[pmg-devel] [PATCH pmg-api/pmg-gui v2] better handling of existing DKIM selector files

Stoiko Ivanov s.ivanov at proxmox.com
Tue Jan 14 19:31:33 CET 2020 

changes v1 -> v2:
* incorporated Dominik's suggested cleanups and improvments (Thanks!)
* while testing the results I noticed that the UX was a bit lacking
  (you could change the selector to an existing one, but had to type it in
  correctly) - This resulted in the second patches for both repositories,
  which yield a list of existing selectors, you can chose from (or create a
  new one) - again huge thanks to Domink for suggesting that way (and gently
  nudging me to a similar part of the pve gui for the javascript parts :)

The chosen API path for the new call to list all selectors is arguably a bit
close to the existing one ('selectors' vs. 'selector') but should we at some
point chose to implement a more flexibel selector <-> domain matching the
'selector' route would need to be deprecated (or renamed to default-selector)

I also started adding a GET call '/config/dkim/selectors/{selector}'
for this, but then noticed that it has nothing to do with this patch-series :)

Tested by installing a patched version on a fresh pmg-container and changing,
creating selectors and sending mails.

original cover-letter for reference:
This patchset addresses https://bugzilla.proxmox.com/show_bug.cgi?id=2504 .
Since simply overwriting an existing private key can lead to a rather long
interruption for working DKIM signatures (overwriting an existing selector,
for which many domains already have a DNS-record, means you need to replace
all those records and wait for DNS-TTLs) we should prevent users from doing
so without explicitly choosing it.

The sanity checks for existing files (does it contain an RSA key and does it
have the provided size) are inspired by Dominik - thanks!

The issue was initially brought up in the support forum:
https://forum.proxmox.com/threads/dkim-%C3%84ndern-des-selektors-f%C3%BChrt-zu-neugenerierung-des-private-keys.61187/#post-281366

pmg-api:
Stoiko Ivanov (1):
  fix #2504: do not overwrite existing selector key

 src/PMG/API2/DKIMSign.pm |  7 ++++++-
 src/PMG/DKIMSign.pm      | 23 ++++++++++++++++++-----
 2 files changed, 24 insertions(+), 6 deletions(-)

pmg-gui:
Stoiko Ivanov (1):
  fix #2504: add checkbox for overwriting selectors

 js/DKIMSettings.js | 8 ++++++++
 1 file changed, 8 insertions(+)

-- 
2.20.1


pmg-api:
Stoiko Ivanov (2):
  fix #2504: do not overwrite existing selector key
  dkim: add selector list api call

 src/PMG/API2/DKIMSign.pm | 45 +++++++++++++++++++++++++++++++++++++---
 src/PMG/DKIMSign.pm      | 23 +++++++++++++++-----
 2 files changed, 60 insertions(+), 8 deletions(-)

pmg-gui:
Stoiko Ivanov (2):
  fix #2504: add checkbox for overwriting selectors
  dkim: list all available selectors

 js/DKIMSettings.js | 44 ++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 40 insertions(+), 4 deletions(-)

-- 
2.20.1

More information about the pmg-devel mailing list