[RFC] Stop providing binary package updates for release builds?

Alberto Bursi bobafetthotmail at gmail.com
Mon Dec 13 07:42:21 PST 2021 


On 12/12/21 20:42, Jo-Philipp Wich wrote:
>   - The wiki actively discourages users from upgrading packages [1]
> 
>   - The overall sentiment in the forum is to instruct users to not/never
>     upgrade packages [2] but to always upgrade to the next release, build from
>     source [3] or use snapshots/IB


To expand a bit on this, there have been plenty of instances where end 
users just go to Luci package upgrade page and do an "update all", and 
this breaks their system.

This can fail for a couple main reasons:

-sometimes the update of core packages breaks them, or breaks the 
dependent packages causing a softbrick (rarely, but has happened at 
least once per year to some)

-space reasons, a lot of devices simply don't have the space to update 
anything, so offering "package updates" for these devices is just bad as 
that becomes a "shoot yourself in the foot" button.

Yes, if the user is intimate with OpenWrt/Linux/embedded device 
development they can take informed decisions, but most end users simply 
can't do that and will do what everyone tells them to do in IT, "install 
security updates".

In my experience, updating is not a problem if the end user is doing 
ONLY full firmware upgrades. I had pretty much no (upgrade-related) 
issues for years even on devices running on snapshot by just doing 
sysupgrade to new firwmare images.

So I think the ability to just "update packages" on a running system 
should be inhibited by default and put behind some very strong warnings, 
while users should be pushed towards using full firmware upgrade images 
instead.

This firmware upgrade can be either done through official releases, or 
through the "attended-sysupgrade" packages/infrastructure (it's a cloud 
server that runs an ImageBuilder and serves the device the assembled 
image, a project developed/maintained by aparcar) [1]

Yes there are some specific devices (x86, raspberry and other SBCs) that 
can use a ext4 filesystem image, those can be an exception (maybe), but 
for all devices with onboard flash there isn't much choice imho.



On 12/12/21 20:42, Jo-Philipp Wich wrote:
 >   - Simplify release branch maintenance, build images every few 
months and in
 >     case of security issues in vital components like openssl or 
dropbear we
 >     could instruct users to wait for the next maintenance release or 
switch to
 >     snapshots

What's wrong with doing a "emergency maintenance release" (i.e. just an 
unsheduled "rebuild all" with the fixed packages) if there are core 
packages affected by important security fixes?
 From my (and others) experience above, as long as the end user is doing 
a full firmware upgrade it's all fine, so the end users can just be told 
to download the latest OpenWrt firmware image and do a sysupgrade, which 
is also how it works for most embedded devices anyway.

Telling people to wait for months (until a next minor release) for 
security updates or switch to snapshot is a huge middle finger to many 
end users that have chosen OpenWrt for higher security/privacy than 
stock firmware (and its slow/nonexistant security updates).


1. https://github.com/aparcar/asu


-Alberto

More information about the openwrt-devel mailing list