From 727d396e5628da317dafa9287fcba998a44ea9fb Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Thu, 18 May 2023 16:01:14 +0200 Subject: [PATCH 01/16] makefile: convert to use simple parenthesis Signed-off-by: Thomas Lamprecht --- Makefile | 43 +++++++++++++++++++++---------------------- 1 file changed, 21 insertions(+), 22 deletions(-) diff --git a/Makefile b/Makefile index 60f1df2..da41510 100644 --- a/Makefile +++ b/Makefile @@ -3,60 +3,59 @@ PKGVER=$(shell dpkg-parsechangelog -Sversion | cut -d- -f1) PKGREL=$(shell dpkg-parsechangelog -Sversion | cut -d- -f2) BUILDSRC := $(PACKAGE)-$(PKGVER) -DEB=${PACKAGE}_${PKGVER}-${PKGREL}_all.deb -DSC=${PACKAGE}_${PKGVER}-${PKGREL}.dsc +DEB=$(PACKAGE)_$(PKGVER)-$(PKGREL)_all.deb +DSC=$(PACKAGE)_$(PKGVER)-$(PKGREL).dsc DESTDIR= -PERL5DIR=${DESTDIR}/usr/share/perl5 -DOCDIR=${DESTDIR}/usr/share/doc/${PACKAGE} +PERL5DIR=$(DESTDIR)/usr/share/perl5 +DOCDIR=$(DESTDIR)/usr/share/doc/$(PACKAGE) PVE_COMMON_FILES= \ Exception.pm GITVERSION:=$(shell git rev-parse HEAD) -all: ${DEB} +all: $(DEB) .PHONY: $(BUILDSRC) $(BUILDSRC): rm -rf $(BUILDSRC) rsync -a debian $(BUILDSRC) make DESTDIR=./$(BUILDSRC) install - echo "git clone git://git.proxmox.com/git/pve-apiclient.git\\ngit checkout ${GITVERSION}" > $(BUILDSRC)/debian/SOURCE + echo "git clone git://git.proxmox.com/git/pve-apiclient.git\\ngit checkout $(GITVERSION)" > $(BUILDSRC)/debian/SOURCE .PHONY: deb -deb ${DEB}: $(BUILDSRC) +deb $(DEB): $(BUILDSRC) cd $(BUILDSRC); dpkg-buildpackage -rfakeroot -b -us -uc - lintian ${DEB} + lintian $(DEB) .PHONY: dsc dsc: $(BUILDSRC) cd $(BUILDSRC); dpkg-buildpackage -S -us -uc -d -nc - lintian ${DSC} + lintian $(DSC) install: - install -D -m 0644 PVE/APIClient/LWP.pm ${PERL5DIR}/PVE/APIClient/LWP.pm - install -m 0644 PVE/APIClient/Exception.pm ${PERL5DIR}/PVE/APIClient/Exception.pm - install -d -m 755 ${DOCDIR}/examples - install -m 0755 examples/example1.pl ${DOCDIR}/examples - install -m 0755 examples/example2.pl ${DOCDIR}/examples - install -m 0755 examples/perftest1.pl ${DOCDIR}/examples + install -D -m 0644 PVE/APIClient/LWP.pm $(PERL5DIR)/PVE/APIClient/LWP.pm + install -m 0644 PVE/APIClient/Exception.pm $(PERL5DIR)/PVE/APIClient/Exception.pm + install -d -m 755 $(DOCDIR)/examples + install -m 0755 examples/example1.pl $(DOCDIR)/examples + install -m 0755 examples/example2.pl $(DOCDIR)/examples + install -m 0755 examples/perftest1.pl $(DOCDIR)/examples update-pve-common: - for i in ${PVE_COMMON_FILES}; do cp ../pve-common/src/PVE/$$i PVE/APIClient/; done - for i in ${PVE_COMMON_FILES}; do sed -i 's/PVE::/PVE::APIClient::/g' PVE/APIClient/$$i; done + for i in $(PVE_COMMON_FILES); do cp ../pve-common/src/PVE/$$i PVE/APIClient/; done + for i in $(PVE_COMMON_FILES); do sed -i 's/PVE::/PVE::APIClient::/g' PVE/APIClient/$$i; done .PHONY: upload -upload: ${DEB} - tar cf - ${DEB} | ssh -X repoman@repo.proxmox.com upload --product pmg,pve --dist bullseye +upload: $(DEB) + tar cf - $(DEB) | ssh -X repoman@repo.proxmox.com upload --product pmg,pve --dist bullseye distclean: clean clean: rm -rf ./$(BUILDSRC) *.deb *.changes *.buildinfo *.dsc *.tar.gz - find . -name '*~' -exec rm {} ';' .PHONY: dinstall -dinstall: ${DEB} - dpkg -i ${DEB} +dinstall: $(DEB) + dpkg -i $(DEB) -- 2.39.2 From 2937fdf9839567c5692ac45d3c1704ddfe878de4 Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Fri, 19 May 2023 15:36:44 +0200 Subject: [PATCH 02/16] remove Exception update targets, just comment how it's very odd to have buildsystem targets that go over the git repos root directory boundary, as one *must not* depend on unrelated things. Rather just comment that and how this was derived from pve-common's exception module. Signed-off-by: Thomas Lamprecht --- Makefile | 7 ------- PVE/APIClient/Exception.pm | 3 +++ 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index da41510..0125f2a 100644 --- a/Makefile +++ b/Makefile @@ -11,9 +11,6 @@ DESTDIR= PERL5DIR=$(DESTDIR)/usr/share/perl5 DOCDIR=$(DESTDIR)/usr/share/doc/$(PACKAGE) -PVE_COMMON_FILES= \ - Exception.pm - GITVERSION:=$(shell git rev-parse HEAD) all: $(DEB) @@ -43,10 +40,6 @@ install: install -m 0755 examples/example2.pl $(DOCDIR)/examples install -m 0755 examples/perftest1.pl $(DOCDIR)/examples -update-pve-common: - for i in $(PVE_COMMON_FILES); do cp ../pve-common/src/PVE/$$i PVE/APIClient/; done - for i in $(PVE_COMMON_FILES); do sed -i 's/PVE::/PVE::APIClient::/g' PVE/APIClient/$$i; done - .PHONY: upload upload: $(DEB) tar cf - $(DEB) | ssh -X repoman@repo.proxmox.com upload --product pmg,pve --dist bullseye diff --git a/PVE/APIClient/Exception.pm b/PVE/APIClient/Exception.pm index c7c78c0..e9110f1 100644 --- a/PVE/APIClient/Exception.pm +++ b/PVE/APIClient/Exception.pm @@ -1,5 +1,8 @@ package PVE::APIClient::Exception; +# NOTE: derived from pve-common's PVE::Execption by copying and then: +# sed -i 's/PVE::/PVE::APIClient::/g' Exception.pm + # a way to add more information to exceptions (see man perlfunc (die)) # use PVE::APIClient::Exception qw(raise); # raise ("my error message", code => 400, errors => { param1 => "err1", ...} ); -- 2.39.2 From 2401ab289ac77e2a2028308efebe5a49eb1cf467 Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Fri, 19 May 2023 15:41:37 +0200 Subject: [PATCH 03/16] exception: white space cleanup Signed-off-by: Thomas Lamprecht --- PVE/APIClient/Exception.pm | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/PVE/APIClient/Exception.pm b/PVE/APIClient/Exception.pm index e9110f1..a2bfa29 100644 --- a/PVE/APIClient/Exception.pm +++ b/PVE/APIClient/Exception.pm @@ -11,7 +11,7 @@ use strict; use warnings; use vars qw(@ISA @EXPORT_OK); require Exporter; -use Storable qw(dclone); +use Storable qw(dclone); use HTTP::Status qw(:constants); @ISA = qw(Exporter); @@ -19,7 +19,7 @@ use HTTP::Status qw(:constants); use overload '""' => sub {local $@; shift->stringify}; use overload 'cmp' => sub { my ($a, $b) = @_; - local $@; + local $@; return "$a" cmp "$b"; # compare as string }; @@ -35,7 +35,7 @@ sub new { }; foreach my $p (keys %param) { - next if defined($self->{$p}); + next if defined($self->{$p}); my $v = $param{$p}; $self->{$p} = ref($v) ? dclone($v) : $v; } @@ -46,7 +46,7 @@ sub new { sub raise { my $exc = PVE::APIClient::Exception->new(@_); - + my ($pkg, $filename, $line) = caller; $exc->{filename} = $filename; @@ -61,11 +61,11 @@ sub raise_perm_exc { my $param = { code => HTTP_FORBIDDEN }; my $msg = "Permission check failed"; - + $msg .= " ($what)" if $what; my $exc = PVE::APIClient::Exception->new("$msg\n", %$param); - + my ($pkg, $filename, $line) = caller; $exc->{filename} = $filename; @@ -91,7 +91,7 @@ sub raise_param_exc { $param->{usage} = $usage if $usage; my $exc = PVE::APIClient::Exception->new("Parameter verification failed.\n", %$param); - + my ($pkg, $filename, $line) = caller; $exc->{filename} = $filename; @@ -142,7 +142,7 @@ sub stringify { sub PROPAGATE { my ($self, $file, $line) = @_; - push @{$self->{propagate}}, [$file, $line]; + push @{$self->{propagate}}, [$file, $line]; return $self; } -- 2.39.2 From 6920b2fe6366cac737c2276192611ff4d5477845 Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Fri, 19 May 2023 15:42:18 +0200 Subject: [PATCH 04/16] d/control: define compat level via build-depends and raise to 13 Signed-off-by: Thomas Lamprecht --- debian/compat | 1 - debian/control | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) delete mode 100644 debian/compat diff --git a/debian/compat b/debian/compat deleted file mode 100644 index 48082f7..0000000 --- a/debian/compat +++ /dev/null @@ -1 +0,0 @@ -12 diff --git a/debian/control b/debian/control index a999aea..e7ed070 100644 --- a/debian/control +++ b/debian/control @@ -2,7 +2,7 @@ Source: libpve-apiclient-perl Section: perl Priority: optional Maintainer: Proxmox Support Team -Build-Depends: debhelper (>= 12), +Build-Depends: debhelper-compat (= 13), perl, Standards-Version: 4.5.1 Homepage: https://www.proxmox.com -- 2.39.2 From 7147fbfef70dde674e4dc409b8e2aa5b9589ca8b Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Fri, 19 May 2023 15:51:39 +0200 Subject: [PATCH 05/16] use dpkg's packaging variable makefile fragment Signed-off-by: Thomas Lamprecht --- Makefile | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index 0125f2a..3d224a9 100644 --- a/Makefile +++ b/Makefile @@ -1,13 +1,12 @@ +include /usr/share/dpkg/default.mk + PACKAGE=libpve-apiclient-perl -PKGVER=$(shell dpkg-parsechangelog -Sversion | cut -d- -f1) -PKGREL=$(shell dpkg-parsechangelog -Sversion | cut -d- -f2) -BUILDSRC := $(PACKAGE)-$(PKGVER) -DEB=$(PACKAGE)_$(PKGVER)-$(PKGREL)_all.deb -DSC=$(PACKAGE)_$(PKGVER)-$(PKGREL).dsc +BUILDSRC := $(PACKAGE)-$(DEB_VERSION) +DEB=$(PACKAGE)_$(DEB_VERSION)_all.deb +DSC=$(PACKAGE)_$(DEB_VERSION).dsc DESTDIR= - PERL5DIR=$(DESTDIR)/usr/share/perl5 DOCDIR=$(DESTDIR)/usr/share/doc/$(PACKAGE) -- 2.39.2 From f5310c0761970e9c42b27ae8206bd485cbc1700b Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Fri, 19 May 2023 15:52:17 +0200 Subject: [PATCH 06/16] buildsys: cleanup and expand clean target Signed-off-by: Thomas Lamprecht --- Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 3d224a9..cfd2939 100644 --- a/Makefile +++ b/Makefile @@ -44,9 +44,8 @@ upload: $(DEB) tar cf - $(DEB) | ssh -X repoman@repo.proxmox.com upload --product pmg,pve --dist bullseye distclean: clean - clean: - rm -rf ./$(BUILDSRC) *.deb *.changes *.buildinfo *.dsc *.tar.gz + rm -rf $(PACKAGE)-[0-9]*/ *.deb *.changes *.buildinfo *.build *.dsc *.tar.* .PHONY: dinstall dinstall: $(DEB) -- 2.39.2 From f7d3e2f59e43e853a75556457767fd84531e107a Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Fri, 19 May 2023 15:52:46 +0200 Subject: [PATCH 07/16] buildsys: encode prerequisites of install target Signed-off-by: Thomas Lamprecht --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index cfd2939..cb2c243 100644 --- a/Makefile +++ b/Makefile @@ -31,7 +31,7 @@ dsc: $(BUILDSRC) cd $(BUILDSRC); dpkg-buildpackage -S -us -uc -d -nc lintian $(DSC) -install: +install: PVE/APIClient/Exception.pm PVE/APIClient/LWP.pm examples/*.pl install -D -m 0644 PVE/APIClient/LWP.pm $(PERL5DIR)/PVE/APIClient/LWP.pm install -m 0644 PVE/APIClient/Exception.pm $(PERL5DIR)/PVE/APIClient/Exception.pm install -d -m 755 $(DOCDIR)/examples -- 2.39.2 From 1b02346293dbd21fe647ade9db92d0d47fb10d8d Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Fri, 19 May 2023 16:21:48 +0200 Subject: [PATCH 08/16] separate packaging and source build system Signed-off-by: Thomas Lamprecht --- Makefile | 17 +++++------------ debian/install | 2 -- src/Makefile | 17 +++++++++++++++++ {PVE => src/PVE}/APIClient/Exception.pm | 0 {PVE => src/PVE}/APIClient/LWP.pm | 0 {examples => src/examples}/example1.pl | 0 {examples => src/examples}/example2.pl | 0 {examples => src/examples}/example3.pl | 0 {examples => src/examples}/example4.pl | 0 {examples => src/examples}/perftest1.pl | 0 10 files changed, 22 insertions(+), 14 deletions(-) delete mode 100644 debian/install create mode 100644 src/Makefile rename {PVE => src/PVE}/APIClient/Exception.pm (100%) rename {PVE => src/PVE}/APIClient/LWP.pm (100%) rename {examples => src/examples}/example1.pl (100%) rename {examples => src/examples}/example2.pl (100%) rename {examples => src/examples}/example3.pl (100%) rename {examples => src/examples}/example4.pl (100%) rename {examples => src/examples}/perftest1.pl (100%) diff --git a/Makefile b/Makefile index cb2c243..11e1c6b 100644 --- a/Makefile +++ b/Makefile @@ -16,10 +16,11 @@ all: $(DEB) .PHONY: $(BUILDSRC) $(BUILDSRC): - rm -rf $(BUILDSRC) - rsync -a debian $(BUILDSRC) - make DESTDIR=./$(BUILDSRC) install - echo "git clone git://git.proxmox.com/git/pve-apiclient.git\\ngit checkout $(GITVERSION)" > $(BUILDSRC)/debian/SOURCE + rm -rf $@ $@.tmp + cp -a src $@.tmp + cp -a debian $@.tmp/ + echo "git clone git://git.proxmox.com/git/pve-apiclient.git\\ngit checkout $(GITVERSION)" >$@.tmp/debian/SOURCE + mv $@.tmp $@ .PHONY: deb deb $(DEB): $(BUILDSRC) @@ -31,14 +32,6 @@ dsc: $(BUILDSRC) cd $(BUILDSRC); dpkg-buildpackage -S -us -uc -d -nc lintian $(DSC) -install: PVE/APIClient/Exception.pm PVE/APIClient/LWP.pm examples/*.pl - install -D -m 0644 PVE/APIClient/LWP.pm $(PERL5DIR)/PVE/APIClient/LWP.pm - install -m 0644 PVE/APIClient/Exception.pm $(PERL5DIR)/PVE/APIClient/Exception.pm - install -d -m 755 $(DOCDIR)/examples - install -m 0755 examples/example1.pl $(DOCDIR)/examples - install -m 0755 examples/example2.pl $(DOCDIR)/examples - install -m 0755 examples/perftest1.pl $(DOCDIR)/examples - .PHONY: upload upload: $(DEB) tar cf - $(DEB) | ssh -X repoman@repo.proxmox.com upload --product pmg,pve --dist bullseye diff --git a/debian/install b/debian/install deleted file mode 100644 index aab4f0a..0000000 --- a/debian/install +++ /dev/null @@ -1,2 +0,0 @@ -/usr/share/perl5 -/usr/share/doc/libpve-apiclient-perl \ No newline at end of file diff --git a/src/Makefile b/src/Makefile new file mode 100644 index 0000000..bc19e9f --- /dev/null +++ b/src/Makefile @@ -0,0 +1,17 @@ +PACKAGE ?= libpve-apiclient-perl + +DESTDIR= +PERL5DIR=$(DESTDIR)/usr/share/perl5 +DOCDIR=$(DESTDIR)/usr/share/doc/$(PACKAGE) + +all: + +install: PVE/APIClient/Exception.pm PVE/APIClient/LWP.pm examples/*.pl + install -D -m 0644 PVE/APIClient/LWP.pm $(PERL5DIR)/PVE/APIClient/LWP.pm + install -m 0644 PVE/APIClient/Exception.pm $(PERL5DIR)/PVE/APIClient/Exception.pm + install -d -m 755 $(DOCDIR)/examples + install -m 0755 examples/example1.pl $(DOCDIR)/examples + install -m 0755 examples/example2.pl $(DOCDIR)/examples + install -m 0755 examples/perftest1.pl $(DOCDIR)/examples + +clean: diff --git a/PVE/APIClient/Exception.pm b/src/PVE/APIClient/Exception.pm similarity index 100% rename from PVE/APIClient/Exception.pm rename to src/PVE/APIClient/Exception.pm diff --git a/PVE/APIClient/LWP.pm b/src/PVE/APIClient/LWP.pm similarity index 100% rename from PVE/APIClient/LWP.pm rename to src/PVE/APIClient/LWP.pm diff --git a/examples/example1.pl b/src/examples/example1.pl similarity index 100% rename from examples/example1.pl rename to src/examples/example1.pl diff --git a/examples/example2.pl b/src/examples/example2.pl similarity index 100% rename from examples/example2.pl rename to src/examples/example2.pl diff --git a/examples/example3.pl b/src/examples/example3.pl similarity index 100% rename from examples/example3.pl rename to src/examples/example3.pl diff --git a/examples/example4.pl b/src/examples/example4.pl similarity index 100% rename from examples/example4.pl rename to src/examples/example4.pl diff --git a/examples/perftest1.pl b/src/examples/perftest1.pl similarity index 100% rename from examples/perftest1.pl rename to src/examples/perftest1.pl -- 2.39.2 From 4b2de6c1e7a07244f35c4501facaad3544f0664c Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Fri, 19 May 2023 16:22:19 +0200 Subject: [PATCH 09/16] buildsys: cleanup deb/dsc targets Signed-off-by: Thomas Lamprecht --- Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 11e1c6b..ae35e74 100644 --- a/Makefile +++ b/Makefile @@ -14,7 +14,6 @@ GITVERSION:=$(shell git rev-parse HEAD) all: $(DEB) -.PHONY: $(BUILDSRC) $(BUILDSRC): rm -rf $@ $@.tmp cp -a src $@.tmp @@ -24,12 +23,13 @@ $(BUILDSRC): .PHONY: deb deb $(DEB): $(BUILDSRC) - cd $(BUILDSRC); dpkg-buildpackage -rfakeroot -b -us -uc + cd $(BUILDSRC); dpkg-buildpackage -b -us -uc lintian $(DEB) .PHONY: dsc -dsc: $(BUILDSRC) - cd $(BUILDSRC); dpkg-buildpackage -S -us -uc -d -nc +dsc: $(DSC) +$(DSC): $(BUILDSRC) + cd $(BUILDSRC); dpkg-buildpackage -S -us -uc -d lintian $(DSC) .PHONY: upload -- 2.39.2 From 5de355e54629715a4cc55ec4044c28d2084102b3 Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Fri, 19 May 2023 16:22:36 +0200 Subject: [PATCH 10/16] buildsys: add sbuild convenience target Signed-off-by: Thomas Lamprecht --- Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Makefile b/Makefile index ae35e74..c4c57f8 100644 --- a/Makefile +++ b/Makefile @@ -32,6 +32,9 @@ $(DSC): $(BUILDSRC) cd $(BUILDSRC); dpkg-buildpackage -S -us -uc -d lintian $(DSC) +sbuild: $(DSC) + sbuild $(DSC) + .PHONY: upload upload: $(DEB) tar cf - $(DEB) | ssh -X repoman@repo.proxmox.com upload --product pmg,pve --dist bullseye -- 2.39.2 From e426c37dc8da065d71dee4ea3237fd8a273ee2c6 Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Fri, 19 May 2023 16:22:44 +0200 Subject: [PATCH 11/16] bump version to 3.3.0 Signed-off-by: Thomas Lamprecht --- debian/changelog | 10 +++++++++- debian/source/format | 2 +- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index 126d430..76716d7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,12 @@ -libpve-apiclient-perl (3.2-1) pve pmg; urgency=medium +libpve-apiclient-perl (3.3.0) bookworm; urgency=medium + + * re-build for Debian 12 Bookworm based releases + + * switch over to native versioning + + -- Proxmox Support Team Fri, 19 May 2023 16:07:13 +0200 + +libpve-apiclient-perl (3.2-1) bullseye; urgency=medium * bump version for Debian 11 Bullseye based releases diff --git a/debian/source/format b/debian/source/format index d3827e7..89ae9db 100644 --- a/debian/source/format +++ b/debian/source/format @@ -1 +1 @@ -1.0 +3.0 (native) -- 2.39.2 From 8a0c6cd03ec250d2f95c97aafe58d0f4a18e1bdf Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Fri, 19 May 2023 16:23:18 +0200 Subject: [PATCH 12/16] buildsys: derive upload dist automatically Signed-off-by: Thomas Lamprecht --- Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index c4c57f8..33e70c7 100644 --- a/Makefile +++ b/Makefile @@ -36,8 +36,9 @@ sbuild: $(DSC) sbuild $(DSC) .PHONY: upload +upload: UPLOAD_DIST ?= $(DEB_DISTRIBUTION) upload: $(DEB) - tar cf - $(DEB) | ssh -X repoman@repo.proxmox.com upload --product pmg,pve --dist bullseye + tar cf - $(DEB) | ssh -X repoman@repo.proxmox.com upload --product pmg,pve --dist $(UPLOAD_DIST) distclean: clean clean: -- 2.39.2 From b8721b4a8e3032b10e53339befedb7a22ea2fd7a Mon Sep 17 00:00:00 2001 From: Max Carrara Date: Wed, 15 Mar 2023 17:26:30 +0100 Subject: [PATCH 13/16] lwp: set SameSite attr of auth cookie to 'strict' This prohibits the cookie from being sent along in cross-site sub-requests or when the user navigates to a different site. Signed-off-by: Max Carrara --- src/PVE/APIClient/LWP.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/PVE/APIClient/LWP.pm b/src/PVE/APIClient/LWP.pm index ed7e4fe..722b35a 100755 --- a/src/PVE/APIClient/LWP.pm +++ b/src/PVE/APIClient/LWP.pm @@ -89,7 +89,7 @@ sub update_ticket { $self->{ticket} = $ticket; my $encticket = uri_escape($ticket); - my $cookie = "$self->{cookie_name}=$encticket; path=/; secure;"; + my $cookie = "$self->{cookie_name}=$encticket; path=/; secure; SameSite=Strict;"; $agent->default_header('Cookie', $cookie); } -- 2.39.2 From dfee5e09acd529f28c7565f380f2dd3415cd92e7 Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Fri, 9 Jun 2023 07:54:46 +0200 Subject: [PATCH 14/16] bump version to 3.3.1 Signed-off-by: Thomas Lamprecht --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 76716d7..5dbc937 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +libpve-apiclient-perl (3.3.1) bookworm; urgency=medium + + * lwp: set SameSite attr of auth cookie to 'strict' + + -- Proxmox Support Team Fri, 09 Jun 2023 07:54:37 +0200 + libpve-apiclient-perl (3.3.0) bookworm; urgency=medium * re-build for Debian 12 Bookworm based releases -- 2.39.2 From 6c8c78d01ab449ba30a1f93d967f155482702c35 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Fabian=20Gr=C3=BCnbichler?= Date: Tue, 26 Mar 2024 09:15:02 +0100 Subject: [PATCH 15/16] fix validation of self-signed cert chains MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The interface here is a bit weird - if the verify callback returns 1 for a certificate higher up in the chain, this will propagate to the next invocation of the callback for the next certificate, even if openssl on its own would not trust the certificate. By re-ordering the checks and keeping track of the fact that we returned 1 despite openssl failing its own validation, the validation logic should now cover all combinations of certificate count and self-signed/system trust status. Signed-off-by: Fabian Grünbichler --- src/PVE/APIClient/LWP.pm | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/src/PVE/APIClient/LWP.pm b/src/PVE/APIClient/LWP.pm index 722b35a..f753109 100755 --- a/src/PVE/APIClient/LWP.pm +++ b/src/PVE/APIClient/LWP.pm @@ -415,11 +415,18 @@ sub new { $ssl_opts->{'SSL_verify_callback'} = sub { my ($openssl_valid, undef, undef, undef, $cert, $depth) = @_; - # we don't care about intermediate or root certificates - return 1 if $depth != 0; - return 1 if $trust_openssl && $openssl_valid; + # Openssl encountered validation error, only allow validation to + # pass if fingerprint is verified + $trust_openssl = 0; + + # We don't care about intermediate or root certificates if we don't + # trust openssl's validation result + return 1 if $depth != 0; + + # We've reached the leaf certificate and the chain didn't pass + # openssl's validation - let's verify the fingerprint! return verify_cert_callback($fingerprints, $cert, $verify_fingerprint_cb); } } -- 2.39.2 From 94d38f0aba67ad04bf20159f605d5f7380cf7b58 Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Tue, 26 Mar 2024 09:35:58 +0100 Subject: [PATCH 16/16] bump version to 3.3.2 Signed-off-by: Thomas Lamprecht --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 5dbc937..60b4041 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +libpve-apiclient-perl (3.3.2) bookworm; urgency=medium + + * fix validation of self-signed cert chains + + -- Proxmox Support Team Tue, 26 Mar 2024 09:35:54 +0100 + libpve-apiclient-perl (3.3.1) bookworm; urgency=medium * lwp: set SameSite attr of auth cookie to 'strict' -- 2.39.2