From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from atuin.qyliss.net (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id A5D782023C; Thu, 13 Nov 2025 16:50:06 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 993) id D5EE620286; Thu, 13 Nov 2025 16:50:02 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DMARC_MISSING,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=4.0.1 Received: from fhigh-a4-smtp.messagingengine.com (fhigh-a4-smtp.messagingengine.com [103.168.172.155]) by atuin.qyliss.net (Postfix) with ESMTPS id A3FB620284 for ; Thu, 13 Nov 2025 16:50:01 +0000 (UTC) Received: from phl-compute-02.internal (phl-compute-02.internal [10.202.2.42]) by mailfhigh.phl.internal (Postfix) with ESMTP id 468081400184; Thu, 13 Nov 2025 11:50:00 -0500 (EST) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-02.internal (MEProxy); Thu, 13 Nov 2025 11:50:00 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc :cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm2; t=1763052600; x=1763139000; bh=aHdfV4k+wh pO/Qg5Pji1UhEjKmcaR6DHPi1Qd51+OLc=; b=Ca/TdgkuIsDM9+6F4AI9XyHAj3 tzIO8xNPvgn+oNotQ5SNqfyoW7YOujUNyBZIiNiA+v6l4qFSWREspVOAEVUvduL0 C5TTy9N8wYTI7n2Z+CPtBSthrIT1XsAVXUbqEqwCpM2GCnz7DRe5aqgxizyDddEf zKKTZpWrO0dSRgISMOq/VwstPUfJuBUfii8CukHLEzKHqXKszfvMzFHINOl/LbWW XjycbduUF15ZzfAA+qia9bS+2HrrFWa9g9hrUMn26Xky31Xd4xTkd7yaUDmlUfDJ ozY8K2u2SzKyUj3YQXxDG9/djhB+gzjp82YMj9yKZdtQqwwS9vyQMsY9qrMw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t= 1763052600; x=1763139000; bh=aHdfV4k+whpO/Qg5Pji1UhEjKmcaR6DHPi1 Qd51+OLc=; b=RSZZAHgiGoJb6U30HgKT0Ocz9QhHx7h+ZJTajtqIbyebL5BcOgP YAjgULyhjtfhrYoguDBcvZ6c0+0YUTT1hh0UtyPkPe2a7l5jPcbuF/A/YWNsmlh8 Gjn0oslfQcNasUXM1/2S4HMH75eS2wRDswHXVS5SduQxfeixuYxBF/tkC+ZP4U7P qi08l4Hp7krdyrpCf/+erQtgwiFSotLWmT0T1CrndMnlptHaJmiUwkQrDGZ3CQUa 6qNC/2UWnS4LZXXaB/U3WXy4+c/8K0mzUrfF4vIxb37qLGer+mGzuIHpXywc7q72 2ZH47WxF1tAn1BcgVRPTU5cRLhCSQajQdUw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtdeggddvtdejgeeiucetufdoteggodetrf dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfurfetoffkrfgpnffqhgenuceu rghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujf gurhephffvvefujghffffkgggtsehgtderredttdejnecuhfhrohhmpeetlhihshhsrgcu tfhoshhsuceohhhisegrlhihshhsrgdrihhsqeenucggtffrrghtthgvrhhnpeetheevud fgjefghefhieejudelkeeljeegvdekueeuhffhgedvveefteevgeetieenucevlhhushht vghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehhihesrghlhihsshgrrd hishdpnhgspghrtghpthhtohepvddpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohep uggvmhhiohgsvghnohhurhesghhmrghilhdrtghomhdprhgtphhtthhopeguvghvvghlse hsphgvtghtrhhumhdqohhsrdhorhhg X-ME-Proxy: Feedback-ID: i12284293:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 13 Nov 2025 11:49:59 -0500 (EST) Received: by fw12.qyliss.net (Postfix, from userid 1000) id E8D64139D5C5; Thu, 13 Nov 2025 17:49:58 +0100 (CET) From: Alyssa Ross To: Demi Marie Obenour Subject: Re: [PATCH v2 7/8] Documentation: Update support In-Reply-To: <20251112-updates-v2-7-88d96bf81b79@gmail.com> References: <20251112-updates-v2-0-88d96bf81b79@gmail.com> <20251112-updates-v2-7-88d96bf81b79@gmail.com> Date: Thu, 13 Nov 2025 17:49:57 +0100 Message-ID: <87qzu1c1xm.fsf@alyssa.is> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Message-ID-Hash: WDQPAHIULJYBCST54XQR77BUEOMDLRTF X-Message-ID-Hash: WDQPAHIULJYBCST54XQR77BUEOMDLRTF X-MailFrom: hi@alyssa.is X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1; header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3; header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Spectrum OS Development X-Mailman-Version: 3.3.9 Precedence: list List-Id: Patches and low-level development discussion Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Demi Marie Obenour writes: > There is now a way to update the OS, so the previous documentation is > now stale! > > Signed-off-by: Demi Marie Obenour > --- > Documentation/installation/index.adoc | 3 ++- > Documentation/using-spectrum/index.adoc | 2 ++ > Documentation/using-spectrum/updates.adoc | 29 +++++++++++++++++++++++++= ++++ > 3 files changed, 33 insertions(+), 1 deletion(-) > > diff --git a/Documentation/installation/index.adoc b/Documentation/instal= lation/index.adoc > index d67c88dda062066c19c3b21e699f074cc18a6dbc..536c3dd9f78faa2ecad4127dc= 9ccc2058a230b1a 100644 > --- a/Documentation/installation/index.adoc > +++ b/Documentation/installation/index.adoc > @@ -18,6 +18,7 @@ development. >=20=20 > =3D=3D Uninstalling and Updating >=20=20 > -Currently, there is no implementation for a software update. > +See xref:../using-spectrum/updates.adoc[Updating the OS] for how to enab= le > +updates. Let's phrase this so it says that there's work going on to enable updates but it's not all set up yet. User-focused documentation shouldn't really be suggesting that people will have to build their own images and run their own update servers. > You can replace Spectrum by installing another OS. > diff --git a/Documentation/using-spectrum/index.adoc b/Documentation/usin= g-spectrum/index.adoc > index 25347a4ed7bb1f899ee0a3b85aa51da94bb954b4..5d9ea657f7c6f8c21edbf8637= d2d2d0bf52f931d 100644 > --- a/Documentation/using-spectrum/index.adoc > +++ b/Documentation/using-spectrum/index.adoc > @@ -11,3 +11,5 @@ Ready to get started with Spectrum? Here is what you ca= n do next: >=20=20 > * xref:running-vms.adoc[Start some applications]. > * xref:creating-custom-vms.adoc[Create your own VM] to use other applica= tions. > +* xref:updates.adoc[Enable updates] so you can use newer versions of Spe= ctrum > + without reinstalling the OS. This doesn't really belong in the "Using Spectrum" section, because people who're only using Spectrum should have working updates out of the box. It would make more sense to be documented alongside the configuration mechanism =E2=80=94 that's the audience for this. > diff --git a/Documentation/using-spectrum/updates.adoc b/Documentation/us= ing-spectrum/updates.adoc > new file mode 100644 > index 0000000000000000000000000000000000000000..ffd6fda269617768d486e58e3= 0661bbefc8b2bbd > --- /dev/null > +++ b/Documentation/using-spectrum/updates.adoc > @@ -0,0 +1,29 @@ > +=3D Updating the OS > +:page-parent: Using Spectrum > + > +// SPDX-FileCopyrightText: 2025 Demi Marie Obenour > +// SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later OR CC-BY-SA-= 4.0 > + > +Spectrum supports updates via the `update` command. This > +takes the path to a staging directory as argument. `update` > +will create the directory, use it for the update, and then > +delete it. The parent directory must exist. And be on btrfs? > + > +Updates are atomic and take effect after the system reboots. > +If the system is rebooted, crashes, or loses power during an > +update, the update will automatically be rolled back. Updates Is this currently true? > +are digitally signed and Spectrum will refuse to install an > +update that does not have a trusted signature. > + > +Currently, Spectrum does not provide an update server, so > +you must provide your own. You can do this via > +xref:../development/build-configuration.adoc[build configuration]. > +The default sets the signing key to `/dev/null` and the server > +URL to an invalid value, so updates won't work. To enable updates, > +set `update-url` to the URL of your server and `update-signing-key` > +to a binary GnuPG keyring to verify the updates with. Not all possible > +URLs will work, but most invalid URLs will cause an error during the > +build rather than runtime misbehavior. We should probably reference systemd-sysupdate so people can understand what their update server is supposed to serve, without us having to duplicate that information in our own documentation. > + > +Right now, it is not possible to change the update URL or signing key > +except via an update or by reinstalling the OS. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQQGoGac7QfI+H5ZtFCZddwkt31pFQUCaRYMNQAKCRCZddwkt31p FWYtAP41YaQeZ/DAfIJ2ib7GcUYCqaOVAubpCBqKuSguqjEnoQD+PsvxK8dBJqLO gsWbVU+SXhB7DkEaVhdLvM3GMf5zXgk= =Kuz7 -----END PGP SIGNATURE----- --=-=-=--