OSTree used to include a simple HTTP server as part of the ostree binary, but this has been removed in more recent versions. However, OSTree repositories are self-contained directories, and can be trivially served over the network using any HTTP server. For example, you could use Python’s SimpleHTTPServer:
cd tmp/deploy/images/qemux86-64/ostree_repo python -m SimpleHTTPServer <port> # port defaults to 8000
You can then run ostree from inside your device by adding your repo:
# This behaves like adding a Git remote; you can name it anything ostree remote add --no-gpg-verify my-remote http://<your-ip>:<port> # If OSTREE_BRANCHNAME is set in local.conf, that will be the name of the # branch. If not set, it defaults to the value of MACHINE (e.g. qemux86-64). ostree pull my-remote <branch> # poky is the OS name as set in OSTREE_OSNAME ostree admin deploy --os=poky my-remote:<branch>
After restarting, you will boot into the newly deployed OS image.
For example, on the raspberry pi you can try this sequence:
# add remote ostree remote add --no-gpg-verify agl-snapshot https://download.automotivelinux.org/AGL/snapshots/master/latest/raspberrypi3/deploy/images/raspberrypi3/ostree_repo/ agl-ota # pull ostree pull agl-snapshot agl-ota # deploy ostree admin deploy --os=agl agl-snapshot:agl-ota
The aktualizr repo contains a tool, garage-push, which lets you push the changes in OSTree repository generated by bitbake process. It communicates with an http server capable of querying files with HEAD requests and uploading them with POST requests. In particular, this can be used with HERE OTA Connect. garage-push is used as follows:
garage-push --repo=/path/to/ostree-repo --ref=mybranch --credentials=/path/to/credentials.zip
You can set
SOTA_PACKED_CREDENTIALS in your
local.conf to automatically synchronize your build results with a remote server. Credentials are stored in an archive as described in the aktualizr documentation.
Aktualizr supports a variety of configuration options via a configuration file and the command line. There are two primary ways to control aktualizr’s configuration from meta-updater.
First, you can set
SOTA_CLIENT_PROV to control which provisioning recipe is used. Each recipe installs an appropriate
sota.toml file from aktualizr according to the provisioning needs. See the SOTA-related variables in local.conf section for more information.
Second, you can write recipes to install additional config files with customized options. A few recipes already exist to address common needs and provide an example:
aktualizr-auto-reboot.bb configures aktualizr to automatically reboot after new updates are installed in order to apply the updates immediately. This is only relevant for package managers (such as OSTree) that require a reboot to complete the installation process. If this is not enabled, you will need to reboot the system through other means.
aktualizr-disable-send-ip.bb disables the reporting of networking information to the server. This is enabled by default and supported by HERE OTA Connect. However, if you are using a different server that does not support this feature, you may want to disable it in aktualizr.
aktualizr-log-debug.bb sets the log level of aktualizr to 0 (trace). The default is 2 (info). This recipe is intended for development and debugging purposes.
To use these recipes, you will need to add them to your image with a line such as
IMAGE_INSTALL_append = " aktualizr-log-debug " in your
With systemd based images, it is possible to set resource policies for the aktualizr service. The main use case is to provide a safeguard against resource exhaustion during an unforeseen failure scenario.
To enable it, install
aktualizr-resource-control on the target image and optionally override the default resource limits set in aktualizr_git.bb, from your
IMAGE_INSTALL_append += " aktualizr-resource-control " RESOURCE_CPU_WEIGHT_pn-aktualizr = "50"
Of particular importance is controlling the expiration of the Targets metadata signed with garage-sign. This is described in detail in the OTA Connect documentation. To set a manual expiration date, you can use either of the variables
GARAGE_TARGET_EXPIRE_AFTER. Both cannot be supplied simultaneously. If neither are provided, a default of one month will be used.