2025-10-01 –, Gallery
Introduce ue-rs, a fresh project that aims to be a drop-in reimplementation of update engine, written in Rust.
The goal of ue-rs is to have a minimal, secure and robust implementation of update engine, required by A/B update mechanism of Flatcar Container Linux. Just like the existing update engine, it downloads OS update payloads from a Nebraska server, parses its Omaha protocol, verifies signatures, etc. This project, however, is different from the original update engine in the following aspects. First, it aims to be minimal, by reducing heavyweight legacies in the update engine. Moreover, written in Rust, it brings a huge advantage for security, especially memory safety, in contrast to the original update engine, which is written mainly in C++ and bash. Finally, in addition to traditional OS update payloads, it supports systemd-sysext OEM, which is supported by Flatcar.
Dongsu, senior software engineer of AzCore Linux team in Microsoft, originally from South Korea, now lives in Berlin. He maintains Flatcar Container Linux, an image-based Linux distro optimized for containers, including tracking security issues to get them fixed in regular releases. His recent focus includes Rust-based projects like ue-rs, a reimplementation of the update engine in Flatcar in Rust.