Implementing an update/upgrade system for embedded Linux devices

trenki picture trenki · Aug 4, 2011 · Viewed 22k times · Source

I have an application that runs on an embedded Linux device and every now and then changes are made to the software and occasionally also to the root file system or even the installed kernel.

In the current update system the contents of the old application directory are simply deleted and the new files are copied over it. When changes to the root file system have been made the new files are delivered as part of the update and simply copied over the old ones.

Now, there are several problems with the current approach and I am looking for ways to improve the situation:

  • The root file system of the target that is used to create file system images is not versioned (I don't think we even have the original rootfs).
  • The rootfs files that go into the update are manually selected (instead of a diff)
  • The update continually grows and that becomes a pita. There is now a split between update/upgrade where the upgrade contains larger rootfs changes.
  • I have the impression that the consistency checks in an update are rather fragile if at all implemented.

Requirements are:

  • The application update package should not be too large and it must also be able to change the root file system in the case modifications have been made.
  • An upgrade can be much larger and only contains the stuff that goes into the root file system (like new libraries, kernel, etc.). An update can require an upgrade to have been installed.
    Could the upgrade contain the whole root file system and simply do a dd on the flash drive of the target?
  • Creating the update/upgrade packages should be as automatic as possible.

I absolutely need some way to do versioning of the root file system. This has to be done in a way, that I can compute some sort of diff from it which can be used to update the rootfs of the target device.

I already looked into Subversion since we use that for our source code but that is inappropriate for the Linux root file system (file permissions, special files, etc.).

I've now created some shell scripts that can give me something similar to an svn diff but I would really like to know if there already exists a working and tested solution for this.

Using such diff's I guess an Upgrade would then simply become a package that contains incremental updates based on a known root file system state.

What are your thoughts and ideas on this? How would you implement such a system? I prefer a simple solution that can be implemented in not too much time.

Answer

gby picture gby · Aug 4, 2011

I believe you are looking wrong at the problem - any update which is non atomic (e.g. dd a file system image, replace files in a directory) is broken by design - if the power goes off in the middle of an update the system is a brick and for embedded system, power can go off in the middle of an upgrade.

I have written a white paper on how to correctly do upgrade/update on embedded Linux systems [1]. It was presented at OLS. You can find the paper here: https://www.kernel.org/doc/ols/2005/ols2005v1-pages-21-36.pdf

[1] Ben-Yossef, Gilad. "Building Murphy-compatible embedded Linux systems." Linux Symposium. 2005.