[libvirt] [PATCH] Fix virt-pki-validate's determination of CN
Eric Blake
eblake at redhat.com
Thu Apr 29 21:40:20 UTC 2010
On 04/29/2010 03:20 PM, Dustin Kirkland wrote:
> Fix virt-pki-validate's determination of CN
>
> This patch is a follow-up to:
> cb06a9bfe529e64b15773cb86781ae14c09f8216
> "portability fixes to tools/virt-pki-validate.in"
> addressing Eric Blake's concerns about the regular expression.
>
> Ubuntu's gntls package generates an Issuer line that looks like this:
> Issuer: C=US,ST=NY,L=Rochester,O=example.com,CN=example.com CA,EMAIL=hostmaster at example.com
>
> While Red Hat's looks like this
> Issuer: CN=Red Hat Emerging Technologies
Thanks for the details - that extra bit of information in the commit log
makes it much easier to justify the new sed expression.
> I know that Eric dislikes the leading grep. My apologies. I spent more
> time than I care to admit trying to get sed to select that one line, and
> then run two regexes against it. Feel free to correct this patch and
> educate me, if you have a better way. Thanks!
I'd be glad to help out - open source is all about sharing experience
and learning from others. We're after sed's grouping command, {}. For
maximum portability, POSIX 2001 says that the { and } must be on lines
of their own (I think POSIX 2008 tried to relax that, but at least
busybox took POSIX 2001 at their word and rejects one-liner groups even
though the POSIX wording appears to be a mistake since historical Unix
sed always supported one-liner groups). But since multi-line commands
interrupt the flow of a shell pipeline command, it becomes easier to do
it in two stages. Also, .* is greedy, so you can simplify ^.* or .*$ to
the shorter .* and get the same result.
sed_find_issuer='/Issuer:/ {
s/.*Issuer:.*CN=//
s/,.*//
p
}'
ORG=`$CERTOOL -i --infile $CA/cacert.pem | sed -n "$sed_find_issuer"`
I wrote the above with minimal testing (basically, I got "example.com
CA" from your Ubuntu example, and "Red Hat Emerging Technologies" from
your Red Hat example), so I would appreciate if you could try it as
well. I'll also reply to this message with the above in actual patch form.
--
Eric Blake eblake at redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 619 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20100429/3b000c1a/attachment-0001.sig>
More information about the libvir-list
mailing list