From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 1690D1FF165 for ; Thu, 23 Oct 2025 10:32:44 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 71B5B38A7; Thu, 23 Oct 2025 10:33:11 +0200 (CEST) Date: Thu, 23 Oct 2025 10:33:04 +0200 From: Fabian =?iso-8859-1?q?Gr=FCnbichler?= To: Maximiliano Sandoval , pmg-devel@lists.proxmox.com References: <20251022120617.281408-1-m.sandoval@proxmox.com> In-Reply-To: <20251022120617.281408-1-m.sandoval@proxmox.com> MIME-Version: 1.0 User-Agent: astroid/0.17.0 (https://github.com/astroidmail/astroid) Message-Id: <1761208153.v9a42qgts0.astroid@yuna.none> X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1761208379493 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.048 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pmg-devel] [PATCH pmg-api] use fingerprint-sha256 option for fingerprints X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pmg-devel-bounces@lists.proxmox.com Sender: "pmg-devel" On October 22, 2025 2:06 pm, Maximiliano Sandoval wrote: > The previous parameter had a regex expression that allowed letters [A-Z] > instead of [A-F] and it was uppercase-only. > > Tested via: > > ``` > pmgcm join $HOST --fingerprint $FINGERPRINT > pmgcm status > ``` > > Additionally it was tested that 'pmgcm status' worked after changing the > fingerprints at /etc/pmg/cluster.conf to lowercase. > > Here $FINGERPRINT was modified so it contained both upper-and-lowercase > characters. Isn't this basically a v4 of an older series of yours, with suggestions/diffs by Stoiko folded in? https://lore.proxmox.com/pmg-devel/20241111132057.0ea5b2c2@rosa.proxmox.com/ > Signed-off-by: Maximiliano Sandoval > --- > src/PMG/API2/Cluster.pm | 9 ++++----- > src/PMG/CLI/pmgcm.pm | 12 ++++++------ > src/PMG/ClusterConfig.pm | 12 +++++++----- > 3 files changed, 17 insertions(+), 16 deletions(-) > > diff --git a/src/PMG/API2/Cluster.pm b/src/PMG/API2/Cluster.pm > index fbfbcfc2..69096df6 100644 > --- a/src/PMG/API2/Cluster.pm > +++ b/src/PMG/API2/Cluster.pm > @@ -421,11 +421,7 @@ __PACKAGE__->register_method({ > type => 'string', > format => 'ip', > }, > - fingerprint => { > - description => "SSL certificate fingerprint.", > - type => 'string', > - pattern => '^(:?[A-Z0-9][A-Z0-9]:){31}[A-Z0-9][A-Z0-9]$', > - }, > + fingerprint => get_standard_option('fingerprint-sha256'), > password => { > description => "Superuser password.", > type => 'string', > @@ -439,6 +435,9 @@ __PACKAGE__->register_method({ > > my $rpcenv = PMG::RESTEnvironment->get(); > my $authuser = $rpcenv->get_user(); > + if (my $fp = $param->{fingerprint}) { > + $param->{fingerprint} = uc($fp); > + } > > my $realcmd = sub { > my $cinfo = PMG::ClusterConfig->new(); > diff --git a/src/PMG/CLI/pmgcm.pm b/src/PMG/CLI/pmgcm.pm > index 401f6801..07ea0741 100644 > --- a/src/PMG/CLI/pmgcm.pm > +++ b/src/PMG/CLI/pmgcm.pm > @@ -6,6 +6,7 @@ use Data::Dumper; > use POSIX qw(strftime); > use JSON; > > +use PVE::JSONSchema qw(get_standard_option); > use PVE::SafeSyslog; > use PVE::Tools qw(extract_param); > use PVE::INotify; > @@ -171,18 +172,17 @@ __PACKAGE__->register_method({ > type => 'string', > format => 'ip', > }, > - fingerprint => { > - description => "SSL certificate fingerprint.", > - type => 'string', > - pattern => '^(:?[A-Z0-9][A-Z0-9]:){31}[A-Z0-9][A-Z0-9]$', > - optional => 1, > - }, > + fingerprint => get_standard_option('fingerprint-sha256'), > }, > }, > returns => { type => 'null' }, > code => sub { > my ($param) = @_; > > + if (my $fp = $param->{fingerprint}) { > + $param->{fingerprint} = uc($fp); > + } > + > my $code = sub { > my $cinfo = PMG::ClusterConfig->new(); > > diff --git a/src/PMG/ClusterConfig.pm b/src/PMG/ClusterConfig.pm > index bf8405c0..eeab326b 100644 > --- a/src/PMG/ClusterConfig.pm > +++ b/src/PMG/ClusterConfig.pm > @@ -75,11 +75,7 @@ sub properties { > type => 'string', > pattern => valid_ssh_pubkey_regex(), > }, > - fingerprint => { > - description => "SSL certificate fingerprint.", > - type => 'string', > - pattern => '^(:?[A-Z0-9][A-Z0-9]:){31}[A-Z0-9][A-Z0-9]$', > - }, > + fingerprint => PVE::JSONSchema::get_standard_option('fingerprint-sha256'), > }; > } > > @@ -203,6 +199,8 @@ sub read_cluster_conf { > $maxcid = $d->{maxcid} if defined($d->{maxcid}) && $d->{maxcid} > $maxcid; > $cinfo->{master} = $d if $d->{type} eq 'master'; > $cinfo->{'local'} = $d if $d->{name} eq $localname; > + > + $d->{fingerprint} = uc($d->{fingerprint}); > } > > if ($maxcid) { > @@ -224,6 +222,10 @@ sub read_cluster_conf { > sub write_cluster_conf { > my ($filename, $fh, $cfg) = @_; > > + foreach my $entry (values %{ $cfg->{ids} }) { > + $entry->{fingerprint} = uc($entry->{fingerprint}); > + } this should not be needed, since the reader above already mangles it.. > + > my $raw = PMG::ClusterConfig::Base->write_config($filename, $cfg); > > PVE::Tools::safe_print($filename, $fh, $raw); > -- > 2.47.3 > > > > _______________________________________________ > pmg-devel mailing list > pmg-devel@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel > > > _______________________________________________ pmg-devel mailing list pmg-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel