External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-02-22 11:22:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

virt-*-validate.in: quote all variable references

Browse Source 
Alas, the shell is not a real programming language.

Patch generated by manual confirmation of vim's
s/[^"]\@<=\$\S\+\s\@=/"&"/gc
and
s/\(echo \)\@<=[^"].*\$.*$/"&"/c matches.

This patch generate a lot of noise and carries little benefits, as
I do not really expect $PKI to contain spaces or backticks. I'm just
fuming, and would not really mind if this patch is ignored
This commit is contained in:
Dan Kenigsberg 2011-02-20 22:29:26 +02:00 committed by Eric Blake
parent 9b47915914
commit b3ff07a07d
2 changed files with 38 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
tools/virt-pki-validate.in
View File

@ -20,27 +20,27 @@ then
echo "make sure the gnutls-utils (or gnutls-bin) package is installed" echo "make sure the gnutls-utils (or gnutls-bin) package is installed"
exit 1 exit 1
fi fi
echo Found $CERTOOL echo Found "$CERTOOL"
# #
# Check the directory structure # Check the directory structure
# #
SYSCONFDIR="@SYSCONFDIR@" SYSCONFDIR="@SYSCONFDIR@"
PKI="$SYSCONFDIR/pki" PKI="$SYSCONFDIR/pki"
if [ ! -d $PKI ] if [ ! -d "$PKI" ]
then then
echo the $PKI directory is missing, it is usually echo the $PKI directory is missing, it is usually
echo installed as part of the filesystem or openssl packages echo installed as part of the filesystem or openssl packages
exit 1 exit 1
fi fi
if [ ! -r $PKI ] if [ ! -r "$PKI" ]
then then
echo the $PKI directory is not readable by $USER echo the $PKI directory is not readable by $USER
echo "as root do: chmod a+rx $PKI" echo "as root do: chmod a+rx $PKI"
exit 1 exit 1
fi fi
if [ ! -x $PKI ] if [ ! -x "$PKI" ]
then then
echo the $PKI directory is not listable by $USER echo the $PKI directory is not listable by $USER
echo "as root do: chmod a+rx $PKI" echo "as root do: chmod a+rx $PKI"
@ -48,20 +48,20 @@ then
fi fi
CA="$PKI/CA" CA="$PKI/CA"
if [ ! -d $CA ] if [ ! -d "$CA" ]
then then
echo the $CA directory is missing, it is usually echo the $CA directory is missing, it is usually
echo installed as part of the or openssl package echo installed as part of the or openssl package
exit 1 exit 1
fi fi
if [ ! -r $CA ] if [ ! -r "$CA" ]
then then
echo the $CA directory is not readable by $USER echo the $CA directory is not readable by $USER
echo "as root do: chmod a+rx $CA" echo "as root do: chmod a+rx $CA"
exit 1 exit 1
fi fi
if [ ! -x $CA ] if [ ! -x "$CA" ]
then then
echo the $CA directory is not listable by $USER echo the $CA directory is not listable by $USER
echo "as root do: chmod a+rx $CA" echo "as root do: chmod a+rx $CA"
@ -69,7 +69,7 @@ then
fi fi
LIBVIRT="$PKI/libvirt" LIBVIRT="$PKI/libvirt"
if [ ! -d $LIBVIRT ] if [ ! -d "$LIBVIRT" ]
then then
echo the $LIBVIRT directory is missing, it is usually echo the $LIBVIRT directory is missing, it is usually
echo installed by the libvirt package echo installed by the libvirt package
@ -77,13 +77,13 @@ then
exit 1 exit 1
fi fi
if [ ! -r $LIBVIRT ] if [ ! -r "$LIBVIRT" ]
then then
echo the $LIBVIRT directory is not readable by $USER echo the $LIBVIRT directory is not readable by $USER
echo "as root do: chown root:root $LIBVIRT ; chmod 755 $LIBVIRT" echo "as root do: chown root:root $LIBVIRT ; chmod 755 $LIBVIRT"
exit 1 exit 1
fi fi
if [ ! -x $LIBVIRT ] if [ ! -x "$LIBVIRT" ]
then then
echo the $LIBVIRT directory is not listable by $USER echo the $LIBVIRT directory is not listable by $USER
echo "as root do: chown root:root $LIBVIRT ; chmod 755 $LIBVIRT" echo "as root do: chown root:root $LIBVIRT ; chmod 755 $LIBVIRT"
@ -91,7 +91,7 @@ then
fi fi
LIBVIRTP="$LIBVIRT/private" LIBVIRTP="$LIBVIRT/private"
if [ ! -d $LIBVIRTP ] if [ ! -d "$LIBVIRTP" ]
then then
echo the $LIBVIRTP directory is missing, it is usually echo the $LIBVIRTP directory is missing, it is usually
echo installed by the libvirt package echo installed by the libvirt package
@ -99,13 +99,13 @@ then
exit 1 exit 1
fi fi
if [ ! -r $LIBVIRTP ] if [ ! -r "$LIBVIRTP" ]
then then
echo the $LIBVIRTP directory is not readable by $USER echo the $LIBVIRTP directory is not readable by $USER
echo "as root do: chown root:root $LIBVIRTP ; chmod 755 $LIBVIRTP" echo "as root do: chown root:root $LIBVIRTP ; chmod 755 $LIBVIRTP"
exit 1 exit 1
fi fi
if [ ! -x $LIBVIRTP ] if [ ! -x "$LIBVIRTP" ]
then then
echo the $LIBVIRTP directory is not listable by $USER echo the $LIBVIRTP directory is not listable by $USER
echo "as root do: chown root:root $LIBVIRTP ; chmod 755 $LIBVIRTP" echo "as root do: chown root:root $LIBVIRTP ; chmod 755 $LIBVIRTP"
@ -116,7 +116,7 @@ fi
# Now check the certificates # Now check the certificates
# First the CA certificate # First the CA certificate
# #
if [ ! -f $CA/cacert.pem ] if [ ! -f "$CA/cacert.pem" ]
then then
echo the CA certificate $CA/cacert.pem is missing while it echo the CA certificate $CA/cacert.pem is missing while it
echo should be installed on both client and servers echo should be installed on both client and servers
@ -124,7 +124,7 @@ then
echo on how to install it echo on how to install it
exit 1 exit 1
fi fi
if [ ! -r $CA/cacert.pem ] if [ ! -r "$CA/cacert.pem" ]
then then
echo the CA certificate $CA/cacert.pem is not readable by $USER echo the CA certificate $CA/cacert.pem is not readable by $USER
echo "as root do: chmod 644 $CA/cacert.pem" echo "as root do: chmod 644 $CA/cacert.pem"
@ -135,7 +135,7 @@ sed_get_org='/Issuer:/ {
s/,.*// s/,.*//
p p
}' }'
ORG=`$CERTOOL -i --infile $CA/cacert.pem | sed -n "$sed_get_org"` ORG=`"$CERTOOL" -i --infile "$CA/cacert.pem" | sed -n "$sed_get_org"`
if [ "$ORG" = "" ] if [ "$ORG" = "" ]
then then
echo the CA certificate $CA/cacert.pem does not define the organization echo the CA certificate $CA/cacert.pem does not define the organization
@ -148,29 +148,29 @@ echo Found CA certificate $CA/cacert.pem for $ORG
# Second the client certificates # Second the client certificates
if [ -f $LIBVIRT/clientcert.pem ] if [ -f "$LIBVIRT/clientcert.pem" ]
then then
if [ ! -r $LIBVIRT/clientcert.pem ] if [ ! -r "$LIBVIRT/clientcert.pem" ]
then then
echo Client certificate $LIBVIRT/clientcert.pem should be world readable echo Client certificate $LIBVIRT/clientcert.pem should be world readable
echo "as root do: chown root:root $LIBVIRT/clientcert.pem ; chmod 644 $LIBVIRT/clientcert.pem" echo "as root do: chown root:root $LIBVIRT/clientcert.pem ; chmod 644 $LIBVIRT/clientcert.pem"
else else
S_ORG=`$CERTOOL -i --infile $LIBVIRT/clientcert.pem | grep Subject: | sed 's+.*O=\([a-zA-Z \._-]*\).*+\1+'` S_ORG=`"$CERTOOL" -i --infile "$LIBVIRT/clientcert.pem" | grep Subject: | sed 's+.*O=\([a-zA-Z \._-]*\).*+\1+'`
if [ "$ORG" != "$S_ORG" ] if [ "$ORG" != "$S_ORG" ]
then then
echo The CA certificate and the client certificate do not match echo The CA certificate and the client certificate do not match
echo CA organization: $ORG echo CA organization: $ORG
echo Client organization: $S_ORG echo Client organization: $S_ORG
fi fi
CLIENT=`$CERTOOL -i --infile $LIBVIRT/clientcert.pem | grep Subject: | sed 's+.*CN=\(.[a-zA-Z \._-]*\).*+\1+'` CLIENT=`"$CERTOOL" -i --infile "$LIBVIRT/clientcert.pem" | grep Subject: | sed 's+.*CN=\(.[a-zA-Z \._-]*\).*+\1+'`
echo Found client certificate $LIBVIRT/clientcert.pem for $CLIENT echo Found client certificate $LIBVIRT/clientcert.pem for $CLIENT
if [ ! -e $LIBVIRTP/clientkey.pem ] if [ ! -e "$LIBVIRTP/clientkey.pem" ]
then then
echo Missing client private key $LIBVIRTP/clientkey.pem echo Missing client private key $LIBVIRTP/clientkey.pem
else else
echo Found client private key $LIBVIRTP/clientkey.pem echo Found client private key $LIBVIRTP/clientkey.pem
OWN=`ls -l $LIBVIRTP/clientkey.pem | awk '{ print $3 }'` OWN=`ls -l "$LIBVIRTP/clientkey.pem" | awk '{ print $3 }'`
MOD=`ls -l $LIBVIRTP/clientkey.pem | awk '{ print $1 }'` MOD=`ls -l "$LIBVIRTP/clientkey.pem" | awk '{ print $1 }'`
if [ "$OWN" != "root" ] if [ "$OWN" != "root" ]
then then
echo The client private key should be owned by root echo The client private key should be owned by root
@ -185,7 +185,7 @@ then
fi fi
else else
echo Did not found $LIBVIRT/clientcert.pem client certificate echo Did not find "$LIBVIRT/clientcert.pem" client certificate
echo The machine cannot act as a client echo The machine cannot act as a client
echo "see http://libvirt.org/remote.html#Remote_TLS_client_certificates" echo "see http://libvirt.org/remote.html#Remote_TLS_client_certificates"
echo on how to regenerate it echo on how to regenerate it
@ -194,21 +194,21 @@ fi
# Third the server certificates # Third the server certificates
if [ -f $LIBVIRT/servercert.pem ] if [ -f "$LIBVIRT/servercert.pem" ]
then then
if [ ! -r $LIBVIRT/servercert.pem ] if [ ! -r "$LIBVIRT/servercert.pem" ]
then then
echo Server certificate $LIBVIRT/servercert.pem should be world readable echo Server certificate $LIBVIRT/servercert.pem should be world readable
echo "as root do: chown root:root $LIBVIRT/servercert.pem ; chmod 644 $LIBVIRT/servercert.pem" echo "as root do: chown root:root $LIBVIRT/servercert.pem ; chmod 644 $LIBVIRT/servercert.pem"
else else
S_ORG=`$CERTOOL -i --infile $LIBVIRT/servercert.pem | grep Subject: | sed 's+.*O=\([a-zA-Z\. _-]*\).*+\1+'` S_ORG=`"$CERTOOL" -i --infile "$LIBVIRT/servercert.pem" | grep Subject: | sed 's+.*O=\([a-zA-Z\. _-]*\).*+\1+'`
if [ "$ORG" != "$S_ORG" ] if [ "$ORG" != "$S_ORG" ]
then then
echo The CA certificate and the server certificate do not match echo The CA certificate and the server certificate do not match
echo CA organization: $ORG echo CA organization: $ORG
echo Server organization: $S_ORG echo Server organization: $S_ORG
fi fi
S_HOST=`$CERTOOL -i --infile $LIBVIRT/servercert.pem | grep Subject: | sed 's+.*CN=\([a-zA-Z\. _-]*\)+\1+'` S_HOST=`"$CERTOOL" -i --infile "$LIBVIRT/servercert.pem" | grep Subject: | sed 's+.*CN=\([a-zA-Z\. _-]*\)+\1+'`
if test "$S_HOST" != "`hostname -s`" && test "$S_HOST" != "`hostname`" if test "$S_HOST" != "`hostname -s`" && test "$S_HOST" != "`hostname`"
then then
echo The server certificate does not seem to match the host name echo The server certificate does not seem to match the host name
@ -216,13 +216,13 @@ then
echo Server certificate CN: '"'$S_HOST'"' echo Server certificate CN: '"'$S_HOST'"'
fi fi
echo Found server certificate $LIBVIRT/servercert.pem for $S_HOST echo Found server certificate $LIBVIRT/servercert.pem for $S_HOST
if [ ! -e $LIBVIRTP/serverkey.pem ] if [ ! -e "$LIBVIRTP/serverkey.pem" ]
then then
echo Missing server private key $LIBVIRTP/serverkey.pem echo Missing server private key $LIBVIRTP/serverkey.pem
else else
echo Found server private key $LIBVIRTP/serverkey.pem echo Found server private key $LIBVIRTP/serverkey.pem
OWN=`ls -l $LIBVIRTP/serverkey.pem | awk '{ print $3 }'` OWN=`ls -l "$LIBVIRTP/serverkey.pem" | awk '{ print $3 }'`
MOD=`ls -l $LIBVIRTP/serverkey.pem | awk '{ print $1 }'` MOD=`ls -l "$LIBVIRTP/serverkey.pem" | awk '{ print $1 }'`
if [ "$OWN" != "root" ] if [ "$OWN" != "root" ]
then then
echo The server private key should be owned by root echo The server private key should be owned by root
@ -237,7 +237,7 @@ then
fi fi
else else
echo Did not found $LIBVIRT/servercert.pem server certificate echo Did not find $LIBVIRT/servercert.pem server certificate
echo The machine cannot act as a server echo The machine cannot act as a server
echo "see http://libvirt.org/remote.html#Remote_TLS_server_certificates" echo "see http://libvirt.org/remote.html#Remote_TLS_server_certificates"
echo on how to regenerate it echo on how to regenerate it
@ -259,7 +259,7 @@ then
fi fi
if [ -r "$SYSCONFDIR"/sysconfig/iptables ] if [ -r "$SYSCONFDIR"/sysconfig/iptables ]
then then
if grep $PORT "$SYSCONFDIR"/sysconfig/iptables >/dev/null 2>&1 if grep "$PORT" "$SYSCONFDIR"/sysconfig/iptables >/dev/null 2>&1
then then
: :
else else

10
tools/virt-xml-validate.in
View File

@ -17,8 +17,8 @@
set -e set -e
XMLFILE=$1 XMLFILE="$1"
TYPE=$2 TYPE="$2"
if [ -z "$XMLFILE" ]; then if [ -z "$XMLFILE" ]; then
echo "syntax: $0 XMLFILE [TYPE]" echo "syntax: $0 XMLFILE [TYPE]"
@ -31,8 +31,8 @@ if [ ! -f "$XMLFILE" ]; then
fi fi
if [ -z "$TYPE" ]; then if [ -z "$TYPE" ]; then
ROOT=`xmllint --stream --debug $XMLFILE 2>/dev/null | grep "^0 1 " | awk '{ print $3 }'` ROOT=`xmllint --stream --debug "$XMLFILE" 2>/dev/null | grep "^0 1 " | awk '{ print $3 }'`
case $ROOT in case "$ROOT" in
*domain*) *domain*)
TYPE="domain" TYPE="domain"
;; ;;
@ -64,7 +64,7 @@ if [ ! -f "$SCHEMA" ]; then
exit 4 exit 4
fi fi
xmllint --noout --relaxng $SCHEMA $XMLFILE xmllint --noout --relaxng "$SCHEMA" "$XMLFILE"
exit 0 exit 0