N` is incremented whenever a new releas ## [upcoming release] -- Update garage-push and garage-deploy tools to support the latest backend changes. Both are backward compatible. Previous versions have the server URL *without* the token path, so it needs to be hardcoded. The new version has the full URL with the */oauth2/token* path at the end. Also, treehub.json has an additional parameter *scope*: [PR](https://github.com/advancedtelematic/aktualizr/pull/1767) +## [2020.10] - 2020-10-27 + +### Added +- Updated the `garage-push` and `garage-deploy` tools. Now, they support new back-end token generation to authenticate API requests. Also, we updated the `treehub.json` format for the new back-end. It now has the additional `scope` parameter. The changes are backward compatible. Previous versions have the server URL **without** the token path, so it needs to be hardcoded. The new version has the full URL with the `/oauth2/token` path at the end: [PR](https://github.com/advancedtelematic/aktualizr/pull/1767) + +### Changed +- Ubuntu Focal Dockerfile now uses the default OSTree package: [PR](https://github.com/advancedtelematic/aktualizr/pull/1751) +- Improved libaktualizr API exceptions: [PR](https://github.com/advancedtelematic/aktualizr/pull/1754) +- Improved binary file download progress: [PR](https://github.com/advancedtelematic/aktualizr/pull/1756) +- Allowed passing HTTP headers in `aktualizr-get`: [PR](https://github.com/advancedtelematic/aktualizr/pull/1762) +- Moved aktualizr-lite to its own [aktualizr-lite repository](https://github.com/foundriesio/aktualizr-lite): [PR](https://github.com/advancedtelematic/aktualizr/pull/1763) + +### Fixed +- Fixed the issue with the parameters check in `aktualizr-get`: [PR](https://github.com/advancedtelematic/aktualizr/pull/1760) +- Fixed the output of the pacman configuration: [PR](https://github.com/advancedtelematic/aktualizr/pull/1761) ## [2020.9] - 2020-08-26 diff --git a/docs/README.adoc b/docs/README.adoc index 04ea20bed6..81a8688141 100644 --- a/docs/README.adoc +++ b/docs/README.adoc @@ -41,6 +41,7 @@ The link above is for the doxygen docs on master. Doxygen docs for the following * https://advancedtelematic.github.io/aktualizr/2020.7/index.html[2020.7] * https://advancedtelematic.github.io/aktualizr/2020.8/index.html[2020.8] * https://advancedtelematic.github.io/aktualizr/2020.9/index.html[2020.9] +* https://advancedtelematic.github.io/aktualizr/2020.10/index.html[2020.10] ==== == Release process diff --git a/docs/ota-client-guide/antora.yml b/docs/ota-client-guide/antora.yml index 852da5f20d..d4a0468097 100644 --- a/docs/ota-client-guide/antora.yml +++ b/docs/ota-client-guide/antora.yml @@ -1,6 +1,6 @@ name: ota-client title: OTA Connect Developer Guide version: latest -display_version: 2020.9 (latest) +display_version: 2020.10 (latest) nav: - modules/ROOT/nav.adoc diff --git a/docs/ota-client-guide/modules/ROOT/nav.adoc b/docs/ota-client-guide/modules/ROOT/nav.adoc index 9c638ce156..e3aef5915e 100644 --- a/docs/ota-client-guide/modules/ROOT/nav.adoc +++ b/docs/ota-client-guide/modules/ROOT/nav.adoc @@ -73,6 +73,7 @@ ifndef::env-github[:pageroot:] ** xref:{pageroot}install-garage-sign-deploy.adoc[Install the garage-deploy tool] ** xref:{pageroot}keep-local-repo-on-external-storage.adoc[Keep your repository on external storage] ** xref:{pageroot}rotating-signing-keys.adoc[Rotate keys for Root and Targets metadata] +** xref:{pageroot}finding-unsigned-metadata.adoc[Find the unsigned Root and Targets metadata] ** xref:{pageroot}change-signature-thresholds.adoc[Change signature thresholds] ** xref:{pageroot}metadata-expiry.adoc[Manage metadata expiry dates] diff --git a/docs/ota-client-guide/modules/ROOT/pages/_partials/aktualizr-version.adoc b/docs/ota-client-guide/modules/ROOT/pages/_partials/aktualizr-version.adoc index 064297f8b5..bf4ad787fc 100644 --- a/docs/ota-client-guide/modules/ROOT/pages/_partials/aktualizr-version.adoc +++ b/docs/ota-client-guide/modules/ROOT/pages/_partials/aktualizr-version.adoc @@ -3,7 +3,7 @@ // the version being viewed, but when we are referencing aktualizr from // the other, non-versioned docs, we want to make sure we're using the // latest version. -:aktualizr-version: 2020.9 +:aktualizr-version: 2020.10 :yocto-version: 3.1 diff --git a/docs/ota-client-guide/modules/ROOT/pages/aktualizr-config-options.adoc b/docs/ota-client-guide/modules/ROOT/pages/aktualizr-config-options.adoc index 67f10f0fd6..a06f501388 100644 --- a/docs/ota-client-guide/modules/ROOT/pages/aktualizr-config-options.adoc +++ b/docs/ota-client-guide/modules/ROOT/pages/aktualizr-config-options.adoc @@ -206,5 +206,6 @@ Options for configuring boot-specific behavior | `rollback_mode` | `"none"` | Controls rollback on supported platforms, see xref:rollback.adoc[]. Options: `"none"`, `"uboot_generic"`, `"uboot_masked"` | `reboot_sentinel_dir` | `"/var/run/aktualizr-session"` | Base directory for reboot detection sentinel. Must reside in a temporary file system. | `reboot_sentinel_name` | `"need_reboot"` | Name of the reboot detection sentinel. +| `reboot_command` | `"/sbin/reboot"` | Command to reboot the system after update completes. Applicable only if `uptane::force_install_completion` is set to `true`. |========================================================================================== diff --git a/docs/ota-client-guide/modules/ROOT/pages/finding-unsigned-metadata.adoc b/docs/ota-client-guide/modules/ROOT/pages/finding-unsigned-metadata.adoc new file mode 100644 index 0000000000..e8c3a1b729 --- /dev/null +++ b/docs/ota-client-guide/modules/ROOT/pages/finding-unsigned-metadata.adoc @@ -0,0 +1,27 @@ += Find the unsigned Root and Targets metadata +ifdef::env-github[] + +[NOTE] +==== +We recommend that you link:https://docs.ota.here.com/ota-client/latest/{docname}.html[view this article in our documentation portal]. Not all of our articles render correctly in GitHub. +==== +endif::[] + +If you want to use your own PKI, you need to know where in your local repository you can find the metadata that you want to sign. +It may be the `root.json` or `targets.json` files. You can find both files in the `tuf//roles/unsigned` folder. + +NOTE: is the name you specified when you initialized your repository using `garage-sign init`. + +If the `unsigned/` folder is empty, you need to pull the metadata files: + +* To pull the unsigned `root.json` file, use `garage-sign root pull`. +* To pull the unsigned `targets.json` file, use `garage-sign targets pull`. + +If you have not created any targets, to create the unsigned `targets.json` file, use `garage-sign targets init`. + +To learn more about the `garage-sign` commands and options, see its xref:garage-sign-reference.adoc[reference] documentation. + +== Generate Root and Targets metadata in a canonical form + +To generate unsigned metadata in a canonical form, use the `garage-sign root get-unsigned` and `garage-sign targets get-unsigned` commands +for the unsigned `root.json` and `targets.json` files respectively. The files that you get are stored in the `unsigned/` folder. diff --git a/docs/ota-client-guide/modules/ROOT/pages/garage-sign-reference.adoc b/docs/ota-client-guide/modules/ROOT/pages/garage-sign-reference.adoc index 9f5b211c09..9e2291dee8 100644 --- a/docs/ota-client-guide/modules/ROOT/pages/garage-sign-reference.adoc +++ b/docs/ota-client-guide/modules/ROOT/pages/garage-sign-reference.adoc @@ -194,13 +194,15 @@ Global options ++++++ +++
+++ -`root [pull|push|key|sign]`: Manages root-of-trust metadata for a repository. +`root [pull|push|get-unsigned|key|sign]`: Manages root-of-trust metadata for a repository. +++
+++ `root pull`: Pulls the current `root.json` file from OTA Connect. `root push`: Uploads local `root.json` file to OTA Connect. If the file does not have a valid signature, it will be rejected by the server. +`root get-unsigned`: Generates an unsigned `root.json` file in a canonical JSON form. + +++
+++ `root key [add|remove]`: Manages keys that are permitted to sign the root-of-trust metadata. +++
+++ @@ -256,7 +258,7 @@ Global options +++
+++ +++
+++ -`targets [init|add|add-uploaded|delete|sign|pull|push|upload|delegations]`: (Only for repositories of type `reposerver`) Manages Targets metadata. +`targets [init|add|add-uploaded|delete|sign|pull|push|get-unsigned|upload|delegations]`: (Only for repositories of type `reposerver`) Manages Targets metadata. // tag::target-term[] *Target* is a term from Uptane. Each Target corresponds to a software version available in your OTA Connect software repository. // end::target-term[] @@ -322,6 +324,8 @@ Global options `targets push`: Pushes the latest `targets.json` file to the server. If the Targets file is invalid, for example because of a bad signature or a non-increasing version number, this `push` will fail with exit code 2. +`targets get-unsigned`: Generates the unsigned `targets.json` file in a canonical JSON form. + +++
+++ `targets upload`: Uploads a binary to the repository. // tag::targets-upload-note[] @@ -393,6 +397,7 @@ To learn how to use the garage-sign tool, see the following documentation: * xref:keep-local-repo-on-external-storage.adoc[Keep your repository on external storage] * xref:rotating-signing-keys.adoc[Rotate keys for Root and Targets metadata] +* xref:finding-unsigned-metadata.adoc[Find the unsigned Root and Targets metadata] * xref:change-signature-thresholds.adoc[Change signature thresholds] * xref:metadata-expiry.adoc[Manage metadata expiry dates] * xref:customise-targets-metadata.adoc[Add custom metadata fields to Targets metadata]