From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from gate001.proxmox.com (gate001.proxmox.com [IPv6:2a0f:8001:1:32::40]) by lore.proxmox.com (Postfix) with ESMTPS id 4166C1FF150 for ; Mon, 06 Jul 2026 14:28:55 +0200 (CEST) Received: from gate001.proxmox.com (localhost.localdomain [127.0.0.1]) by gate001.proxmox.com (Proxmox) with ESMTP id 110282143C; Mon, 06 Jul 2026 14:28:55 +0200 (CEST) Message-ID: <1151e42c-eaa4-416d-8ee0-3434341b1e7c@proxmox.com> Date: Mon, 6 Jul 2026 14:28:50 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird From: Robert Obkircher Subject: Re: [PATCH proxmox-backup v3 03/15] pbs-config: use proxmox-product-config::replace_secret_config() To: Christian Ebner , pbs-devel@lists.proxmox.com References: <20260701140412.200920-1-c.ebner@proxmox.com> <20260701140412.200920-4-c.ebner@proxmox.com> Content-Language: en-US, de-AT In-Reply-To: <20260701140412.200920-4-c.ebner@proxmox.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1783340924308 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.000 Adjusted score from AWL reputation of From: address DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment (newer systems) SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: IUIYZ2BP272NPQTJVJ45XQF5N352GQPA X-Message-ID-Hash: IUIYZ2BP272NPQTJVJ45XQF5N352GQPA X-MailFrom: r.obkircher@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Backup Server development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On 01.07.26 16:04, Christian Ebner wrote: > Instead of using the pbs-config local implementation, use the product > general implementation, dropping the local one instead. > > Since proxmox-product-config::replace_secret_config() requires the > api- and priv-user to be initialized, any calling codepath must > guarantee to have run proxmox-product-config::init() once, so do > that for proxmox-tape as well, while proxy, api and manager are > already initializing it. > > Signed-off-by: Christian Ebner > --- > pbs-config/Cargo.toml | 1 + > pbs-config/src/lib.rs | 17 ----------------- > pbs-config/src/notifications.rs | 5 ++++- > src/bin/proxmox-tape.rs | 8 ++++++++ > src/tape/encryption_keys.rs | 3 ++- > 5 files changed, 15 insertions(+), 19 deletions(-) > > diff --git a/pbs-config/Cargo.toml b/pbs-config/Cargo.toml > index 04687cb59..d07b4de89 100644 > --- a/pbs-config/Cargo.toml > +++ b/pbs-config/Cargo.toml > @@ -23,6 +23,7 @@ proxmox-http.workspace = true > proxmox-lang.workspace = true > proxmox-notify.workspace = true > proxmox-router = { workspace = true, default-features = false } > +proxmox-product-config.workspace = true > proxmox-s3-client.workspace = true > proxmox-schema.workspace = true > proxmox-section-config.workspace = true > diff --git a/pbs-config/src/lib.rs b/pbs-config/src/lib.rs > index a194d70ac..1d32d23e2 100644 > --- a/pbs-config/src/lib.rs > +++ b/pbs-config/src/lib.rs > @@ -139,23 +139,6 @@ pub fn replace_backup_config>(path: P, data: &[u8]) -> > Ok(()) > } > > -/// Atomically write data to file owned by "root:root" with permission "0600" > -/// > -/// Only the superuser can read and write those files. > -pub fn replace_secret_config>(path: P, data: &[u8]) -> Result<(), Error> { > - let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600); > - // set the correct owner/group/permissions while saving file > - // owner(rw) = root, group(r)= root > - let options = proxmox_sys::fs::CreateOptions::new() > - .perm(mode) > - .owner(nix::unistd::ROOT) > - .group(nix::unistd::Gid::from_raw(0)); > - > - proxmox_sys::fs::replace_file(path, data, options, true)?; > - > - Ok(()) > -} > - > /// Detect modified configuration files > /// > /// This function fails with a reasonable error message if checksums do not match. > diff --git a/pbs-config/src/notifications.rs b/pbs-config/src/notifications.rs > index 3ee019f23..cbdbcee7a 100644 > --- a/pbs-config/src/notifications.rs > +++ b/pbs-config/src/notifications.rs > @@ -35,7 +35,10 @@ pub fn config() -> Result { > pub fn save_config(config: Config) -> Result<(), Error> { > let (cfg, priv_cfg) = config.write()?; > crate::replace_backup_config(NOTIFICATION_CONFIG_PATH, cfg.as_bytes())?; > - crate::replace_secret_config(NOTIFICATION_PRIV_CONFIG_PATH, priv_cfg.as_bytes())?; > + proxmox_product_config::replace_secret_config( > + NOTIFICATION_PRIV_CONFIG_PATH, > + priv_cfg.as_bytes(), > + )?; It is probably fine, but priv_user is no longer guaranteed to be root (in cfg(test))  > [..]