-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
8 changed files
with
35 additions
and
43 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
# Device Management | ||
|
||
Rugpi provides the reliable foundation for building images, OTA updates, and state management. | ||
To manage devices remotely, Rugpi integrates well with existing off-the-shelf device management solutions. | ||
Currently, Rugpi provides ready-made integrations with [thin-edge.io](https://thin-edge.io/) and [Mender](https://mender.io/). | ||
When building a device with Rugpi, you can also switch between those at any point in time. | ||
|
||
## Thin-edge.io | ||
|
||
[Thin-edge.io](https://thin-edge.io/) is an open-source, cloud-agnostic IoT framework designed for resource constraint devices. | ||
It provides an abstraction layer to interface with different providers of IoT management solutions such as [Cumulocity IoT](https://www.cumulocity.com/guides/concepts/introduction/), [Azure IoT](https://azure.microsoft.com/en-us/solutions/iot), and [AWS IoT](https://aws.amazon.com/iot/). | ||
Thin-edge.io officially supports Rugpi to build and deploy images. | ||
To learn more, checkout the [thin-edge.io Rugpi reference repository](https://github.com/thin-edge/tedge-rugpi-image). | ||
|
||
## Mender | ||
|
||
Rugpi can be used to build images for use with [Mender's](https://mender.io/) device management solution. | ||
Using Rugpi over [Mender's conversion approach](https://docs.mender.io/operating-system-updates-debian-family/convert-a-mender-debian-image) has the advantage that Rugpi's modern image building workflow and state management can be used. | ||
In addition, it works for 64-bit Raspberry Pi OS, which `mender-convert` does not support,[^1] and on newer Raspberry Pi's the `tryboot` feature can be used to deploy updates to the boot partition, including changes to device tree overlays in `config.txt`. | ||
To learn more, checkout the [Rugpi reference repository for the Mender integration](https://github.com/silitics/rugpi-template-mender). | ||
|
||
[^1]: At the time of writing. For updates, see [this issue in Mender's issue tracker](https://northerntech.atlassian.net/browse/MEN-5634). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
# Signed Updates | ||
|
||
In contrast to other update solutions, Rugpi is intentionally kept simple and does not include its own signature mechanism or HTTP client. Following the UNIX philosophy, Rugpi accepts streaming updates via `stdin`. This enables the usage of proven software such as `curl` and `wget` to stream updates via HTTP and also facilitates the integration into custom update workflows. To realize verified updates, Rugpi provides an option `--check-hash` which can be used to check the SHA256 of a (streamed) update. Based upon this mechanism, signed updates can then be realized in various ways, for instance, by using GPG or OpenSSL signatures. | ||
|
||
In a typical setup, you would create an *update manifest* which contains the hash of the update and an URL from where to download the update. You would then sign this manifest, e.g., with GPG or OpenSSL. The update workflow would first check the signature and then invoke `rugpi update` with `--check-hash` and stream in the update, e.g., with `curl` or `wget`, to it. This ensures that the update you install is indeed the one described in the signed manifest. | ||
|
||
Note that this mechanism is very flexible and allows us to build on trusted tools in a simple way. You can also combine an update and the signed manifest in a `.tar` archive and process that in a streaming fashion as part of your update workflow. In the future, we may also consider adding something like that to Rugpi itself. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters