On 04/29/2010 03:20 PM, Dustin Kirkland wrote:
Fix virt-pki-validate's determination of CN
This patch is a follow-up to: cb06a9bfe529e64b15773cb86781ae14c09f8216 "portability fixes to tools/virt-pki-validate.in" addressing Eric Blake's concerns about the regular expression.
Ubuntu's gntls package generates an Issuer line that looks like this: Issuer: C=US,ST=NY,L=Rochester,O=example.com,CN=example.com CA,EMAIL=hostmaster@example.com
While Red Hat's looks like this Issuer: CN=Red Hat Emerging Technologies
Thanks for the details - that extra bit of information in the commit log makes it much easier to justify the new sed expression.
I know that Eric dislikes the leading grep. My apologies. I spent more time than I care to admit trying to get sed to select that one line, and then run two regexes against it. Feel free to correct this patch and educate me, if you have a better way. Thanks!
I'd be glad to help out - open source is all about sharing experience and learning from others. We're after sed's grouping command, {}. For maximum portability, POSIX 2001 says that the { and } must be on lines of their own (I think POSIX 2008 tried to relax that, but at least busybox took POSIX 2001 at their word and rejects one-liner groups even though the POSIX wording appears to be a mistake since historical Unix sed always supported one-liner groups). But since multi-line commands interrupt the flow of a shell pipeline command, it becomes easier to do it in two stages. Also, .* is greedy, so you can simplify ^.* or .*$ to the shorter .* and get the same result. sed_find_issuer='/Issuer:/ { s/.*Issuer:.*CN=// s/,.*// p }' ORG=`$CERTOOL -i --infile $CA/cacert.pem | sed -n "$sed_find_issuer"` I wrote the above with minimal testing (basically, I got "example.com CA" from your Ubuntu example, and "Red Hat Emerging Technologies" from your Red Hat example), so I would appreciate if you could try it as well. I'll also reply to this message with the above in actual patch form. -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org