dbus: rauc: add manifest_hash und effective_url to UpstreamBundle

The RAUC native polling interface provides more information than
just the basic `compatible` and `version` fields.
Among these extra informations are the following:

  - `manifest_hash`

    By using the `manifest_hash` in the `InstallBundle` call we can
    (cryptographically) ensure that the exact bundle (content) that the
    user agreed to install is actually being installed and that no switch
    has happened in between.

  - `effective_url`

    This is the bundle URL after all HTTP redirects have been followed.
    This is e.g. relevant when a "clever" update server is used that
    redirects poll requests to specific bundles to e.g. implement staged
    rollouts or prevents updates from incompatible bundle versions.

    By using this one can ensure that the bundle URL used matches
    the `manifest_hash` provided and that the redirects did not change
    (e.g. because the next step in a staged update was reached)
    between the last poll and the user accepting an update.

The update dialog on the LCD is updated to use this mechanism now,
while the web interface will be updated later.

Signed-off-by: Leonard Göhrs <l.goehrs@pengutronix.de>

Author: hnez

openapi.yaml

@@ -1141,6 +1141,10 @@ components:
                 type: string
               version:
                 type: string,
+              manifest_hash:
+                type: string,
+              effective_url:
+                type: string,
               newer_than_installed:
                 type: boolean
 

src/dbus/rauc.rs

@@ -553,11 +553,20 @@ impl Rauc {
                     }
                 };
 
+                let upstream_bundle = match primary.bundle.as_ref() {
+                    Some(us) => us,
+                    None => {
+                        warn!("Got install request with no upstream bundle info available yet");
+                        continue
+                    }
+                };
+
                 let url = match &update_request.url {
-                    None => &primary.url,
+                    None => &upstream_bundle.effective_url,
+                    Some(url) if url == &upstream_bundle.effective_url => &upstream_bundle.effective_url,
                     Some(url) if url == &primary.url => &primary.url,
                     Some(_) => {
-                        warn!("Got install request with URL not matching primary channel URL");
+                        warn!("Got install request with URL matching neither channel URL nor effective bundle URL");
                         continue;
                     }
                 };

src/dbus/rauc/update_channels.rs

@@ -39,6 +39,8 @@ const ONE_DAY: Duration = Duration::from_secs(24 * 60 * 60);
 pub struct UpstreamBundle {
     pub compatible: String,
     pub version: String,
+    pub manifest_hash: String,
+    pub effective_url: String,
     pub newer_than_installed: bool,
 }
 
@@ -219,12 +221,18 @@ impl Channels {
             zvariant_walk_nested_dicts(&poll_status, &["manifest", "update", "compatible"])?;
         let version: &zvariant::Str =
             zvariant_walk_nested_dicts(&poll_status, &["manifest", "update", "version"])?;
+        let manifest_hash: &zvariant::Str =
+            zvariant_walk_nested_dicts(&poll_status, &["manifest", "manifest-hash"])?;
+        let effective_url: &zvariant::Str =
+            zvariant_walk_nested_dicts(&poll_status, &["bundle", "effective-url"])?;
         let newer_than_installed: &bool =
             zvariant_walk_nested_dicts(&poll_status, &["update-available"])?;
 
         if let Some(pb) = self.0.iter().find_map(|ch| ch.bundle.as_ref()) {
             if compatible == pb.compatible.as_str()
                 && version == pb.version.as_str()
+                && manifest_hash == pb.manifest_hash.as_str()
+                && effective_url == pb.effective_url.as_str()
                 && *newer_than_installed == pb.newer_than_installed
             {
                 return Ok(false);
@@ -237,6 +245,8 @@ impl Channels {
             primary.bundle = Some(UpstreamBundle {
                 compatible: compatible.as_str().into(),
                 version: version.as_str().into(),
+                manifest_hash: manifest_hash.as_str().into(),
+                effective_url: effective_url.as_str().into(),
                 newer_than_installed: *newer_than_installed,
             });
         }

src/ui/screens/update_available.rs

@@ -22,6 +22,7 @@ use async_trait::async_trait;
 use embedded_graphics::{
     mono_font::MonoTextStyle, pixelcolor::BinaryColor, prelude::*, text::Text,
 };
+use log::error;
 use serde::{Deserialize, Serialize};
 
 use super::widgets::*;
@@ -124,12 +125,16 @@ impl Selection {
     fn perform(&self, alerts: &Arc<Topic<AlertList>>, install: &Arc<Topic<UpdateRequest>>) {
         match self.highlight {
             Highlight::Channel(ch) => {
-                let req = UpdateRequest {
-                    url: Some(self.channels[ch].url.clone()),
-                    manifest_hash: None,
-                };
+                if let Some(bundle) = &self.channels[ch].bundle {
+                    let req = UpdateRequest {
+                        url: Some(bundle.effective_url.clone()),
+                        manifest_hash: Some(bundle.manifest_hash.clone()),
+                    };
 
-                install.set(req);
+                    install.set(req);
+                } else {
+                    error!("Update channel is missing upstream bundle information.");
+                };
             }
             Highlight::Dismiss => alerts.deassert(SCREEN_TYPE),
         }