CHANGES

Release 1.0 (released Dec 20, 2018)
-----------------------------------

.. rubric:: Enhancements

* Support OpenSSL 1.1
* Use OPENSSL_config() instead of OPENSSL_no_config()
* Handle curl_global_init() return code

.. rubric:: Bug fixes

* Fix error handling when resolving the backing file for a loop device
* Fix error reporting when no primary slot is found with u-boot (by Matthias Bolte)
* Fix memory leaks when parsing handler output
* Fix compiler error when building with --disable-network
* Handle fatal errors during curl or openssl initialization
* Fix boot selection handling for asymmetric update setups
* Fix default variant string in case of failure when obtaining
* Fix return codes when giving excess arguments to CLI functions
* Let 'rauc service' return exit code != 0 in case of failure
* Print 'rauc service' user error output with g_printerr()
* Fix showing primary slot (obtained via D-Bus) in 'rauc status'
* Fix showing inverted boot-status (obtained via D-Bus) in 'rauc status'
* Minor output and error handling fixes and enhancements

.. rubric:: Testing

* Fake entropy in uml tests to fix and speed up testing
* Fix creating and submitting coverity report data
* Migrate to using Docker images for testing
* Changed coverage service from coveralls to codecov.io
* Switch to uncrustify 0.68.1

.. rubric:: Documentation

* Provided slot configuration :ref:`examples <sec-example-slot-configs>` for
  common scenarios
* Fixes and enhancements of README.rst to match current state
* Add sphinx DTS lexer for fixing and improving dts example code parsing

Contributions from: Ahmad Fatoum, Enrico Jörns, Jan Lübbe, Matthias Bolte

Release 1.0-rc1 (released Oct 12, 2018)
---------------------------------------

.. rubric:: Enhancements

* Bundle creation

  * Add support for passing Keys/Certificates stored on PKCS#11 tokens (e.g. for using a smart card or HSM).
    See :ref:`pkcs11-support` for details.
  * Print a warning during signing if a certificate in the chain will expire within one month
  * If keyring is given during bundle creation, automatically verify bundle signature and trust chain

* Configuration
  (see the reference for the :ref:`[system] <system-section>`, :ref:`[keyring] <keyring-section>` and :ref:`[slot.*.*] <slot.slot-class.idx-section>` sections for details)

  * Add ``extra-mount-opts`` argument to slot config to allow passing custom options
    to ``mount`` calls (such as user_xattr or seclabel)
  * Implement support for ``readonly`` slots that are part of the slot description but
    should never be written by RAUC
  * Add option ``use-bundle-signing-time`` to use signing time for verification instead
    of the current time
  * Introduce ``max-bundle-download-size`` config setting (by Michael Heimpold)
  * Rename confusing ``force-install-same`` flag to ``ignore-checksum`` (old remains
    valid of course) (by Jan Remmet)
  * Add strict parsing of config files as we do for manifests already.
    This will reject configs with invalid keys, groups, etc. to prevent unintentional behavior

* Installation

  * Remove strict requirement of using ``.raucb`` file extension, although it is still recommended
  * Export RAUC slot type to handlers and hooks (by Rasmus Villemoes)
  * Add ``*.squashfs`` to ``raw`` slot handling (by Emmanuel Roullit)
  * Add checking of RAUC bundle identifier (squashfs identifier)
  * ``*.img`` files can now be installed to ``ext4``, ``ubifs`` or ``vfat`` slots (by Michael Heimpold)
  * Warn if downloaded bundle could not be deleted

* Expose system information (variant, compatible, booted slot) over D-Bus (by Jan Remmet)
* The ``rauc status`` command line call now only uses the D-Bus API (when enabled) to obtain
  status information instead of loading configuration and performing operations itself.
  This finalizes the clear separations between client and service and also allows calling
  the command line client without requiring any configuration.
* Add debug log domain ``rauc-subprocess`` for printing RAUC subprocess invocations.
  This can be activated by setting the environment variable ``G_MESSAGES_DEBUG=rauc-subprocess``.
  See :ref:`debugging` for details.
* Enhancement of many debug and error messages to be more precise and helpful
* Let U-Boot boot selection handler remove slot from ``BOOT_ORDER`` when marking it bad
* Implemented obtaining state and primary information for U-Boot boot selection interface (by Timothy Lee)
* Also show certificate validity times when the certificate chain is displayed
* Added a simple CGI as an example on how to code against the D-Bus API in RAUC contrib/ folder. (by Bastian Stender)

.. rubric:: Bug fixes

* Bootchooser EFI handler error messages and segfault fixed (by Arnaud Rebillout)
* Fix preserving of primary errors while printing follow-up errors in update_handlers (by Rasmus Villemoes)
* Make not finding (all) appropriate target slots a fatal error again
* Prevent non-installation operations from touching the installation progress information (by Bastian Stender)
* Call ``fsync()`` when writing raw images to assure content is fully written to disk before exiting (by Jim Brennan)
* Fix casync store initialization for extraction without seeds (by Arnaud Rebillout)
* Fix slot status path generation for external mounts (by Vyacheslav Yurkov)
* Do not try to mount already mounted slots when loading slot status information from per-slot file
* Fix invalid return value in case of failed ``mark_active()``
* Fix bootname detection for missing ``root=`` command line parameter
* Fix passing intermediate certificates via command line which got broken by a faulty input check (by Marcel Hamer)
* Preserve original uid/gid during extraction to be independent of the running system.
  This was only problematic if the name to ID mapping changed with an update.
  Note that this requires to enable ``CONFIG_FEATURE_TAR_LONG_OPTIONS`` when using busybox tar.
* Block device paths are now opened with ``O_EXCL`` to ensure exclusive access
* Fix handling for ``file://`` URIs
* Build-fix workaround for ancient (< 3.4) kernels (by Yann E. MORIN)
* Various internal error handling fixes (by Ulrich Ölmann, Bastian Stender)
* Several memory leak fixes

.. rubric:: Testing

* Abort on ``g_critical()`` to detect issues early
* Extended and restructured testing for barebox and u-boot boot selection handling
* Basic ``rauc convert`` (casync) testing
* Switch to Travis xenial environment
* Make diffs created by uncrustify fatal to enforce coding style
* Fix hanging rauc.t in case of failed tests for fixing sharness cleanup function handling
* Run sharness (rauc.t) tests with verbose output
* Show make-check log on error

.. rubric:: Code

* Add GError handling to download functions
* Prepare support for tracing log level
* Start more detailed annotation of function parameter direction and transfer
* Simplified return handling as result of cleanup helper rework
* Treewide introduction of Glib automatic cleanup helpers. Increases minimum required GLib version to 2.45.8 (by Philipp Zabel)
* Prepare deprecation of RAUC ancient non-bundle 'network mode'

.. rubric:: Documentation

* Add a :ref:`debugging` chapter on how to debug RAUC
* Add a :ref:`bootloader-interaction` section describing the boot selection layer and the special handling for the supported bootloaders
* Add hint on how to run RAUC without D-Bus to FAQ
* Document :ref:`sec_ref_host_tools` and :ref:`sec_ref_target_tools`
* Tons of typo fixes, minor enhancements, clarifications, example fixes, etc.

Contributions from: Alexander Dahl, Arnaud Rebillout, Bastian Stender, Emmanuel Roullit, Enrico Jörns, Jan Lübbe, Jan Remmet, Jim Brennan, Marcel Hamer, Michael Heimpold, Philip Downer, Philipp Zabel, Rasmus Villemoes, Thomas Petazzoni, Timothy Lee, Ulrich Ölmann, Vyacheslav Yurkov, Yann E. MORIN

Release 0.4 (released Apr 9, 2018)
----------------------------------

.. rubric:: Enhancements

* Add ``barebox-statename`` key to ``[system]`` section of system.conf in order
  to allow using non-default names for barebox state
* Support atomic bootloader updates for eMMCs.
  The newly introduced slot type ``boot-emmc`` will tell RAUC to handle
  bootloader updates on eMMC by using the ``mmcblkXboot0/-boot1`` partitions
  and the EXT_CSD registers for alternating updates.
* Support writing ``*.vfat`` images to vfat slots
* Add basic support for streaming bundles using casync tool.
  Using the casync tool allows streaming bundle updates chunk-wise over
  http/https/sftp etc.
  By using the source slot as a seed for the reproducible casync chunking
  algorithm, the actual chunks to download get reduced to only those that
  differ from the original system.

  * Add ``rauc convert`` command to convert conventional bundles to casync
    bundle and chunk store
  * Extend update handler to handle ``.caibx`` and ``.caidx`` suffix image types in
    bundle
* Added ``--detailed`` argument to ``rauc status`` to obtain newly added slot
  status information
* Added D-Bus Methods ``GetSlotStatus`` to obtain collected status of all slots
* Extended information stored in slot status files (installed bundle info,
  installation and activation timestamps and counters)
* Optionally use a central status file located in a storage location not
  touched during RAUC updates instead of per-slot files (enabled by setting
  ``statusfile`` key in ``[system]`` section of ``system.conf``).
* Add ``write-slot`` command to write images directly to defined slots (for use
  during development)

.. rubric:: Bug fixes

* Fix documentation out-of-tree builds
* Fixed packaging for dbus wrapper script rauc-service.sh
* Some double-free and error handling fixes

.. rubric:: Testing

* Create uncrustify report during Travis run

.. rubric:: Code

* Unified hash table iteration and variable usage
* Add uncrustify code style configuration checker script to gain consistent
  coding style. Committed changes revealed by initial run.

.. rubric:: Documentation

* Updated and extended D-Bus interface documentation
* Added documentation for newly added features (casync, central slot status,
  etc.)
* Fixed and extended Yocto (meta-rauc) integration documentation
* Add link to IRC/Matrix channel
* Some minor spelling errors fixed

Release 0.3 (released Feb 1, 2018)
----------------------------------

.. rubric:: Enhancements

* Added support for intermediate certificates, improved bundle resigning and
  certificate information for hooks.
  This makes it easier to use a multi-level PKI with separate intermediate
  certificates for development and releases.
  See :ref:`sec-resign` for details.
* Added support for image variants, which allow creating a single bundle which
  supports multiple hardware variants by selecting the matching image from a
  set contained in the bundle.
  See :ref:`sec-variants` for details.
* Added support for redundant booting by using EFI boot entries directly.
  See :ref:`sec-efi` for details.
* Added boot information to ``rauc status``
* Added ``rauc extract`` command to extract bundles
* Support detection of the booted slot by using the ``UUID=`` and ``PARTUUID=``
  kernel options.
* Improved the status and error output
* Improved internal error cause propagation

.. rubric:: Bug fixes

* Fixed boot slot detection for ``root=<symlink>`` boot parameters (such as
  ``root=/dev/disk/by-path/pci-0000:00:17.0-ata-1-part1``)
* Removed redundant image checksum verification during installation.

.. rubric:: Testing

* Improve robustness and test coverage
* Use gcc-7 for testing

.. rubric:: Documentation

* Added documentation for

  - intermediate certificates
  - re-signing bundles
  - image variants
  - UEFI support

* Minor fixes and clarifications

Release 0.2 (released Nov 7, 2017)
----------------------------------

.. rubric:: Enhancements

* Added ``--override-boot-slot`` argument to force booted slot
* Display installation progress and error cause in CLI
* Allow installing uncompressed tar balls
* Error reporting for network handling and fail on HTTP errors
* Added ``--keyring`` command line argument
* Added ``activate-installed`` key and handling for ``system.conf`` that allows
  installing updates without immediately switching boot partitions.
* Extended ``rauc status mark-{good,bad}`` with an optional slot identifier
  argument
* Added subcommand ``rauc status mark-active`` to explicitly activate slots
* New D-Bus method ``mark`` introduced that allows slot activation via D-Bus
* Added ``tar`` archive update handler for ``vfat`` slots
* Introduced ``rauc resign`` command that allows to exchange RAUC signature
  without modifying bundle content
* Display signature verification trust chain in output of ``rauc info``.
  Also generate and display SPKI hash for each certificate
* Added ``--dump-cert`` argument to ``rauc info`` to allow displaying signer
  certificate info

.. rubric:: Documentation

* Added docs/, CHANGES and README to tarball
* Added and reworked a bunch of documentation chapters
* Help text for ``rauc bundle`` fixed
* Added short summary for command help

.. rubric:: Bug fixes

* Flush D-Bus interface to not drop property updates
* Set proper PATH when starting service on non-systemd systems
* Include config.h on top of each file to fix largefile support and more
* Let CLI properly fail on excess arguments provided
* Do not disable bundle checking for ``rauc info --no-verify``
* Properly clean up mount points after failures
* Abort on inconsistent slot parent configuration
* Misc memory leak fixes
* Fixes in error handling and debug printout
* Some code cleanups

.. rubric:: Testing

* Miscellaneous cleanups, fixes and refactoring
* Add tests for installation via D-Bus
* Let Travis build documentation with treating warnings as errors
* Allow skipping sharness tests requiring service enabled
* Explicitly install dbus-x11 package to fix Travis builds
* Fix coveralls builds by using ``--upgrade`` during
  ``pip install cpp-coveralls``
* Use gcc-6 for testing

Release 0.1.1 (released May 11, 2017)
-------------------------------------

.. rubric:: Enhancements

* systemd service: allow systemd to manage and cleanup RAUCs mount directory

.. rubric:: Documentation

* Added contribution guideline
* Added CHANGES file
* Converted README.md to README.rst
* Added RAUC logo
* Several typos fixed
* Updated documentation for mainline PTXdist recipes

.. rubric:: Bug fixes

* Fix signature verification with OpenSSL 1.1.x by adding missing binary flag
* Fix typo in json status output formatter ("mountpint" -> "mountpoint")
* Fixed packaging of systemd service files by removing generated service files
  from distribution
* src/context: initialize datainstream to NULL
* Added missing git-version-gen script to automake distribution which made
  autoreconf runs on release packages fail
* Fixed D-Bus activation of RAUC service for non-systemd systems

Release 0.1 (released Feb 24, 2017)
-----------------------------------

This is the initial release of RAUC.