7.8
===
fixes:
- make mkswu --show correctly print 'base_os' rootfs only once

features:
- swupdate_preserve_files v15: add device-info.conf and fix abos-web settings
- remove old reset_default_list*.txt.example files
- use 'upgrade_available=00' marker instaed of unset if supported.
This fixes usage with secureboot env_writeable_list setting.

  -- 2025-09-22

7.7.1
=====
features:
- add an extra paranoid check that we don't copy an obviously invalid
(first 4k zeroed) bootloader to the other partition.
This should never happen, but at least Armadillo A900 can boot off the other
side if the current boot partition is broken, and such a copy would render
armadillo unbootable.
Until we can check more properly which side really has booted, at least
prevent some preventable breakage

  -- 2025-09-04

7.7
===
fixes:
- properly install install_boot_linux script
- improve some error messages
- fix removing mkswu-owned /var/tmp on error in functions where
IFS is overridden
- fix error during scripts' rootfs post copy when file existed in
live system but not rootfs

  -- 2025-08-22

7.6.2
=====
change:
- make swdesc_command chained command work "as expected" with '||':
before this change, 'swdesc_command "false" "false || true"' would
run the last true, new code will properly stop at the first false
(and would continue with an executed 'false || true')

features:
- add usb-filter example desc files: usb_filter_allowlist.desc and
usb_filter_disable.desc

  -- 2025-05-19

7.6.1
=====
fixes:
- add sim7672-boot to swupdate_preserve_files to avoid accidental
disable of LTE service

  -- 2025-05-12

7.6
===
features:
- add a check for missing dtb(o)s on upgrade.
If upgrading baseos leads to missing dtbos (for example because a new
dtbo was installed and added to overlays.txt but not added to 
swupdate_preserve_files) then the update will fail. If it was already
missing then update continues but a warning is issued.
- add /etc/conf.d/syslog to default preserve files list

  -- 2025-04-21

7.5
===
fixes:
- handle badly formated 2023.4 boot versions as well. This allows
installing boot update on the first batch of A9E

  -- 2025-04-14

7.4
===
fixes:
- fix `swdesc_option NOTIFY_SUCCESS_CMD`; due to a typo the command was
not set correctly and never ran
- cleanup unused container images that were used with abos-ctrl podman-rw
build (podman prune --external)
- fix running `mkswu --init` with semi-old initial_setup.desc (will be
regenerated)

features:
- add `swdesc_option until=<date>` to make swu installable from its build
date up until the specified date. Note this requires working NTP on devices.
- add guards around swdesc_boot/swdesc_boot_linux to check the images is
formatted as expected.
- support A900 secure boot linux image location

  -- 2025-03-25

7.3.1
=====
fixes:
- fix podman wait after podman kill in 7.3, that did not wait properly
- in POST_ACTION=container, ensure the lock is not inherited by
long-living container process

  -- 2025-03-05

7.3
===
fixes:
- allow zstd to overwrite temporary files if any was left over
- avoid using podman stop, which does not work well in separate mount
  namespaces since podman 5.2.1

  -- 2025-03-04

7.2
===
fixes:
- fix 'boot' version upgrades from old versions (broken in 7.0)
  Older boot versions were formatted as 2020.4-at20 but that is
  considered newer than 2020.4-at.24, so old versions would not
  get upgraded properly. The old format in /etc/sw-versions is now
  fixed whenever a SWU is installed.
- make mkswu --init properly exit on ^C
- disable USER_CERTS when using swdesc_option PUBLIC (we do not want
  to overwrite users's certs in this case)

  -- 2025-02-21

7.1
===
features:
 - mkswu show: print signature information from swu if present
   This will allow easily checking if key was rotated if required.

  -- 2024-11-25

7.0
===
security/breaking changes:
 - generates 'size' and 'chunked_sha256' attributes in sw-description.
   This ensures SWU files generated with this version onwards cannot
   process attacker data before failing due to hash mismatch: data is
   validated before being extracted or executed (it is still possible
   get partially extracted data in /var/app/volumes so usage of that
   directory is still not recommended by default)
 - make 'boot' images not default to --install-if different, and use
   higher like other images. This ensures that the bootloader cannot
   be downgraded as easily without root privileges, but might break
   some desc files as the rules for install-if=higher are more strict
   about version format.
   If a rollback is required, remove 'boot' from /etc/sw-versions manually

fixes:
 - fix some minor logic around unused files in hidden output directory

features:
 - add new atmark-3 public key and remove atmark-1 public key.
 - when using swdesc_files detect when the destination is not
   /var/app/volumes but some files would be part of it, and process
   it appropriately (warn and mount the volume during update)
 - make 'tar' archives generated by swdesc_files more reproducible by
   stripping user id and other pax data if they are not going to be used
   (when preserve-attributes is not set)
 - add 'sw-description-max-size' to swupdate.cfg if missing on baseos update

  -- 2024-11-15

6.5
===
fixes:
 - fix copy of uid>=1000 user that don't have a password.
   Install normally fails if such users exist, but if the password is set
   to expire immediately on login then we now allow it.
   (uid<1000 users are not copied anyway)

features:
 - add support for i.MX8ULP boot images

  -- 2024-10-25

6.4
===
fixes:
 - do not remove swupdate's script dir, this makes a harmless error message
   go away at the end of installs with the latest swupdate.
 - ensure fail action is run during pre-script fail after update has really
   started. That used to be the case until mkswu 6.0 (Apr 2024)
 - fix rootfs encryption logic that could make the encryption disable itself
   if the other side had not been encrypted yet.
 - fix install of non-base_os SWU on Armadillo Base OS 3.14, due to change in
   overlayfs handling. This was broken in mkswu 4.11 (Apr 2023)

features:
 - add password strength check for mkswu --init
 - fix any previously broken iptables rules saved in /etc/iptables
   if they contained NETAVARK: container rules should not be saved
   to disk. This is a follow-up of a previous ABOS Web update that
   could have saved bad rules.
 - add BUILD_SBOM option to build sbom (off by default)

  -- 2024-08-26

6.3
===
fixes:
 - re-allow base_os updates that aren't first (print warning instead of the
   error that was added in 6.1) - this is necessary to have combo updates such
   as initial_setup+base_os to work
 - fix POST_ACTION=wait printing an error message at the very end after
   install finished (broke in 6.2)
 - fix mkswu SWU generation when building an image in a directory whose path
   contains single quotes or new lines. That used to fail in the cleanup step,
   which will also no longer fail the SWU generation if it happens to fail for
   another reason.

  -- 2024-07-19

6.2.1
=====
fixes:
 - fix /var/app/volumes detection if used in a script (broke in 6.1)

  -- 2024-06-25

6.2
===
fixes:
 - avoid 'touch -h' printing an error with coreutils
 - fix 'upgrade_available' handling of installing side: the newly written side
   has not been booted yet, so consider it "present but not eligible for auto
   rollback". This ensure that in case of rollback for the new version the
   system does not keep alternating between the two.
 - update system swupdate certificates even if extra-os/base-os was not
   specified. This is important to remove the public one-time certificate
   immediately on installing any SWU, even one updating only containers, when
   a user certificate is present.

features:
 - automatically copy /lib/modules if the kernel image was copied
   (with a warning explaining what we're doing)
 - retry signing sw-description up to 3 times: this can be useful if
   e.g. the password was not entered correctly.
 - add missing --version-cmp, --config-dir to bash completion

  -- 2024-06-21

6.1
===
security fix/breaking change:
 - do not mount /var/app/volumes if it is not used.
The detection is not perfect so this might break some existing SWU, but we
should avoid mounting this single-copy partition as it can be modified by
swdesc_files/swdesc_tar whose --dest contains /var/app/volumes (e.g. rootfs
updates targets /, which contains /var/app/volumes)
 - mount a different /tmp from the host: this should not matter, but might
break updates that used _nochroot and normal commands

deprecation notice:
 - fail updates that contain items with no version set, this emitted a
warning since 2023/05

fixes:
 - For Armadillo IoT G4 and Armadillo X2, power loss shortly after writing to
the boot partition could rarely result in failures of the eMMC. Reduce the
maximum IO size to the boot partition to 8KB to work around the failure.
This slows down updates on affected systems (0.1s to 2s for bootloader,
1s to up to 20s for encrypted linux images)
 - fix container clear removal of /var/app/volumes if nested subvolumes are
present
 - only update rootfs users from current rootfs on base os updates: this
allows commands like userdel to work
 - fix typo making mkswu try to use newer abos-ctrl umount command on older
systems when installing a container_clear SWU from usb

features:
 - add --base-os option to swdesc_tar for base_os updates. This only sets the
version component.
 - relax the check for base_os version being x.y.z-t, but warn if it is not
 - ensure 'boot' and 'boot_linux' versions are only used where allowed
 - ensure 'base_os' version is used appropriately (first-ish in image)
 - soften the "automatically set preserve-attributes" message for base_os
archives
 - add `swdesc_option PUBLIC` option to build updates with the public one-time
key; this is mostly intended for atmark developers to provide swu signed with
the one-time key to users who can then temporarily add the public certificate
to install it.
 - handle more upgrade_availables values (preparation for next month release)
 - free B-side volumes/container images on failure, this avoids problems if
update failed due to FS being full

  -- 2024-05-24

6.0
===
security fixes:
 - do not run fail action if file is not root-owned (possible if
pre-created by attacker as regular file)
 - do not overwrite arbitrary files when saving fail action (write
follows symbolic links)
 - do not deny update if lock directory has not been created by root

deprecation notice:
 - fail updates setting version/component environment variables directly
instead of using swdesc_option; this emitted a warning since 2023/04
 - stop fixing /etc/swupdate.watch on the very first versions of A6E
which had no watch URL (ABOS installed in < 3.17.2-at4 / 2023/04)
 - /tmp/.swupdate_rebooting, /tmp/.swupdate_waiting are now also created
in /run/swupdate_rebooting, /run/swupdate_waiting; the /tmp file will be
removed in 2025/04
 - the /tmp/.swupdate_lock directory lock has been replaced by flock on
/var/lock/swupdate.lock inside swupdate itself; the /tmp directory will
no longer be created on recent swupdate in 2024/07. The lock will be kept
if swupdate is too old while update of old devices are supported.
These old files in /tmp have no way of issuing a warning when used, so
applications relying on these will break with no warning if not updated

fix:
 - fix clearing upgrade_available at install start when no fail
command is set (Armadillo G4 default)
 - complete workaround for Armadillo 640 old eMMCs by using fsfreeze
when it is available
 - CONTAINER_CLEAR: fix waiting when installed from usb (different
mount namespace)
 - CONTAINER_CLEAR: fix usage in podman-storage --disk mode
 - avoid leaking appfs mountpoint behind in /tmp/btrfs-root.XXXXX if
update is forcefully killed while using it
 - usage with NO_PRESERVE_FILES was broken (since the begining?),
fixed basic usage and added a warning that this is not recommended
 - fix anti-rollback check (prevent installing an update after the
it had already failed and the system rolled back), set the
SW_ALLOW_ROLLBACK environment variable to disable if required
 - fix appending the user PUBKEY to the swu when swu is built
with --config-dir. This was problematic for the initial_setup swu

features:
 - do not kill the swupdate parent process if it is recent enough
 - run fail action immediately on failure instead of relying on inotify
if swupdate supports it
 - run swupdate_preserve_files POST copy and other base_os specific
fixups immediately after writing the base_os archive. This allows an
update to contain both base_os and extra_os components, and have the
extra_os components keep priority over the POST copy.
 - add a new warning if the user set swdesc_option version/install_if
or component and no swdesc_* command used it afterwards.

  -- 2024-04-19

5.5
===
fix:
 - fix rare condition where an encrypted rootfs could be reverted to plain
text on update following first encryption if there was no change to rootfs

features:
 - add node-red flow update example

  -- 2024-03-25

5.4.1
=====
fix:
 - add missing .sh script in armadillo-twin agent example directory

  -- 2024-02-26

5.4
===
features:
 - add twin agent settings/enable examples
 - support upgrading with a custom timezone
 - warn on 'extraos.*' versions (should be 'extra_os.*')

  -- 2024-02-26

5.3
===
misc:
 - fix podman upgrade script with podman 4.8+ (in alpine 3.19) that has a new
db format by default
 - make old Armadillo 640 workaround a bit simpler

features:
 - add swdesc_command/exec/script --stdout-info option
 - add mkswu --version-cmp subcommand

  -- 2024-01-26

5.2.2
=====
fixes:
 - fix setting upgrade_available back on old side that just installed the
update
 - fix corruption on old Armadillo 640 (with old MMC as can be checked
by: cat /sys/class/block/mmcblk0/device/name = Q2J55L), where bootpart
change is not safe except immediately after a fw_setenv call

  -- 2024-01-12

5.2.1
=====
fixes:
 - fix swdesc_*_container broken after 5.2 update

  -- 2023-12-28

5.2
===
fixes:
 - try to recover old power-utils.conf file on a6e upgraded from very old
versions
 - examples/kernel_update_plain.install.sh: fix to check version properly on
arm32 (a6e, a6x0)

misc:
 - improve mkswu --init wording for auto-updates (includes gw container) and
abos-web
 - swdesc_*container: print more information if update fails, in particular
free space and container size

  -- 2023-12-25

5.1
===
fixes:
 - fix CONTAINER_CLEAR on a6e: CONTAINER_CLEAR would fail to remove
/var/app/volumes because of subvolumes present.

misc:
 - also re-copy old versions for version comparison banner; this ensures the
banner is always shown after updates (it would currently not be shown on very
first update)
 - improve environment variables handling in swupdate script. In particular,
variables users might want to set have all been prefixed by MKSWU_ to be more
coherent and lower risk of collision.
 - improve `mkswu --show` to be more faithful to the source desc when using
the underdocumented --board option. This is mostly for official images.

  -- 2023-11-24

5.0.1
=====
features:
 - support notifications for Armadillo Twin

  -- 2023-10-26

5.0
===
fixes:
 - ensure 'boot' version is compared properly by normalizing it specifically.
mkswu 4.10 version normalization cannot be done on device easily, but version
in sw-versions file could be incorrect. In case of boot this could lead to
failed or incorrect updates (no bootloader installed), so make sure just this
one is correct.
 - fix copying of user passwd lines if they included & or backslashes (should
never happen, this bug is theorical)
 - fix version handling of the '0' version: it's possible to install something
with version 0 if it wasn't installed before. This isn't recommended.
 - fix containers not being restarted in case of error when using disk podman
storage. Containers should now be restarted properly, but tmpfs mode is
recommended.

features:
 - delay boot image copy on SD card for G4; this makes the script behave more
like it does for A6* and limits the likelyhood of having a bad bootloader on
failure.
 - refuse to install container SWU updates provided by Atmark Techno if
another container is present. This should avoid using official container
images to break working armadillos.
 - add /etc/chrony/conf.d to default swupdate_preserve_files
 - remove scripts dependency on coreutils and utils-linux mount. Installs can
now work without sort/mount/umount/date/cp/readlink/chown/dd/stat.
 - mkswu version is now stored in the swu's main version; newer versions of
swupdate will use this to decide whether to use scripts embedded in the swu or
scripts installed on the system. Also:
   - scripts compatibility have been improved to work with older SWUs (version
   format change etc)
   - allow working from an alternate script directory.
 - add cleanup script that will be called by swupdate on error in non-script
steps.

misc:
 - kill swupdate process on POST_ACTION=wait. Reboot is still not done, and
swupdate lock is taken so further updates fail as they currently do.
 - install atmark certificates in /usr/share/mkswu/certs/atmark*.pem

  -- 2023-10-23

4.15.1
======
fixes:
 - fix swdesc_boot on A6E and A600 series when booted to SD card: the boot
image was previously written at a wrong offset.

  -- 2023-09-26

4.15
====
fixes:
 - swdesc_tar/swdesc_files: properly forbid .. in update paths without extra_os
 - fix post script not erroring properly when uboot fw_env.config was incorrect
 - fix swupdate_preserve_files copy error when a directory was copied multiple
times with coreutils 9.2+ (alpine 3.18). coreutils' cp -n behaviour changed
and now errors when files are skipped, requiring different handling.
 - fix swupdate_preserve_files copy error when a file to be copied only exists
in overlayfs (copy only should consider files that have been persisted)

features:
 - allow writing files to /tmp with swdesc_tar and swdesc_files even if the
version component is not base_os or extra_os.*
 - check coreutils is installed when running main script

-- 2023-09-22

4.14.1
======
fixes:
 - also copy password for users whose name start with abos
(this preserves abos-web-admin password despite uid being lower than 1000)

  -- 2023-07-27

4.14
====
fixes:
 - podman >= 4.0 no longer requires internet to build its pod infra image,
do not print a warning if infra image was not provided
 - in podman-storage --disk mode, do not cleanup images in read-only
storage. In recent ABOS the read-only storage can safely be removed as it
is no longer used, but for old ABOS it was used as an additional image
store so removing images from there could potentially break images in the
shared layer.
 - make mkswu fail again when a desc file is created without any version.
This used to be the case, so should not be considered a breaking change.
 - swdesc_exec: error out if file is non-existing or not a real file,
as swupdate won't be able to handle that later.

features:
 - print a message for each version that is not installed in a SWU
This allows noticing that a SWU was only partially installed
 - print a warning if container image does not contain a tag at mkswu time
 - for POST_ACTION=wait create /tmp/.swupdate_waiting file to notify
daemons they can safely reboot or power off (for atmark-power-utils)
 - in podman-storage --disk mode, cleanup images without tags in shared
storage. Do not remove any tag as we do not know which images are used.
 - swupdate_preserve_files: add CHOWN intruction to fix file permissions
 - keep a copy of sw-versions around in /var/log/swupdate in order to
 print better messages

  -- 2023-07-25

4.13
====
fixes:
 - swdesc_exec: preserve file extension for exec. In particular, apk files
were not installable by apk when their extension get mangled. An property
has also been added which will allow future versions of swupdate to preserve
the exact original filename in a future upgrade.
 - fix error check for "version set without component"; this error was
incorrectly unreachable.
 - boot image copy: fix copy being incorrectly skipped after a failed boot
update or rollback of an update with boot image. The system would trust its
sw-versions but the real image version had changed: compare file content
directly instead.
With this change, boot_other and boot_linux_other special versions have been
dropped
 - fix swdesc_boot_linux (for linux kernel update on encrypted rootfs setup);
the command incorrectly wasn't able to find its kernel argument in mkswu 4.11
 - boot arch check: do not check arch in boot script for boot_linux update.
This is because an update with boot_linux only on a system where uboot is
encryped would fail finding the correct arch and incorrectly error out.

features:
 - add prompt to set abos-web-admin user password in initial_setup
 - add avahi service to default swupdate preserve list
 - allow using --extra-os with an empty component (--version-force);
previously these items were container item and nochroot variants had to be
used to affect normal OS

misc:
 - python3 command to generate a hashed password has been deprecated,
suggest `openssl passwd -6` instead

  -- 2023-06-27

4.12
====
deprecation notice:
 - swdesc_* commands with no version now print a warning and will error
out in 2024/05. These used to be installed in a desc file with other
rules with versions e.g. `swdesc_foo --version x y` set, if and only if any
such version was upgraded.
That behaviour can be confusing when multiple versions are set.

fixes:
 - hawkbit-compose: update mysql container for new hawkbit version. The
previous hawkbit container was very old and required an obsolete mysql
version, but the newer release no logner work with it and require an
upgrade. Running the script again will try to preserve the data through a
dump/restore accross the upgrade.
 - podman_cleanup: print a warning and try harder to get image version
if a container config file could not be parsed with the current code.
This should not impact any currently working setup, only allow more
exotic config files to work (with a warning)
 - fix 'mkswu' being written as 'mksvu' in Japanese version string...

misc:
 - refactor the uboot environment variable handling code. This should not have
any impact.

  -- 2023-05-26

4.11
====
deprecation notice:
 - In order to avoid conflicting use of variables inside .desc file and
variables in other mkswu itself or other desc files, swdesc_* commands
and mkswu itself will stop processing some variables that have been used
directly such as 'version' in the past.
Please use swdesc_option or swdesc_* --<option> instead. Use of these
variables will display a warning, and will stop working in new swu
created after 2024/04.

fixes:
 - version normalization had a few problems, in particular leading zeroes
were incorrectly removed in some cases (after a succession of dashes,
where it should be considered as a string). The normalization now happens
during preprocessing at mkswu step and should be more correct.
 - avoid using incompatible desc when running kernel_update_plain install
script
 - fix running on qemu-based ABOS (only useful for testing)

features:
 - Support smaller boot partition sizes: the boot image is no longer
padded, and environment is cleared during install based on offsets in
the fw_env.config file
 - Automatically pad leading 1KB of boot image if required: older image
format (used for imx6ull) requires being written from the 1KB offset of
the boot partition; pad the image so the actual image starts at the
correct offset if required
 - Improve comments in /etc/swupdate.pem for newly created certificates.
The comment will be present in the certificate on ATDE side as well,
and will contain the common name as well as the file name now.
 - Improve error messages in podman scripts. The errors now have the same
dash banner as other errors.
 - Add support for command descriptions printing progress-like messages
as install is executed on compatible versions of swupdate.
 - mkswu --show will now output something closer to the desc file itself
by default. It is not recommended to use as is, but can be used to
reproduce part of a swu.
 - /tmp is now mounted as a tmpfs for swdesc_exec (and script, command);
the directory can be used to produce temporary data.
 - Allow running mkswu as a symlink to the script in git directory.
 - Add /etc/udev/rules.d to the default swupdate_preserve_files.
 - Armadillo A6E: add a6e-gw-container to swupdate.watch

experimental:
 - swdesc_exec has gained a --container option which allows running
command from an arbitrary container. This can be used to perform tasks
that are difficult to do on Base OS (due to e.g. lack of dependencies).
In this case, the partition being installed to is mounted as /target.
This might go away in the future and should not be relied on yet.

  -- 2023-04-25

4.10.1
======
fixes:
 - fix 'mkswu -- <desc>' invocations
 - fix swdesc_* --opt=value invocations
 - add bash completion for --update-version

  -- 2023-03-27

4.10
====
fixes:
 - only copy files present in swupdate_preserve_files from rootfs, not from
overlayfs. This prevents accidental copies of files that weren't persited when
an update is installed.
 - fix URL used for a6e when auto-update is enabled. The url now comes from
the rootfs and is left untouched. (the release build will fix previously
incorrectly filled URLs by checking the current hwrevision)
 - fix various versions handling, in particular comparison was not properly
done in some corner cases (semvers with or without a dash component, version
with leading zeroes being incorrectly considered different...)
 - use sub-second precision for cached files validity, this helps when
 running mkswu in a tight loop for e.g. tests when the generated file also
 could not be differentiated by size.

features:
 - add mkswu --update-version to update .desc files version fields
 - add examples/kernel_update_plain.install.sh helper script for kernel
updates
 - handle --opt=value in swdesc_* commands (e.g. swdesc_files --dest=/dir)

  -- 2023-03-27

4.9
===
fixes:
 - add /etc/containers/aiot_gw_container_hooks.d to preserve_files default
paths for Armadillo-IoT Gateway A6E

  -- 2023-01-26

4.8
===
fixes:
 - mkswu prints help if no argument given.
 - some runlevel files for LTE model such as ems31-boot are preserved if
needed.
 - restore/add the following services on Base OS update:
    - G4 LTE model:
      - del modemmanager (started by udev), add wwan-safe-poweroff
    - A6E Cat.M1 model:
      - add ems31-boot, wwan-led, wwan-safe-poweroff
    - A6E Cat.1 model:
      - add modemmanager, wwan-led, wwan-safe-poweroff
 - check for rebooting in try_lock to avoid a second update while
rebooting on the first update.

features:
 - Add support for wifi-recover for future updates.
Preserving files, enabling the service as required. wifi-recover and
podman-atmark in /etc/conf.d are reserved as 'POST'.

  -- 2022-12-23

4.7.1
=====
fixes:
 - Fix 'Nothing to do' version check when rollback is disabled,
the check was incorrectly disabled in this case in mkswu 4.7

  -- 2022-11-28

4.7
===
breaking changes:
 - Passwords used to be copied from live system (overlay) if not set
in the installed image, e.g. after a Base OS upgrade.
This caused troubles when operators would log in for diagnostic on the
installer system, so the copy now only considers files stored on rootfs
with persist_file (or previously updated through initial_setup)

fixes:
 - Files would not be compressed when included through a symbolic link.
In particular, container images embedded in SWU (swdesc_embed_containers)
were no longer compressed in version 4.6 due to an unrelated change
making it use a symlink.
Fix the size check to consider dereferenced file size.
 - Fix incorrect CRC error if any single file is bigger than 2GB
This is a bug in GNU cpio, which we work around by disabling CRC
annotation when a compressed file is this big. We already have
checksums of the files themselves, so this is not required.
 - Fix intermediate file being incorrectly removed if source for
swdesc_files is inside the output temporary files directory.
 - hawkbit-compose: fix path used for mysql extra config.
This extra config only sets an alternative encoding for the database,
so the only issue with this is that japanese could not be used in
various description fields. (Repairing this for existing installations
requires converting the DB if required)

features:
 - Unset and re-set (if appropriate) upgrade_available in uboot env
during installs. This avoids trying to rollback into a partially
installed system.
 - Avoid warnings in dmesg when mounting filesystems by always specifying
the filesystems types for mount and not trying to mount the old target
system when upgrade_available is unset.
 - Add a warning if a container image was included in a SWU but deleted
immediately due to lack of configuration file using it.
This is just a warning that can safely be ignored if done on purpose,
but should help diagnostic if this was a mistake.
 - Remove dependency to 'strings' to extract boot image version.
 - Also print 'included x.desc' message for the first desc file in case
multiple files were given. This is more consistent, in particular if an
output filename was set that is different from the first desc file name.

  -- 2022-11-24

4.6
===
fixes:
 - /!\ mkswu --init would incorrectly enable auto-updates even when disabled
during the question /!\
This was broken since 4.3 (included), if you have generated a new mkswu
config with mkswu 4.3, 4.4 or 4.5 and did not want autoupdate please:
    - remove autoupdate lines from initial_setup.desc and regenerate its swu
    - disable swupdate-url service on armadillo with the following mkswu
    command:
        swdesc_command 'rc-update del swupdate-url default'
    or directly on armadillo:
        persist_file -dv /etc/runlevels/default/swupdate-url
 - fix swupdate logs when using swdesc_pull_container (removed useless inspect
message)
 - make sure bolt_state.db is removed in persistent storage when using
non-standard paths. Podman refuses to start if we leave it behind.
 - improve changed file detection; in particular make sure we resign files
if certificate or key changed.

features:
 - add compatibility with abos-base 1.12-r0:
    - preserve containers storage.conf additionalimagestore setting
    - write directly in persistent development storage if it is in use.
 - improve logs when updating in persistent storage case
 - allow multiple identical swdesc_exec in same swu if arguments differ.
This is useful for using the same swdesc_script with different parameters,
as can be done when using multiple desc files that update preserve files
 - handle swdesc from stdin as '-' as done by other software
 - add support for installing swu in SD installer. This was already
technically possible with reboots, but we can now install extra swu
directly at the end of install without extra reboot.

  -- 2022-10-20

4.5
===
fixes:
 - fix script not waiting for podman containers to stop properly
in podman-storage --disk mode

  -- 2022-09-26

4.4
===
breaking changes:
 - /boot/uboot_env.d env is always applied after every updates,
not only for boot image updates.

features:
 - `mkswu --genkey --aes` now can generate new keys. This interface
still might slightly change.
 - add uboot_env.d and machine-id to default preserve files
 - refuse to apply uboot env if no bootcmd is set, e.g. defaults
are lacking.
 - use podman stop instead of podman kill for containers update.
This gives a chance for containers to shut down cleanly before kill.

fixes:
 - remove a few referneces to mmcblk2, this fixes mkswu when eMMC is
at a different index.

  -- 2022-08-26

4.3
===
breaking changes:
 - mkswu --genkey will now prompt for new key creations if a key
already exists. Use --noprompt for non-interactive uses.

features:
 - setting UPDATE_CERTS in mkswu.conf will send certificates in
$PUBKEY to device's /etc/swupdate.pem
(this is set automatically when genkey command generates new keys)
 - initialize uboot env with content from /boot/uboot_env.d/* on
boot image updates, and provide a script to update env immediately

fixes:
 - fix atmark user password not being preserved on updates (broken
in 4.1)
 - POST_ACTION=container would sometimes fail to umount podman readonly
storage, leading to an extra reboot
 - post install script would sometimes fail to notice errors from podman
commands (cleanup only)

  -- 2022-07-25

4.2
===
breaking changes:
 - the atmark user will automatically be locked if it has no password
set. This reflects an update to rootfs for alpine 3.16.0-at.1
 - update swupdate.cfg loglevel to 3 (info) if it was previously set to 2
(warn). Running with warn would show no message at all with new version.

features:
 - improve log messages: new swupdate version allows us to be more expressive
with info and warning messages, so make use of these if available.
 - add second atmark public certificate to /etc/swupdate.pem if and only
if the first one was present
 - update swupdate_preserve_files to v4. This adds /etc/dnsmasq.d,
/etc/sysctl.d, /etc/hostapd/hostapd.conf, /etc/runlevels/default/hostapd,
/etc/iptables/rules{,6}-save, /etc/runlevels/default/ip{,6}tables
 - improve guidance messages for hawkbit-compose setup_container.sh

  -- 2022-06-24

4.1
===
breaking changes:
 - rename ENCRYPT_FS to ENCRYPT_USERFS. This option was never documented
but one example used it; using swdesc_option ensures an error happens if
it is used.
 - default atmark password for --init is now locked instead of root
password

fixes:
 - mkswu --init would generate an invalid 'atmark' user password
since version 3.15-at.2, fix it and make --init again correct it as well
 - forbid installing another update while reboot is in progress.
This would sometimes cause a new partial rootfs copy and reboot into
a broken system

features:
 - include mkswu version in a comment in sw-description, so version used
to generate swu can be checked later
 - add mkswu --show to display swu content
 - ROOTFS_FSTYPE will default to whatever current system is currently in
use, so does not need to be set in all updates.
 - similarly, disk encryption is now automatically replicated if rootfs
is currently encrypted
 - run fstrim on rootfs after install. This helps MMC performance a
little bit.

  -- 2022-05-26

4.0
===
This release changes numbering system to unlink mkswu from baseos:
mkswu and baseos do not share a lifecycle and sharing version was
needless work.

fixes:
 - fix size/mtime check to consider real file and not symlink in case of
no encryption and already compressed files
 - sync and dismount installed system before flipping boot switch:
this ensures the system should not be broken if power is cut immediately
after boot switch/notification.
 - fix temporary cleanup of unused files

  -- 2022-04-27

3.15-at.6
=========
features:
 - add NOTIFY_STARTING_CMD, NOTIFY_FAIL_CMD, NOTIFY_SUCCESS_CMD handling
 - add swdesc_option for settings in sw-description (FORCE_VERSION and co)
setting environment variables directly is still supported.
Some of these options can also be set in /etc/atmark/baseos.conf with
MKSWU_ prefix when it makes sense to do so (e.g. NOTIFY_*_CMD or POST_ACTION)
 - do not reinstall "useless" updates when boot image needs updating as that
would wipe previous OS to rollback to.

experimental:
- add swdesc_boot_enc and swdesc_boot_linux for encrypted linux update.
These are still susceptible to change.

fixes:
 - check for all files size/mtime instead of just checking 'is newer' for
swdesc_files, compression and hash. This avoids hash mismatch errors
 - network connectivity check for hawkbit_register failed as script did not
have net_raw permission to ping. use nc instead.
 - fix copying boot image over to other partition, the image was not always
copied until the end

  -- 2022-04-25

3.15-at.5
=========
fixes:
 - fix install on very old swupdate where swupdate -g might not include /dev
 - fix podman_cleanup corner cases with infra image
 - fix sha256sum file not being updated properly sometimes (if zst archive
   changed without changing base file)

  -- 2022-04-08

3.15-at.4
=========
breaking change:
 - component, version and install_if variables are reset before parsing each
desc file. component is set to desc file name, the other two are emptied.

features:
 - allow setting ZSTD_CLEVEL to change compression level
 - log update contents to at-log and store last update partition to
/var/log/swupdate/last_update
 - add update_preserve_files.sh helper script to manage this file
 - allow trailing arguments for swdesc_script
 - set FW_UPDATE_IND after install unless no reboot is needed
 - add --extra-os swdesc_* switch that adds extra_os. to component
 - hawkbit-compose japanese translation

fixes:
 - PRIVKEY_PASS wasn't escaped properly
 - fix hawkbit service restart for POST=container updates with hawkbit

  -- 2022-03-24

3.15-at.3
=========
breaking changes:
 - rename hawkbit/create-updates.sh to hawkbit_push_update and install it
to bin dir

features:
 - add NO_PRESERVE_FILES option to skip handling copyback when using custom
rootfs
 - full rework of hawkbit container: use hawkbit-compose/setup_container.sh
to generate appropriate docker-compose.yml and config files

fixes:
 - fix sw-versions handling for board-specific updates (e.g. boot image) that
might generate multiple lines. This was harmless. Such duplicate lines will
also now be removed.
 - improve various error messages
 - do not try to wait for podman containers to stop if none were running
 - install base_os first if present in the image. This allows running
swdesc_exec or similar even if a base_os update is coming that would
previously fail because /target is empty

  -- 2022-02-18

3.15-at.2
=========
breaking changes:
 - desc files: disallow using the same component with multiple versions
previously the highest version would be kept for updating sw-versions, but
this is no longer manageable with install-if different.
- versions: disallow alnum mix in semver versions (e.g. 1.2.3-abc1),
Because swupdate ordering and sort -V have different behaviour there.
- versions: also check for previously incorrectly identical versions
when using install-if different (big numbers in semver, + part of semver)
- rename mkimage.sh to mkswu and roll all secondary scripts within it,
suggesting to use the mkswu package instead of running from git.
- rename mkimage.conf to mkswu.conf (this should be transparently converted)


features:
 - version management: allow different versions for same component if
installed in a different board section
 - swdesc_*: add --install-if {different,higher} option to force mode
This can be useful to get more coherent behaviour with hawkbit
 - swdesc_tar/files: make relative paths relative to
/var/app/rollback/volumes for non-os upates. forbid '../'s, and
also forbid relative paths for os.
 - Japanese translation if LC_MESSAGES is set to ja*, and add more
messages overall
 - add mkswu --init for first setup, which will guide user through
key generation and fill in initial_setup.desc
 - add mkswu --import to import previously existing config into
$HOME/mkswu
 - add mkswu --version
 - add debian package

fixes:
 - examples/kernel_update_plain: fix comment, add modules
 - swdesc_tar/files: create destination directory if absent
 - kill swupdate post-update instead of waiting for openrc
to do it with plenty of failure messages
 - podman_cleanup: relax failure conditions when image is missing
but container does not autostart or autopulls the image

  -- 2022-01-21

3.15-at.1
=========
breaking changes:
 - desc files: paths have been made relative to desc files

features:
 - genkey.sh: automatically create/update default config
 - swdesc_tar: add --preserve-attributes switch

fixes:
 - podman_cleanup: handle new pod option
 - swupdate_preserve_files: fix directory copy
 - scripts: handle new overlayfs properly
 - post_app: fix possible failure case where swap happened but we error into
reboot case, leading to double-swap
 - version managements: do not remove extra_os versions on base_os update
 - examples/initial_setup.desc: fix using wrong public key for
/etc/swupdate.pem update

  -- 2021-12-21

3.14-at.2
=========
 - first public release

-- 2021-12-03
