1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
|
<?xml version='1.0'?> <!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
<refentry id="systemd-sysupdate" conditional='ENABLE_SYSUPDATE'
xmlns:xi="http://www.w3.org/2001/XInclude">
<refentryinfo>
<title>systemd-sysupdate</title>
<productname>systemd</productname>
</refentryinfo>
<refmeta>
<refentrytitle>systemd-sysupdate</refentrytitle>
<manvolnum>8</manvolnum>
</refmeta>
<refnamediv>
<refname>systemd-sysupdate</refname>
<refname>systemd-sysupdate.service</refname>
<refname>systemd-sysupdate.timer</refname>
<refname>systemd-sysupdate-reboot.service</refname>
<refname>systemd-sysupdate-reboot.timer</refname>
<refpurpose>Automatically Update OS or Other Resources</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>systemd-sysupdate</command>
<arg choice="opt" rep="repeat">OPTIONS</arg>
</cmdsynopsis>
<para><filename>systemd-sysupdate.service</filename></para>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
<para><command>systemd-sysupdate</command> atomically updates the host OS, container images, portable
service images or other sources, based on the transfer configuration files described in
<citerefentry><refentrytitle>sysupdate.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
<para>This tool implements file, directory, or partition based update schemes, supporting multiple
parallel installed versions of specific resources in an A/B (or even: A/B/C, A/B/C/D/, …) style. A/B
updating means that when one version of a resource is currently being used, the next version can be
downloaded, unpacked, and prepared in an entirely separate location, independently of the first, and — once
complete — be activated, swapping the roles so that it becomes the used one and the previously used one
becomes the one that is replaced by the next update, and so on. The resources to update are defined
in transfer files, one for each resource to be updated. For example, resources that may be updated with
this tool could be: a root file system partition, a matching Verity partition plus one kernel image. The
combination of the three would be considered a complete OS update.</para>
<para>The tool updates partitions, files or directory trees always in whole, and operates with at least
two versions of each of these resources: the <emphasis>current</emphasis> version, plus the
<emphasis>next</emphasis> version: the one that is being updated to, and which is initially incomplete as
the downloaded data is written to it; plus optionally more versions. Once the download of a newer version
is complete it becomes the current version, releasing the version previously considered current for
deletion/replacement/updating.</para>
<para>When installing new versions the tool will directly download, decompress, unpack and write the new
version into the destination. This is done in a robust fashion so that an incomplete download can be
recognized on next invocation, and flushed out before a new attempt is initiated.</para>
<para>Note that when writing updates to a partition, the partition has to exist already, as
<command>systemd-sysupdate</command> will not automatically create new partitions. Use a tool such as
<citerefentry><refentrytitle>systemd-repart</refentrytitle><manvolnum>8</manvolnum></citerefentry> to
automatically create additional partitions to be used with <command>systemd-sysupdate</command> on
boot.</para>
<para>The tool can both be used on the running OS, to update the OS in "online" state from within itself,
and on "offline" disk images, to update them from the outside based on transfer files
embedded in the disk images. For the latter, see <option>--image=</option> below. The latter is
particularly interesting to update container images or portable service images.</para>
<para>The <filename>systemd-sysupdate.service</filename> system service will automatically update the
host OS based on the installed transfer files. It is triggered in regular intervals via
<filename>systemd-sysupdate.timer</filename>. The <filename>systemd-sysupdate-reboot.service</filename>
will automatically reboot the system after a new version is installed. It is triggered via
<filename>systemd-sysupdate-reboot.timer</filename>. The two services are separate from each other as it
is typically advisable to download updates regularly while the system is up, but delay reboots until the
appropriate time (i.e. typically at night). The two sets of service/timer units may be enabled
separately.</para>
<para>For details about transfer files and examples see
<citerefentry><refentrytitle>sysupdate.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
</refsect1>
<refsect1>
<title>Command</title>
<para>The following commands are understood:</para>
<variablelist>
<varlistentry>
<term><option>list</option> <optional><replaceable>VERSION</replaceable></optional></term>
<listitem><para>If invoked without an argument, enumerates downloadable and installed versions, and
shows a summarizing table with the discovered versions and their properties, including whether
there's a newer candidate version to update to. If a version argument is specified, shows details
about the specific version, including the individual files that need to be transferred to acquire the
version.</para>
<para>If no command is explicitly specified this command is implied.</para>
<xi:include href="version-info.xml" xpointer="v251"/></listitem>
</varlistentry>
<varlistentry>
<term><option>check-new</option></term>
<listitem><para>Checks if there's a new version available. This internally enumerates downloadable and
installed versions and returns exit status 0 if there's a new version to update to, non-zero
otherwise. If there is a new version to update to, its version identifier is written to standard
output.</para>
<xi:include href="version-info.xml" xpointer="v251"/></listitem>
</varlistentry>
<varlistentry>
<term><option>update</option> <optional><replaceable>VERSION</replaceable></optional></term>
<listitem><para>Installs (updates to) the specified version, or if none is specified to the newest
version available. If the version is already installed or no newer version available, no operation is
executed.</para>
<para>If a new version to install/update to is found, old installed versions are deleted until at
least one new version can be installed, as configured via <varname>InstanceMax=</varname> in
<citerefentry><refentrytitle>sysupdate.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, or
via the available partition slots of the right type. This implicit operation can also be invoked
explicitly via the <command>vacuum</command> command described below.</para>
<xi:include href="version-info.xml" xpointer="v251"/></listitem>
</varlistentry>
<varlistentry>
<term><option>vacuum</option></term>
<listitem><para>Deletes old installed versions until the limits configured via
<varname>InstanceMax=</varname> in
<citerefentry><refentrytitle>sysupdate.d</refentrytitle><manvolnum>5</manvolnum></citerefentry> are
met again. Normally, it should not be necessary to invoke this command explicitly, since it is
implicitly invoked whenever a new update is initiated.</para>
<xi:include href="version-info.xml" xpointer="v251"/></listitem>
</varlistentry>
<varlistentry>
<term><option>pending</option></term>
<listitem><para>Checks whether a newer version of the OS is installed than the one currently
running. Returns zero if so, non-zero otherwise. This compares the newest installed version's
identifier with the OS image version as reported by the <varname>IMAGE_VERSION=</varname> field in
<filename>/etc/os-release</filename>. If the former is newer than the latter, an update was
apparently completed but not activated (i.e. rebooted into) yet.</para>
<xi:include href="version-info.xml" xpointer="v251"/></listitem>
</varlistentry>
<varlistentry>
<term><option>reboot</option></term>
<listitem><para>Similar to the <option>pending</option> command but immediately reboots in case a
newer version of the OS has been installed than the one currently running. This operation can be done
implicitly together with the <command>update</command> command, after a completed update via the
<option>--reboot</option> switch, see below. This command will execute no operation (and return
success) if no update has been installed, and thus the system was not rebooted.</para>
<xi:include href="version-info.xml" xpointer="v251"/></listitem>
</varlistentry>
<varlistentry>
<term><option>components</option></term>
<listitem><para>Lists components that can be updated. This enumerates the
<filename>/etc/sysupdate.*.d/</filename>, <filename>/run/sysupdate.*.d/</filename> and
<filename>/usr/lib/sysupdate.*.d/</filename> directories that contain transfer files. This command is
useful to list possible parameters for <option>--component=</option> (see below).</para>
<xi:include href="version-info.xml" xpointer="v251"/></listitem>
</varlistentry>
<xi:include href="standard-options.xml" xpointer="help" />
<xi:include href="standard-options.xml" xpointer="version" />
</variablelist>
</refsect1>
<refsect1>
<title>Options</title>
<para>The following options are understood:</para>
<variablelist>
<varlistentry>
<term><option>--component=</option></term>
<term><option>-C</option></term>
<listitem><para>Selects the component to update. Takes a component name as argument. This has the
effect of slightly altering the search logic for transfer files. If this switch is not used, the
transfer files are loaded from <filename>/etc/sysupdate.d/*.conf</filename>,
<filename>/run/sysupdate.d/*.conf</filename> and <filename>/usr/lib/sysupdate.d/*.conf</filename>. If
this switch is used, the specified component name is used to alter the directories to look in to be
<filename>/etc/sysupdate.<replaceable>component</replaceable>.d/*.conf</filename>,
<filename>/run/sysupdate.<replaceable>component</replaceable>.d/*.conf</filename> and
<filename>/usr/lib/sysupdate.<replaceable>component</replaceable>.d/*.conf</filename>, each time with
the <filename><replaceable>component</replaceable></filename> string replaced with the specified
component name.</para>
<para>Use the <command>components</command> command to list available components to update. This enumerates
the directories matching this naming rule.</para>
<para>Components may be used to define a separate set of transfer files for different components of
the OS that shall be updated separately. Do not use this concept for resources that shall always be
updated together in a synchronous fashion. Simply define multiple transfer files within the same
<filename>sysupdate.d/</filename> directory for these cases.</para>
<para>This option may not be combined with <option>--definitions=</option>.</para>
<xi:include href="version-info.xml" xpointer="v251"/></listitem>
</varlistentry>
<varlistentry>
<term><option>--definitions=</option></term>
<listitem><para>A path to a directory. If specified, the transfer <filename>*.conf</filename> files
are read from this directory instead of <filename>/usr/lib/sysupdate.d/*.conf</filename>,
<filename>/etc/sysupdate.d/*.conf</filename>, and <filename>/run/sysupdate.d/*.conf</filename>.</para>
<para>This option may not be combined with <option>--component=</option>.</para>
<xi:include href="version-info.xml" xpointer="v251"/></listitem>
</varlistentry>
<varlistentry>
<term><option>--root=</option></term>
<listitem><para>Takes a path to a directory to use as root file system when searching for
<filename>sysupdate.d/*.conf</filename> files.</para>
<xi:include href="version-info.xml" xpointer="v251"/></listitem>
</varlistentry>
<varlistentry>
<term><option>--image=</option></term>
<listitem><para>Takes a path to a disk image file or device to mount and use in a similar fashion to
<option>--root=</option>, see above. If this is used and partition resources are updated this is done
inside the specified disk image.</para>
<xi:include href="version-info.xml" xpointer="v251"/></listitem>
</varlistentry>
<xi:include href="standard-options.xml" xpointer="image-policy-open" />
<varlistentry>
<term><option>--instances-max=</option></term>
<term><option>-m</option></term>
<listitem><para>Takes a decimal integer greater than or equal to 2. Controls how many versions to
keep at any time. This option may also be configured inside the transfer files, via the
<varname>InstancesMax=</varname> setting, see
<citerefentry><refentrytitle>sysupdate.d</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
details.</para>
<xi:include href="version-info.xml" xpointer="v251"/></listitem>
</varlistentry>
<varlistentry>
<term><option>--sync=</option></term>
<listitem><para>Takes a boolean argument, defaults to yes. This may be used to specify whether the
newly updated resource versions shall be synchronized to disk when appropriate (i.e. after the
download is complete, before it is finalized, and again after finalization). This should not be
turned off, except to improve runtime performance in testing environments.</para>
<xi:include href="version-info.xml" xpointer="v251"/></listitem>
</varlistentry>
<varlistentry>
<term><option>--verify=</option></term>
<listitem><para>Takes a boolean argument, defaults to yes. Controls whether to cryptographically
verify downloads. Do not turn this off, except in testing environments.</para>
<xi:include href="version-info.xml" xpointer="v251"/></listitem>
</varlistentry>
<varlistentry>
<term><option>--reboot</option></term>
<listitem><para>When used in combination with the <command>update</command> command and a new version is
installed, automatically reboots the system immediately afterwards.</para>
<xi:include href="version-info.xml" xpointer="v251"/></listitem>
</varlistentry>
<xi:include href="standard-options.xml" xpointer="no-pager" />
<xi:include href="standard-options.xml" xpointer="no-legend" />
<xi:include href="standard-options.xml" xpointer="json" />
</variablelist>
</refsect1>
<refsect1>
<title>Exit status</title>
<para>On success, 0 is returned, a non-zero failure code otherwise.</para>
</refsect1>
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>sysupdate.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-repart</refentrytitle><manvolnum>8</manvolnum></citerefentry>
</para>
</refsect1>
</refentry>
|