dbus: rauc: use a UpdateRequest object instead of a simple URL for install

hnez · hnez · commit 0833495804d2 · 2025-04-03T09:24:26.000+02:00
Right now the UpdateRequest object also only contains the URL,
just like before, but in the future we will at least add a
`manifest_hash` field that ensures that the user gets exactly
the update bundle they agreed to install.

The change is backwards-compatible. Incoming requests to the
`/v1/tac/update/install` endpoint are first parsed as JSON object
(the new UpdateRequest object) and if that fails as simple string
(the old URL string) and then transformed transparently.

Signed-off-by: Leonard Göhrs &lt;l.goehrs@pengutronix.de&gt;
diff --git a/openapi.yaml b/openapi.yaml
@@ -827,12 +827,12 @@ paths:
         content:
           application/json:
             schema:
-              type: string
+              $ref: '#/components/schemas/UpdateRequest'
       responses:
         '204':
-          description: The value was parsed as string and will be tried
+          description: The value was parsed successfully and will be tried
         '400':
-          description: The value could not be parsed as string
+          description: The value could not be parsed
 
   /v1/tac/update/channels:
     get:
@@ -1102,6 +1102,12 @@ components:
         nesting_depth:
           type: number
 
+    UpdateRequest:
+      type: object
+      properties:
+        url:
+          type: string
+
     UpdateChannels:
       type: array
       items:
diff --git a/src/dbus/rauc.rs b/src/dbus/rauc.rs
@@ -114,6 +114,30 @@ impl From<(i32, String, i32)> for Progress {
     }
 }
 
+#[derive(Serialize, Deserialize, Clone)]
+#[serde(from = "UpdateRequestDe")]
+pub struct UpdateRequest {
+    pub url: Option<String>,
+}
+
+#[derive(Deserialize)]
+#[serde(untagged)]
+enum UpdateRequestDe {
+    UrlObject { url: Option<String> },
+    UrlOnly(String),
+}
+
+impl From<UpdateRequestDe> for UpdateRequest {
+    fn from(de: UpdateRequestDe) -> Self {
+        // Provide API backward compatibility by allowing either just a String
+        // as argument or a map with url and manifest hash inside.
+        match de {
+            UpdateRequestDe::UrlObject { url } => Self { url },
+            UpdateRequestDe::UrlOnly(url) => Self { url: Some(url) },
+        }
+    }
+}
+
 type SlotStatus = HashMap<String, HashMap<String, String>>;
 
 pub struct Rauc {
@@ -123,7 +147,7 @@ pub struct Rauc {
     #[cfg_attr(feature = "demo_mode", allow(dead_code))]
     pub primary: Arc<Topic<String>>,
     pub last_error: Arc<Topic<String>>,
-    pub install: Arc<Topic<String>>,
+    pub install: Arc<Topic<UpdateRequest>>,
     pub channels: Arc<Topic<Channels>>,
     pub reload: Arc<Topic<bool>>,
     pub should_reboot: Arc<Topic<bool>>,
@@ -336,7 +360,7 @@ impl Rauc {
             slot_status: bb.topic_ro("/v1/tac/update/slots", None),
             primary: bb.topic_ro("/v1/tac/update/primary", None),
             last_error: bb.topic_ro("/v1/tac/update/last_error", None),
-            install: bb.topic_wo("/v1/tac/update/install", Some("".to_string())),
+            install: bb.topic_wo("/v1/tac/update/install", None),
             channels: bb.topic_ro("/v1/tac/update/channels", None),
             reload: bb.topic_wo("/v1/tac/update/channels/reload", Some(true)),
             should_reboot: bb.topic_ro("/v1/tac/update/should_reboot", Some(false)),
@@ -546,7 +570,12 @@ impl Rauc {
         wtb.spawn_task("rauc-forward-install", async move {
             let proxy = InstallerProxy::new(&conn_task).await.unwrap();
 
-            while let Some(url) = install_stream.next().await {
+            while let Some(update_request) = install_stream.next().await {
+                let url = match update_request.url {
+                    Some(url) => url,
+                    None => continue,
+                };
+
                 // Poor-mans validation. It feels wrong to let someone point to any
                 // file on the TAC from the web interface.
                 if url.starts_with("http://") || url.starts_with("https://") {
diff --git a/src/ui/screens/update_available.rs b/src/ui/screens/update_available.rs
@@ -30,7 +30,7 @@ use super::{
     InputEvent, Screen, Ui,
 };
 use crate::broker::Topic;
-use crate::dbus::rauc::{Channel, Channels};
+use crate::dbus::rauc::{Channel, Channels, UpdateRequest};
 use crate::watched_tasks::WatchedTasksBuilder;
 
 const SCREEN_TYPE: AlertScreen = AlertScreen::UpdateAvailable;
@@ -121,9 +121,15 @@ impl Selection {
         }
     }
 
-    fn perform(&self, alerts: &Arc<Topic<AlertList>>, install: &Arc<Topic<String>>) {
+    fn perform(&self, alerts: &Arc<Topic<AlertList>>, install: &Arc<Topic<UpdateRequest>>) {
         match self.highlight {
-            Highlight::Channel(ch) => install.set(self.channels[ch].url.clone()),
+            Highlight::Channel(ch) => {
+                let req = UpdateRequest {
+                    url: Some(self.channels[ch].url.clone()),
+                };
+
+                install.set(req);
+            }
             Highlight::Dismiss => alerts.deassert(SCREEN_TYPE),
         }
     }
@@ -136,7 +142,7 @@ pub struct UpdateAvailableScreen {
 struct Active {
     widgets: WidgetContainer,
     alerts: Arc<Topic<AlertList>>,
-    install: Arc<Topic<String>>,
+    install: Arc<Topic<UpdateRequest>>,
     selection: Arc<Topic<Selection>>,
 }
 
