v0.15.0 — cert-fingerprint pinning on every surface
Cert-fingerprint pinning across all four Proxmox surfaces — and a distributable Debian package.
Pin any Proxmox backend Proximo talks to — PVE · PBS · PMG · PDM — by its exact certificate, the self-signed operator's answer to shipping a cluster CA. Every pin is wire-enforced and live-proven against real hardware.
Cert pinning (all four surfaces)
PROXIMO_FINGERPRINT(PVE),PROXIMO_PBS_FINGERPRINT,PROXIMO_PMG_FINGERPRINT,PROXIMO_PDM_FINGERPRINT— or thefingerprintfield in a target registry entry.- The pin replaces CA/hostname validation with an exact-certificate SHA-256 match, checked on the TLS handshake itself. A mismatch closes the socket before your token or credentials are ever sent.
- A pin alone is sufficient verification for a self-signed box; a garbled pin refuses loudly at startup. Accepts the colon-separated form the Proxmox GUI displays.
- Live-proven against real self-signed PVE 9.2, PBS 4.2, PMG 9.1, and PDM — matching pin connects, wrong pin refuses — in addition to synthetic-TLS unit tests.
- Honest limit: the check runs on the synchronous transport all four backends use; it is documented as sync-only (an async client would bypass it), and no async path touches a Proxmox backend today.
Debian package
- A buildable, tested
.deb(dh-virtualenv, self-contained venv,man proximo, passing autopkgtest,lintianclean aside from three unfixable pre-stripped-wheel tags). Not distributed anywhere yet — build your own fromdebian/; rough edges are listed honestly indebian/README.Debian.
Under the hood
- The version drift gate now guards the man page and Debian changelog too, and auto-bumps the man-page stamp on release — so packaging version staleness can't recur.
No breaking changes. Suite 5,197 green (3 by-design skips), ruff + pyright clean. Full detail in CHANGELOG.md.