diff --git a/Cargo.lock b/Cargo.lock index bbf9639f7b9..ab1bd669d07 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -525,17 +525,21 @@ dependencies = [ [[package]] name = "attest-data" -version = "0.3.0" -source = "git+https://github.com/oxidecomputer/dice-util?rev=3cc953c8d0ace2f20cbcf3920b0771d25301960a#3cc953c8d0ace2f20cbcf3920b0771d25301960a" +version = "0.4.0" +source = "git+https://github.com/oxidecomputer/dice-util?rev=4b408edc1d00f108ddf635415d783e6f12fe9641#4b408edc1d00f108ddf635415d783e6f12fe9641" dependencies = [ - "getrandom 0.2.15", + "const-oid", + "der", + "getrandom 0.3.3", + "hex", "hubpack", + "rats-corim", "salty", "serde", "serde_with", "sha3", "static_assertions", - "thiserror 1.0.69", + "thiserror 2.0.12", ] [[package]] @@ -717,7 +721,7 @@ dependencies = [ "bitflags 2.9.1", "cexpr", "clang-sys", - "itertools 0.12.1", + "itertools 0.10.5", "lazy_static", "lazycell", "log", @@ -740,7 +744,7 @@ dependencies = [ "bitflags 2.9.1", "cexpr", "clang-sys", - "itertools 0.13.0", + "itertools 0.10.5", "log", "prettyplease", "proc-macro2", @@ -944,7 +948,7 @@ dependencies = [ "omicron-common", "omicron-uuid-kinds", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "sled-agent-types", "sled-hardware-types", @@ -962,7 +966,7 @@ dependencies = [ "progenitor 0.10.0", "regress", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "sled-hardware-types", @@ -1438,7 +1442,7 @@ dependencies = [ "omicron-workspace-hack", "oxide-tokio-rt", "ratatui", - "schemars", + "schemars 0.8.22", "serde_json", "slog", "slog-async", @@ -1458,7 +1462,7 @@ dependencies = [ "omicron-common", "omicron-uuid-kinds", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", ] @@ -1472,7 +1476,7 @@ dependencies = [ "omicron-workspace-hack", "progenitor 0.10.0", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "slog", ] @@ -1487,7 +1491,7 @@ dependencies = [ "omicron-workspace-hack", "progenitor 0.10.0", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "slog", ] @@ -1502,7 +1506,7 @@ dependencies = [ "omicron-workspace-hack", "progenitor 0.10.0", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "slog", ] @@ -1533,7 +1537,7 @@ dependencies = [ "itertools 0.14.0", "omicron-common", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -1566,7 +1570,7 @@ dependencies = [ "camino", "clap", "derive_more", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "thiserror 1.0.69", @@ -1607,7 +1611,7 @@ dependencies = [ "omicron-common", "omicron-uuid-kinds", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", ] @@ -1620,7 +1624,7 @@ dependencies = [ "omicron-workspace-hack", "progenitor 0.10.0", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "slog", ] @@ -1634,7 +1638,7 @@ dependencies = [ "omicron-common", "omicron-workspace-hack", "proptest", - "schemars", + "schemars 0.8.22", "serde", "test-strategy", "thiserror 2.0.12", @@ -1653,7 +1657,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "117725a109d387c937a1533ce01b450cbde6b88abceea8473c4d7a85853cda3c" dependencies = [ "lazy_static", - "windows-sys 0.59.0", + "windows-sys 0.48.0", ] [[package]] @@ -1666,7 +1670,7 @@ dependencies = [ "oximeter 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", "oxnet", "rand 0.8.5", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -1685,7 +1689,7 @@ source = "git+https://github.com/oxidecomputer/lldp#82fbc8c9747eb9f74dde0f92ae77 dependencies = [ "anyhow", "dpd-client", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -1837,6 +1841,12 @@ version = "0.8.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" +[[package]] +name = "corncobs" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f9236877021b66ad90f833d8a73a7acb702b985b64c5986682d9f1f1a184f0fb" + [[package]] name = "cpufeatures" version = "0.2.14" @@ -2017,7 +2027,7 @@ dependencies = [ "percent-encoding", "progenitor 0.10.0", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", ] @@ -2029,7 +2039,7 @@ source = "git+https://github.com/oxidecomputer/crucible?rev=e164393a88e7b6259889 dependencies = [ "base64 0.22.1", "crucible-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "uuid", @@ -2046,7 +2056,7 @@ dependencies = [ "dropshot", "nix 0.29.0", "rustls-pemfile 1.0.4", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -2075,7 +2085,7 @@ dependencies = [ "percent-encoding", "progenitor 0.10.0", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "uuid", @@ -2401,9 +2411,9 @@ dependencies = [ [[package]] name = "der" -version = "0.7.9" +version = "0.7.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f55bf8e7b65898637379c1b74eb1551107c8294ed26d855ceb9fd1a09cfc9bc0" +checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb" dependencies = [ "const-oid", "der_derive", @@ -2430,6 +2440,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b42b6fa04a440b495c8b04d0e71b707c585f83cb9cb28cf8cd0d976c315e31b4" dependencies = [ "powerfmt", + "serde", ] [[package]] @@ -2545,20 +2556,38 @@ dependencies = [ "proc-macro2", ] +[[package]] +name = "dice-mfg-msgs" +version = "0.2.1" +source = "git+https://github.com/oxidecomputer/dice-util?rev=4b408edc1d00f108ddf635415d783e6f12fe9641#4b408edc1d00f108ddf635415d783e6f12fe9641" +dependencies = [ + "const-oid", + "corncobs", + "hubpack", + "serde", + "serde-big-array", + "thiserror 2.0.12", + "x509-cert", + "zerocopy 0.8.26", +] + [[package]] name = "dice-verifier" -version = "0.2.0" -source = "git+https://github.com/oxidecomputer/dice-util?rev=3cc953c8d0ace2f20cbcf3920b0771d25301960a#3cc953c8d0ace2f20cbcf3920b0771d25301960a" +version = "0.3.0-pre0" +source = "git+https://github.com/oxidecomputer/dice-util?rev=4b408edc1d00f108ddf635415d783e6f12fe9641#4b408edc1d00f108ddf635415d783e6f12fe9641" dependencies = [ - "anyhow", "attest-data", "const-oid", "ed25519-dalek", - "env_logger 0.11.5", + "env_logger 0.11.8", + "hubpack", + "libipcc", "log", "p384", - "pem-rfc7468", + "rats-corim", "sha3", + "tempfile", + "thiserror 2.0.12", "x509-cert", ] @@ -2719,7 +2748,7 @@ dependencies = [ "pretty-hex 0.4.1", "progenitor 0.10.0", "reqwest", - "schemars", + "schemars 0.8.22", "semver 1.0.26", "serde", "serde_json", @@ -2745,7 +2774,7 @@ dependencies = [ "internal-dns-types", "omicron-workspace-hack", "openapi-manager-types", - "schemars", + "schemars 0.8.22", "semver 1.0.26", "serde", ] @@ -2761,7 +2790,7 @@ dependencies = [ "omicron-workspace-hack", "progenitor 0.10.0", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "slog", ] @@ -2810,7 +2839,7 @@ dependencies = [ "progenitor 0.9.1", "regress", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -2847,7 +2876,7 @@ dependencies = [ "percent-encoding", "rustls 0.22.4", "rustls-pemfile 2.2.0", - "schemars", + "schemars 0.8.22", "scopeguard", "semver 1.0.26", "serde", @@ -3110,9 +3139,9 @@ dependencies = [ [[package]] name = "env_logger" -version = "0.11.5" +version = "0.11.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e13fa619b91fb2381732789fc5de83b45675e882f66623b7d8cb4f643017018d" +checksum = "13c863f0904021b108aa8b2f55046443e6b1ebde8fd4a15c399893aae4fa069f" dependencies = [ "env_filter", "log", @@ -3141,7 +3170,7 @@ dependencies = [ "dropshot", "omicron-uuid-kinds", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "thiserror 2.0.12", @@ -3569,7 +3598,7 @@ dependencies = [ "omicron-common", "omicron-uuid-kinds", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "uuid", ] @@ -3615,7 +3644,7 @@ dependencies = [ "progenitor 0.10.0", "rand 0.8.5", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -3720,7 +3749,7 @@ dependencies = [ "omicron-common", "omicron-uuid-kinds", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "tufaceous-artifact", "uuid", @@ -3775,14 +3804,14 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.3.1" +version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "43a49c392881ce6d5c3b8cb70f98717b7c07aabbdff06687b9030dbfbe2725f8" +checksum = "26145e563e54f2cadc477553f1ec5ee650b00862f0a58bcd12cbdc5f0ea2d2f4" dependencies = [ "cfg-if", "libc", - "wasi 0.13.3+wasi-0.2.2", - "windows-targets 0.52.6", + "r-efi", + "wasi 0.14.2+wasi-0.2.4", ] [[package]] @@ -4711,7 +4740,7 @@ dependencies = [ "derive-where", "omicron-workspace-hack", "proptest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "test-strategy", @@ -4730,7 +4759,7 @@ dependencies = [ "hashbrown 0.15.4", "ref-cast", "rustc-hash 2.1.1", - "schemars", + "schemars 0.8.22", "serde", "serde_json", ] @@ -4825,7 +4854,7 @@ dependencies = [ "oxlog", "oxnet", "regress", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -4864,6 +4893,7 @@ checksum = "bd070e393353796e801d209ad339e89596eb4c8d430d18ede6a1cced8fafbd99" dependencies = [ "autocfg", "hashbrown 0.12.3", + "serde", ] [[package]] @@ -5040,7 +5070,7 @@ dependencies = [ "omicron-common", "omicron-uuid-kinds", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "slog", "tufaceous-artifact", @@ -5058,7 +5088,7 @@ dependencies = [ "progenitor 0.10.0", "regress", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -5076,7 +5106,7 @@ dependencies = [ "omicron-common", "omicron-workspace-hack", "proptest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "serde_with", @@ -5153,7 +5183,7 @@ dependencies = [ "omicron-common", "omicron-uuid-kinds", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "serde_json", ] @@ -5207,7 +5237,7 @@ version = "0.21.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cf370abdafd54d13e54a620e8c3e1145f28e46cc9d704bc6d94414559df41763" dependencies = [ - "schemars", + "schemars 0.8.22", "serde", ] @@ -5543,7 +5573,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4979f22fdb869068da03c9f7528f8297c6fd2606bc3a4affe42e6a823fdb8da4" dependencies = [ "cfg-if", - "windows-targets 0.52.6", + "windows-targets 0.48.5", ] [[package]] @@ -5733,7 +5763,7 @@ dependencies = [ "progenitor 0.9.1", "protocol", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -5954,7 +5984,7 @@ dependencies = [ "percent-encoding", "progenitor 0.9.1", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -6120,7 +6150,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a17d82edb1c8a6c20c238747ae7aae9181133e766bc92cd2556fdd764407d0d1" dependencies = [ "proptest", - "schemars", + "schemars 0.8.22", "serde", "uuid", ] @@ -6196,7 +6226,7 @@ dependencies = [ "progenitor 0.10.0", "regress", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -6216,7 +6246,7 @@ dependencies = [ "omicron-uuid-kinds", "omicron-workspace-hack", "pretty_assertions", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "serde_with", @@ -6315,7 +6345,7 @@ dependencies = [ "rand 0.8.5", "ref-cast", "regex", - "schemars", + "schemars 0.8.22", "semver 1.0.26", "serde", "serde_json", @@ -6398,7 +6428,7 @@ dependencies = [ "ref-cast", "regex", "rustls 0.22.4", - "schemars", + "schemars 0.8.22", "semver 1.0.26", "serde", "serde_json", @@ -6468,7 +6498,7 @@ dependencies = [ "omicron-common", "omicron-uuid-kinds", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "uuid", ] @@ -6868,7 +6898,7 @@ dependencies = [ "omicron-passwords", "omicron-uuid-kinds", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "sled-hardware-types", @@ -7000,7 +7030,7 @@ dependencies = [ "parse-display", "proptest", "regex", - "schemars", + "schemars 0.8.22", "semver 1.0.26", "serde", "serde_json", @@ -7112,7 +7142,7 @@ dependencies = [ "omicron-common", "omicron-uuid-kinds", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", ] @@ -7124,7 +7154,7 @@ dependencies = [ "omicron-workspace-hack", "progenitor 0.10.0", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "slog", ] @@ -7137,7 +7167,7 @@ dependencies = [ "omicron-common", "omicron-workspace-hack", "proptest", - "schemars", + "schemars 0.8.22", "serde", "test-strategy", "thiserror 2.0.12", @@ -7410,7 +7440,7 @@ dependencies = [ "oxide-tokio-rt", "oximeter-db", "oximeter-test-utils", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -7454,7 +7484,7 @@ dependencies = [ "pq-sys", "proptest", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -7522,7 +7552,7 @@ dependencies = [ "rand 0.8.5", "regress", "reqwest", - "schemars", + "schemars 0.8.22", "semver 1.0.26", "serde", "serde_human_bytes", @@ -7628,7 +7658,7 @@ dependencies = [ "oximeter 0.1.0", "oximeter-instruments", "oximeter-producer", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "signal-hook", @@ -7829,7 +7859,7 @@ dependencies = [ "rustls 0.22.4", "rustls-pemfile 2.2.0", "samael", - "schemars", + "schemars 0.8.22", "semver 1.0.26", "serde", "serde_json", @@ -7889,7 +7919,7 @@ dependencies = [ "pq-sys", "proptest", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -8040,7 +8070,7 @@ dependencies = [ "omicron-workspace-hack", "rand 0.8.5", "rust-argon2", - "schemars", + "schemars 0.8.22", "secrecy 0.10.3", "serde", "serde_with", @@ -8244,7 +8274,7 @@ dependencies = [ "repo-depot-api", "repo-depot-client", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "serde_human_bytes", "serde_json", @@ -8337,7 +8367,7 @@ dependencies = [ "newtype-uuid", "paste", "proptest", - "schemars", + "schemars 0.8.22", ] [[package]] @@ -8393,9 +8423,10 @@ dependencies = [ "gateway-messages", "generic-array", "getrandom 0.2.15", - "getrandom 0.3.1", + "getrandom 0.3.3", "group", "hashbrown 0.15.4", + "heck 0.4.1", "hickory-proto 0.25.2", "hmac", "hyper", @@ -8407,8 +8438,6 @@ dependencies = [ "ipnet", "ipnetwork", "itertools 0.10.5", - "itertools 0.12.1", - "itertools 0.13.0", "lalrpop-util", "lazy_static", "libc", @@ -8450,13 +8479,15 @@ dependencies = [ "rustix 0.38.37", "rustls 0.23.19", "rustls-webpki 0.102.8", - "schemars", + "schemars 0.8.22", "scopeguard", "semver 1.0.26", "serde", "serde_json", + "serde_with", "sha1", "sha2", + "sha3", "similar", "slog", "smallvec 1.15.0", @@ -8855,7 +8886,7 @@ dependencies = [ "dropshot", "omicron-common", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "uuid", ] @@ -8905,7 +8936,7 @@ dependencies = [ "qorb", "rand 0.8.5", "reqwest", - "schemars", + "schemars 0.8.22", "semver 1.0.26", "serde", "serde_json", @@ -8969,7 +9000,7 @@ dependencies = [ "regex", "reqwest", "rustyline", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -9005,7 +9036,7 @@ dependencies = [ "omicron-workspace-hack", "oximeter 0.1.0", "rand 0.8.5", - "schemars", + "schemars 0.8.22", "serde", "slog", "slog-async", @@ -9051,7 +9082,7 @@ dependencies = [ "omicron-test-utils", "omicron-workspace-hack", "oximeter 0.1.0", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -9075,7 +9106,7 @@ dependencies = [ "prettyplease", "proc-macro2", "quote", - "schemars", + "schemars 0.8.22", "serde", "slog-error-chain", "syn 2.0.104", @@ -9096,7 +9127,7 @@ dependencies = [ "prettyplease", "proc-macro2", "quote", - "schemars", + "schemars 0.8.22", "serde", "slog-error-chain", "syn 2.0.104", @@ -9162,7 +9193,7 @@ dependencies = [ "rand_distr", "regex", "rstest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "strum 0.27.1", @@ -9184,7 +9215,7 @@ dependencies = [ "omicron-workspace-hack", "parse-display", "regex", - "schemars", + "schemars 0.8.22", "serde", "strum 0.26.3", "thiserror 1.0.69", @@ -9214,7 +9245,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "80e1dc143c5a701f879552428910f357df8bd725575087cc713088fdfeafe812" dependencies = [ "ipnetwork", - "schemars", + "schemars 0.8.22", "serde", "serde_json", ] @@ -9229,7 +9260,7 @@ dependencies = [ "num", "omicron-workspace-hack", "oximeter-types 0.1.0", - "schemars", + "schemars 0.8.22", "serde", ] @@ -9247,9 +9278,9 @@ dependencies = [ [[package]] name = "p384" -version = "0.13.0" +version = "0.13.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70786f51bcc69f6a4c0360e063a4cac5419ef7c5cd5b3c99ad70f3be5ba79209" +checksum = "fe42f1670a52a47d448f14b6a5c61dd78fce51856e68edaa38f7ae3a46b8d6b6" dependencies = [ "ecdsa", "elliptic-curve", @@ -10185,7 +10216,7 @@ dependencies = [ "proc-macro2", "quote", "regex", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "syn 2.0.104", @@ -10207,7 +10238,7 @@ dependencies = [ "proc-macro2", "quote", "regex", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "syn 2.0.104", @@ -10229,7 +10260,7 @@ dependencies = [ "proc-macro2", "quote", "regex", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "syn 2.0.104", @@ -10248,7 +10279,7 @@ dependencies = [ "proc-macro2", "progenitor-impl 0.8.0", "quote", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "serde_tokenstream", @@ -10266,7 +10297,7 @@ dependencies = [ "proc-macro2", "progenitor-impl 0.9.1", "quote", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "serde_tokenstream", @@ -10284,7 +10315,7 @@ dependencies = [ "proc-macro2", "progenitor-impl 0.10.0", "quote", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "serde_tokenstream", @@ -10306,7 +10337,7 @@ dependencies = [ "propolis_api_types", "rand 0.8.5", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -10327,7 +10358,7 @@ dependencies = [ "progenitor 0.8.0", "rand 0.8.5", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -10354,7 +10385,7 @@ dependencies = [ "propolis_types", "rand 0.8.5", "reqwest", - "schemars", + "schemars 0.8.22", "semver 1.0.26", "serde", "serde_json", @@ -10388,7 +10419,7 @@ source = "git+https://github.com/oxidecomputer/propolis?rev=c03bd1a29c775acfc65d dependencies = [ "crucible-client-types", "propolis_types", - "schemars", + "schemars 0.8.22", "serde", "thiserror 1.0.69", "uuid", @@ -10399,7 +10430,7 @@ name = "propolis_types" version = "0.0.0" source = "git+https://github.com/oxidecomputer/propolis?rev=c03bd1a29c775acfc65de561b8fc436e2459a633#c03bd1a29c775acfc65de561b8fc436e2459a633" dependencies = [ - "schemars", + "schemars 0.8.22", "serde", ] @@ -10429,7 +10460,7 @@ version = "0.1.0" source = "git+https://github.com/oxidecomputer/lldp#82fbc8c9747eb9f74dde0f92ae77ec67f65652c4" dependencies = [ "anyhow", - "schemars", + "schemars 0.8.22", "serde", "thiserror 1.0.69", ] @@ -10544,6 +10575,12 @@ dependencies = [ "proc-macro2", ] +[[package]] +name = "r-efi" +version = "5.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f" + [[package]] name = "r2d2" version = "0.8.10" @@ -10627,7 +10664,7 @@ version = "0.9.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7a509b1a2ffbe92afab0e55c8fd99dea1c280e8171bd2d88682bb20bc41cbc2c" dependencies = [ - "getrandom 0.3.1", + "getrandom 0.3.3", "zerocopy 0.8.26", ] @@ -10699,6 +10736,21 @@ dependencies = [ "unicode-width 0.2.0", ] +[[package]] +name = "rats-corim" +version = "0.1.0" +source = "git+https://github.com/oxidecomputer/rats-corim#bb4a08dd507514f98c54f5fc67eadf14a0705f4e" +dependencies = [ + "ciborium", + "ciborium-io", + "clap", + "hex", + "serde", + "serde_with", + "strum 0.26.3", + "thiserror 2.0.12", +] + [[package]] name = "rayon" version = "1.10.0" @@ -10943,7 +10995,7 @@ version = "0.1.0" dependencies = [ "dropshot", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "tufaceous-artifact", ] @@ -10955,7 +11007,7 @@ dependencies = [ "omicron-workspace-hack", "progenitor 0.10.0", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "slog", ] @@ -11571,6 +11623,30 @@ dependencies = [ "uuid", ] +[[package]] +name = "schemars" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4cd191f9397d57d581cddd31014772520aa448f65ef991055d7f61582c65165f" +dependencies = [ + "dyn-clone", + "ref-cast", + "serde", + "serde_json", +] + +[[package]] +name = "schemars" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "82d20c4491bc164fa2f6c5d44565947a52ad80b9505d8e36f8d54c27c739fcd0" +dependencies = [ + "dyn-clone", + "ref-cast", + "serde", + "serde_json", +] + [[package]] name = "schemars_derive" version = "0.8.22" @@ -11913,6 +11989,10 @@ dependencies = [ "base64 0.22.1", "chrono", "hex", + "indexmap 1.9.3", + "indexmap 2.10.0", + "schemars 0.9.0", + "schemars 1.0.4", "serde", "serde_derive", "serde_json", @@ -12133,7 +12213,7 @@ dependencies = [ "omicron-common", "omicron-uuid-kinds", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "sled-agent-types", "sled-diagnostics", @@ -12158,7 +12238,7 @@ dependencies = [ "propolis-client 0.1.0 (git+https://github.com/oxidecomputer/propolis?rev=c03bd1a29c775acfc65de561b8fc436e2459a633)", "regress", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "sled-agent-types", @@ -12196,7 +12276,7 @@ dependencies = [ "omicron-uuid-kinds", "omicron-workspace-hack", "proptest", - "schemars", + "schemars 0.8.22", "scopeguard", "serde", "serde_json", @@ -12234,7 +12314,7 @@ dependencies = [ "oxnet", "propolis-client 0.1.0 (git+https://github.com/oxidecomputer/propolis?rev=c03bd1a29c775acfc65de561b8fc436e2459a633)", "rcgen", - "schemars", + "schemars 0.8.22", "serde", "serde_human_bytes", "serde_json", @@ -12314,7 +12394,7 @@ dependencies = [ "parallel-task-set", "rand 0.8.5", "regex", - "schemars", + "schemars 0.8.22", "serde", "sled-storage", "slog", @@ -12343,7 +12423,7 @@ dependencies = [ "omicron-uuid-kinds", "omicron-workspace-hack", "rand 0.8.5", - "schemars", + "schemars 0.8.22", "serde", "sled-hardware-types", "slog", @@ -12362,7 +12442,7 @@ dependencies = [ "macaddr", "omicron-common", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", ] @@ -12387,7 +12467,7 @@ dependencies = [ "omicron-uuid-kinds", "omicron-workspace-hack", "rand 0.8.5", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "sled-hardware", @@ -12610,7 +12690,7 @@ version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "03c3c6b7927ffe7ecaa769ee0e3994da3b8cafc8f444578982c83ecb161af917" dependencies = [ - "heck 0.5.0", + "heck 0.4.1", "proc-macro2", "quote", "syn 2.0.104", @@ -12679,15 +12759,17 @@ dependencies = [ [[package]] name = "sprockets-tls" version = "0.1.0" -source = "git+https://github.com/oxidecomputer/sprockets.git?rev=6d31fa63217c6a51061dc4afa1ebe175a0021981#6d31fa63217c6a51061dc4afa1ebe175a0021981" +source = "git+https://github.com/oxidecomputer/sprockets.git?rev=7b63ccb979288408fb772aa6d15f4a324497c754#7b63ccb979288408fb772aa6d15f4a324497c754" dependencies = [ "anyhow", "attest-data", "camino", "cfg-if", "clap", + "dice-mfg-msgs", "dice-verifier", "ed25519-dalek", + "hubpack", "libipcc", "pem-rfc7468", "rustls 0.23.19", @@ -12813,7 +12895,7 @@ dependencies = [ "lazy_static", "newtype_derive", "petgraph 0.6.5", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -13178,7 +13260,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e8a64e3985349f2441a1a9ef0b853f869006c3855f2cda6862a94d26ebb9d6a1" dependencies = [ "fastrand", - "getrandom 0.3.1", + "getrandom 0.3.3", "once_cell", "rustix 1.0.7", "windows-sys 0.59.0", @@ -13855,7 +13937,7 @@ dependencies = [ "hubpack", "itertools 0.14.0", "nix 0.29.0", - "schemars", + "schemars 0.8.22", "serde", "slog", "slog-async", @@ -13879,7 +13961,7 @@ dependencies = [ "hubpack", "itertools 0.14.0", "nix 0.29.0", - "schemars", + "schemars 0.8.22", "serde", "slog", "slog-async", @@ -13898,7 +13980,7 @@ name = "transceiver-decode" version = "0.1.0" source = "git+https://github.com/oxidecomputer/transceiver-control?branch=main#f3cb309c2bd2c03423467fd93992e9033ae3133c" dependencies = [ - "schemars", + "schemars 0.8.22", "serde", "static_assertions", "thiserror 2.0.12", @@ -13910,7 +13992,7 @@ name = "transceiver-decode" version = "0.1.0" source = "git+https://github.com/oxidecomputer/transceiver-control#4aac6125a8e6cefbb71d9f8a3d1fe6704207d476" dependencies = [ - "schemars", + "schemars 0.8.22", "serde", "static_assertions", "thiserror 2.0.12", @@ -13925,7 +14007,7 @@ dependencies = [ "bitflags 2.9.1", "clap", "hubpack", - "schemars", + "schemars 0.8.22", "serde", "thiserror 2.0.12", ] @@ -13938,7 +14020,7 @@ dependencies = [ "bitflags 2.9.1", "clap", "hubpack", - "schemars", + "schemars 0.8.22", "serde", "thiserror 2.0.12", ] @@ -14001,7 +14083,7 @@ dependencies = [ [[package]] name = "tufaceous" version = "0.1.0" -source = "git+https://github.com/oxidecomputer/tufaceous?branch=main#c269f5704d39eb4234e67e18be10d424ef23ac77" +source = "git+https://github.com/oxidecomputer/tufaceous?branch=main#ef54b566bce2c98c9c01a411a6553a2c29cb518d" dependencies = [ "anyhow", "camino", @@ -14022,12 +14104,12 @@ dependencies = [ [[package]] name = "tufaceous-artifact" version = "0.1.0" -source = "git+https://github.com/oxidecomputer/tufaceous?branch=main#c269f5704d39eb4234e67e18be10d424ef23ac77" +source = "git+https://github.com/oxidecomputer/tufaceous?branch=main#ef54b566bce2c98c9c01a411a6553a2c29cb518d" dependencies = [ "daft", "hex", "proptest", - "schemars", + "schemars 0.8.22", "semver 1.0.26", "serde", "serde_human_bytes", @@ -14039,7 +14121,7 @@ dependencies = [ [[package]] name = "tufaceous-brand-metadata" version = "0.1.0" -source = "git+https://github.com/oxidecomputer/tufaceous?branch=main#c269f5704d39eb4234e67e18be10d424ef23ac77" +source = "git+https://github.com/oxidecomputer/tufaceous?branch=main#ef54b566bce2c98c9c01a411a6553a2c29cb518d" dependencies = [ "semver 1.0.26", "serde", @@ -14051,7 +14133,7 @@ dependencies = [ [[package]] name = "tufaceous-lib" version = "0.1.0" -source = "git+https://github.com/oxidecomputer/tufaceous?branch=main#c269f5704d39eb4234e67e18be10d424ef23ac77" +source = "git+https://github.com/oxidecomputer/tufaceous?branch=main#ef54b566bce2c98c9c01a411a6553a2c29cb518d" dependencies = [ "anyhow", "async-trait", @@ -14217,7 +14299,7 @@ dependencies = [ "proc-macro2", "quote", "regress", - "schemars", + "schemars 0.8.22", "semver 1.0.26", "serde", "serde_json", @@ -14237,7 +14319,7 @@ dependencies = [ "proc-macro2", "quote", "regress", - "schemars", + "schemars 0.8.22", "semver 1.0.26", "serde", "serde_json", @@ -14257,7 +14339,7 @@ dependencies = [ "proc-macro2", "quote", "regress", - "schemars", + "schemars 0.8.22", "semver 1.0.26", "serde", "serde_json", @@ -14274,7 +14356,7 @@ checksum = "785e2cdcef0df8160fdd762ed548a637aaec1e83704fdbc14da0df66013ee8d0" dependencies = [ "proc-macro2", "quote", - "schemars", + "schemars 0.8.22", "semver 1.0.26", "serde", "serde_json", @@ -14291,7 +14373,7 @@ checksum = "68b5780d745920ed73c5b7447496a9b5c42ed2681a9b70859377aec423ecf02b" dependencies = [ "proc-macro2", "quote", - "schemars", + "schemars 0.8.22", "semver 1.0.26", "serde", "serde_json", @@ -14308,7 +14390,7 @@ checksum = "0ff5799be156e4f635c348c6051d165e1c59997827155133351a8c4d333d9841" dependencies = [ "proc-macro2", "quote", - "schemars", + "schemars 0.8.22", "semver 1.0.26", "serde", "serde_json", @@ -14508,7 +14590,7 @@ dependencies = [ "omicron-workspace-hack", "owo-colors", "petgraph 0.8.2", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "serde_with", @@ -14627,7 +14709,7 @@ version = "1.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3cf4199d1e5d15ddd86a694e4d0dffa9c323ce759fea589f00fef9d81cc1931d" dependencies = [ - "getrandom 0.3.1", + "getrandom 0.3.3", "js-sys", "serde", "wasm-bindgen", @@ -14772,9 +14854,9 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "wasi" -version = "0.13.3+wasi-0.2.2" +version = "0.14.2+wasi-0.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26816d2e1a4a36a2940b96c5296ce403917633dff8f3440e9b236ed6f6bacad2" +checksum = "9683f9a5a998d873c0d21fcbe3c083009670149a8fab228644b8bd36b2c48cb3" dependencies = [ "wit-bindgen-rt", ] @@ -14987,7 +15069,7 @@ dependencies = [ "omicron-workspace-hack", "owo-colors", "oxnet", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "sha2", @@ -15077,7 +15159,7 @@ dependencies = [ "oxnet", "rand 0.8.5", "reqwest", - "schemars", + "schemars 0.8.22", "semver 1.0.26", "serde", "serde_json", @@ -15122,7 +15204,7 @@ dependencies = [ "omicron-passwords", "omicron-uuid-kinds", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "semver 1.0.26", "serde", "sled-hardware-types", @@ -15143,7 +15225,7 @@ dependencies = [ "progenitor 0.10.0", "regress", "reqwest", - "schemars", + "schemars 0.8.22", "semver 1.0.26", "serde", "serde_json", @@ -15183,7 +15265,7 @@ version = "0.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb" dependencies = [ - "windows-sys 0.59.0", + "windows-sys 0.48.0", ] [[package]] @@ -15570,9 +15652,9 @@ dependencies = [ [[package]] name = "wit-bindgen-rt" -version = "0.33.0" +version = "0.39.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3268f3d866458b787f390cf61f4bbb563b922d091359f9608842999eaee3943c" +checksum = "6f42320e61fe2cfd34354ecb597f86f413484a798ba44a8ca1165c58d42da6c1" dependencies = [ "bitflags 2.9.1", ] diff --git a/Cargo.toml b/Cargo.toml index 8efff33eadc..d08132d3cf6 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -710,7 +710,7 @@ slog-term = "2.9.1" smf = "0.2" socket2 = { version = "0.5", features = ["all"] } sp-sim = { path = "sp-sim" } -sprockets-tls = { git = "https://github.com/oxidecomputer/sprockets.git", rev = "6d31fa63217c6a51061dc4afa1ebe175a0021981" } +sprockets-tls = { git = "https://github.com/oxidecomputer/sprockets.git", rev = "7b63ccb979288408fb772aa6d15f4a324497c754" } sqlformat = "0.3.5" sqlparser = { version = "0.45.0", features = [ "visitor" ] } static_assertions = "1.1.0" diff --git a/dev-tools/reconfigurator-cli/tests/output/cmds-mupdate-update-flow-stdout b/dev-tools/reconfigurator-cli/tests/output/cmds-mupdate-update-flow-stdout index 80c88c1edfc..d022852a8ea 100644 --- a/dev-tools/reconfigurator-cli/tests/output/cmds-mupdate-update-flow-stdout +++ b/dev-tools/reconfigurator-cli/tests/output/cmds-mupdate-update-flow-stdout @@ -36,6 +36,8 @@ INFO added artifact, name: internal-dns, kind: zone, version: 1.0.0, hash: ffbf1 INFO added artifact, name: ntp, kind: zone, version: 1.0.0, hash: 67593d686ed04a1709f93972b71f4ebc148a9362120f65d239943e814a9a7439, length: 1681 INFO added artifact, name: nexus, kind: zone, version: 1.0.0, hash: 0e32b4a3e5d3668bb1d6a16fb06b74dc60b973fa479dcee0aae3adbb52bf1388, length: 1682 INFO added artifact, name: oximeter, kind: zone, version: 1.0.0, hash: 048d8fe8cdef5b175aad714d0f148aa80ce36c9114ac15ce9d02ed3d37877a77, length: 1682 +INFO added artifact, name: sp_corpus, kind: measurement_corpus, version: 1.0.0, hash: ac95be27f1d2ef747290b76b83a1e6b162f344451387477b04a0e74bc7be17a6, length: 11913 +INFO added artifact, name: rot_corpus, kind: measurement_corpus, version: 1.0.0, hash: 8a354560e17a992a46bc73a37556f0f9c090c570adaa85537ae5994b1986fd50, length: 11913 INFO added artifact, name: fake-psc-sp, kind: psc_sp, version: 1.0.0, hash: f896cf5b19ca85864d470ad8587f980218bff3954e7f52bbd999699cd0f9635b, length: 744 INFO added artifact, name: fake-psc-rot, kind: psc_rot_image_a, version: 1.0.0, hash: 179eb660ebc92e28b6748b6af03d9f998d6131319edd4654a1e948454c62551b, length: 750 INFO added artifact, name: fake-psc-rot, kind: psc_rot_image_b, version: 1.0.0, hash: 179eb660ebc92e28b6748b6af03d9f998d6131319edd4654a1e948454c62551b, length: 750 diff --git a/dev-tools/reconfigurator-cli/tests/output/cmds-noop-image-source-stdout b/dev-tools/reconfigurator-cli/tests/output/cmds-noop-image-source-stdout index 95a4c206dd7..2ecfb1615e9 100644 --- a/dev-tools/reconfigurator-cli/tests/output/cmds-noop-image-source-stdout +++ b/dev-tools/reconfigurator-cli/tests/output/cmds-noop-image-source-stdout @@ -58,6 +58,8 @@ INFO added artifact, name: internal-dns, kind: zone, version: 1.0.0, hash: ffbf1 INFO added artifact, name: ntp, kind: zone, version: 1.0.0, hash: 67593d686ed04a1709f93972b71f4ebc148a9362120f65d239943e814a9a7439, length: 1681 INFO added artifact, name: nexus, kind: zone, version: 1.0.0, hash: 0e32b4a3e5d3668bb1d6a16fb06b74dc60b973fa479dcee0aae3adbb52bf1388, length: 1682 INFO added artifact, name: oximeter, kind: zone, version: 1.0.0, hash: 048d8fe8cdef5b175aad714d0f148aa80ce36c9114ac15ce9d02ed3d37877a77, length: 1682 +INFO added artifact, name: sp_corpus, kind: measurement_corpus, version: 1.0.0, hash: ac95be27f1d2ef747290b76b83a1e6b162f344451387477b04a0e74bc7be17a6, length: 11913 +INFO added artifact, name: rot_corpus, kind: measurement_corpus, version: 1.0.0, hash: 8a354560e17a992a46bc73a37556f0f9c090c570adaa85537ae5994b1986fd50, length: 11913 INFO added artifact, name: fake-psc-sp, kind: psc_sp, version: 1.0.0, hash: f896cf5b19ca85864d470ad8587f980218bff3954e7f52bbd999699cd0f9635b, length: 744 INFO added artifact, name: fake-psc-rot, kind: psc_rot_image_a, version: 1.0.0, hash: 179eb660ebc92e28b6748b6af03d9f998d6131319edd4654a1e948454c62551b, length: 750 INFO added artifact, name: fake-psc-rot, kind: psc_rot_image_b, version: 1.0.0, hash: 179eb660ebc92e28b6748b6af03d9f998d6131319edd4654a1e948454c62551b, length: 750 @@ -120,6 +122,8 @@ INFO added artifact, name: internal-dns, kind: zone, version: 2.0.0, hash: de306 INFO added artifact, name: ntp, kind: zone, version: 2.0.0, hash: d76e26198daed69cdae04490d7477f8c842e0dbe37d463eac0d0a8d3fb803095, length: 1682 INFO added artifact, name: nexus, kind: zone, version: 2.0.0, hash: e9b7035f41848a987a798c15ac424cc91dd662b1af0920d58d8aa1ebad7467b6, length: 1683 INFO added artifact, name: oximeter, kind: zone, version: 2.0.0, hash: 9f4bc56a15d5fd943fdac94309994b8fd73aa2be1ec61faf44bfcf2356c9dc23, length: 1683 +INFO added artifact, name: sp_corpus, kind: measurement_corpus, version: 2.0.0, hash: aa21cbeece8fa0097024edc347bc85bf2bc4b6cf0cc83eefd1a269856b3e10d1, length: 11914 +INFO added artifact, name: rot_corpus, kind: measurement_corpus, version: 2.0.0, hash: 79b9888b01b0cd1110f8733fc85f389c7cf64805c1342b960eb977747c21e016, length: 11914 INFO added artifact, name: fake-psc-sp, kind: psc_sp, version: 2.0.0, hash: 7adf04de523865003dbf120cebddd5fcf5bad650640281b294197e6ca7016e47, length: 748 INFO added artifact, name: fake-psc-rot, kind: psc_rot_image_a, version: 2.0.0, hash: 6d1c432647e9b9e4cf846ff5d17932d75cba49c0d3f23d24243238bc40bcfef5, length: 746 INFO added artifact, name: fake-psc-rot, kind: psc_rot_image_b, version: 2.0.0, hash: 6d1c432647e9b9e4cf846ff5d17932d75cba49c0d3f23d24243238bc40bcfef5, length: 746 diff --git a/dev-tools/reconfigurator-cli/tests/output/cmds-target-release-stdout b/dev-tools/reconfigurator-cli/tests/output/cmds-target-release-stdout index a994234a81a..7f6067b234e 100644 --- a/dev-tools/reconfigurator-cli/tests/output/cmds-target-release-stdout +++ b/dev-tools/reconfigurator-cli/tests/output/cmds-target-release-stdout @@ -49,6 +49,8 @@ INFO added artifact, name: internal-dns, kind: zone, version: 1.0.0, hash: ffbf1 INFO added artifact, name: ntp, kind: zone, version: 1.0.0, hash: 67593d686ed04a1709f93972b71f4ebc148a9362120f65d239943e814a9a7439, length: 1681 INFO added artifact, name: nexus, kind: zone, version: 1.0.0, hash: 0e32b4a3e5d3668bb1d6a16fb06b74dc60b973fa479dcee0aae3adbb52bf1388, length: 1682 INFO added artifact, name: oximeter, kind: zone, version: 1.0.0, hash: 048d8fe8cdef5b175aad714d0f148aa80ce36c9114ac15ce9d02ed3d37877a77, length: 1682 +INFO added artifact, name: sp_corpus, kind: measurement_corpus, version: 1.0.0, hash: ac95be27f1d2ef747290b76b83a1e6b162f344451387477b04a0e74bc7be17a6, length: 11913 +INFO added artifact, name: rot_corpus, kind: measurement_corpus, version: 1.0.0, hash: 8a354560e17a992a46bc73a37556f0f9c090c570adaa85537ae5994b1986fd50, length: 11913 INFO added artifact, name: fake-psc-sp, kind: psc_sp, version: 1.0.0, hash: f896cf5b19ca85864d470ad8587f980218bff3954e7f52bbd999699cd0f9635b, length: 744 INFO added artifact, name: fake-psc-rot, kind: psc_rot_image_a, version: 1.0.0, hash: 179eb660ebc92e28b6748b6af03d9f998d6131319edd4654a1e948454c62551b, length: 750 INFO added artifact, name: fake-psc-rot, kind: psc_rot_image_b, version: 1.0.0, hash: 179eb660ebc92e28b6748b6af03d9f998d6131319edd4654a1e948454c62551b, length: 750 @@ -87,6 +89,8 @@ target release (generation 2): 1.0.0 (system-update-v1.0.0.zip) artifact: 67593d686ed04a1709f93972b71f4ebc148a9362120f65d239943e814a9a7439 zone (ntp version 1.0.0) artifact: 0e32b4a3e5d3668bb1d6a16fb06b74dc60b973fa479dcee0aae3adbb52bf1388 zone (nexus version 1.0.0) artifact: 048d8fe8cdef5b175aad714d0f148aa80ce36c9114ac15ce9d02ed3d37877a77 zone (oximeter version 1.0.0) + artifact: ac95be27f1d2ef747290b76b83a1e6b162f344451387477b04a0e74bc7be17a6 measurement_corpus (sp_corpus version 1.0.0) + artifact: 8a354560e17a992a46bc73a37556f0f9c090c570adaa85537ae5994b1986fd50 measurement_corpus (rot_corpus version 1.0.0) artifact: f896cf5b19ca85864d470ad8587f980218bff3954e7f52bbd999699cd0f9635b psc_sp (fake-psc-sp version 1.0.0) artifact: 179eb660ebc92e28b6748b6af03d9f998d6131319edd4654a1e948454c62551b psc_rot_image_a (fake-psc-rot version 1.0.0) artifact: 179eb660ebc92e28b6748b6af03d9f998d6131319edd4654a1e948454c62551b psc_rot_image_b (fake-psc-rot version 1.0.0) @@ -160,6 +164,8 @@ target release (generation 2): 1.0.0 (system-update-v1.0.0.zip) artifact: 67593d686ed04a1709f93972b71f4ebc148a9362120f65d239943e814a9a7439 zone (ntp version 1.0.0) artifact: 0e32b4a3e5d3668bb1d6a16fb06b74dc60b973fa479dcee0aae3adbb52bf1388 zone (nexus version 1.0.0) artifact: 048d8fe8cdef5b175aad714d0f148aa80ce36c9114ac15ce9d02ed3d37877a77 zone (oximeter version 1.0.0) + artifact: ac95be27f1d2ef747290b76b83a1e6b162f344451387477b04a0e74bc7be17a6 measurement_corpus (sp_corpus version 1.0.0) + artifact: 8a354560e17a992a46bc73a37556f0f9c090c570adaa85537ae5994b1986fd50 measurement_corpus (rot_corpus version 1.0.0) artifact: f896cf5b19ca85864d470ad8587f980218bff3954e7f52bbd999699cd0f9635b psc_sp (fake-psc-sp version 1.0.0) artifact: 179eb660ebc92e28b6748b6af03d9f998d6131319edd4654a1e948454c62551b psc_rot_image_a (fake-psc-rot version 1.0.0) artifact: 179eb660ebc92e28b6748b6af03d9f998d6131319edd4654a1e948454c62551b psc_rot_image_b (fake-psc-rot version 1.0.0) diff --git a/dev-tools/releng/src/hubris.rs b/dev-tools/releng/src/hubris.rs index c44a01dec3b..56a37e728c3 100644 --- a/dev-tools/releng/src/hubris.rs +++ b/dev-tools/releng/src/hubris.rs @@ -38,6 +38,19 @@ pub(crate) async fn fetch_hubris_artifacts( fs::create_dir_all(&output_dir).await?; + // We need to remove our old downloaded corpus to make sure nothing else + // gets added to the repo unexpectedly. This should only really be a + // issue with local builds + if std::fs::exists(&output_dir.join("measurement_corpus")) + .context("failed to check `measurement_corpus`")? + { + std::fs::remove_dir_all(&output_dir.join("measurement_corpus")) + .context("failed to remove `measurement_corpus")?; + } + fs::create_dir_all(&output_dir.join("measurement_corpus")) + .await + .context("Failed to create `measurement_corpus`")?; + // This could be parallelized with FuturesUnordered but in practice this // takes less time than OS builds. @@ -106,6 +119,22 @@ pub(crate) async fn fetch_hubris_artifacts( } } } + if let Some(corpus) = hash_manifest.corpus { + let hash = match corpus { + Source::File(file) => file.hash, + _ => anyhow::bail!( + "Unexpected file type: should be a single file, not an RoT" + ), + }; + let data = + fetch_hash(&logger, base_url, &client, &hash).await?; + fs::write( + output_dir.join("measurement_corpus").join(hash), + data, + ) + .await + .context("failed to write file {hash}")?; + } } } @@ -160,6 +189,9 @@ async fn fetch_hash( struct Manifest { #[serde(rename = "artifact")] artifacts: HashMap>, + // Add a default for backwards compatibility + #[serde(rename = "measurement_corpus")] + corpus: Option, } #[derive(Deserialize)] diff --git a/dev-tools/releng/src/tuf.rs b/dev-tools/releng/src/tuf.rs index 499f91e8af0..adf553d6d13 100644 --- a/dev-tools/releng/src/tuf.rs +++ b/dev-tools/releng/src/tuf.rs @@ -72,6 +72,38 @@ pub(crate) async fn build_tuf_repo( } } + let mut measurement_corpus = vec![]; + + for entry in std::fs::read_dir( + output_dir.join("hubris-staging").join("measurement_corpus"), + ) + .context("failed to read `hubris-staging/measurement_corpus")? + { + let entry = entry?; + measurement_corpus.push(DeserializedControlPlaneZoneSource::File { + file_name: Some(format!( + "{}.cbor", + entry.file_name().into_string().unwrap() + )), + path: Utf8PathBuf::from_path_buf(entry.path()).unwrap(), + }); + } + + for entry in std::fs::read_dir( + output_dir.join("hubris-production").join("measurement_corpus"), + ) + .context("failed to read `hubris-production/measurement_corpus")? + { + let entry = entry?; + measurement_corpus.push(DeserializedControlPlaneZoneSource::File { + file_name: Some(format!( + "{}.cbor", + entry.file_name().into_string().unwrap() + )), + path: Utf8PathBuf::from_path_buf(entry.path()).unwrap(), + }); + } + // Add the OS images. manifest.artifacts.insert( KnownArtifactKind::Host, @@ -111,12 +143,16 @@ pub(crate) async fn build_tuf_repo( .join(format!("{}.tar.gz", package)), }); } + manifest.artifacts.insert( KnownArtifactKind::ControlPlane, vec![DeserializedArtifactData { name: "control-plane".to_string(), version: artifact_version.clone(), - source: DeserializedArtifactSource::CompositeControlPlane { zones }, + source: DeserializedArtifactSource::CompositeControlPlane { + zones, + measurement_corpus, + }, }], ); diff --git a/installinator-common/src/progress.rs b/installinator-common/src/progress.rs index 3a3b9c316ae..8b9d8909b25 100644 --- a/installinator-common/src/progress.rs +++ b/installinator-common/src/progress.rs @@ -251,6 +251,8 @@ pub enum WriteError { #[source] error: Box>, }, + #[error("error creating directory: {error}")] + CreateDirError { error: std::io::Error }, } impl From> for WriteError { @@ -297,6 +299,12 @@ pub enum ControlPlaneZonesStepId { /// Writing the MUPdate override file. MupdateOverride, + /// Creating Measurement directory + CreateMeasurementDir, + + /// Writing a measurement corpus + MeasurementCorpus { name: String }, + /// Writing the zone manifest. ZoneManifest, diff --git a/installinator/src/write.rs b/installinator/src/write.rs index 525cd111026..5c4f2c1ed4a 100644 --- a/installinator/src/write.rs +++ b/installinator/src/write.rs @@ -777,6 +777,58 @@ impl ControlPlaneZoneWriteContext<'_> { .register(); } + engine + .new_step( + WriteComponent::ControlPlane, + ControlPlaneZonesStepId::CreateMeasurementDir, + "Creating measurement directory".to_string(), + async move |_cx| { + if !std::fs::exists( + self.output_directory.join("measurements"), + ) + .map_err(|error| WriteError::CreateDirError { error })? + { + std::fs::create_dir( + self.output_directory.join("measurements"), + ) + .map_err(|error| { + WriteError::CreateDirError { error } + })?; + } + StepSuccess::new(()).into() + }, + ) + .register(); + + for (name, data) in &self.zones.measurement_corpus { + let out_path = + self.output_directory.join("measurements").join(name); + transport = engine + .new_step( + WriteComponent::ControlPlane, + ControlPlaneZonesStepId::MeasurementCorpus { + name: name.clone(), + }, + format!("Writing measurement corpus {name}"), + async move |cx| { + let transport = transport.into_value(cx.token()).await; + write_artifact_impl( + WriteComponent::ControlPlane, + slot, + data.clone().into(), + &out_path, + transport, + &cx, + ) + .await?; + + StepSuccess::new(transport).into() + }, + ) + .register(); + } + + // XXX here is where we can write the corpus // `fsync()` the directory to ensure the directory entries for all the // files we just created are written to disk. let output_directory = self.output_directory.to_path_buf(); @@ -1127,10 +1179,12 @@ mod tests { data1: Vec>, #[strategy(prop::collection::vec(prop::collection::vec(any::(), 0..8192), 0..16))] data2: Vec>, + #[strategy(prop::collection::vec(prop::collection::vec(any::(), 0..8192), 0..16))] + data3: Vec>, #[strategy(WriteOps::strategy())] write_ops: WriteOps, ) { with_test_runtime(async move { - proptest_write_artifact_impl(data1, data2, write_ops) + proptest_write_artifact_impl(data1, data2, data3, write_ops) .await .expect("test failed"); }) @@ -1209,6 +1263,7 @@ mod tests { async fn proptest_write_artifact_impl( data1: Vec>, data2: Vec>, + data3: Vec>, write_ops: WriteOps, ) -> Result<()> { let logctx = test_setup_log("test_write_artifact"); @@ -1219,10 +1274,15 @@ mod tests { let destination_control_plane = tempdir_path.join("test-control-plane.bin"); + let destination_corpus = + tempdir_path.join("measurements").join("test-corpus.bin"); + let mut artifact_host: BufList = data1.into_iter().map(Bytes::from).collect(); let mut artifact_control_plane: BufList = data2.into_iter().map(Bytes::from).collect(); + let mut artifact_corpus: BufList = + data3.into_iter().map(Bytes::from).collect(); let host_id = ArtifactHashId { kind: ArtifactKind::HOST_PHASE_2, @@ -1287,6 +1347,10 @@ mod tests { destination_control_plane.file_name().unwrap().to_string(), artifact_control_plane.iter().flatten().copied().collect(), )], + measurement_corpus: vec![( + destination_corpus.file_name().unwrap().to_string(), + artifact_corpus.iter().flatten().copied().collect(), + )], }; let mut writer = ArtifactWriter::new( @@ -1418,6 +1482,30 @@ mod tests { .copy_to_bytes(artifact_control_plane.num_bytes()); assert_eq!(buf, bytes, "bytes written to disk match"); + // Read the corpus artifact from disk and ensure it is correct. + let mut file = tokio::fs::File::open(&destination_corpus) + .await + .with_context(|| { + format!( + "failed to open {destination_corpus} to verify contents" + ) + })?; + let mut buf = Vec::with_capacity(artifact_corpus.num_bytes()); + let read_num_bytes = + file.read_to_end(&mut buf).await.with_context(|| { + format!( + "failed to read {destination_control_plane} into memory" + ) + })?; + assert_eq!( + read_num_bytes, + artifact_corpus.num_bytes(), + "read num_bytes matches" + ); + + let bytes = artifact_corpus.copy_to_bytes(artifact_corpus.num_bytes()); + assert_eq!(buf, bytes, "bytes written to disk match"); + logctx.cleanup_successful(); Ok(()) } diff --git a/nexus/reconfigurator/planning/src/mgs_updates/mod.rs b/nexus/reconfigurator/planning/src/mgs_updates/mod.rs index 3c3192c2071..23a9f9f2c34 100644 --- a/nexus/reconfigurator/planning/src/mgs_updates/mod.rs +++ b/nexus/reconfigurator/planning/src/mgs_updates/mod.rs @@ -418,7 +418,8 @@ fn try_make_update_sp( | KnownArtifactKind::SwitchRot | KnownArtifactKind::GimletRotBootloader | KnownArtifactKind::PscRotBootloader - | KnownArtifactKind::SwitchRotBootloader, + | KnownArtifactKind::SwitchRotBootloader + | KnownArtifactKind::MeasurementCorpus, ) => false, } }) diff --git a/sled-agent/config-reconciler/src/internal_disks.rs b/sled-agent/config-reconciler/src/internal_disks.rs index 5702a8ed669..a744d4af564 100644 --- a/sled-agent/config-reconciler/src/internal_disks.rs +++ b/sled-agent/config-reconciler/src/internal_disks.rs @@ -337,6 +337,13 @@ impl InternalDisks { }) } + /// Returns all `INSTALL_DATASET` paths within available M.2 disks. + pub fn all_install_datasets( + &self, + ) -> impl ExactSizeIterator + '_ { + self.all_datasets(INSTALL_DATASET) + } + /// Returns all `CONFIG_DATASET` paths within available M.2 disks. pub fn all_config_datasets( &self, diff --git a/sled-agent/src/bootstrap/client.rs b/sled-agent/src/bootstrap/client.rs index 6a14e0dccb0..51b090f6822 100644 --- a/sled-agent/src/bootstrap/client.rs +++ b/sled-agent/src/bootstrap/client.rs @@ -10,6 +10,7 @@ use super::params::version; use super::views::SledAgentResponse; use crate::bootstrap::views::Response; use crate::bootstrap::views::ResponseEnvelope; +use camino::Utf8PathBuf; use sled_agent_types::sled::StartSledAgentRequest; use slog::Logger; use sprockets_tls::client::Client as SprocketsClient; @@ -72,15 +73,17 @@ pub(crate) struct Client { addr: SocketAddrV6, log: Logger, sprockets_conf: SprocketsConfig, + corpus: Vec, } impl Client { pub(crate) fn new( addr: SocketAddrV6, sprockets_conf: SprocketsConfig, + corpus: Vec, log: Logger, ) -> Self { - Self { addr, sprockets_conf, log } + Self { addr, sprockets_conf, log, corpus } } /// Start sled agent by sending an initialization request determined from @@ -114,6 +117,7 @@ impl Client { let stream = SprocketsClient::connect( self.sprockets_conf.clone(), self.addr, + self.corpus.clone(), log.clone(), ) .await diff --git a/sled-agent/src/bootstrap/http_entrypoints.rs b/sled-agent/src/bootstrap/http_entrypoints.rs index 12a986cf2fb..3e7691b7b5d 100644 --- a/sled-agent/src/bootstrap/http_entrypoints.rs +++ b/sled-agent/src/bootstrap/http_entrypoints.rs @@ -118,12 +118,21 @@ impl BootstrapAgentApi for BootstrapAgentImpl { rqctx: RequestContext, ) -> Result, HttpError> { let ctx = rqctx.context(); + + let corpus = + crate::bootstrap::measurements::sled_new_measurement_paths( + &ctx.internal_disks_rx, + ) + .await + .map_err(|err| HttpError::for_bad_request(None, err.to_string()))?; + let id = ctx .rss_access .start_reset( &ctx.base_log, ctx.sprockets.clone(), ctx.global_zone_bootstrap_ip, + corpus, ) .map_err(|err| HttpError::for_bad_request(None, err.to_string()))?; Ok(HttpResponseOk(id)) diff --git a/sled-agent/src/bootstrap/measurements.rs b/sled-agent/src/bootstrap/measurements.rs new file mode 100644 index 00000000000..9985bb4ec4c --- /dev/null +++ b/sled-agent/src/bootstrap/measurements.rs @@ -0,0 +1,64 @@ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +//! Functions related to management of measurement corpus +use camino::{Utf8Path, Utf8PathBuf}; +use sled_agent_config_reconciler::InternalDisksReceiver; +use thiserror::Error; + +#[derive(Error, Debug)] +pub enum MeasurementError { + #[error("Missing INSTALL dataset")] + MissingInstallSet, + #[error("io error at {path}")] + Io { path: Utf8PathBuf, err: std::io::Error }, + #[error("Missing boot disk")] + MissingBootDisk, +} + +/// Access the measurements in the install directory +pub async fn sled_new_measurement_paths( + receiver: &InternalDisksReceiver, +) -> Result, MeasurementError> { + let mut all = vec![]; + + let mut dirs: Vec<_> = receiver + .current() + .all_install_datasets() + .map(|p| p.join("measurements")) + .collect(); + + if dirs.is_empty() { + return Err(MeasurementError::MissingInstallSet); + } + + // We don't have an install dataset for our automated deployment + // testing. Instead, rely on the files getting copied/packaged. + let testing_corpus_path = + Utf8Path::new("/opt/oxide/sled-agent/pkg/testing-measurements"); + + if testing_corpus_path.is_dir() { + dirs.push(testing_corpus_path.into()); + } + + for dir in dirs { + match dir.read_dir_utf8() { + Ok(iter) => { + for entry in iter { + let entry = entry.map_err(|err| MeasurementError::Io { + path: dir.clone(), + err, + })?; + all.push(entry.path().into()); + } + } + // We purposely skip over errors here in case the + // directory is missing. This will just end up as + // an empty corpus set. + Err(_) => {} + } + } + + Ok(all) +} diff --git a/sled-agent/src/bootstrap/mod.rs b/sled-agent/src/bootstrap/mod.rs index acda0b456f8..02a9a6727fc 100644 --- a/sled-agent/src/bootstrap/mod.rs +++ b/sled-agent/src/bootstrap/mod.rs @@ -10,6 +10,7 @@ pub mod config; pub mod early_networking; mod http_entrypoints; mod maghemite; +pub(crate) mod measurements; pub(crate) mod params; mod pre_server; mod pumpkind; diff --git a/sled-agent/src/bootstrap/rack_ops.rs b/sled-agent/src/bootstrap/rack_ops.rs index db2e79d3ec9..009c5121a78 100644 --- a/sled-agent/src/bootstrap/rack_ops.rs +++ b/sled-agent/src/bootstrap/rack_ops.rs @@ -7,6 +7,7 @@ use crate::bootstrap::rss_handle::RssHandle; use crate::rack_setup::service::SetupServiceError; use bootstore::schemes::v0 as bootstore; +use camino::Utf8PathBuf; use omicron_uuid_kinds::RackInitUuid; use omicron_uuid_kinds::RackResetUuid; use sled_agent_config_reconciler::InternalDisksReceiver; @@ -218,6 +219,7 @@ impl RssAccess { parent_log: &Logger, sprockets: SprocketsConfig, global_zone_bootstrap_ip: Ipv6Addr, + corpus: Vec, ) -> Result { let mut status = self.status.lock().unwrap(); @@ -255,6 +257,7 @@ impl RssAccess { let result = rack_reset( &parent_log, sprockets, + corpus, global_zone_bootstrap_ip, ) .await; @@ -348,8 +351,14 @@ async fn rack_initialize( async fn rack_reset( parent_log: &Logger, sprockets: SprocketsConfig, + corpus: Vec, global_zone_bootstrap_ip: Ipv6Addr, ) -> Result<(), SetupServiceError> { - RssHandle::run_rss_reset(parent_log, global_zone_bootstrap_ip, sprockets) - .await + RssHandle::run_rss_reset( + parent_log, + global_zone_bootstrap_ip, + sprockets, + corpus, + ) + .await } diff --git a/sled-agent/src/bootstrap/rss_handle.rs b/sled-agent/src/bootstrap/rss_handle.rs index f3872b90feb..de00338143b 100644 --- a/sled-agent/src/bootstrap/rss_handle.rs +++ b/sled-agent/src/bootstrap/rss_handle.rs @@ -9,6 +9,7 @@ use crate::rack_setup::service::RackSetupService; use crate::rack_setup::service::SetupServiceError; use ::bootstrap_agent_client::Client as BootstrapAgentClient; use bootstore::schemes::v0 as bootstore; +use camino::Utf8PathBuf; use futures::StreamExt; use futures::stream::FuturesUnordered; use omicron_common::backoff::BackoffError; @@ -54,7 +55,14 @@ impl RssHandle { bootstore: bootstore::NodeHandle, step_tx: watch::Sender, ) -> Result<(), SetupServiceError> { - let (tx, rx) = rss_channel(our_bootstrap_address, sprockets); + let corpus = + crate::bootstrap::measurements::sled_new_measurement_paths( + &internal_disks_rx, + ) + .await + .map_err(SetupServiceError::MeasurementError)?; + + let (tx, rx) = rss_channel(our_bootstrap_address, sprockets, corpus); let rss = RackSetupService::new( log.new(o!("component" => "RSS")), @@ -74,8 +82,9 @@ impl RssHandle { log: &Logger, our_bootstrap_address: Ipv6Addr, sprockets: SprocketsConfig, + corpus: Vec, ) -> Result<(), SetupServiceError> { - let (tx, rx) = rss_channel(our_bootstrap_address, sprockets); + let (tx, rx) = rss_channel(our_bootstrap_address, sprockets, corpus); let rss = RackSetupService::new_reset_rack( log.new(o!("component" => "RSS")), @@ -92,11 +101,13 @@ async fn initialize_sled_agent( log: &Logger, bootstrap_addr: SocketAddrV6, sprockets: SprocketsConfig, + corpus: Vec, request: &StartSledAgentRequest, ) -> Result<(), bootstrap_agent_client::Error> { let client = bootstrap_agent_client::Client::new( bootstrap_addr, sprockets, + corpus, log.new(o!("BootstrapAgentClient" => bootstrap_addr.to_string())), ); @@ -128,11 +139,12 @@ async fn initialize_sled_agent( fn rss_channel( our_bootstrap_address: Ipv6Addr, sprockets: SprocketsConfig, + corpus: Vec, ) -> (BootstrapAgentHandle, BootstrapAgentHandleReceiver) { let (tx, rx) = mpsc::channel(32); ( BootstrapAgentHandle { inner: tx, our_bootstrap_address }, - BootstrapAgentHandleReceiver { inner: rx, sprockets }, + BootstrapAgentHandleReceiver { inner: rx, sprockets, corpus }, ) } @@ -204,6 +216,7 @@ impl BootstrapAgentHandle { struct BootstrapAgentHandleReceiver { inner: mpsc::Receiver, sprockets: SprocketsConfig, + corpus: Vec, } impl BootstrapAgentHandleReceiver { @@ -224,10 +237,12 @@ impl BootstrapAgentHandleReceiver { // of the initialization requests, allowing them to run concurrently. let s = self.sprockets.clone(); + let corp = self.corpus.clone(); let mut futs = requests .into_iter() .map(|(bootstrap_addr, request)| { let value = s.clone(); + let corpus = corp.clone(); async move { info!( log, "Received initialization request from RSS"; @@ -239,6 +254,7 @@ impl BootstrapAgentHandleReceiver { log, bootstrap_addr, value, + corpus, &request, ) .await diff --git a/sled-agent/src/bootstrap/server.rs b/sled-agent/src/bootstrap/server.rs index d18b42a3466..9cc8052b5b0 100644 --- a/sled-agent/src/bootstrap/server.rs +++ b/sled-agent/src/bootstrap/server.rs @@ -12,6 +12,7 @@ use super::views::SledAgentResponse; use crate::bootstrap::config::BOOTSTRAP_AGENT_RACK_INIT_PORT; use crate::bootstrap::http_entrypoints::BootstrapServerContext; use crate::bootstrap::maghemite; +use crate::bootstrap::measurements::MeasurementError; use crate::bootstrap::pre_server::BootstrapAgentStartup; use crate::bootstrap::pumpkind; use crate::bootstrap::rack_ops::RssAccess; @@ -155,6 +156,9 @@ pub enum StartError { #[error("Failed to initialize lrtq node as learner: {0}")] FailedLearnerInit(bootstore::NodeRequestError), + + #[error("Measurment error")] + MeasurementError(#[source] MeasurementError), } /// Server for the bootstrap agent. @@ -204,6 +208,13 @@ impl Server { // enqueue another, and we can send back an HTTP busy. let (sled_reset_tx, sled_reset_rx) = mpsc::channel(1); + let all_measurements = + crate::bootstrap::measurements::sled_new_measurement_paths( + &internal_disks_rx, + ) + .await + .map_err(StartError::MeasurementError)?; + // Start the bootstrap dropshot server. let bootstrap_context = BootstrapServerContext { base_log: base_log.clone(), @@ -239,7 +250,8 @@ impl Server { ) .await .map_err(StartError::BindSprocketsServer)?; - let sprockets_server_handle = tokio::spawn(sprockets_server.run()); + let sprockets_server_handle = + tokio::spawn(sprockets_server.run(all_measurements)); // Do we have a persistent sled-agent request that we need to restore? let state = if let Some(ledger) = maybe_ledger { diff --git a/sled-agent/src/bootstrap/sprockets_server.rs b/sled-agent/src/bootstrap/sprockets_server.rs index 17eb51eb48b..a9b0a591ff3 100644 --- a/sled-agent/src/bootstrap/sprockets_server.rs +++ b/sled-agent/src/bootstrap/sprockets_server.rs @@ -10,6 +10,7 @@ use crate::bootstrap::params::version; use crate::bootstrap::views::Response; use crate::bootstrap::views::ResponseEnvelope; use crate::bootstrap::views::SledAgentResponse; +use camino::Utf8PathBuf; use sled_agent_types::sled::StartSledAgentRequest; use slog::Logger; use sprockets_tls::Stream; @@ -59,19 +60,24 @@ impl SprocketsServer { /// which is cancel-safe. Note that cancelling this /// server does not necessarily cancel any outstanding requests that it has /// already received (and which may still be executing). - pub(super) async fn run(mut self) { + pub(super) async fn run(mut self, corpus: Vec) { loop { // Sprockets actually _uses_ the key here! - let (stream, remote_addr) = match self.listener.accept().await { - Ok(conn) => conn, - Err(err) => { - error!(self.log, "accept() failed"; "err" => #%err); - continue; - } - }; + let (stream, remote_addr) = + match self.listener.accept(&corpus).await { + Ok(conn) => conn, + Err(err) => { + error!(self.log, "accept() failed"; "err" => #%err); + continue; + } + }; let log = self.log.new(o!("remote_addr" => remote_addr)); - info!(log, "Accepted connection"); + info!( + log, + "Accepted connection from peer {:?}", + stream.peer_platform_id() + ); let tx_requests = self.tx_requests.clone(); tokio::spawn(async move { diff --git a/sled-agent/src/http_entrypoints.rs b/sled-agent/src/http_entrypoints.rs index cd51cb39e61..9233ddb829f 100644 --- a/sled-agent/src/http_entrypoints.rs +++ b/sled-agent/src/http_entrypoints.rs @@ -785,9 +785,20 @@ impl SledAgentApi for SledAgentImpl { )); } + let corpus = sa.corpus().await.map_err(|e| { + let message = format!("Failed to add sled to rack cluster: {e}"); + HttpError { + status_code: ErrorStatusCode::INTERNAL_SERVER_ERROR, + error_code: None, + external_message: message.clone(), + internal_message: message, + headers: None, + } + })?; crate::sled_agent::sled_add( sa.logger().clone(), sa.sprockets().clone(), + corpus, request.sled_id, request.start_request, ) diff --git a/sled-agent/src/rack_setup/service.rs b/sled-agent/src/rack_setup/service.rs index 508733d4f2e..4837512e93f 100644 --- a/sled-agent/src/rack_setup/service.rs +++ b/sled-agent/src/rack_setup/service.rs @@ -250,6 +250,9 @@ pub enum SetupServiceError { #[error("Rack initialization was interrupted. Clean-slate required")] RackInitInterrupted, + + #[error("Measurement Error: {0}")] + MeasurementError(crate::bootstrap::measurements::MeasurementError), } // The workload / information allocated to a single sled. diff --git a/sled-agent/src/sled_agent.rs b/sled-agent/src/sled_agent.rs index f38012e264c..1a60eda990e 100644 --- a/sled-agent/src/sled_agent.rs +++ b/sled-agent/src/sled_agent.rs @@ -721,6 +721,14 @@ impl SledAgent { self.sprockets.clone() } + pub async fn corpus(&self) -> Result, AddSledError> { + crate::bootstrap::measurements::sled_new_measurement_paths( + &self.inner.config_reconciler.internal_disks_rx(), + ) + .await + .map_err(AddSledError::MeasurementError) + } + /// Trigger a request to Nexus informing it that the current sled exists, /// with information about the existing set of hardware. pub(crate) async fn notify_nexus_about_self(&self, log: &Logger) { @@ -1204,12 +1212,15 @@ pub enum AddSledError { sled_id: Baseboard, err: crate::bootstrap::client::Error, }, + #[error("Measurement error: {0}")] + MeasurementError(crate::bootstrap::measurements::MeasurementError), } /// Add a sled to an initialized rack. pub async fn sled_add( log: Logger, sprockets_config: SprocketsConfig, + corpus: Vec, sled_id: BaseboardId, request: StartSledAgentRequest, ) -> Result<(), AddSledError> { @@ -1270,6 +1281,7 @@ pub async fn sled_add( let client = crate::bootstrap::client::Client::new( bootstrap_addr, sprockets_config, + corpus, log.new(o!("BootstrapAgentClient" => bootstrap_addr.to_string())), ); diff --git a/smf/sled-agent/gimlet-standalone/config.toml b/smf/sled-agent/gimlet-standalone/config.toml index 5fee0a76d5a..ebd101adef4 100644 --- a/smf/sled-agent/gimlet-standalone/config.toml +++ b/smf/sled-agent/gimlet-standalone/config.toml @@ -76,4 +76,5 @@ if_exists = "append" [sprockets] resolve = { which = "ipcc" } +attest = { which = "ipcc" } roots = ["/usr/share/oxide/idcerts/staging.pem", "/usr/share/oxide/idcerts/production.pem"] diff --git a/smf/sled-agent/gimlet/config.toml b/smf/sled-agent/gimlet/config.toml index caca6d4fcd1..6f9e54ab9c5 100644 --- a/smf/sled-agent/gimlet/config.toml +++ b/smf/sled-agent/gimlet/config.toml @@ -72,4 +72,5 @@ if_exists = "append" [sprockets] resolve = { which = "ipcc" } +attest = { which = "ipcc" } roots = ["/usr/share/oxide/idcerts/staging.pem", "/usr/share/oxide/idcerts/production.pem"] diff --git a/smf/sled-agent/non-gimlet/config.kdl b/smf/sled-agent/non-gimlet/config.kdl index b24fa86870c..17931ff36bc 100644 --- a/smf/sled-agent/non-gimlet/config.kdl +++ b/smf/sled-agent/non-gimlet/config.kdl @@ -77,46 +77,6 @@ certificate "test-signer-a1" { } } -key-pair "test-signer-a2" { - p384 -} - -entity "test-signer-a2" { - country-name "US" - organization-name "Oxide Computer Company" - common-name "test-platformid-1 Signer Staging A2" -} - -certificate "test-signer-a2" { - issuer-certificate "test-root-a" - issuer-key "test-root-a" - - subject-entity "test-signer-a2" - subject-key "test-signer-a2" - - digest-algorithm "sha-384" - not-after "9999-12-31T23:59:59Z" - serial-number "01" - - extensions { - subject-key-identifier critical=false - authority-key-identifier critical=false { - key-id - } - - basic-constraints critical=true ca=true - key-usage critical=true { - key-cert-sign - crl-sign - } - certificate-policies critical=true { - oana-platform-identity - tcg-dice-kp-identity-init - tcg-dice-kp-attest-init - tcg-dice-kp-eca - } - } -} /// Device 1 key-pair "test-platformid-1" { ed25519 @@ -166,7 +126,7 @@ key-pair "test-deviceid-1" { entity "test-deviceid-1" { country-name "US" organization-name "Oxide Computer Company" - common-name "/C=US/O=Oxide Computer Company/CN=test-deviceid-1" + common-name "test-deviceid-1" } certificate "test-deviceid-1" { @@ -207,7 +167,7 @@ key-pair "test-sprockets-auth-1" { entity "test-sprockets-auth-1" { country-name "US" organization-name "Oxide Computer Company" - common-name "/C=US/O=Oxide Computer Company/CN=test-sprockets-auth-1" + common-name "test-sprockets-auth-1" } certificate "test-sprockets-auth-1" { @@ -241,6 +201,58 @@ certificate "test-sprockets-auth-1" { } } +// TODO: sprockets reverses this cert chain before passing it to rustls +certificate-list "test-sprockets-auth-1" \ + "test-signer-a1" \ + "test-platformid-1" \ + "test-deviceid-1" \ + "test-sprockets-auth-1" + +key-pair "test-alias-1" { + ed25519 +} + +entity "test-alias-1" { + country-name "US" + organization-name "Oxide Computer Company" + common-name "alias" +} + +certificate "test-alias-1" { + issuer-certificate "test-deviceid-1" + issuer-key "test-deviceid-1" + + subject-entity "test-alias-1" + subject-key "test-alias-1" + + not-after "9999-12-31T23:59:59Z" + serial-number "00" + + extensions { + basic-constraints critical=true ca=false + key-usage critical=true { + digital-signature + } + certificate-policies critical=true { + tcg-dice-kp-attest-init + } + dice-tcb-info critical=true { + fwid-list { + fwid { + digest-algorithm "sha3-256" + digest "72fa8f8ea84a42251031366002cbb36281d0131f78cd680436116a720cdd9de5" + } + } + } + } +} + +certificate-list "test-alias-1" \ + "test-alias-1" \ + "test-deviceid-1" \ + "test-platformid-1" \ + "test-signer-a1" + /// Device 2 key-pair "test-platformid-2" { @@ -291,7 +303,7 @@ key-pair "test-deviceid-2" { entity "test-deviceid-2" { country-name "US" organization-name "Oxide Computer Company" - common-name "/C=US/O=Oxide Computer Company/CN=test-deviceid-2" + common-name "test-deviceid-2" } certificate "test-deviceid-2" { @@ -332,7 +344,7 @@ key-pair "test-sprockets-auth-2" { entity "test-sprockets-auth-2" { country-name "US" organization-name "Oxide Computer Company" - common-name "/C=US/O=Oxide Computer Company/CN=test-sprockets-auth-2" + common-name "test-sprockets-auth-2" } certificate "test-sprockets-auth-2" { @@ -366,3 +378,54 @@ certificate "test-sprockets-auth-2" { } } +// TODO: sprockets reverses this cert chain before passing it to rustls +certificate-list "test-sprockets-auth-2" \ + "test-signer-a1" \ + "test-platformid-2" \ + "test-deviceid-2" \ + "test-sprockets-auth-2" + +key-pair "test-alias-2" { + ed25519 +} + +entity "test-alias-2" { + country-name "US" + organization-name "Oxide Computer Company" + common-name "alias" +} + +certificate "test-alias-2" { + issuer-certificate "test-deviceid-2" + issuer-key "test-deviceid-2" + + subject-entity "test-alias-2" + subject-key "test-alias-2" + + not-after "9999-12-31T23:59:59Z" + serial-number "00" + + extensions { + basic-constraints critical=true ca=false + key-usage critical=true { + digital-signature + } + certificate-policies critical=true { + tcg-dice-kp-attest-init + } + dice-tcb-info critical=true { + fwid-list { + fwid { + digest-algorithm "sha3-256" + digest "72fa8f8ea84a42251031366002cbb36281d0131f78cd680436116a720cdd9de5" + } + } + } + } +} + +certificate-list "test-alias-2" \ + "test-alias-2" \ + "test-deviceid-2" \ + "test-platformid-2" \ + "test-signer-a1" diff --git a/smf/sled-agent/non-gimlet/config.toml b/smf/sled-agent/non-gimlet/config.toml index d182f1bc927..207202adac2 100644 --- a/smf/sled-agent/non-gimlet/config.toml +++ b/smf/sled-agent/non-gimlet/config.toml @@ -121,4 +121,5 @@ if_exists = "append" # See the .kdl file for use with pki-playground for generating [sprockets] resolve = { which = "local", priv_key = "/opt/oxide/sled-agent/pkg/sprockets-auth.key.pem", cert_chain = "/opt/oxide/sled-agent/pkg/sprockets-chain.pem" } +attest = { which = "local", priv_key = "/opt/oxide/sled-agent/pkg/sprockets-attest.key.pem", cert_chain = "/opt/oxide/sled-agent/pkg/sprockets-attest-chain.pem", log = "/opt/oxide/sled-agent/pkg/sprockets-log.bin" } roots = ["/opt/oxide/sled-agent/pkg/root.cert.pem"] diff --git a/smf/sled-agent/non-gimlet/root.cert.pem b/smf/sled-agent/non-gimlet/root.cert.pem index 6b3844fa5c1..2698b5c95fe 100644 --- a/smf/sled-agent/non-gimlet/root.cert.pem +++ b/smf/sled-agent/non-gimlet/root.cert.pem @@ -1,14 +1,14 @@ -----BEGIN CERTIFICATE----- -MIICNTCCAbugAwIBAgIBADAKBggqhkjOPQQDAzBEMQswCQYDVQQGEwJVUzEfMB0G +MIICNjCCAbugAwIBAgIBADAKBggqhkjOPQQDAzBEMQswCQYDVQQGEwJVUzEfMB0G A1UECgwWT3hpZGUgQ29tcHV0ZXIgQ29tcGFueTEUMBIGA1UEAwwLdGVzdC1yb290 -LWEwIBcNMjQwNjEyMTYzMjM3WhgPOTk5OTEyMzEyMzU5NTlaMEQxCzAJBgNVBAYT +LWEwIBcNMjUwNzE3MjM1MjAyWhgPOTk5OTEyMzEyMzU5NTlaMEQxCzAJBgNVBAYT AlVTMR8wHQYDVQQKDBZPeGlkZSBDb21wdXRlciBDb21wYW55MRQwEgYDVQQDDAt0 -ZXN0LXJvb3QtYTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMTVjqvxuneT7jaxw6AJ -qqTY3wKithGZt2PUF1TI1AMhnJtfomYjqkQutd+uLhWW5Kq4KXSfZm3OUdZYODZx -n96zENU/iBwq0c0/+FcZEEGQpoSFU5gFfK2/NeMAI3i8c6N/MH0wHQYDVR0OBBYE -FA32eUa3XQ7AOCxvlhiPSVrs/q76MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ +ZXN0LXJvb3QtYTB2MBAGByqGSM49AgEGBSuBBAAiA2IABFsoJvbvOh6jULakcq5J +syiG+X7hmTiDVFw5wbRp5x+hM0OV1URU6gF1fvHMnx3TS6r2VhUcRn6jvje958Kf +FoQW02GTwuMw2zXzXl4X/LTQWjpIqmr0/YBeLEzIRUTiiKN/MH0wHQYDVR0OBBYE +FK4mUY+okoRWTHZvwbpMqqYj1zQxMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ BAQDAgEGMDsGA1UdIAEB/wQxMC8wDAYKKwYBBAGDwU8BAzAJBgdngQUFBGQGMAkG -B2eBBQUEZAgwCQYHZ4EFBQRkDDAKBggqhkjOPQQDAwNoADBlAjB8UhO0TeULDm2k -RAnyzd1aVissw+BCZGvRsoVuH/Z7i9Yb/fu4pejwuECKO0D7eJUCMQDafRL3gT55 -NBb2W+z8WGKS8B2JIO/Gonnx4XXPYXDsOXlYyGKPqh+VOCRNT7KcQ30= +B2eBBQUEZAgwCQYHZ4EFBQRkDDAKBggqhkjOPQQDAwNpADBmAjEAhDlimZx4MQoR +TtLN1P1sQimopsxXOYgF3a2MkTHIxKuPAwG8KOYUbN/pQ8z2sljUAjEAtjH7Fp1a +IlVT6bbRJX1wXkF6Z13VWcgjGJ7q6GSfw6Ef5/SthSGRJ59EU0WNXrRy -----END CERTIFICATE----- diff --git a/smf/sled-agent/non-gimlet/sprockets-attest-chain.pem b/smf/sled-agent/non-gimlet/sprockets-attest-chain.pem new file mode 100644 index 00000000000..a7b2dafdbd8 --- /dev/null +++ b/smf/sled-agent/non-gimlet/sprockets-attest-chain.pem @@ -0,0 +1,54 @@ +-----BEGIN CERTIFICATE----- +MIIBsjCCAWSgAwIBAgIBADAFBgMrZXAwSDELMAkGA1UEBhMCVVMxHzAdBgNVBAoM +Fk94aWRlIENvbXB1dGVyIENvbXBhbnkxGDAWBgNVBAMMD3Rlc3QtZGV2aWNlaWQt +MTAgFw0yNTA3MTcyMzUyMDJaGA85OTk5MTIzMTIzNTk1OVowPjELMAkGA1UEBhMC +VVMxHzAdBgNVBAoMFk94aWRlIENvbXB1dGVyIENvbXBhbnkxDjAMBgNVBAMMBWFs +aWFzMCowBQYDK2VwAyEAUXZIqDGOUSFhfTkHETe59fMWckj9cdtkUXNJccGkxOyj +ezB5MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMBcGA1UdIAEB/wQNMAsw +CQYHZ4EFBQRkCDBABgZngQUFBAEBAf8EMzAxpi8wLQYJYIZIAWUDBAIIBCBy+o+O +qEpCJRAxNmACy7NigdATH3jNaAQ2EWpyDN2d5TAFBgMrZXADQQA4Jm+PChgzq9UM +B4ovepdX0dMRw6h/hys5pKl1P2U+9AEiQuuToQmZNDiaAtLWZB3ayXqGAsX6A9xB +luIl6dwB +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB9DCCAaagAwIBAgIBAzAFBgMrZXAwWTELMAkGA1UEBhMCVVMxHzAdBgNVBAoM +Fk94aWRlIENvbXB1dGVyIENvbXBhbnkxKTAnBgNVBAMMIFBEVjI6UFBQLVBQUFBQ +UFA6UlJSOlNTU1NTU1NTU1MxMCAXDTI1MDcxNzIzNTIwMloYDzk5OTkxMjMxMjM1 +OTU5WjBIMQswCQYDVQQGEwJVUzEfMB0GA1UECgwWT3hpZGUgQ29tcHV0ZXIgQ29t +cGFueTEYMBYGA1UEAwwPdGVzdC1kZXZpY2VpZC0xMCowBQYDK2VwAyEAbI0YknU5 +SGgXiRTWtQ81rJII1Nj6qpR2+4Vg9SJs6m+jgaEwgZ4wHQYDVR0OBBYEFBfF3d1z +3itfdQxZAuDr6Dy9u2VKMB8GA1UdIwQYMBaAFMpcjEGodfTZCWhy/C0+qhQcPV7f +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMDsGA1UdIAEB/wQxMC8w +DAYKKwYBBAGDwU8BAzAJBgdngQUFBGQGMAkGB2eBBQUEZAgwCQYHZ4EFBQRkDDAF +BgMrZXADQQByIHIWf+2+wWtj4lgJ0ctyhvhxVHUi4Y14VXyn0E751z5TjhE+H9jE +0JNZ9DKQRLfDVPJkh8oOIyDmrmG1sGQJ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICIzCCAaqgAwIBAgIBAjAKBggqhkjOPQQDAzBHMQswCQYDVQQGEwJVUzEfMB0G +A1UECgwWT3hpZGUgQ29tcHV0ZXIgQ29tcGFueTEXMBUGA1UEAwwOdGVzdC1zaWdu +ZXItYTEwIBcNMjUwNzE3MjM1MjAyWhgPOTk5OTEyMzEyMzU5NTlaMFkxCzAJBgNV +BAYTAlVTMR8wHQYDVQQKDBZPeGlkZSBDb21wdXRlciBDb21wYW55MSkwJwYDVQQD +DCBQRFYyOlBQUC1QUFBQUFBQOlJSUjpTU1NTU1NTU1NTMTAqMAUGAytlcAMhAJkr +ThswA4PBB1ozVUyvWgh7vbblDf9aYNIymu1NZQEfo4GhMIGeMB0GA1UdDgQWBBTK +XIxBqHX02QlocvwtPqoUHD1e3zAfBgNVHSMEGDAWgBSBxc2E4Rnj7v7MpPkmbt/h +GyKeYzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA7BgNVHSABAf8E +MTAvMAwGCisGAQQBg8FPAQMwCQYHZ4EFBQRkBjAJBgdngQUFBGQIMAkGB2eBBQUE +ZAwwCgYIKoZIzj0EAwMDZwAwZAIwMz5+8zFipptX2gjVKS7z8aW4MX5FZ3DMBexs +d0LWqpZFOuPhdF3qwVwy6o0OTx7QAjA0+TzvaFRRRhHqHT9rsFAXUZtNtspfO1WJ +SuGmMcou/n15AHvVdkEVNwly9o82HvQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICWzCCAeGgAwIBAgIBATAKBggqhkjOPQQDAzBEMQswCQYDVQQGEwJVUzEfMB0G +A1UECgwWT3hpZGUgQ29tcHV0ZXIgQ29tcGFueTEUMBIGA1UEAwwLdGVzdC1yb290 +LWEwIBcNMjUwNzE3MjM1MjAyWhgPOTk5OTEyMzEyMzU5NTlaMEcxCzAJBgNVBAYT +AlVTMR8wHQYDVQQKDBZPeGlkZSBDb21wdXRlciBDb21wYW55MRcwFQYDVQQDDA50 +ZXN0LXNpZ25lci1hMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABAhPpgkRwXCn013A +iOSJEqcoRf1GusXmHBnrZGzVEwQZLsHmYlH67fuH5Kxy5UyCHgZPP9XZJftFq9s7 +1qoQSd5hKcSiGix50agGXljfCcsZBGmndCBWDP43PG1R9Wjm46OBoTCBnjAdBgNV +HQ4EFgQUgcXNhOEZ4+7+zKT5Jm7f4RsinmMwHwYDVR0jBBgwFoAUriZRj6iShFZM +dm/BukyqpiPXNDEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwOwYD +VR0gAQH/BDEwLzAMBgorBgEEAYPBTwEDMAkGB2eBBQUEZAYwCQYHZ4EFBQRkCDAJ +BgdngQUFBGQMMAoGCCqGSM49BAMDA2gAMGUCMBgCuv42ED7ZC3jdfmnu45BKJT4Q +fOT08GcnsXEdhgRHG9FsiczPbrm2TjwcaWRgpgIxAMLki94bNupN1l8vJQSfENZ5 +S7fm3UjPNZlUHEWqVa5r9Ir+4BJkO2ScPkLqL57DrA== +-----END CERTIFICATE----- diff --git a/smf/sled-agent/non-gimlet/sprockets-attest.key.pem b/smf/sled-agent/non-gimlet/sprockets-attest.key.pem new file mode 100644 index 00000000000..caaf1c8c728 --- /dev/null +++ b/smf/sled-agent/non-gimlet/sprockets-attest.key.pem @@ -0,0 +1,4 @@ +-----BEGIN PRIVATE KEY----- +MFECAQEwBQYDK2VwBCIEIBHikYQAZaDLehZcmExdbIXbaOhy/VTstrwkyz6BhPSr +gSEAUXZIqDGOUSFhfTkHETe59fMWckj9cdtkUXNJccGkxOw= +-----END PRIVATE KEY----- diff --git a/smf/sled-agent/non-gimlet/sprockets-auth.key-alt.pem b/smf/sled-agent/non-gimlet/sprockets-auth.key-alt.pem deleted file mode 100644 index c7081af3783..00000000000 --- a/smf/sled-agent/non-gimlet/sprockets-auth.key-alt.pem +++ /dev/null @@ -1,4 +0,0 @@ ------BEGIN PRIVATE KEY----- -MFECAQEwBQYDK2VwBCIEIKUDZEeGHACBfyzsrpIbUq+9ieb/Sjv4SUYYVPSH9AYb -gSEAmVwM+SRtpiGqGYHgHCGN4iGdfZ39ML9WrPIYCtFJLyU= ------END PRIVATE KEY----- diff --git a/smf/sled-agent/non-gimlet/sprockets-auth.key.pem b/smf/sled-agent/non-gimlet/sprockets-auth.key.pem index ef762303f44..43b636d0074 100644 --- a/smf/sled-agent/non-gimlet/sprockets-auth.key.pem +++ b/smf/sled-agent/non-gimlet/sprockets-auth.key.pem @@ -1,4 +1,4 @@ -----BEGIN PRIVATE KEY----- -MFECAQEwBQYDK2VwBCIEIP//7ZHeb32TVF+0V21Fk7IU51xMnjOQ/VfCnM4YsoWC -gSEA3YfArFPuOHDoQj3aO5VSyuOIPfbAuEpB93dnYnZlM2U= +MFECAQEwBQYDK2VwBCIEIIo2H/nd1jqLtM9v0UzVc67Zgpgigvq6hBSc32gJ36ts +gSEABFi4YFeNMMddHHrQKkEaIaD3X8+ueF5vCe6dVfHQAJs= -----END PRIVATE KEY----- diff --git a/smf/sled-agent/non-gimlet/sprockets-chain-alt.pem b/smf/sled-agent/non-gimlet/sprockets-chain-alt.pem deleted file mode 100644 index 1daa5eb7fa6..00000000000 --- a/smf/sled-agent/non-gimlet/sprockets-chain-alt.pem +++ /dev/null @@ -1,71 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICNTCCAbugAwIBAgIBADAKBggqhkjOPQQDAzBEMQswCQYDVQQGEwJVUzEfMB0G -A1UECgwWT3hpZGUgQ29tcHV0ZXIgQ29tcGFueTEUMBIGA1UEAwwLdGVzdC1yb290 -LWEwIBcNMjQwNjEyMTYzMjM3WhgPOTk5OTEyMzEyMzU5NTlaMEQxCzAJBgNVBAYT -AlVTMR8wHQYDVQQKDBZPeGlkZSBDb21wdXRlciBDb21wYW55MRQwEgYDVQQDDAt0 -ZXN0LXJvb3QtYTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMTVjqvxuneT7jaxw6AJ -qqTY3wKithGZt2PUF1TI1AMhnJtfomYjqkQutd+uLhWW5Kq4KXSfZm3OUdZYODZx -n96zENU/iBwq0c0/+FcZEEGQpoSFU5gFfK2/NeMAI3i8c6N/MH0wHQYDVR0OBBYE -FA32eUa3XQ7AOCxvlhiPSVrs/q76MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ -BAQDAgEGMDsGA1UdIAEB/wQxMC8wDAYKKwYBBAGDwU8BAzAJBgdngQUFBGQGMAkG -B2eBBQUEZAgwCQYHZ4EFBQRkDDAKBggqhkjOPQQDAwNoADBlAjB8UhO0TeULDm2k -RAnyzd1aVissw+BCZGvRsoVuH/Z7i9Yb/fu4pejwuECKO0D7eJUCMQDafRL3gT55 -NBb2W+z8WGKS8B2JIO/Gonnx4XXPYXDsOXlYyGKPqh+VOCRNT7KcQ30= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICWzCCAeGgAwIBAgIBATAKBggqhkjOPQQDAzBEMQswCQYDVQQGEwJVUzEfMB0G -A1UECgwWT3hpZGUgQ29tcHV0ZXIgQ29tcGFueTEUMBIGA1UEAwwLdGVzdC1yb290 -LWEwIBcNMjQwNjEyMTYzMjM3WhgPOTk5OTEyMzEyMzU5NTlaMEcxCzAJBgNVBAYT -AlVTMR8wHQYDVQQKDBZPeGlkZSBDb21wdXRlciBDb21wYW55MRcwFQYDVQQDDA50 -ZXN0LXNpZ25lci1hMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABPvzr9YC1dTt1uax -prUzHywnDNkWITkTfAEyLb39QFMntcflGIMhTIPqGx27kc/HfwC1YyMt9ILHM9tp -BOmrv87r4FU0LFGTtnxusAbOFG9XqVGr/N8U6kbA5dzYDgqo7aOBoTCBnjAdBgNV -HQ4EFgQUCi1ys6RafYnKs4DOu/c/BrvD/1cwHwYDVR0jBBgwFoAUDfZ5RrddDsA4 -LG+WGI9JWuz+rvowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwOwYD -VR0gAQH/BDEwLzAMBgorBgEEAYPBTwEDMAkGB2eBBQUEZAYwCQYHZ4EFBQRkCDAJ -BgdngQUFBGQMMAoGCCqGSM49BAMDA2gAMGUCMQCrf7KzLwY7vUlW0eYEQQpKfTI3 -NLK9P/KNeLW4/TzTCPOKCqcHVi3hQsVkkZlWOO4CMCB0SzgmFUNMmRv3xBJBhiX6 -Kq9QPbDQqzCIGBFa25n6vPhjtx+6J6nliA75I5RNhw== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICJDCCAaqgAwIBAgIBBTAKBggqhkjOPQQDAzBHMQswCQYDVQQGEwJVUzEfMB0G -A1UECgwWT3hpZGUgQ29tcHV0ZXIgQ29tcGFueTEXMBUGA1UEAwwOdGVzdC1zaWdu -ZXItYTEwIBcNMjQwNjEyMTYzMjM3WhgPOTk5OTEyMzEyMzU5NTlaMFkxCzAJBgNV -BAYTAlVTMR8wHQYDVQQKDBZPeGlkZSBDb21wdXRlciBDb21wYW55MSkwJwYDVQQD -DCBQRFYyOlBQUC1QUFBQUFBQOlJSUjpTU1NTU1NTU1NTMjAqMAUGAytlcAMhAC6v -VVNb07pjsmCKwVPSF7U0TTJFrnMC9E4PDnHM/7JRo4GhMIGeMB0GA1UdDgQWBBRx -goYgaGVc+T9YqT15DGl3BEMixzAfBgNVHSMEGDAWgBQKLXKzpFp9icqzgM679z8G -u8P/VzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA7BgNVHSABAf8E -MTAvMAwGCisGAQQBg8FPAQMwCQYHZ4EFBQRkBjAJBgdngQUFBGQIMAkGB2eBBQUE -ZAwwCgYIKoZIzj0EAwMDaAAwZQIwb520J1OCeaQsqgl2Mn8mmc6HZ4FkvO+7c4EA -+FZPSLKzqz4X6q6XU5iejyaCtsX9AjEAv08JXjmx1fZsamXGD6CCLXpZ62NP7AmI -HVNVrJF9u1ilq6i1IBZLo0hiH9o9pc0Y ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICFjCCAcigAwIBAgIBBjAFBgMrZXAwWTELMAkGA1UEBhMCVVMxHzAdBgNVBAoM -Fk94aWRlIENvbXB1dGVyIENvbXBhbnkxKTAnBgNVBAMMIFBEVjI6UFBQLVBQUFBQ -UFA6UlJSOlNTU1NTU1NTU1MyMCAXDTI0MDYxMjE2MzIzN1oYDzk5OTkxMjMxMjM1 -OTU5WjBqMQswCQYDVQQGEwJVUzEfMB0GA1UECgwWT3hpZGUgQ29tcHV0ZXIgQ29t -cGFueTE6MDgGA1UEAwwxL0M9VVMvTz1PeGlkZSBDb21wdXRlciBDb21wYW55L0NO -PXRlc3QtZGV2aWNlaWQtMjAqMAUGAytlcAMhAE756gouns/hdjAqi/63hdat3du6 -8oaIKk3IA9+wbZaho4GhMIGeMB0GA1UdDgQWBBSBtoW77Dcr/cJfdX4ENFqnKYcc -iDAfBgNVHSMEGDAWgBRxgoYgaGVc+T9YqT15DGl3BEMixzAPBgNVHRMBAf8EBTAD -AQH/MA4GA1UdDwEB/wQEAwIBBjA7BgNVHSABAf8EMTAvMAwGCisGAQQBg8FPAQMw -CQYHZ4EFBQRkBjAJBgdngQUFBGQIMAkGB2eBBQUEZAwwBQYDK2VwA0EAjM+oIvmZ -o/dLqvHRfNk6pi16L+jvauI5YF1wEU33mtSE0Y6lZe1Fb/Ngd3BjvDSQHOTuqf4Z -50iLHgs3YSAeDg== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICKjCCAdygAwIBAgIBBzAFBgMrZXAwajELMAkGA1UEBhMCVVMxHzAdBgNVBAoM -Fk94aWRlIENvbXB1dGVyIENvbXBhbnkxOjA4BgNVBAMMMS9DPVVTL089T3hpZGUg -Q29tcHV0ZXIgQ29tcGFueS9DTj10ZXN0LWRldmljZWlkLTIwIBcNMjQwNjEyMTYz -MjM3WhgPOTk5OTEyMzEyMzU5NTlaMHAxCzAJBgNVBAYTAlVTMR8wHQYDVQQKDBZP -eGlkZSBDb21wdXRlciBDb21wYW55MUAwPgYDVQQDDDcvQz1VUy9PPU94aWRlIENv -bXB1dGVyIENvbXBhbnkvQ049dGVzdC1zcHJvY2tldHMtYXV0aC0yMCowBQYDK2Vw -AyEAmVwM+SRtpiGqGYHgHCGN4iGdfZ39ML9WrPIYCtFJLyWjgZ4wgZswHQYDVR0O -BBYEFNgfznrPDccOzgKULsJ7hy99LsuPMB8GA1UdIwQYMBaAFIG2hbvsNyv9wl91 -fgQ0WqcphxyIMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgbAMDsGA1UdIAEB -/wQxMC8wDAYKKwYBBAGDwU8BAzAJBgdngQUFBGQGMAkGB2eBBQUEZAgwCQYHZ4EF -BQRkDDAFBgMrZXADQQAo2/htLqYgimB91FhnygEmc2zIFyq63IhKSf/zZVCZBBtX -2w0VqGgy4wQwWQVpfdCj4eaLqrFqgAEsmMrrlIMF ------END CERTIFICATE----- diff --git a/smf/sled-agent/non-gimlet/sprockets-chain.pem b/smf/sled-agent/non-gimlet/sprockets-chain.pem index 04a04fd00cf..11e91c17edd 100644 --- a/smf/sled-agent/non-gimlet/sprockets-chain.pem +++ b/smf/sled-agent/non-gimlet/sprockets-chain.pem @@ -1,71 +1,55 @@ -----BEGIN CERTIFICATE----- -MIICNTCCAbugAwIBAgIBADAKBggqhkjOPQQDAzBEMQswCQYDVQQGEwJVUzEfMB0G -A1UECgwWT3hpZGUgQ29tcHV0ZXIgQ29tcGFueTEUMBIGA1UEAwwLdGVzdC1yb290 -LWEwIBcNMjQwNjEyMTYzMjM3WhgPOTk5OTEyMzEyMzU5NTlaMEQxCzAJBgNVBAYT -AlVTMR8wHQYDVQQKDBZPeGlkZSBDb21wdXRlciBDb21wYW55MRQwEgYDVQQDDAt0 -ZXN0LXJvb3QtYTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMTVjqvxuneT7jaxw6AJ -qqTY3wKithGZt2PUF1TI1AMhnJtfomYjqkQutd+uLhWW5Kq4KXSfZm3OUdZYODZx -n96zENU/iBwq0c0/+FcZEEGQpoSFU5gFfK2/NeMAI3i8c6N/MH0wHQYDVR0OBBYE -FA32eUa3XQ7AOCxvlhiPSVrs/q76MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ -BAQDAgEGMDsGA1UdIAEB/wQxMC8wDAYKKwYBBAGDwU8BAzAJBgdngQUFBGQGMAkG -B2eBBQUEZAgwCQYHZ4EFBQRkDDAKBggqhkjOPQQDAwNoADBlAjB8UhO0TeULDm2k -RAnyzd1aVissw+BCZGvRsoVuH/Z7i9Yb/fu4pejwuECKO0D7eJUCMQDafRL3gT55 -NBb2W+z8WGKS8B2JIO/Gonnx4XXPYXDsOXlYyGKPqh+VOCRNT7KcQ30= +MIIB5jCCAZigAwIBAgIBBDAFBgMrZXAwSDELMAkGA1UEBhMCVVMxHzAdBgNVBAoM +Fk94aWRlIENvbXB1dGVyIENvbXBhbnkxGDAWBgNVBAMMD3Rlc3QtZGV2aWNlaWQt +MTAgFw0yNTA3MTcyMzUyMDJaGA85OTk5MTIzMTIzNTk1OVowTjELMAkGA1UEBhMC +VVMxHzAdBgNVBAoMFk94aWRlIENvbXB1dGVyIENvbXBhbnkxHjAcBgNVBAMMFXRl +c3Qtc3Byb2NrZXRzLWF1dGgtMTAqMAUGAytlcAMhAARYuGBXjTDHXRx60CpBGiGg +91/PrnhebwnunVXx0ACbo4GeMIGbMB0GA1UdDgQWBBTDTg0iUtNjiQdxMuHYJjAM +KA8OgzAfBgNVHSMEGDAWgBQXxd3dc94rX3UMWQLg6+g8vbtlSjAMBgNVHRMBAf8E +AjAAMA4GA1UdDwEB/wQEAwIGwDA7BgNVHSABAf8EMTAvMAwGCisGAQQBg8FPAQMw +CQYHZ4EFBQRkBjAJBgdngQUFBGQIMAkGB2eBBQUEZAwwBQYDK2VwA0EAZI6QKdaD +GJucJGU9XA8HQS5OWtYnpVYzOWAKpTEliizbrg5QDtPge1lsJXB8ioJEoJaBDpva +4VvxTLsVNHIXBw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIICWzCCAeGgAwIBAgIBATAKBggqhkjOPQQDAzBEMQswCQYDVQQGEwJVUzEfMB0G -A1UECgwWT3hpZGUgQ29tcHV0ZXIgQ29tcGFueTEUMBIGA1UEAwwLdGVzdC1yb290 -LWEwIBcNMjQwNjEyMTYzMjM3WhgPOTk5OTEyMzEyMzU5NTlaMEcxCzAJBgNVBAYT -AlVTMR8wHQYDVQQKDBZPeGlkZSBDb21wdXRlciBDb21wYW55MRcwFQYDVQQDDA50 -ZXN0LXNpZ25lci1hMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABPvzr9YC1dTt1uax -prUzHywnDNkWITkTfAEyLb39QFMntcflGIMhTIPqGx27kc/HfwC1YyMt9ILHM9tp -BOmrv87r4FU0LFGTtnxusAbOFG9XqVGr/N8U6kbA5dzYDgqo7aOBoTCBnjAdBgNV -HQ4EFgQUCi1ys6RafYnKs4DOu/c/BrvD/1cwHwYDVR0jBBgwFoAUDfZ5RrddDsA4 -LG+WGI9JWuz+rvowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwOwYD -VR0gAQH/BDEwLzAMBgorBgEEAYPBTwEDMAkGB2eBBQUEZAYwCQYHZ4EFBQRkCDAJ -BgdngQUFBGQMMAoGCCqGSM49BAMDA2gAMGUCMQCrf7KzLwY7vUlW0eYEQQpKfTI3 -NLK9P/KNeLW4/TzTCPOKCqcHVi3hQsVkkZlWOO4CMCB0SzgmFUNMmRv3xBJBhiX6 -Kq9QPbDQqzCIGBFa25n6vPhjtx+6J6nliA75I5RNhw== +MIIB9DCCAaagAwIBAgIBAzAFBgMrZXAwWTELMAkGA1UEBhMCVVMxHzAdBgNVBAoM +Fk94aWRlIENvbXB1dGVyIENvbXBhbnkxKTAnBgNVBAMMIFBEVjI6UFBQLVBQUFBQ +UFA6UlJSOlNTU1NTU1NTU1MxMCAXDTI1MDcxNzIzNTIwMloYDzk5OTkxMjMxMjM1 +OTU5WjBIMQswCQYDVQQGEwJVUzEfMB0GA1UECgwWT3hpZGUgQ29tcHV0ZXIgQ29t +cGFueTEYMBYGA1UEAwwPdGVzdC1kZXZpY2VpZC0xMCowBQYDK2VwAyEAbI0YknU5 +SGgXiRTWtQ81rJII1Nj6qpR2+4Vg9SJs6m+jgaEwgZ4wHQYDVR0OBBYEFBfF3d1z +3itfdQxZAuDr6Dy9u2VKMB8GA1UdIwQYMBaAFMpcjEGodfTZCWhy/C0+qhQcPV7f +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMDsGA1UdIAEB/wQxMC8w +DAYKKwYBBAGDwU8BAzAJBgdngQUFBGQGMAkGB2eBBQUEZAgwCQYHZ4EFBQRkDDAF +BgMrZXADQQByIHIWf+2+wWtj4lgJ0ctyhvhxVHUi4Y14VXyn0E751z5TjhE+H9jE +0JNZ9DKQRLfDVPJkh8oOIyDmrmG1sGQJ -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIICJDCCAaqgAwIBAgIBAjAKBggqhkjOPQQDAzBHMQswCQYDVQQGEwJVUzEfMB0G +MIICIzCCAaqgAwIBAgIBAjAKBggqhkjOPQQDAzBHMQswCQYDVQQGEwJVUzEfMB0G A1UECgwWT3hpZGUgQ29tcHV0ZXIgQ29tcGFueTEXMBUGA1UEAwwOdGVzdC1zaWdu -ZXItYTEwIBcNMjQwNjEyMTYzMjM3WhgPOTk5OTEyMzEyMzU5NTlaMFkxCzAJBgNV +ZXItYTEwIBcNMjUwNzE3MjM1MjAyWhgPOTk5OTEyMzEyMzU5NTlaMFkxCzAJBgNV BAYTAlVTMR8wHQYDVQQKDBZPeGlkZSBDb21wdXRlciBDb21wYW55MSkwJwYDVQQD -DCBQRFYyOlBQUC1QUFBQUFBQOlJSUjpTU1NTU1NTU1NTMTAqMAUGAytlcAMhAEKj -CmIAH2mJrc1ZWRoJ57hMc7Z/iqr7fjP0K4afAGvvo4GhMIGeMB0GA1UdDgQWBBQK -Ma9hbXEgoKx7esWcn2hOVUcV8zAfBgNVHSMEGDAWgBQKLXKzpFp9icqzgM679z8G -u8P/VzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA7BgNVHSABAf8E +DCBQRFYyOlBQUC1QUFBQUFBQOlJSUjpTU1NTU1NTU1NTMTAqMAUGAytlcAMhAJkr +ThswA4PBB1ozVUyvWgh7vbblDf9aYNIymu1NZQEfo4GhMIGeMB0GA1UdDgQWBBTK +XIxBqHX02QlocvwtPqoUHD1e3zAfBgNVHSMEGDAWgBSBxc2E4Rnj7v7MpPkmbt/h +GyKeYzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA7BgNVHSABAf8E MTAvMAwGCisGAQQBg8FPAQMwCQYHZ4EFBQRkBjAJBgdngQUFBGQIMAkGB2eBBQUE -ZAwwCgYIKoZIzj0EAwMDaAAwZQIwVCZWAzRlrBUUTEB7KP6AqTEeSt90NEFl3RK0 -dV4mEcu4Hv4G3jYChc8BFc83vxyNAjEAt62G/x2jdVf8SQH8cPcIy6G3dfdqrGju -LoPtsRXrW8c/9zOSSO5l2L9vPX/xiIJJ +ZAwwCgYIKoZIzj0EAwMDZwAwZAIwMz5+8zFipptX2gjVKS7z8aW4MX5FZ3DMBexs +d0LWqpZFOuPhdF3qwVwy6o0OTx7QAjA0+TzvaFRRRhHqHT9rsFAXUZtNtspfO1WJ +SuGmMcou/n15AHvVdkEVNwly9o82HvQ= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIICFjCCAcigAwIBAgIBAzAFBgMrZXAwWTELMAkGA1UEBhMCVVMxHzAdBgNVBAoM -Fk94aWRlIENvbXB1dGVyIENvbXBhbnkxKTAnBgNVBAMMIFBEVjI6UFBQLVBQUFBQ -UFA6UlJSOlNTU1NTU1NTU1MxMCAXDTI0MDYxMjE2MzIzN1oYDzk5OTkxMjMxMjM1 -OTU5WjBqMQswCQYDVQQGEwJVUzEfMB0GA1UECgwWT3hpZGUgQ29tcHV0ZXIgQ29t -cGFueTE6MDgGA1UEAwwxL0M9VVMvTz1PeGlkZSBDb21wdXRlciBDb21wYW55L0NO -PXRlc3QtZGV2aWNlaWQtMTAqMAUGAytlcAMhAM2dFyuZTc+8Jw7QghR/AzeXBsf/ -ZbSKT7qmD8gPWi2Io4GhMIGeMB0GA1UdDgQWBBQYuL8mjvsFqItN35+vpMthvAO1 -wjAfBgNVHSMEGDAWgBQKMa9hbXEgoKx7esWcn2hOVUcV8zAPBgNVHRMBAf8EBTAD -AQH/MA4GA1UdDwEB/wQEAwIBBjA7BgNVHSABAf8EMTAvMAwGCisGAQQBg8FPAQMw -CQYHZ4EFBQRkBjAJBgdngQUFBGQIMAkGB2eBBQUEZAwwBQYDK2VwA0EA8PWIkypd -mZ0Zh3fx3GLEUbVrF0ZyX+1LJeGWR3OChazCz3SLcfncQeOG8OZjURq5Rby3Phar -GfajBESau9KoCA== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICKjCCAdygAwIBAgIBBDAFBgMrZXAwajELMAkGA1UEBhMCVVMxHzAdBgNVBAoM -Fk94aWRlIENvbXB1dGVyIENvbXBhbnkxOjA4BgNVBAMMMS9DPVVTL089T3hpZGUg -Q29tcHV0ZXIgQ29tcGFueS9DTj10ZXN0LWRldmljZWlkLTEwIBcNMjQwNjEyMTYz -MjM3WhgPOTk5OTEyMzEyMzU5NTlaMHAxCzAJBgNVBAYTAlVTMR8wHQYDVQQKDBZP -eGlkZSBDb21wdXRlciBDb21wYW55MUAwPgYDVQQDDDcvQz1VUy9PPU94aWRlIENv -bXB1dGVyIENvbXBhbnkvQ049dGVzdC1zcHJvY2tldHMtYXV0aC0xMCowBQYDK2Vw -AyEA3YfArFPuOHDoQj3aO5VSyuOIPfbAuEpB93dnYnZlM2WjgZ4wgZswHQYDVR0O -BBYEFM9T7TDOVi/SVlkO5mayCNQ5uHDiMB8GA1UdIwQYMBaAFBi4vyaO+wWoi03f -n6+ky2G8A7XCMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgbAMDsGA1UdIAEB -/wQxMC8wDAYKKwYBBAGDwU8BAzAJBgdngQUFBGQGMAkGB2eBBQUEZAgwCQYHZ4EF -BQRkDDAFBgMrZXADQQC4Zz6tZabSnDVf3dnEIdpnknsVCCncKm0dna1sf0BOrd7p -cXNwDx3GINm0jXaLg/N5srh5z/v+TLj8vXwr/uEP +MIICWzCCAeGgAwIBAgIBATAKBggqhkjOPQQDAzBEMQswCQYDVQQGEwJVUzEfMB0G +A1UECgwWT3hpZGUgQ29tcHV0ZXIgQ29tcGFueTEUMBIGA1UEAwwLdGVzdC1yb290 +LWEwIBcNMjUwNzE3MjM1MjAyWhgPOTk5OTEyMzEyMzU5NTlaMEcxCzAJBgNVBAYT +AlVTMR8wHQYDVQQKDBZPeGlkZSBDb21wdXRlciBDb21wYW55MRcwFQYDVQQDDA50 +ZXN0LXNpZ25lci1hMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABAhPpgkRwXCn013A +iOSJEqcoRf1GusXmHBnrZGzVEwQZLsHmYlH67fuH5Kxy5UyCHgZPP9XZJftFq9s7 +1qoQSd5hKcSiGix50agGXljfCcsZBGmndCBWDP43PG1R9Wjm46OBoTCBnjAdBgNV +HQ4EFgQUgcXNhOEZ4+7+zKT5Jm7f4RsinmMwHwYDVR0jBBgwFoAUriZRj6iShFZM +dm/BukyqpiPXNDEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwOwYD +VR0gAQH/BDEwLzAMBgorBgEEAYPBTwEDMAkGB2eBBQUEZAYwCQYHZ4EFBQRkCDAJ +BgdngQUFBGQMMAoGCCqGSM49BAMDA2gAMGUCMBgCuv42ED7ZC3jdfmnu45BKJT4Q +fOT08GcnsXEdhgRHG9FsiczPbrm2TjwcaWRgpgIxAMLki94bNupN1l8vJQSfENZ5 +S7fm3UjPNZlUHEWqVa5r9Ir+4BJkO2ScPkLqL57DrA== -----END CERTIFICATE----- diff --git a/smf/sled-agent/non-gimlet/sprockets-log.bin b/smf/sled-agent/non-gimlet/sprockets-log.bin new file mode 100644 index 00000000000..7b2efba5544 Binary files /dev/null and b/smf/sled-agent/non-gimlet/sprockets-log.bin differ diff --git a/smf/sled-agent/non-gimlet/testing-measurements/corim-rot.cbor b/smf/sled-agent/non-gimlet/testing-measurements/corim-rot.cbor new file mode 100644 index 00000000000..4e7b66a24dc Binary files /dev/null and b/smf/sled-agent/non-gimlet/testing-measurements/corim-rot.cbor differ diff --git a/smf/sled-agent/non-gimlet/testing-measurements/corim-sp.cbor b/smf/sled-agent/non-gimlet/testing-measurements/corim-sp.cbor new file mode 100644 index 00000000000..703010cb567 Binary files /dev/null and b/smf/sled-agent/non-gimlet/testing-measurements/corim-sp.cbor differ diff --git a/update-common/manifests/fake-non-semver.toml b/update-common/manifests/fake-non-semver.toml index 367e14a207c..34e93847714 100644 --- a/update-common/manifests/fake-non-semver.toml +++ b/update-common/manifests/fake-non-semver.toml @@ -53,6 +53,11 @@ zones = [ { kind = "fake", artifact_name = "nexus", file_name = "nexus.tar.gz", size = "128KiB" }, { kind = "fake", artifact_name = "oximeter", file_name = "oximeter.tar.gz", size = "128KiB" }, ] +measurement_corpus = [ + { kind = "fake", artifact_name = "sp_corpus", file_name = "sp.cbor", size = "1MiB" }, + { kind = "fake", artifact_name = "rot_corpus", file_name = "rot.cbor", size = "1MiB" }, +] + [[artifact.psc_sp]] name = "fake-psc-sp" diff --git a/update-common/manifests/fake.toml b/update-common/manifests/fake.toml index 354296c404e..e5cb9f4e979 100644 --- a/update-common/manifests/fake.toml +++ b/update-common/manifests/fake.toml @@ -51,6 +51,10 @@ zones = [ { kind = "fake", artifact_name = "nexus", file_name = "nexus.tar.gz", size = "128KiB" }, { kind = "fake", artifact_name = "oximeter", file_name = "oximeter.tar.gz", size = "128KiB" }, ] +measurement_corpus = [ + { kind = "fake", artifact_name = "sp_corpus", file_name = "sp.cbor", size = "1MiB" }, + { kind = "fake", artifact_name = "rot_corpus", file_name = " rot.cbor", size = "1MiB" }, +] [[artifact.psc_sp]] name = "fake-psc-sp" diff --git a/update-common/src/artifacts/artifacts_with_plan.rs b/update-common/src/artifacts/artifacts_with_plan.rs index f358b88d69d..9b51c26264b 100644 --- a/update-common/src/artifacts/artifacts_with_plan.rs +++ b/update-common/src/artifacts/artifacts_with_plan.rs @@ -424,7 +424,10 @@ mod tests { // `by_id` should contain one entry for every `KnownArtifactKind` // (except `Zone`)... let mut expected_kinds: BTreeSet<_> = KnownArtifactKind::iter() - .filter(|k| !matches!(k, KnownArtifactKind::Zone)) + .filter(|k| { + !matches!(k, KnownArtifactKind::Zone) + && !matches!(k, KnownArtifactKind::MeasurementCorpus) + }) .map(ArtifactKind::from) .collect(); assert_eq!( diff --git a/update-common/src/artifacts/update_plan.rs b/update-common/src/artifacts/update_plan.rs index 53d68828600..7cf36e7b675 100644 --- a/update-common/src/artifacts/update_plan.rs +++ b/update-common/src/artifacts/update_plan.rs @@ -38,6 +38,7 @@ use tufaceous_artifact::ArtifactHashId; use tufaceous_artifact::ArtifactKind; use tufaceous_artifact::ArtifactVersion; use tufaceous_artifact::KnownArtifactKind; +use tufaceous_lib::ControlPlaneEntry; use tufaceous_lib::ControlPlaneZoneImages; use tufaceous_lib::HostPhaseImages; use tufaceous_lib::RotArchives; @@ -256,9 +257,9 @@ impl<'a> UpdatePlanBuilder<'a> { ) .await } - KnownArtifactKind::Zone => { + KnownArtifactKind::Zone | KnownArtifactKind::MeasurementCorpus => { // We don't currently support repos with already split-out - // zones. + // zones and manifest. self.add_unknown_artifact(artifact_id, artifact_hash, stream) .await } @@ -286,7 +287,8 @@ impl<'a> UpdatePlanBuilder<'a> { | KnownArtifactKind::SwitchRot | KnownArtifactKind::GimletRotBootloader | KnownArtifactKind::PscRotBootloader - | KnownArtifactKind::SwitchRotBootloader => unreachable!(), + | KnownArtifactKind::SwitchRotBootloader + | KnownArtifactKind::MeasurementCorpus => unreachable!(), }; let mut stream = std::pin::pin!(stream); @@ -379,7 +381,8 @@ impl<'a> UpdatePlanBuilder<'a> { | KnownArtifactKind::SwitchRot | KnownArtifactKind::GimletSp | KnownArtifactKind::PscSp - | KnownArtifactKind::SwitchSp => unreachable!(), + | KnownArtifactKind::SwitchSp + | KnownArtifactKind::MeasurementCorpus => unreachable!(), }; let mut stream = std::pin::pin!(stream); @@ -474,7 +477,8 @@ impl<'a> UpdatePlanBuilder<'a> { | KnownArtifactKind::SwitchSp | KnownArtifactKind::GimletRotBootloader | KnownArtifactKind::SwitchRotBootloader - | KnownArtifactKind::PscRotBootloader => unreachable!(), + | KnownArtifactKind::PscRotBootloader + | KnownArtifactKind::MeasurementCorpus => unreachable!(), }; let (rot_a_data, rot_b_data) = Self::extract_nested_artifact_pair( @@ -913,12 +917,18 @@ impl<'a> UpdatePlanBuilder<'a> { &mut self, reader: impl io::Read, ) -> Result<(), RepositoryError> { - ControlPlaneZoneImages::extract_into(reader, |_, reader| { + ControlPlaneZoneImages::extract_into(reader, |_, kind, reader| { + let known_kind = match kind { + ControlPlaneEntry::Zone => KnownArtifactKind::Zone, + ControlPlaneEntry::MeasurementCorpus => { + KnownArtifactKind::MeasurementCorpus + } + }; let mut out = self.extracted_artifacts.new_tempfile()?; io::copy(reader, &mut out)?; let data = self .extracted_artifacts - .store_tempfile(KnownArtifactKind::Zone.into(), out)?; + .store_tempfile(known_kind.into(), out)?; // Read the zone name and version from the `oxide.json` at the root // of the zone. @@ -934,12 +944,12 @@ impl<'a> UpdatePlanBuilder<'a> { let artifact_id = ArtifactId { name: info.pkg.clone(), version: ArtifactVersion::new(info.version.to_string())?, - kind: KnownArtifactKind::Zone.into(), + kind: known_kind.into(), }; self.record_extracted_artifact( artifact_id, data, - KnownArtifactKind::Zone.into(), + known_kind.into(), self.log, )?; Ok(()) @@ -2075,7 +2085,8 @@ mod tests { | KnownArtifactKind::SwitchRot | KnownArtifactKind::SwitchRotBootloader | KnownArtifactKind::GimletRotBootloader - | KnownArtifactKind::PscRotBootloader => {} + | KnownArtifactKind::PscRotBootloader + | KnownArtifactKind::MeasurementCorpus => {} } } diff --git a/wicketd/tests/integration_tests/updates.rs b/wicketd/tests/integration_tests/updates.rs index 715d50deaa0..eee47e501a2 100644 --- a/wicketd/tests/integration_tests/updates.rs +++ b/wicketd/tests/integration_tests/updates.rs @@ -97,7 +97,10 @@ async fn test_updates() { // We should have an artifact for every known artifact kind (except // `Zone`)... let expected_kinds: BTreeSet<_> = KnownArtifactKind::iter() - .filter(|k| !matches!(k, KnownArtifactKind::Zone)) + .filter(|k| { + !matches!(k, KnownArtifactKind::Zone) + && !matches!(k, KnownArtifactKind::MeasurementCorpus) + }) .map(ArtifactKind::from) .collect(); diff --git a/workspace-hack/Cargo.toml b/workspace-hack/Cargo.toml index 778083e6274..626c7077086 100644 --- a/workspace-hack/Cargo.toml +++ b/workspace-hack/Cargo.toml @@ -45,7 +45,7 @@ daft = { version = "0.1.4", features = ["derive", "newtype-uuid1", "oxnet01", "u data-encoding = { version = "2.9.0" } digest = { version = "0.10.7", features = ["mac", "oid", "std"] } ecdsa = { version = "0.16.9", features = ["pem", "signing", "std", "verifying"] } -ed25519-dalek = { version = "2.1.1", features = ["digest", "pkcs8", "rand_core"] } +ed25519-dalek = { version = "2.1.1", features = ["digest", "pem", "rand_core"] } either = { version = "1.15.0", features = ["use_std"] } elliptic-curve = { version = "0.13.8", features = ["ecdh", "hazmat", "pem", "std"] } ff = { version = "0.13.0", default-features = false, features = ["alloc"] } @@ -65,6 +65,7 @@ generic-array = { version = "0.14.7", default-features = false, features = ["mor getrandom-6f8ce4dd05d13bba = { package = "getrandom", version = "0.2.15", default-features = false, features = ["js", "rdrand", "std"] } group = { version = "0.13.0", default-features = false, features = ["alloc"] } hashbrown = { version = "0.15.4" } +heck = { version = "0.4.1" } hickory-proto = { version = "0.25.2", features = ["serde", "text-parsing"] } hmac = { version = "0.12.1", default-features = false, features = ["reset"] } hyper = { version = "1.6.0", features = ["full"] } @@ -73,8 +74,7 @@ indexmap = { version = "2.10.0", features = ["serde"] } inout = { version = "0.1.3", default-features = false, features = ["std"] } ipnet = { version = "2.11.0", features = ["serde"] } ipnetwork = { version = "0.21.1", features = ["schemars", "serde"] } -itertools-594e8ee84c453af0 = { package = "itertools", version = "0.13.0" } -itertools-93f6ce9d446188ac = { package = "itertools", version = "0.10.5" } +itertools = { version = "0.10.5" } lalrpop-util = { version = "0.19.12" } lazy_static = { version = "1.5.0", default-features = false, features = ["spin_no_std"] } libc = { version = "0.2.174", features = ["extra_traits"] } @@ -118,8 +118,10 @@ scopeguard = { version = "1.2.0" } semver = { version = "1.0.26", features = ["serde"] } serde = { version = "1.0.219", features = ["alloc", "derive", "rc"] } serde_json = { version = "1.0.140", features = ["raw_value", "unbounded_depth"] } +serde_with = { version = "3.14.0" } sha1 = { version = "0.10.6", features = ["oid"] } sha2 = { version = "0.10.9", features = ["oid"] } +sha3 = { version = "0.10.8", features = ["oid"] } similar = { version = "2.7.0", features = ["bytes", "inline", "unicode"] } slog = { version = "2.7.0", features = ["dynamic-keys", "max_level_trace", "release_max_level_debug", "release_max_level_trace"] } smallvec = { version = "1.15.0", default-features = false, features = ["const_new"] } @@ -181,7 +183,7 @@ daft = { version = "0.1.4", features = ["derive", "newtype-uuid1", "oxnet01", "u data-encoding = { version = "2.9.0" } digest = { version = "0.10.7", features = ["mac", "oid", "std"] } ecdsa = { version = "0.16.9", features = ["pem", "signing", "std", "verifying"] } -ed25519-dalek = { version = "2.1.1", features = ["digest", "pkcs8", "rand_core"] } +ed25519-dalek = { version = "2.1.1", features = ["digest", "pem", "rand_core"] } either = { version = "1.15.0", features = ["use_std"] } elliptic-curve = { version = "0.13.8", features = ["ecdh", "hazmat", "pem", "std"] } ff = { version = "0.13.0", default-features = false, features = ["alloc"] } @@ -201,6 +203,7 @@ generic-array = { version = "0.14.7", default-features = false, features = ["mor getrandom-6f8ce4dd05d13bba = { package = "getrandom", version = "0.2.15", default-features = false, features = ["js", "rdrand", "std"] } group = { version = "0.13.0", default-features = false, features = ["alloc"] } hashbrown = { version = "0.15.4" } +heck = { version = "0.4.1" } hickory-proto = { version = "0.25.2", features = ["serde", "text-parsing"] } hmac = { version = "0.12.1", default-features = false, features = ["reset"] } hyper = { version = "1.6.0", features = ["full"] } @@ -209,8 +212,7 @@ indexmap = { version = "2.10.0", features = ["serde"] } inout = { version = "0.1.3", default-features = false, features = ["std"] } ipnet = { version = "2.11.0", features = ["serde"] } ipnetwork = { version = "0.21.1", features = ["schemars", "serde"] } -itertools-594e8ee84c453af0 = { package = "itertools", version = "0.13.0" } -itertools-93f6ce9d446188ac = { package = "itertools", version = "0.10.5" } +itertools = { version = "0.10.5" } lalrpop-util = { version = "0.19.12" } lazy_static = { version = "1.5.0", default-features = false, features = ["spin_no_std"] } libc = { version = "0.2.174", features = ["extra_traits"] } @@ -254,8 +256,10 @@ scopeguard = { version = "1.2.0" } semver = { version = "1.0.26", features = ["serde"] } serde = { version = "1.0.219", features = ["alloc", "derive", "rc"] } serde_json = { version = "1.0.140", features = ["raw_value", "unbounded_depth"] } +serde_with = { version = "3.14.0" } sha1 = { version = "0.10.6", features = ["oid"] } sha2 = { version = "0.10.9", features = ["oid"] } +sha3 = { version = "0.10.8", features = ["oid"] } similar = { version = "2.7.0", features = ["bytes", "inline", "unicode"] } slog = { version = "2.7.0", features = ["dynamic-keys", "max_level_trace", "release_max_level_debug", "release_max_level_trace"] } smallvec = { version = "1.15.0", default-features = false, features = ["const_new"] } @@ -294,7 +298,7 @@ zip-3b31131e45eafb45 = { package = "zip", version = "0.6.6", default-features = bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.9.1", default-features = false, features = ["std"] } cookie = { version = "0.18.1", default-features = false, features = ["percent-encode"] } dof = { version = "0.3.0", default-features = false, features = ["des"] } -getrandom-468e82937335b1c9 = { package = "getrandom", version = "0.3.1", default-features = false, features = ["std"] } +getrandom-468e82937335b1c9 = { package = "getrandom", version = "0.3.3", default-features = false, features = ["std"] } hyper-rustls = { version = "0.27.7", features = ["http2", "ring", "webpki-tokio"] } hyper-util = { version = "0.1.14", features = ["client-proxy", "client-proxy-system", "full"] } linux-raw-sys = { version = "0.4.14", default-features = false, features = ["elf", "errno", "general", "if_ether", "ioctl", "net", "netlink", "no_std", "prctl", "std", "system", "xdp"] } @@ -305,7 +309,7 @@ rustix = { version = "0.38.37", features = ["event", "fs", "net", "pipe", "proce bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.9.1", default-features = false, features = ["std"] } cookie = { version = "0.18.1", default-features = false, features = ["percent-encode"] } dof = { version = "0.3.0", default-features = false, features = ["des"] } -getrandom-468e82937335b1c9 = { package = "getrandom", version = "0.3.1", default-features = false, features = ["std"] } +getrandom-468e82937335b1c9 = { package = "getrandom", version = "0.3.3", default-features = false, features = ["std"] } hyper-rustls = { version = "0.27.7", features = ["http2", "ring", "webpki-tokio"] } hyper-util = { version = "0.1.14", features = ["client-proxy", "client-proxy-system", "full"] } linux-raw-sys = { version = "0.4.14", default-features = false, features = ["elf", "errno", "general", "if_ether", "ioctl", "net", "netlink", "no_std", "prctl", "std", "system", "xdp"] } @@ -315,7 +319,7 @@ rustix = { version = "0.38.37", features = ["event", "fs", "net", "pipe", "proce [target.x86_64-apple-darwin.dependencies] bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.9.1", default-features = false, features = ["std"] } cookie = { version = "0.18.1", default-features = false, features = ["percent-encode"] } -getrandom-468e82937335b1c9 = { package = "getrandom", version = "0.3.1", default-features = false, features = ["std"] } +getrandom-468e82937335b1c9 = { package = "getrandom", version = "0.3.3", default-features = false, features = ["std"] } hyper-rustls = { version = "0.27.7", features = ["http2", "ring", "webpki-tokio"] } hyper-util = { version = "0.1.14", features = ["client-proxy", "client-proxy-system", "full"] } mio = { version = "1.0.2", features = ["net", "os-ext"] } @@ -324,7 +328,7 @@ rustix = { version = "0.38.37", features = ["event", "fs", "net", "pipe", "proce [target.x86_64-apple-darwin.build-dependencies] bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.9.1", default-features = false, features = ["std"] } cookie = { version = "0.18.1", default-features = false, features = ["percent-encode"] } -getrandom-468e82937335b1c9 = { package = "getrandom", version = "0.3.1", default-features = false, features = ["std"] } +getrandom-468e82937335b1c9 = { package = "getrandom", version = "0.3.3", default-features = false, features = ["std"] } hyper-rustls = { version = "0.27.7", features = ["http2", "ring", "webpki-tokio"] } hyper-util = { version = "0.1.14", features = ["client-proxy", "client-proxy-system", "full"] } mio = { version = "1.0.2", features = ["net", "os-ext"] } @@ -333,7 +337,7 @@ rustix = { version = "0.38.37", features = ["event", "fs", "net", "pipe", "proce [target.aarch64-apple-darwin.dependencies] bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.9.1", default-features = false, features = ["std"] } cookie = { version = "0.18.1", default-features = false, features = ["percent-encode"] } -getrandom-468e82937335b1c9 = { package = "getrandom", version = "0.3.1", default-features = false, features = ["std"] } +getrandom-468e82937335b1c9 = { package = "getrandom", version = "0.3.3", default-features = false, features = ["std"] } hyper-rustls = { version = "0.27.7", features = ["http2", "ring", "webpki-tokio"] } hyper-util = { version = "0.1.14", features = ["client-proxy", "client-proxy-system", "full"] } mio = { version = "1.0.2", features = ["net", "os-ext"] } @@ -342,7 +346,7 @@ rustix = { version = "0.38.37", features = ["event", "fs", "net", "pipe", "proce [target.aarch64-apple-darwin.build-dependencies] bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.9.1", default-features = false, features = ["std"] } cookie = { version = "0.18.1", default-features = false, features = ["percent-encode"] } -getrandom-468e82937335b1c9 = { package = "getrandom", version = "0.3.1", default-features = false, features = ["std"] } +getrandom-468e82937335b1c9 = { package = "getrandom", version = "0.3.3", default-features = false, features = ["std"] } hyper-rustls = { version = "0.27.7", features = ["http2", "ring", "webpki-tokio"] } hyper-util = { version = "0.1.14", features = ["client-proxy", "client-proxy-system", "full"] } mio = { version = "1.0.2", features = ["net", "os-ext"] } @@ -352,10 +356,9 @@ rustix = { version = "0.38.37", features = ["event", "fs", "net", "pipe", "proce bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.9.1", default-features = false, features = ["std"] } cookie = { version = "0.18.1", default-features = false, features = ["percent-encode"] } dof = { version = "0.3.0", default-features = false, features = ["des"] } -getrandom-468e82937335b1c9 = { package = "getrandom", version = "0.3.1", default-features = false, features = ["std"] } +getrandom-468e82937335b1c9 = { package = "getrandom", version = "0.3.3", default-features = false, features = ["std"] } hyper-rustls = { version = "0.27.7", features = ["http2", "ring", "webpki-tokio"] } hyper-util = { version = "0.1.14", features = ["client-proxy", "client-proxy-system", "full"] } -itertools-5ef9efb8ec2df382 = { package = "itertools", version = "0.12.1" } mio = { version = "1.0.2", features = ["net", "os-ext"] } rustix = { version = "0.38.37", features = ["event", "fs", "net", "pipe", "process", "stdio", "system", "termios", "time"] } toml_edit-cdcf2f9584511fe6 = { package = "toml_edit", version = "0.19.15", features = ["serde"] } @@ -366,10 +369,9 @@ bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.9.1", default-f clang-sys = { version = "1.8.1", default-features = false, features = ["clang_11_0", "runtime"] } cookie = { version = "0.18.1", default-features = false, features = ["percent-encode"] } dof = { version = "0.3.0", default-features = false, features = ["des"] } -getrandom-468e82937335b1c9 = { package = "getrandom", version = "0.3.1", default-features = false, features = ["std"] } +getrandom-468e82937335b1c9 = { package = "getrandom", version = "0.3.3", default-features = false, features = ["std"] } hyper-rustls = { version = "0.27.7", features = ["http2", "ring", "webpki-tokio"] } hyper-util = { version = "0.1.14", features = ["client-proxy", "client-proxy-system", "full"] } -itertools-5ef9efb8ec2df382 = { package = "itertools", version = "0.12.1" } mio = { version = "1.0.2", features = ["net", "os-ext"] } rustix = { version = "0.38.37", features = ["event", "fs", "net", "pipe", "process", "stdio", "system", "termios", "time"] } toml_edit-cdcf2f9584511fe6 = { package = "toml_edit", version = "0.19.15", features = ["serde"] }