Skip to content

v0.22.0

Choose a tag to compare

@github-actions github-actions released this 13 Jul 14:44

What changed

  • rpi upgrade (new command) — update a board's agent to a chosen version from your laptop, over the SSH + sudo path you already use. It defaults to your CLI's own version (keeping the client and board in sync), --version <X> pins a specific version, --version latest picks the newest published release, and --yes skips the confirmation. It shows current → target, triggers the update with an interactive ssh -t … sudo rpi agent update (so the board's sudo can prompt), and re-reads /v1/version afterward to confirm.
  • rpi agent update (new board-side command) — obtains a fresh binary (refreshes the global rpi-deploy@<version> on npm installs, or downloads rpi-v<version>-<triple>.tar.gz from the GitHub Release), verifies its SHA-256 against the release SHA256SUMS before doing anything, atomically swaps /usr/local/bin/rpi, re-runs the idempotent agent setup, and restarts the unit only when the binary actually changed. --dry-run reports the plan without changing anything. The agent never touches its own binary — the privileged swap happens only under sudo, over authenticated SSH, exactly like the manual path it replaces.
  • install.sh (new, no-npm installer)curl -fsSL https://raw.githubusercontent.com/khmilevoi/rpi-deploy/master/scripts/install.sh | sh installs a checksum-verified prebuilt binary on binary-only hosts (no Node required), sharing the exact download-and-verify recipe. RPI_VERSION pins a version (default: latest) and RPI_INSTALL_DIR overrides the target dir. It does not run setup — follow with sudo rpi agent setup on a Pi or rpi setup on a dev machine.

The trust model is unchanged: no new agent privilege, no new secret or trust anchor — integrity rests on the release SHA256SUMS over GitHub's TLS, the same anchor the npm postinstall already uses. Boards on older versions are updated once by the manual path (or install.sh + sudo rpi agent setup); every subsequent update is a single rpi upgrade.

Internal: release-artifact download/verify plumbing ported from postinstall.js, an SSH-exec runner, a Docker e2e scenario for the board-side update, and target-version validation on the client. See the full changelog below.


Full Changelog: v0.21.1...v0.22.0