Update Rust crate tough to 0.15

Cargo.toml

@@ -367,7 +367,7 @@ tokio = "1.33.0"
 tokio-postgres = { version = "0.7", features = [ "with-chrono-0_4", "with-uuid-1" ] }
 tokio-stream = "0.1.14"
 tokio-tungstenite = "0.18"
-tokio-util = "0.7.10"
+tokio-util = { version = "0.7.10", features = ["io", "io-util"] }
 toml = "0.8.8"
 toml_edit = "0.21.0"
 topological-sort = "0.2.2"

nexus/Cargo.toml

@@ -12,6 +12,7 @@ anyhow.workspace = true
 assert_matches.workspace = true
 async-trait.workspace = true
 base64.workspace = true
+buf-list.workspace = true
 cancel-safe-futures.workspace = true
 camino.workspace = true
 clap.workspace = true

nexus/src/app/update/mod.rs

@@ -69,14 +69,14 @@ impl super::Nexus {
                 ),
             })?;
 
-        let artifacts = tokio::task::spawn_blocking(move || {
-            crate::updates::read_artifacts(&trusted_root, base_url)
-        })
-        .await
-        .unwrap()
-        .map_err(|e| Error::InternalError {
-            internal_message: format!("error trying to refresh updates: {}", e),
-        })?;
+        let artifacts = crate::updates::read_artifacts(&trusted_root, base_url)
+            .await
+            .map_err(|e| Error::InternalError {
+                internal_message: format!(
+                    "error trying to refresh updates: {}",
+                    e
+                ),
+            })?;
 
         // FIXME: if we hit an error in any of these database calls, the
         // available artifact table will be out of sync with the current

nexus/src/updates.rs

@@ -2,38 +2,39 @@
 // License, v. 2.0. If a copy of the MPL was not distributed with this
 // file, You can obtain one at https://mozilla.org/MPL/2.0/.
 
+use buf_list::BufList;
+use futures::TryStreamExt;
 use nexus_db_queries::db;
 use omicron_common::update::ArtifactsDocument;
 use std::convert::TryInto;
 
 // TODO(iliana): make async/.await. awslabs/tough#213
-pub(crate) fn read_artifacts(
+pub(crate) async fn read_artifacts(
     trusted_root: &[u8],
     mut base_url: String,
 ) -> Result<
     Vec<db::model::UpdateArtifact>,
     Box<dyn std::error::Error + Send + Sync>,
 > {
-    use std::io::Read;
-
     if !base_url.ends_with('/') {
         base_url.push('/');
     }
 
     let repository = tough::RepositoryLoader::new(
-        trusted_root,
+        &trusted_root,
         format!("{}metadata/", base_url).parse()?,
         format!("{}targets/", base_url).parse()?,
     )
-    .load()?;
+    .load()
+    .await?;
 
-    let mut artifact_document = Vec::new();
-    match repository.read_target(&"artifacts.json".parse()?)? {
-        Some(mut target) => target.read_to_end(&mut artifact_document)?,
-        None => return Err("artifacts.json missing".into()),
-    };
+    let artifact_document =
+        match repository.read_target(&"artifacts.json".parse()?).await? {
+            Some(target) => target.try_collect::<BufList>().await?,
+            None => return Err("artifacts.json missing".into()),
+        };
     let artifacts: ArtifactsDocument =
-        serde_json::from_slice(&artifact_document)?;
+        serde_json::from_reader(buf_list::Cursor::new(&artifact_document))?;
 
     let valid_until = repository
         .root()

tufaceous-lib/Cargo.toml

@@ -7,6 +7,7 @@ publish = false
 
 [dependencies]
 anyhow = { workspace = true, features = ["backtrace"] }
+async-trait.workspace = true
 buf-list.workspace = true
 bytes.workspace = true
 bytesize = { workspace = true, features = ["serde"] }
@@ -16,6 +17,7 @@ chrono.workspace = true
 debug-ignore.workspace = true
 flate2.workspace = true
 fs-err.workspace = true
+futures.workspace = true
 hex.workspace = true
 hubtools.workspace = true
 itertools.workspace = true
@@ -36,3 +38,4 @@ omicron-workspace-hack.workspace = true
 
 [dev-dependencies]
 omicron-test-utils.workspace = true
+tokio = { workspace = true, features = ["test-util"] }

tufaceous-lib/src/artifact.rs

@@ -127,7 +127,7 @@ pub struct HostPhaseImages {
 }
 
 impl HostPhaseImages {
-    pub fn extract<R: io::Read>(reader: R) -> Result<Self> {
+    pub fn extract<R: io::BufRead>(reader: R) -> Result<Self> {
         let mut phase_1 = Vec::new();
         let mut phase_2 = Vec::new();
         Self::extract_into(
@@ -138,13 +138,12 @@ impl HostPhaseImages {
         Ok(Self { phase_1: phase_1.into(), phase_2: phase_2.into() })
     }
 
-    pub fn extract_into<R: io::Read, W: io::Write>(
+    pub fn extract_into<R: io::BufRead, W: io::Write>(
         reader: R,
         phase_1: W,
         phase_2: W,
     ) -> Result<()> {
-        let uncompressed =
-            flate2::bufread::GzDecoder::new(BufReader::new(reader));
+        let uncompressed = flate2::bufread::GzDecoder::new(reader);
         let mut archive = tar::Archive::new(uncompressed);
 
         let mut oxide_json_found = false;
@@ -248,7 +247,7 @@ pub struct RotArchives {
 }
 
 impl RotArchives {
-    pub fn extract<R: io::Read>(reader: R) -> Result<Self> {
+    pub fn extract<R: io::BufRead>(reader: R) -> Result<Self> {
         let mut archive_a = Vec::new();
         let mut archive_b = Vec::new();
         Self::extract_into(
@@ -259,13 +258,12 @@ impl RotArchives {
         Ok(Self { archive_a: archive_a.into(), archive_b: archive_b.into() })
     }
 
-    pub fn extract_into<R: io::Read, W: io::Write>(
+    pub fn extract_into<R: io::BufRead, W: io::Write>(
         reader: R,
         archive_a: W,
         archive_b: W,
     ) -> Result<()> {
-        let uncompressed =
-            flate2::bufread::GzDecoder::new(BufReader::new(reader));
+        let uncompressed = flate2::bufread::GzDecoder::new(reader);
         let mut archive = tar::Archive::new(uncompressed);
 
         let mut oxide_json_found = false;

tufaceous-lib/src/assemble/build.rs

@@ -44,7 +44,7 @@ impl OmicronRepoAssembler {
         self
     }
 
-    pub fn build(&self) -> Result<()> {
+    pub async fn build(&self) -> Result<()> {
         let (build_dir, is_temp) = match &self.build_dir {
             Some(dir) => (dir.clone(), false),
             None => {
@@ -61,7 +61,7 @@ impl OmicronRepoAssembler {
 
         slog::info!(self.log, "assembling repository in `{build_dir}`");
 
-        match self.build_impl(&build_dir) {
+        match self.build_impl(&build_dir).await {
             Ok(()) => {
                 if is_temp {
                     slog::debug!(self.log, "assembly successful, cleaning up");
@@ -92,15 +92,17 @@ impl OmicronRepoAssembler {
         Ok(())
     }
 
-    fn build_impl(&self, build_dir: &Utf8Path) -> Result<()> {
+    async fn build_impl(&self, build_dir: &Utf8Path) -> Result<()> {
         let mut repository = OmicronRepo::initialize(
             &self.log,
             build_dir,
             self.manifest.system_version.clone(),
             self.keys.clone(),
             self.expiry,
-        )?
-        .into_editor()?;
+        )
+        .await?
+        .into_editor()
+        .await?;
 
         // Add all the artifacts.
         for (kind, entries) in &self.manifest.artifacts {
@@ -118,10 +120,11 @@ impl OmicronRepoAssembler {
         }
 
         // Write out the repository.
-        repository.sign_and_finish(self.keys.clone(), self.expiry)?;
+        repository.sign_and_finish(self.keys.clone(), self.expiry).await?;
 
         // Now reopen the repository to archive it into a zip file.
         let repo2 = OmicronRepo::load_untrusted(&self.log, build_dir)
+            .await
             .context("error reopening repository to archive")?;
         repo2
             .archive(&self.output_path)

tufaceous-lib/src/key.rs

@@ -5,6 +5,7 @@ use ring::rand::SecureRandom;
 use ring::signature::Ed25519KeyPair;
 use std::fmt::Display;
 use std::str::FromStr;
+use tough::async_trait;
 use tough::key_source::KeySource;
 use tough::sign::{Sign, SignKeyPair};
 
@@ -38,30 +39,32 @@ impl Key {
     }
 }
 
+#[async_trait]
 impl Sign for Key {
     fn tuf_key(&self) -> tough::schema::key::Key {
         self.as_sign().tuf_key()
     }
 
-    fn sign(
+    async fn sign(
         &self,
         msg: &[u8],
-        rng: &dyn SecureRandom,
+        rng: &(dyn SecureRandom + Sync),
     ) -> Result<Vec<u8>, Box<dyn std::error::Error + Send + Sync + 'static>>
     {
-        self.as_sign().sign(msg, rng)
+        self.as_sign().sign(msg, rng).await
     }
 }
 
+#[async_trait]
 impl KeySource for Key {
-    fn as_sign(
+    async fn as_sign(
         &self,
     ) -> Result<Box<dyn Sign>, Box<dyn std::error::Error + Send + Sync + 'static>>
     {
         Ok(Box::new(self.clone()))
     }
 
-    fn write(
+    async fn write(
         &self,
         _value: &str,
         _key_id_hex: &str,