Skip to content

Commit ded072c

Browse files
karencfvkarencfv
authored
[inventory] record caboose SIGN value (#8021)
Cabooses for RoT archives and RoT bootloader archives (but not SP archives) contain a SIGN key that's a hash of the public key that the RoT needs its software signed by. Software that's updating the RoT or RoT bootloader needs this information to choose the appropriate Hubris archive. This commit collects the value during inventory, so Reconfigurator will have it available. Closes: #7914
1 parent 70534c9 commit ded072c

File tree

17 files changed

+89
-48
lines changed

17 files changed

+89
-48
lines changed

dev-tools/omdb/src/bin/omdb/db.rs

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6767,6 +6767,8 @@ async fn cmd_db_inventory_cabooses(
67676767
git_commit: String,
67686768
name: String,
67696769
version: String,
6770+
#[tabled(display_with = "option_impl_display")]
6771+
sign: Option<String>,
67706772
}
67716773

67726774
use nexus_db_schema::schema::sw_caboose::dsl;
@@ -6785,6 +6787,7 @@ async fn cmd_db_inventory_cabooses(
67856787
name: caboose.name,
67866788
version: caboose.version,
67876789
git_commit: caboose.git_commit,
6790+
sign: caboose.sign,
67886791
});
67896792
let table = tabled::Table::new(rows)
67906793
.with(tabled::settings::Style::empty())
@@ -7133,6 +7136,8 @@ async fn inv_collection_print_devices(
71337136
name: &'a str,
71347137
version: &'a str,
71357138
git_commit: &'a str,
7139+
#[tabled(display_with = "option_impl_display")]
7140+
sign: &'a Option<String>,
71367141
}
71377142

71387143
println!(" cabooses:");
@@ -7146,6 +7151,7 @@ async fn inv_collection_print_devices(
71467151
name: &found_caboose.caboose.name,
71477152
version: &found_caboose.caboose.version,
71487153
git_commit: &found_caboose.caboose.git_commit,
7154+
sign: &found_caboose.caboose.sign,
71497155
})
71507156
.collect();
71517157
let table = tabled::Table::new(caboose_rows)

nexus/db-model/src/inventory.rs

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -458,6 +458,7 @@ pub struct SwCaboose {
458458
pub git_commit: String,
459459
pub name: String,
460460
pub version: String,
461+
pub sign: Option<String>,
461462
}
462463

463464
impl From<Caboose> for SwCaboose {
@@ -468,6 +469,7 @@ impl From<Caboose> for SwCaboose {
468469
git_commit: c.git_commit,
469470
name: c.name,
470471
version: c.version,
472+
sign: c.sign,
471473
}
472474
}
473475
}
@@ -479,6 +481,7 @@ impl From<SwCaboose> for Caboose {
479481
git_commit: row.git_commit,
480482
name: row.name,
481483
version: row.version,
484+
sign: row.sign,
482485
}
483486
}
484487
}

nexus/db-model/src/schema_versions.rs

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ use std::{collections::BTreeMap, sync::LazyLock};
1616
///
1717
/// This must be updated when you change the database schema. Refer to
1818
/// schema/crdb/README.adoc in the root of this repository for details.
19-
pub const SCHEMA_VERSION: Version = Version::new(140, 0, 0);
19+
pub const SCHEMA_VERSION: Version = Version::new(141, 0, 0);
2020

2121
/// List of all past database schema versions, in *reverse* order
2222
///
@@ -28,6 +28,7 @@ static KNOWN_VERSIONS: LazyLock<Vec<KnownVersion>> = LazyLock::new(|| {
2828
// | leaving the first copy as an example for the next person.
2929
// v
3030
// KnownVersion::new(next_int, "unique-dirname-with-the-sql-files"),
31+
KnownVersion::new(141, "caboose-sign-value"),
3132
KnownVersion::new(140, "instance-intended-state"),
3233
KnownVersion::new(139, "webhooks"),
3334
KnownVersion::new(138, "saga-abandoned-state"),

nexus/db-queries/src/db/datastore/inventory.rs

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@ use diesel::IntoSql;
1818
use diesel::JoinOnDsl;
1919
use diesel::NullableExpressionMethods;
2020
use diesel::OptionalExtension;
21+
use diesel::PgExpressionMethods;
2122
use diesel::QueryDsl;
2223
use diesel::Table;
2324
use diesel::expression::SelectableHelper;
@@ -554,7 +555,7 @@ impl DataStore {
554555
// - `hw_baseboard` with an "id" primary key and lookup columns
555556
// "part_number" and "serial_number"
556557
// - `sw_caboose` with an "id" primary key and lookup columns
557-
// "board", "git_commit", "name", and "version"
558+
// "board", "git_commit", "name", "version", and "sign"
558559
// - `inv_caboose` with foreign keys "hw_baseboard_id",
559560
// "sw_caboose_id", and various other columns
560561
//
@@ -596,7 +597,8 @@ impl DataStore {
596597
// AND sw_caboose.board = ...
597598
// AND sw_caboose.git_commit = ...
598599
// AND sw_caboose.name = ...
599-
// AND sw_caboose.version = ...;
600+
// AND sw_caboose.version = ...
601+
// AND sw_caboose.sign IS NOT DISTINCT FROM ...;
600602
//
601603
// Again, the whole point is to avoid back-and-forth between the
602604
// client and the database. Those back-and-forth interactions can
@@ -642,6 +644,9 @@ impl DataStore {
642644
)
643645
.and(dsl_sw_caboose::version.eq(
644646
found_caboose.caboose.version.clone(),
647+
))
648+
.and(dsl_sw_caboose::sign.is_not_distinct_from(
649+
found_caboose.caboose.sign.clone(),
645650
)),
646651
),
647652
)

nexus/db-schema/src/schema.rs

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1476,6 +1476,7 @@ table! {
14761476
git_commit -> Text,
14771477
name -> Text,
14781478
version -> Text,
1479+
sign -> Nullable<Text>,
14791480
}
14801481
}
14811482

nexus/inventory/src/builder.rs

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -717,6 +717,7 @@ mod test {
717717
git_commit: String::from("git_commit_1"),
718718
name: String::from("name_1"),
719719
version: String::from("version_1"),
720+
sign: Some(String::from("sign_1")),
720721
};
721722
for bb in &common_caboose_baseboards {
722723
let _ = collection.sps.get(*bb).unwrap();
@@ -1105,7 +1106,7 @@ mod test {
11051106
git_commit: String::from("git_commit1"),
11061107
name: String::from("name1"),
11071108
version: String::from("version1"),
1108-
sign: None,
1109+
sign: Some(String::from("sign1")),
11091110
epoch: None,
11101111
};
11111112
assert!(
@@ -1125,7 +1126,7 @@ mod test {
11251126
"reporting caboose for unknown baseboard: \
11261127
BaseboardId { part_number: \"p1\", serial_number: \"bogus\" } \
11271128
(Caboose { board: \"board1\", git_commit: \"git_commit1\", \
1128-
name: \"name1\", version: \"version1\" })"
1129+
name: \"name1\", version: \"version1\", sign: Some(\"sign1\") })"
11291130
);
11301131
assert!(
11311132
!builder
@@ -1177,7 +1178,7 @@ mod test {
11771178
git_commit: String::from("git_commit2"),
11781179
name: String::from("name2"),
11791180
version: String::from("version2"),
1180-
sign: None,
1181+
sign: Some(String::from("sign2")),
11811182
epoch: None,
11821183
},
11831184
)

nexus/inventory/src/collector.rs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -449,8 +449,8 @@ mod test {
449449
for c in &collection.cabooses {
450450
write!(
451451
&mut s,
452-
" board {:?} name {:?} version {:?} git_commit {:?}\n",
453-
c.board, c.name, c.version, c.git_commit,
452+
" board {:?} name {:?} version {:?} git_commit {:?} sign {:?}\n",
453+
c.board, c.name, c.version, c.git_commit, c.sign,
454454
)
455455
.unwrap();
456456
}

nexus/inventory/src/examples.rs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -540,7 +540,7 @@ pub fn caboose(unique: &str) -> SpComponentCaboose {
540540
git_commit: format!("git_commit_{}", unique),
541541
name: format!("name_{}", unique),
542542
version: format!("version_{}", unique),
543-
sign: None,
543+
sign: Some(format!("sign_{}", unique)),
544544
epoch: None,
545545
}
546546
}

nexus/inventory/tests/output/collector_basic.txt

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -7,18 +7,18 @@ baseboards:
77
part "sim-gimlet" serial "sim-9cb9b78f-5614-440c-b66d-e8e81fab69b0"
88

99
cabooses:
10-
board "SimGimletSp" name "SimGimlet" version "0.0.1" git_commit "fefefefe"
11-
board "SimGimletSp" name "SimGimlet" version "0.0.2" git_commit "ffffffff"
12-
board "SimRot" name "SimGimletRot" version "0.0.3" git_commit "edededed"
13-
board "SimRot" name "SimSidecarRot" version "0.0.3" git_commit "edededed"
14-
board "SimRot" name "SimGimletRot" version "0.0.4" git_commit "eeeeeeee"
15-
board "SimRot" name "SimSidecarRot" version "0.0.4" git_commit "eeeeeeee"
16-
board "SimRotStage0" name "SimGimletRot" version "0.0.200" git_commit "dadadadad"
17-
board "SimRotStage0" name "SimSidecarRot" version "0.0.200" git_commit "dadadadad"
18-
board "SimRotStage0" name "SimGimletRot" version "0.0.200" git_commit "ddddddddd"
19-
board "SimRotStage0" name "SimSidecarRot" version "0.0.200" git_commit "ddddddddd"
20-
board "SimSidecarSp" name "SimSidecar" version "0.0.1" git_commit "fefefefe"
21-
board "SimSidecarSp" name "SimSidecar" version "0.0.2" git_commit "ffffffff"
10+
board "SimGimletSp" name "SimGimlet" version "0.0.1" git_commit "fefefefe" sign None
11+
board "SimGimletSp" name "SimGimlet" version "0.0.2" git_commit "ffffffff" sign None
12+
board "SimRot" name "SimGimletRot" version "0.0.3" git_commit "edededed" sign Some("11594bb5548a757e918e6fe056e2ad9e084297c9555417a025d8788eacf55daf")
13+
board "SimRot" name "SimSidecarRot" version "0.0.3" git_commit "edededed" sign Some("11594bb5548a757e918e6fe056e2ad9e084297c9555417a025d8788eacf55daf")
14+
board "SimRot" name "SimGimletRot" version "0.0.4" git_commit "eeeeeeee" sign Some("11594bb5548a757e918e6fe056e2ad9e084297c9555417a025d8788eacf55daf")
15+
board "SimRot" name "SimSidecarRot" version "0.0.4" git_commit "eeeeeeee" sign Some("11594bb5548a757e918e6fe056e2ad9e084297c9555417a025d8788eacf55daf")
16+
board "SimRotStage0" name "SimGimletRot" version "0.0.200" git_commit "dadadadad" sign Some("11594bb5548a757e918e6fe056e2ad9e084297c9555417a025d8788eacf55daf")
17+
board "SimRotStage0" name "SimSidecarRot" version "0.0.200" git_commit "dadadadad" sign Some("11594bb5548a757e918e6fe056e2ad9e084297c9555417a025d8788eacf55daf")
18+
board "SimRotStage0" name "SimGimletRot" version "0.0.200" git_commit "ddddddddd" sign Some("11594bb5548a757e918e6fe056e2ad9e084297c9555417a025d8788eacf55daf")
19+
board "SimRotStage0" name "SimSidecarRot" version "0.0.200" git_commit "ddddddddd" sign Some("11594bb5548a757e918e6fe056e2ad9e084297c9555417a025d8788eacf55daf")
20+
board "SimSidecarSp" name "SimSidecar" version "0.0.1" git_commit "fefefefe" sign None
21+
board "SimSidecarSp" name "SimSidecar" version "0.0.2" git_commit "ffffffff" sign None
2222

2323
rot pages:
2424
data_base64 "Z2ltbGV0LWNmcGEtYWN0aXZlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="

nexus/inventory/tests/output/collector_errors.txt

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -5,18 +5,18 @@ baseboards:
55
part "i86pc" serial "SimGimlet01"
66

77
cabooses:
8-
board "SimGimletSp" name "SimGimlet" version "0.0.1" git_commit "fefefefe"
9-
board "SimGimletSp" name "SimGimlet" version "0.0.2" git_commit "ffffffff"
10-
board "SimRot" name "SimGimletRot" version "0.0.3" git_commit "edededed"
11-
board "SimRot" name "SimSidecarRot" version "0.0.3" git_commit "edededed"
12-
board "SimRot" name "SimGimletRot" version "0.0.4" git_commit "eeeeeeee"
13-
board "SimRot" name "SimSidecarRot" version "0.0.4" git_commit "eeeeeeee"
14-
board "SimRotStage0" name "SimGimletRot" version "0.0.200" git_commit "dadadadad"
15-
board "SimRotStage0" name "SimSidecarRot" version "0.0.200" git_commit "dadadadad"
16-
board "SimRotStage0" name "SimGimletRot" version "0.0.200" git_commit "ddddddddd"
17-
board "SimRotStage0" name "SimSidecarRot" version "0.0.200" git_commit "ddddddddd"
18-
board "SimSidecarSp" name "SimSidecar" version "0.0.1" git_commit "fefefefe"
19-
board "SimSidecarSp" name "SimSidecar" version "0.0.2" git_commit "ffffffff"
8+
board "SimGimletSp" name "SimGimlet" version "0.0.1" git_commit "fefefefe" sign None
9+
board "SimGimletSp" name "SimGimlet" version "0.0.2" git_commit "ffffffff" sign None
10+
board "SimRot" name "SimGimletRot" version "0.0.3" git_commit "edededed" sign Some("11594bb5548a757e918e6fe056e2ad9e084297c9555417a025d8788eacf55daf")
11+
board "SimRot" name "SimSidecarRot" version "0.0.3" git_commit "edededed" sign Some("11594bb5548a757e918e6fe056e2ad9e084297c9555417a025d8788eacf55daf")
12+
board "SimRot" name "SimGimletRot" version "0.0.4" git_commit "eeeeeeee" sign Some("11594bb5548a757e918e6fe056e2ad9e084297c9555417a025d8788eacf55daf")
13+
board "SimRot" name "SimSidecarRot" version "0.0.4" git_commit "eeeeeeee" sign Some("11594bb5548a757e918e6fe056e2ad9e084297c9555417a025d8788eacf55daf")
14+
board "SimRotStage0" name "SimGimletRot" version "0.0.200" git_commit "dadadadad" sign Some("11594bb5548a757e918e6fe056e2ad9e084297c9555417a025d8788eacf55daf")
15+
board "SimRotStage0" name "SimSidecarRot" version "0.0.200" git_commit "dadadadad" sign Some("11594bb5548a757e918e6fe056e2ad9e084297c9555417a025d8788eacf55daf")
16+
board "SimRotStage0" name "SimGimletRot" version "0.0.200" git_commit "ddddddddd" sign Some("11594bb5548a757e918e6fe056e2ad9e084297c9555417a025d8788eacf55daf")
17+
board "SimRotStage0" name "SimSidecarRot" version "0.0.200" git_commit "ddddddddd" sign Some("11594bb5548a757e918e6fe056e2ad9e084297c9555417a025d8788eacf55daf")
18+
board "SimSidecarSp" name "SimSidecar" version "0.0.1" git_commit "fefefefe" sign None
19+
board "SimSidecarSp" name "SimSidecar" version "0.0.2" git_commit "ffffffff" sign None
2020

2121
rot pages:
2222
data_base64 "Z2ltbGV0LWNmcGEtYWN0aXZlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="

nexus/inventory/tests/output/collector_sled_agent_errors.txt

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -6,18 +6,18 @@ baseboards:
66
part "sim-gimlet" serial "sim-9cb9b78f-5614-440c-b66d-e8e81fab69b0"
77

88
cabooses:
9-
board "SimGimletSp" name "SimGimlet" version "0.0.1" git_commit "fefefefe"
10-
board "SimGimletSp" name "SimGimlet" version "0.0.2" git_commit "ffffffff"
11-
board "SimRot" name "SimGimletRot" version "0.0.3" git_commit "edededed"
12-
board "SimRot" name "SimSidecarRot" version "0.0.3" git_commit "edededed"
13-
board "SimRot" name "SimGimletRot" version "0.0.4" git_commit "eeeeeeee"
14-
board "SimRot" name "SimSidecarRot" version "0.0.4" git_commit "eeeeeeee"
15-
board "SimRotStage0" name "SimGimletRot" version "0.0.200" git_commit "dadadadad"
16-
board "SimRotStage0" name "SimSidecarRot" version "0.0.200" git_commit "dadadadad"
17-
board "SimRotStage0" name "SimGimletRot" version "0.0.200" git_commit "ddddddddd"
18-
board "SimRotStage0" name "SimSidecarRot" version "0.0.200" git_commit "ddddddddd"
19-
board "SimSidecarSp" name "SimSidecar" version "0.0.1" git_commit "fefefefe"
20-
board "SimSidecarSp" name "SimSidecar" version "0.0.2" git_commit "ffffffff"
9+
board "SimGimletSp" name "SimGimlet" version "0.0.1" git_commit "fefefefe" sign None
10+
board "SimGimletSp" name "SimGimlet" version "0.0.2" git_commit "ffffffff" sign None
11+
board "SimRot" name "SimGimletRot" version "0.0.3" git_commit "edededed" sign Some("11594bb5548a757e918e6fe056e2ad9e084297c9555417a025d8788eacf55daf")
12+
board "SimRot" name "SimSidecarRot" version "0.0.3" git_commit "edededed" sign Some("11594bb5548a757e918e6fe056e2ad9e084297c9555417a025d8788eacf55daf")
13+
board "SimRot" name "SimGimletRot" version "0.0.4" git_commit "eeeeeeee" sign Some("11594bb5548a757e918e6fe056e2ad9e084297c9555417a025d8788eacf55daf")
14+
board "SimRot" name "SimSidecarRot" version "0.0.4" git_commit "eeeeeeee" sign Some("11594bb5548a757e918e6fe056e2ad9e084297c9555417a025d8788eacf55daf")
15+
board "SimRotStage0" name "SimGimletRot" version "0.0.200" git_commit "dadadadad" sign Some("11594bb5548a757e918e6fe056e2ad9e084297c9555417a025d8788eacf55daf")
16+
board "SimRotStage0" name "SimSidecarRot" version "0.0.200" git_commit "dadadadad" sign Some("11594bb5548a757e918e6fe056e2ad9e084297c9555417a025d8788eacf55daf")
17+
board "SimRotStage0" name "SimGimletRot" version "0.0.200" git_commit "ddddddddd" sign Some("11594bb5548a757e918e6fe056e2ad9e084297c9555417a025d8788eacf55daf")
18+
board "SimRotStage0" name "SimSidecarRot" version "0.0.200" git_commit "ddddddddd" sign Some("11594bb5548a757e918e6fe056e2ad9e084297c9555417a025d8788eacf55daf")
19+
board "SimSidecarSp" name "SimSidecar" version "0.0.1" git_commit "fefefefe" sign None
20+
board "SimSidecarSp" name "SimSidecar" version "0.0.2" git_commit "ffffffff" sign None
2121

2222
rot pages:
2323
data_base64 "Z2ltbGV0LWNmcGEtYWN0aXZlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="

nexus/types/src/inventory.rs

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -260,6 +260,9 @@ pub struct Caboose {
260260
pub git_commit: String,
261261
pub name: String,
262262
pub version: String,
263+
// The sign will generally be present for production RoT and RoT bootloader images.
264+
// It's currently absent from SP images and could be absent from RoT images as well.
265+
pub sign: Option<String>,
263266
}
264267

265268
impl From<gateway_client::types::SpComponentCaboose> for Caboose {
@@ -269,6 +272,7 @@ impl From<gateway_client::types::SpComponentCaboose> for Caboose {
269272
git_commit: c.git_commit,
270273
name: c.name,
271274
version: c.version,
275+
sign: c.sign,
272276
}
273277
}
274278
}

schema/crdb/caboose-sign-value/up01.sql

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
ALTER TABLE omicron.public.sw_caboose
2+
ADD COLUMN IF NOT EXISTS sign TEXT; -- nullable

schema/crdb/caboose-sign-value/up02.sql

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
DROP INDEX IF EXISTS omicron.public.sw_caboose@caboose_properties;

schema/crdb/caboose-sign-value/up03.sql

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
CREATE UNIQUE INDEX IF NOT EXISTS caboose_properties
2+
on omicron.public.sw_caboose (board, git_commit, name, version, sign);

schema/crdb/caboose-sign-value/up04.sql

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
CREATE UNIQUE INDEX IF NOT EXISTS caboose_properties_no_sign
2+
on omicron.public.sw_caboose (board, git_commit, name, version)
3+
WHERE sign IS NULL;

schema/crdb/dbinit.sql

Lines changed: 15 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3375,10 +3375,22 @@ CREATE TABLE IF NOT EXISTS omicron.public.sw_caboose (
33753375
board TEXT NOT NULL,
33763376
git_commit TEXT NOT NULL,
33773377
name TEXT NOT NULL,
3378-
version TEXT NOT NULL
3378+
version TEXT NOT NULL,
3379+
sign TEXT -- nullable
33793380
);
3381+
3382+
/*
3383+
* We use a complete and a partial index to ensure uniqueness.
3384+
* This is necessary because the sign column is NULLable, but in SQL, NULL values
3385+
* are considered distinct. That means that a single complete index on all of these
3386+
* columns would allow duplicate rows where sign is NULL, which we don't want.
3387+
*/
33803388
CREATE UNIQUE INDEX IF NOT EXISTS caboose_properties
3381-
on omicron.public.sw_caboose (board, git_commit, name, version);
3389+
on omicron.public.sw_caboose (board, git_commit, name, version, sign);
3390+
3391+
CREATE UNIQUE INDEX IF NOT EXISTS caboose_properties_no_sign
3392+
on omicron.public.sw_caboose (board, git_commit, name, version)
3393+
WHERE sign IS NULL;
33823394

33833395
/* root of trust pages: this table assigns unique ids to distinct RoT CMPA
33843396
and CFPA page contents, each of which is a 512-byte blob */
@@ -5504,7 +5516,7 @@ INSERT INTO omicron.public.db_metadata (
55045516
version,
55055517
target_version
55065518
) VALUES
5507-
(TRUE, NOW(), NOW(), '140.0.0', NULL)
5519+
(TRUE, NOW(), NOW(), '141.0.0', NULL)
55085520
ON CONFLICT DO NOTHING;
55095521

55105522
COMMIT;

0 commit comments

Comments
 (0)