From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 6ACCA6B445 for ; Tue, 16 Mar 2021 18:04:43 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 5B697255AA for ; Tue, 16 Mar 2021 18:04:13 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 9CBA22559C for ; Tue, 16 Mar 2021 18:04:11 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 5CA5745923 for ; Tue, 16 Mar 2021 18:04:11 +0100 (CET) Message-ID: <00c9b4ba-f7a8-86e2-1618-118d00ca5102@proxmox.com> Date: Tue, 16 Mar 2021 18:04:10 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:87.0) Gecko/20100101 Thunderbird/87.0 Content-Language: en-US To: Wolfgang Bumiller , pmg-devel@lists.proxmox.com References: <20210316102424.25885-1-w.bumiller@proxmox.com> From: Thomas Lamprecht In-Reply-To: <20210316102424.25885-1-w.bumiller@proxmox.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.047 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pmg-devel] applied-series: [PATCH v3 api/gui/wtk/acme 0/many] Certificates & ACME X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Mar 2021 17:04:43 -0000 On 16.03.21 11:24, Wolfgang Bumiller wrote: > v3 incorporating feedback from v2: > > * removed 'audit' api access for acme plugins > * Added a new patch for pve-common for a CLI arg parsing issue. > (This one should be looked at more closely I think) > * Regenerate the self-signed cert when deleting the current one. > * Add missing $cfg->write() call > * fixed 'challengeschema/challenge-schema' path/name issue > * added a helper for account name/file extraction > (but did keep the error messages for when the file is not there for now as > atm it's a nicer error, can be removed in later patches) > * replace loadSSHKeyFromFile with loadTextFromFile > > --- > v2 cover letter: > > v2 incorporating feedback from v1 > > * api call permission fixups on account methods > * consistent locking function implementations (without `die $@ if $@`) > * removed unnecessary call to `sort` > * cert regex simplification > * reload/config update code dedup & consistency > * removed superfluous `border: 0` > * inlined unnecessary `initComponent` > > and also contains some PVE-compatibility fixes in the acme domain view: > widget toolkit side should now work seamlessly in the PVE UI code as > well > > --- > Original Coverletter: > > These are the pmg-api, pmg-gui and proxmox-widget-toolkit and > proxmox-acme parts of the ACME series for PMG. > > This requires `pmg-rs` package, which replaces the ACME client from > `proxmox-acme` and provides the CSR generation and is written in rust. > Note that the DNS challenge handling still uses proxmox-acme for now. > > proxmox-acme: > * Just a `use` statement fixup > * Still used for the DNS challenge > > pmg-gui: > Just adds the "certificate view", but the real dirt lives in the > widget-toolkit. > > proxmox-widget-toolkits: > Gets the Certificate, ACME Account, ACME Plugin and ACME Domain view > from PVE adapted to be usable for PMG. > Changes to PVE are mainly: > * API URLs need to be provided since they differ a bit between PVE > and PMG. > * some additional buttons/fields specific to pmg generated if the > parameters for them are present > > pmg-api: > Simply gets API entry points for the above. These too are mostly > copied from PVE and adapted (also the ACME client API from pmg-rs is slightly > different/cleaned up, so that's a minor incompatiblity in some > otherwise common code, but a `pve-rs` may fix that). But some things > could definitely already go to pve-common (especially schema stuff). > > Note that while I did add the corresponding files to the cluster sync, > this still needs testing *and* issuing an API certificate may break > cluster functionality currently. (Stoiko is working on that) > applied, very nice work, thanks!