Add OATU2 specification draft [WIP]

[anadahz]

A work in progress specification draft for Over The Air Unattended
Updates (OTAU2) in Lepidopter probes.

Placed here to enumerate my progress on evaluating the best solution for OTAU2 in hardware (lepidopter) probes.

[darkk]

SD cards are rather big, so we can afford having previous boot & root untouched, we don't need to update them in-place.

SWUpdate calls it Double copy with fall-back, Chromium OS exploits same idea.

[anadahz]

Though most SD card image burners do not support archived image copying to an SD card.
Having +16G free disk space is not always that feasible.

[darkk]

As we've discussed on IRC, it may be quite safe to burn partition table, /boot and /. These three blobs take first ~1Gb of the card and remaining data may be left uninitialised. Moreover, initialization of the /data on boot may be part of wipe-on-failure strategy.

[hellais]

As mentioned above configuration should not be handled by the update mechanism and it should be part of the software itself.

Managing the lifecycle of multiple differently configured images is going to be imho too complex to manage in the long run.

[anadahz]

@hellais By software you mean lepidopter or ooniprobe?

I think you will encounter cases of customization so it's better to have a plan rather than implementing an OTAU system with no roles in mind.

[bassosimone]

wouldn't a self hosted deployment server increase the fingerprint-ability of software we deploy?

[anadahz]

@bassosimone good point, we can perhaps use a cloud-fronted server were we 'll hand the updated images.

[darkk]

AFAIK, China is ok with blocking google cloud. So we may want to use more than one cloud.
Or employ some sort of Domain generation algorithm as a fallback for a blocked cloud & tor.