From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id 762981FF16B
	for <inbox@lore.proxmox.com>; Tue, 29 Jul 2025 09:58:15 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 555BF9B19;
	Tue, 29 Jul 2025 09:59:38 +0200 (CEST)
Message-ID: <067c88b2-330a-49a2-96d9-064ed550d0ff@proxmox.com>
Date: Tue, 29 Jul 2025 09:59:35 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
 Thomas Lamprecht <t.lamprecht@proxmox.com>,
 Gabriel Goller <g.goller@proxmox.com>
References: <20250724141730.468243-1-g.goller@proxmox.com>
 <20250724141730.468243-2-g.goller@proxmox.com>
 <a5210183-87fa-4150-becf-a28af14cf92f@proxmox.com>
Content-Language: en-US
From: Stefan Hanreich <s.hanreich@proxmox.com>
In-Reply-To: <a5210183-87fa-4150-becf-a28af14cf92f@proxmox.com>
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.702 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [rfc-editor.org]
Subject: Re: [pve-devel] [PATCH network v2 1/5] sdn: add global lock for
 configuration
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

On 7/29/25 9:28 AM, Thomas Lamprecht wrote:

[snip]

>> +my $LOCK_SECRET_FILE = "/etc/pve/sdn/.lock";
>> +
>>  # improve me : move status code inside plugins ?
>>  
>>  sub ifquery_check {
>> @@ -197,14 +199,57 @@ sub commit_config {
>>      cfs_write_file($running_cfg, $cfg);
>>  }
>>  
>> +sub generate_lock_secret {
> 
> nit: might be better to avoid the "secret" terminology here? As this is not really 
> a secret but rather something like a token, handle or maybe even cookie.
> 
> I.e., this hasn't to stay secret, as it does not provide access on it's own, it's 
> just for ensuring orderly locking by identifying the locker.
> 
> I'm mostly mentioning this as such method and variable names tend to leak into
> docs and other communications, and especially secrets are a bit delicate topic,
> for me that's the biggest reason why it would be better to avoid the term here.
> 
> Could be fixed up though, if you agree with changing this and have an opinion
> on what variant (handle, token, cookie, ...?) would be best.

Makes sense, I'm gravitating towards token then - although handle would
be fine by me as well. Cookie has the same issues with pre-existing
sentiment / connotations imo?

>> +    my $min = ord('!'); # first printable ascii
>> +
>> +    my $rand_bytes = Crypt::OpenSSL::Random::random_bytes(32);
>> +    die "failed to generate lock secret!\n" if !$rand_bytes;
>> +
>> +    my $str = join('', map { chr((ord($_) & 0x3F) + $min) } split('', $rand_bytes));
> 
> hmm, might have overlooked when checking the v1, but would it be a better option 
> to decode the $rand_bytes as base64? That keeps the full entropy and ensures we 
> got an easy to handle character-set.
> 
> Another option might be to use a UUIDv7 [0], as that version includes the
> milliseconds  since the unix expoch in the first 48 bits, that would also give
> some hints  for when the handle was created, that info could be even used for
> expiring a lock handle.
> 
> [0]: https://www.rfc-editor.org/rfc/rfc9562.html#name-uuid-version-7
> 
> As the users of this should not really expect any specific format, we could still
> change that after applying though, so just tell me what you think/prefer.

Gabriel mentioned something similar about the used characters, because
the current character set is also inconvenient for running CLI commands.
UUIDv7 sounds sensible for this use-case and since we already use the
UUID module in our stack we could just opt for that?


[snip]


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel