From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 64C30EA17 for ; Wed, 19 Jul 2023 14:50:04 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 3EF7876F4 for ; Wed, 19 Jul 2023 14:49:34 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Wed, 19 Jul 2023 14:49:33 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 850B241017 for ; Wed, 19 Jul 2023 14:49:33 +0200 (CEST) Date: Wed, 19 Jul 2023 14:49:32 +0200 From: Wolfgang Bumiller To: Fiona Ebner Cc: Proxmox VE development discussion , Lukas Wagner Message-ID: References: <20230717150051.710464-1-l.wagner@proxmox.com> <20230717150051.710464-39-l.wagner@proxmox.com> <2e73269c-dc99-f193-ac82-9c401c560b44@proxmox.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <2e73269c-dc99-f193-ac82-9c401c560b44@proxmox.com> X-SPAM-LEVEL: Spam detection results: 0 AWL -0.133 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_NUMSUBJECT 0.5 Subject ends in numbers excluding current years SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [jsonschema.pm] Subject: Re: [pve-devel] [PATCH v3 pve-common 38/66] JSONSchema: increase maxLength of config-digest to 64 X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jul 2023 12:50:04 -0000 On Wed, Jul 19, 2023 at 02:41:17PM +0200, Fiona Ebner wrote: > Am 17.07.23 um 17:00 schrieb Lukas Wagner: > > The new notification backend is implemented in Rust where we use SHA256 > > for config digests. > > > > Signed-off-by: Lukas Wagner > > --- > > src/PVE/JSONSchema.pm | 7 +++++-- > > 1 file changed, 5 insertions(+), 2 deletions(-) > > > > diff --git a/src/PVE/JSONSchema.pm b/src/PVE/JSONSchema.pm > > index 7589bba..49e0d7a 100644 > > --- a/src/PVE/JSONSchema.pm > > +++ b/src/PVE/JSONSchema.pm > > @@ -93,10 +93,13 @@ register_standard_option('pve-bridge-id', { > > }); > > > > register_standard_option('pve-config-digest', { > > - description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.', > > + description => 'Prevent changes if current configuration file has a different digest. ' > > + . 'This can be used to prevent concurrent modifications.', > > Should we instead create a separate standard option > "pve-config-digest-sha256"? Then we can still clearly communicate which > digest it is to users of the API (mostly ourselves for this one, but > still). Might prevent some mix-up at some point in the future. We could, but the current one is already only limited to a `maxLength`, not an exact one, so we don't get proper verification errors here for shorter strings either. Also, theoretically we could bring all the digests up to sha256 over time while supporting both as input in the API without having to update API the schema of each call that starts supporting the newer one.