Re: [libvirt] [PATCH] Fix virt-pki-validate's determination of CN

On 04/29/2010 03:20 PM, Dustin Kirkland wrote: Thanks for the details - that extra bit of information in the commit log makes it much easier to justify the new sed expression. I'd be glad to help out - open source is all about sharing experience and learning from others. We're after sed's grouping command, {}. For maximum portability, POSIX 2001 says that the { and } must be on lines of their own (I think POSIX 2008 tried to relax that, but at least busybox took POSIX 2001 at their word and rejects one-liner groups even though the POSIX wording appears to be a mistake since historical Unix sed always supported one-liner groups). But since multi-line commands interrupt the flow of a shell pipeline command, it becomes easier to do it in two stages. Also, .* is greedy, so you can simplify ^.* or .*$ to the shorter .* and get the same result. sed_find_issuer='/Issuer:/ { s/.*Issuer:.*CN=// s/,.*// p }' ORG=`$CERTOOL -i --infile $CA/cacert.pem | sed -n "$sed_find_issuer"` I wrote the above with minimal testing (basically, I got "example.com CA" from your Ubuntu example, and "Red Hat Emerging Technologies" from your Red Hat example), so I would appreciate if you could try it as well. I'll also reply to this message with the above in actual patch form. -- Eric Blake eblake(a)redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org