This patch makes virt-pki-validate work with certificates that have
acl or xattr set. Otherwise it failing due to wrong permissions.
---
tools/virt-pki-validate.in | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/tools/virt-pki-validate.in b/tools/virt-pki-validate.in
index 01825d1..4164758 100755
--- a/tools/virt-pki-validate.in
+++ b/tools/virt-pki-validate.in
@@ -170,7 +170,8 @@ then
else
echo Found client private key $LIBVIRTP/clientkey.pem
OWN=`ls -l "$LIBVIRTP/clientkey.pem" | awk '{ print $3 }'`
- MOD=`ls -l "$LIBVIRTP/clientkey.pem" | awk '{ print $1 }'`
+ # The substr($1, 1, 10) gets rid of acl and xattr markers
+ MOD=`ls -l "$LIBVIRTP/clientkey.pem" | awk '{ print substr($1, 1, 10) }'`
if [ "$OWN" != "root" ]
then
echo The client private key should be owned by root
@@ -222,7 +223,8 @@ then
else
echo Found server private key $LIBVIRTP/serverkey.pem
OWN=`ls -l "$LIBVIRTP/serverkey.pem" | awk '{ print $3 }'`
- MOD=`ls -l "$LIBVIRTP/serverkey.pem" | awk '{ print $1 }'`
+ # The substr($1, 1, 10) gets rid of acl and xattr markers
+ MOD=`ls -l "$LIBVIRTP/serverkey.pem" | awk '{ print substr($1, 1, 10) }'`
if [ "$OWN" != "root" ]
then
echo The server private key should be owned by root
--
1.7.8.6
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list