In previous versions of swupdate, only one SIGALG_* option could be chosen at
build-time, with SIGALG_RAWRSA being the default option. However, in 2025.12,
multiple SIGALG_* options can now be configured at build-time, allowing users
to choose the signature verification algorithm used at runtime via the
"digest-provider" parameter. We weren't explicitly setting any of these
algorithms in our defconfig, so the resulting builds didn't have any digest
providers, causing swupdate to fail early on when signed images are enabled.
To restore the behavior of previous swupdate versions, explicitly enable
SIGALG_RAWRSA when signed images are enabled. Since we only enable one digest
provider, it will be chosen automatically, without having to explicitly set the
"digest-provider" parameter at runtime.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This version of swupdate has a bug that happens if the root of sw-description
is redirected via a link, which is the case is some of our sw-description
templates (such as the one we use for file updates). Backport a fix from
v2025.05.
https://onedigi.atlassian.net/browse/ADK4A-1957
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This patch includes code that only gets compiled for platforms that use a NAND
as the internal storage. Recent changes in swupdate's "copyfile" API caused
this code to stop building.
Using the normal rdiff handler code as reference, update our custom handler to
fix the build errors. While at it, include another change to prevent a warning.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
In this version, Config.in files have been renamed to Kconfig, which prevented
one of our patches from applying correctly. Rework the patch to account for
this name change and while at it, update its context.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Our distribution is Digi Embedded Yocto (DEY), so use that to mark the
upstream status of the patches in our layer.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The patch we were using comes from the time during dualboot support development
where said feature was selectable at build time. The patch adds a new build
option, giving the impression that it only gets enabled under certain
circumstances, when in reality:
* The option is never enabled anywhere in our code
* It's a string option that is treated like a boolean, meaning its
respective conditional compilation is always getting compiled even when
disabled
Our current dualboot support is enabled at runtime, so it doesn't make sense to
have a build-time option related to it, especially one that's broken. Replace
the patch with a functionally equivalent one that is less confusing. Also,
remove the related config option from our defconfig.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The current log level is very verbose and generates way too much output in some
cases, such as a binary diff update. Reduce the default log level to avoid
this.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
We were using the .cfg suffix for both the build-time config fragments and the
runtime configuration file. During do_configure(), all files in SRC_URI ending
in .cfg were being merged together to create the final build configuration,
including said runtime file, which has a completely different syntax. In most
cases, the contents of this file were being ignored, but when tweaking
swupdate's configuration and re-building the package, sometimes strange errors
would prevent the build from finishing.
Change the runtime file's suffix entirely to separate it from the config
fragments and prevent it from being treated as such, and reflect the name
change in the defconfig and the recovery script.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
The 'mtd-blacklist' parameter prevents swupdate from acting upon those
partitions that we consider sensitive.
Make such list platform-dependent.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The swupdate recipe installs by default a systemd service
and a socket to listen for updates coming from a web server.
DEY only makes use of such service during on-the-fly updates from Cloud
Connector web service.
The default swupdate service fails on images with TrustFence because it's
called with no arguments and there doesn't exist a configuration file.
This commit installs a default configuration file and, if TrustFence is
enabled, sets the parameter 'public-key-file' to point to the public
certificate to use to authenticate SWU packages.
While on it, it removes the same file from the recovery-initramfs recipe
that was the only recipe that was adding such config file for recovery
images only.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Commit 429125cce0 created a minimal version 'defconfig'
that doesn't include all the default configuration options
of swupdate.
However, an anonymous python function inside the swupdate
repository establishes dependencies basing on configuration
switches it finds (or not) in the 'defconfig' file and any
additional configuration fragments.
For this reason, a minimal 'defconfig' cannot be used in
this recipe and a full configuration file (that also includes
default options) must be used instead.
Reported-by: Stephan Klatt
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Writing directly into UBI volumes is not allowed, so a special 'rdiff' handler capable of
write data in UBI volumes is required. This commits adds the new handler and enables it in
MTD based systems.
https://onedigi.atlassian.net/browse/DEL-8624
Signed-off-by: David Escalona <david.escalona@digi.com>
The 'RDIFF' handler allows to apply incremental updates using rdiff delta files in the
swu update package. This functionallity is only recommended for read-only file systems,
where the source partition cannot be modified externally by users.
https://onedigi.atlassian.net/browse/DEL-8624
Signed-off-by: David Escalona <david.escalona@digi.com>
Building swupdate with '-j1' fails with:
swupdate$ make -j1
scripts/kconfig/conf --silentoldconfig Kconfig
CC ipc/network_ipc.o
CC ipc/network_ipc-if.o
CC ipc/progress_ipc.o
LD ipc/built-in.o
LD libswupdate.so.0.1
Failed:
aarch64-dey-linux/11.3.0/ld: cannot find ipc-static/lib.a: No such file or directory
collect2: error: ld returned 1 exit status
That's due to trying to link a static library that has not been compiled
yet. That dependence seems spurious and we added it in a patch, so
remove it to fix non-parallel builds.
https://onedigi.atlassian.net/browse/DEL-8445
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Make the 'defconfig' file a real defconfig by including only differences with respect default
values. While on it, improve the recipe:
- Enable 'BOOTLOADERHANDLER' by default in the 'defconfig'. We were unconditionally setting
this value to 'y' in the recipe, so move it to the default configuration.
- Move 'UBI' configuration values to 'mtd.cfg' file to be added only when device filesystem is
MTD based. Until now, 'UBI' support was always added by default.
- Move the 'SIGNED_IMAGES' configuration entry to a '.cfg' file like we are doing with the rest
of the functionallity. Use 'oe.utils.conditional' checking 'TRUSTFENCE' feature for this.
Signed-off-by: David Escalona <david.escalona@digi.com>
Since commit 554b97a ("swupdate: Set service type to notify") in meta-swupdate
layer, the swupdate service fails on boot due to the following timeout error:
swupdate.sh[2708]: [TRACE] : SWUPDATE running : [listener_create] : creating socket at /tmp/swupdateprog
swupdate.sh[2708]: [TRACE] : SWUPDATE running : [listener_create] : creating socket at /tmp/sockinstctrl
systemd[1]: swupdate.service: start operation timed out. Terminating.
systemd[1]: swupdate.service: Failed with result 'timeout'.
systemd[1]: Failed to start SWUpdate daemon.
This commit adds a config fragment to enable systemd support to swupdate daemon.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
One patch adds support for building the library statically and the other is a
fix for performing firmware update on the fly. These patches have been moved
from the meta-digi-dualboot layer
https://onedigi.atlassian.net/browse/DEL-7903
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
(cherry picked from commit 94018f7402586b916c5c7836eb355a19a78a9c51)
- The 'sign/verify' feature of swupdate can only be enabled/disabled at
compile time, it cannot be configured at run time.
- The 'sign/verify' defconfig file is only used when the images to
build are configured with 'TRUSTFENCE_SIGN=1'
- This change implies that all swupdate packages generated will have a
hash for the images to install and will be verified. Sign support is
only enabled for trustfence images.
https://jira.digi.com/browse/DEL-3773
Signed-off-by: David Escalona <david.escalona@digi.com>
- In Jethro, swupdate recipe was using 'swupdate_git.bb' as the main recipe to
build. In morty that recipe has been disabled and the '2017.01' one is used
instead, so we have to append to this new recipe by renaming our existing one.
- Our bbappend will now point to the same SHA1 that is being used, so we can
remove the SRCREV.
- The new code already includes the progress client patch, so it has been removed.
Signed-off-by: David Escalona <david.escalona@digi.com>
- This patch comes from the sw-update upstream and adds command line support
to the progress client binary.
a11e6f2b80https://jira.digi.com/browse/DEL-3356
Signed-off-by: David Escalona <david.escalona@digi.com>
There is new functionality in that version that we need for our firmware
update solution, so append the git-based recipe and set the revision to
the 2016.10 version.
Also provide a customized build configuration file. Notice that the
defconfig file is actually a full '.config'. It needs to be a full
config file because otherwise the anonymous python function in the
recipe is not able to gather all the build time dependences.
https://jira.digi.com/browse/DEL-3355
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Gabriel Valcazar
Javier Viguera
Hector Palacios
David Escalona
Arturo Buzarra
Mike Engel