Documentation Index
Fetch the complete documentation index at: https://docs.thistle.tech/llms.txt
Use this file to discover all available pages before exploring further.
The manifest file defines an OTA release to the Thistle Update Client. Manifests
are typically handled and amended by the Thistle Release Helper or Thistle
Control Center.
All fields are strings aside from version, which is an unsigned integer.
Example manifest
{
"comment": "release matching internal commit ab245ef1",
"id": "01G9CPEVZN3KWEJSDR3YRB6TEY",
"ts": "1659357610.1366699",
"version": 1,
"name": "mymanifest",
"signature": "dW50cnVzdGVkIGNvbW1lbnQ6IHNpZ25hdHVyZSBmcm9tIHJzaWduIHNlY3JldCBrZXk...",
"pre_install": null,
"post_install": null,
"rootfs": null,
"files": [{
"name": "a",
"install_location": "/opt/application",
"download_location": "https://xxx.ota.thistlesec.net/8a045f82696d69147e2274492723eabb",
"hash": "17c7c37227ff424637817217e7155cee1a9a732c59b2798dcceff46722d9992e",
"pre_install": null,
"post_install": null
}],
"wdek: "[REDACTED]"
}
Manifest fields
| Name | Description |
|---|
| name | Name of the release |
| id | Id of the release (ulid form) |
| ts | Timestamp of last modification (seconds since epoch) |
| version | Current release number |
| comment | Free form comment |
| signature | Signature of this manifest |
| pre_install | Command to run before the installation of this manifest. Note: a failure of this script will revert any installed asset |
| post_install | Command to run after the installation of this manifest. Note: a failure of this script will revert any installed asset |
| post_reboot | Command to run after rebooting the device following the installation of this manifest. Note: a failure of this script will revert any installed asset and issue another reboot |
| rootfs | Rootfs (specified below) |
| files | Array of files (specified below) |
| dek | A per-OTA-release data encryption key derivation key generated by TRH for OTA bundle encryption and per-file encryption. This field is only available in the manifest sent to TCC during an OTA release, and is not in the manifest fetched by a device. |
| wdek | A wrapped (encrypted) form of the dek, encrypted with the device’s okek so that only the intended device can unwrap it. Unlike dek, this field is present in the manifest fetched by a device and is used by TUC to derive decryption keys for OTA bundle decryption and per-file decryption. |
File fields
| Name | Description |
|---|
| name | Filename |
| install_location | Install destination on device |
| download_location | Download source URL |
| hash | Hash of the compressed file |
| pre_install | Command to run before the installation of this file. Note: a failure of this script will revert any installed asset |
| post_install | Command to run after the installation of this file. Note: a failure of this script will revert any installed asset |
Rootfs fields
| Name | Description |
|---|
| name | Image name |
| download_location | Download source URL |
| hash | Hash of the compressed rootfs image |
| pre_install | Command to run before the installation of this image. Note: a failure of this script will revert any installed asset |
| post_install | Command to run after the installation of this image. Note: a failure of this script will revert any installed asset |
Manual manifest fetching
If you prefer to fetch the update manifest manually, you can do so with the following command. This can be useful if you want to use a customized update client. The ID and Token defined in the command below are the obtained at the end of the device provisioning process.
$ curl -H "Thistle-Device-ID: $DEVICE_ID" \
-H "Authorization: Bearer $DEVICE_TOKEN" \
https://device.thistle.tech/manifest
