[pve-devel] [PATCH v3 pve-common 38/66] JSONSchema: increase maxLength of config-digest to 64

Wolfgang Bumiller w.bumiller at proxmox.com
Wed Jul 19 14:49:32 CEST 2023


On Wed, Jul 19, 2023 at 02:41:17PM +0200, Fiona Ebner wrote:
> Am 17.07.23 um 17:00 schrieb Lukas Wagner:
> > The new notification backend is implemented in Rust where we use SHA256
> > for config digests.
> > 
> > Signed-off-by: Lukas Wagner <l.wagner at proxmox.com>
> > ---
> >  src/PVE/JSONSchema.pm | 7 +++++--
> >  1 file changed, 5 insertions(+), 2 deletions(-)
> > 
> > diff --git a/src/PVE/JSONSchema.pm b/src/PVE/JSONSchema.pm
> > index 7589bba..49e0d7a 100644
> > --- a/src/PVE/JSONSchema.pm
> > +++ b/src/PVE/JSONSchema.pm
> > @@ -93,10 +93,13 @@ register_standard_option('pve-bridge-id', {
> >  });
> >  
> >  register_standard_option('pve-config-digest', {
> > -    description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
> > +    description => 'Prevent changes if current configuration file has a different digest. '
> > +	. 'This can be used to prevent concurrent modifications.',
> 
> Should we instead create a separate standard option
> "pve-config-digest-sha256"? Then we can still clearly communicate which
> digest it is to users of the API (mostly ourselves for this one, but
> still). Might prevent some mix-up at some point in the future.

We could, but the current one is already only limited to a `maxLength`,
not an exact one, so we don't get proper verification errors here for
shorter strings either.
Also, theoretically we could bring all the digests up to sha256 over
time while supporting both as input in the API without having to update
API the schema of each call that starts supporting the newer one.





More information about the pve-devel mailing list