From 114b726f0d796a4228dcada369cc600d4eae09d1 Mon Sep 17 00:00:00 2001
From: Martin Kletzander <mkletzan@redhat.com>
Date: Thu, 31 May 2012 11:00:06 +0200
Subject: [PATCH] tools: make virt-pki-validate work with acls and xattrs

This patch makes virt-pki-validate work with certificates that have
acl or xattr set. Otherwise it failing due to wrong permissions.
(cherry picked from commit d4fb6694a4b7d5c613136e3bfc1bbf8d6b98ec74)
---
 tools/virt-pki-validate.in | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/tools/virt-pki-validate.in b/tools/virt-pki-validate.in
index 01825d1561..41647584cf 100755
--- a/tools/virt-pki-validate.in
+++ b/tools/virt-pki-validate.in
@@ -170,7 +170,8 @@ then
         else
             echo Found client private key $LIBVIRTP/clientkey.pem
             OWN=`ls -l "$LIBVIRTP/clientkey.pem" | awk '{ print $3 }'`
-            MOD=`ls -l "$LIBVIRTP/clientkey.pem" | awk '{ print $1 }'`
+            # The substr($1, 1, 10) gets rid of acl and xattr markers
+            MOD=`ls -l "$LIBVIRTP/clientkey.pem" | awk '{ print substr($1, 1, 10) }'`
             if [ "$OWN" != "root" ]
             then
                 echo The client private key should be owned by root
@@ -222,7 +223,8 @@ then
         else
             echo Found server private key $LIBVIRTP/serverkey.pem
             OWN=`ls -l "$LIBVIRTP/serverkey.pem" | awk '{ print $3 }'`
-            MOD=`ls -l "$LIBVIRTP/serverkey.pem" | awk '{ print $1 }'`
+            # The substr($1, 1, 10) gets rid of acl and xattr markers
+            MOD=`ls -l "$LIBVIRTP/serverkey.pem" | awk '{ print substr($1, 1, 10) }'`
             if [ "$OWN" != "root" ]
             then
                 echo The server private key should be owned by root