Google is committed to advancing racial equity for Black communities. See how.

Software Update System

Fuchsia is a project that constantly gets updates for new features, enhancements, and security fixes. Fuchsia's software update system makes use of The Update Framework (TUF) version 1.0. However, Fuchsia does have some differences from TUF:

Specification version

In a Fuchsia repository, the Fuchsia repository version is listed as a top-level attribute of the target role's signed data. This example shows the format of the specification version:

{
  ...

  "signed": {
    "_type": ROLE,
    "spec_version": "1",
    "custom": {
      "fuchsia_spec_version": <FUCHSIA_SPEC_VERSION>,
  }

  ...
}

Definition of values:

  • FUCHSIA_SPEC_VERSION. INT. The value of the Fuchsia repository specification version. For example, 1.

Package organization

TUF targets in a Fuchsia repository that address Fuchsia packages contain custom meta data that points to the Package Metadata Archive. This example shows the format for packages:

{
  ...

  "targets": {
    "/PACKAGE_PATH": {
      ...
    }

  ...
  }
}

Definition of values:

  • PACKAGE_PATH. The relative path to the package from the repository's base URL.

Merkle root

In the Fuchsia repository, each package target includes the merkle root of the package's meta FAR as a custom attribute. This example shows the format for the merkle root:

{
  ...

  "targets" : {
    PACKAGEPATH : {
      "length" : LENGTH,
      "hashes" : HASHES,
      "custom" : {
        "merkle" : <MERKLE_ROOT>,
        "size" : <BLOB_SIZE>,
      }
    }

    ...
  }
}

Definition of values:

  • MERKLE_ROOT. STRING. The hex string of the merkle root hash of the package's meta FAR.
  • BLOB_SIZE. INT. The size, in bytes, of the unencrypted BLOB identified by the MERKLE_ROOT.