mantic (1) rauc.1.gz

Provided by: rauc_1.10.1-1_amd64 bug

NAME

       rauc - safe and secure updating

SYNOPSIS

       rauc [OPTIONS...] bundle INPUTDIR BUNDLE

       rauc [OPTIONS...] resign INBUNDLE OUTBUNDLE

       rauc [OPTIONS...] extract BUNDLE OUTPUTDIR

       rauc [OPTIONS...] extract-signature BUNDLE OUTPUTSIG

       rauc [OPTIONS...] convert INBUNDLE OUTBUNDLE

       rauc [OPTIONS...] encrypt INBUNDLE OUTBUNDLE

       rauc [OPTIONS...] install BUNDLE

       rauc [OPTIONS...] info BUNDLE

       rauc [OPTIONS...] mount BUNDLE

       rauc [OPTIONS...] status [SLOTNAME | mark-{good,bad,active} [booted|other|SLOTNAME]]

       rauc [OPTIONS...] write-slot SLOTNAME IMAGEFILE

DESCRIPTION

       RAUC  is  a  lightweight  update client that runs on an Embedded Linux device and reliably
       controls the procedure of updating the device with a new firmware.

       RAUC is also the tool on the host system that is used to create, inspect and modify update
       artifacts for the device.

       This manual page documents briefly the rauc command line utility.

       It   was   written  for  the  Debian  GNU/Linux  distribution  to  satisfy  the  packaging
       requirements. Thus it should only serve as a summary,  reading  the  comprehensive  online
       manual (https://rauc.readthedocs.io/) is recommended.

OPTIONS

       The following general options can be used with most commands, however not all combinations
       make sense.

       -c FILENAME, --conf=FILENAME
              use the given config file instead of the one at the compiled-in default path

       --keyring=PEMFILE
              use specific keyring file

       --mount=PATH
              mount prefix (/mnt/rauc by default)

       -d, --debug
              enable debug output

       --version
              display version

       -h, --help
              print usage

COMMANDS

       bundle INPUTDIR BUNDLE

           Create a bundle from a content directory.

           Options:

               --cert=PEMFILE|PKCS11-URL
                      use given certificate file or  the  certificate  referenced  by  the  given
                      PKCS#11 URL

               --key=PEMFILE|PKCS11-URL
                      use given private key file or the key referenced by the given PKCS#11 URL

               --intermediate=PEMFILE|PKCS11-URL
                      intermediate CA file or the certificate referenced by the given PKCS#11 URL

               --signing-keyring=PEMFILE
                      verification keyring file

               --mksquashfs-args=ARGS
                      mksquashfs extra args

       resign INBUNDLE OUTBUNDLE

           Resign an already signed bundle.

           Options:

               --cert=PEMFILE|PKCS11-URL
                      use  given  certificate  file  or  the  certificate referenced by the given
                      PKCS#11 URL

               --key=PEMFILE|PKCS11-URL
                      use given private key file or the key referenced by the given PKCS#11 URL

               --intermediate=PEMFILE|PKCS11-URL
                      intermediate CA file or the certificate referenced by the given PKCS#11 URL

               --no-verify
                      disable bundle verification

               --no-check-time
                      don't check validity period of certificates against current time

               --signing-keyring=PEMFILE
                      verification keyring file

       extract BUNDLE OUTPUTDIR

           Extract the bundle content to a directory.

           Options:

               --key=PEMFILE|PKCS11-URL
                      use given decryption key file or the decryption key referenced by the given
                      PKCS#11 URL

               --trust-environment
                      trust environment and skip bundle access checks

       extract-signature BUNDLE OUTPUTSIG

           Extract the bundle signature.

           Options:

               --key=PEMFILE|PKCS11-URL
                      use given decryption key file or the decryption key referenced by the given
                      PKCS#11 URL

               --trust-environment
                      trust environment and skip bundle access checks

       convert INBUNDLE OUTBUNDLE

           Convert an existing bundle to casync index bundle and store.

           Options:

               --cert=PEMFILE|PKCS11-URL
                      use given certificate file or  the  certificate  referenced  by  the  given
                      PKCS#11 URL

               --key=PEMFILE|PKCS11-URL
                      use given private key file or the key referenced by the given PKCS#11 URL

               --intermediate=PEMFILE|PKCS11-URL
                      intermediate CA file or the certificate referenced by the given PKCS#11 URL

               --trust-environment
                      trust environment and skip bundle access checks

               --no-verify
                      disable bundle verification

               --signing-keyring=PEMFILE
                      verification keyring file

               --mksquashfs-args=ARGS
                      mksquashfs extra args

               --casync-args=ARGS
                      casync extra args

       encrypt INBUNDLE OUTBUNDLE

           Encrypt a crypt bundle.

           Options:

               --to PEMFILE
                      recipient cert(s)

       install BUNDLE

           Install a bundle.

           Options:

               --ignore-compatible
                      disable compatible check

               --transaction-id=UUID
                      custom transaction ID

               --progress
                      show progress bar

               --handler-args=ARGS
                      extra arguments for full custom handler

               --override-boot-slot=BOOTNAME
                      overrides auto-detection of booted slot

       info BUNDLE

           Print bundle info.

           Options:

               --no-verify
                      disable bundle verification

               --no-check-time
                      don't check validity period of certificates against current time

               --key=PEMFILE|PKCS11-URL
                      use given decryption key file or the decryption key referenced by the given
                      PKCS#11 URL

               --output-format=[readable|shell|json|json-pretty|json-2]
                      select output format

                      The json-2 output format matches the structure of the  InspectBundle  D-Bus
                      API and should be used instead of json or json-pretty.

               --dump-cert
                      dump certificate

               --dump-recipients
                      dump recipients

       mount BUNDLE

           Mount  a  bundle  for  development  purposes  to  the bundle directory in RAUC's mount
           prefix. It must be unmounted manually by the user.

       status [SLOTNAME | mark-{good,bad,active} [booted|other|SLOTNAME]]

           Without further subcommand, it simply shows the system status or status of a  specific
           slot.

           The  subcommands  mark-good  and  mark-bad  can  be  used  to  set the state of a slot
           explicitly. These subcommands usually operate on the  currently  booted  slot  if  not
           specified per additional parameter.

           The  subcommand  mark-active  allows  one to manually switch to a different slot. Here
           too, the desired slot can be given per parameter, otherwise the currently  booted  one
           is used.

           Options:

               --detailed
                      show more status details

               --output-format=[readable|shell|json|json-pretty]
                      select output format

               --override-boot-slot=BOOTNAME
                      overrides auto-detection of booted slot

       write-slot SLOTNAME IMAGEFILE

           Write image to slot and bypass all update logic.

ENVIRONMENT

       RAUC_KEY_PASSPHRASE
              Passphrase to use for accessing key files (signing only)

       RAUC_PKCS11_MODULE
              Library filename for PKCS#11 module (signing only)

       RAUC_PKCS11_PIN
              PIN to use for accessing PKCS#11 keys (signing only)

FILES

       /etc/rauc/system.conf

              The  system  configuration file is the central configuration in RAUC that abstracts
              the loosely coupled storage setup, partitioning and boot strategy of your board  to
              a coherent redundancy setup world view for RAUC.

              RAUC  expects  its central configuration file /etc/rauc/system.conf to describe the
              system it runs on in a way that all relevant information for performing updates and
              making decisions are given.

              Similar  to other configuration files used by RAUC, the system configuration uses a
              key-value syntax (similar to those known from .ini files).

AUTHORS

       rauc is developed by Jan Luebbe, Enrico Joerns, Juergen Borleis and contributors.

       This manual page was written  by  Michael  Heimpold  <mhei@heimpold.de>,  for  the  Debian
       GNU/Linux system (but may be used by others).

SEE ALSO

       casync(1), mksquashfs(1), unsquashfs(1)

                                                                                          RAUC(1)