Dominik Csapak [Thu, 3 Oct 2019 11:50:07 +0000 (13:50 +0200)]
JSONSchema: add pve-tag format
this will be used for vm/ct tag-lists, so that (config) management systems
or similar add additional information that does not reside in the
description
putting it here, since we want to eventually have it also for
nodes,storages,etc.
Thomas Lamprecht [Tue, 29 Oct 2019 06:28:52 +0000 (07:28 +0100)]
d/control: record breaks of pve-container (<< 3.0-9)
As we drop the arch translation part used by pve-container packages
in version 3.0-8 or older we need to break them, to avoid broken
newly created containers.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
JSONSchema: add TFA-secret format; support longer secrets
The old format used 16 base32 chars or 40 hex digits. Since they have
a common subset it's hard to distinguish them without the our
previous length constraints, so prefix a 'v2-' of the format to
support arbitrary lengths properly.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
add postinst hook to fix /etc/aliases whitespace error
This was wrongly shipped by our ISO since quite a bit (AFAICT, at
least 4.x), so fix it up in a versioned postinst snippet.
Do so by usind sed with the following pattern:
# sed -E -i -e 's/^www:(\w)/www: \1/' /etc/aliases
proposed by Musee Ullah[0]. It even catches a bit more than exactly
our misstep, may help if one copied this line, or added some other
addresses to this specific aliases entry.
Do this here, in pve-common, as it makes it sligthly simpler to roll
the change out to both, PVE and PMG.
Fabian Ebner [Wed, 28 Aug 2019 09:22:38 +0000 (11:22 +0200)]
Fix 2339: Handle multiple blank lines correctly in SectionConfig
It turns out that the line number counting was also broken (even on
files without multiple blanks), since the body of the while inside
the nextline subroutine would not be executed for a blank.
I guess the subroutine was intended to skip comments and blanks, but
since we use blanks to recognize the end of a section, I changed it
to only skip comments.
and constant AT_EMPTY_PATH for chowning a directory/file opened via
openat(2), for example when walking/creating a directory tree without
following symlinks.
CLIHandler: consider valid prefixes for completion
With the change introduced in 57c0d0c69c687f2dff876aa81369622d0ae0a841
completion of partial commands stopped working (e.g. typing qm res<TAB><TAB>
yields nothing instead of 'reset resize resume rescan')
By returning undef as 'ref' 'print_bash_completion' has no reference of the
available (sub) commands anymore.
By checking if the current argument is a valid prefix of a possible command,
and conditionally not setting the 'ref' hash to undef, the functionality is
restored.
Thomas Lamprecht [Thu, 23 May 2019 10:52:18 +0000 (12:52 +0200)]
assemble_spice_ticket: ensure variable in interpolated string are correct
In older perl the following two where the same:
"$foo::$bar" == "${foo}::${bar}"
But in perl 5, version 28 it's not anymore,
"$foo::$bar" would be equivalent to "${foo::}${bar}", the double
colons are now not used as variable name boundary, so mark that
explicitly in the affected case and surrounding ones preventively
This fixes authentication with spice* related stuff again.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dominik Csapak [Wed, 15 May 2019 08:03:50 +0000 (10:03 +0200)]
prevent autovivification of sectionconfig options
If, somehow, someone passes a config to check_config with keys set
that are not in the options for that type, this fixed check
lead to autovivification, meaning that any future calls to the same
worker had an additional option for that type which is not optional
this lead to a wrongfully deleting of entries when updating an entry of
a different type, since all entries of the original types suddenly
did not satisfy their required options and would not get parsed
by read_file anymore (thus missing when a successful write_file was done)
Dominik Csapak [Fri, 3 May 2019 07:28:51 +0000 (09:28 +0200)]
INotify: map address/netmask to cidr while parsing interfaces
this allows us to always show the 'address' the 'netmask' and the 'cidr'
both for ipv4 and ipv6
there is a small api change involved in one scenario:
if one manually changed the address to cidr format like
'10.0.0.4/24'
we now get from the api the parsed values
addr => 10.0.0.4
netmask => 24
cidr => 10.0.0.4/24
instead of
addr => 10.0.0.4/24
netmask =>
but i think that circumventing our api when writing the file, but still
relying on the api for reading is not a valid use case, i would argue
that we can change this, especially since we have a new field that
contains that information again (cidr)
See `man 2 setresuid`. The code was tested with small UIDs (109) and
one which does not fit into 16 bit (100000000), since I wasn't too
sure about the workings of setresuid vs. setresuid32 (see NOTES of
the manpage) - it worked with both.
Linux on amd64 has only a single setresuid, as it the 64 bit arch
came after the setresuid32 syscall, and thus it started with the
later one as single common one
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com> Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Thu, 21 Mar 2019 11:48:54 +0000 (12:48 +0100)]
JSONSchema: register 'pve-snapshot-name' here to avoid cyclic dependencies
move it from qemu-server as it was also used in pve-container and
pve-manager (pvesr), while guest-commons AbstractConfig could be a
fit too, just move it here as all depending on this already use
JSONSchema and it just fits here...
Break respective qemu-server version
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Stoiko Ivanov [Tue, 12 Mar 2019 15:07:41 +0000 (16:07 +0100)]
JSONSchema: Adapt MAC address format to unicast
MAC-addresses having the LSB of the first octet set, are considered
multicast-addresses (see [0,1]).
the 'mac-addr' format got changed to only permit unicast addresses, which should
work for its current use-case (WOL for nodes).
additionally a default option was registered via register_standard_option to be
used in both PVE::LXC::Config and PVE::QemuServer.
Oguz Bektas [Thu, 28 Feb 2019 14:00:04 +0000 (15:00 +0100)]
fix #2111: regex match for email addresses
now allows:
* addresses without tld (f.e. user@localhost per bug)
* remove limits for number of subdomains
* allow +, -, ~ in local part
* disallow double dots (.. .a. etc) and dots in the end (abc.@mail.com)
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com> Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> Acked-by: Dominik Csapak <d.csapak@proxmox.com>
Christian Ebner [Wed, 20 Feb 2019 10:59:14 +0000 (11:59 +0100)]
Fix 1891: Add zsh command completion generator
This adds the function needed to generate the zsh autocompletion scripts.
Using the bash completion code path, this generates the list of possible
completions and adds them to the zsh completion by compadd.
For the autocompletion scripts to be loaded automatically, the following two
lines have to be placed in the .zshrc:
autoload -U compinit
compinit
Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
these were previously already depended on by pve-manager, where they were
recently removed - exposing the fact they are in fact required by
libpve-common-perl.
Extract major/minor from `dev_t` values as found in stat()
calls, with support for the full 32 bit values.
The device value returned by stat() is 32 bits long and encoded as
high 12 bit of the minor value as in the 12 MSBs, 12 bit major value,
then the low 8 bit of the minor value in the low byte.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Dominik Csapak [Tue, 20 Nov 2018 16:13:38 +0000 (17:13 +0100)]
SysFSTools.pm: improve and extend lspci
this implements following improvements and optimizations for lspci
* removes the unecessary split between id and function
since everywhere we need that information, we stitch them together
anyway. to preserve ordering, simply order by id with string
comparison 'cmp' (this is important for the shorthand syntax '00:01' in
the config)
* returns now a list directly, instead of an hash with lists
* returns now always the vendor/device id and class[1]
* filter is now either a string (matches the id partially), or a
sub, which filters the device out if it returns a falsy value
* adds a verbose flag to include more information about the device,
such as device/vendor name, iommu-group, mdev support, etc.
this will be used for the pci scan api call for the gui
The ip link set command which create the veth pair is not setting mtu on both peers
example:
vm 106 is on a bridge with mtu 9000
222: tap160i1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 9000 qdisc pfifo_fast master fwbr160i1 state UNKNOWN group default qlen 1000
223: fwbr160i1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
224: fwpr160p1@fwln160i1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc noqueue state UP group default qlen 1000
225: fwln160i1@fwpr160p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
fwpr160p1@fwln160i1 is correctly created with mtu 9000
but
fwln160i1@fwpr160p1 is created with mtu 1500.
(and then vmbr106i1 is lowered to 1500 too).
This is doing network problem, as tap160i1 is mtu9000.
After this patch:
222: tap160i1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 9000 qdisc pfifo_fast master fwbr160i1 state UNKNOWN group default qlen 1000
223: fwbr160i1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc noqueue state UP group default qlen 1000
224: fwpr160p1@fwln160i1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc noqueue state UP group default qlen 1000
225: fwln160i1@fwpr160p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc noqueue state UP group default qlen 1000
Stoiko Ivanov [Tue, 20 Nov 2018 08:46:32 +0000 (09:46 +0100)]
fix #1956: return controlling terminal to parent
The changes introduced in e97f807c388c10250f442b1f16c5315df2ffc2af let the
child in fork_worker take the controlling terminal of the session, without
returning it after finishing.
This breaks using/reading from the terminal after both parent and child exit
- e.g. when the code is called from within a shellscript.