Ubuntu's gntls package generates an Issuer line that looks like this:
Issuer: C=US,ST=NY,L=Rochester,O=example.com,CN=example.com CA,EMAIL=hostmaster@example.com
While Red Hat's looks like this
Issuer: CN=Red Hat Emerging Technologies
Note the leading whitespace, and the additional fields in the former.
This patch updates the regular expression to:
* trim leading characters before "Issuer:"
* trim anything between Issuer: and CN=
* trim anything after the next ,
I've tested this against the certool output of both RH and Ubuntu
generated certs.
Signed-off-by: Dustin Kirkland <kirkland@canonical.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
A few fixes will help make tools/virt-pki-validate.in useful on Debian
and Ubuntu. And one fix should be useful to everyone (see #3).
1) note our gnutls-bin package (in addition to your gnutls-utils
package) in the no-certtool error text
2) fix a bashism, == should be = in the case where /bin/sh is a symlink
to dash
3) $(SYSCONFDIR) cannot evaluate; set a single shell SYSCONFDIR
variable to the autoconf @SYSCONFDIR@ value, and use $SYSCONFDIR
everywhere
Bug report:
* https://bugs.edge.launchpad.net/ubuntu/+source/libvirt/+bug/562266
Signed-off-by: Dustin Kirkland <kirkland@canonical.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Noticed because virt-pki-validate was very inconsistent on
using tabs vs. 8 spaces, sometimes mixing both paradigms on
a single line.
'git diff -b' shows significant changes only in cfg.mk.
* cfg.mk (sc_TAB_in_indentation): Add a few files.
* daemon/libvirtd.init.in: Avoid tabs.
* tools/virt-pki-validate.in: Likewise.
A lot of syntax check rules have to be rewritten, but the
result is easier to maintain. I tested each syntax rule
by intentionally introducing a temporary violation of the rule.
Additionally, some false positives for unmarked_diagnostics
crept in, and an improved copyright_format test caught some bugs.
* .gnulib: Update to latest.
* cfg.mk (sc_prohibit_test_minus_ao): Delete, it was moved into
gnulib's maint.mk.
(sc_avoid_write, sc_prohibit_strcmp_and_strncmp)
(sc_prohibit_asprintf, sc_prohibit_strncpy, sc_prohibit_readlink)
(sc_prohibit_gethostname, sc_prohibit_gettext_noop)
(sc_prohibit_VIR_ERR_NO_MEMORY, sc_prohibit_nonreentrant)
(sc_prohibit_ctype_h, sc_TAB_in_indentation)
(sc_avoid_ctype_macros)
(sc_prohibit_virBufferAdd_with_string_literal)
(sc_prohibit_gethostby, sc_copyright_format): Rewrite in terms of
new maint.mk macros.
(sc_libvirt_unmarked_diagnostics): Fix whitespace.
* .x-sc_unmarked_diagnostics: New file.
* tests/object-locking.ml: Fix copyright.
* tools/virt-pki-validate.in: Likewise.
* tools/virt-xml-validate.in: Likewise.
* cfg.mk (sc_prohibit_test_minus_ao): Also check for [.
* docs/Makefile.am (%.html, html/index.html): Avoid non-portable
test usage.
* libvirt.spec.in (%post): Likewise.
* tools/virt-pki-validate.in (servercert.pem): Likewise.
* configure.ac (LOGNAME): Use test, not [, in files processed by
autoconf.
Detected by Matthias Bolte.
* docs/pki_check.sh: Move to tool/virt-pki-validate.in and add
in POD man page documentation
* tools/.gitignore: Ignore generated virt-pki-validate file
* tools/Makefile.am: Install & build virt-pki-validate and
virt-pki-validate.1
* docs/remote.html, docs/remote.html.in: Refer to new tool
name virt-pki-validate
* libvirt.spec.in, mingw32-libvirt.spec.in: Add virt-pki-validate
and virt-pki-validate.1 to files list
