[libvirt] [PATCH] portability fixes to tools/virt-pki-validate.in

Dustin Kirkland kirkland at canonical.com
Wed Apr 21 21:52:10 UTC 2010


On Wed, 2010-04-21 at 15:22 -0600, Eric Blake wrote:
> On 04/21/2010 03:00 PM, Dustin Kirkland wrote:
> > portability fixes to tools/virt-pki-validate.in
> > 
> > A few fixes will help make tools/virt-pki-validate.in useful on Debian
> > and Ubuntu.  And one fix should be useful to everyone (see #4).
> > 
> >  1) note our gnutls-bin package (in addition to your gnutls-utils
> > package) in the no-certtool error text
> > 
> >  2) adjust the ORG-setting sed regular expressions to work with both Red
> > Hat and Ubuntu style cacert.pem Issuer format
> 
> I'm not very qualified to speak on 1 or 2...
> 
> > 
> >  3) fix a bashism, == should be = in the case where /bin/sh is a symlink
> > to dash
> 
> But 3 is a definite bug worth fixing.
> 
> > 
> >  4) $(SYSCONFDIR) cannot evaluate; set a single shell SYSCONFDIR
> > variable to the autoconf @SYSCONFDIR@ value, and use $SYSCONFDIR
> > everywhere
> 
> As is 4.
> 
> > @@ -129,8 +130,8 @@ then
> >      echo "as root do: chmod 644 $CA/cacert.pem"
> >      exit 1
> >  fi
> > -ORG=`$CERTOOL -i --infile $CA/cacert.pem | grep Issuer | sed 's+Issuer: CN=++'`
> > -if [ "$ORG" == "" ]
> > +ORG=`$CERTOOL -i --infile $CA/cacert.pem | grep Issuer | sed -e 's+\s*Issuer: .*CN=++' -e 's+,EMAIL=.*++'`
> 
> I tend to cringe at 'grep | sed', since pretty much anything you can do
> with grep can be subsumed into sed for one less process:
> 
> ORG=`$CERTOOL ... | sed '/Issuer/ s+...++'`
> 
> Not that it was your bug, but we might as well fix it while we are here.
> 
> >  if [ "$SERVER" = "1" ]
> >  then
> > -    if [ -r $(SYSCONFDIR)/sysconfig/libvirtd ]
> > +    if [ -r $SYSCONFDIR/sysconfig/libvirtd ]
> 
> To be safe, we need quoting: [ -r "$SYSCONFDIR/sysconfig/libvirtd" ]
> (multiple instances).

As for the grep|sed, I agree that's not ideal.  But look at the use of
grep in that script and you'll find a several poor assumptions and
suboptimal implementations.  That said, my goal here is a minimal patch
that gets this script functional.  I can't see how its functional at all
with the $(SYSCONFDIR) syntax.

Updated patch below, with quoting.  You can use the previous changelog
message.  Thanks!

Signed-off-by: Dustin Kirkland <kirkland at canonical.com>

diff --git a/tools/virt-pki-validate.in b/tools/virt-pki-validate.in
index ee7b79d..1d46434 100755
--- a/tools/virt-pki-validate.in
+++ b/tools/virt-pki-validate.in
@@ -16,8 +16,8 @@ PORT=16514
 CERTOOL=`which certtool 2>/dev/null`
 if [ ! -x $CERTOOL ]
 then
-    echo Could not locate the certtool program
-    echo make sure the gnutls-utils package is installed
+    echo "Could not locate the certtool program"
+    echo "make sure the gnutls-utils (or gnutls-bin) package is installed"
     exit 1
 fi
 echo Found $CERTOOL
@@ -25,7 +25,8 @@ echo Found $CERTOOL
 #
 # Check the directory structure
 #
-PKI="@SYSCONFDIR@/pki"
+SYSCONFDIR="@SYSCONFDIR@"
+PKI="$SYSCONFDIR/pki"
 if [ ! -d $PKI ]
 then
     echo the $PKI directory is missing, it is usually
@@ -129,8 +130,8 @@ then
     echo "as root do: chmod 644 $CA/cacert.pem"
     exit 1
 fi
-ORG=`$CERTOOL -i --infile $CA/cacert.pem | grep Issuer | sed 's+Issuer: CN=++'`
-if [ "$ORG" == "" ]
+ORG=`$CERTOOL -i --infile $CA/cacert.pem | grep Issuer | sed -e 's+\s*Issuer: .*CN=++' -e 's+,EMAIL=.*++'`
+if [ "$ORG" = "" ]
 then
     echo the CA certificate $CA/cacert.pem does not define the organization
     echo it should probably regenerated
@@ -240,19 +241,19 @@ fi
 
 if [ "$SERVER" = "1" ]
 then
-    if [ -r $(SYSCONFDIR)/sysconfig/libvirtd ]
+    if [ -r "$SYSCONFDIR"/sysconfig/libvirtd ]
     then
-        if [ "`grep '^LIBVIRTD_ARGS' $(SYSCONFDIR)/sysconfig/libvirtd | grep -- '--listen'`" = "" ]
+        if ! grep -qs "^LIBVIRTD_ARGS.*--listen" "$SYSCONFDIR"/sysconfig/libvirtd
 	then
-	    echo Make sure $(SYSCONFDIR)/sysconfig/libvirtd is setup to listen to
+	    echo Make sure "$SYSCONFDIR"/sysconfig/libvirtd is setup to listen to
 	    echo TCP/IP connections and restart the libvirtd service
 	fi
     fi
-    if [ -r $(SYSCONFDIR)/sysconfig/iptables ]
+    if [ -r "$SYSCONFDIR"/sysconfig/iptables ]
     then
-        if [ "`grep $PORT $(SYSCONFDIR)/sysconfig/iptables`" = "" ]
+        if ! grep -qs $PORT "$SYSCONFDIR"/sysconfig/iptables
 	then
-	    echo Make sure $(SYSCONFDIR)/sysconfig/iptables is setup to allow
+	    echo Make sure "$SYSCONFDIR"/sysconfig/iptables is setup to allow
 	    echo incoming TCP/IP connections on port $PORT and
 	    echo restart the iptables service
 	fi

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20100421/ba2e831d/attachment-0001.sig>


More information about the libvir-list mailing list