Skip to content

[upgrade] HTTPS/GitHub auto-fetch (ironcache upgrade --to latest) #394

Description

@ELares

Part of the upgrade epic, Phase 0-1 follow-up to #387. The mechanism (#393) takes a LOCAL --binary + --sha256sums; add the convenience fetch so ironcache upgrade --to latest (or --to <version>) downloads + verifies them itself - the "easy upgrade" UX.

Scope: a BinarySource impl (the trait + a LocalFile impl already exist) that fetches the target tarball + SHA256SUMS (+ the signature once #386 lands) from GitHub Releases (releases/latest or a tag) or a configured artifact URL. Reuse the pinned tokio-rustls/ring already in the workspace for HTTPS (a minimal bounded HTTP/1.1 GET, like the console's httpclient) - do NOT add reqwest/hyper (musl + cargo-deny posture). Verify the download against SHA256SUMS (the existing Verifier) before it ever reaches the swap. Bounded (size cap + timeout), resumable-not-required.

Acceptance: ironcache upgrade --to latest on a node with network fetches, verifies, and upgrades with the same SAVE-first + health-gate + auto-rollback path as the local-file flow. Depends on: #393 (the mechanism); composes with #386 (verify anchor).

Metadata

Metadata

Assignees

No one assigned

    Labels

    area:upgradeBinary self-upgrade (ironcache upgrade) workstreamenhancementNew feature or requestsub-issueGranular child task split out from a parent design issue

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions