Earlier this year, I found myself pushing the idea of an "anonymous mode" for the Aktualizr project which is the OTA agent running in the LMP. This turned into "aktualizr-lite" and has recently become the default OTA agent used by the LMP. This article explains what aktualizr-lite is and why we are using it.
First, Uptane is great and there are many reasons why you might want to use it. For example, if lives are at stake. However, at Foundries.io we found there were a few reasons why people might want the benefits of The Update Framework, TUF and OSTree without the complexity of Uptane.
Reason #1 - Anonymous Access
We want an easy way for people to download our images and get a feel for the update system without having to register and pay us money. This sort of makes the LMP a bit like a rolling release people can try out on their supported hardware. Using Uptane implies a device is registered and known to our OTA Connect deployment. In aktualizr-lite mode, we give the world read-access to our updates "stream" so they can list and apply updates as they see fit.
Reason #2 - Always Up-to-date
The way Uptane works is by telling each device what Target it should be running. This starts to feel like treating devices like pets instead of cattle. Additionally, most of our users want their devices to always be up-to-date. In classic OTA Connect this means they click the "auto-update" button for each device. If we choose "alway up-to-date" as the goal, then we can really simplify things by removing the need for the Director and Director daemon components from OTA Connect.
Differences From Upstream
There are actually two similar versions of aktualizr-lite: the upstream version and the Foundries.io version. Our intent is to keep as much of our work as possible in the upstream version of atkaulizr-lite. We maintain a small patch-set in our meta-lmp layer that include support for:
- Tags - Each TUF Target can include a list of tags. The atualizr-lite client can be configured to only accept updates from targets that match certain tags. This allows you to have builds in your targets.json tagged as things like "premerge", "postmerge", and "promoted" so that your clients can make sure they pull the proper update. Ie - just apply "promoted" targets.
- Daemon Mode - This might be upstream-able some day, but I haven’t worked with the aktualizr maintainers to see if they are interested yet. Daemon mode simply allows aktualizr-lite to run as a daemon periodically checking for new updates to apply. It includes two handy features that users can take advantage of:
- reboot-command - OS updates require a reboot. This command can be overridden so that you can control how your device is reset after an update.
- update-lockfile - The daemon will always download a new update when it finds one. However, when then update-lockfile argument is used, aktualizr-lite will be required to flock(2) this this file while it applies the update.