diff --git a/.github/workflows/hakari.yml b/.github/workflows/hakari.yml index 9dd17c985d..3dade2e190 100644 --- a/.github/workflows/hakari.yml +++ b/.github/workflows/hakari.yml @@ -24,7 +24,7 @@ jobs: with: toolchain: stable - name: Install cargo-hakari - uses: taiki-e/install-action@e7dd06a5731075458d8bbd3465396374ad0d20cb # v2 + uses: taiki-e/install-action@242f1c0c1a882c44e7d32b89af9f2a0bced36540 # v2 with: tool: cargo-hakari - name: Check workspace-hack Cargo.toml is up-to-date diff --git a/Cargo.lock b/Cargo.lock index 64114d1af9..3c9edad40c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -326,7 +326,7 @@ version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fc7b2dbe9169059af0f821e811180fddc971fc210c776c133c7819ccd6e478db" dependencies = [ - "rustix 0.38.25", + "rustix 0.38.30", "tempfile", "windows-sys 0.52.0", ] @@ -2145,23 +2145,12 @@ checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" [[package]] name = "errno" -version = "0.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6b30f669a7961ef1631673d2766cc92f52d64f7ef354d4fe0ddfd30ed52f0f4f" -dependencies = [ - "errno-dragonfly", - "libc", - "windows-sys 0.48.0", -] - -[[package]] -name = "errno-dragonfly" -version = "0.1.2" +version = "0.3.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aa68f1b12764fab894d2755d2518754e71b4fd80ecfb822714a1206c2aab39bf" +checksum = "a258e46cdc063eb8519c00b9fc845fc47bcfca4130e2f08e88665ceda8474245" dependencies = [ - "cc", "libc", + "windows-sys 0.52.0", ] [[package]] @@ -2216,7 +2205,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ef033ed5e9bad94e55838ca0ca906db0e043f517adda0c8b79c7a8c66c93c1b5" dependencies = [ "cfg-if", - "rustix 0.38.25", + "rustix 0.38.30", "windows-sys 0.48.0", ] @@ -3513,7 +3502,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cb0889898416213fab133e1d33a0e5858a48177452750691bde3666d0fdbaf8b" dependencies = [ "hermit-abi 0.3.2", - "rustix 0.38.25", + "rustix 0.38.30", "windows-sys 0.48.0", ] @@ -3766,9 +3755,9 @@ checksum = "ef53942eb7bf7ff43a617b3e2c1c4a5ecf5944a7c1bc12d7ee39bbb15e5c1519" [[package]] name = "linux-raw-sys" -version = "0.4.11" +version = "0.4.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "969488b55f8ac402214f3f5fd243ebb7206cf82de60d3172994707a4bcc2b829" +checksum = "01cda141df6706de531b6c46c3a33ecca755538219bd484262fa09410c13539c" [[package]] name = "lock_api" @@ -5183,7 +5172,7 @@ dependencies = [ "regex-syntax 0.8.2", "reqwest", "ring 0.17.7", - "rustix 0.38.25", + "rustix 0.38.30", "schemars", "semver 1.0.21", "serde", @@ -7099,15 +7088,15 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.25" +version = "0.38.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc99bc2d4f1fed22595588a013687477aedf3cdcfb26558c559edb67b4d9b22e" +checksum = "322394588aaf33c24007e8bb3238ee3e4c5c09c084ab32bc73890b99ff326bca" dependencies = [ "bitflags 2.4.0", "errno", "libc", - "linux-raw-sys 0.4.11", - "windows-sys 0.48.0", + "linux-raw-sys 0.4.13", + "windows-sys 0.52.0", ] [[package]] @@ -8529,15 +8518,15 @@ dependencies = [ [[package]] name = "tempfile" -version = "3.8.1" +version = "3.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ef1adac450ad7f4b3c28589471ade84f25f731a7a0fe30d71dfa9f60fd808e5" +checksum = "01ce4141aa927a6d1bd34a041795abd0db1cccba5d5f24b009f694bdf3a1f3fa" dependencies = [ "cfg-if", "fastrand", "redox_syscall 0.4.1", - "rustix 0.38.25", - "windows-sys 0.48.0", + "rustix 0.38.30", + "windows-sys 0.52.0", ] [[package]] diff --git a/Cargo.toml b/Cargo.toml index 71e33cea66..289dfdfa86 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -372,7 +372,7 @@ syn = { version = "2.0" } tabled = "0.14" tar = "0.4" tempdir = "0.3" -tempfile = "3.8" +tempfile = "3.9" term = "0.7" termios = "0.3" textwrap = "0.16.0" diff --git a/package-manifest.toml b/package-manifest.toml index 16f8f70c73..7b12583437 100644 --- a/package-manifest.toml +++ b/package-manifest.toml @@ -348,6 +348,7 @@ source.paths = [ { from = "smf/switch_zone_setup/manifest.xml", to = "/var/svc/manifest/site/switch_zone_setup/manifest.xml" }, { from = "smf/switch_zone_setup/switch_zone_setup", to = "/opt/oxide/bin/switch_zone_setup" }, { from = "smf/switch_zone_setup/support_authorized_keys", to = "/opt/oxide/support/authorized_keys" }, + { from = "/opt/ooce/pgsql-13/lib/amd64", to = "/opt/ooce/pgsql-13/lib/amd64" }, ] output.type = "zone" output.intermediate_only = true @@ -566,7 +567,8 @@ source.packages = [ "mg-ddm.tar.gz", "mgd.tar.gz", "switch_zone_setup.tar.gz", - "xcvradm.tar.gz" + "xcvradm.tar.gz", + "omicron-omdb.tar.gz" ] output.type = "zone" @@ -588,7 +590,8 @@ source.packages = [ "mg-ddm.tar.gz", "mgd.tar.gz", "switch_zone_setup.tar.gz", - "sp-sim-stub.tar.gz" + "sp-sim-stub.tar.gz", + "omicron-omdb.tar.gz" ] output.type = "zone" @@ -610,7 +613,8 @@ source.packages = [ "mg-ddm.tar.gz", "mgd.tar.gz", "switch_zone_setup.tar.gz", - "sp-sim-softnpu.tar.gz" + "sp-sim-softnpu.tar.gz", + "omicron-omdb.tar.gz" ] output.type = "zone" @@ -625,3 +629,12 @@ source.paths = [ ] output.type = "zone" output.intermediate_only = true + +[package.omicron-omdb] +service_name = "omdb" +only_for_targets.image = "standard" +source.type = "local" +source.rust.binary_names = ["omdb"] +source.rust.release = true +output.type = "zone" +output.intermediate_only = true diff --git a/smf/profile/profile b/smf/profile/profile index 8f613d4d56..73256cd6fd 100644 --- a/smf/profile/profile +++ b/smf/profile/profile @@ -4,7 +4,7 @@ PATH+=:/opt/ooce/bin case "$HOSTNAME" in oxz_switch) # Add tools like xcvradm, swadm & ddmadm to the PATH by default - PATH+=:/opt/oxide/bin:/opt/oxide/dendrite/bin:/opt/oxide/mg-ddm/bin + PATH+=:/opt/oxide/bin:/opt/oxide/dendrite/bin:/opt/oxide/mg-ddm/bin:/opt/oxide/omdb/bin ;; oxz_cockroachdb*) PATH+=:/opt/oxide/cockroachdb/bin diff --git a/update-common/src/artifacts/artifacts_with_plan.rs b/update-common/src/artifacts/artifacts_with_plan.rs index 94c7294d48..9b579af29a 100644 --- a/update-common/src/artifacts/artifacts_with_plan.rs +++ b/update-common/src/artifacts/artifacts_with_plan.rs @@ -6,6 +6,7 @@ use super::ExtractedArtifactDataHandle; use super::UpdatePlan; use super::UpdatePlanBuilder; use crate::errors::RepositoryError; +use anyhow::anyhow; use camino_tempfile::Utf8TempDir; use debug_ignore::DebugIgnore; use omicron_common::update::ArtifactHash; @@ -55,10 +56,29 @@ impl ArtifactsWithPlan { log: &Logger, ) -> Result where - T: io::Read + io::Seek, + T: io::Read + io::Seek + Send + 'static, { // Create a temporary directory to hold the extracted TUF repository. - let dir = unzip_into_tempdir(zip_data, log)?; + let dir = { + let log = log.clone(); + tokio::task::spawn_blocking(move || { + // This is an expensive synchronous method, so run it on the + // blocking thread pool. + // + // TODO: at the moment we don't restrict the size of the + // extracted contents or its memory usage, making it + // susceptible to zip bombs and other related attacks. + // https://github.com/zip-rs/zip/issues/228. We need to think + // about this at some point. + unzip_into_tempdir(zip_data, &log) + }) + .await + .map_err(|join_error| { + RepositoryError::Extract( + anyhow!(join_error).context("unzip_into_tempdir panicked"), + ) + })?? + }; // Time is unavailable during initial setup, so ignore expiration. Even // if time were available, we might want to be able to load older diff --git a/workspace-hack/Cargo.toml b/workspace-hack/Cargo.toml index 214b57cdc5..b574a292d1 100644 --- a/workspace-hack/Cargo.toml +++ b/workspace-hack/Cargo.toml @@ -226,57 +226,57 @@ zip = { version = "0.6.6", default-features = false, features = ["bzip2", "defla bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.4.0", default-features = false, features = ["std"] } mio = { version = "0.8.9", features = ["net", "os-ext"] } once_cell = { version = "1.19.0", features = ["unstable"] } -rustix = { version = "0.38.25", features = ["fs", "termios"] } +rustix = { version = "0.38.30", features = ["fs", "termios"] } [target.x86_64-unknown-linux-gnu.build-dependencies] bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.4.0", default-features = false, features = ["std"] } mio = { version = "0.8.9", features = ["net", "os-ext"] } once_cell = { version = "1.19.0", features = ["unstable"] } -rustix = { version = "0.38.25", features = ["fs", "termios"] } +rustix = { version = "0.38.30", features = ["fs", "termios"] } [target.x86_64-apple-darwin.dependencies] bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.4.0", default-features = false, features = ["std"] } -errno = { version = "0.3.2", default-features = false, features = ["std"] } +errno = { version = "0.3.8", default-features = false, features = ["std"] } mio = { version = "0.8.9", features = ["net", "os-ext"] } once_cell = { version = "1.19.0", features = ["unstable"] } -rustix = { version = "0.38.25", features = ["fs", "termios"] } +rustix = { version = "0.38.30", features = ["fs", "termios"] } [target.x86_64-apple-darwin.build-dependencies] bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.4.0", default-features = false, features = ["std"] } -errno = { version = "0.3.2", default-features = false, features = ["std"] } +errno = { version = "0.3.8", default-features = false, features = ["std"] } mio = { version = "0.8.9", features = ["net", "os-ext"] } once_cell = { version = "1.19.0", features = ["unstable"] } -rustix = { version = "0.38.25", features = ["fs", "termios"] } +rustix = { version = "0.38.30", features = ["fs", "termios"] } [target.aarch64-apple-darwin.dependencies] bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.4.0", default-features = false, features = ["std"] } -errno = { version = "0.3.2", default-features = false, features = ["std"] } +errno = { version = "0.3.8", default-features = false, features = ["std"] } mio = { version = "0.8.9", features = ["net", "os-ext"] } once_cell = { version = "1.19.0", features = ["unstable"] } -rustix = { version = "0.38.25", features = ["fs", "termios"] } +rustix = { version = "0.38.30", features = ["fs", "termios"] } [target.aarch64-apple-darwin.build-dependencies] bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.4.0", default-features = false, features = ["std"] } -errno = { version = "0.3.2", default-features = false, features = ["std"] } +errno = { version = "0.3.8", default-features = false, features = ["std"] } mio = { version = "0.8.9", features = ["net", "os-ext"] } once_cell = { version = "1.19.0", features = ["unstable"] } -rustix = { version = "0.38.25", features = ["fs", "termios"] } +rustix = { version = "0.38.30", features = ["fs", "termios"] } [target.x86_64-unknown-illumos.dependencies] bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.4.0", default-features = false, features = ["std"] } -errno = { version = "0.3.2", default-features = false, features = ["std"] } +errno = { version = "0.3.8", default-features = false, features = ["std"] } mio = { version = "0.8.9", features = ["net", "os-ext"] } once_cell = { version = "1.19.0", features = ["unstable"] } -rustix = { version = "0.38.25", features = ["fs", "termios"] } +rustix = { version = "0.38.30", features = ["fs", "termios"] } toml_datetime = { version = "0.6.5", default-features = false, features = ["serde"] } toml_edit-cdcf2f9584511fe6 = { package = "toml_edit", version = "0.19.15", features = ["serde"] } [target.x86_64-unknown-illumos.build-dependencies] bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.4.0", default-features = false, features = ["std"] } -errno = { version = "0.3.2", default-features = false, features = ["std"] } +errno = { version = "0.3.8", default-features = false, features = ["std"] } mio = { version = "0.8.9", features = ["net", "os-ext"] } once_cell = { version = "1.19.0", features = ["unstable"] } -rustix = { version = "0.38.25", features = ["fs", "termios"] } +rustix = { version = "0.38.30", features = ["fs", "termios"] } toml_datetime = { version = "0.6.5", default-features = false, features = ["serde"] } toml_edit-cdcf2f9584511fe6 = { package = "toml_edit", version = "0.19.15", features = ["serde"] }