Add logic for mupdate override/artifacts for measurements

[labbott]

No description provided.

[jgallagher]

Are artifacts distributed as a part of the TUF repo artifact replication? If so, I don't think this function is right - we should be asking the artifact store to read files on our behalf, not going underneath it directly to the dataset. Although now that I'm writing this, I see we don't do that for zones. That doesn't seem right to me, but maybe it's okay? (cc @sunshowers / @iliana who maybe discussed this before?)

We do go through the artifact store for host OS images:

omicron/sled-agent/config-reconciler/src/host_phase_2.rs

Lines 286 to 289 in f7a9801

	let artifact =
	artifact_store.get_artifact(desired).await.map_err(|err| {
	BootPartitionError::MissingDesiredArtifact { desired, err }
	})?;

Either way, we'll also need to update the cross-checks between the config reconciler and the artifact store to avoid both directions of error: the artifact store removing measurements we need or us ledgering a config that references a measurement that hasn't yet been replicated to the store:

omicron/sled-agent/config-reconciler/src/ledger.rs

Lines 622 to 632 in f7a9801

	// Helper to return all the `ArtifactHash`es contained in a config.
	fn config_artifact_hashes(
	config: &OmicronSledConfig,
	) -> impl Iterator<Item = ArtifactHash> + '_ {
	config
	.zones
	.iter()
	.filter_map(|zone| zone.image_source.artifact_hash())
	.chain(config.host_phase_2.slot_a.artifact_hash())
	.chain(config.host_phase_2.slot_b.artifact_hash())
	}

[labbott]

Yeah I definitely based this logic off of the zones. I'll give this a look.

[iliana]

For zones I think it makes sense to read the zone images directly out of the artifact store. (The path is directly provided to zoneadm, iirc.) But if we're copying these files then I think we ought to use the similar flow as the host phase 2 image where we use get_artifact and do an io::copy into whatever file we're writing to.

[labbott]

we're not copying the files. the paths are getting passed down to sprockets which will eventually just read the file into memory.

[iliana]

OK. Then I think going underneath the artifact store to get the path is fine, and arguably I should add a method that just gives you a path to an artifact and clean up the zone side of things too.