[pve-devel] [PATCH common] JSONSchema: add fingerprint-sha256 standard option

Thomas Lamprecht t.lamprecht at proxmox.com
Mon Jan 8 07:40:31 CET 2018


On 12/28/17 12:08 PM, Wolfgang Bumiller wrote:
> On Wed, Dec 20, 2017 at 03:13:36PM +0100, Thomas Lamprecht wrote:
>> Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
>> ---
>>  src/PVE/JSONSchema.pm | 6 ++++++
>>  1 file changed, 6 insertions(+)
>>
>> diff --git a/src/PVE/JSONSchema.pm b/src/PVE/JSONSchema.pm
>> index 9c26184..2b646fd 100644
>> --- a/src/PVE/JSONSchema.pm
>> +++ b/src/PVE/JSONSchema.pm
>> @@ -99,6 +99,12 @@ register_standard_option('extra-args', {
>>      optional => 1
>>  });
>>  
>> +register_standard_option('fingerprint-sha256', {
>> +    description => "Certificate SHA 256 fingerprint.",
>> +    type => 'string',
>> +    pattern => '^(:?[A-Z0-9]{2}:){31}[A-Z0-9]{2}$',
> 
> Should be [A-F] rather than [A-Z].
> 

For sure, the format was copied from PMG ClusterConfig module [1] without
much looking, tbh.

> Should this not be case insensitive btw.?

We then need also a case insensitive comparison, no biggie but we could
also just enforce uppercase like most programs emit [2]?

On the other hand, it really does not costs much and may be a little more
user friendly, so I'll just add the case insensitive comparison.

> In new code I'd prefer qr// where you could just append /i. (Thought
> [A-Fa-f0-9] is also fine of course.)
> 
> Also note that patterns are always anchored anyway during verification,
> so no need for the ^ and $.
> 

OK, thanks for the review!

[1] https://git.proxmox.com/?p=pmg-api.git;a=blob;f=PMG/ClusterConfig.pm;h=af58d76573f41357d98ec3d204df4fa8411906c4;hb=4a314f20964efb1c8c8a75c255fed4b870b73f85#l70
[2] # openssl x509 -noout -in /etc/pve/local/pve-ssl.pem  -fingerprint -sha256


>> +});
>> +
>>  my $format_list = {};
>>  
>>  sub register_format {
>> -- 
>> 2.11.0





More information about the pve-devel mailing list