Wolfgang Bumiller [Wed, 6 Mar 2024 11:02:31 +0000 (12:02 +0100)]
bump version to 8.1.1
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Max Carrara [Tue, 20 Feb 2024 15:08:36 +0000 (16:08 +0100)]
ticket: remove fallback for SHA1-base64 CSRF prevention tokens
Signed-off-by: Max Carrara <m.carrara@proxmox.com>
Wolfgang Bumiller [Thu, 15 Feb 2024 12:30:18 +0000 (13:30 +0100)]
add PVE::Systemd::is_unit_active
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Mon, 22 Jan 2024 11:52:41 +0000 (12:52 +0100)]
schema: fixup description vs format_description in remote_format
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Fabian Grünbichler [Thu, 21 Dec 2023 15:30:25 +0000 (16:30 +0100)]
network tests: test #5141
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Thu, 21 Dec 2023 15:30:24 +0000 (16:30 +0100)]
fix #5141: network parser: fix accidental RE result re-use
$1 and friends are not cleared if a RE fails to match, in which case they will
contain the captured values from a previous successful match in the same scope.
deduplicate the two branches to avoid accidental re-introduction.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Thu, 21 Dec 2023 15:30:23 +0000 (16:30 +0100)]
network parser: iterate deterministically
makes the behaviour easier to analyze, and also helps when testing since it
allows constructing test cases that trigger certain order of parsing.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Thu, 21 Dec 2023 15:30:22 +0000 (16:30 +0100)]
network tests: switch to ifupdown2
adapt allow-* to auto, and drop the one test where behaviour is not testable
anymore.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Wolfgang Bumiller [Thu, 14 Dec 2023 09:09:48 +0000 (10:09 +0100)]
expose SYS_prctl
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Thomas Lamprecht [Tue, 21 Nov 2023 12:04:26 +0000 (13:04 +0100)]
bump version to 8.1.0
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Fri, 17 Nov 2023 08:05:36 +0000 (09:05 +0100)]
section config: avoid unamed boolean parameter use hash
Even with just one param it's extra work to check what it refers too,
with named ones in a hash one hasn't that issue even with many params.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dominik Csapak [Thu, 16 Nov 2023 15:21:51 +0000 (16:21 +0100)]
section config: add tests for separated property lists
more or less a copy from the normal section config test, but now with
properties defined multiple times as well as conflicting options
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
[ TL: improve consistency with property-isolation terminology ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dominik Csapak [Thu, 16 Nov 2023 15:21:50 +0000 (16:21 +0100)]
section config: allow full property-isolation for plugins
When using 'init(property_isolation => 1)', the code saves the
property lists per type instead of a big one, and using
create/updateSchema creates a new schema with the options as 'oneOf'
and/or 'instance-types' (depending if the schemas match).
With that, we change how we work with the options hash:
It's not needed anymore to specify options that are specified in the
type specific propertyList, except if it's 'fixed => 1' (since that does
not exist in the schema)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
[ TL: ensure consistency with new property-isolation terminology ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dominik Csapak [Thu, 16 Nov 2023 15:21:49 +0000 (16:21 +0100)]
json schema: implement 'oneOf' schema
a schema can now have the 'oneOf' property which is an array of regular
schemas. In the default case any of that has to match. If the
'type-property'/'instance-types' are given, only the schema for the specific
type will be checked (and handles as 'additionalProperties' if there is
no matching type)
the field found in 'type-property' has to be on the same level
(so for oneOf the nested schemas should not include that).
Documentation is adapted so that options are grouped per `type-property=value`
after the regular options (with their individual descriptions/types/etc.)
oneOfs without 'type-property'/'instance-tyeps' simply show up twice for
now with an 'or' line in between.
command line parsing is a bit weird for now since Getopt::Long
can't have multiple variants for the same property (but works fine with
pvesh for our current use cases). it gets shown as '--foo <multiple' if
they are not optional.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dominik Csapak [Thu, 16 Nov 2023 15:21:48 +0000 (16:21 +0100)]
tools: add is_deeply
to compare nested hashes/lists and scalar values recursively.
Also includes some tests
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dominik Csapak [Thu, 16 Nov 2023 15:21:47 +0000 (16:21 +0100)]
section config: add test for the schemas
by simply doing an 'is_deeply' on the generated schema with
the current generated schema
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Filip Schauer [Mon, 13 Nov 2023 10:30:36 +0000 (11:30 +0100)]
tools: Add mount flag constants
Signed-off-by: Filip Schauer <f.schauer@proxmox.com>
Filip Schauer [Mon, 13 Nov 2023 10:30:35 +0000 (11:30 +0100)]
tools: Add mknod syscall
Signed-off-by: Filip Schauer <f.schauer@proxmox.com>
Thomas Lamprecht [Tue, 7 Nov 2023 07:58:34 +0000 (08:58 +0100)]
bump version to 8.0.10
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Gabriel Goller [Tue, 19 Sep 2023 07:35:25 +0000 (09:35 +0200)]
fix #4162: added `Auto-Submitted` header to email body
`Auto-Submitted` is defined in the rfc 5436 [1] and describes how
an automatic response (f.e. ooo replies, etc.) should behave on the
emails. When using `Auto-Submitted: auto-generated` (or any value
other than `none`) automatic replies won't be triggered.
[1]: https://www.rfc-editor.org/rfc/rfc3834.html
Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
Dominik Csapak [Thu, 19 Oct 2023 09:13:53 +0000 (11:13 +0200)]
pbs client: add 'tar' parameter to file_restore_extract
so that we can get a 'tar.zst' from proxmox-file-restore by passing
'--format tar --zstd' to the file-restore binary
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Wed, 13 Sep 2023 11:43:12 +0000 (13:43 +0200)]
readme: avoid using deprecated apt-key
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Stefan Lendl [Mon, 11 Sep 2023 11:55:59 +0000 (13:55 +0200)]
readme: update mentions of bullseye to bookworm
Signed-off-by: Stefan Lendl <s.lendl@proxmox.com>
Fiona Ebner [Mon, 11 Sep 2023 11:51:19 +0000 (13:51 +0200)]
bump version to 8.0.9
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Lukas Wagner [Wed, 30 Aug 2023 12:37:52 +0000 (14:37 +0200)]
tools: allow to force UTF-8 encoding for file_set_contents
Rationale: This is used from cfs_write_file, which is now also used to
write utf8-encoded strings that come from Rust. If no encoding is
specified while writing the file, we run into problems with certain
special characters (e.g. 'ü').
Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
[FG: use flag parameter instead of encoding as a string
use stricter 'UTF-8' instaed of 'utf8' (see 'perldoc Enocode')]
Suggested-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
[FE: implement changes suggested by Fabian
move binmode call to where $fh is known to be set]
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Fiona Ebner [Wed, 30 Aug 2023 13:07:52 +0000 (15:07 +0200)]
run fork with timeout: only special case timeout error in list context
run_with_timeout() will treat a timeout error differently when called
in list context and run_fork_with_timeout() should do the same. Ensure
this by calling run_with_timeout() in list context if and only if
run_fork_with_timeout() is called in list context too.
Fixes: a6aa0ae ("run with timeout: return if timeout happened in list context")
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Fiona Ebner [Wed, 30 Aug 2023 13:07:51 +0000 (15:07 +0200)]
run with timeout: only special-case timeout error in list-context
and not other errors too.
Fixes: a6aa0ae ("run with timeout: return if timeout happened in list context")
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Fiona Ebner [Wed, 16 Aug 2023 09:24:39 +0000 (11:24 +0200)]
test: section config: also test array entries in unknown section
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Dominik Csapak [Wed, 16 Aug 2023 09:09:11 +0000 (11:09 +0200)]
SectionConfig: fix handling unknown sections
if we're parsing an unknown section, we cannot check the schema with
`is_array` to check if it's an array type or not, thus we have to
handle that separately.
fix this by handling data in unknown sections like an array similar to
"
cb2646c7b4974e33f4148752deec71f0d589b0f3" in proxmox-section-config.
This way we can write unknown section out again like we parsed it.
Add a regression test for an unknown field not in the schema.
This fixes an issue, where calling `qm destroy ID --purge` removed much
of the configs ob backup jobs (since there we parse an 'unknown' section
and run into the `is_array` error)
(Reported in the forum: https://forum.proxmox.com/threads/132091)
Suggested-by: Fiona Ebner <f.ebner@proxmox.com>
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Wolfgang Bumiller [Fri, 11 Aug 2023 11:25:14 +0000 (13:25 +0200)]
bump version to 8.0.8
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Christoph Heiss [Thu, 10 Aug 2023 12:37:06 +0000 (14:37 +0200)]
section config: allow base properties for {create, update}Schema()
This works the same way as e.g. get_standard_option does it.
Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
Christoph Heiss [Thu, 10 Aug 2023 12:37:05 +0000 (14:37 +0200)]
ldap: handle errors explicitly everywhere instead of simply `die`ing
Most codepaths already have explicit error handling (by the means of
checking the return value), which is essential dead code due to setting
`onerror`.
As LDAP errors might get presented to users due to upcoming changes, the
error location should not be present in these error messages, thus
switch to explicit handling.
Only two calls were missing such explicit handling of errors, so these
are amended as appropriate. Further, some `die`s were missing newlines
at the end of the message, which - again - would cause the error
location to be included.
Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
Philipp Hufnagl [Tue, 1 Aug 2023 14:46:02 +0000 (16:46 +0200)]
fix whitespaces
Signed-off-by: Philipp Hufnagl <p.hufnagl@proxmox.com>
FG: removed hunks that changed alignment..
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Fri, 4 Aug 2023 11:44:22 +0000 (13:44 +0200)]
download file from url: improve cleanup
don't attempt cleanup if temp files don't exist (anymore, or not yet).
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Fri, 4 Aug 2023 10:50:40 +0000 (12:50 +0200)]
download file from url: simplify error handling
the top-level error handling ensures the temporary downloaded file gets
removed in case of an error, so there is no need to also handle that when
decompression fails..
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Fri, 4 Aug 2023 10:48:23 +0000 (12:48 +0200)]
download file from url: fix indentation
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Philipp Hufnagl [Tue, 1 Aug 2023 14:46:01 +0000 (16:46 +0200)]
fix #4849: download file from url: add opt parameter for a decompression command
Signed-off-by: Philipp Hufnagl <p.hufnagl@proxmox.com>
Wolfgang Bumiller [Mon, 24 Jul 2023 09:56:11 +0000 (11:56 +0200)]
bump version to 8.0.7
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Lukas Wagner [Thu, 20 Jul 2023 14:32:07 +0000 (16:32 +0200)]
JSONSchema: increase maxLength of config-digest to 64
The new notification backend is implemented in Rust where we use SHA256
for config digests.
Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
Thomas Lamprecht [Sat, 1 Jul 2023 17:24:12 +0000 (19:24 +0200)]
bump version to 8.0.6
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Sat, 1 Jul 2023 15:00:12 +0000 (17:00 +0200)]
run with timeout: return if timeout happened in list context
This can be relevant info do differentiate if an undef return value
happened due to the closure returning it or if it happened due to a
timeout.
While for quite a few cases this could be handled by a
variable captured by the passed closure code reference, acting as
messenger, that might often require needless wrapping.
Also run_fork_with_timeout warned errors of execution, but any such
error handling for an actual timeout is better handled at the call
site, as a context-less "got timeout" at STDERR or journal is really
not helpful.
I checked all call sites of both, run_fork_with_timeout and
run_with_timeout most do not use the result at all, and the ones that
do are in scalar context.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 26 Jun 2023 12:15:37 +0000 (14:15 +0200)]
network: cope with non-existing interfaces config
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Sat, 17 Jun 2023 11:58:27 +0000 (13:58 +0200)]
bump version to 8.0.5
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Sat, 17 Jun 2023 11:52:25 +0000 (13:52 +0200)]
api dump: ignore proxyto_callback code refs
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Sat, 17 Jun 2023 11:51:09 +0000 (13:51 +0200)]
rest handler: group and sort use statements
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Fri, 16 Jun 2023 08:29:23 +0000 (10:29 +0200)]
bump version to 8.0.4
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Fiona Ebner [Fri, 16 Jun 2023 07:35:37 +0000 (09:35 +0200)]
schema: explicitly set min/max for vmid option
The associated pve_verify_vmid() method already restricts the value
to this range, but this wouldn't be visible in the API viewer for
example [0].
The verify method is also called by qemu-server's qmextract, so it's
not possible to just drop the method right now.
[0]: https://forum.proxmox.com/threads/128845/post-564526
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Dominik Csapak [Thu, 15 Jun 2023 12:36:43 +0000 (14:36 +0200)]
fix #4778: fix boolean type check for json parameters over the api
if a real json boolean is sent via the api, $value is a
JSON::PP::Boolean here instead of a string/scalar
so we should validate that too
the $value itself can be used normally in conditions like
----
if ($value) {
----
if the value is stringified, the result is either '1' or '0' so even if
we have some explicit checks like that it should not make a problem
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Fiona Ebner [Wed, 14 Jun 2023 13:05:58 +0000 (15:05 +0200)]
syslog: interpret priority level 'warn' correctly
There are some use sites, e.g. HA manager, pvescheduler that
incorrectly use priority level 'warn'. Likely because that is allowed
for some other log helpers in the codebase. Instead of fixing them all
one-by-one, simply allow 'warn' as a priority too.
Suggested-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Friedrich Weber [Tue, 13 Jun 2023 13:04:25 +0000 (15:04 +0200)]
ldap: fail authentication if dn is empty
This fixes an issue with LDAP servers that accept anonymous binds with
a non-empty password: If a user exists in the PVE LDAP realm, but PVE
cannot find the corresponding LDAP entry during login, they could log
in with any non-empty password.
This issue affects only LDAP realms. AD realms are not affected
because they perform no username->dn mapping.
At least the following LDAP server configurations seem to accept a
bind with empty DN and non-empty password and are affected:
* OpenLDAP with anonymous binds and the non-default setting
`olcAllows: bind_anon_cred` enabled.
* AD (when used in an LDAP realm instead of an AD realm). However, for
the issue to trigger, the LDAP search for the username->dn mapping
has to succeed but return zero results. This can happen, for
example, if the LDAP realm has (1) a bind DN set or (2) no bind DN
set and AD was manually configured to allow anonymous LDAP searches
for user entries.
The situation that a user exists in the PVE realm but is missing in
the LDAP directory can occur, for example, (1) if the user was created
manually or (2) if the LDAP entry is deleted or the base DN is
changed, but the LDAP realm has not been re-synced with
remove-vanished.
The username->dn mapping is performed by `get_user_dn`, which performs
an LDAP search. If the LDAP search for the user entry succeeds but
returns zero results (e.g. if the entry does not exist), `get_user_dn`
returns undef. Then, `auth_user_dn` is called with $dn being undef and
the user-provided $pw and performs an LDAP simple bind with these
credentials. If $pw is empty, Net::LDAP throws an error, but if it is
non-empty, it performs an LDAP bind with an empty DN and the password
provided by the user. If the LDAP server accepts this bind, the user
is logged in.
To fix this, `auth_user_dn` now dies/returns (depending on the $noerr
parameter) if the dn is falsy, which is the case for undef and the
empty string.
The issue was originally reported by forum user ITKR [0].
[0] https://forum.proxmox.com/threads/128788/
Suggested-by: Dominik Csapak <d.csapak@proxmox.com>
Suggested-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Friedrich Weber <f.weber@proxmox.com>
Thomas Lamprecht [Tue, 13 Jun 2023 05:12:06 +0000 (07:12 +0200)]
read firstline: only map ENOENT to undef, raise error otherwise
Errors like permission denied or I/O ones should bubble up, otherwise
it might hide serious issues and seemingly continue to work, with a
wrong state or the like.
One could argue that the case for not existent should return undef,
while an empty file should return an empty string, but for that we
might want to check all use-sites first.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Wolfgang Bumiller [Wed, 7 Jun 2023 11:53:25 +0000 (13:53 +0200)]
bump version to 8.0.3
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Wed, 7 Jun 2023 11:53:20 +0000 (13:53 +0200)]
d/control: break qemu-server <<8.0.1 and geust-common <<5.0.1
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Dominik Csapak [Tue, 6 Jun 2023 13:08:47 +0000 (15:08 +0200)]
JSONSchema: disable '-alist' format
this should not be needed anymore since we can now use a simple array
in the api instead
Acked-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Dominik Csapak [Tue, 6 Jun 2023 13:08:46 +0000 (15:08 +0200)]
section config: implement array support
enables section configs in the style of:
----
type: id
property value
property value2
property value3
----
can be combined with property strings
the provided create and update schema just pass through the array type
to the api, so the api call must always contain the complete array
also adds a test case for such array fields
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Wolfgang Bumiller [Wed, 7 Jun 2023 11:12:27 +0000 (13:12 +0200)]
bump version to 8.0.2
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Dominik Csapak [Tue, 6 Jun 2023 13:08:45 +0000 (15:08 +0200)]
JSONSchema: add support for array parameter in api calls, cli and config
a few things were missing for it to work:
* on the cli, we have to get the option as an array if the type is an
array
* the untainting must be done recursively, otherwise, the regex matching
converts an array hash into the string 'ARRAY(0x123412341234)'
* JSONSchema::parse_config did not handle array formats specially, but
we want to allow to specify them multiple time
* the biggest point: in the RESTHandler, to be compatible with the
current gui behavior, we have to rewrite two parameter types:
- when the api defines a '-list' format for a string type, but we get
a list (because of the changes in http-server), we join the list
with a comma into a string
- when the api defines an 'array' type, but we get a scalar value,
wrap the value in an array (because for www-form-urlencoded, you
cannot send an array with a single value) add tests for this
behavior, some of which we want to deprecate and remove in the
future
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Stefan Hanreich [Wed, 29 Mar 2023 12:34:33 +0000 (14:34 +0200)]
json schema: improve description of bwlimit parameter
This makes the description consistent with the other places that
have bwlimit as a parameter as well.
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
Wolfgang Bumiller [Mon, 5 Jun 2023 09:54:51 +0000 (11:54 +0200)]
remove unused SysFSTools::pci_cleanup_mdev_device
its use was dropped with qemu-server 7.2-7 which we already
have a 'Breaks' entry for, so no bump required there
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Thomas Lamprecht [Fri, 19 May 2023 12:39:09 +0000 (14:39 +0200)]
bump version to 8.0.1
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Fiona Ebner [Fri, 19 May 2023 09:18:16 +0000 (11:18 +0200)]
d/control: record dependency on libanyevent-perl
It's not just a build-dependency. Noticed during an sbuild of
qemu-server that would fail with, because it couldn't locate the
AnyEvent module used in RESTEnvironment.pm.
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Thomas Lamprecht [Wed, 17 May 2023 08:23:20 +0000 (10:23 +0200)]
cli usage: remove extra newlines before descriptions
Reduce wasting vertical space for both, the command description and
the property description, just print the respective text at the next
line, with no extra empty line in between.
For better visual command separation color would help more.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Wed, 17 May 2023 07:15:16 +0000 (09:15 +0200)]
cli handler/formatter: small indendation clean-up
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Wed, 17 May 2023 06:50:37 +0000 (08:50 +0200)]
makefile: convert to use simple parenthesis
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 8 May 2023 13:27:33 +0000 (15:27 +0200)]
bump version to 8.0.0
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 8 May 2023 13:26:42 +0000 (15:26 +0200)]
buildsys: derive upload dist automatically
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 8 May 2023 13:26:05 +0000 (15:26 +0200)]
buildsys: cleanup and expand clean target
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 8 May 2023 13:26:01 +0000 (15:26 +0200)]
buildsys: add sbuild target for convenience
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 8 May 2023 13:25:40 +0000 (15:25 +0200)]
buildsys: improve DSC generation
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 8 May 2023 13:16:25 +0000 (15:16 +0200)]
d/control: raise standards version compliance to 4.6.2
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 8 May 2023 13:13:15 +0000 (15:13 +0200)]
d/control: define compat level via build-depends and raise to 13
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Wed, 26 Apr 2023 10:23:29 +0000 (12:23 +0200)]
bump version to 7.4-1
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 17 Apr 2023 14:16:36 +0000 (16:16 +0200)]
cgroup: allow one to set the memory.high CGv2 knob too
will be used from our current only call site in pve-container.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 17 Apr 2023 14:15:59 +0000 (16:15 +0200)]
procfs tools: group and order use statements
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 17 Apr 2023 14:15:06 +0000 (16:15 +0200)]
memory info: add regex anchor to avoid false positives
if arcstat gets re-ordered or new field that includes 'size' gets
added at the top
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 17 Apr 2023 14:14:14 +0000 (16:14 +0200)]
memory info: avoid errors if ZFS arc stat cannot be read
E.g., if used in PMG and running on a kernel without ZFS.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Matthias Heiserer [Tue, 28 Mar 2023 12:49:26 +0000 (14:49 +0200)]
fix #1454: meminfo: also return arcsize
Signed-off-by: Matthias Heiserer <m.heiserer@proxmox.com>
Mira Limbeck [Fri, 31 Mar 2023 16:12:24 +0000 (18:12 +0200)]
cert: fix invalid CSR version
According to rfc2986 the only valid version is 0. No newer rfc changed
that.
See section 4.1:
https://www.rfc-editor.org/rfc/rfc2986#section-4.1
Manually verifying the CSR with openssl results in the following error:
```
$ openssl req -in bad.csr -text -noout
Certificate Request:
Data:
Version: Unknown (2)
```
Signed-off-by: Mira Limbeck <m.limbeck@proxmox.com>
Wolfgang Bumiller [Tue, 18 Apr 2023 07:27:02 +0000 (09:27 +0200)]
fix #4671: use O_DIRECTORY from Fcntl
on ARM this flag has a different value, let's not hardcode
it.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Thomas Lamprecht [Tue, 11 Apr 2023 14:18:10 +0000 (16:18 +0200)]
rest handler: minimize scope of no-strict-refs exemption
with a rough check and a slight amount of hope that nothing else in
the module dependent on turning that off for the whole module
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Tue, 11 Apr 2023 14:17:10 +0000 (16:17 +0200)]
various perl critic fixes
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Tue, 11 Apr 2023 13:09:20 +0000 (15:09 +0200)]
cli handler: contain no-stricture scope
to please perlcritic's highest severity level and as it makes just
sense to contain such things to the smallest possible scope.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Tue, 11 Apr 2023 13:08:29 +0000 (15:08 +0200)]
cli handler: fix "return" statement followed by "sort" critic
As that's undefined behavior if the containing sub is called in
scalar context.
https://metacpan.org/pod/Perl::Critic::Policy::Subroutines::ProhibitReturnSort
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Tue, 11 Apr 2023 12:49:59 +0000 (14:49 +0200)]
improve code style of exception helper module
fixes a perl critic lint against one-argument use of bless.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 27 Mar 2023 08:36:55 +0000 (10:36 +0200)]
bump version to 7.3-4
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dominik Csapak [Mon, 27 Mar 2023 08:26:32 +0000 (10:26 +0200)]
fix #4615: REST environment: improve AnyEvent detectíon in child cleanup
I assumed that the 'priv' and 'pub' RESTEnvironment types always
contained an AnyEvent eventloop, but this is actually not the case in
pvestatd and pvescheduler.
But it depended on the used model that AnyEvent used (and auto
detected) if this wrong assumption worked or not. With the
AnyEvent::Impl::Perl there weren't any problems and it seemingly
worked by accident, but when using AnyEvent::Impl::EV (which is
autodetected and used when libev-perl is installed) it interfered
with our SIG_CHLD handlers and only ever called them once. (Not clear
why this happens, maybe because AnyEvent is not setup correctly).
This patch uses $AnyEvent::MODEL as a detection instead since this is
`undef` until the first AnyEvent watcher is created, which should be
only the case where we really use AnyEvent, such as pveproxy and
pvedaemon.
Fixes: 6870afa ("RESTEnvironment: better SIGCHLD handling in AnyEvent event loop")
Link: https://lists.proxmox.com/pipermail/pve-devel/2023-March/056057.html
Suggested-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Thu, 16 Mar 2023 15:35:45 +0000 (16:35 +0100)]
bump version to 7.3-3
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Thu, 16 Mar 2023 15:18:48 +0000 (16:18 +0100)]
cli formatter: check data ref when printing array
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Fabian Grünbichler [Tue, 7 Mar 2023 10:50:18 +0000 (11:50 +0100)]
certificate: actually print openssl errors
print_errs (which is also called internally by die_now) will only
'warn' the collected error stack if the log level is set to tracing.
otherwise, it will just return the error message(s) corresponding to
the error stack as string.
while they are not always the most user-friendly ones, they do
provide additional context that might help to find out what is
actually causing a particular failure. both helpers here actually
provide a meaninful user friendly context (via $msg) as final line.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
[ T: resolve merge conflict due to dropped warn helper ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dominik Csapak [Tue, 17 Jan 2023 11:46:52 +0000 (12:46 +0100)]
section config: add helper for deleting keys from a entry
This is a pattern that can be found often in Proxmox VE's API stack,
so implement it centrally here for re-use.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dominik Csapak [Mon, 20 Feb 2023 10:08:28 +0000 (11:08 +0100)]
RESTEnvironment: better SIGCHLD handling in AnyEvent event loop
when we're in an API server that uses AnyEvent, we must postpone
the worker_reaper, since it calls 'active_workers' which might already
be called and then we're inside the lock twice (flocks are per process
for us, see PVE::Tools::lock_file)
This resulted in an error like this:
close (rename) atomic file '/var/log/pve/tasks/active' failed: No such file or directory
We use the fact that only 'pub' and 'priv' RESTEnvironment types are an
api server with anyevent. For other types we call it like before.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Thomas Lamprecht [Tue, 7 Mar 2023 17:31:58 +0000 (18:31 +0100)]
cert: avoid module-wide variable used only once
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Tue, 7 Mar 2023 17:21:05 +0000 (18:21 +0100)]
cert: check_pem: code reduction/cleanup
mainly by avoiding the useless intermediate variables
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Tue, 7 Mar 2023 17:17:43 +0000 (18:17 +0100)]
cert info: minimal code reduction
shorter and avoids variable are longer in scope than they're used too
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Tue, 7 Mar 2023 17:11:24 +0000 (18:11 +0100)]
cert: csr: sensible param default for warn helper, avoid early line breaks
If one sets a param hard-coded to the same vallue in all but one case
it often is a nicer to negate it and but it at the end.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Tue, 7 Mar 2023 17:06:26 +0000 (18:06 +0100)]
cert: drop single-use warn helper
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Tue, 7 Mar 2023 17:05:41 +0000 (18:05 +0100)]
cert: move trailing newline into die helper
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Tue, 7 Mar 2023 17:02:55 +0000 (18:02 +0100)]
cert: make die helper a private sub and fix code style on use
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Fabian Grünbichler [Tue, 7 Mar 2023 10:51:15 +0000 (11:51 +0100)]
certificate: add check_ prefix to cert/key match helper
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Max Carrara [Fri, 3 Mar 2023 17:57:03 +0000 (18:57 +0100)]
certificate: fix formatting and whitespace
Signed-off-by: Max Carrara <m.carrara@proxmox.com>