oxidecomputer · iliana · Nov 19, 2021 · Nov 30, 2021 · Nov 30, 2021 · Dec 1, 2021
diff --git a/.gitignore b/.gitignore
@@ -8,3 +8,4 @@ tools/clickhouse*
 tools/cockroach*
 clickhouse/
 cockroachdb/
+smf/nexus/root.json
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/common/src/api/external/mod.rs b/common/src/api/external/mod.rs
@@ -484,6 +484,7 @@ pub enum ResourceType {
     Oximeter,
     MetricProducer,
     Zpool,
+    UpdateAvailableArtifact,
 }
 
 impl Display for ResourceType {
@@ -509,6 +510,8 @@ impl Display for ResourceType {
                 ResourceType::Oximeter => "oximeter",
                 ResourceType::MetricProducer => "metric producer",
                 ResourceType::Zpool => "zpool",
+                ResourceType::UpdateAvailableArtifact =>
+                    "available update artifact",
             }
         )
     }

diff --git a/common/src/sql/dbinit.sql b/common/src/sql/dbinit.sql
@@ -46,7 +46,11 @@ CREATE TABLE omicron.public.rack (
     /* Identity metadata (asset) */
     id UUID PRIMARY KEY,
     time_created TIMESTAMPTZ NOT NULL,
-    time_modified TIMESTAMPTZ NOT NULL
+    time_modified TIMESTAMPTZ NOT NULL,
+
+    /* Used to configure the updates service URLs */
+    tuf_metadata_base_url STRING(512) NOT NULL,
+    tuf_targets_base_url STRING(512) NOT NULL
 );
 
 /*
@@ -644,6 +648,31 @@ CREATE INDEX ON omicron.public.console_session (
 
 /*******************************************************************/
 
+CREATE TYPE omicron.public.update_artifact_kind AS ENUM (
+    'zone'
+);
+
+CREATE TABLE omicron.public.update_available_artifact (
+    name STRING(40) NOT NULL,
+    version INT NOT NULL,
+    kind omicron.public.update_artifact_kind NOT NULL,
+
+    /* the version of the targets.json role this came from */
+    targets_role_version INT NOT NULL,
+
+    /* when the metadata this artifact was cached from expires */
+    valid_until TIMESTAMPTZ NOT NULL,
+
+    /* data about the target from the targets.json role */
+    target_name STRING(512) NOT NULL,
+    target_sha256 STRING(64) NOT NULL,
+    target_length INT NOT NULL,
+
+    PRIMARY KEY (name, version, kind)
+);
+
+/*******************************************************************/
+
 /*
  * Metadata for the schema itself.  This version number isn't great, as there's
  * nothing to ensure it gets bumped when it should be, but it's a start.

diff --git a/nexus/Cargo.toml b/nexus/Cargo.toml
@@ -40,6 +40,7 @@ sled-agent-client = { path = "../sled-agent-client" }
 structopt = "0.3"
 thiserror = "1.0"
 toml = "0.5.6"
+tough = { version = "0.12", features = [ "http" ] }
 
 [dependencies.api_identity]
 path = "../api_identity"

diff --git a/nexus/examples/config-file.toml b/nexus/examples/config-file.toml
@@ -43,3 +43,7 @@ level = "info"
 mode = "file"
 path = "logs/server.log"
 if_exists = "append"
+
+[updates]
+# If not present, accessing the TUF updates repository will fail
+#tuf_trusted_root = ""
diff --git a/nexus/examples/config.toml b/nexus/examples/config.toml
@@ -47,3 +47,7 @@ mode = "stderr-terminal"
 #mode = "file"
 #path = "logs/server.log"
 #if_exists = "append"
+
+[updates]
+# If not present, accessing the TUF updates repository will fail
+#tuf_trusted_root = ""
diff --git a/nexus/src/config.rs b/nexus/src/config.rs
@@ -40,6 +40,13 @@ pub struct ConsoleConfig {
     pub session_absolute_timeout_minutes: u32,
 }
 
+#[derive(Clone, Debug, Default, Deserialize, PartialEq, Serialize)]
+pub struct UpdatesConfig {
+    /** Trusted root.json role for the TUF updates repository. If `None`, accessing the TUF
+     * repository will fail. */
+    pub tuf_trusted_root: Option<PathBuf>,
+}
+
 /**
  * Configuration for a nexus server
  */
@@ -59,6 +66,9 @@ pub struct Config {
     pub database: db::Config,
     /** Authentication-related configuration */
     pub authn: AuthnConfig,
+    /** Updates-related configuration */
+    #[serde(default)]
+    pub updates: UpdatesConfig,
 }
 
 #[derive(Debug)]
@@ -164,7 +174,7 @@ impl Config {
 mod test {
     use super::{
         AuthnConfig, Config, ConsoleConfig, LoadError, LoadErrorKind,
-        SchemeName,
+        SchemeName, UpdatesConfig,
     };
     use crate::db;
     use dropshot::ConfigDropshot;
@@ -293,6 +303,8 @@ mod test {
             level = "debug"
             path = "/nonexistent/path"
             if_exists = "fail"
+            [updates]
+            tuf_trusted_root = "/path/to/root.json"
             "##,
         )
         .unwrap();
@@ -330,6 +342,9 @@ mod test {
                         .parse()
                         .unwrap()
                 },
+                updates: UpdatesConfig {
+                    tuf_trusted_root: Some(PathBuf::from("/path/to/root.json"))
+                },
             }
         );
 

diff --git a/nexus/src/context.rs b/nexus/src/context.rs
@@ -69,8 +69,8 @@ impl ServerContext {
      * Create a new context with the given rack id and log.  This creates the
      * underlying nexus as well.
      */
-    pub fn new(
-        rack_id: &Uuid,
+    pub async fn new(
+        rack_id: Uuid,
         log: Logger,
         pool: db::Pool,
         config: &config::Config,
@@ -140,7 +140,8 @@ impl ServerContext {
                 pool,
                 config,
                 Arc::clone(&authz),
-            ),
+            )
+            .await,
             log,
             external_authn,
             authz,