From 5911645fa3f003b1c367137ce7065e28ab5c09c0 Mon Sep 17 00:00:00 2001
From: Anatoliy Odukha <aodukha@gmail.com>
Date: Tue, 27 Oct 2020 13:15:53 +0200
Subject: [PATCH] preparing 2020.10 release

Signed-off-by: Anatoliy Odukha <aodukha@gmail.com>

Restore reboot_command to aktualizr config doc.

It was lost during the docs transition last year. See
056b80d4c749358daff8c13b14b1b3b1a7236300 or
https://github.com/advancedtelematic/aktualizr/pull/1274 for the
original feature.

Signed-off-by: Patrick Vacek <patrickvacek@gmail.com>

add "Find the unsigned Root and Targets metadata" page to docs

Signed-off-by: Danylo Tereshchenko <ext-danylo.tereshchenko@here.com>

Add a link

List all of the garage-sign-related instructions on the reference page.

Relates-to: OTA-5253

Signed-off-by: Halyna Dumych <ext-halyna.dumych@here.com>

fixed PR review comments

Signed-off-by: Anatoliy Odukha <aodukha@gmail.com>
---
 CHANGELOG.md                                  | 16 ++++++++++-
 docs/README.adoc                              |  1 +
 docs/ota-client-guide/antora.yml              |  2 +-
 docs/ota-client-guide/modules/ROOT/nav.adoc   |  1 +
 .../pages/_partials/aktualizr-version.adoc    |  2 +-
 .../ROOT/pages/aktualizr-config-options.adoc  |  1 +
 .../ROOT/pages/finding-unsigned-metadata.adoc | 27 +++++++++++++++++++
 .../ROOT/pages/garage-sign-reference.adoc     |  9 +++++--
 8 files changed, 54 insertions(+), 5 deletions(-)
 create mode 100644 docs/ota-client-guide/modules/ROOT/pages/finding-unsigned-metadata.adoc

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b7ec18c0d0..d75791892c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,7 +6,21 @@ Our versioning scheme is `YEAR.N` where `N` is incremented whenever a new releas
 
 ## [upcoming release]
 
-- Update garage-push and garage-deploy tools to support the latest backend changes. Both are backward compatible. Previous versions have the server URL *without* the token path, so it needs to be hardcoded. The new version has the full URL with the */oauth2/token* path at the end. Also, treehub.json has an additional parameter *scope*: [PR](https://github.com/advancedtelematic/aktualizr/pull/1767)
+## [2020.10] - 2020-10-27
+
+### Added
+- Updated the `garage-push` and `garage-deploy` tools. Now, they support new back-end token generation to authenticate API requests. Also, we updated the `treehub.json` format for the new back-end. It now has the additional  *scope* parameter. The changes are backward compatible. Previous versions have the server URL *without* the token path, so it needs to be hardcoded. The new version has the full URL with the */oauth2/token* path at the end: [PR](https://github.com/advancedtelematic/aktualizr/pull/1767)
+
+### Changed
+- Ubuntu Focal Dockerfile now uses the default OSTree package: [PR](https://github.com/advancedtelematic/aktualizr/pull/1751)
+- Improved libaktualizr API exceptions: [PR](https://github.com/advancedtelematic/aktualizr/pull/1754)
+- Improved binary file download progress: [PR](https://github.com/advancedtelematic/aktualizr/pull/1756)
+- Allowed passing HTTP headers in `aktualizr-get`: [PR](https://github.com/advancedtelematic/aktualizr/pull/1762)
+- Moved aktualizr-lite to its own [aktualizr-lite repository](https://github.com/foundriesio/aktualizr-lite): [PR](https://github.com/advancedtelematic/aktualizr/pull/1763)
+
+### Fixed
+- Fixed the issue with the parameters check in `aktualizr-get`: [PR](https://github.com/advancedtelematic/aktualizr/pull/1760)
+- Fixed the output of the pacman configuration: [PR](https://github.com/advancedtelematic/aktualizr/pull/1761)
 
 ## [2020.9] - 2020-08-26
 
diff --git a/docs/README.adoc b/docs/README.adoc
index 04ea20bed6..81a8688141 100644
--- a/docs/README.adoc
+++ b/docs/README.adoc
@@ -41,6 +41,7 @@ The link above is for the doxygen docs on master. Doxygen docs for the following
 * https://advancedtelematic.github.io/aktualizr/2020.7/index.html[2020.7]
 * https://advancedtelematic.github.io/aktualizr/2020.8/index.html[2020.8]
 * https://advancedtelematic.github.io/aktualizr/2020.9/index.html[2020.9]
+* https://advancedtelematic.github.io/aktualizr/2020.10/index.html[2020.10]
 ====
 
 == Release process
diff --git a/docs/ota-client-guide/antora.yml b/docs/ota-client-guide/antora.yml
index 852da5f20d..d4a0468097 100644
--- a/docs/ota-client-guide/antora.yml
+++ b/docs/ota-client-guide/antora.yml
@@ -1,6 +1,6 @@
 name: ota-client
 title: OTA Connect Developer Guide
 version: latest
-display_version: 2020.9 (latest)
+display_version: 2020.10 (latest)
 nav:
 - modules/ROOT/nav.adoc
diff --git a/docs/ota-client-guide/modules/ROOT/nav.adoc b/docs/ota-client-guide/modules/ROOT/nav.adoc
index 9c638ce156..e3aef5915e 100644
--- a/docs/ota-client-guide/modules/ROOT/nav.adoc
+++ b/docs/ota-client-guide/modules/ROOT/nav.adoc
@@ -73,6 +73,7 @@ ifndef::env-github[:pageroot:]
 ** xref:{pageroot}install-garage-sign-deploy.adoc[Install the garage-deploy tool]
 ** xref:{pageroot}keep-local-repo-on-external-storage.adoc[Keep your repository on external storage]
 ** xref:{pageroot}rotating-signing-keys.adoc[Rotate keys for Root and Targets metadata]
+** xref:{pageroot}finding-unsigned-metadata.adoc[Find the unsigned Root and Targets metadata]
 ** xref:{pageroot}change-signature-thresholds.adoc[Change signature thresholds]
 ** xref:{pageroot}metadata-expiry.adoc[Manage metadata expiry dates]
 
diff --git a/docs/ota-client-guide/modules/ROOT/pages/_partials/aktualizr-version.adoc b/docs/ota-client-guide/modules/ROOT/pages/_partials/aktualizr-version.adoc
index 064297f8b5..bf4ad787fc 100644
--- a/docs/ota-client-guide/modules/ROOT/pages/_partials/aktualizr-version.adoc
+++ b/docs/ota-client-guide/modules/ROOT/pages/_partials/aktualizr-version.adoc
@@ -3,7 +3,7 @@
 // the version being viewed, but when we are referencing aktualizr from
 // the other, non-versioned docs, we want to make sure we're using the
 // latest version.
-:aktualizr-version: 2020.9
+:aktualizr-version: 2020.10
 
 :yocto-version: 3.1
 
diff --git a/docs/ota-client-guide/modules/ROOT/pages/aktualizr-config-options.adoc b/docs/ota-client-guide/modules/ROOT/pages/aktualizr-config-options.adoc
index 67f10f0fd6..a06f501388 100644
--- a/docs/ota-client-guide/modules/ROOT/pages/aktualizr-config-options.adoc
+++ b/docs/ota-client-guide/modules/ROOT/pages/aktualizr-config-options.adoc
@@ -206,5 +206,6 @@ Options for configuring boot-specific behavior
 | `rollback_mode`        | `"none"`                        | Controls rollback on supported platforms, see xref:rollback.adoc[]. Options: `"none"`, `"uboot_generic"`, `"uboot_masked"`
 | `reboot_sentinel_dir`  | `"/var/run/aktualizr-session"`  | Base directory for reboot detection sentinel. Must reside in a temporary file system.
 | `reboot_sentinel_name` | `"need_reboot"`                 | Name of the reboot detection sentinel.
+| `reboot_command`       | `"/sbin/reboot"`                | Command to reboot the system after update completes. Applicable only if `uptane::force_install_completion` is set to `true`.
 |==========================================================================================
 
diff --git a/docs/ota-client-guide/modules/ROOT/pages/finding-unsigned-metadata.adoc b/docs/ota-client-guide/modules/ROOT/pages/finding-unsigned-metadata.adoc
new file mode 100644
index 0000000000..e8c3a1b729
--- /dev/null
+++ b/docs/ota-client-guide/modules/ROOT/pages/finding-unsigned-metadata.adoc
@@ -0,0 +1,27 @@
+= Find the unsigned Root and Targets metadata
+ifdef::env-github[]
+
+[NOTE]
+====
+We recommend that you link:https://docs.ota.here.com/ota-client/latest/{docname}.html[view this article in our documentation portal]. Not all of our articles render correctly in GitHub.
+====
+endif::[]
+
+If you want to use your own PKI, you need to know where in your local repository you can find the metadata that you want to sign.
+It may be the `root.json` or `targets.json` files. You can find both files in the `tuf/<reponame>/roles/unsigned` folder. 
+
+NOTE: <reponame> is the name you specified when you initialized your repository using `garage-sign init`.
+
+If the `unsigned/` folder is empty, you need to pull the metadata files:
+
+* To pull the unsigned `root.json` file, use `garage-sign root pull`.
+* To pull the unsigned `targets.json` file, use `garage-sign targets pull`.
+
+If you have not created any targets, to create the unsigned `targets.json` file, use `garage-sign targets init`.
+
+To learn more about the `garage-sign` commands and options, see its xref:garage-sign-reference.adoc[reference] documentation.
+
+== Generate Root and Targets metadata in a canonical form
+
+To generate unsigned metadata in a canonical form, use the `garage-sign root get-unsigned` and `garage-sign targets get-unsigned` commands
+for the unsigned `root.json` and `targets.json` files respectively. The files that you get are stored in the `unsigned/` folder.
diff --git a/docs/ota-client-guide/modules/ROOT/pages/garage-sign-reference.adoc b/docs/ota-client-guide/modules/ROOT/pages/garage-sign-reference.adoc
index 9f5b211c09..9e2291dee8 100644
--- a/docs/ota-client-guide/modules/ROOT/pages/garage-sign-reference.adoc
+++ b/docs/ota-client-guide/modules/ROOT/pages/garage-sign-reference.adoc
@@ -194,13 +194,15 @@ Global options
 +++</div></details>+++
 
 +++<details><summary>+++
-`root [pull|push|key|sign]`: Manages root-of-trust metadata for a repository.
+`root [pull|push|get-unsigned|key|sign]`: Manages root-of-trust metadata for a repository.
 +++</summary><div>+++
 
 `root pull`: Pulls the current `root.json` file from OTA Connect.
 
 `root push`: Uploads local `root.json` file to OTA Connect. If the file does not have a valid signature, it will be rejected by the server.
 
+`root get-unsigned`: Generates an unsigned `root.json` file in a canonical JSON form.
+
 +++<details><summary>+++
 `root key [add|remove]`: Manages keys that are permitted to sign the root-of-trust metadata.
 +++</summary><div>+++
@@ -256,7 +258,7 @@ Global options
 +++</div></details>+++
 
 +++<details><summary>+++
-`targets [init|add|add-uploaded|delete|sign|pull|push|upload|delegations]`: (Only for repositories of type `reposerver`) Manages Targets metadata.
+`targets [init|add|add-uploaded|delete|sign|pull|push|get-unsigned|upload|delegations]`: (Only for repositories of type `reposerver`) Manages Targets metadata.
 // tag::target-term[]
 *Target* is a term from Uptane. Each Target corresponds to a software version available in your OTA Connect software repository.
 // end::target-term[]
@@ -322,6 +324,8 @@ Global options
 `targets push`: Pushes the latest `targets.json` file to the server.
 If the Targets file is invalid, for example because of a bad signature or a non-increasing version number, this `push` will fail with exit code 2.
 
+`targets get-unsigned`: Generates the unsigned `targets.json` file in a canonical JSON form.
+
 +++<details><summary>+++
 `targets upload`: Uploads a binary to the repository.
 // tag::targets-upload-note[]
@@ -393,6 +397,7 @@ To learn how to use the garage-sign tool, see the following documentation:
 
 * xref:keep-local-repo-on-external-storage.adoc[Keep your repository on external storage]
 * xref:rotating-signing-keys.adoc[Rotate keys for Root and Targets metadata]
+* xref:finding-unsigned-metadata.adoc[Find the unsigned Root and Targets metadata]
 * xref:change-signature-thresholds.adoc[Change signature thresholds]
 * xref:metadata-expiry.adoc[Manage metadata expiry dates]
 * xref:customise-targets-metadata.adoc[Add custom metadata fields to Targets metadata]