[pmg-devel] [PATCH v3 api/gui/wtk/acme 0/many] Certificates & ACME

Wolfgang Bumiller w.bumiller at proxmox.com
Tue Mar 16 11:24:07 CET 2021

v3 incorporating feedback from v2:

* removed 'audit' api access for acme plugins
* Added a new patch for pve-common for a CLI arg parsing issue.
  (This one should be looked at more closely I think)
* Regenerate the self-signed cert when deleting the current one.
* Add missing $cfg->write() call
* fixed 'challengeschema/challenge-schema' path/name issue
* added a helper for account name/file extraction
  (but did keep the error messages for when the file is not there for now as
   atm it's a nicer error, can be removed in later patches)
* replace loadSSHKeyFromFile with loadTextFromFile

v2 cover letter:

v2 incorporating feedback from v1

* api call permission fixups on account methods
* consistent locking function implementations (without `die $@ if $@`)
* removed unnecessary call to `sort`
* cert regex simplification
* reload/config update code dedup & consistency
* removed superfluous `border: 0`
* inlined unnecessary `initComponent`

and also contains some PVE-compatibility fixes in the acme domain view:
widget toolkit side should now work seamlessly in the PVE UI code as

Original Coverletter:

These are the pmg-api, pmg-gui and proxmox-widget-toolkit and
proxmox-acme parts of the ACME series for PMG.

This requires `pmg-rs` package, which replaces the ACME client from
`proxmox-acme` and provides the CSR generation and is written in rust.
Note that the DNS challenge handling still uses proxmox-acme for now.

  * Just a `use` statement fixup
  * Still used for the DNS challenge

  Just adds the "certificate view", but the real dirt lives in the

  Gets the Certificate, ACME Account, ACME Plugin and ACME Domain view
  from PVE adapted to be usable for PMG.
  Changes to PVE are mainly:
    * API URLs need to be provided since they differ a bit between PVE
      and PMG.
    * some additional buttons/fields specific to pmg generated if the
      parameters for them are present

  Simply gets API entry points for the above. These too are mostly
  copied from PVE and adapted (also the ACME client API from pmg-rs is slightly
  different/cleaned up, so that's a minor incompatiblity in some
  otherwise common code, but a `pve-rs` may fix that). But some things
  could definitely already go to pve-common (especially schema stuff).

Note that while I did add the corresponding files to the cluster sync,
this still needs testing *and* issuing an API certificate may break
cluster functionality currently. (Stoiko is working on that)

More information about the pmg-devel mailing list