[libvirt] [PATCH] portability fixes to tools/virt-pki-validate.in
portability fixes to tools/virt-pki-validate.in A few fixes will help make tools/virt-pki-validate.in useful on Debian and Ubuntu. And one fix should be useful to everyone (see #4). 1) note our gnutls-bin package (in addition to your gnutls-utils package) in the no-certtool error text 2) adjust the ORG-setting sed regular expressions to work with both Red Hat and Ubuntu style cacert.pem Issuer format 3) fix a bashism, == should be = in the case where /bin/sh is a symlink to dash 4) $(SYSCONFDIR) cannot evaluate; set a single shell SYSCONFDIR variable to the autoconf @SYSCONFDIR@ value, and use $SYSCONFDIR everywhere This was tested against gnutls 2.8.5. And against both Red Hat and Ubuntu cacert.pem files. Credit Jamie Strandboge with the regular expression changes. Bug report: * https://bugs.edge.launchpad.net/ubuntu/+source/libvirt/+bug/562266 Signed-off-by: Dustin Kirkland <kirkland@canonical.com> diff --git a/tools/virt-pki-validate.in b/tools/virt-pki-validate.in index ee7b79d..d335997 100755 --- a/tools/virt-pki-validate.in +++ b/tools/virt-pki-validate.in @@ -16,8 +16,8 @@ PORT=16514 CERTOOL=`which certtool 2>/dev/null` if [ ! -x $CERTOOL ] then - echo Could not locate the certtool program - echo make sure the gnutls-utils package is installed + echo "Could not locate the certtool program" + echo "make sure the gnutls-utils (or gnutls-bin) package is installed" exit 1 fi echo Found $CERTOOL @@ -25,7 +25,8 @@ echo Found $CERTOOL # # Check the directory structure # -PKI="@SYSCONFDIR@/pki" +SYSCONFDIR="@SYSCONFDIR@" +PKI="$SYSCONFDIR/pki" if [ ! -d $PKI ] then echo the $PKI directory is missing, it is usually @@ -129,8 +130,8 @@ then echo "as root do: chmod 644 $CA/cacert.pem" exit 1 fi -ORG=`$CERTOOL -i --infile $CA/cacert.pem | grep Issuer | sed 's+Issuer: CN=++'` -if [ "$ORG" == "" ] +ORG=`$CERTOOL -i --infile $CA/cacert.pem | grep Issuer | sed -e 's+\s*Issuer: .*CN=++' -e 's+,EMAIL=.*++'` +if [ "$ORG" = "" ] then echo the CA certificate $CA/cacert.pem does not define the organization echo it should probably regenerated @@ -240,19 +241,19 @@ fi if [ "$SERVER" = "1" ] then - if [ -r $(SYSCONFDIR)/sysconfig/libvirtd ] + if [ -r $SYSCONFDIR/sysconfig/libvirtd ] then - if [ "`grep '^LIBVIRTD_ARGS' $(SYSCONFDIR)/sysconfig/libvirtd | grep -- '--listen'`" = "" ] + if [ "`grep '^LIBVIRTD_ARGS' $SYSCONFDIR/sysconfig/libvirtd | grep -- '--listen'`" = "" ] then - echo Make sure $(SYSCONFDIR)/sysconfig/libvirtd is setup to listen to + echo Make sure $SYSCONFDIR/sysconfig/libvirtd is setup to listen to echo TCP/IP connections and restart the libvirtd service fi fi - if [ -r $(SYSCONFDIR)/sysconfig/iptables ] + if [ -r $SYSCONFDIR/sysconfig/iptables ] then - if [ "`grep $PORT $(SYSCONFDIR)/sysconfig/iptables`" = "" ] + if [ "`grep $PORT $SYSCONFDIR/sysconfig/iptables`" = "" ] then - echo Make sure $(SYSCONFDIR)/sysconfig/iptables is setup to allow + echo Make sure $SYSCONFDIR/sysconfig/iptables is setup to allow echo incoming TCP/IP connections on port $PORT and echo restart the iptables service fi
On 04/21/2010 03:00 PM, Dustin Kirkland wrote:
portability fixes to tools/virt-pki-validate.in
A few fixes will help make tools/virt-pki-validate.in useful on Debian and Ubuntu. And one fix should be useful to everyone (see #4).
1) note our gnutls-bin package (in addition to your gnutls-utils package) in the no-certtool error text
2) adjust the ORG-setting sed regular expressions to work with both Red Hat and Ubuntu style cacert.pem Issuer format
I'm not very qualified to speak on 1 or 2...
3) fix a bashism, == should be = in the case where /bin/sh is a symlink to dash
But 3 is a definite bug worth fixing.
4) $(SYSCONFDIR) cannot evaluate; set a single shell SYSCONFDIR variable to the autoconf @SYSCONFDIR@ value, and use $SYSCONFDIR everywhere
As is 4.
@@ -129,8 +130,8 @@ then echo "as root do: chmod 644 $CA/cacert.pem" exit 1 fi -ORG=`$CERTOOL -i --infile $CA/cacert.pem | grep Issuer | sed 's+Issuer: CN=++'` -if [ "$ORG" == "" ] +ORG=`$CERTOOL -i --infile $CA/cacert.pem | grep Issuer | sed -e 's+\s*Issuer: .*CN=++' -e 's+,EMAIL=.*++'`
I tend to cringe at 'grep | sed', since pretty much anything you can do with grep can be subsumed into sed for one less process: ORG=`$CERTOOL ... | sed '/Issuer/ s+...++'` Not that it was your bug, but we might as well fix it while we are here.
if [ "$SERVER" = "1" ] then - if [ -r $(SYSCONFDIR)/sysconfig/libvirtd ] + if [ -r $SYSCONFDIR/sysconfig/libvirtd ]
To be safe, we need quoting: [ -r "$SYSCONFDIR/sysconfig/libvirtd" ] (multiple instances). -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org
On Wed, 2010-04-21 at 15:22 -0600, Eric Blake wrote:
On 04/21/2010 03:00 PM, Dustin Kirkland wrote:
portability fixes to tools/virt-pki-validate.in
A few fixes will help make tools/virt-pki-validate.in useful on Debian and Ubuntu. And one fix should be useful to everyone (see #4).
1) note our gnutls-bin package (in addition to your gnutls-utils package) in the no-certtool error text
2) adjust the ORG-setting sed regular expressions to work with both Red Hat and Ubuntu style cacert.pem Issuer format
I'm not very qualified to speak on 1 or 2...
3) fix a bashism, == should be = in the case where /bin/sh is a symlink to dash
But 3 is a definite bug worth fixing.
4) $(SYSCONFDIR) cannot evaluate; set a single shell SYSCONFDIR variable to the autoconf @SYSCONFDIR@ value, and use $SYSCONFDIR everywhere
As is 4.
@@ -129,8 +130,8 @@ then echo "as root do: chmod 644 $CA/cacert.pem" exit 1 fi -ORG=`$CERTOOL -i --infile $CA/cacert.pem | grep Issuer | sed 's+Issuer: CN=++'` -if [ "$ORG" == "" ] +ORG=`$CERTOOL -i --infile $CA/cacert.pem | grep Issuer | sed -e 's+\s*Issuer: .*CN=++' -e 's+,EMAIL=.*++'`
I tend to cringe at 'grep | sed', since pretty much anything you can do with grep can be subsumed into sed for one less process:
ORG=`$CERTOOL ... | sed '/Issuer/ s+...++'`
Not that it was your bug, but we might as well fix it while we are here.
if [ "$SERVER" = "1" ] then - if [ -r $(SYSCONFDIR)/sysconfig/libvirtd ] + if [ -r $SYSCONFDIR/sysconfig/libvirtd ]
To be safe, we need quoting: [ -r "$SYSCONFDIR/sysconfig/libvirtd" ] (multiple instances).
As for the grep|sed, I agree that's not ideal. But look at the use of grep in that script and you'll find a several poor assumptions and suboptimal implementations. That said, my goal here is a minimal patch that gets this script functional. I can't see how its functional at all with the $(SYSCONFDIR) syntax. Updated patch below, with quoting. You can use the previous changelog message. Thanks! Signed-off-by: Dustin Kirkland <kirkland@canonical.com> diff --git a/tools/virt-pki-validate.in b/tools/virt-pki-validate.in index ee7b79d..1d46434 100755 --- a/tools/virt-pki-validate.in +++ b/tools/virt-pki-validate.in @@ -16,8 +16,8 @@ PORT=16514 CERTOOL=`which certtool 2>/dev/null` if [ ! -x $CERTOOL ] then - echo Could not locate the certtool program - echo make sure the gnutls-utils package is installed + echo "Could not locate the certtool program" + echo "make sure the gnutls-utils (or gnutls-bin) package is installed" exit 1 fi echo Found $CERTOOL @@ -25,7 +25,8 @@ echo Found $CERTOOL # # Check the directory structure # -PKI="@SYSCONFDIR@/pki" +SYSCONFDIR="@SYSCONFDIR@" +PKI="$SYSCONFDIR/pki" if [ ! -d $PKI ] then echo the $PKI directory is missing, it is usually @@ -129,8 +130,8 @@ then echo "as root do: chmod 644 $CA/cacert.pem" exit 1 fi -ORG=`$CERTOOL -i --infile $CA/cacert.pem | grep Issuer | sed 's+Issuer: CN=++'` -if [ "$ORG" == "" ] +ORG=`$CERTOOL -i --infile $CA/cacert.pem | grep Issuer | sed -e 's+\s*Issuer: .*CN=++' -e 's+,EMAIL=.*++'` +if [ "$ORG" = "" ] then echo the CA certificate $CA/cacert.pem does not define the organization echo it should probably regenerated @@ -240,19 +241,19 @@ fi if [ "$SERVER" = "1" ] then - if [ -r $(SYSCONFDIR)/sysconfig/libvirtd ] + if [ -r "$SYSCONFDIR"/sysconfig/libvirtd ] then - if [ "`grep '^LIBVIRTD_ARGS' $(SYSCONFDIR)/sysconfig/libvirtd | grep -- '--listen'`" = "" ] + if ! grep -qs "^LIBVIRTD_ARGS.*--listen" "$SYSCONFDIR"/sysconfig/libvirtd then - echo Make sure $(SYSCONFDIR)/sysconfig/libvirtd is setup to listen to + echo Make sure "$SYSCONFDIR"/sysconfig/libvirtd is setup to listen to echo TCP/IP connections and restart the libvirtd service fi fi - if [ -r $(SYSCONFDIR)/sysconfig/iptables ] + if [ -r "$SYSCONFDIR"/sysconfig/iptables ] then - if [ "`grep $PORT $(SYSCONFDIR)/sysconfig/iptables`" = "" ] + if ! grep -qs $PORT "$SYSCONFDIR"/sysconfig/iptables then - echo Make sure $(SYSCONFDIR)/sysconfig/iptables is setup to allow + echo Make sure "$SYSCONFDIR"/sysconfig/iptables is setup to allow echo incoming TCP/IP connections on port $PORT and echo restart the iptables service fi
On 04/21/2010 03:52 PM, Dustin Kirkland wrote:
-ORG=`$CERTOOL -i --infile $CA/cacert.pem | grep Issuer | sed 's+Issuer: CN=++'` -if [ "$ORG" == "" ] +ORG=`$CERTOOL -i --infile $CA/cacert.pem | grep Issuer | sed -e 's+\s*Issuer: .*CN=++' -e 's+,EMAIL=.*++'`
Using \s in sed is not portable; I'm not even sure what it was supposed to match to help rewrite it to something in POSIX, since I don't see it documented in 'info sed'.
- if [ "`grep '^LIBVIRTD_ARGS' $(SYSCONFDIR)/sysconfig/libvirtd | grep -- '--listen'`" = "" ] + if ! grep -qs "^LIBVIRTD_ARGS.*--listen" "$SYSCONFDIR"/sysconfig/libvirtd
'if !' is not portable to Solaris /bin/sh. And 'grep -qs' is not portable. A better rewrite would be: if grep "^LIBVIRTD_ARGS.*--listen" "$SYSCONFDIR"/sysconfig/libvirtd \ >/dev/null 2>&1 ; then : else echo ... fi
- if [ "`grep $PORT $(SYSCONFDIR)/sysconfig/iptables`" = "" ] + if ! grep -qs $PORT "$SYSCONFDIR"/sysconfig/iptables
Likewise: if grep $PORT "$SYSCONFDIR"/sysconfig/iptables >/dev/null 2>&1 ; then : else echo ... fi -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org
From: Dustin Kirkland <kirkland@canonical.com> A few fixes will help make tools/virt-pki-validate.in useful on Debian and Ubuntu. And one fix should be useful to everyone (see #3). 1) note our gnutls-bin package (in addition to your gnutls-utils package) in the no-certtool error text 2) fix a bashism, == should be = in the case where /bin/sh is a symlink to dash 3) $(SYSCONFDIR) cannot evaluate; set a single shell SYSCONFDIR variable to the autoconf @SYSCONFDIR@ value, and use $SYSCONFDIR everywhere Bug report: * https://bugs.edge.launchpad.net/ubuntu/+source/libvirt/+bug/562266 Signed-off-by: Dustin Kirkland <kirkland@canonical.com> Signed-off-by: Eric Blake <eblake@redhat.com> --- The following is the uncontroversial parts (at least, IMO) of your patch; leaving only the change for the regexp, which should be in a separate patch anyways. tools/virt-pki-validate.in | 28 +++++++++++++++++----------- 1 files changed, 17 insertions(+), 11 deletions(-) diff --git a/tools/virt-pki-validate.in b/tools/virt-pki-validate.in index ee7b79d..64579b0 100755 --- a/tools/virt-pki-validate.in +++ b/tools/virt-pki-validate.in @@ -16,8 +16,8 @@ PORT=16514 CERTOOL=`which certtool 2>/dev/null` if [ ! -x $CERTOOL ] then - echo Could not locate the certtool program - echo make sure the gnutls-utils package is installed + echo "Could not locate the certtool program" + echo "make sure the gnutls-utils (or gnutls-bin) package is installed" exit 1 fi echo Found $CERTOOL @@ -25,7 +25,8 @@ echo Found $CERTOOL # # Check the directory structure # -PKI="@SYSCONFDIR@/pki" +SYSCONFDIR="@SYSCONFDIR@" +PKI="$SYSCONFDIR/pki" if [ ! -d $PKI ] then echo the $PKI directory is missing, it is usually @@ -129,8 +130,8 @@ then echo "as root do: chmod 644 $CA/cacert.pem" exit 1 fi -ORG=`$CERTOOL -i --infile $CA/cacert.pem | grep Issuer | sed 's+Issuer: CN=++'` -if [ "$ORG" == "" ] +ORG=`$CERTOOL -i --infile $CA/cacert.pem | sed -n '/Issuer/ s+Issuer: CN=++p'` +if [ "$ORG" = "" ] then echo the CA certificate $CA/cacert.pem does not define the organization echo it should probably regenerated @@ -240,19 +241,24 @@ fi if [ "$SERVER" = "1" ] then - if [ -r $(SYSCONFDIR)/sysconfig/libvirtd ] + if [ -r "$SYSCONFDIR"/sysconfig/libvirtd ] then - if [ "`grep '^LIBVIRTD_ARGS' $(SYSCONFDIR)/sysconfig/libvirtd | grep -- '--listen'`" = "" ] + if grep "^LIBVIRTD_ARGS.*--listen" "$SYSCONFDIR"/sysconfig/libvirtd \ + >/dev/null 2>&1 then - echo Make sure $(SYSCONFDIR)/sysconfig/libvirtd is setup to listen to + : + else + echo Make sure "$SYSCONFDIR"/sysconfig/libvirtd is setup to listen to echo TCP/IP connections and restart the libvirtd service fi fi - if [ -r $(SYSCONFDIR)/sysconfig/iptables ] + if [ -r "$SYSCONFDIR"/sysconfig/iptables ] then - if [ "`grep $PORT $(SYSCONFDIR)/sysconfig/iptables`" = "" ] + if grep $PORT "$SYSCONFDIR"/sysconfig/iptables >/dev/null 2>&1 then - echo Make sure $(SYSCONFDIR)/sysconfig/iptables is setup to allow + : + else + echo Make sure "$SYSCONFDIR"/sysconfig/iptables is setup to allow echo incoming TCP/IP connections on port $PORT and echo restart the iptables service fi -- 1.6.6.1
On Wed, Apr 21, 2010 at 05:09:31PM -0600, Eric Blake wrote:
From: Dustin Kirkland <kirkland@canonical.com>
A few fixes will help make tools/virt-pki-validate.in useful on Debian and Ubuntu. And one fix should be useful to everyone (see #3).
1) note our gnutls-bin package (in addition to your gnutls-utils package) in the no-certtool error text
2) fix a bashism, == should be = in the case where /bin/sh is a symlink to dash
3) $(SYSCONFDIR) cannot evaluate; set a single shell SYSCONFDIR variable to the autoconf @SYSCONFDIR@ value, and use $SYSCONFDIR everywhere
Bug report: * https://bugs.edge.launchpad.net/ubuntu/+source/libvirt/+bug/562266
Signed-off-by: Dustin Kirkland <kirkland@canonical.com> Signed-off-by: Eric Blake <eblake@redhat.com> ---
The following is the uncontroversial parts (at least, IMO) of your patch; leaving only the change for the regexp, which should be in a separate patch anyways.
tools/virt-pki-validate.in | 28 +++++++++++++++++----------- 1 files changed, 17 insertions(+), 11 deletions(-)
diff --git a/tools/virt-pki-validate.in b/tools/virt-pki-validate.in index ee7b79d..64579b0 100755 --- a/tools/virt-pki-validate.in +++ b/tools/virt-pki-validate.in @@ -16,8 +16,8 @@ PORT=16514 CERTOOL=`which certtool 2>/dev/null` if [ ! -x $CERTOOL ] then - echo Could not locate the certtool program - echo make sure the gnutls-utils package is installed + echo "Could not locate the certtool program" + echo "make sure the gnutls-utils (or gnutls-bin) package is installed" exit 1 fi echo Found $CERTOOL @@ -25,7 +25,8 @@ echo Found $CERTOOL # # Check the directory structure # -PKI="@SYSCONFDIR@/pki" +SYSCONFDIR="@SYSCONFDIR@" +PKI="$SYSCONFDIR/pki" if [ ! -d $PKI ] then echo the $PKI directory is missing, it is usually @@ -129,8 +130,8 @@ then echo "as root do: chmod 644 $CA/cacert.pem" exit 1 fi -ORG=`$CERTOOL -i --infile $CA/cacert.pem | grep Issuer | sed 's+Issuer: CN=++'` -if [ "$ORG" == "" ] +ORG=`$CERTOOL -i --infile $CA/cacert.pem | sed -n '/Issuer/ s+Issuer: CN=++p'` +if [ "$ORG" = "" ] then echo the CA certificate $CA/cacert.pem does not define the organization echo it should probably regenerated @@ -240,19 +241,24 @@ fi
if [ "$SERVER" = "1" ] then - if [ -r $(SYSCONFDIR)/sysconfig/libvirtd ] + if [ -r "$SYSCONFDIR"/sysconfig/libvirtd ] then - if [ "`grep '^LIBVIRTD_ARGS' $(SYSCONFDIR)/sysconfig/libvirtd | grep -- '--listen'`" = "" ] + if grep "^LIBVIRTD_ARGS.*--listen" "$SYSCONFDIR"/sysconfig/libvirtd \ + >/dev/null 2>&1 then - echo Make sure $(SYSCONFDIR)/sysconfig/libvirtd is setup to listen to + : + else + echo Make sure "$SYSCONFDIR"/sysconfig/libvirtd is setup to listen to echo TCP/IP connections and restart the libvirtd service fi fi - if [ -r $(SYSCONFDIR)/sysconfig/iptables ] + if [ -r "$SYSCONFDIR"/sysconfig/iptables ] then - if [ "`grep $PORT $(SYSCONFDIR)/sysconfig/iptables`" = "" ] + if grep $PORT "$SYSCONFDIR"/sysconfig/iptables >/dev/null 2>&1 then - echo Make sure $(SYSCONFDIR)/sysconfig/iptables is setup to allow + : + else + echo Make sure "$SYSCONFDIR"/sysconfig/iptables is setup to allow echo incoming TCP/IP connections on port $PORT and echo restart the iptables service fi
ACK, Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/
On 04/22/2010 05:53 AM, Daniel Veillard wrote:
On Wed, Apr 21, 2010 at 05:09:31PM -0600, Eric Blake wrote:
From: Dustin Kirkland <kirkland@canonical.com>
A few fixes will help make tools/virt-pki-validate.in useful on Debian and Ubuntu. And one fix should be useful to everyone (see #3).
ACK,
Thanks; applied, along with the whitespace cleanup. That still leaves Dustin to resubmit the regex fixup as a separate patch. -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org
participants (3)
-
Daniel Veillard -
Dustin Kirkland -
Eric Blake