Offline updates not searching for lockbox

Hello,

we want to use a custom TorizonOS with offline updates managed by the Torizon Cloud.

To test the offline update functionality I built a vanilla torizon-minimal (BSP6.6.0) with Yocto and flash it with TEZI. The device isn’t connected to the internet.

After bootup I deactivated the aktualizr-daemon with

sudo systemctl stop aktualizr
sudo systemctl disable aktualizr

to trigger and observe the update process manually.

After that I provisioned and configured my device for offline updates according to this article: How to Use Secure Offline Updates with Torizon OS | Toradex Developer Center

Now I started the update process:

$ sudo aktualizr-torizon once --loglevel 0
Aktualizr version tdx-171aba3c starting
Reading config: "/usr/lib/sota/conf.d/20-sota-device-cred.toml"
Reading config: "/usr/lib/sota/conf.d/30-rollback.toml"
Reading config: "/usr/lib/sota/conf.d/40-hardware-id.toml"
Reading config: "/usr/lib/sota/conf.d/50-secondaries.toml"
Reading config: "/usr/lib/sota/conf.d/60-polling-interval.toml"
Reading config: "/usr/lib/sota/conf.d/70-reboot.toml"
Reading config: "/etc/sota/conf.d/99-offline-updates.toml"
Final configuration that will be used:
[logger]
loglevel = 0

[p11]
module = ""
pass = ""
uptane_key_id = ""
tls_ca_id = ""
tls_pkey_id = ""
tls_clientcert_id = ""

[tls]
server = "https://dgw.torizon.io"
server_url_path = "/usr/lib/sota/gateway.url"
ca_source = "file"
pkey_source = "file"
cert_source = "file"

[provision]
server = "https://dgw.torizon.io"
p12_password = ""
expiry_days = "36000"
provision_path = ""
device_id = ""
primary_ecu_serial = ""
primary_ecu_hardware_id = "verdin-imx8mm"
ecu_registration_endpoint = "https://dgw.torizon.io/director/ecus"
mode = "DeviceCred"

[uptane]
polling_sec = 300
director_server = "https://dgw.torizon.io/director"
repo_server = "https://dgw.torizon.io/repo"
key_source = "file"
key_type = "RSA2048"
force_install_completion = true
secondary_config_file = "/usr/lib/sota/secondaries.json"
secondary_preinstall_wait_sec = 600
enable_online_updates = false
enable_offline_updates = true
offline_updates_source = "/home/torizon/update"
update_lock_file = "/run/lock/aktualizr-lock"

[pacman]
type = "ostree"
os = ""
sysroot = ""
ostree_server = "https://dgw.torizon.io/treehub"
images_path = "/var/sota/images"
packages_file = "/usr/package.manifest"
fake_need_reboot = false
booted = "booted"

[storage]
type = "sqlite"
path = "/var/sota"
sqldb_path = "sql.db"
uptane_metadata_path = "metadata"
uptane_private_key_path = "ecukey.der"
uptane_public_key_path = "ecukey.pub"
tls_cacert_path = "root.crt"
tls_pkey_path = "pkey.pem"
tls_clientcert_path = "client.pem"

[import]
base_path = "/var/sota/import"
uptane_private_key_path = ""
uptane_public_key_path = ""
tls_cacert_path = "/usr/lib/sota/root.crt"
tls_pkey_path = "pkey.pem"
tls_clientcert_path = "client.pem"

[telemetry]
report_network = true
report_config = true

[bootloader]
rollback_mode = "uboot_masked"
reboot_sentinel_dir = "/var/run/aktualizr-session"
reboot_sentinel_name = "need_reboot"
reboot_command = "/usr/bin/touch /run/need-reboot"

Current directory: /var/rootdirs/home/torizon
Use existing SQL storage: "/var/sota/sql.db"
Couldn`t import data: empty path received
Couldn't import client certificate: "/var/sota/import/client.pem" doesn't exist.
Couldn't import client TLS key: "/var/sota/import/pkey.pem" doesn't exist.
No serial found in database for this ECU, defaulting to empty serial
Root for image already present, not importing
Root for director already present, not importing
Initializing docker-compose Secondaries...
Use existing SQL storage: "/var/sota/storage/docker-compose/sql.db"
Root metadata not found in database
No valid metadata found in storage.
Adding Secondary with ECU serial: c00d866cb4a781bd4ba2156d365e25bdab51de912850dbd5cc7600c278f4ec91 with hardware ID: docker-compose
Initializing torizon-generic Secondaries...
Use existing SQL storage: "/var/sota/storage/bootloader/sql.db"
Root metadata not found in database
No valid metadata found in storage.
Adding Secondary with ECU serial: f9f39d7858a8514ac5cfd6012ee83f638801fd59bc7d3108ffc7f93db2c2e7c4 with hardware ID: verdin-imx8mm-bootloader
Stashing ECU serials for hwid
Secondary ECU c00d866cb4a781bd4ba2156d365e25bdab51de912850dbd5cc7600c278f4ec91 not found in database
Secondary ECU f9f39d7858a8514ac5cfd6012ee83f638801fd59bc7d3108ffc7f93db2c2e7c4 not found in database
No pending updates, continuing with initialization
Stashing ECU serials for hwid
Secondary ECU c00d866cb4a781bd4ba2156d365e25bdab51de912850dbd5cc7600c278f4ec91 not found in database
Secondary ECU f9f39d7858a8514ac5cfd6012ee83f638801fd59bc7d3108ffc7f93db2c2e7c4 not found in database
Offline Updates are enabled
Stashing ECU serials for hwid
Secondary ECU c00d866cb4a781bd4ba2156d365e25bdab51de912850dbd5cc7600c278f4ec91 not found in database
Secondary ECU f9f39d7858a8514ac5cfd6012ee83f638801fd59bc7d3108ffc7f93db2c2e7c4 not found in database

I would expect that aktualizr checks the path for the offline update (/home/torizon/update) like in this thread: Selectively trigger aktualizr for offline updates - check and install subcommands - #8 by ollamh
and tells me, that there is no update available. But nothing happens.
When started with sudo aktualizr-torizon --loglevel 0 the last last three lines

Stashing ECU serials for hwid
Secondary ECU c00d866cb4a781bd4ba2156d365e25bdab51de912850dbd5cc7600c278f4ec91 not found in database
Secondary ECU f9f39d7858a8514ac5cfd6012ee83f638801fd59bc7d3108ffc7f93db2c2e7c4 not found in database

are repeated with the polling rate (300 sec).

Even when I copy a lockbox to the update location aktualizr does nothing.

Best regards,
Markus

Hi, I’m the Toradex AI Assistant. I’m in early beta, and I would appreciate your feedback.
The Toradex Support team will follow up with you shortly!

Did you like my answer?

Hello,

Based on the information you’ve provided, it seems that the aktualizr-torizon is correctly configured for offline updates but is not detecting the update lockbox in the specified directory (/home/torizon/update). There are a few potential reasons and steps you can take to troubleshoot this issue:

1. Verify Lockbox Content and Format: Ensure that the lockbox you’ve placed in /home/torizon/update is correctly formatted and contains the necessary metadata and update files. The lockbox should be a tarball that includes the signed metadata from the Torizon OTA server and the update images.

2. Permissions and Ownership: Check the permissions and ownership of the /home/torizon/update directory and the lockbox file within it. The aktualizr-torizon process must have read access to the directory and the files. You can adjust permissions with chmod and ownership with chown if necessary.

3. Correct Configuration Path: Double-check the configuration file at /etc/sota/conf.d/99-offline-updates.toml to ensure the offline_updates_source is correctly set to /home/torizon/update. Any typo or incorrect path could cause the issue you’re experiencing.

4. Restart aktualizr-torizon: After making any changes to the configuration or the update files, ensure you restart the aktualizr-torizon service to apply the changes. Since you’ve disabled the daemon, you can manually restart the update process with sudo aktualizr-torizon once --loglevel 0.

5. Log Level and Output: Increasing the log level might provide more detailed information about what aktualizr-torizon is doing and why it might not be detecting the update. Try running with a higher log level, such as --loglevel 2, to get more detailed output that could help identify the issue.

6. Filesystem Support: Ensure that the filesystem of the storage medium where /home/torizon/update resides is supported and correctly mounted. Although you’re using the device’s internal storage in this case, filesystem issues or mount problems could still potentially affect the update process.

7. Check for Aktualizr-torizon Updates: Although less likely to be the issue if you’re using a recent version of TorizonCore, ensure that your version of aktualizr-torizon is up to date. There might have been fixes or improvements in newer versions that address your issue.

If after following these steps the problem persists, it could be indicative

Please, also check if these links can help you solve your problem:

Aktualizr - Modifying the Settings of Torizon Update Client | Toradex Developer Center.

Greetings @Mowlwurf,

Oh I think I know what happened here. In recent versions of Torizon OS, there was an unintended regression that made it so that aktualizr-torizon with the once mode, does not work properly with offline updates.

This issue is already known by our team. I’ll poke them about it to make sure it’s still on our radar to be done eventually.

Just checking though, offline updates do work for you when running aktualizr-torizon normally (without once)?

Make sure when you’re running aktualizr-torizon normally, you put the Lockbox to the location specified by offline_updates_source after aktualizr-torizon has started running. If the Lockbox is already present in that file-path before aktualizr-torizon is running then it won’t trigger the update. This is intended design, otherwise if aktualizr-torizon triggered on Lockboxes that existed before it was running, it could lead to some nasty infinite update loops.

This is actually the reason the once mode needs special logic. Since obviously you can’t really place a Lockbox to the file-path in this mode since Aktualizr runs and exits immediately.

In summary, I’ll go ahead and remind our team about this known issue. If you can just confirm that offline updates work for you when ran normally, that would be helpful. Just so we’re sure nothing else is wrong.

Best Regards,
Jeremias

Hello @jeremias.tx,

If you can just confirm that offline updates work for you when ran normally, that would be helpful. Just so we’re sure nothing else is wrong.

In the Torizon Cloud I made a lockbox with the official latest release for torizon-minimal (kirkstone/verdin-imx8mm/torizon/torizon-minimal/release:6.6.1+build.14 and transfered it to a usb stick.

Then I changed the offline update source to /media/<stick name>/update and started aktualizr again:

$ sudo aktualizr-torizon --loglevel 0
Aktualizr version tdx-171aba3c starting
Reading config: "/usr/lib/sota/conf.d/20-sota-device-cred.toml"
Reading config: "/usr/lib/sota/conf.d/30-rollback.toml"
Reading config: "/usr/lib/sota/conf.d/40-hardware-id.toml"
Reading config: "/usr/lib/sota/conf.d/50-secondaries.toml"
Reading config: "/usr/lib/sota/conf.d/60-polling-interval.toml"
Reading config: "/usr/lib/sota/conf.d/70-reboot.toml"
Reading config: "/etc/sota/conf.d/99-offline-updates.toml"
Final configuration that will be used:
[logger]
loglevel = 0

[p11]
module = ""
pass = ""
uptane_key_id = ""
tls_ca_id = ""
tls_pkey_id = ""
tls_clientcert_id = ""

[tls]
server = "https://dgw.torizon.io"
server_url_path = "/usr/lib/sota/gateway.url"
ca_source = "file"
pkey_source = "file"
cert_source = "file"

[provision]
server = "https://dgw.torizon.io"
p12_password = ""
expiry_days = "36000"
provision_path = ""
device_id = ""
primary_ecu_serial = ""
primary_ecu_hardware_id = "verdin-imx8mm"
ecu_registration_endpoint = "https://dgw.torizon.io/director/ecus"
mode = "DeviceCred"

[uptane]
polling_sec = 300
director_server = "https://dgw.torizon.io/director"
repo_server = "https://dgw.torizon.io/repo"
key_source = "file"
key_type = "RSA2048"
force_install_completion = true
secondary_config_file = "/usr/lib/sota/secondaries.json"
secondary_preinstall_wait_sec = 600
enable_online_updates = false
enable_offline_updates = true
offline_updates_source = "/media/TOSHIBA/update"
update_lock_file = "/run/lock/aktualizr-lock"

[pacman]
type = "ostree"
os = ""
sysroot = ""
ostree_server = "https://dgw.torizon.io/treehub"
images_path = "/var/sota/images"
packages_file = "/usr/package.manifest"
fake_need_reboot = false
booted = "booted"

[storage]
type = "sqlite"
path = "/var/sota"
sqldb_path = "sql.db"
uptane_metadata_path = "metadata"
uptane_private_key_path = "ecukey.der"
uptane_public_key_path = "ecukey.pub"
tls_cacert_path = "root.crt"
tls_pkey_path = "pkey.pem"
tls_clientcert_path = "client.pem"

[import]
base_path = "/var/sota/import"
uptane_private_key_path = ""
uptane_public_key_path = ""
tls_cacert_path = "/usr/lib/sota/root.crt"
tls_pkey_path = "pkey.pem"
tls_clientcert_path = "client.pem"

[telemetry]
report_network = true
report_config = true

[bootloader]
rollback_mode = "uboot_masked"
reboot_sentinel_dir = "/var/run/aktualizr-session"
reboot_sentinel_name = "need_reboot"
reboot_command = "/usr/bin/touch /run/need-reboot"

Current directory: /var/rootdirs/home/torizon
Use existing SQL storage: "/var/sota/sql.db"
Couldn`t import data: empty path received
Couldn't import client certificate: "/var/sota/import/client.pem" doesn't exist.
Couldn't import client TLS key: "/var/sota/import/pkey.pem" doesn't exist.
No serial found in database for this ECU, defaulting to empty serial
Root for image already present, not importing
Root for director already present, not importing
Initializing docker-compose Secondaries...
Use existing SQL storage: "/var/sota/storage/docker-compose/sql.db"
Root metadata not found in database
No valid metadata found in storage.
Adding Secondary with ECU serial: c00d866cb4a781bd4ba2156d365e25bdab51de912850dbd5cc7600c278f4ec91 with hardware ID: docker-compose
Initializing torizon-generic Secondaries...
Use existing SQL storage: "/var/sota/storage/bootloader/sql.db"
Root metadata not found in database
No valid metadata found in storage.
Adding Secondary with ECU serial: f9f39d7858a8514ac5cfd6012ee83f638801fd59bc7d3108ffc7f93db2c2e7c4 with hardware ID: verdin-imx8mm-bootloader
Stashing ECU serials for hwid
Secondary ECU c00d866cb4a781bd4ba2156d365e25bdab51de912850dbd5cc7600c278f4ec91 not found in database
Secondary ECU f9f39d7858a8514ac5cfd6012ee83f638801fd59bc7d3108ffc7f93db2c2e7c4 not found in database
No pending updates, continuing with initialization
Stashing ECU serials for hwid
Secondary ECU c00d866cb4a781bd4ba2156d365e25bdab51de912850dbd5cc7600c278f4ec91 not found in database
Secondary ECU f9f39d7858a8514ac5cfd6012ee83f638801fd59bc7d3108ffc7f93db2c2e7c4 not found in database
Offline Updates are enabled
Stashing ECU serials for hwid
Secondary ECU c00d866cb4a781bd4ba2156d365e25bdab51de912850dbd5cc7600c278f4ec91 not found in database
Secondary ECU f9f39d7858a8514ac5cfd6012ee83f638801fd59bc7d3108ffc7f93db2c2e7c4 not found in database
Stashing ECU serials for hwid
Secondary ECU c00d866cb4a781bd4ba2156d365e25bdab51de912850dbd5cc7600c278f4ec91 not found in database
Secondary ECU f9f39d7858a8514ac5cfd6012ee83f638801fd59bc7d3108ffc7f93db2c2e7c4 not found in database

After connecting the stick to my SOM I got this output of aktualizr:

fetchMetaOffUpd() called with source_path: "/media/TOSHIBA/update"
offline-snapshot metadata not found in database
Getting ECU serials for hwid: LEN=3
No hardware ID found in database for ECU serial 5a29c6633ceeab60343a8827621cede71bd291a05691b88e7e714cba3ba94dfc
Failed to get current installed version: no more rows available
Current version for ECU ID: 5a29c6633ceeab60343a8827621cede71bd291a05691b88e7e714cba3ba94dfc is unknown
New updates found in Director metadata. Checking Image repo metadata...
1 new update found in both Director and Image repo metadata.
Event: UpdateCheckComplete, Result - Updates available
Getting ECU serials for hwid: LEN=3
No hardware ID found in database for ECU serial 5a29c6633ceeab60343a8827621cede71bd291a05691b88e7e714cba3ba94dfc
Failed to get current installed version: no more rows available
Current version for ECU ID: 5a29c6633ceeab60343a8827621cede71bd291a05691b88e7e714cba3ba94dfc is unknown
New updates found in stored Director metadata. Checking stored Image repo metadata...
Performing a local pull from file:///media/TOSHIBA/update/images/ostree
ostree-pull: Writing objects: 2
ostree-pull: Writing objects: 5
ostree-pull: Writing objects: 28
ostree-pull: 337 metadata, 1372 content objects imported; 122.7 MB content written
Event: DownloadTargetComplete, Result - Success
Event: AllDownloadsComplete, Result - Success
Getting ECU serials for hwid: LEN=3
No hardware ID found in database for ECU serial 5a29c6633ceeab60343a8827621cede71bd291a05691b88e7e714cba3ba94dfc
Failed to get current installed version: no more rows available
Current version for ECU ID: 5a29c6633ceeab60343a8827621cede71bd291a05691b88e7e714cba3ba94dfc is unknown
New updates found in stored Director metadata. Checking stored Image repo metadata...
Event: InstallStarted
post request body:[
        {
                "deviceTime" : "2024-06-27T22:01:58Z",
                "event" :
                {
                        "correlationId" : "urn:tdx-ota:lockbox:Testupdate:7:4d31e0559dc3",
                        "ecu" : "5a29c6633ceeab60343a8827621cede71bd291a05691b88e7e714cba3ba94dfc"
                },
                "eventType" :
                {
                        "id" : "EcuInstallationStarted",
                        "version" : 0
                },
                "id" : "fe6e26c5-f53c-407a-b8c0-402bfac526c9"
        }
]
* Could not resolve host: dgw.torizon.io
* Closing connection
curl error 6 (http code 0): Couldn't resolve host name
Installing package using ostree package manager
Commit metadata kargs=quiet logo.nologo vt.global_cursor_default=0 plymouth.ignore-serial-consoles splash fbcon=map:3
Original deployment kargs=quiet logo.nologo vt.global_cursor_default=0 plymouth.ignore-serial-consoles splash fbcon=map:3 ostree=/ostree/boot.1/torizon/d896df2d5749fe6aada0aab97ba93e43328c67e3a20c815a113ffe78bd5b22af/0
* Could not resolve host: dgw.torizon.io
* Closing connection
curl error 6 (http code 0): Couldn't resolve host name
* Could not resolve host: dgw.torizon.io
* Closing connection
curl error 6 (http code 0): Couldn't resolve host name
response http code: 0
response:
response http code: 0
response:
response http code: 0
response:
note: Deploying commit 38d1244bb423def713f63ca175ccda5e8464cfcc24864afaf840be4a9fc5de20 which contains content in /var/local that will be ignored.
post request body:[
        {
                "deviceTime" : "2024-06-27T22:01:58Z",
                "event" :
                {
                        "correlationId" : "urn:tdx-ota:lockbox:Testupdate:7:4d31e0559dc3",
                        "ecu" : "5a29c6633ceeab60343a8827621cede71bd291a05691b88e7e714cba3ba94dfc"
                },
                "eventType" :
                {
                        "id" : "EcuInstallationStarted",
                        "version" : 0
                },
                "id" : "fe6e26c5-f53c-407a-b8c0-402bfac526c9"
        }
]
* Could not resolve host: dgw.torizon.io
* Closing connection
curl error 6 (http code 0): Couldn't resolve host name
* Could not resolve host: dgw.torizon.io
* Closing connection
curl error 6 (http code 0): Couldn't resolve host name
* Could not resolve host: dgw.torizon.io
* Closing connection
curl error 6 (http code 0): Couldn't resolve host name
response http code: 0
response:
response http code: 0
response:
response http code: 0
response:
post request body:[
        {
                "deviceTime" : "2024-06-27T22:01:58Z",
                "event" :
                {
                        "correlationId" : "urn:tdx-ota:lockbox:Testupdate:7:4d31e0559dc3",
                        "ecu" : "5a29c6633ceeab60343a8827621cede71bd291a05691b88e7e714cba3ba94dfc"
                },
                "eventType" :
                {
                        "id" : "EcuInstallationStarted",
                        "version" : 0
                },
                "id" : "fe6e26c5-f53c-407a-b8c0-402bfac526c9"
        }
]
* Could not resolve host: dgw.torizon.io
* Closing connection
curl error 6 (http code 0): Couldn't resolve host name
* Could not resolve host: dgw.torizon.io
* Closing connection
curl error 6 (http code 0): Couldn't resolve host name
* Could not resolve host: dgw.torizon.io
* Closing connection
curl error 6 (http code 0): Couldn't resolve host name
response http code: 0
response:
response http code: 0
response:
response http code: 0
response:

The section with the connection attempt to Torizon Cloud is repeated cyclically in an endless loop. So I have to cancel it with Ctrl+C and get the following output:

Performing sync()
Event: InstallTargetComplete, Result - Success
post request body:[
        {
                "deviceTime" : "2024-06-27T22:01:58Z",
                "event" :
                {
                        "correlationId" : "urn:tdx-ota:lockbox:Testupdate:7:4d31e0559dc3",
                        "ecu" : "5a29c6633ceeab60343a8827621cede71bd291a05691b88e7e714cba3ba94dfc"
                },
                "eventType" :
                {
                        "id" : "EcuInstallationStarted",
                        "version" : 0
                },
                "id" : "fe6e26c5-f53c-407a-b8c0-402bfac526c9"
        },
        {
                "deviceTime" : "2024-06-27T22:02:38Z",
                "event" :
                {
                        "correlationId" : "urn:tdx-ota:lockbox:Testupdate:7:4d31e0559dc3",
                        "ecu" : "5a29c6633ceeab60343a8827621cede71bd291a05691b88e7e714cba3ba94dfc"
                },
                "eventType" :
                {
                        "id" : "EcuInstallationApplied",
                        "version" : 0
                },
                "id" : "9751a8f4-a4df-49a4-9dca-c46b966e07a3"
        }
]
* Could not resolve host: dgw.torizon.io
* Closing connection
curl error 6 (http code 0): Couldn't resolve host name
Event: AllInstallsComplete, Result - INTERNAL_ERROR
Getting ECU serials for hwid: LEN=3
No hardware ID found in database for ECU serial 5a29c6633ceeab60343a8827621cede71bd291a05691b88e7e714cba3ba94dfc
No hardware ID found in database for ECU serial c00d866cb4a781bd4ba2156d365e25bdab51de912850dbd5cc7600c278f4ec91
No hardware ID found in database for ECU serial f9f39d7858a8514ac5cfd6012ee83f638801fd59bc7d3108ffc7f93db2c2e7c4
About to reboot the system in order to apply pending updates...
* Could not resolve host: dgw.torizon.io
* Closing connection
curl error 6 (http code 0): Couldn't resolve host name
Aktualizr daemon exiting...

After reboot the new TorizonCore 6.6.1+build.14 starts so the update seemed to work in general.

What do you think about the logs?
Is it normal that aktualizr tries to connect to the Torizon Cloud in an endless loop even though online updates are disabled? When restarting aktualizr after the update it continues to try to connect to the Torizon Cloud:

$ sudo aktualizr-torizon --loglevel 0
Aktualizr version tdx-1523e48d starting
Reading config: "/usr/lib/sota/conf.d/20-sota-device-cred.toml"
Reading config: "/usr/lib/sota/conf.d/30-rollback.toml"
Reading config: "/usr/lib/sota/conf.d/40-hardware-id.toml"
Reading config: "/usr/lib/sota/conf.d/50-secondaries.toml"
Reading config: "/usr/lib/sota/conf.d/60-polling-interval.toml"
Reading config: "/usr/lib/sota/conf.d/70-reboot.toml"
Reading config: "/etc/sota/conf.d/99-offline-updates.toml"
Final configuration that will be used:
[logger]
loglevel = 0

[p11]
module = ""
pass = ""
uptane_key_id = ""
tls_ca_id = ""
tls_pkey_id = ""
tls_clientcert_id = ""

[tls]
server = "https://dgw.torizon.io"
server_url_path = "/usr/lib/sota/gateway.url"
ca_source = "file"
pkey_source = "file"
cert_source = "file"

[provision]
server = "https://dgw.torizon.io"
p12_password = ""
expiry_days = "36000"
provision_path = ""
device_id = ""
primary_ecu_serial = ""
primary_ecu_hardware_id = "verdin-imx8mm"
ecu_registration_endpoint = "https://dgw.torizon.io/director/ecus"
mode = "DeviceCred"

[uptane]
polling_sec = 300
director_server = "https://dgw.torizon.io/director"
repo_server = "https://dgw.torizon.io/repo"
key_source = "file"
key_type = "RSA2048"
force_install_completion = true
secondary_config_file = "/usr/lib/sota/secondaries.json"
secondary_preinstall_wait_sec = 600
enable_online_updates = false
enable_offline_updates = true
offline_updates_source = "/media/TOSHIBA/update"
update_lock_file = "/run/lock/aktualizr-lock"

[pacman]
type = "ostree"
os = ""
sysroot = ""
ostree_server = "https://dgw.torizon.io/treehub"
images_path = "/var/sota/images"
packages_file = "/usr/package.manifest"
fake_need_reboot = false
booted = "booted"

[storage]
type = "sqlite"
path = "/var/sota"
sqldb_path = "sql.db"
uptane_metadata_path = "metadata"
uptane_private_key_path = "ecukey.der"
uptane_public_key_path = "ecukey.pub"
tls_cacert_path = "root.crt"
tls_pkey_path = "pkey.pem"
tls_clientcert_path = "client.pem"

[import]
base_path = "/var/sota/import"
uptane_private_key_path = ""
uptane_public_key_path = ""
tls_cacert_path = "/usr/lib/sota/root.crt"
tls_pkey_path = "pkey.pem"
tls_clientcert_path = "client.pem"

[telemetry]
report_network = true
report_config = true

[bootloader]
rollback_mode = "uboot_masked"
reboot_sentinel_dir = "/var/run/aktualizr-session"
reboot_sentinel_name = "need_reboot"
reboot_command = "/usr/bin/touch /run/need-reboot"

Current directory: /var/rootdirs/home/torizon
Use existing SQL storage: "/var/sota/sql.db"
Couldn`t import data: empty path received
Couldn't import client certificate: "/var/sota/import/client.pem" doesn't exist.
Couldn't import client TLS key: "/var/sota/import/pkey.pem" doesn't exist.
No serial found in database for this ECU, defaulting to empty serial
Root for image already present, not importing
Root for director already present, not importing
Initializing docker-compose Secondaries...
Use existing SQL storage: "/var/sota/storage/docker-compose/sql.db"
post request body:[
        {
                "deviceTime" : "2024-06-27T22:01:58Z",
                "event" :
                {
                        "correlationId" : "urn:tdx-ota:lockbox:Testupdate:7:4d31e0559dc3",
                        "ecu" : "5a29c6633ceeab60343a8827621cede71bd291a05691b88e7e714cba3ba94dfc"
                },
                "eventType" :
                {
                        "id" : "EcuInstallationStarted",
                        "version" : 0
                },
                "id" : "fe6e26c5-f53c-407a-b8c0-402bfac526c9"
        },
        {
                "deviceTime" : "2024-06-27T22:02:38Z",
                "event" :
                {
                        "correlationId" : "urn:tdx-ota:lockbox:Testupdate:7:4d31e0559dc3",
                        "ecu" : "5a29c6633ceeab60343a8827621cede71bd291a05691b88e7e714cba3ba94dfc"
                },
                "eventType" :
                {
                        "id" : "EcuInstallationApplied",
                        "version" : 0
                },
                "id" : "9751a8f4-a4df-49a4-9dca-c46b966e07a3"
        },
        {
                "deviceTime" : "2024-06-27T22:04:25Z",
                "event" :
                {
                        "correlationId" : "urn:tdx-ota:lockbox:Testupdate:7:4d31e0559dc3",
                        "ecu" : "5a29c6633ceeab60343a8827621cede71bd291a05691b88e7e714cba3ba94dfc",
                        "success" : true
                },
                "eventType" :
                {
                        "id" : "EcuInstallationCompleted",
                        "version" : 0
                },
                "id" : "e6afa88f-e04d-4867-ab09-37292938a88b"
        }
]
* Could not resolve host: dgw.torizon.io
* Closing connection
curl error 6 (http code 0): Couldn't resolve host name
Root metadata not found in database
No valid metadata found in storage.
Adding Secondary with ECU serial: c00d866cb4a781bd4ba2156d365e25bdab51de912850dbd5cc7600c278f4ec91 with hardware ID: docker-compose
Initializing torizon-generic Secondaries...
Use existing SQL storage: "/var/sota/storage/bootloader/sql.db"
Root metadata not found in database
No valid metadata found in storage.
Adding Secondary with ECU serial: f9f39d7858a8514ac5cfd6012ee83f638801fd59bc7d3108ffc7f93db2c2e7c4 with hardware ID: verdin-imx8mm-bootloader
Stashing ECU serials for hwid
Secondary ECU c00d866cb4a781bd4ba2156d365e25bdab51de912850dbd5cc7600c278f4ec91 not found in database
Secondary ECU f9f39d7858a8514ac5cfd6012ee83f638801fd59bc7d3108ffc7f93db2c2e7c4 not found in database
No pending updates, continuing with initialization
Stashing ECU serials for hwid
Secondary ECU c00d866cb4a781bd4ba2156d365e25bdab51de912850dbd5cc7600c278f4ec91 not found in database
Secondary ECU f9f39d7858a8514ac5cfd6012ee83f638801fd59bc7d3108ffc7f93db2c2e7c4 not found in database
Offline Updates are enabled
Stashing ECU serials for hwid
Secondary ECU c00d866cb4a781bd4ba2156d365e25bdab51de912850dbd5cc7600c278f4ec91 not found in database
Secondary ECU f9f39d7858a8514ac5cfd6012ee83f638801fd59bc7d3108ffc7f93db2c2e7c4 not found in database
* Could not resolve host: dgw.torizon.io
* Closing connection
curl error 6 (http code 0): Couldn't resolve host name
* Could not resolve host: dgw.torizon.io
* Closing connection
curl error 6 (http code 0): Couldn't resolve host name
response http code: 0
response:
response http code: 0
response:
response http code: 0
response:
Failed to post update events: 6 Couldn't resolve host name HTTP 0
post request body:[
        {
                "deviceTime" : "2024-06-27T22:01:58Z",
                "event" :
                {
                        "correlationId" : "urn:tdx-ota:lockbox:Testupdate:7:4d31e0559dc3",
                        "ecu" : "5a29c6633ceeab60343a8827621cede71bd291a05691b88e7e714cba3ba94dfc"
                },
                "eventType" :
                {
                        "id" : "EcuInstallationStarted",
                        "version" : 0
                },
                "id" : "fe6e26c5-f53c-407a-b8c0-402bfac526c9"
        },
        {
                "deviceTime" : "2024-06-27T22:02:38Z",
                "event" :
                {
                        "correlationId" : "urn:tdx-ota:lockbox:Testupdate:7:4d31e0559dc3",
                        "ecu" : "5a29c6633ceeab60343a8827621cede71bd291a05691b88e7e714cba3ba94dfc"
                },
                "eventType" :
                {
                        "id" : "EcuInstallationApplied",
                        "version" : 0
                },
                "id" : "9751a8f4-a4df-49a4-9dca-c46b966e07a3"
        },
        {
                "deviceTime" : "2024-06-27T22:04:25Z",
                "event" :
                {
                        "correlationId" : "urn:tdx-ota:lockbox:Testupdate:7:4d31e0559dc3",
                        "ecu" : "5a29c6633ceeab60343a8827621cede71bd291a05691b88e7e714cba3ba94dfc",
                        "success" : true
                },
                "eventType" :
                {
                        "id" : "EcuInstallationCompleted",
                        "version" : 0
                },
                "id" : "e6afa88f-e04d-4867-ab09-37292938a88b"
        }
]
* Could not resolve host: dgw.torizon.io
* Closing connection
curl error 6 (http code 0): Couldn't resolve host name
* Could not resolve host: dgw.torizon.io
* Closing connection
curl error 6 (http code 0): Couldn't resolve host name
* Could not resolve host: dgw.torizon.io
* Closing connection
curl error 6 (http code 0): Couldn't resolve host name
response http code: 0
response:
response http code: 0
response:
response http code: 0
response:
Failed to post update events: 6 Couldn't resolve host name HTTP 0
post request body:[
        {
                "deviceTime" : "2024-06-27T22:01:58Z",
                "event" :
                {
                        "correlationId" : "urn:tdx-ota:lockbox:Testupdate:7:4d31e0559dc3",
                        "ecu" : "5a29c6633ceeab60343a8827621cede71bd291a05691b88e7e714cba3ba94dfc"
                },
                "eventType" :
                {
                        "id" : "EcuInstallationStarted",
                        "version" : 0
                },
                "id" : "fe6e26c5-f53c-407a-b8c0-402bfac526c9"
        },
        {
                "deviceTime" : "2024-06-27T22:02:38Z",
                "event" :
                {
                        "correlationId" : "urn:tdx-ota:lockbox:Testupdate:7:4d31e0559dc3",
                        "ecu" : "5a29c6633ceeab60343a8827621cede71bd291a05691b88e7e714cba3ba94dfc"
                },
                "eventType" :
                {
                        "id" : "EcuInstallationApplied",
                        "version" : 0
                },
                "id" : "9751a8f4-a4df-49a4-9dca-c46b966e07a3"
        },
        {
                "deviceTime" : "2024-06-27T22:04:25Z",
                "event" :
                {
                        "correlationId" : "urn:tdx-ota:lockbox:Testupdate:7:4d31e0559dc3",
                        "ecu" : "5a29c6633ceeab60343a8827621cede71bd291a05691b88e7e714cba3ba94dfc",
                        "success" : true
                },
                "eventType" :
                {
                        "id" : "EcuInstallationCompleted",
                        "version" : 0
                },
                "id" : "e6afa88f-e04d-4867-ab09-37292938a88b"
        }
]
* Could not resolve host: dgw.torizon.io
* Closing connection
curl error 6 (http code 0): Couldn't resolve host name
* Could not resolve host: dgw.torizon.io
* Closing connection
curl error 6 (http code 0): Couldn't resolve host name
* Could not resolve host: dgw.torizon.io
* Closing connection
curl error 6 (http code 0): Couldn't resolve host name
response http code: 0
response:
response http code: 0
response:
response http code: 0
response:
Failed to post update events: 6 Couldn't resolve host name HTTP 0

[...]

Best regards,
Markus

Okay good, looks like it’s working fine for you overall.

What do you think about the logs?
Is it normal that aktualizr tries to connect to the Torizon Cloud in an endless loop even though online updates are disabled? When restarting aktualizr after the update it continues to try to connect to the Torizon Cloud:

Those logs are fairly normal. Even in an offline update the client here will try to communicate with the server if possible. As there are some valid cases for doing offline updates despite the device being online. If you’re device is truly offline you can ignore these connection related log messages and treat them as warnings. We do have a task on our side to clean up these log messages but, it’s fairly low on our list of priorities since at the end of the day these log messages aren’t harmful or anything.

As for the issue with offline updates and the once run-mode I’ve informed our team about your case here and we’ll see when we can get this next prioritized.

Best Regards,
Jeremias

Hello @jeremias.tx,

As for the issue with offline updates and the once run-mode I’ve informed our team about your case here and we’ll see when we can get this next prioritized.

I would be very happy to hear from you soon.
Since TorizonOS 6.4 and 6.5 can no longer be built in Yocto because of this bug, I’m a bit stuck right now. Does it make sense to continue with version 6.3 in the meantime, even if it is already quite old?

Best regards,
Markus

Since TorizonOS 6.4 and 6.5 can no longer be built in Yocto because of this bug, I’m a bit stuck right now. Does it make sense to continue with version 6.3 in the meantime, even if it is already quite old?

Are you working on 6.3 because of this once run-mode issue? I’ve already raised this to our team internally as I said. Though I can’t give any guarantee on when this will be prioritized and worked on by our team.

Ideally you’d work on a more recent version than 6.3. But if you can’t for some reason then I guess you’re stuck on 6.3 for the time-being.

Best Regards,
Jeremias

I expressed myself in a misleading way. I am currently working on BSP6.6 and my question was meant to ask whether it would make sense to go back to BSP6.3 in the meantime in order to test the once mode.

But you have already answered that. So I’ll wait to hear from you when a patch or a new version is available

Best regards,
Markus

As a workaround for BSP6.6 I have created an aktualizr-torizon_%.bbappend in which I set the version of aktualizr-torizon to the one used in BSP6.5:

# command 'aktualizr-torizon once' not working in BSP6.6
# -> set version to the one used in BSP6.5
SRCREV = "d71f18a1b8139cd4adadb41667b73d7c92fdbd9f"

Best regards,
Markus