adapt to proxmox-subscription changes

key location is now in a single place, missing key and no signature is not fatal anymore. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2025-01-11 05:18:01 +03:00 · 2022-07-21 13:48:22 +02:00 · 2022-07-21 13:48:22 +02:00 · 68fda26787
commit 68fda26787
parent 5616dca6b7
5 changed files with 8 additions and 24 deletions
--- a/Cargo.toml
+++ b/Cargo.toml
@ -105,7 +105,7 @@ proxmox-time = "1.1.2"
 proxmox-uuid = "1"
 proxmox-serde = { version = "0.1.1", features = [ "serde_json" ] }
 proxmox-shared-memory = "0.2"
-proxmox-subscription = { version = "0.1", features = [ "api-types" ] }
+proxmox-subscription = { version = "0.2", features = [ "api-types" ] }
 proxmox-sys = { version = "0.3.1", features = [ "sortable-macro" ] }
 proxmox-compression = "0.1"

--- a/pbs-buildcfg/src/lib.rs
+++ b/pbs-buildcfg/src/lib.rs
@ -91,8 +91,6 @@ pub const PROXMOX_BACKUP_KERNEL_FN: &str =
    concat!(PROXMOX_BACKUP_FILE_RESTORE_BIN_DIR_M!(), "/bzImage");

 pub const PROXMOX_BACKUP_SUBSCRIPTION_FN: &str = configdir!("/subscription");
-pub const PROXMOX_BACKUP_SUBSCRIPTION_SIGNATURE_KEY_FN: &str =
-    "/usr/share/keyrings/proxmox-offline-signing-key.pub";

 /// Prepend configuration directory to a file name
 ///
--- a/src/api2/node/apt.rs
+++ b/src/api2/node/apt.rs
@ -258,7 +258,7 @@ fn apt_get_changelog(param: Value) -> Result<Value, Error> {
    } else if changelog_url.starts_with("https://enterprise.proxmox.com/") {
        let sub = match proxmox_subscription::files::read_subscription(
            PROXMOX_BACKUP_SUBSCRIPTION_FN,
-            &super::subscription::subscription_signature_key()?,
+            &[proxmox_subscription::files::DEFAULT_SIGNING_KEY],
        )? {
            Some(sub) => sub,
            None => {
--- a/src/api2/node/subscription.rs
+++ b/src/api2/node/subscription.rs
@ -5,7 +5,7 @@ use proxmox_http::client::{SimpleHttp, SimpleHttpOptions};
 use proxmox_router::{Permission, Router, RpcEnvironment};
 use proxmox_schema::api;
 use proxmox_subscription::{SubscriptionInfo, SubscriptionStatus};
-use proxmox_sys::fs::{file_get_contents, CreateOptions};
+use proxmox_sys::fs::CreateOptions;

 use pbs_api_types::{
    Authid, NODE_SCHEMA, PRIV_SYS_AUDIT, PRIV_SYS_MODIFY, SUBSCRIPTION_KEY_SCHEMA,
@ -14,7 +14,7 @@ use pbs_api_types::{
 use crate::config::node;
 use crate::tools::{DEFAULT_USER_AGENT_STRING, PROXMOX_BACKUP_TCP_KEEPALIVE_TIME};

-use pbs_buildcfg::{PROXMOX_BACKUP_SUBSCRIPTION_FN, PROXMOX_BACKUP_SUBSCRIPTION_SIGNATURE_KEY_FN};
+use pbs_buildcfg::PROXMOX_BACKUP_SUBSCRIPTION_FN;
 use pbs_config::CachedUserInfo;

 const PRODUCT_URL: &str = "https://www.proxmox.com/en/proxmox-backup-server/pricing";
@ -35,17 +35,6 @@ fn apt_auth_file_opts() -> CreateOptions {
    CreateOptions::new().perm(mode).owner(nix::unistd::ROOT)
 }

-pub fn subscription_signature_key() -> Result<openssl::pkey::PKey<openssl::pkey::Public>, Error> {
-    let key = file_get_contents(PROXMOX_BACKUP_SUBSCRIPTION_SIGNATURE_KEY_FN)?;
-    openssl::pkey::PKey::public_key_from_pem(&key).map_err(|err| {
-        format_err!(
-            "Failed parsing public key from '{}' - {}",
-            PROXMOX_BACKUP_SUBSCRIPTION_SIGNATURE_KEY_FN,
-            err
-        )
-    })
-}
-
 fn check_and_write_subscription(key: String, server_id: String) -> Result<(), Error> {
    let proxy_config = if let Ok((node_config, _digest)) = node::config() {
        node_config.http_proxy()
@ -105,7 +94,7 @@ fn check_and_write_subscription(key: String, server_id: String) -> Result<(), Er
 pub fn check_subscription(force: bool) -> Result<(), Error> {
    let mut info = match proxmox_subscription::files::read_subscription(
        PROXMOX_BACKUP_SUBSCRIPTION_FN,
-        &subscription_signature_key()?,
+        &[proxmox_subscription::files::DEFAULT_SIGNING_KEY],
    ) {
        Err(err) => bail!("could not read subscription status: {}", err),
        Ok(Some(info)) => info,
@ -162,7 +151,7 @@ pub fn get_subscription(
 ) -> Result<SubscriptionInfo, Error> {
    let info = match proxmox_subscription::files::read_subscription(
        PROXMOX_BACKUP_SUBSCRIPTION_FN,
-        &subscription_signature_key()?,
+        &[proxmox_subscription::files::DEFAULT_SIGNING_KEY],
    ) {
        Err(err) => bail!("could not read subscription status: {}", err),
        Ok(Some(info)) => info,
--- a/src/bin/proxmox_backup_manager/subscription.rs
+++ b/src/bin/proxmox_backup_manager/subscription.rs
@ -5,10 +5,7 @@ use proxmox_router::{cli::*, ApiHandler, RpcEnvironment};
 use proxmox_schema::api;
 use proxmox_subscription::SubscriptionInfo;

-use proxmox_backup::api2::{
-    self,
-    node::subscription::{subscription_file_opts, subscription_signature_key},
-};
+use proxmox_backup::api2::{self, node::subscription::subscription_file_opts};

 use pbs_buildcfg::PROXMOX_BACKUP_SUBSCRIPTION_FN;

@ -54,7 +51,7 @@ pub fn set_offline_subscription_key(data: String) -> Result<(), Error> {
    if !info.is_signed() {
        bail!("Offline subscription key must be signed!");
    }
-    info.check_signature(&subscription_signature_key()?);
+    info.check_signature(&[proxmox_subscription::files::DEFAULT_SIGNING_KEY]);
    info.check_age(false);
    info.check_server_id();
    proxmox_subscription::files::write_subscription(