From: Nicolas Frey <n.frey@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [PATCH proxmox-offline-mirror 2/3] use proxmox-pgp crate to replace verifier helper module
Date: Thu, 26 Feb 2026 12:12:38 +0100 [thread overview]
Message-ID: <20260226111239.80602-3-n.frey@proxmox.com> (raw)
In-Reply-To: <20260226111239.80602-1-n.frey@proxmox.com>
Signed-off-by: Nicolas Frey <n.frey@proxmox.com>
---
Cargo.toml | 1 +
src/config.rs | 33 +--------------------------------
src/mirror.rs | 7 +++----
3 files changed, 5 insertions(+), 36 deletions(-)
diff --git a/Cargo.toml b/Cargo.toml
index ff54637..7aa285a 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -29,6 +29,7 @@ proxmox-apt-api-types = "2.0"
proxmox-async = "0.5"
proxmox-base64 = "1"
proxmox-http = { version = "1", features = [ "client-sync", "client-trait" ]}
+proxmox-pgp = "1"
proxmox-router = { version = "3", features = [ "cli" ], default-features = false }
proxmox-schema = { version = "5", features = [ "api-macro" ] }
proxmox-section-config = "3"
diff --git a/src/config.rs b/src/config.rs
index 0ca296e..c8916a0 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -2,6 +2,7 @@ use std::path::Path;
use std::sync::LazyLock;
use anyhow::{Error, bail};
+use proxmox_pgp::WeakCryptoConfig;
use serde::{Deserialize, Serialize};
use proxmox_schema::{ApiStringFormat, ApiType, Updater, api};
@@ -47,38 +48,6 @@ pub struct SkipConfig {
pub skip_packages: Option<Vec<String>>,
}
-#[api(
- properties: {
- "allow-sha1": {
- type: bool,
- default: false,
- optional: true,
- },
- "min-dsa-key-size": {
- type: u64,
- optional: true,
- },
- "min-rsa-key-size": {
- type: u64,
- optional: true,
- },
- },
-)]
-#[derive(Default, Serialize, Deserialize, Updater, Clone, Debug)]
-#[serde(rename_all = "kebab-case")]
-/// Weak Cryptography Configuration
-pub struct WeakCryptoConfig {
- /// Whether to allow SHA-1 based signatures
- #[serde(default)]
- pub allow_sha1: bool,
- /// Whether to lower the key size cutoff for DSA-based signatures
- #[serde(default)]
- pub min_dsa_key_size: Option<u64>,
- /// Whether to lower the key size cutoff for RSA-based signatures
- #[serde(default)]
- pub min_rsa_key_size: Option<u64>,
-}
-
#[api(
properties: {
id: {
diff --git a/src/mirror.rs b/src/mirror.rs
index b94fbdc..4e153df 100644
--- a/src/mirror.rs
+++ b/src/mirror.rs
@@ -9,10 +9,11 @@ use globset::{Glob, GlobSet, GlobSetBuilder};
use nix::libc;
use proxmox_http::{HttpClient, client::sync::Client};
+use proxmox_pgp::WeakCryptoConfig;
use proxmox_schema::{ApiType, Schema};
use proxmox_sys::fs::file_get_contents;
-use crate::config::{MirrorConfig, SkipConfig, SubscriptionKey, WeakCryptoConfig};
+use crate::config::{MirrorConfig, SkipConfig, SubscriptionKey};
use crate::helpers::http;
use crate::pool::Pool;
use crate::types::{Diff, SNAPSHOT_REGEX, Snapshot};
@@ -24,8 +25,6 @@ use proxmox_apt::deb822::{
};
use proxmox_apt_api_types::{APTRepository, APTRepositoryPackageType};
-use crate::helpers;
-
fn mirror_dir(config: &MirrorConfig) -> PathBuf {
PathBuf::from(&config.base_dir).join(&config.id)
}
@@ -207,7 +206,7 @@ fn fetch_release(
println!("Verifying '{name}' signature using provided repository key..");
let content = fetched.data_ref();
let verified =
- helpers::verify_signature(content, &config.key, sig.as_deref(), &config.weak_crypto)?;
+ proxmox_pgp::verify_signature(content, &config.key, sig.as_deref(), &config.weak_crypto)?;
println!("Success");
let sha512 = Some(openssl::sha::sha512(content));
--
2.47.3
next prev parent reply other threads:[~2026-02-26 11:12 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-26 11:12 [PATCH proxmox-offline-mirror 0/3] " Nicolas Frey
2026-02-26 11:12 ` [PATCH proxmox-offline-mirror 1/3] clippy: elide redundant lifetimes Nicolas Frey
2026-02-26 11:12 ` Nicolas Frey [this message]
2026-02-26 11:12 ` [PATCH proxmox-offline-mirror 3/3] verifier: remove module Nicolas Frey
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260226111239.80602-3-n.frey@proxmox.com \
--to=n.frey@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox