External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-11-03 11:51:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
f204cf5103
libvirt/tools/virt-pki-validate.in

323 lines
9.6 KiB
Plaintext
Raw Normal View History

* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
#!/bin/sh
#
# This shell script checks the TLS certificates and options needed
# for the secure client/server support of libvirt as documented at
Use https:// links for most sites This adds a rule to require https links for the libvirt, qemu and kvm websites. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-10-13 15:30:41 +00:00
# https://libvirt.org/remote.html#Remote_certificates
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
#
maint: use LGPL correctly Several files called out COPYING or COPYING.LIB instead of using the normal boilerplate. It's especially important that we don't call out COPYING from an LGPL file, since COPYING is traditionally used for the GPL. A few files were lacking copyright altogether. * src/rpc/gendispatch.pl: Add missing copyright. * Makefile.nonreentrant: Likewise. * src/check-symfile.pl: Likewise. * src/check-symsorting.pl: Likewise. * src/driver.h: Likewise. * src/internal.h: Likewise. * tools/libvirt-guests.sh.in: Likewise. * tools/virt-pki-validate.in: Mention copyright in comment, not just code. * tools/virt-sanlock-cleanup.in: Likewise. * src/rpc/genprotocol.pl: Spell out license terms. * src/xen/xend_internal.h: Likewise. * src/xen/xend_internal.c: Likewise. * Makefile.am: Likewise. * daemon/Makefile.am: Likewise. * docs/Makefile.am: Likewise. * docs/schemas/Makefile.am: Likewise. * examples/apparmor/Makefile.am: Likewise. * examples/domain-events/events-c/Makefile.am: Likewise. * examples/dominfo/Makefile.am: Likewise. * examples/domsuspend/Makefile.am: Likewise. * examples/hellolibvirt/Makefile.am: Likewise. * examples/openauth/Makefile.am: Likewise. * examples/python/Makefile.am: Likewise. * examples/systemtap/Makefile.am: Likewise. * examples/xml/nwfilter/Makefile.am: Likewise. * gnulib/lib/Makefile.am: Likewise. * gnulib/tests/Makefile.am: Likewise. * include/Makefile.am: Likewise. * include/libvirt/Makefile.am: Likewise. * python/Makefile.am: Likewise. * python/tests/Makefile.am: Likewise. * src/Makefile.am: Likewise. * tests/Makefile.am: Likewise. * tools/Makefile.am: Likewise. * configure.ac: Likewise. Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-14 23:42:12 +00:00
# Copyright (C) 2009-2013 Red Hat, Inc.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library. If not, see
# <http://www.gnu.org/licenses/>.
#
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
# Daniel Veillard <veillard@redhat.com>
#
virt-pki-validate: add --help/--version option Another program gains --help/--version :) * tools/virt-pki-validate.in: Add option parsing. Update documentation to match. * tools/Makefile.am (virt-pki-validate): Substitute version. Signed-off-by: Eric Blake <eblake@redhat.com>
2013-08-19 22:38:57 +00:00
case $1 in
-h | --h | --he | --hel | --help)
cat <<EOF
Usage:
$0 [OPTION]
Options:
-h | --help Display program help
-V | --version Display program version
EOF
exit ;;
-V | --v | --ve | --ver | --vers | --versi | --versio | --version)
cat <<EOF
$0 (libvirt) @VERSION@
EOF
exit ;;
--) shift ;;
-) # Not an option but an argument; it gets rejected later
;;
-*)
echo "$0: unrecognized option '$1'" >&2
exit 1 ;;
esac
if test $# != 0; then
echo "$0: unrecognized argument '$1'" >&2
exit 1
fi
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
USER=`who am i | awk '{ print $1 }'`
SERVER=1
CLIENT=1
PORT=16514
#
# First get certtool
#
CERTOOL=`which certtool 2>/dev/null`
virt-pki-validate: behave when CERTTOOL is missing
2011-02-20 20:29:25 +00:00
if [ ! -x "$CERTOOL" ]
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
then
portability fixes to tools/virt-pki-validate.in A few fixes will help make tools/virt-pki-validate.in useful on Debian and Ubuntu. And one fix should be useful to everyone (see #3). 1) note our gnutls-bin package (in addition to your gnutls-utils package) in the no-certtool error text 2) fix a bashism, == should be = in the case where /bin/sh is a symlink to dash 3) $(SYSCONFDIR) cannot evaluate; set a single shell SYSCONFDIR variable to the autoconf @SYSCONFDIR@ value, and use $SYSCONFDIR everywhere Bug report: * https://bugs.edge.launchpad.net/ubuntu/+source/libvirt/+bug/562266 Signed-off-by: Dustin Kirkland <kirkland@canonical.com> Signed-off-by: Eric Blake <eblake@redhat.com>
2010-04-21 21:52:10 +00:00
echo "Could not locate the certtool program"
echo "make sure the gnutls-utils (or gnutls-bin) package is installed"
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
exit 1
fi
virt-*-validate.in: quote all variable references Alas, the shell is not a real programming language. Patch generated by manual confirmation of vim's s/[^"]\@<=\$\S\+\s\@=/"&"/gc and s/\(echo \)\@<=[^"].*\$.*$/"&"/c matches. This patch generate a lot of noise and carries little benefits, as I do not really expect $PKI to contain spaces or backticks. I'm just fuming, and would not really mind if this patch is ignored
2011-02-20 20:29:26 +00:00
echo Found "$CERTOOL"
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
#
# Check the directory structure
#
build: use common .in replacement mechanism We had several different styles of .in conversion in our Makefiles: ALLCAPS, @ALLCAPS@, @lower@, ::lower:: Canonicalize on one form, to make it easier to copy and paste between .in files. Also, we were using some non-portable sed constructs: \@ is an undefined escape sequence (it happens to be @ itself in GNU sed, but POSIX allows it to mean something else), as well as risky behavior (failure to consistently quote things means a space in $(sysconfdir) could throw things off; also, Autoconf recommends using | rather than , or ! in the s||| operator, because | has to be quoted in shell and is therefore less likely to appear in file names than , or !). Fix all of these uses to follow the same syntax. * daemon/libvirtd.8.in: Switch to @var@. * tools/virt-xml-validate.in: Likewise. * tools/virt-pki-validate.in: Likewise. * src/locking/virtlockd.init.in: Likewise. * daemon/Makefile.am: Prefer | over ! in sed. (libvirtd.8): Prefer consistent substitution. (libvirtd.init, libvirtd.service): Avoid non-portable sed. * tools/Makefile.am (libvirt-guests.sh, libvirt-guests.init) (libvirt-guests.service): Likewise. (virt-xml-validate, virt-pki-validate, virt-sanlock-cleanup): Prefer consistent capitalization. * src/Makefile.am (virtlockd.init, virtlockd.service) (virtlockd.socket): Prefer consistent substitution.
2013-01-04 20:35:04 +00:00
SYSCONFDIR="@sysconfdir@"
portability fixes to tools/virt-pki-validate.in A few fixes will help make tools/virt-pki-validate.in useful on Debian and Ubuntu. And one fix should be useful to everyone (see #3). 1) note our gnutls-bin package (in addition to your gnutls-utils package) in the no-certtool error text 2) fix a bashism, == should be = in the case where /bin/sh is a symlink to dash 3) $(SYSCONFDIR) cannot evaluate; set a single shell SYSCONFDIR variable to the autoconf @SYSCONFDIR@ value, and use $SYSCONFDIR everywhere Bug report: * https://bugs.edge.launchpad.net/ubuntu/+source/libvirt/+bug/562266 Signed-off-by: Dustin Kirkland <kirkland@canonical.com> Signed-off-by: Eric Blake <eblake@redhat.com>
2010-04-21 21:52:10 +00:00
PKI="$SYSCONFDIR/pki"
virt-*-validate.in: quote all variable references Alas, the shell is not a real programming language. Patch generated by manual confirmation of vim's s/[^"]\@<=\$\S\+\s\@=/"&"/gc and s/\(echo \)\@<=[^"].*\$.*$/"&"/c matches. This patch generate a lot of noise and carries little benefits, as I do not really expect $PKI to contain spaces or backticks. I'm just fuming, and would not really mind if this patch is ignored
2011-02-20 20:29:26 +00:00
if [ ! -d "$PKI" ]
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
then
echo the $PKI directory is missing, it is usually
echo installed as part of the filesystem or openssl packages
exit 1
fi
virt-*-validate.in: quote all variable references Alas, the shell is not a real programming language. Patch generated by manual confirmation of vim's s/[^"]\@<=\$\S\+\s\@=/"&"/gc and s/\(echo \)\@<=[^"].*\$.*$/"&"/c matches. This patch generate a lot of noise and carries little benefits, as I do not really expect $PKI to contain spaces or backticks. I'm just fuming, and would not really mind if this patch is ignored
2011-02-20 20:29:26 +00:00
if [ ! -r "$PKI" ]
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
then
echo the $PKI directory is not readable by $USER
echo "as root do: chmod a+rx $PKI"
exit 1
fi
virt-*-validate.in: quote all variable references Alas, the shell is not a real programming language. Patch generated by manual confirmation of vim's s/[^"]\@<=\$\S\+\s\@=/"&"/gc and s/\(echo \)\@<=[^"].*\$.*$/"&"/c matches. This patch generate a lot of noise and carries little benefits, as I do not really expect $PKI to contain spaces or backticks. I'm just fuming, and would not really mind if this patch is ignored
2011-02-20 20:29:26 +00:00
if [ ! -x "$PKI" ]
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
then
echo the $PKI directory is not listable by $USER
echo "as root do: chmod a+rx $PKI"
exit 1
fi
CA="$PKI/CA"
virt-*-validate.in: quote all variable references Alas, the shell is not a real programming language. Patch generated by manual confirmation of vim's s/[^"]\@<=\$\S\+\s\@=/"&"/gc and s/\(echo \)\@<=[^"].*\$.*$/"&"/c matches. This patch generate a lot of noise and carries little benefits, as I do not really expect $PKI to contain spaces or backticks. I'm just fuming, and would not really mind if this patch is ignored
2011-02-20 20:29:26 +00:00
if [ ! -d "$CA" ]
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
then
echo the $CA directory is missing, it is usually
echo installed as part of the or openssl package
exit 1
fi
virt-*-validate.in: quote all variable references Alas, the shell is not a real programming language. Patch generated by manual confirmation of vim's s/[^"]\@<=\$\S\+\s\@=/"&"/gc and s/\(echo \)\@<=[^"].*\$.*$/"&"/c matches. This patch generate a lot of noise and carries little benefits, as I do not really expect $PKI to contain spaces or backticks. I'm just fuming, and would not really mind if this patch is ignored
2011-02-20 20:29:26 +00:00
if [ ! -r "$CA" ]
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
then
echo the $CA directory is not readable by $USER
echo "as root do: chmod a+rx $CA"
exit 1
fi
virt-*-validate.in: quote all variable references Alas, the shell is not a real programming language. Patch generated by manual confirmation of vim's s/[^"]\@<=\$\S\+\s\@=/"&"/gc and s/\(echo \)\@<=[^"].*\$.*$/"&"/c matches. This patch generate a lot of noise and carries little benefits, as I do not really expect $PKI to contain spaces or backticks. I'm just fuming, and would not really mind if this patch is ignored
2011-02-20 20:29:26 +00:00
if [ ! -x "$CA" ]
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
then
echo the $CA directory is not listable by $USER
echo "as root do: chmod a+rx $CA"
exit 1
fi
LIBVIRT="$PKI/libvirt"
virt-*-validate.in: quote all variable references Alas, the shell is not a real programming language. Patch generated by manual confirmation of vim's s/[^"]\@<=\$\S\+\s\@=/"&"/gc and s/\(echo \)\@<=[^"].*\$.*$/"&"/c matches. This patch generate a lot of noise and carries little benefits, as I do not really expect $PKI to contain spaces or backticks. I'm just fuming, and would not really mind if this patch is ignored
2011-02-20 20:29:26 +00:00
if [ ! -d "$LIBVIRT" ]
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
then
echo the $LIBVIRT directory is missing, it is usually
echo installed by the libvirt package
echo "as root do: mkdir -m 755 $LIBVIRT ; chown root:root $LIBVIRT"
exit 1
fi
virt-*-validate.in: quote all variable references Alas, the shell is not a real programming language. Patch generated by manual confirmation of vim's s/[^"]\@<=\$\S\+\s\@=/"&"/gc and s/\(echo \)\@<=[^"].*\$.*$/"&"/c matches. This patch generate a lot of noise and carries little benefits, as I do not really expect $PKI to contain spaces or backticks. I'm just fuming, and would not really mind if this patch is ignored
2011-02-20 20:29:26 +00:00
if [ ! -r "$LIBVIRT" ]
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
then
echo the $LIBVIRT directory is not readable by $USER
echo "as root do: chown root:root $LIBVIRT ; chmod 755 $LIBVIRT"
exit 1
fi
virt-*-validate.in: quote all variable references Alas, the shell is not a real programming language. Patch generated by manual confirmation of vim's s/[^"]\@<=\$\S\+\s\@=/"&"/gc and s/\(echo \)\@<=[^"].*\$.*$/"&"/c matches. This patch generate a lot of noise and carries little benefits, as I do not really expect $PKI to contain spaces or backticks. I'm just fuming, and would not really mind if this patch is ignored
2011-02-20 20:29:26 +00:00
if [ ! -x "$LIBVIRT" ]
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
then
echo the $LIBVIRT directory is not listable by $USER
echo "as root do: chown root:root $LIBVIRT ; chmod 755 $LIBVIRT"
exit 1
fi
LIBVIRTP="$LIBVIRT/private"
virt-*-validate.in: quote all variable references Alas, the shell is not a real programming language. Patch generated by manual confirmation of vim's s/[^"]\@<=\$\S\+\s\@=/"&"/gc and s/\(echo \)\@<=[^"].*\$.*$/"&"/c matches. This patch generate a lot of noise and carries little benefits, as I do not really expect $PKI to contain spaces or backticks. I'm just fuming, and would not really mind if this patch is ignored
2011-02-20 20:29:26 +00:00
if [ ! -d "$LIBVIRTP" ]
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
then
echo the $LIBVIRTP directory is missing, it is usually
echo installed by the libvirt package
echo "as root do: mkdir -m 755 $LIBVIRTP ; chown root:root $LIBVIRTP"
exit 1
fi
virt-*-validate.in: quote all variable references Alas, the shell is not a real programming language. Patch generated by manual confirmation of vim's s/[^"]\@<=\$\S\+\s\@=/"&"/gc and s/\(echo \)\@<=[^"].*\$.*$/"&"/c matches. This patch generate a lot of noise and carries little benefits, as I do not really expect $PKI to contain spaces or backticks. I'm just fuming, and would not really mind if this patch is ignored
2011-02-20 20:29:26 +00:00
if [ ! -r "$LIBVIRTP" ]
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
then
echo the $LIBVIRTP directory is not readable by $USER
echo "as root do: chown root:root $LIBVIRTP ; chmod 755 $LIBVIRTP"
exit 1
fi
virt-*-validate.in: quote all variable references Alas, the shell is not a real programming language. Patch generated by manual confirmation of vim's s/[^"]\@<=\$\S\+\s\@=/"&"/gc and s/\(echo \)\@<=[^"].*\$.*$/"&"/c matches. This patch generate a lot of noise and carries little benefits, as I do not really expect $PKI to contain spaces or backticks. I'm just fuming, and would not really mind if this patch is ignored
2011-02-20 20:29:26 +00:00
if [ ! -x "$LIBVIRTP" ]
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
then
echo the $LIBVIRTP directory is not listable by $USER
echo "as root do: chown root:root $LIBVIRTP ; chmod 755 $LIBVIRTP"
exit 1
fi
#
# Now check the certificates
# First the CA certificate
#
virt-*-validate.in: quote all variable references Alas, the shell is not a real programming language. Patch generated by manual confirmation of vim's s/[^"]\@<=\$\S\+\s\@=/"&"/gc and s/\(echo \)\@<=[^"].*\$.*$/"&"/c matches. This patch generate a lot of noise and carries little benefits, as I do not really expect $PKI to contain spaces or backticks. I'm just fuming, and would not really mind if this patch is ignored
2011-02-20 20:29:26 +00:00
if [ ! -f "$CA/cacert.pem" ]
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
then
echo the CA certificate $CA/cacert.pem is missing while it
echo should be installed on both client and servers
Use https:// links for most sites This adds a rule to require https links for the libvirt, qemu and kvm websites. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-10-13 15:30:41 +00:00
echo "see https://libvirt.org/remote.html#Remote_TLS_CA"
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
echo on how to install it
exit 1
fi
virt-*-validate.in: quote all variable references Alas, the shell is not a real programming language. Patch generated by manual confirmation of vim's s/[^"]\@<=\$\S\+\s\@=/"&"/gc and s/\(echo \)\@<=[^"].*\$.*$/"&"/c matches. This patch generate a lot of noise and carries little benefits, as I do not really expect $PKI to contain spaces or backticks. I'm just fuming, and would not really mind if this patch is ignored
2011-02-20 20:29:26 +00:00
if [ ! -r "$CA/cacert.pem" ]
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
then
echo the CA certificate $CA/cacert.pem is not readable by $USER
echo "as root do: chmod 644 $CA/cacert.pem"
exit 1
fi
Fix virt-pki-validate's determination of CN Ubuntu's gntls package generates an Issuer line that looks like this: Issuer: C=US,ST=NY,L=Rochester,O=example.com,CN=example.com CA,EMAIL=hostmaster@example.com While Red Hat's looks like this Issuer: CN=Red Hat Emerging Technologies Note the leading whitespace, and the additional fields in the former. This patch updates the regular expression to: * trim leading characters before "Issuer:" * trim anything between Issuer: and CN= * trim anything after the next , I've tested this against the certool output of both RH and Ubuntu generated certs. Signed-off-by: Dustin Kirkland <kirkland@canonical.com> Signed-off-by: Eric Blake <eblake@redhat.com>
2010-04-29 21:20:50 +00:00
sed_get_org='/Issuer:/ {
s/.*Issuer:.*CN=//
s/,.*//
p
}'
virt-*-validate.in: quote all variable references Alas, the shell is not a real programming language. Patch generated by manual confirmation of vim's s/[^"]\@<=\$\S\+\s\@=/"&"/gc and s/\(echo \)\@<=[^"].*\$.*$/"&"/c matches. This patch generate a lot of noise and carries little benefits, as I do not really expect $PKI to contain spaces or backticks. I'm just fuming, and would not really mind if this patch is ignored
2011-02-20 20:29:26 +00:00
ORG=`"$CERTOOL" -i --infile "$CA/cacert.pem" | sed -n "$sed_get_org"`
portability fixes to tools/virt-pki-validate.in A few fixes will help make tools/virt-pki-validate.in useful on Debian and Ubuntu. And one fix should be useful to everyone (see #3). 1) note our gnutls-bin package (in addition to your gnutls-utils package) in the no-certtool error text 2) fix a bashism, == should be = in the case where /bin/sh is a symlink to dash 3) $(SYSCONFDIR) cannot evaluate; set a single shell SYSCONFDIR variable to the autoconf @SYSCONFDIR@ value, and use $SYSCONFDIR everywhere Bug report: * https://bugs.edge.launchpad.net/ubuntu/+source/libvirt/+bug/562266 Signed-off-by: Dustin Kirkland <kirkland@canonical.com> Signed-off-by: Eric Blake <eblake@redhat.com>
2010-04-21 21:52:10 +00:00
if [ "$ORG" = "" ]
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
then
echo the CA certificate $CA/cacert.pem does not define the organization
echo it should probably regenerated
Use https:// links for most sites This adds a rule to require https links for the libvirt, qemu and kvm websites. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-10-13 15:30:41 +00:00
echo "see https://libvirt.org/remote.html#Remote_TLS_CA"
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
echo on how to regenerate it
exit 1
fi
echo Found CA certificate $CA/cacert.pem for $ORG
# Second the client certificates
virt-*-validate.in: quote all variable references Alas, the shell is not a real programming language. Patch generated by manual confirmation of vim's s/[^"]\@<=\$\S\+\s\@=/"&"/gc and s/\(echo \)\@<=[^"].*\$.*$/"&"/c matches. This patch generate a lot of noise and carries little benefits, as I do not really expect $PKI to contain spaces or backticks. I'm just fuming, and would not really mind if this patch is ignored
2011-02-20 20:29:26 +00:00
if [ -f "$LIBVIRT/clientcert.pem" ]
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
then
virt-*-validate.in: quote all variable references Alas, the shell is not a real programming language. Patch generated by manual confirmation of vim's s/[^"]\@<=\$\S\+\s\@=/"&"/gc and s/\(echo \)\@<=[^"].*\$.*$/"&"/c matches. This patch generate a lot of noise and carries little benefits, as I do not really expect $PKI to contain spaces or backticks. I'm just fuming, and would not really mind if this patch is ignored
2011-02-20 20:29:26 +00:00
if [ ! -r "$LIBVIRT/clientcert.pem" ]
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
then
echo Client certificate $LIBVIRT/clientcert.pem should be world readable
maint: enforce whitespace on shell scripts Noticed because virt-pki-validate was very inconsistent on using tabs vs. 8 spaces, sometimes mixing both paradigms on a single line. 'git diff -b' shows significant changes only in cfg.mk. * cfg.mk (sc_TAB_in_indentation): Add a few files. * daemon/libvirtd.init.in: Avoid tabs. * tools/virt-pki-validate.in: Likewise.
2010-04-21 23:21:06 +00:00
echo "as root do: chown root:root $LIBVIRT/clientcert.pem ; chmod 644 $LIBVIRT/clientcert.pem"
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
else
virt-*-validate.in: quote all variable references Alas, the shell is not a real programming language. Patch generated by manual confirmation of vim's s/[^"]\@<=\$\S\+\s\@=/"&"/gc and s/\(echo \)\@<=[^"].*\$.*$/"&"/c matches. This patch generate a lot of noise and carries little benefits, as I do not really expect $PKI to contain spaces or backticks. I'm just fuming, and would not really mind if this patch is ignored
2011-02-20 20:29:26 +00:00
S_ORG=`"$CERTOOL" -i --infile "$LIBVIRT/clientcert.pem" | grep Subject: | sed 's+.*O=\([a-zA-Z \._-]*\).*+\1+'`
maint: enforce whitespace on shell scripts Noticed because virt-pki-validate was very inconsistent on using tabs vs. 8 spaces, sometimes mixing both paradigms on a single line. 'git diff -b' shows significant changes only in cfg.mk. * cfg.mk (sc_TAB_in_indentation): Add a few files. * daemon/libvirtd.init.in: Avoid tabs. * tools/virt-pki-validate.in: Likewise.
2010-04-21 23:21:06 +00:00
if [ "$ORG" != "$S_ORG" ]
then
echo The CA certificate and the client certificate do not match
echo CA organization: $ORG
echo Client organization: $S_ORG
fi
virt-*-validate.in: quote all variable references Alas, the shell is not a real programming language. Patch generated by manual confirmation of vim's s/[^"]\@<=\$\S\+\s\@=/"&"/gc and s/\(echo \)\@<=[^"].*\$.*$/"&"/c matches. This patch generate a lot of noise and carries little benefits, as I do not really expect $PKI to contain spaces or backticks. I'm just fuming, and would not really mind if this patch is ignored
2011-02-20 20:29:26 +00:00
CLIENT=`"$CERTOOL" -i --infile "$LIBVIRT/clientcert.pem" | grep Subject: | sed 's+.*CN=\(.[a-zA-Z \._-]*\).*+\1+'`
maint: enforce whitespace on shell scripts Noticed because virt-pki-validate was very inconsistent on using tabs vs. 8 spaces, sometimes mixing both paradigms on a single line. 'git diff -b' shows significant changes only in cfg.mk. * cfg.mk (sc_TAB_in_indentation): Add a few files. * daemon/libvirtd.init.in: Avoid tabs. * tools/virt-pki-validate.in: Likewise.
2010-04-21 23:21:06 +00:00
echo Found client certificate $LIBVIRT/clientcert.pem for $CLIENT
virt-*-validate.in: quote all variable references Alas, the shell is not a real programming language. Patch generated by manual confirmation of vim's s/[^"]\@<=\$\S\+\s\@=/"&"/gc and s/\(echo \)\@<=[^"].*\$.*$/"&"/c matches. This patch generate a lot of noise and carries little benefits, as I do not really expect $PKI to contain spaces or backticks. I'm just fuming, and would not really mind if this patch is ignored
2011-02-20 20:29:26 +00:00
if [ ! -e "$LIBVIRTP/clientkey.pem" ]
maint: enforce whitespace on shell scripts Noticed because virt-pki-validate was very inconsistent on using tabs vs. 8 spaces, sometimes mixing both paradigms on a single line. 'git diff -b' shows significant changes only in cfg.mk. * cfg.mk (sc_TAB_in_indentation): Add a few files. * daemon/libvirtd.init.in: Avoid tabs. * tools/virt-pki-validate.in: Likewise.
2010-04-21 23:21:06 +00:00
then
echo Missing client private key $LIBVIRTP/clientkey.pem
else
echo Found client private key $LIBVIRTP/clientkey.pem
virt-*-validate.in: quote all variable references Alas, the shell is not a real programming language. Patch generated by manual confirmation of vim's s/[^"]\@<=\$\S\+\s\@=/"&"/gc and s/\(echo \)\@<=[^"].*\$.*$/"&"/c matches. This patch generate a lot of noise and carries little benefits, as I do not really expect $PKI to contain spaces or backticks. I'm just fuming, and would not really mind if this patch is ignored
2011-02-20 20:29:26 +00:00
OWN=`ls -l "$LIBVIRTP/clientkey.pem" | awk '{ print $3 }'`
tools: make virt-pki-validate work with acls and xattrs This patch makes virt-pki-validate work with certificates that have acl or xattr set. Otherwise it failing due to wrong permissions.
2012-05-31 09:00:06 +00:00
# The substr($1, 1, 10) gets rid of acl and xattr markers
MOD=`ls -l "$LIBVIRTP/clientkey.pem" | awk '{ print substr($1, 1, 10) }'`
maint: enforce whitespace on shell scripts Noticed because virt-pki-validate was very inconsistent on using tabs vs. 8 spaces, sometimes mixing both paradigms on a single line. 'git diff -b' shows significant changes only in cfg.mk. * cfg.mk (sc_TAB_in_indentation): Add a few files. * daemon/libvirtd.init.in: Avoid tabs. * tools/virt-pki-validate.in: Likewise.
2010-04-21 23:21:06 +00:00
if [ "$OWN" != "root" ]
then
echo The client private key should be owned by root
echo "as root do: chown root $LIBVIRTP/clientkey.pem"
fi
if [ "$MOD" != "-rw-r--r--" ]
then
echo The client private key need to be read by client tools
echo "as root do: chmod 644 $LIBVIRTP/clientkey.pem"
fi
fi
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
fi
else
virt-*-validate.in: quote all variable references Alas, the shell is not a real programming language. Patch generated by manual confirmation of vim's s/[^"]\@<=\$\S\+\s\@=/"&"/gc and s/\(echo \)\@<=[^"].*\$.*$/"&"/c matches. This patch generate a lot of noise and carries little benefits, as I do not really expect $PKI to contain spaces or backticks. I'm just fuming, and would not really mind if this patch is ignored
2011-02-20 20:29:26 +00:00
echo Did not find "$LIBVIRT/clientcert.pem" client certificate
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
echo The machine cannot act as a client
Use https:// links for most sites This adds a rule to require https links for the libvirt, qemu and kvm websites. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-10-13 15:30:41 +00:00
echo "see https://libvirt.org/remote.html#Remote_TLS_client_certificates"
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
echo on how to regenerate it
CLIENT=0
fi
# Third the server certificates
virt-*-validate.in: quote all variable references Alas, the shell is not a real programming language. Patch generated by manual confirmation of vim's s/[^"]\@<=\$\S\+\s\@=/"&"/gc and s/\(echo \)\@<=[^"].*\$.*$/"&"/c matches. This patch generate a lot of noise and carries little benefits, as I do not really expect $PKI to contain spaces or backticks. I'm just fuming, and would not really mind if this patch is ignored
2011-02-20 20:29:26 +00:00
if [ -f "$LIBVIRT/servercert.pem" ]
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
then
virt-*-validate.in: quote all variable references Alas, the shell is not a real programming language. Patch generated by manual confirmation of vim's s/[^"]\@<=\$\S\+\s\@=/"&"/gc and s/\(echo \)\@<=[^"].*\$.*$/"&"/c matches. This patch generate a lot of noise and carries little benefits, as I do not really expect $PKI to contain spaces or backticks. I'm just fuming, and would not really mind if this patch is ignored
2011-02-20 20:29:26 +00:00
if [ ! -r "$LIBVIRT/servercert.pem" ]
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
then
echo Server certificate $LIBVIRT/servercert.pem should be world readable
maint: enforce whitespace on shell scripts Noticed because virt-pki-validate was very inconsistent on using tabs vs. 8 spaces, sometimes mixing both paradigms on a single line. 'git diff -b' shows significant changes only in cfg.mk. * cfg.mk (sc_TAB_in_indentation): Add a few files. * daemon/libvirtd.init.in: Avoid tabs. * tools/virt-pki-validate.in: Likewise.
2010-04-21 23:21:06 +00:00
echo "as root do: chown root:root $LIBVIRT/servercert.pem ; chmod 644 $LIBVIRT/servercert.pem"
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
else
virt-*-validate.in: quote all variable references Alas, the shell is not a real programming language. Patch generated by manual confirmation of vim's s/[^"]\@<=\$\S\+\s\@=/"&"/gc and s/\(echo \)\@<=[^"].*\$.*$/"&"/c matches. This patch generate a lot of noise and carries little benefits, as I do not really expect $PKI to contain spaces or backticks. I'm just fuming, and would not really mind if this patch is ignored
2011-02-20 20:29:26 +00:00
S_ORG=`"$CERTOOL" -i --infile "$LIBVIRT/servercert.pem" | grep Subject: | sed 's+.*O=\([a-zA-Z\. _-]*\).*+\1+'`
maint: enforce whitespace on shell scripts Noticed because virt-pki-validate was very inconsistent on using tabs vs. 8 spaces, sometimes mixing both paradigms on a single line. 'git diff -b' shows significant changes only in cfg.mk. * cfg.mk (sc_TAB_in_indentation): Add a few files. * daemon/libvirtd.init.in: Avoid tabs. * tools/virt-pki-validate.in: Likewise.
2010-04-21 23:21:06 +00:00
if [ "$ORG" != "$S_ORG" ]
then
echo The CA certificate and the server certificate do not match
echo CA organization: $ORG
echo Server organization: $S_ORG
fi
fix regex to check CN from server certificate Currently when the script validates the PKI files and the certificate 'Subject:' field contains RDNs after the Common Name (CN), these values are also included, creating a false result that the CN is not correct. A small change to the sed regex fixes this issue, by extracting only the value for CN and nothing else. The regex is replaced with the exact same regex used to extract the CN value from the client certificate.
2018-01-26 19:33:02 +00:00
S_HOST=`"$CERTOOL" -i --infile "$LIBVIRT/servercert.pem" | grep Subject: | sed 's+.*CN=\(.[a-zA-Z \._-]*\).*+\1+'`
maint: enforce whitespace on shell scripts Noticed because virt-pki-validate was very inconsistent on using tabs vs. 8 spaces, sometimes mixing both paradigms on a single line. 'git diff -b' shows significant changes only in cfg.mk. * cfg.mk (sc_TAB_in_indentation): Add a few files. * daemon/libvirtd.init.in: Avoid tabs. * tools/virt-pki-validate.in: Likewise.
2010-04-21 23:21:06 +00:00
if test "$S_HOST" != "`hostname -s`" && test "$S_HOST" != "`hostname`"
then
echo The server certificate does not seem to match the host name
echo hostname: '"'`hostname`'"'
echo Server certificate CN: '"'$S_HOST'"'
fi
echo Found server certificate $LIBVIRT/servercert.pem for $S_HOST
virt-*-validate.in: quote all variable references Alas, the shell is not a real programming language. Patch generated by manual confirmation of vim's s/[^"]\@<=\$\S\+\s\@=/"&"/gc and s/\(echo \)\@<=[^"].*\$.*$/"&"/c matches. This patch generate a lot of noise and carries little benefits, as I do not really expect $PKI to contain spaces or backticks. I'm just fuming, and would not really mind if this patch is ignored
2011-02-20 20:29:26 +00:00
if [ ! -e "$LIBVIRTP/serverkey.pem" ]
maint: enforce whitespace on shell scripts Noticed because virt-pki-validate was very inconsistent on using tabs vs. 8 spaces, sometimes mixing both paradigms on a single line. 'git diff -b' shows significant changes only in cfg.mk. * cfg.mk (sc_TAB_in_indentation): Add a few files. * daemon/libvirtd.init.in: Avoid tabs. * tools/virt-pki-validate.in: Likewise.
2010-04-21 23:21:06 +00:00
then
echo Missing server private key $LIBVIRTP/serverkey.pem
else
echo Found server private key $LIBVIRTP/serverkey.pem
virt-*-validate.in: quote all variable references Alas, the shell is not a real programming language. Patch generated by manual confirmation of vim's s/[^"]\@<=\$\S\+\s\@=/"&"/gc and s/\(echo \)\@<=[^"].*\$.*$/"&"/c matches. This patch generate a lot of noise and carries little benefits, as I do not really expect $PKI to contain spaces or backticks. I'm just fuming, and would not really mind if this patch is ignored
2011-02-20 20:29:26 +00:00
OWN=`ls -l "$LIBVIRTP/serverkey.pem" | awk '{ print $3 }'`
tools: make virt-pki-validate work with acls and xattrs This patch makes virt-pki-validate work with certificates that have acl or xattr set. Otherwise it failing due to wrong permissions.
2012-05-31 09:00:06 +00:00
# The substr($1, 1, 10) gets rid of acl and xattr markers
MOD=`ls -l "$LIBVIRTP/serverkey.pem" | awk '{ print substr($1, 1, 10) }'`
maint: enforce whitespace on shell scripts Noticed because virt-pki-validate was very inconsistent on using tabs vs. 8 spaces, sometimes mixing both paradigms on a single line. 'git diff -b' shows significant changes only in cfg.mk. * cfg.mk (sc_TAB_in_indentation): Add a few files. * daemon/libvirtd.init.in: Avoid tabs. * tools/virt-pki-validate.in: Likewise.
2010-04-21 23:21:06 +00:00
if [ "$OWN" != "root" ]
then
echo The server private key should be owned by root
echo "as root do: chown root $LIBVIRTP/serverkey.pem"
fi
if [ "$MOD" != "-rw-------" ]
then
echo The server private key need to be read only by root
echo "as root do: chmod 600 $LIBVIRTP/serverkey.pem"
fi
fi
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
fi
else
virt-*-validate.in: quote all variable references Alas, the shell is not a real programming language. Patch generated by manual confirmation of vim's s/[^"]\@<=\$\S\+\s\@=/"&"/gc and s/\(echo \)\@<=[^"].*\$.*$/"&"/c matches. This patch generate a lot of noise and carries little benefits, as I do not really expect $PKI to contain spaces or backticks. I'm just fuming, and would not really mind if this patch is ignored
2011-02-20 20:29:26 +00:00
echo Did not find $LIBVIRT/servercert.pem server certificate
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
echo The machine cannot act as a server
Use https:// links for most sites This adds a rule to require https links for the libvirt, qemu and kvm websites. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-10-13 15:30:41 +00:00
echo "see https://libvirt.org/remote.html#Remote_TLS_server_certificates"
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
echo on how to regenerate it
SERVER=0
fi
if [ "$SERVER" = "1" ]
then
portability fixes to tools/virt-pki-validate.in A few fixes will help make tools/virt-pki-validate.in useful on Debian and Ubuntu. And one fix should be useful to everyone (see #3). 1) note our gnutls-bin package (in addition to your gnutls-utils package) in the no-certtool error text 2) fix a bashism, == should be = in the case where /bin/sh is a symlink to dash 3) $(SYSCONFDIR) cannot evaluate; set a single shell SYSCONFDIR variable to the autoconf @SYSCONFDIR@ value, and use $SYSCONFDIR everywhere Bug report: * https://bugs.edge.launchpad.net/ubuntu/+source/libvirt/+bug/562266 Signed-off-by: Dustin Kirkland <kirkland@canonical.com> Signed-off-by: Eric Blake <eblake@redhat.com>
2010-04-21 21:52:10 +00:00
if [ -r "$SYSCONFDIR"/sysconfig/libvirtd ]
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
then
portability fixes to tools/virt-pki-validate.in A few fixes will help make tools/virt-pki-validate.in useful on Debian and Ubuntu. And one fix should be useful to everyone (see #3). 1) note our gnutls-bin package (in addition to your gnutls-utils package) in the no-certtool error text 2) fix a bashism, == should be = in the case where /bin/sh is a symlink to dash 3) $(SYSCONFDIR) cannot evaluate; set a single shell SYSCONFDIR variable to the autoconf @SYSCONFDIR@ value, and use $SYSCONFDIR everywhere Bug report: * https://bugs.edge.launchpad.net/ubuntu/+source/libvirt/+bug/562266 Signed-off-by: Dustin Kirkland <kirkland@canonical.com> Signed-off-by: Eric Blake <eblake@redhat.com>
2010-04-21 21:52:10 +00:00
if grep "^LIBVIRTD_ARGS.*--listen" "$SYSCONFDIR"/sysconfig/libvirtd \
>/dev/null 2>&1
maint: enforce whitespace on shell scripts Noticed because virt-pki-validate was very inconsistent on using tabs vs. 8 spaces, sometimes mixing both paradigms on a single line. 'git diff -b' shows significant changes only in cfg.mk. * cfg.mk (sc_TAB_in_indentation): Add a few files. * daemon/libvirtd.init.in: Avoid tabs. * tools/virt-pki-validate.in: Likewise.
2010-04-21 23:21:06 +00:00
then
portability fixes to tools/virt-pki-validate.in A few fixes will help make tools/virt-pki-validate.in useful on Debian and Ubuntu. And one fix should be useful to everyone (see #3). 1) note our gnutls-bin package (in addition to your gnutls-utils package) in the no-certtool error text 2) fix a bashism, == should be = in the case where /bin/sh is a symlink to dash 3) $(SYSCONFDIR) cannot evaluate; set a single shell SYSCONFDIR variable to the autoconf @SYSCONFDIR@ value, and use $SYSCONFDIR everywhere Bug report: * https://bugs.edge.launchpad.net/ubuntu/+source/libvirt/+bug/562266 Signed-off-by: Dustin Kirkland <kirkland@canonical.com> Signed-off-by: Eric Blake <eblake@redhat.com>
2010-04-21 21:52:10 +00:00
:
else
echo Make sure "$SYSCONFDIR"/sysconfig/libvirtd is setup to listen to
maint: enforce whitespace on shell scripts Noticed because virt-pki-validate was very inconsistent on using tabs vs. 8 spaces, sometimes mixing both paradigms on a single line. 'git diff -b' shows significant changes only in cfg.mk. * cfg.mk (sc_TAB_in_indentation): Add a few files. * daemon/libvirtd.init.in: Avoid tabs. * tools/virt-pki-validate.in: Likewise.
2010-04-21 23:21:06 +00:00
echo TCP/IP connections and restart the libvirtd service
fi
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
fi
portability fixes to tools/virt-pki-validate.in A few fixes will help make tools/virt-pki-validate.in useful on Debian and Ubuntu. And one fix should be useful to everyone (see #3). 1) note our gnutls-bin package (in addition to your gnutls-utils package) in the no-certtool error text 2) fix a bashism, == should be = in the case where /bin/sh is a symlink to dash 3) $(SYSCONFDIR) cannot evaluate; set a single shell SYSCONFDIR variable to the autoconf @SYSCONFDIR@ value, and use $SYSCONFDIR everywhere Bug report: * https://bugs.edge.launchpad.net/ubuntu/+source/libvirt/+bug/562266 Signed-off-by: Dustin Kirkland <kirkland@canonical.com> Signed-off-by: Eric Blake <eblake@redhat.com>
2010-04-21 21:52:10 +00:00
if [ -r "$SYSCONFDIR"/sysconfig/iptables ]
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
then
virt-*-validate.in: quote all variable references Alas, the shell is not a real programming language. Patch generated by manual confirmation of vim's s/[^"]\@<=\$\S\+\s\@=/"&"/gc and s/\(echo \)\@<=[^"].*\$.*$/"&"/c matches. This patch generate a lot of noise and carries little benefits, as I do not really expect $PKI to contain spaces or backticks. I'm just fuming, and would not really mind if this patch is ignored
2011-02-20 20:29:26 +00:00
if grep "$PORT" "$SYSCONFDIR"/sysconfig/iptables >/dev/null 2>&1
maint: enforce whitespace on shell scripts Noticed because virt-pki-validate was very inconsistent on using tabs vs. 8 spaces, sometimes mixing both paradigms on a single line. 'git diff -b' shows significant changes only in cfg.mk. * cfg.mk (sc_TAB_in_indentation): Add a few files. * daemon/libvirtd.init.in: Avoid tabs. * tools/virt-pki-validate.in: Likewise.
2010-04-21 23:21:06 +00:00
then
portability fixes to tools/virt-pki-validate.in A few fixes will help make tools/virt-pki-validate.in useful on Debian and Ubuntu. And one fix should be useful to everyone (see #3). 1) note our gnutls-bin package (in addition to your gnutls-utils package) in the no-certtool error text 2) fix a bashism, == should be = in the case where /bin/sh is a symlink to dash 3) $(SYSCONFDIR) cannot evaluate; set a single shell SYSCONFDIR variable to the autoconf @SYSCONFDIR@ value, and use $SYSCONFDIR everywhere Bug report: * https://bugs.edge.launchpad.net/ubuntu/+source/libvirt/+bug/562266 Signed-off-by: Dustin Kirkland <kirkland@canonical.com> Signed-off-by: Eric Blake <eblake@redhat.com>
2010-04-21 21:52:10 +00:00
:
else
echo Make sure "$SYSCONFDIR"/sysconfig/iptables is setup to allow
maint: enforce whitespace on shell scripts Noticed because virt-pki-validate was very inconsistent on using tabs vs. 8 spaces, sometimes mixing both paradigms on a single line. 'git diff -b' shows significant changes only in cfg.mk. * cfg.mk (sc_TAB_in_indentation): Add a few files. * daemon/libvirtd.init.in: Avoid tabs. * tools/virt-pki-validate.in: Likewise.
2010-04-21 23:21:06 +00:00
echo incoming TCP/IP connections on port $PORT and
echo restart the iptables service
fi
* docs/libvir.html docs/remote.html: update the remote page, add an index * docs/pki_check.sh: shell script to check the PKI and client/server environment. Daniel
2007-07-12 15:47:19 +00:00
fi
fi
Make pki_check.sh into an installed & supported tool * docs/pki_check.sh: Move to tool/virt-pki-validate.in and add in POD man page documentation * tools/.gitignore: Ignore generated virt-pki-validate file * tools/Makefile.am: Install & build virt-pki-validate and virt-pki-validate.1 * docs/remote.html, docs/remote.html.in: Refer to new tool name virt-pki-validate * libvirt.spec.in, mingw32-libvirt.spec.in: Add virt-pki-validate and virt-pki-validate.1 to files list
2009-09-16 13:42:57 +00:00
exit 0
Reference in New Issue Copy Permalink