Update and patch management strategies
It is very important that you select the correct over the air (OTA) package and patch management strategy for your system. This article contains some best practices and discussions about advantages and disadvantages of different strategies. This is currently working for all debian based packages. We are working on similat functionality for RedHat rpm. Please contact us about this.
There are two ways to manage, update and install packages:
from a repository (qbee function package management)
from the qbee internal file manager through software management (no own repository needed)
Most users will want to have a system repository in place. This is why we discuss repositories first.
Should I use standard repository for base libraries or my own?
The first question to answer is if you can rely on your upstream repository that comes with the system. Let's assume you run a Raspberry Pi with the Rasbian Buster repository. Usually the libaries released in main (stable) are quite reliable. In this case it might make sense to leave the official Raspbian repositories as main source for apt-get. But if your system is ultra critical or you rely on a much less tested upstream repository it might make sense to clone the repository into a custom one and only add new packages that have been thoroughly tested by your organization. Here you would remove the standard repository. The later allows very granular control but obviously demands a lot of work.
Your own repository as overlay or as full repository?
If you decide that you want full control about any package on your device you would need to mirror the system repository into your own and only allow tested packages. Often it is fully sufficient to rely on the upstream repository. Then an own overlay repository can be used to play out own apps and system updates while the base packages come from the upstream repository.
How much work is it to operate a repository
Luckily there are many tools that help you to do this in a simple way. Two tools we use are aptly.info and Packagecloud.io. Aptly is great if you want to host this yourself and free of charge. Packagecloud is very good if you want to have a simple hosted solution. It is probably easier to setup and operate.
With the package management function in qbee it is possible to:
auto update all available packages with a higher version number or
update only specific packages that are added by name
select a specific version by specifying that
In both cases the update can happen immediately as soon as new packages are available or it can be controlled by a pre-condition (only once a week, only at night between 3AM and 5AM...). More information about this can be found here.
Below you see the settings for "update all" and for specific packages.
The other option to install and manage packages is to use the software management configuration. This allows to install files from two different sources but it does not update packages automatically if this is not specified in package management.
using only the package name installs from defined repositories. It installs the current version if nothing else is specified
using a debian conform package name with ".deb" ending installs from the file manager
Play out and upgrade your own packages with software management
It is possible to upload own packages through file manager into the qbee platform (please adhere to debian naming conventions). By defining a package name with .deb ending such as "mc_4.8.22-1_armhf.deb" the file will be picked up from the file manager and installed. Any new version can now be defined here and played out. Software management stops the service, updates the package and restart the service. This allows a very simple way of managing patches and playing out new versions of software without the need for a repository.
As a conclusion qbee.io is very flexible when it comes to selecting package management and upgrade strategies. Please select what fits your use case best. If you have questions you can always contact us and we can have a good chat about this.