From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pbs-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id A85351FF13B
	for <inbox@lore.proxmox.com>; Tue, 13 Jan 2026 14:45:31 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id CE5481841E;
	Tue, 13 Jan 2026 14:45:34 +0100 (CET)
Date: Tue, 13 Jan 2026 14:45:28 +0100
From: Fabian =?iso-8859-1?q?Gr=FCnbichler?= <f.gruenbichler@proxmox.com>
To: Proxmox Backup Server development discussion <pbs-devel@lists.proxmox.com>
References: <20260108112629.189670-1-s.rufinatscha@proxmox.com>
 <20260108112629.189670-8-s.rufinatscha@proxmox.com>
In-Reply-To: <20260108112629.189670-8-s.rufinatscha@proxmox.com>
MIME-Version: 1.0
User-Agent: astroid/0.17.0 (https://github.com/astroidmail/astroid)
Message-Id: <1768309690.hexc19ahy5.astroid@yuna.none>
X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2
X-Bm-Transport-Timestamp: 1768311887327
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.046 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: Re: [pbs-devel] [PATCH proxmox-backup v5 3/5] acme: drop local
 AcmeClient
X-BeenThere: pbs-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Backup Server development discussion
 <pbs-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pbs-devel/>
List-Post: <mailto:pbs-devel@lists.proxmox.com>
List-Help: <mailto:pbs-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox Backup Server development discussion
 <pbs-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pbs-devel-bounces@lists.proxmox.com
Sender: "pbs-devel" <pbs-devel-bounces@lists.proxmox.com>

On January 8, 2026 12:26 pm, Samuel Rufinatscha wrote:
> PBS currently uses its own ACME client and API logic, while PDM uses the
> factored out proxmox-acme and proxmox-acme-api crates. This duplication
> risks differences in behaviour and requires ACME maintenance in two
> places. This patch is part of a series to move PBS over to the shared
> ACME stack.
> 
> Changes:
> - Remove the local src/acme/client.rs and switch to
> proxmox_acme::async_client::AcmeClient where needed.
> - Use proxmox_acme_api::load_client_with_account to the custom
> AcmeClient::load() function
> - Replace the local do_register() logic with
> proxmox_acme_api::register_account, to further ensure accounts are persisted
> - Replace the local AcmeAccountName type, required for
> proxmox_acme_api::register_account
> 
> Signed-off-by: Samuel Rufinatscha <s.rufinatscha@proxmox.com>
> ---
>  src/acme/client.rs                     | 691 -------------------------
>  src/acme/mod.rs                        |   3 -
>  src/acme/plugin.rs                     |   2 +-
>  src/api2/config/acme.rs                |  50 +-
>  src/api2/node/certificates.rs          |   2 +-
>  src/api2/types/acme.rs                 |   8 -
>  src/bin/proxmox_backup_manager/acme.rs |  17 +-
>  src/config/acme/mod.rs                 |   8 +-
>  src/config/node.rs                     |   9 +-
>  9 files changed, 36 insertions(+), 754 deletions(-)
>  delete mode 100644 src/acme/client.rs
> 

[..]

> diff --git a/src/config/acme/mod.rs b/src/config/acme/mod.rs
> index ac89ae5e..e4639c53 100644
> --- a/src/config/acme/mod.rs
> +++ b/src/config/acme/mod.rs

I think this whole file should probably be replaced entirely by
proxmox-acme-api , which - AFAICT - would just require adding the
completion helpers there?

> @@ -6,10 +6,11 @@ use anyhow::{bail, format_err, Error};
>  use serde_json::Value;
>  
>  use pbs_api_types::PROXMOX_SAFE_ID_REGEX;
> +use proxmox_acme_api::AcmeAccountName;
>  use proxmox_sys::error::SysError;
>  use proxmox_sys::fs::{file_read_string, CreateOptions};
>  
> -use crate::api2::types::{AcmeAccountName, AcmeChallengeSchema, KnownAcmeDirectory};
> +use crate::api2::types::{AcmeChallengeSchema, KnownAcmeDirectory};
>  
>  pub(crate) const ACME_DIR: &str = pbs_buildcfg::configdir!("/acme");
>  pub(crate) const ACME_ACCOUNT_DIR: &str = pbs_buildcfg::configdir!("/acme/accounts");
> @@ -34,11 +35,6 @@ pub(crate) fn make_acme_dir() -> Result<(), Error> {
>      create_acme_subdir(ACME_DIR)
>  }
>  
> -pub(crate) fn make_acme_account_dir() -> Result<(), Error> {
> -    make_acme_dir()?;
> -    create_acme_subdir(ACME_ACCOUNT_DIR)
> -}
> -
>  pub const KNOWN_ACME_DIRECTORIES: &[KnownAcmeDirectory] = &[
>      KnownAcmeDirectory {
>          name: "Let's Encrypt V2",
> diff --git a/src/config/node.rs b/src/config/node.rs
> index 253b2e36..e4b66a20 100644
> --- a/src/config/node.rs
> +++ b/src/config/node.rs
> @@ -8,16 +8,15 @@ use pbs_api_types::{
>      EMAIL_SCHEMA, MULTI_LINE_COMMENT_SCHEMA, OPENSSL_CIPHERS_TLS_1_2_SCHEMA,
>      OPENSSL_CIPHERS_TLS_1_3_SCHEMA,
>  };
> +use proxmox_acme::async_client::AcmeClient;
> +use proxmox_acme_api::AcmeAccountName;
>  use proxmox_http::ProxyConfig;
>  use proxmox_schema::{api, ApiStringFormat, ApiType, Updater};
>  
>  use pbs_buildcfg::configdir;
>  use pbs_config::{open_backup_lockfile, BackupLockGuard};
>  
> -use crate::acme::AcmeClient;
> -use crate::api2::types::{
> -    AcmeAccountName, AcmeDomain, ACME_DOMAIN_PROPERTY_SCHEMA, HTTP_PROXY_SCHEMA,
> -};
> +use crate::api2::types::{AcmeDomain, ACME_DOMAIN_PROPERTY_SCHEMA, HTTP_PROXY_SCHEMA};
>  
>  const CONF_FILE: &str = configdir!("/node.cfg");
>  const LOCK_FILE: &str = configdir!("/.node.lck");
> @@ -247,7 +246,7 @@ impl NodeConfig {
>          } else {
>              AcmeAccountName::from_string("default".to_string())? // should really not happen
>          };
> -        AcmeClient::load(&account).await
> +        proxmox_acme_api::load_client_with_account(&account).await
>      }
>  
>      pub fn acme_domains(&'_ self) -> AcmeDomainIter<'_> {
> -- 
> 2.47.3
> 
> 
> 
> _______________________________________________
> pbs-devel mailing list
> pbs-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
> 
> 
> 


_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel