From: Fiona Ebner <f.ebner@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
Dominik Csapak <d.csapak@proxmox.com>
Subject: Re: [pve-devel] [PATCH storage v5 1/1] import: allow upload of guest images files into import storage
Date: Fri, 4 Apr 2025 16:11:53 +0200 [thread overview]
Message-ID: <05101c04-ba1c-4baa-9e2f-49b2a5522837@proxmox.com> (raw)
In-Reply-To: <20250401082318.1312661-2-d.csapak@proxmox.com>
Am 01.04.25 um 10:23 schrieb Dominik Csapak:
> so users can upload qcow2/raw/vmdk files directly in the ui
>
Pre-existing, but we put all uploads to /var/tmp/pveupload-XYZ first,
right? This already makes some users unhappy with ISOs IIRC and for
images we can expect it to get worse as those are usually even larger.
Should we at least show a warning/hint about this in the UI?
> Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
> ---
> no changes in v5
>
> src/PVE/API2/Storage/Status.pm | 17 ++++++++++++++++-
> src/PVE/Storage.pm | 3 ++-
> 2 files changed, 18 insertions(+), 2 deletions(-)
>
> diff --git a/src/PVE/API2/Storage/Status.pm b/src/PVE/API2/Storage/Status.pm
> index c854b53..b23d283 100644
> --- a/src/PVE/API2/Storage/Status.pm
> +++ b/src/PVE/API2/Storage/Status.pm
The API method descriptions don't mention support for
uploading/downloading images yet.
> @@ -456,6 +456,7 @@ __PACKAGE__->register_method ({
>
> my $path;
> my $isOva = 0;
> + my $imageFormat;
Style nit: This is not how we usually name multi-word Perl variables
(also pre-existing for isOva).
>
> if ($content eq 'iso') {
> if ($filename !~ m![^/]+$PVE::Storage::ISO_EXT_RE_0$!) {
> @@ -472,7 +473,12 @@ __PACKAGE__->register_method ({
> raise_param_exc({ filename => "invalid filename or wrong extension" });
> }
Nit: if you already extract the extension from matching above here, you
don't need to match again below.
>
> - $isOva = 1;
> + if ($filename =~ m/\.ova$/) {
> + $isOva = 1;
> + } elsif ($filename =~ m/${PVE::Storage::UPLOAD_IMPORT_IMAGE_EXT_RE_1}$/) {
> + $imageFormat = $1;
> + }
> +
> $path = PVE::Storage::get_import_dir($cfg, $storage);
> } else {
> raise_param_exc({ content => "upload content type '$content' not allowed" });
> @@ -543,6 +549,9 @@ __PACKAGE__->register_method ({
>
> if ($isOva) {
> assert_ova_contents($tmpfilename);
> + } elsif (defined($imageFormat)) {
> + # checks untrusted image
> + PVE::Storage::file_size_info($tmpfilename, 10, $imageFormat, 1);
> }
> };
> if (my $err = $@) {
> @@ -667,6 +676,7 @@ __PACKAGE__->register_method({
>
> my $path;
> my $isOva = 0;
> + my $imageFormat;
>
> if ($content eq 'iso') {
> if ($filename !~ m![^/]+$PVE::Storage::ISO_EXT_RE_0$!) {
> @@ -685,6 +695,8 @@ __PACKAGE__->register_method({
>
Similar here regarding extension matching, then you don't even need to
define a second regex.
> if ($filename =~ m/\.ova$/) {
> $isOva = 1;
> + } elsif ($filename =~ m/${PVE::Storage::UPLOAD_IMPORT_IMAGE_EXT_RE_1}$/) {
> + $imageFormat = $1;
> }
>
> $path = PVE::Storage::get_import_dir($cfg, $storage);
> @@ -717,6 +729,9 @@ __PACKAGE__->register_method({
>
> if ($isOva) {
> assert_ova_contents($tmp_path);
> + } elsif (defined($imageFormat)) {
> + # checks untrusted image
> + PVE::Storage::file_size_info($tmp_path, 10, $imageFormat, 1);
> }
> };
>
> diff --git a/src/PVE/Storage.pm b/src/PVE/Storage.pm
> index c5d4ff8..09d9883 100755
> --- a/src/PVE/Storage.pm
> +++ b/src/PVE/Storage.pm
> @@ -116,7 +116,8 @@ our $BACKUP_EXT_RE_2 = qr/\.(tgz|(?:tar|vma)(?:\.(${\PVE::Storage::Plugin::COMPR
>
> our $IMPORT_EXT_RE_1 = qr/\.(ova|ovf|qcow2|raw|vmdk)/;
>
> -our $UPLOAD_IMPORT_EXT_RE_1 = qr/\.(ova)/;
> +our $UPLOAD_IMPORT_EXT_RE_1 = qr/\.(ova|qcow2|raw|vmdk)/;
> +our $UPLOAD_IMPORT_IMAGE_EXT_RE_1 = qr/\.(qcow2|raw|vmdk)/;
>
> our $SAFE_CHAR_CLASS_RE = qr/[a-zA-Z0-9\-\.\+\=\_]/;
> our $SAFE_CHAR_WITH_WHITESPACE_CLASS_RE = qr/[ a-zA-Z0-9\-\.\+\=\_]/;
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next prev parent reply other threads:[~2025-04-04 14:12 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-01 8:23 [pve-devel] [PATCH storage/manager v5] allow down/upload & import of images in the web UI Dominik Csapak
2025-04-01 8:23 ` [pve-devel] [PATCH storage v5 1/1] import: allow upload of guest images files into import storage Dominik Csapak
2025-04-04 14:11 ` Fiona Ebner [this message]
2025-04-07 9:44 ` Thomas Lamprecht
2025-04-01 8:23 ` [pve-devel] [PATCH manager v5 1/3] ui: storage content: allow upload of guest images for import type Dominik Csapak
2025-04-01 8:23 ` [pve-devel] [PATCH manager v5 2/3] ui: form: file selector: allow optional filter Dominik Csapak
2025-04-01 8:23 ` [pve-devel] [PATCH manager v5 3/3] ui: qemu hd edit: allow importing a disk from the import storage Dominik Csapak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=05101c04-ba1c-4baa-9e2f-49b2a5522837@proxmox.com \
--to=f.ebner@proxmox.com \
--cc=d.csapak@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal