Hi everyone,
I’m developing an application for a Toradex Colibri iMX7 running Torizon OS. My Qt application runs inside a Docker container, and I want to implement a reliable software update mechanism using a USB drive.
Current update workflow
When the user clicks the Update button in the application, I want the following sequence to happen:
- Detect whether a USB drive is connected.
- Search the USB for a
docker-compose.ymlfile. - Compare the
appservice image with the currently installeddocker-compose.yml. - Only compare the image tag (for example,
octo:1.0vsocto:1.1). - If the image name is the same but the tag is different, start the update.
- Stop the currently running Docker Compose application.
- Replace the existing
docker-compose.ymlon the host with the one from the USB. - Run
docker compose up -d --remove-orphans. - Verify that the Weston container is running.
- Update
/etc/xdg/weston/weston.iniinside the Weston container. - Reboot the device.
I already have an update.sh script that performs all of these steps correctly when executed directly on the host .
The problem
The application itself runs inside a Docker container.
I mounted /var/run/docker.sock into the container and confirmed that:
docker psworks correctly inside the application container and lists the host containers.- However,
docker composeis not available inside the container, even though it exists on the host.
Host:
docker compose version
Docker Compose version v2.26.0
Inside the application container:
docker ps # Works
docker compose version
docker: 'compose' is not a docker command.
The host contains:
/usr/lib/docker/cli-plugins/docker-compose
/usr/bin/docker-compose
but the application container cannot use the Compose plugin.
My question
What is the recommended and supported approach on Torizon OS for this type of update mechanism?
Ideally, I would like my application to trigger a host-side update process that performs:
docker compose down- Replace
docker-compose.yml docker compose up- Update
weston.ini - Reboot
without giving the application unnecessary privileges or implementing a custom HTTP server or similar service unless that is the recommended approach.
what is the recommended architecture or best practice?