We need to talk about why OpenWrt doesn't support automatic updates, saving configurations across updates, NIHS, and the developer clique

Some of the older/deprecated platforms don't support the metadata checking. In other cases specific boards' image-check functions choose to ignore it.

Roll your own firmware with all of the packages you want...write some scripts to pull it off of a server, write to ram, and flash. I ā€˜auto updateā€™ devices in the field a few times a week. Totally works.

That's what i do, but once in a month and manually.

My firmware weights about 25 MB but it includes ALL the things i need my router to have. My router has 128 MB ROM + 128 MB RAM so i am safe on that side.
It would be easier to distribute firmware with included tools and packages and set minimum requirement to 16 MB ROM or even 32 MB ROM and do OTA updates. Now many people have 4 -8 MB ROM which of course is not enough and firmware needs to be striped down to fit in that kind of storages.

1 Like

Reading this, I feel like it would be nice to have a Firmware builder light tool.

Instead of having everyone compile a complete 'nightly' image from git, it would be nice if there was a way of building an image using precompiled packages. Maybe a bit comparable to debootstrap or pacstrap, which build an operating system on an external drive.

This way you could install packages or trim unneeded files and include all configuration and certificate files before compressing it in an image. This way you can do an attended upgrade on your laptop, especially for 4/32 devices, and without the hassle of time and battery consuming compiling of all sources.

I mainly thought this up because I have some devices that OpenWRT uses IMHO weird port naming. Like the ubnt erx, where the PoE-in port is labeled WAN after losing settings and not being able to access the console. Also with the above mentioned WWAN or VPN, VLAN, PPPoE or ipv6-sit where initial configuration may be necessary to be able to access the device.

Especially when supporting a whole range of devices/architectures, by technicians without a dedicated build platform, it would be nice if this could be GUI'd or Webified. Also for complete overhaul projects like Gluon, it would be nice if these can make use of the existing build infrastructure of the project, instead of relying on everyone to make their own build server.

Just my two cents...

6 Likes

oklol, that would've been great to know last year :wink:

Has been around for quite a while, to be fair :slight_smile:

That could be, maybe because it's also makefile based that I've never read/guessed that it actually downloads packages instead of compiling them (thinking it's more like a make install step to the general process). Since I have ventured into compiling some recipes like Gluon which took a long long time to complete, I skipped everything that involved the make command.

Still it might be nice to have something that takes a complete specific image and can sneak some config files in there or even do some opkg installs.

Surprise it does that too

2 Likes

Between being able to add/remove packages and files, you can get what you need from a running config using

root@OpenWrt:~# sysupgrade -h
Usage: /sbin/sysupgrade [<upgrade-option>...] <image file or URL>
       /sbin/sysupgrade [-q] [-i] [-c] [-u] [-o] [-k] <backup-command> <file>

upgrade-option:
	-f <config>  restore configuration from .tar.gz (file or url)
	-i           interactive mode
	-c           attempt to preserve all changed files in /etc/
	-o           attempt to preserve all changed files in /, except those
	             from packages but including changed confs.
	-u           skip from backup files that are equal to those in /rom
	-n           do not save configuration over reflash
	-p           do not attempt to restore the partition table after flash.
	-k           include in backup a list of current installed packages at
	             /etc/backup/installed_packages.txt
	-T | --test
	             Verify image and config .tar.gz but do not actually flash.
	-F | --force
	             Flash image even if image checks fail, this is dangerous!
	-q           less verbose
	-v           more verbose
	-h | --help  display this help

backup-command:
	-b | --create-backup <file>
	             create .tar.gz of files specified in sysupgrade.conf
	             then exit. Does not flash an image. If file is '-',
	             i.e. stdout, verbosity is set to 0 (i.e. quiet).
	-r | --restore-backup <file>
	             restore a .tar.gz created with sysupgrade -b
	             then exit. Does not flash an image. If file is '-',
	             the archive is read from stdin.
	-l | --list-backup
	             list the files that would be backed up when calling
	             sysupgrade -b. Does not create a backup file.

The backup is a tar file.

You can't really work with an existing image as the file system is highly compressed and you can't "just add" files to it. If you're going to decompress it, expand it out, modify it, then recompress it, you might as well skip the first two steps and start with the "raw material".

1 Like

can confirm this workflow works on 16/64 (ar150).

I mix image builder with codiad and some macros. Pretty darn close to a build UI.

btw, check out PACKAGES and FILES options with image build. you can specify an overlay path (for config files, scripts, etc) and any package you want form the repo.

1 Like

That speaks to having the smarts at the server side. Eg. The router would say: "I'm a Netgear 3700v4 with these extra packages. Please upload the latest firmware."

That still glosses over some issues, like configuration files that changed in ways that need human intervention.

Is option -k new? I don't have it in release 18.06.01

Yes, it's been on master and should be in v19.

The early portions of sysupgrade are a shell script. I have not tried it, but

git diff v18.06.4 master -- package/base-files/files/sbin/sysupgrade

looks like it might be back-port-able

1 Like

I am using Raspberry Pi 2B,
My method is in the CLI
Key in
opkg update
opkg list-upgradable
opkg list_installed | sed 's/ - .*//' | sed 's/^/opkg -V upgrade /' | sh

When the version is updated,
Linux Kernel upgrade,
Web Luci, Use sysupgrade.img, Upgrade firmware.

manual Run.

Upgrading packages in bulk is a disaster waiting to happen.

The only safe way to upgrade is to re-flash.

3 Likes

Agreed, but then why is this functionality is in place to begin with?

2 Likes

Note that there is not an ā€œupgrade allā€ function. These are all self-scripted hacks.

The ability to upgrade a single package, especially in light of a severe security flaw, has value.

There also is WIP to consider approaches for making bulk upgrades robust. The limited resources of all-in-one routers make this a challenge, even ignoring 4/32 devices.

4 Likes