From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 67CC168B12 for ; Tue, 9 Mar 2021 15:14:42 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 5C925B10A for ; Tue, 9 Mar 2021 15:14:12 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id D6DCAB0AE for ; Tue, 9 Mar 2021 15:14:07 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 99D3446141 for ; Tue, 9 Mar 2021 15:14:07 +0100 (CET) From: Wolfgang Bumiller To: pmg-devel@lists.proxmox.com Date: Tue, 9 Mar 2021 15:13:44 +0100 Message-Id: <20210309141401.19237-1-w.bumiller@proxmox.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.042 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pmg-devel] [RFC api/gui/wtk/acme 0/many] Certificates & ACME X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Mar 2021 14:14:42 -0000 These are the pmg-api, pmg-gui and proxmox-widget-toolkit and proxmox-acme parts of the ACME series for PMG. This requires `pmg-rs` package, which replaces the ACME client from `proxmox-acme` and provides the CSR generation and is written in rust. Note that the DNS challenge handling still uses proxmox-acme for now. proxmox-acme: * Just a `use` statement fixup * Still used for the DNS challenge pmg-gui: Just adds the "certificate view", but the real dirt lives in the widget-toolkit. proxmox-widget-toolkits: Gets the Certificate, ACME Account, ACME Plugin and ACME Domain view from PVE adapted to be usable for PMG. Changes to PVE are mainly: * API URLs need to be provided since they differ a bit between PVE and PMG. * some additional buttons/fields specific to pmg generated if the parameters for them are present pmg-api: Simply gets API entry points for the above. These too are mostly copied from PVE and adapted (also the ACME client API from pmg-rs is slightly different/cleaned up, so that's a minor incompatiblity in some otherwise common code, but a `pve-rs` may fix that). But some things could definitely already go to pve-common (especially schema stuff). Note that while I did add the corresponding files to the cluster sync, this still needs testing *and* issuing an API certificate may break cluster functionality currently. (Stoiko is working on that)