Right now application framework is in conflict with OTA updates.
Basically, OSTree requires data to be separated to updatable, which is generated on build and should be read-only and non-updatable which can be written, but should be generated fully in runtime. That means that it is not directly possible to build a filesystem image with some initial database and then commit to it in the runtime.
It is not just a technical limitation of OSTree, it is actually quite logical if we want our filesystem to be updatable: imagine that we deployed an image with some initial database and then installed some applications in runtime. We then create a new filesystem image in Yocto with refactored initial database system and trying to update our device. The problem of merging two database files is then emerging and it can't be solved automatically in general case.
The simplest thing that can be done if we still want to have some data that is initialized on build stage and can be updated in runtime is
- Install it to /usr/var/foo
- Write a oneshot service that will deploy /usr/var/foo to /var/foo if /var/foo doesn't exist.
Currently affected recipes are as far as I'm concerned af_main (meta-agl-extra/meta-app-framework/recipes-core/af-main/af-main_1.0.bb) and security-manager (meta-intel-iot-security/meta-security-framework/recipes-security/security-manager/).