rauc - safe and secure updating

       rauc is developed by Jan Luebbe, Enrico Joerns, Juergen Borleis and contributors.

       This manual page was written by Michael Heimpold <mhei@heimpold.de>, for the Debian GNU/Linux system (but
       may be used by others).

bundleINPUTDIRBUNDLE

           Create a bundle from a content directory.

           Options:--cert=PEMFILE|PKCS11-URL
                      use given certificate file or the certificate referenced by the given PKCS#11 URL

               --key=PEMFILE|PKCS11-URL
                      use given private key file or the key referenced by the given PKCS#11 URL

               --intermediate=PEMFILE|PKCS11-URL
                      intermediate CA file or the certificate referenced by the given PKCS#11 URL

               --signing-keyring=PEMFILE
                      verification keyring file

               --mksquashfs-args=ARGS
                      mksquashfs extra args

       resignINBUNDLEOUTBUNDLE

           Resign an already signed bundle.

           Options:--cert=PEMFILE|PKCS11-URL
                      use given certificate file or the certificate referenced by the given PKCS#11 URL

               --key=PEMFILE|PKCS11-URL
                      use given private key file or the key referenced by the given PKCS#11 URL

               --intermediate=PEMFILE|PKCS11-URL
                      intermediate CA file or the certificate referenced by the given PKCS#11 URL

               --no-verify
                      disable bundle verification

               --no-check-time
                      don't check validity period of certificates against current time

               --signing-keyring=PEMFILE
                      verification keyring file

       extractBUNDLEOUTPUTDIR

           Extract the bundle content to a directory.

           Options:--key=PEMFILE|PKCS11-URL
                      use given decryption key file or the decryption key referenced by the given PKCS#11 URL

               --trust-environment
                      trust environment and skip bundle access checks

       extract-signatureBUNDLEOUTPUTSIG

           Extract the bundle signature.

           Options:--key=PEMFILE|PKCS11-URL
                      use given decryption key file or the decryption key referenced by the given PKCS#11 URL

               --trust-environment
                      trust environment and skip bundle access checks

       convertINBUNDLEOUTBUNDLE

           Convert an existing bundle to casync index bundle and store.

           Options:--cert=PEMFILE|PKCS11-URL
                      use given certificate file or the certificate referenced by the given PKCS#11 URL

               --key=PEMFILE|PKCS11-URL
                      use given private key file or the key referenced by the given PKCS#11 URL

               --intermediate=PEMFILE|PKCS11-URL
                      intermediate CA file or the certificate referenced by the given PKCS#11 URL

               --trust-environment
                      trust environment and skip bundle access checks

               --no-verify
                      disable bundle verification

               --signing-keyring=PEMFILE
                      verification keyring file

               --mksquashfs-args=ARGS
                      mksquashfs extra args

               --casync-args=ARGS
                      casync extra args

               --ignore-image=SLOTCLASS
                      ignore image during conversion

       encryptINBUNDLEOUTBUNDLE

           Encrypt a crypt bundle.

           Options:--toPEMFILE
                      recipient cert(s)

       installBUNDLE

           Install a bundle.

           Options:--ignore-compatible
                      disable compatible check

               --transaction-id=UUID
                      custom transaction ID

               --progress
                      show progress bar

               --handler-args=ARGS
                      extra arguments for full custom handler

               --override-boot-slot=BOOTNAME
                      overrides auto-detection of booted slot

       infoBUNDLE

           Print bundle info.

           Options:--no-verify
                      disable bundle verification

               --no-check-time
                      don't check validity period of certificates against current time

               --key=PEMFILE|PKCS11-URL
                      use given decryption key file or the decryption key referenced by the given PKCS#11 URL

               --output-format=[readable|shell|json|json-pretty|json-2]
                      select output format

                      The  json-2  output format matches the structure of the InspectBundle D-Bus API and should
                      be used instead of json or json-pretty.

               --dump-cert
                      dump certificate

               --dump-recipients
                      dump recipients

       mountBUNDLE

           Mount a bundle for development purposes to the bundle directory in RAUC's mount prefix.  It  must  be
           unmounted manually by the user.

       status [SLOTNAME | mark-{good,bad,active} [booted|other|SLOTNAME]]

           Without further subcommand, it simply shows the system status or status of a specific slot.

           The  subcommands  mark-good  and  mark-bad  can  be used to set the state of a slot explicitly. These
           subcommands usually operate on the currently booted slot if not specified per additional parameter.

           The subcommand mark-active allows one to manually switch to a different slot. Here too,  the  desired
           slot can be given per parameter, otherwise the currently booted one is used.

           Options:--detailed
                      show more status details

               --output-format=[readable|shell|json|json-pretty]
                      select output format

               --override-boot-slot=BOOTNAME
                      overrides auto-detection of booted slot

       write-slotSLOTNAMEIMAGEFILE

           Write image to slot and bypass all update logic.

       RAUC  is  a  lightweight  update  client  that runs on an Embedded Linux device and reliably controls the
       procedure of updating the device with a new firmware.

       RAUC is also the tool on the host system that  is  used  to  create,  inspect  and  modify  update  files
       ("bundles") for the device.

       This manual page documents briefly the rauc command line utility.

       It  was  written  for  the  Debian  GNU/Linux distribution to satisfy the packaging requirements. Thus it
       should only serve as a summary, reading the comprehensive online manual (https://rauc.readthedocs.io/) is
       recommended.

RAUC_KEY_PASSPHRASE
              Passphrase to use for accessing key files (signing only)

       RAUC_PKCS11_MODULE
              Library filename for PKCS#11 module (signing only)

       RAUC_PKCS11_PIN
              PIN to use for accessing PKCS#11 keys (signing only)

/etc/rauc/system.conf,/run/rauc/system.conf,/usr/lib/rauc/system.conf

              The  system  configuration  file  is  the central configuration in RAUC that abstracts the loosely
              coupled storage setup, partitioning and boot strategy of your board to a coherent redundancy setup
              world view for RAUC.

              RAUC configuration files are loaded from one of the listed directories in order of priority,  only
              the first file found is used: /etc/rauc/, /run/rauc/, /usr/lib/rauc/.

              The  system.conf  is  expected  to  describe  the  system  RAUC runs on in a way that all relevant
              information for performing updates and making decisions are given.

              Similar to other configuration files used by RAUC,  the  system  configuration  uses  a  key-value
              syntax (similar to those known from .ini files).

       rauc - safe and secure updating

       The following general options can be used with most commands, however not all combinations make sense.

       -cFILENAME, --conf=FILENAME
              use the given config file instead of the one at the compiled-in default path

       -CSECTION:KEY=VALUE, --confopt=SECTION:KEY=VALUE
              Override parameters from the config file with the specified configuration settings.  If  specified
              parameter is not present in the config file it will still be set by this option.

       --keyring=PEMFILE
              use specific keyring file

       --mount=PATH
              mount prefix (/mnt/rauc by default)

       -d, --debug
              enable debug output

       --version
              display version

       -h, --help
              print usage

casync(1), mksquashfs(1), unsquashfs(1)

                                                                                                         RAUC(1)

rauc [OPTIONS...] bundleINPUTDIRBUNDLErauc [OPTIONS...] resignINBUNDLEOUTBUNDLErauc [OPTIONS...] extractBUNDLEOUTPUTDIRrauc [OPTIONS...] extract-signatureBUNDLEOUTPUTSIGrauc [OPTIONS...] convertINBUNDLEOUTBUNDLErauc [OPTIONS...] encryptINBUNDLEOUTBUNDLErauc [OPTIONS...] installBUNDLErauc [OPTIONS...] infoBUNDLErauc [OPTIONS...] mountBUNDLErauc [OPTIONS...] status [SLOTNAME | mark-{good,bad,active} [booted|other|SLOTNAME]]

       rauc [OPTIONS...] write-slotSLOTNAMEIMAGEFILE