[pve-devel] [PATCH docs] package-repos: update key file path and hashes

[pve-devel] [PATCH docs] package-repos: update key file path and hashes

[Shannon Sterz]

so they better match the repository defintions above

Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
---
 pve-package-repos.adoc | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/pve-package-repos.adoc b/pve-package-repos.adoc
index 063bc6f..4af8a51 100644
--- a/pve-package-repos.adoc
+++ b/pve-package-repos.adoc
@@ -269,24 +269,26 @@ the key with the following commands:
 
 ----
  # wget https://enterprise.proxmox.com/debian/proxmox-release-trixie.gpg -O
- /etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg
+ /usr/share/keyrings/proxmox-archive-keyring.gpg
 ----
 
 Verify the checksum afterwards with the `sha512sum` CLI tool:
 
 ----
-# sha512sum /etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg
-7da6fe34168adc6e479327ba517796d4702fa2f8b4f0a9833f5ea6e6b48f6507a6da403a274fe201595edc86a84463d50383d07f64bdde2e3658108db7d6dc87
-/etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg
+# sha512sum /usr/share/keyrings/proxmox-archive-keyring.gpg
+ 8678f2327c49276615288d7ca11e7d296bc8a2b96946fe565a9c81e533f9b15a5dbbad210a0ad5cd46d361ff1d3c4bac55844bc296beefa4f88b86e44e69fa51
+/usr/share/keyrings/proxmox-archive-keyring.gpg
 ----
 
 or the `md5sum` CLI tool:
 
 ----
-# md5sum /etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg
-41558dc019ef90bd0f6067644a51cf5b /etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg
+# md5sum /usr/share/keyrings/proxmox-archive-keyring.gpg
+c94e3775fbafec13fec20f981db61e93 /usr/share/keyrings/proxmox-archive-keyring.gpg
 ----
 
+NOTE: Make sure the path you install the key to matches the `Signed-By:` lines
+in your repository stanzas.
 
 ifdef::wiki[]
 
-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] [PATCH docs] package-repos: update key file path and hashes

[Thomas Lamprecht]

Am 17.07.25 um 10:00 schrieb Shannon Sterz:
> so they better match the repository defintions above

tiny typo: definitions

> Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
> ---
>  pve-package-repos.adoc | 14 ++++++++------
>  1 file changed, 8 insertions(+), 6 deletions(-)
> 
> diff --git a/pve-package-repos.adoc b/pve-package-repos.adoc
> index 063bc6f..4af8a51 100644
> --- a/pve-package-repos.adoc
> +++ b/pve-package-repos.adoc
> @@ -269,24 +269,26 @@ the key with the following commands:
>  
>  ----
>   # wget https://enterprise.proxmox.com/debian/proxmox-release-trixie.gpg -O
> - /etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg
> + /usr/share/keyrings/proxmox-archive-keyring.gpg
>  ----
>  
>  Verify the checksum afterwards with the `sha512sum` CLI tool:
>  
>  ----
> -# sha512sum /etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg
> -7da6fe34168adc6e479327ba517796d4702fa2f8b4f0a9833f5ea6e6b48f6507a6da403a274fe201595edc86a84463d50383d07f64bdde2e3658108db7d6dc87
> -/etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg
> +# sha512sum /usr/share/keyrings/proxmox-archive-keyring.gpg
> + 8678f2327c49276615288d7ca11e7d296bc8a2b96946fe565a9c81e533f9b15a5dbbad210a0ad5cd46d361ff1d3c4bac55844bc296beefa4f88b86e44e69fa51
> +/usr/share/keyrings/proxmox-archive-keyring.gpg

But that will change with the next key ring change, e.g. once a new key for a
future release gets added or an oldoldstable release key is dropped.

Switching to /user still makes sense, in the long run /etc might even
get fully deprecated.  

We either could stay using the per-release key files, which are also available
in /usr, or, for a slightly bigger change, switch to the `sq keyring list`
output–or some other fitting command of it.

As some sq tools are now used by core debian packaging tools like apt, it'
be relatively safe to use here IMO.

For example:

# sq keyring list /usr/share/keyrings/proxmox-archive-keyring.gpg 
0. F4E136C67CDCE41AE6DE6FC81140AF8F639E0C39 Proxmox Bookworm Release Key <proxmox-release@proxmox.com>
1. 24B30F06ECC1836A4E5EFECBA7BCD1420BFE778E Proxmox Trixie Release Key <proxmox-release@proxmox.com>


Could be combined with the per-release hash sums, and if we change this I'd
be a tiny bit in favor of switching sha512sum to sha256sum, as I don't think
we or users gain much security, longer strings aren't easier to compare and
sha256sum is still very much state of the art and deemed as unfeasible to break,
IIRC.

>  ----
>  
>  or the `md5sum` CLI tool:
>  
>  ----
> -# md5sum /etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg
> -41558dc019ef90bd0f6067644a51cf5b /etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg
> +# md5sum /usr/share/keyrings/proxmox-archive-keyring.gpg
> +c94e3775fbafec13fec20f981db61e93 /usr/share/keyrings/proxmox-archive-keyring.gpg
>  ----
>  
> +NOTE: Make sure the path you install the key to matches the `Signed-By:` lines
> +in your repository stanzas.
>  
>  ifdef::wiki[]
>  



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] [PATCH docs] package-repos: update key file path and hashes

[Thomas Lamprecht]

(Cc'ing the pve-devel list again)

Am 17.07.25 um 11:16 schrieb Shannon Sterz:
> On Thu Jul 17, 2025 at 10:47 AM CEST, Thomas Lamprecht wrote:
>> Am 17.07.25 um 10:00 schrieb Shannon Sterz:
>>> so they better match the repository defintions above
>>
>> tiny typo: definitions
> 
> thanks
> 
> -->8 snip 8<--
> 
>>>  ----
>>> -# sha512sum /etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg
>>> -7da6fe34168adc6e479327ba517796d4702fa2f8b4f0a9833f5ea6e6b48f6507a6da403a274fe201595edc86a84463d50383d07f64bdde2e3658108db7d6dc87
>>> -/etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg
>>> +# sha512sum /usr/share/keyrings/proxmox-archive-keyring.gpg
>>> + 8678f2327c49276615288d7ca11e7d296bc8a2b96946fe565a9c81e533f9b15a5dbbad210a0ad5cd46d361ff1d3c4bac55844bc296beefa4f88b86e44e69fa51
>>> +/usr/share/keyrings/proxmox-archive-keyring.gpg
>>
>> But that will change with the next key ring change, e.g. once a new key for a
>> future release gets added or an oldoldstable release key is dropped.
> 
> yes once the `proxmox-archive-keyring` package is install, that file
> will get overwriten. but since the `wget` install above always fetches
> just the trixie key, the hashes here should be stable.
> 
> i'll admit thought that putting just the trixie key in place of the
> archive key feels wrong, if only for the initial install. however, the
> archive key isn't available through enterprise.proxmox.com it seems [1].

Yeah, you got me there, I thought about that but was not really sure
what the upgrade process should look like if it's just presented as
proxmox-archive-keyring.gpg there.

That said, we could either include the release distribution in the name
or just document that the available keyring is only guaranteed to cover
a single past release and the next one. The former would be probably a bit
more future-proof – what do you think?

> 
> [1]: https://enterprise.proxmox.com/debian/
> 
>>
>> Switching to /user still makes sense, in the long run /etc might even
>> get fully deprecated.
>>
>> We either could stay using the per-release key files, which are also available
>> in /usr, or, for a slightly bigger change, switch to the `sq keyring list`
>> output–or some other fitting command of it.
>>
>> As some sq tools are now used by core debian packaging tools like apt, it'
>> be relatively safe to use here IMO.
>>
>> For example:
>>
>> # sq keyring list /usr/share/keyrings/proxmox-archive-keyring.gpg
>> 0. F4E136C67CDCE41AE6DE6FC81140AF8F639E0C39 Proxmox Bookworm Release Key <proxmox-release@proxmox.com>
>> 1. 24B30F06ECC1836A4E5EFECBA7BCD1420BFE778E Proxmox Trixie Release Key <proxmox-release@proxmox.com>
> 
> hm that does not seem to work for me on a clean pve 9 install, but we

Ah, apt depends on sqv for signature verification, which is a different
package. That said, a plain Debian netinst would probably be the better
test here, as a PVE installation hasn't the exact same dependencies
involved as Debian does and the plain Debian install is where this is
needed in the first place.

> could do the following with plain gpg:
> 
> # gpg --list-packets < /usr/share/keyrings/proxmox-archive-keyring.gpg
> 
> the output is rather long, so maybe we want to add a grep after?
> something like this
> 
> # gpg --list-packets < /usr/share/keyrings/proxmox-archive-keyring.gpg |
>  grep -A 5 "Proxmox Trixie Release Key"
>  :user ID packet: "Proxmox Trixie Release Key <proxmox-release@proxmox.com>"
>  # off=2960 ctb=c2 tag=2 hlen=3 plen=596 new-ctb
>  :signature packet: algo 1, keyid A7BCD1420BFE778E
>         version 4, created 1731244488, md5len 0, sigclass 0x13
>         digest algo 10, begin of digest 10 59
>         hashed subpkt 33 len 21 (issuer fpr v4 24B30F06ECC1836A4E5EFECBA7BCD1420BFE778E)
> 
> would that be acceptable?

Could be, but not really that nice IMO...

> 
>> Could be combined with the per-release hash sums, and if we change this I'd
>> be a tiny bit in favor of switching sha512sum to sha256sum, as I don't think
>> we or users gain much security, longer strings aren't easier to compare and
>> sha256sum is still very much state of the art and deemed as unfeasible to break,
>> IIRC.
> 
> yes, sha512sum is a bit much, i just wanted to stay consistent with what
> was already here. sha512sum would only provide better security against
> length extension attacks in practice. however, that attack should not
> really be a problem here, as extending the keyring will still change the
> hash. it simply isn't the kind of cryptographic construction where this
> matter.

True, but I also think that it's not relevant, should be noticeable if the
keyring download pulls in a few GiB of data ^^ Besides, that was actually
one of the reasons to keep md5sum in here, as it works so differently than
sha2, so it should be much harder to attack both at the same time than the
(currently) already basically impossible case for attacking just sha2.

> let me know what you prefer and i'll prepare a patch asap

Thanks!

Btw. in the mid-term we might look into adding our keyring package to Debian's
repos directly, and that would then make it much more convenient to install
on top of Debian, but that is Debian 14 Forky material.


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] [PATCH docs] package-repos: update key file path and hashes

[Shannon Sterz]

On Thu Jul 17, 2025 at 11:38 AM CEST, Thomas Lamprecht wrote:
> (Cc'ing the pve-devel list again)

sorry about that

>>>>  ----
>>>> -# sha512sum /etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg
>>>> -7da6fe34168adc6e479327ba517796d4702fa2f8b4f0a9833f5ea6e6b48f6507a6da403a274fe201595edc86a84463d50383d07f64bdde2e3658108db7d6dc87
>>>> -/etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg
>>>> +# sha512sum /usr/share/keyrings/proxmox-archive-keyring.gpg
>>>> + 8678f2327c49276615288d7ca11e7d296bc8a2b96946fe565a9c81e533f9b15a5dbbad210a0ad5cd46d361ff1d3c4bac55844bc296beefa4f88b86e44e69fa51
>>>> +/usr/share/keyrings/proxmox-archive-keyring.gpg
>>>
>>> But that will change with the next key ring change, e.g. once a new key for a
>>> future release gets added or an oldoldstable release key is dropped.
>>
>> yes once the `proxmox-archive-keyring` package is install, that file
>> will get overwriten. but since the `wget` install above always fetches
>> just the trixie key, the hashes here should be stable.
>>
>> i'll admit thought that putting just the trixie key in place of the
>> archive key feels wrong, if only for the initial install. however, the
>> archive key isn't available through enterprise.proxmox.com it seems [1].
>
> Yeah, you got me there, I thought about that but was not really sure
> what the upgrade process should look like if it's just presented as
> proxmox-archive-keyring.gpg there.
>
> That said, we could either include the release distribution in the name
> or just document that the available keyring is only guaranteed to cover
> a single past release and the next one. The former would be probably a bit
> more future-proof – what do you think?
>

to be honest, it might be cleanest to tell people to install the keyring
as above with the key matching the release. then verify that it matches
known good hashes. after everything checks out, telling them
that installing the `proxmox-archive-keyring` packages overwrites the
key. so this would work out to basically adding a note like this:

NOTE: The `wget` command above adds the release key for a single {pve}
release as the archive keyring. Once the `proxmox-archive-keyring`
package is installed, it will manage this file. The hashes will change
as keys for other {pve} releases will be added and removed. This means
the hashes below are only valid for the initial install on top of an
existing Debian system.
.
**Modifying this file is discouraged once `proxmox-archive-keyring` is
installed.**

this way the Signed-By lines are correct and don't need to be adjusted
by users and they should not be confused if the hashes change after
installing `proxmox-archive-keyring`.

>>
>> [1]: https://enterprise.proxmox.com/debian/
>>
>>>
>>> Switching to /user still makes sense, in the long run /etc might even
>>> get fully deprecated.
>>>
>>> We either could stay using the per-release key files, which are also available
>>> in /usr, or, for a slightly bigger change, switch to the `sq keyring list`
>>> output–or some other fitting command of it.
>>>
>>> As some sq tools are now used by core debian packaging tools like apt, it'
>>> be relatively safe to use here IMO.
>>>
>>> For example:
>>>
>>> # sq keyring list /usr/share/keyrings/proxmox-archive-keyring.gpg
>>> 0. F4E136C67CDCE41AE6DE6FC81140AF8F639E0C39 Proxmox Bookworm Release Key <proxmox-release@proxmox.com>
>>> 1. 24B30F06ECC1836A4E5EFECBA7BCD1420BFE778E Proxmox Trixie Release Key <proxmox-release@proxmox.com>
>>
>> hm that does not seem to work for me on a clean pve 9 install, but we
>
> Ah, apt depends on sqv for signature verification, which is a different
> package. That said, a plain Debian netinst would probably be the better
> test here, as a PVE installation hasn't the exact same dependencies
> involved as Debian does and the plain Debian install is where this is
> needed in the first place.

isn't part of clean debian container here either. that being said, i'm
not particularly fond of the below solution either. hence why simply
sticking to hashes might be nicer.

will send a patch with my proposed changes in a minute.

>> could do the following with plain gpg:
>>
>> # gpg --list-packets < /usr/share/keyrings/proxmox-archive-keyring.gpg
>>
>> the output is rather long, so maybe we want to add a grep after?
>> something like this
>>
>> # gpg --list-packets < /usr/share/keyrings/proxmox-archive-keyring.gpg |
>>  grep -A 5 "Proxmox Trixie Release Key"
>>  :user ID packet: "Proxmox Trixie Release Key <proxmox-release@proxmox.com>"
>>  # off=2960 ctb=c2 tag=2 hlen=3 plen=596 new-ctb
>>  :signature packet: algo 1, keyid A7BCD1420BFE778E
>>         version 4, created 1731244488, md5len 0, sigclass 0x13
>>         digest algo 10, begin of digest 10 59
>>         hashed subpkt 33 len 21 (issuer fpr v4 24B30F06ECC1836A4E5EFECBA7BCD1420BFE778E)
>>
>> would that be acceptable?
>
> Could be, but not really that nice IMO...
>



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] [PATCH docs] package-repos: update key file path and hashes

[Thomas Lamprecht]

Am 17.07.25 um 12:33 schrieb Shannon Sterz:
>>> i'll admit thought that putting just the trixie key in place of the
>>> archive key feels wrong, if only for the initial install. however, the
>>> archive key isn't available through enterprise.proxmox.com it seems [1].
>> Yeah, you got me there, I thought about that but was not really sure
>> what the upgrade process should look like if it's just presented as
>> proxmox-archive-keyring.gpg there.
>>
>> That said, we could either include the release distribution in the name
>> or just document that the available keyring is only guaranteed to cover
>> a single past release and the next one. The former would be probably a bit
>> more future-proof – what do you think?
>>
> to be honest, it might be cleanest to tell people to install the keyring
> as above with the key matching the release. then verify that it matches
> known good hashes. after everything checks out, telling them
> that installing the `proxmox-archive-keyring` packages overwrites the
> key. so this would work out to basically adding a note like this:

Cleaner than providing the combined release key with a name like
"proxmox-archive-keyring-trixie.gpg" for downloading? As that
would be in essence the same thing, but the user would always have the
correct file there.

Yet another option would be pointing to the actual keyring package in
a specific version + respective hashes and recommend to install that
directly – that might be even more convenient.



> 
> NOTE: The `wget` command above adds the release key for a single {pve}
> release as the archive keyring. Once the `proxmox-archive-keyring`
> package is installed, it will manage this file. The hashes will change
> as keys for other {pve} releases will be added and removed. This means
> the hashes below are only valid for the initial install on top of an
> existing Debian system.
> .
> **Modifying this file is discouraged once `proxmox-archive-keyring` is
> installed.**
> 
> this way the Signed-By lines are correct and don't need to be adjusted
> by users and they should not be confused if the hashes change after
> installing `proxmox-archive-keyring`.

Could be OK, but uploading an extra key or the package wouldn't be much
work. So if you do not see any issue there I'd prefer that route, and
would be open to feedback for what option might be better in the end.


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH docs] package-repos: update key file path and hashes

[Shannon Sterz]

so they better match the repository definitions above

Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
---
 pve-package-repos.adoc | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/pve-package-repos.adoc b/pve-package-repos.adoc
index 063bc6f..a5b233a 100644
--- a/pve-package-repos.adoc
+++ b/pve-package-repos.adoc
@@ -268,25 +268,34 @@ If you install {pve} on top of Debian, download and install
 the key with the following commands:
 
 ----
- # wget https://enterprise.proxmox.com/debian/proxmox-release-trixie.gpg -O
- /etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg
+ # wget https://enterprise.proxmox.com/debian/proxmox-archive-keyring-trixie.gpg -O
+ /usr/share/keyrings/proxmox-archive-keyring.gpg
 ----
 
+NOTE: The `wget` command above adds the keyring for Proxmox releases based on
+Debian Trixie. Once the `proxmox-archive-keyring` package is installed, it will
+manage this file. At that point, the hashes below may no longer match the hashes
+of this file, as keys for new Proxmox releases get added or removed. This is
+intended, `apt` will ensure that only trusted keys are being used.
+*Modifying this file is discouraged once `proxmox-archive-keyring` is installed.*
+
 Verify the checksum afterwards with the `sha512sum` CLI tool:
 
 ----
-# sha512sum /etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg
-7da6fe34168adc6e479327ba517796d4702fa2f8b4f0a9833f5ea6e6b48f6507a6da403a274fe201595edc86a84463d50383d07f64bdde2e3658108db7d6dc87
-/etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg
+# sha256sum /usr/share/keyrings/proxmox-archive-keyring.gpg
+ 136673be77aba35dcce385b28737689ad64fd785a797e57897589aed08db6e45
+/usr/share/keyrings/proxmox-archive-keyring.gpg
 ----
 
 or the `md5sum` CLI tool:
 
 ----
-# md5sum /etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg
-41558dc019ef90bd0f6067644a51cf5b /etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg
+# md5sum /usr/share/keyrings/proxmox-archive-keyring.gpg
+77c8b1166d15ce8350102ab1bca2fcbf /usr/share/keyrings/proxmox-archive-keyring.gpg
 ----
 
+NOTE: Make sure the path you install the key to matches the `Signed-By:` lines
+in your repository stanzas.
 
 ifdef::wiki[]
 
-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH docs] package-repos: update key file path and hashes

[Shannon Sterz]

so they better match the repository definitions above

Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
---
 pve-package-repos.adoc | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/pve-package-repos.adoc b/pve-package-repos.adoc
index 063bc6f..9406e2f 100644
--- a/pve-package-repos.adoc
+++ b/pve-package-repos.adoc
@@ -269,24 +269,33 @@ the key with the following commands:
 
 ----
  # wget https://enterprise.proxmox.com/debian/proxmox-release-trixie.gpg -O
- /etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg
+ /usr/share/keyrings/proxmox-archive-keyring.gpg
 ----
 
+NOTE: The `wget` command above adds the release key for a single {pve} release
+as the archive keyring. Once the `proxmox-archive-keyring` package is installed,
+it will manage this file. The files hashes will change, as keys for other {pve}
+releases will be added and removed. This means the hashes below are only valid
+for the initial install on top of an existing Debian system.
+*Modifying this file is discouraged once `proxmox-archive-keyring` is installed.*
+
 Verify the checksum afterwards with the `sha512sum` CLI tool:
 
 ----
-# sha512sum /etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg
-7da6fe34168adc6e479327ba517796d4702fa2f8b4f0a9833f5ea6e6b48f6507a6da403a274fe201595edc86a84463d50383d07f64bdde2e3658108db7d6dc87
-/etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg
+# sha256sum /usr/share/keyrings/proxmox-archive-keyring.gpg
+ 1bcd2d5bab556076c9ea756a84fe2b7445b13f4ef6e97b2e412b68778377ba6d
+/usr/share/keyrings/proxmox-archive-keyring.gpg
 ----
 
 or the `md5sum` CLI tool:
 
 ----
-# md5sum /etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg
-41558dc019ef90bd0f6067644a51cf5b /etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg
+# md5sum /usr/share/keyrings/proxmox-archive-keyring.gpg
+c94e3775fbafec13fec20f981db61e93 /usr/share/keyrings/proxmox-archive-keyring.gpg
 ----
 
+NOTE: Make sure the path you install the key to matches the `Signed-By:` lines
+in your repository stanzas.
 
 ifdef::wiki[]
 
-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel