// the find
rauc/rauc
Safe and secure software updates for embedded Linux
RAUC is a production-grade OTA update framework for embedded Linux. It handles the full update lifecycle: cryptographically signed bundles, A/B slot switching, atomic installs, and bootloader integration across grub/barebox/u-boot/EFI. If you're shipping firmware to embedded devices and need something that won't brick them on a bad update, this is the serious option.
1. The security model is correct: x.509-signed bundles, PKCS#11/HSM support, per-recipient encryption, and dm-verity for image integrity — not bolted on after the fact. 2. Storage coverage is unusually wide: eMMC, raw NAND/NOR, UBI volumes, GPT/MBR, SquashFS, EROFS — you're unlikely to hit a storage type it can't handle. 3. HTTP(S) streaming installs with no intermediate on-device storage needed, plus adaptive delta updates — meaningful for bandwidth-constrained deployments. 4. Test infrastructure is thorough for a C project: QEMU-based integration tests, OSS-Fuzz coverage, Coverity scans, and ASAN/sanitizer CI workflows.
1. The configuration surface is large and the failure modes are subtle — a misconfigured system.conf (wrong slot layout, bad bootloader hook) can still brick devices; the 'checklist' doc exists for a reason. 2. It's a Linux-only, D-Bus-dependent daemon, so it pulls in GLib as a hard dependency; if your target is a minimal busybox system you'll feel that weight. 3. Initial integration requires non-trivial bootloader cooperation — getting boot-count tracking right in u-boot or barebox is genuinely fiddly and not something you can test without hardware or a proper QEMU setup. 4. The casync delta path is powerful but adds a separate tool dependency and a chunk store to operate; the docs warn it's not transparent, and operationally it's a second system to keep healthy.