diff --git a/man/sysupdate.d.xml b/man/sysupdate.d.xml
index df3aaf7f387..a28d231f22a 100644
--- a/man/sysupdate.d.xml
+++ b/man/sysupdate.d.xml
@@ -595,10 +595,10 @@
If the source type is selected as url-file or
url-tar this must be a HTTP/HTTPS URL. The URL is suffixed with
- /SHA256SUMS to acquire the manifest file, with
- /SHA256SUMS.gpg to acquire the detached signature file for it, and with the file
- names listed in the manifest file in case an update is executed and a resource shall be
- downloaded.
+ the value assigned to the Manifest variable to acquire the manifest file. If the
+ manifest name is /SHA256SUMS the detached signature file for it will be acquired (if
+ verification is enabled),and with the file names listed in the manifest file in case an update is
+ executed and a resource shall be downloaded.
For all other source resource types this must be a local path in the file system, referring to
a local directory to find the versions of this resource in.
@@ -606,6 +606,15 @@
+
+ Manifest=
+
+ Specifies the filename of the manifest. Defaults to /SHA256SUMS.
+ Overriding the Manifest disables verification.
+
+
+
+
MatchPattern=
diff --git a/src/sysupdate/sysupdate-resource.c b/src/sysupdate/sysupdate-resource.c
index 842722c6825..417d343906f 100644
--- a/src/sysupdate/sysupdate-resource.c
+++ b/src/sysupdate/sysupdate-resource.c
@@ -35,6 +35,7 @@ void resource_destroy(Resource *rr) {
assert(rr);
free(rr->path);
+ free(rr->manifest);
strv_free(rr->patterns);
for (size_t i = 0; i < rr->n_instances; i++)
@@ -268,7 +269,7 @@ static int download_manifest(
char **ret_buffer,
size_t *ret_size) {
- _cleanup_free_ char *buffer = NULL, *suffixed_url = NULL;
+ _cleanup_free_ char *buffer = NULL;
_cleanup_close_pair_ int pfd[2] = EBADF_PAIR;
_cleanup_fclose_ FILE *manifest = NULL;
size_t size = 0;
@@ -279,17 +280,11 @@ static int download_manifest(
assert(ret_buffer);
assert(ret_size);
- /* Download a SHA256SUMS file as manifest */
-
- r = import_url_append_component(url, "SHA256SUMS", &suffixed_url);
- if (r < 0)
- return log_error_errno(r, "Failed to append SHA256SUMS to URL: %m");
-
if (pipe2(pfd, O_CLOEXEC) < 0)
return log_error_errno(errno, "Failed to allocate pipe: %m");
log_info("%s Acquiring manifest file %s%s", special_glyph(SPECIAL_GLYPH_DOWNLOAD),
- suffixed_url, special_glyph(SPECIAL_GLYPH_ELLIPSIS));
+ url, special_glyph(SPECIAL_GLYPH_ELLIPSIS));
r = safe_fork_full("(sd-pull)",
(int[]) { -EBADF, pfd[1], STDERR_FILENO },
@@ -306,7 +301,7 @@ static int download_manifest(
"raw",
"--direct", /* just download the specified URL, don't download anything else */
"--verify", verify_signature ? "signature" : "no", /* verify the manifest file */
- suffixed_url,
+ url,
"-", /* write to stdout */
NULL
};
@@ -353,6 +348,7 @@ static int resource_load_from_web(
Hashmap **web_cache) {
size_t manifest_size = 0, left = 0;
+ _cleanup_free_ char *suffixed_url = NULL;
_cleanup_free_ char *buf = NULL;
const char *manifest, *p;
size_t line_nr = 1;
@@ -370,7 +366,13 @@ static int resource_load_from_web(
} else {
log_debug("Manifest web cache miss for %s.", rr->path);
- r = download_manifest(rr->path, verify, &buf, &manifest_size);
+ /* Download a SHA256SUMS file as manifest */
+
+ r = import_url_append_component(rr->path, rr->manifest, &suffixed_url);
+ if (r < 0)
+ return log_error_errno(r, "Failed to append manifest name to URL: %m");
+
+ r = download_manifest(suffixed_url, verify, &buf, &manifest_size);
if (r < 0)
return r;
diff --git a/src/sysupdate/sysupdate-resource.h b/src/sysupdate/sysupdate-resource.h
index 1bcbe0f8e5d..50065f73548 100644
--- a/src/sysupdate/sysupdate-resource.h
+++ b/src/sysupdate/sysupdate-resource.h
@@ -85,6 +85,7 @@ struct Resource {
char *path;
bool path_auto; /* automatically find root path (only available if target resource, not source resource) */
PathRelativeTo path_relative_to;
+ char *manifest; /* Manifest file name (Default: SHA256SUMS)*/
char **patterns;
GptPartitionType partition_type;
bool partition_type_set;
diff --git a/src/sysupdate/sysupdate-transfer.c b/src/sysupdate/sysupdate-transfer.c
index f81c3c18a1e..5a0f34bacd0 100644
--- a/src/sysupdate/sysupdate-transfer.c
+++ b/src/sysupdate/sysupdate-transfer.c
@@ -504,6 +504,7 @@ int transfer_read_definition(Transfer *t, const char *path, const char **dirs, H
{ "Transfer", "RequisiteFeatures", config_parse_strv, 0, &t->requisite_features },
{ "Source", "Type", config_parse_resource_type, 0, &t->source.type },
{ "Source", "Path", config_parse_resource_path, 0, &t->source },
+ { "Source", "Manifest", config_parse_string, 0, &t->source.manifest },
{ "Source", "PathRelativeTo", config_parse_resource_path_relto, 0, &t->source.path_relative_to },
{ "Source", "MatchPattern", config_parse_resource_pattern, 0, &t->source.patterns },
{ "Target", "Type", config_parse_resource_type, 0, &t->target.type },
@@ -603,6 +604,14 @@ int transfer_read_definition(Transfer *t, const char *path, const char **dirs, H
return log_syntax(NULL, LOG_ERR, path, 1, SYNTHETIC_ERRNO(EINVAL),
"Source specification lacks Path=.");
+ if (!t->source.manifest)
+ t->source.manifest = strdup("SHA256SUMS");
+
+ if (t->verify && ! streq(t->source.manifest, "SHA256SUMS")) {
+ log_warning("Only SHA256SUMS is supported for manifest verification. Disabling verification.");
+ t->verify = false;
+ }
+
if (t->source.path_relative_to == PATH_RELATIVE_TO_EXPLICIT && !arg_transfer_source)
return log_syntax(NULL, LOG_ERR, path, 1, SYNTHETIC_ERRNO(EINVAL),
"PathRelativeTo=explicit requires --transfer-source= to be specified.");