On 04/29/2010 03:20 PM, Dustin Kirkland wrote: > Fix virt-pki-validate's determination of CN > > This patch is a follow-up to: > cb06a9bfe529e64b15773cb86781ae14c09f8216 > "portability fixes to tools/virt-pki-validate.in" > addressing Eric Blake's concerns about the regular expression. > > Ubuntu's gntls package generates an Issuer line that looks like this: > Issuer: C=US,ST=NY,L=Rochester,O=example.com,CN=example.com > CA,email=hostmas...@example.com > > While Red Hat's looks like this > Issuer: CN=Red Hat Emerging Technologies
Thanks for the details - that extra bit of information in the commit log makes it much easier to justify the new sed expression. > I know that Eric dislikes the leading grep. My apologies. I spent more > time than I care to admit trying to get sed to select that one line, and > then run two regexes against it. Feel free to correct this patch and > educate me, if you have a better way. Thanks! I'd be glad to help out - open source is all about sharing experience and learning from others. We're after sed's grouping command, {}. For maximum portability, POSIX 2001 says that the { and } must be on lines of their own (I think POSIX 2008 tried to relax that, but at least busybox took POSIX 2001 at their word and rejects one-liner groups even though the POSIX wording appears to be a mistake since historical Unix sed always supported one-liner groups). But since multi-line commands interrupt the flow of a shell pipeline command, it becomes easier to do it in two stages. Also, .* is greedy, so you can simplify ^.* or .*$ to the shorter .* and get the same result. sed_find_issuer='/Issuer:/ { s/.*Issuer:.*CN=// s/,.*// p }' ORG=`$CERTOOL -i --infile $CA/cacert.pem | sed -n "$sed_find_issuer"` I wrote the above with minimal testing (basically, I got "example.com CA" from your Ubuntu example, and "Red Hat Emerging Technologies" from your Red Hat example), so I would appreciate if you could try it as well. I'll also reply to this message with the above in actual patch form. -- Eric Blake ebl...@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list