Package update design

From VyOS Wiki
Jump to: navigation, search

Package update via update packs is supposed to be the hotfix delivery mechanism.

Goals and Objectices

Provide users with a way to apply backwards-compatible non-intrusive fixes without image upgrade and reboot.

Functional specification

Traditional debian-style upgrade (via apt-get dist-upgrade) is known to cause problems on the current VyOS design. Besides. it's very error-prone if additional repositories are configured, unless there are very extensive apt-pinning settings. The root cause is that VyOS is not a strict subset of debian, just not too incompatible debian derivative; and that debian updates are themselves not always guaranteed to be completely backwards compatible.

The idea is to provide self-extracting archives that contain updated packages and a script for installing them and, possibly, executing additional upgrade steps that are not possible or practical to include in pre/post-install scripts of individual packages.

Binary install makes packages contained in the system image and installed on top of it inherently different, because purging the writable directory will remove them all and leave the user with only contents of the system image. For that reason package update should modify a separate version fiels, e.g. "Update level:", not the "Version:".

When package update is initiated, the system will fetch the package by specified URL, verify its digital signature, and execute it.

Self-extracting archives can be made with e.g. makeself (http://megastep.org/makeself/).

CLI syntax

Configuration Commands

None.

Operational Commands

upgrade
    system
        package <file|URL>  # Apply the update pack
            check           # Check if the update pack is newer than installed version


Testing requirements

Several corner cases should be verified:

  • The system must refuse to install an update pack for a different major version.
  • The system must handle installing cumulative updates correctly (already installed packages should be ignored). Likely already works with dpkg.
  • The system must not allow installing unsigned updates.