dbus: rauc: allow restricting installation to a specific manifest_hash

This makes sure that an user gets exact the bundle they intended to
install, e.g. the bundle was not replaced by a newer one on the server
or otherwise tampered with.

Signed-off-by: Leonard Göhrs <[email protected]>

Author: hnez

openapi.yaml

@@ -1107,6 +1107,8 @@ components:
       properties:
         url:
           type: string
+        manifest_hash:
+          type: string
 
     UpdateChannels:
       type: array

src/dbus/rauc.rs

@@ -117,13 +117,17 @@ impl From<(i32, String, i32)> for Progress {
 #[derive(Serialize, Deserialize, Clone)]
 #[serde(from = "UpdateRequestDe")]
 pub struct UpdateRequest {
+    pub manifest_hash: Option<String>,
     pub url: Option<String>,
 }
 
 #[derive(Deserialize)]
 #[serde(untagged)]
 enum UpdateRequestDe {
-    UrlObject { url: Option<String> },
+    UrlAndHash {
+        manifest_hash: Option<String>,
+        url: Option<String>,
+    },
     UrlOnly(String),
 }
 
@@ -132,8 +136,11 @@ impl From<UpdateRequestDe> for UpdateRequest {
         // Provide API backward compatibility by allowing either just a String
         // as argument or a map with url and manifest hash inside.
         match de {
-            UpdateRequestDe::UrlObject { url } => Self { url },
-            UpdateRequestDe::UrlOnly(url) => Self { url: Some(url) },
+            UpdateRequestDe::UrlAndHash { manifest_hash, url } => Self { manifest_hash, url },
+            UpdateRequestDe::UrlOnly(url) => Self {
+                manifest_hash: None,
+                url: Some(url),
+            },
         }
     }
 }
@@ -579,7 +586,14 @@ impl Rauc {
                 // Poor-mans validation. It feels wrong to let someone point to any
                 // file on the TAC from the web interface.
                 if url.starts_with("http://") || url.starts_with("https://") {
-                    let args = HashMap::new();
+                    let manifest_hash: Option<zbus::zvariant::Value> =
+                        update_request.manifest_hash.map(|mh| mh.into());
+
+                    let mut args = HashMap::new();
+
+                    if let Some(manifest_hash) = &manifest_hash {
+                        args.insert("require-manifest-hash", manifest_hash);
+                    }
 
                     if let Err(e) = proxy.install_bundle(&url, args).await {
                         error!("Failed to install bundle: {}", e);

src/ui/screens/update_available.rs

@@ -126,6 +126,7 @@ impl Selection {
             Highlight::Channel(ch) => {
                 let req = UpdateRequest {
                     url: Some(self.channels[ch].url.clone()),
+                    manifest_hash: None,
                 };
 
                 install.set(req);