feat(gondor): cleanup gondor invocations (#1241)

* `supervisor`: instead of wrapping another python script, sanitizes the
input, and exports it to systemd
* `orb-hil`: instead of calling gondor, use `zorb` from the runner to
query supervisor's job
* `update-agent`: consume `version_overwrite`, if that is provided,
overwrite `/etc/os-release` with that value.

The `gondor` binary will be removed from `development` builds, and be
replaced by an alias to `zorb`querying
`supervisor`.

This is a development feature to quickly allow developers to OTA to
whatever they wish.
PR is spread upon commits touching the different crates separately

Author: sfikastheo

hil/src/commands/ota/mod.rs

@@ -109,16 +109,29 @@ impl Ota {
             })?;
         info!("System time synchronized");
 
-        info!("Starting OTA via gondor-calls-for-ota");
-        let start_timestamp =
-            system::kickoff_update_agent_for_ota(&session, &self.target_version)
-                .await
-                .inspect_err(|e| {
-                    println!("OTA_RESULT=FAILED");
-                    println!("OTA_ERROR=OTA_KICKOFF_FAILED: {e}");
-                })?;
+        info!("Starting OTA");
+        let orb_id = orb_config
+            .orb_id
+            .as_deref()
+            .wrap_err("orb-id is required to kick off OTA")?;
+        let host = self
+            .remote
+            .hostname
+            .as_deref()
+            .wrap_err("--hostname (orb IP) is required to kick off OTA")?;
+        let start_timestamp = system::kickoff_update_agent_for_ota(
+            &session,
+            &self.target_version,
+            orb_id,
+            host,
+        )
+        .await
+        .inspect_err(|e| {
+            println!("OTA_RESULT=FAILED");
+            println!("OTA_ERROR=OTA_KICKOFF_FAILED: {e}");
+        })?;
         info!(
-            "gondor-calls-for-ota completed, start timestamp: {}",
+            "OTA kickoff completed, start timestamp: {}",
             start_timestamp
         );
 

hil/src/commands/ota/system.rs

@@ -4,8 +4,6 @@ use color_eyre::{
     Result,
 };
 
-const GONDOR_CALLS_FOR_OTA_PATH: &str = "/usr/local/bin/gondor-calls-for-ota";
-
 /// Reboot the Orb device using orb-mcu-util and shutdown
 pub async fn reboot_orb(session: &RemoteSession) -> Result<()> {
     session
@@ -66,42 +64,37 @@ fn parse_slot_from_output(output: &str) -> Result<String> {
     Ok(format!("slot_{slot_letter}"))
 }
 
-/// Kick off the update-agent flow for OTA using gondor-calls-for-ota.
-///
-/// The target is passed through verbatim; gondor itself handles stripping any
-/// `-{platform}-{release}` suffix, rewriting `/etc/os-release`, and restarting
-/// the update agent.
+/// Kick off the update-agent flow for OTA.
 pub async fn kickoff_update_agent_for_ota(
     session: &RemoteSession,
     target_version: &str,
+    orb_id: &str,
+    orb_ip: &str,
 ) -> Result<String> {
     let start_timestamp = get_current_timestamp(session).await?;
 
-    let escaped_target = shell_single_quote_escape(target_version.trim());
-    let command =
-        format!("TERM=dumb sudo {GONDOR_CALLS_FOR_OTA_PATH} '{escaped_target}'");
-    let result = session
-        .execute_command(&command)
+    let payload = serde_json::json!({
+        "version": target_version.trim(),
+        "restart": true,
+    })
+    .to_string();
+
+    let output = tokio::process::Command::new("zorb")
+        .args(["-o", orb_id, "-r", orb_ip])
+        .args(["query", "supervisor/job/gondor", &payload])
+        .output()
         .await
-        .wrap_err("Failed to execute gondor-calls-for-ota")?;
+        .wrap_err("failed to spawn zorb on the runner")?;
 
     ensure!(
-        result.is_success(),
-        "gondor-calls-for-ota failed: {}",
-        if result.stderr.trim().is_empty() {
-            result.stdout.trim()
-        } else {
-            result.stderr.trim()
-        }
+        output.status.success(),
+        "failed to trigger OTA: {}",
+        String::from_utf8_lossy(&output.stderr).trim()
     );
 
     Ok(start_timestamp)
 }
 
-fn shell_single_quote_escape(value: &str) -> String {
-    value.replace('\'', "'\"'\"'")
-}
-
 /// Wait for system time to be synchronized via NTP/chrony
 pub async fn wait_for_time_sync(session: &RemoteSession) -> Result<()> {
     use std::time::Duration;
@@ -207,12 +200,6 @@ pub async fn get_current_timestamp(session: &RemoteSession) -> Result<String> {
 mod tests {
     use super::*;
 
-    #[test]
-    fn shell_single_quote_escape_escapes_correctly() {
-        let escaped = shell_single_quote_escape("abc'def");
-        assert_eq!(escaped, "abc'\"'\"'def");
-    }
-
     #[test]
     fn parse_chrony_reference_id_returns_id_when_synced() {
         let output = "Reference ID    : C035676C (ptbtime1.ptb.de)\n\

orb-info/Cargo.toml

@@ -27,7 +27,7 @@ orb-token = [
 serde = ["dep:serde"]
 
 [dependencies]
-derive_more.workspace = true
+derive_more = { workspace = true, features = ["display", "from_str"] }
 hex = { workspace = true, optional = true }
 orb-attest-dbus = { workspace = true, optional = true }
 serde = { workspace = true, optional = true, features = ["derive"] }

orb-info/src/orb_os_release.rs

@@ -1,4 +1,4 @@
-use derive_more::Display;
+use derive_more::{Display, FromStr};
 use std::collections::HashMap;
 use thiserror::Error;
 
@@ -20,7 +20,7 @@ pub enum ReadErr {
     UnknownPlatformType(String),
 }
 
-#[derive(Display, Debug, Clone, PartialEq, Eq, Copy)]
+#[derive(Display, FromStr, Debug, Clone, PartialEq, Eq, Copy)]
 pub enum OrbOsPlatform {
     #[display("diamond")]
     Diamond,
@@ -29,29 +29,29 @@ pub enum OrbOsPlatform {
     Pearl,
 }
 
-#[derive(Display, Debug, Copy, Clone, PartialEq, Eq)]
+#[derive(Display, FromStr, Debug, Copy, Clone, PartialEq, Eq)]
 pub enum OrbRelease {
+    #[display("analysis")]
+    Analysis,
     #[display("dev")]
     Dev,
-    #[display("service")]
-    Service,
     #[display("prod")]
     Prod,
+    #[display("service")]
+    Service,
     #[display("stage")]
     Stage,
-    #[display("analysis")]
-    Analysis,
 }
 
 impl OrbRelease {
     pub fn as_str(&self) -> &str {
         use OrbRelease::*;
         match self {
+            Analysis => "analysis",
             Dev => "dev",
-            Service => "service",
-            Stage => "staging",
             Prod => "prod",
-            Analysis => "analysis",
+            Service => "service",
+            Stage => "stage",
         }
     }
 }

supervisor/src/main.rs

@@ -3,7 +3,7 @@ use clap::{
     Parser,
 };
 use color_eyre::eyre::WrapErr as _;
-use orb_info::OrbId;
+use orb_info::{orb_os_release::OrbOsRelease, OrbId};
 use orb_supervisor::startup::{Application, Settings};
 use tracing::debug;
 use zenorb::Zenorb;
@@ -44,6 +44,9 @@ async fn main() -> color_eyre::Result<()> {
         debug!(?settings, "starting supervisor with settings");
 
         let orb_id = OrbId::read().await.wrap_err("failed to read orb id")?;
+        let os_release = OrbOsRelease::read()
+            .await
+            .wrap_err("failed to read orb os release metadata")?;
         let zenorb = Zenorb::from_cfg(zenorb::default_cfg())
             .orb_id(orb_id)
             .with_name("supervisor")
@@ -54,7 +57,7 @@ async fn main() -> color_eyre::Result<()> {
             .await
             .wrap_err("failed to build supervisor")?;
 
-        application.run().await
+        application.run(os_release).await
     }
     .await;
     telemetry.flush().await;

supervisor/src/startup.rs

@@ -1,7 +1,8 @@
-use std::{path::PathBuf, time::Duration};
+use std::time::Duration;
 
 use color_eyre::eyre::WrapErr as _;
 use futures::{future::TryFutureExt as _, FutureExt as _};
+use orb_info::orb_os_release::OrbOsRelease;
 use tracing::debug;
 use zbus::{Connection, ConnectionBuilder};
 use zenorb::Zenorb;
@@ -12,8 +13,11 @@ use crate::{
     proxies::core::{
         SIGNUP_PROXY_DEFAULT_OBJECT_PATH, SIGNUP_PROXY_DEFAULT_WELL_KNOWN_NAME,
     },
-    tasks,
-    tasks::zoci::GONDOR_BIN,
+    tasks::{
+        self,
+        update::UPDATE_AGENT_SERVICE,
+        zoci::{ZociContext, UPDATE_AGENT_VERSION},
+    },
 };
 
 pub const DBUS_WELL_KNOWN_NAME: &str = "org.worldcoin.OrbSupervisor1";
@@ -42,7 +46,6 @@ pub struct Settings {
     pub well_known_name: String,
     pub download_throttle: Duration,
     pub stop_core_after_signup: Duration,
-    pub gondor_bin: PathBuf,
 }
 
 impl Settings {
@@ -57,7 +60,6 @@ impl Settings {
             well_known_name: DBUS_WELL_KNOWN_NAME.to_string(),
             download_throttle: DEFAULT_DURATION_TO_ALLOW_DOWNLOADS,
             stop_core_after_signup: DURATION_TO_STOP_CORE_AFTER_LAST_SIGNUP,
-            gondor_bin: PathBuf::from(GONDOR_BIN),
         }
     }
 }
@@ -149,15 +151,22 @@ impl Application {
     }
 
     /// Runs `Application` by spawning its constituent tasks.
-    pub async fn run(self) -> color_eyre::Result<()> {
+    pub async fn run(self, os_release: OrbOsRelease) -> color_eyre::Result<()> {
         let signup_started_task =
             tasks::spawn_signup_started_task(&self.settings, &self.session_connection)
                 .await?;
 
-        let _ =
-            tasks::spawn_zoci_receiver(&self.zenorb, self.settings.gondor_bin.clone())
-                .await
-                .wrap_err("failed to spawn zoci receiver")?;
+        let _ = tasks::spawn_zoci_receiver(
+            &self.zenorb,
+            ZociContext {
+                os_release,
+                system_conn: self.system_connection.clone(),
+                update_agent_unit: UPDATE_AGENT_SERVICE,
+                target_version_env: UPDATE_AGENT_VERSION,
+            },
+        )
+        .await
+        .wrap_err("failed to spawn zoci receiver")?;
 
         let ((),) = tokio::try_join!(
             // All tasks are joined here

supervisor/src/tasks/update.rs

@@ -10,6 +10,8 @@ use zbus_systemd::systemd1;
 
 use crate::consts::WORLDCOIN_CORE_UNIT_NAME;
 
+pub const UPDATE_AGENT_SERVICE: &str = "worldcoin-update-agent.service";
+
 /// Calculates the instant that is `stop_core_after_signup` after the last signup event.
 fn calculate_stop_deadline(
     last_signup_started_event: Instant,
@@ -94,7 +96,7 @@ pub fn spawn_start_update_agent_after_core_shutdown_task(
         }
         info!("calling `org.freedesktop.systemd1.Manager.StartUnit` to start update agent");
         proxy
-            .start_unit("worldcoin-update-agent.service".into(), "replace".into())
+            .start_unit(UPDATE_AGENT_SERVICE.into(), "replace".into())
             .await
             .map(|_| {})
             .map_err(Into::into)