ubuntu-phone team mailing list archive

[Oliver Grawert <ogra@xxxxxxxxxx>]

hi,
Am Mittwoch, den 16.09.2015, 14:16 +0200 schrieb Matthias Apitz:
> El día Wednesday, September 16, 2015 a las 01:17:48PM +0200, Oliver Grawert escribió:
> 
> > hi,
> > Am Mittwoch, den 16.09.2015, 13:04 +0200 schrieb Matthias Apitz:
> > > Hello,
> > > 
> > > Can someone shed a bit light over how the OTA works in detail or point
> > > me to some pages about that, i.e. how the fetch of the images and the
> > > installation into the BQ E4.5 works? Thanks in advance
> > 
> > https://wiki.ubuntu.com/ImageBasedUpgrades
> 
> Thanks! I'm trying to understand the OTA process; as I understand, after
> fetching the files, an Upgrader is launched from the recovery image to
> update the phone's partitions ... what I do not understand is the
> folliwing example:

heh, you picked out the one thing that can vary ... for actual apparmor
details i have to defer to the security team ;) 

there are apparmor profiles shipped for all click packages pre-generated
in the custom tarball (because it makes the first boot after upgrade
awfully slow when all of them get re-generated), i think for all others
the timestamp at first boot after upgrade is checked and if it is behind
the apparmor cache for the specific app gets re-generated ... apparmor
is a pretty special case here since it needs the files up to date to
apply the right confinement rules ...

there are likely other parts in the image where an app, service or tool
might generate bits and pieces on first boot, but this is usually
individually managed by the specific app (like apparmor checks for the
timestamps on its own every boot without any hook into the OTA) and not
a part of the OTA upgrade itself.

ciao
	oli