[pmg-devel] [PATCH pmg-api v2 0/2] change sample-entries in default Who-Objects and check in pmg7to8

[pmg-devel] [PATCH pmg-api v2 0/2] change sample-entries in default Who-Objects and check in pmg7to8

[Stoiko Ivanov]

v1->v2:
* incorporate Dominik's feedback - by adding "Consider removing it" to the
  warning output of pmg7to8.

original cover-letter for v1:
The issue was originally reported in our community-forum:
https://forum.proxmox.com/threads/.158455/

Stoiko Ivanov (2):
  fix #5972: ruledb: default ruleset: use .example as TLD
  pmg7to8: add check for deprecated default entries in ruledb

 src/PMG/CLI/pmg7to8.pm | 21 +++++++++++++++++++++
 src/PMG/DBTools.pm     |  4 ++--
 src/tests/testdb.txt   |  4 ++--
 3 files changed, 25 insertions(+), 4 deletions(-)

-- 
2.39.5



_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel

[pmg-devel] [PATCH pmg-api v2 1/2] fix #5972: ruledb: default ruleset: use .example as TLD

[Stoiko Ivanov]

following RFC 2606
https://www.rfc-editor.org/rfc/rfc2606.html

reported in our community forum:
https://forum.proxmox.com/threads/.158455/

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
 src/PMG/DBTools.pm   | 4 ++--
 src/tests/testdb.txt | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/PMG/DBTools.pm b/src/PMG/DBTools.pm
index 8770d06..1acc0cb 100644
--- a/src/PMG/DBTools.pm
+++ b/src/PMG/DBTools.pm
@@ -644,12 +644,12 @@ sub init_ruledb {
     # WHO Objects
 
      # Blacklist
-    my $obj =  PMG::RuleDB::EMail->new ('nomail@fromthisdomain.com');
+    my $obj =  PMG::RuleDB::EMail->new ('nomail@fromthisdomain.example');
     my $blacklist = $ruledb->create_group_with_obj(
 	$obj, 'Blacklist', 'Global blacklist');
 
     # Whitelist
-    $obj = PMG::RuleDB::EMail->new('mail@fromthisdomain.com');
+    $obj = PMG::RuleDB::EMail->new('mail@fromthisdomain.example');
     my $whitelist = $ruledb->create_group_with_obj($obj, 'Whitelist', 'Global whitelist');
 
     # WHEN Objects
diff --git a/src/tests/testdb.txt b/src/tests/testdb.txt
index 794aa15..2c4f062 100644
--- a/src/tests/testdb.txt
+++ b/src/tests/testdb.txt
@@ -1,6 +1,6 @@
 Found RULE 4: Blacklist
   FOUND FROM GROUP 1: Blacklist
-    OBJECT 1: nomail@fromthisdomain.com
+    OBJECT 1: nomail@fromthisdomain.example
   FOUND ACTION GROUP 17: Block
     OBJECT 30: block message
 Found RULE 2: Block Viruses
@@ -49,7 +49,7 @@ Found RULE 11: Block Multimedia Files
     OBJECT 27: remove matching attachments
 Found RULE 5: Whitelist
   FOUND FROM GROUP 2: Whitelist
-    OBJECT 2: mail@fromthisdomain.com
+    OBJECT 2: mail@fromthisdomain.example
   FOUND ACTION GROUP 16: Accept
     OBJECT 29: accept message
 Found RULE 8: Block Spam (Level 10)
-- 
2.39.5



_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel

[pmg-devel] [PATCH pmg-api v2 2/2] pmg7to8: add check for deprecated default entries in ruledb

[Stoiko Ivanov]

with a new section for future checks of the rule database.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
 src/PMG/CLI/pmg7to8.pm | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/src/PMG/CLI/pmg7to8.pm b/src/PMG/CLI/pmg7to8.pm
index d0a6cbe..a23a0ba 100644
--- a/src/PMG/CLI/pmg7to8.pm
+++ b/src/PMG/CLI/pmg7to8.pm
@@ -13,6 +13,7 @@ use PMG::API2::APT;
 use PMG::API2::Certificates;
 use PMG::API2::Cluster;
 use PMG::RESTEnvironment;
+use PMG::RuleDB;
 use PMG::Utils;
 
 use Term::ANSIColor;
@@ -526,6 +527,25 @@ sub check_dkms_modules {
     }
 }
 
+sub check_ruledb {
+    log_info("Check the rulesystem...");
+
+    my $rdb = PMG::RuleDB->new();
+    my $ogroups = $rdb->load_objectgroups("who");
+    for my $who ($ogroups->@*) {
+	my $group_name = $who->{name};
+	next if ($group_name ne 'Blacklist' && $group_name ne 'Whitelist');
+	my $objects = $rdb->load_group_objects($who->{id});
+	for my $obj ($objects->@*) {
+	    if ($obj->{address} =~ m/(?:no)?mail\@fromthisdomain.com/) {
+		log_warn("deprecated default entry in '$group_name' present: $obj->{address}\n"
+		    ."      Consider removing it");
+	    }
+	}
+    }
+    return;
+}
+
 sub check_misc {
     print_header("MISCELLANEOUS CHECKS");
     my $ssh_config = eval { PVE::Tools::file_get_contents('/root/.ssh/config') };
@@ -637,6 +657,7 @@ __PACKAGE__->register_method ({
     code => sub {
 	my ($param) = @_;
 
+	check_ruledb();
 	check_pmg_packages();
 	check_cluster_status();
 	my $upgraded_db = check_running_postgres();
-- 
2.39.5



_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel

Re: [pmg-devel] [PATCH pmg-api v2 0/2] change sample-entries in default Who-Objects and check in pmg7to8

[Dominik Csapak]

works as intended, but i just have a question:

do we usually update the pmg/pve XtoY script that long beforehand?
because this will now trigger if people now do a 7to8 upgrade
and call it after the upgrade step then

(i believe this is intended for the 8to9 script ?)

if that's a non-issue, consider this

Reviewed-by: Dominik Csapak <d.csapak@proxmox.com>
Tested-by: Dominik Csapak <d.csapak@proxmox.com>


_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel

Re: [pmg-devel] [PATCH pmg-api v2 0/2] change sample-entries in default Who-Objects and check in pmg7to8

[Stoiko Ivanov]

On Fri, 21 Feb 2025 09:46:00 +0100
Dominik Csapak <d.csapak@proxmox.com> wrote:

> works as intended, but i just have a question:
> 
> do we usually update the pmg/pve XtoY script that long beforehand?
> because this will now trigger if people now do a 7to8 upgrade
> and call it after the upgrade step then
In this case I'd say it's ok - the issue here is the "wrong" example
addresses - so if someone migrating from 7 or even without runs this and
is notified they can take action in any case. by adding it now we make
sure it will remain in place when we base pmg8to9 on pmg7to8.


> 
> (i believe this is intended for the 8to9 script ?)
> 
> if that's a non-issue, consider this
> 
> Reviewed-by: Dominik Csapak <d.csapak@proxmox.com>
> Tested-by: Dominik Csapak <d.csapak@proxmox.com>
> 



_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel

[pmg-devel] applied-series: [PATCH pmg-api v2 0/2] change sample-entries in default Who-Objects and check in pmg7to8

[Thomas Lamprecht]

Am 17.02.25 um 18:16 schrieb Stoiko Ivanov:
> v1->v2:
> * incorporate Dominik's feedback - by adding "Consider removing it" to the
>   warning output of pmg7to8.
> 
> original cover-letter for v1:
> The issue was originally reported in our community-forum:
> https://forum.proxmox.com/threads/.158455/
> 
> Stoiko Ivanov (2):
>   fix #5972: ruledb: default ruleset: use .example as TLD
>   pmg7to8: add check for deprecated default entries in ruledb
> 
>  src/PMG/CLI/pmg7to8.pm | 21 +++++++++++++++++++++
>  src/PMG/DBTools.pm     |  4 ++--
>  src/tests/testdb.txt   |  4 ++--
>  3 files changed, 25 insertions(+), 4 deletions(-)
> 


applied both patches with Dominik's R-b and T-b, thanks!
I amended slightly more context into the commit messages, or better
said, tried to spell out existing one a bit more explicitly.


_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel