Why doesn’t OpenWrt autoupdate?

A recent thread started by Brian Smith on the OpenWrt-Devel mailing list caught my attention. Along with a corresponding wiki entry, it highlighted some important security topics related to OpenWrt. I don’t know if I’ve ever seen such a succinct and clear organization of security topics for OpenWrt development. While each of these topics is valuable and deserves exploration, one area of particular interest is automatically updating OpenWrt devices.

Before we getting into why this is difficult, let’s discuss why autoupdating would be desirable. All network connected software of some complexity will have occasional security bugs. Therefore maintaining a high level of security requires regular security updates. In order to make the lives of users easier, most modern operating system distributions, both proprietary and open source, provide a mechanism for automatically updating the operating system. Every so often, a piece of software on the device will check a trusted server to see if updates are available and, if they are, will download and install the update with minimal input from the user. While the update mechanism should be under the under the full control of the user, a default of auto updating is appropriate for many users.

As the most used Linux distribution for routers, one would expect OpenWrt to have its own autoupdate mechanism. After all, all major Linux distributions have an autoupdate functionality. Yet, OpenWrt does not have one built-in. Why is that the case?

The major hindrance for an autoupdating OpenWrt is the sheer number of platforms that OpenWrt runs on. In the case of a primarily desktop platform like Ubuntu, there’s only a few platforms to support (x86, x64). A quick count reveals there are thirty-eight targets in a recent OpenWrt version. Each of these targets does not necessarily correspond to a single output image and package set. Instead, most targets have unique profiles and subtargets. Each combination of profile and subtarget potentially corresponds to a unique output image and package set (some of the packages may be reusable across subtargets and profiles). Total number of combinations at this point is in the hundreds. The OpenWrt project does not build all of those combinations nightly or even for every major release. Even for packages and images which are built, testing is rather limited since testing requires access to a physical piece of hardware. While prpl is prototyping a system for remotely accessible testing hardware (which I’ll cover in another post soon), this is a limited workaround for testing a small number of routers. Given all of the difficulties, OpenWrt does a superb job at creating a stable secure distribution. It’s simply the case though that autoupdating the community version of OpenWrt would only be feasible on a few high-profile devices while the vast majority of devices would be left out in the cold.

Does this mean we should scrap the idea of automatic updates on OpenWrt? Well, not exactly. Remember that the OpenWrt images provided by the project, which we’ll call upstream OpenWrt, are not the only versions OpenWrt of used on devices. Many manufacturers and service providers use OpenWrt as the base of their embedded device firmware. These groups often have a limited set of models to support. By shrinking the list of devices, groups can feasibly create and manage OpenWrt autoupdates. In fact, some manufacturers and firmware distributors for OpenWrt have their own autoupdate tools:

Given the growth of OpenWrt and the explosion of embedded devices, more companies and firmware manufacturers will need autoupdate tools for OpenWrt. This begs the question: Is there common ground between all these needs? I would argue that there is and, to that end, OpenWrt and prpl communities should collaborate in the creation of a community developed and maintained autoupdate mechanism. In keeping with the spirit of OpenWrt, this tool should be flexible enough to meet a broad range of needs while being simple enough to maintain and understand.

We’ve begun initial discussions about this project on the prplwrt mailing list. As part of this effort, we need help understanding the needs (and wants) of manufacturers, service providers, community firmware creators, users, really anyone with an interest in the topic of automatically updating OpenWrt devices. Also, if you have, or know of, open source tools for automatically updating OpenWrt device, please share them!

How to participate

As always, we welcome everyone’s participation in this effort. You can get involved in a few ways:

  • Comment on this blog post
  • Participate on the prplwrt email list
  • Tell others about this effort

8 thoughts on “Why doesn’t OpenWrt autoupdate?

    • Joe,

      That’s certainly an important issue. The user should always understand what’s happening and be in control. There’s also a possibility of someone using something like Tor for an update if it’s a concern.

      Like

    • Thanks foo! There are definitely options out there and freifunk folks have led the way on this. The goal of this project is to come up with a standard. All of the options already out there, including the gluon-autoupdater, will be considered and, at minimum, used as reference.

      Like

    • Cesare: using hardware to secure updates should be considered in any design. Some people may want it, others might not but it should definitely be an option.

      Like

  1. Has there been any progress on this I’ve been looking into Mender.io but its for Yocto and I need a solid solution 🙂

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s