From: Christian Ebner <c.ebner@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [PATCH proxmox-backup v3 03/15] pbs-config: use proxmox-product-config::replace_secret_config()
Date: Wed, 1 Jul 2026 16:04:00 +0200 [thread overview]
Message-ID: <20260701140412.200920-4-c.ebner@proxmox.com> (raw)
In-Reply-To: <20260701140412.200920-1-c.ebner@proxmox.com>
Instead of using the pbs-config local implementation, use the product
general implementation, dropping the local one instead.
Since proxmox-product-config::replace_secret_config() requires the
api- and priv-user to be initialized, any calling codepath must
guarantee to have run proxmox-product-config::init() once, so do
that for proxmox-tape as well, while proxy, api and manager are
already initializing it.
Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
---
pbs-config/Cargo.toml | 1 +
pbs-config/src/lib.rs | 17 -----------------
pbs-config/src/notifications.rs | 5 ++++-
src/bin/proxmox-tape.rs | 8 ++++++++
src/tape/encryption_keys.rs | 3 ++-
5 files changed, 15 insertions(+), 19 deletions(-)
diff --git a/pbs-config/Cargo.toml b/pbs-config/Cargo.toml
index 04687cb59..d07b4de89 100644
--- a/pbs-config/Cargo.toml
+++ b/pbs-config/Cargo.toml
@@ -23,6 +23,7 @@ proxmox-http.workspace = true
proxmox-lang.workspace = true
proxmox-notify.workspace = true
proxmox-router = { workspace = true, default-features = false }
+proxmox-product-config.workspace = true
proxmox-s3-client.workspace = true
proxmox-schema.workspace = true
proxmox-section-config.workspace = true
diff --git a/pbs-config/src/lib.rs b/pbs-config/src/lib.rs
index a194d70ac..1d32d23e2 100644
--- a/pbs-config/src/lib.rs
+++ b/pbs-config/src/lib.rs
@@ -139,23 +139,6 @@ pub fn replace_backup_config<P: AsRef<std::path::Path>>(path: P, data: &[u8]) ->
Ok(())
}
-/// Atomically write data to file owned by "root:root" with permission "0600"
-///
-/// Only the superuser can read and write those files.
-pub fn replace_secret_config<P: AsRef<std::path::Path>>(path: P, data: &[u8]) -> Result<(), Error> {
- let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600);
- // set the correct owner/group/permissions while saving file
- // owner(rw) = root, group(r)= root
- let options = proxmox_sys::fs::CreateOptions::new()
- .perm(mode)
- .owner(nix::unistd::ROOT)
- .group(nix::unistd::Gid::from_raw(0));
-
- proxmox_sys::fs::replace_file(path, data, options, true)?;
-
- Ok(())
-}
-
/// Detect modified configuration files
///
/// This function fails with a reasonable error message if checksums do not match.
diff --git a/pbs-config/src/notifications.rs b/pbs-config/src/notifications.rs
index 3ee019f23..cbdbcee7a 100644
--- a/pbs-config/src/notifications.rs
+++ b/pbs-config/src/notifications.rs
@@ -35,7 +35,10 @@ pub fn config() -> Result<Config, Error> {
pub fn save_config(config: Config) -> Result<(), Error> {
let (cfg, priv_cfg) = config.write()?;
crate::replace_backup_config(NOTIFICATION_CONFIG_PATH, cfg.as_bytes())?;
- crate::replace_secret_config(NOTIFICATION_PRIV_CONFIG_PATH, priv_cfg.as_bytes())?;
+ proxmox_product_config::replace_secret_config(
+ NOTIFICATION_PRIV_CONFIG_PATH,
+ priv_cfg.as_bytes(),
+ )?;
Ok(())
}
diff --git a/src/bin/proxmox-tape.rs b/src/bin/proxmox-tape.rs
index 1d26b31e8..8e52bc5d0 100644
--- a/src/bin/proxmox-tape.rs
+++ b/src/bin/proxmox-tape.rs
@@ -1116,5 +1116,13 @@ fn main() {
let mut rpcenv = CliEnvironment::new();
rpcenv.set_auth_id(Some(String::from("root@pam")));
+ if let Err(err) = proxmox_lang::try_block!({
+ proxmox_product_config::init(pbs_config::backup_user()?, pbs_config::priv_user()?);
+ Ok::<(), Error>(())
+ }) {
+ eprintln!("Failed on product config init: {err}");
+ std::process::exit(-1);
+ }
+
proxmox_async::runtime::main(run_async_cli_command(cmd_def, rpcenv));
}
diff --git a/src/tape/encryption_keys.rs b/src/tape/encryption_keys.rs
index 42e4931a5..1af7decaa 100644
--- a/src/tape/encryption_keys.rs
+++ b/src/tape/encryption_keys.rs
@@ -18,8 +18,9 @@ use serde::{Deserialize, Serialize};
use proxmox_sys::fs::file_read_optional_string;
use pbs_api_types::Fingerprint;
-use pbs_config::{open_backup_lockfile, replace_backup_config, replace_secret_config};
+use pbs_config::{open_backup_lockfile, replace_backup_config};
use pbs_key_config::KeyConfig;
+use proxmox_product_config::replace_secret_config;
mod hex_key {
use hex::FromHex;
--
2.47.3
next prev parent reply other threads:[~2026-07-01 14:04 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-01 14:03 [PATCH proxmox-backup v3 00/15] fix 7642: avoid expensive uid/gid lookups for lock- and config-files Christian Ebner
2026-07-01 14:03 ` [PATCH proxmox-backup v3 01/15] bin: api: early init proxmox-product-config Christian Ebner
2026-07-01 14:03 ` [PATCH proxmox-backup v3 02/15] bin: daily update: refactor to use proxmox-product-config Christian Ebner
2026-07-01 14:04 ` Christian Ebner [this message]
2026-07-01 14:04 ` [PATCH proxmox-backup v3 04/15] pbs-config: use proxmox-product-config::replace_config() Christian Ebner
2026-07-01 14:04 ` [PATCH proxmox-backup v3 05/15] fix #7642: avoid expensive user lookups on file locking Christian Ebner
2026-07-01 14:04 ` [PATCH proxmox-backup v3 06/15] pbs-config: use proxmox-product-config helpers Christian Ebner
2026-07-01 14:04 ` [PATCH proxmox-backup v3 07/15] pbs-config: drop backup_group helper, use users gid instead Christian Ebner
2026-07-01 14:04 ` [PATCH proxmox-backup v3 08/15] pbs-datastore: use proxmox-product-config cached backup user Christian Ebner
2026-07-01 14:04 ` [PATCH proxmox-backup v3 09/15] pbs-datastore: use general helpers for file lock create options Christian Ebner
2026-07-01 14:04 ` [PATCH proxmox-backup v3 10/15] server: auth helpers: use proxmox-product-config create options helpers Christian Ebner
2026-07-01 14:04 ` [PATCH proxmox-backup v3 11/15] api: subscription: use proxmox-product-config create options Christian Ebner
2026-07-01 14:04 ` [PATCH proxmox-backup v3 12/15] tape: use proxmox-product-config helper for user lookup Christian Ebner
2026-07-01 14:04 ` [PATCH proxmox-backup v3 13/15] tape: use proxmox-product-config lock file create options Christian Ebner
2026-07-01 14:04 ` [PATCH proxmox-backup v3 14/15] tape: use proxmox-product-config to generate " Christian Ebner
2026-07-01 14:04 ` [PATCH proxmox-backup v3 15/15] tree-wide: use proxmox-product-config::get_api_user for user lookup Christian Ebner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260701140412.200920-4-c.ebner@proxmox.com \
--to=c.ebner@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox