From: Maximiliano Sandoval <m.sandoval@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH backup v2 6/7] pbs-client: allow reading fingerprint from system credential
Date: Thu, 27 Mar 2025 11:47:29 +0100 [thread overview]
Message-ID: <20250327104730.199623-6-m.sandoval@proxmox.com> (raw)
In-Reply-To: <20250327104730.199623-1-m.sandoval@proxmox.com>
Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
---
pbs-client/src/tools/mod.rs | 24 ++++++++++++++++++++++--
1 file changed, 22 insertions(+), 2 deletions(-)
diff --git a/pbs-client/src/tools/mod.rs b/pbs-client/src/tools/mod.rs
index fd08dc68..f4b655e8 100644
--- a/pbs-client/src/tools/mod.rs
+++ b/pbs-client/src/tools/mod.rs
@@ -41,6 +41,8 @@ const CRED_PBS_ENCRYPTION_PASSWORD: &str = "proxmox-backup-client.encryption-pas
const CRED_PBS_PASSWORD: &str = "proxmox-backup-client.password";
/// Credential name of the the repository.
const CRED_PBS_REPOSITORY: &str = "proxmox-backup-client.repository";
+/// Credential name of the the fingerprint.
+const CRED_PBS_FINGERPRINT: &str = "proxmox-backup-client.fingerprint";
pub const REPO_URL_SCHEMA: Schema = StringSchema::new("Repository URL.")
.format(&BACKUP_REPO_URL)
@@ -213,6 +215,24 @@ pub fn get_default_repository() -> Option<String> {
.unwrap_or_default()
}
+/// Gets the repository fingerprint.
+///
+/// Looks for the fingerprint in the `PBS_FINGERPRINT` environment variable, if
+/// there isn't one it reads the `proxmox-backup-client.fingerprint`
+/// [credential].
+///
+/// Returns `None` if neither the environment variable or the credential are
+/// present.
+///
+/// [credential]: https://systemd.io/CREDENTIALS/
+pub fn get_fingerprint() -> Option<String> {
+ get_secret_impl(ENV_VAR_PBS_FINGERPRINT, CRED_PBS_FINGERPRINT)
+ .inspect_err(|err| {
+ proxmox_log::error!("could not read fingerprint: {err:#}");
+ })
+ .unwrap_or_default()
+}
+
pub fn remove_repository_from_value(param: &mut Value) -> Result<BackupRepository, Error> {
if let Some(url) = param
.as_object_mut()
@@ -270,7 +290,7 @@ fn connect_do(
auth_id: &Authid,
rate_limit: RateLimitConfig,
) -> Result<HttpClient, Error> {
- let fingerprint = std::env::var(ENV_VAR_PBS_FINGERPRINT).ok();
+ let fingerprint = get_fingerprint();
let password = get_password()?;
let options = HttpClientOptions::new_interactive(password, fingerprint).rate_limit(rate_limit);
@@ -280,7 +300,7 @@ fn connect_do(
/// like get, but simply ignore errors and return Null instead
pub async fn try_get(repo: &BackupRepository, url: &str) -> Value {
- let fingerprint = std::env::var(ENV_VAR_PBS_FINGERPRINT).ok();
+ let fingerprint = get_fingerprint();
let password = get_password().unwrap_or(None);
// ticket cache, but no questions asked
--
2.39.5
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
next prev parent reply other threads:[~2025-03-27 10:48 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-27 10:47 [pbs-devel] [PATCH backup v2 1/7] pbs-client: use a const for the PBS_REPOSITORY env variable Maximiliano Sandoval
2025-03-27 10:47 ` [pbs-devel] [PATCH backup v2 2/7] pbs-client: add helper for getting UTF-8 secrets Maximiliano Sandoval
2025-03-27 11:57 ` Christian Ebner
2025-03-27 12:16 ` Maximiliano Sandoval
2025-03-27 12:41 ` Christian Ebner
2025-03-27 10:47 ` [pbs-devel] [PATCH backup v2 3/7] pbs-client: use helper for getting UTF-8 password Maximiliano Sandoval
2025-03-27 10:47 ` [pbs-devel] [PATCH backup v2 4/7] pbs-client: make get_encryption_password return a String Maximiliano Sandoval
2025-03-27 10:47 ` [pbs-devel] [PATCH backup v2 5/7] pbs-client: allow reading default repository from system credential Maximiliano Sandoval
2025-03-27 10:47 ` Maximiliano Sandoval [this message]
2025-03-27 10:47 ` [pbs-devel] [PATCH backup v2 7/7] docs: client: add section about system credentials Maximiliano Sandoval
2025-04-02 9:57 ` Christian Ebner
2025-04-02 10:05 ` [pbs-devel] [PATCH backup v2 1/7] pbs-client: use a const for the PBS_REPOSITORY env variable Christian Ebner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250327104730.199623-6-m.sandoval@proxmox.com \
--to=m.sandoval@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.