From: Daniel P. Berrangé Date: Fri, 7 Jun 2024 09:58:12 +0000 (+0100) Subject: tools: stop checking init scripts & iptables config X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=3faa78d98d9fdce2de95c7d4bd5d6f67c2d27b63;p=libvirt.git tools: stop checking init scripts & iptables config The /etc/sysconfig/libvirtd file is a Fedora/RHEL specific concept. Since those distros switched to systemd socket activation, the existance of --listen parameter in /etc/sysconfig/libvirtd is no longer a reliable check. This was further degraded with the switch to modular daemons where virtproxyd takes over the role. The /etc/sysconfig/iptables file is a Fedora/RHEL specific concept. Since those distros switched to firewalld, this file is no longer a reliable check. Rather than complicating these checks, just remove them, so that the virt-pki-validate tool focuses exclusively on TLS configuration validation. Reviewed-by: Michal Privoznik Signed-off-by: Daniel P. Berrangé --- diff --git a/tools/virt-pki-validate.in b/tools/virt-pki-validate.in index c91f247ba5..c77daa9862 100644 --- a/tools/virt-pki-validate.in +++ b/tools/virt-pki-validate.in @@ -73,7 +73,6 @@ echo Found "$CERTOOL" # SYSCONFDIR="@sysconfdir@" PKI="$SYSCONFDIR/pki" -INITCONFDIR="@initconfdir@" if [ ! -d "$PKI" ] then echo the $PKI directory is missing, it is usually @@ -293,31 +292,4 @@ else SERVER=0 fi -if [ "$SERVER" = "1" ] -then - if [ -r "$INITCONFDIR"/libvirtd ] - then - if grep "^LIBVIRTD_ARGS.*--listen" "$INITCONFDIR"/libvirtd \ - >/dev/null 2>&1 - then - : - else - echo Make sure "$INITCONFDIR"/libvirtd is setup to listen to - echo TCP/IP connections and restart the libvirtd service - fi - fi - if [ -r "$INITCONFDIR"/iptables ] - then - if grep "$PORT" "$INITCONFDIR"/iptables >/dev/null 2>&1 - then - : - else - echo Make sure "$INITCONFDIR"/iptables is setup to allow - echo incoming TCP/IP connections on port $PORT and - echo restart the iptables service - fi - fi -fi - - exit 0