Deploy an update server

[EliRibble]

Google's Client Update Protocol is open. There exists a Python 2 implementation but that company has stopped supporting it and now has gone closed-source.

We need a way to securely offer updates to our client. This protocol is a good one, we might as well use it.

[EliRibble]

I created a fork of the Python 2 server. It's a Django app that expects to have a Redis database and a Postgres database. That's not necessarily bad, but likely to be heavier to deploy than we really need for now.

There's Nebraska from the Flatcar Linux project. It's in Golang and also uses Postgres, but not Redis, and may be lighter to deploy. It also does authentication via OIDC.

[EliRibble]

Okay, I was previously lightly familiar with Omaha. It's really just a decomposition of some of the aspects of TLS in order to reduce total round trips and make better use of caching. In other words, the protocol is an optimization over TLS.

I'll just do updates over TLS. Sheesh.