From 3decd4f9f1b55000770f4203f98438b6f791256d Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Wed, 16 Sep 2009 14:42:57 +0100
Subject: [PATCH] Make pki_check.sh into an installed & supported tool

* docs/pki_check.sh: Move to tool/virt-pki-validate.in and add
  in POD man page documentation
* tools/.gitignore: Ignore generated virt-pki-validate file
* tools/Makefile.am: Install & build virt-pki-validate and
  virt-pki-validate.1
* docs/remote.html, docs/remote.html.in: Refer to new tool
  name virt-pki-validate
* libvirt.spec.in, mingw32-libvirt.spec.in: Add virt-pki-validate
  and virt-pki-validate.1 to files list
---
 docs/remote.html                              |  2 +-
 docs/remote.html.in                           |  2 +-
 libvirt.spec.in                               |  2 +
 mingw32-libvirt.spec.in                       |  2 +
 tools/.gitignore                              |  1 +
 tools/Makefile.am                             | 11 ++-
 .../virt-pki-validate.in                      | 67 +++++++++++++++++--
 7 files changed, 75 insertions(+), 12 deletions(-)
 rename docs/pki_check.sh => tools/virt-pki-validate.in (81%)

diff --git a/docs/remote.html b/docs/remote.html
index 30750bc98..57fc5376c 100644
--- a/docs/remote.html
+++ b/docs/remote.html
@@ -582,7 +582,7 @@ client is connecting.  The verbose log messages should
 tell you enough to diagnose the problem.
 </p>
       </dd></dl>
-        <p> You can use the <a href="pki_check.sh">pki_check.sh</a> shell script
+        <p> You can use the virt-pki-validate shell script
 to analyze the setup on the client or server machines, preferably as root.
 It will try to point out the possible problems and provide solutions to
 fix the set up up to a point where you have secure remote access.</p>
diff --git a/docs/remote.html.in b/docs/remote.html.in
index 494191344..2716ebe2b 100644
--- a/docs/remote.html.in
+++ b/docs/remote.html.in
@@ -622,7 +622,7 @@ tell you enough to diagnose the problem.
 </p>
       </dd>
     </dl>
-    <p> You can use the <a href="pki_check.sh">pki_check.sh</a> shell script
+    <p> You can use the virt-pki-validate shell script
 to analyze the setup on the client or server machines, preferably as root.
 It will try to point out the possible problems and provide solutions to
 fix the set up up to a point where you have secure remote access.</p>
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 550ce5f22..cb2b27432 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -704,8 +704,10 @@ fi
 
 %{_mandir}/man1/virsh.1*
 %{_mandir}/man1/virt-xml-validate.1*
+%{_mandir}/man1/virt-pki-validate.1*
 %{_bindir}/virsh
 %{_bindir}/virt-xml-validate
+%{_bindir}/virt-pki-validate
 %{_libdir}/lib*.so.*
 
 %dir %{_datadir}/libvirt/
diff --git a/mingw32-libvirt.spec.in b/mingw32-libvirt.spec.in
index 769c3ff12..867a8493e 100644
--- a/mingw32-libvirt.spec.in
+++ b/mingw32-libvirt.spec.in
@@ -80,6 +80,7 @@ rm -rf $RPM_BUILD_ROOT
 %{_mingw32_bindir}/libvirt-0.dll
 %{_mingw32_bindir}/virsh.exe
 %{_mingw32_bindir}/virt-xml-validate
+%{_mingw32_bindir}/virt-pki-validate
 
 %{_mingw32_libdir}/libvirt.dll.a
 %{_mingw32_libdir}/libvirt.la
@@ -105,6 +106,7 @@ rm -rf $RPM_BUILD_ROOT
 
 %{_mingw32_mandir}/man1/virsh.1*
 %{_mingw32_mandir}/man1/virt-xml-validate.1*
+%{_mingw32_mandir}/man1/virt-pki-validate.1*
 
 
 %changelog
diff --git a/tools/.gitignore b/tools/.gitignore
index f2928730b..51f1f666b 100644
--- a/tools/.gitignore
+++ b/tools/.gitignore
@@ -1,4 +1,5 @@
 virt-xml-validate
+virt-pki-validate
 *.1
 Makefile
 Makefile.in
diff --git a/tools/Makefile.am b/tools/Makefile.am
index e5333ceea..81698a4b3 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -8,12 +8,12 @@ ICON_FILES = \
 	libvirt_win_icon_64x64.ico \
 	virsh_win_icon.rc
 
-EXTRA_DIST = $(ICON_FILES) virt-xml-validate.in virsh.pod
+EXTRA_DIST = $(ICON_FILES) virt-xml-validate.in virt-pki-validate.in virsh.pod
 
-bin_SCRIPTS = virt-xml-validate
+bin_SCRIPTS = virt-xml-validate virt-pki-validate
 bin_PROGRAMS = virsh
 
-man1_MANS = virt-xml-validate.1 virsh.1
+man1_MANS = virt-xml-validate.1 virt-pki-validate.1 virsh.1
 
 
 virt-xml-validate: virt-xml-validate.in Makefile
@@ -23,7 +23,12 @@ virt-xml-validate: virt-xml-validate.in Makefile
 virt-xml-validate.1: virt-xml-validate
 	$(POD2MAN) $< $@
 
+virt-pki-validate: virt-pki-validate.in Makefile
+	sed -e 's,@SYSCONFDIR@,$(sysconfdir),' < $< > $@ || (rm $@ && exit 1)
+	chmod +x $@
 
+virt-pki-validate.1: virt-pki-validate
+	$(POD2MAN) $< $@
 
 virsh_SOURCES =							\
 		console.c console.h				\
diff --git a/docs/pki_check.sh b/tools/virt-pki-validate.in
similarity index 81%
rename from docs/pki_check.sh
rename to tools/virt-pki-validate.in
index 10cdb7d14..f3d321848 100755
--- a/docs/pki_check.sh
+++ b/tools/virt-pki-validate.in
@@ -25,7 +25,7 @@ echo Found $CERTOOL
 #
 # Check the directory structure
 #
-PKI="/etc/pki"
+PKI="$(SYSCONFDIR)/pki"
 if [ ! -d $PKI ]
 then
     echo the $PKI directory is missing, it is usually
@@ -240,21 +240,74 @@ fi
 
 if [ "$SERVER" = "1" ]
 then
-    if [ -r /etc/sysconfig/libvirtd ]
+    if [ -r $(SYSCONFDIR)/sysconfig/libvirtd ]
     then
-        if [ "`grep '^LIBVIRTD_ARGS' /etc/sysconfig/libvirtd | grep -- '--listen'`" = "" ]
+        if [ "`grep '^LIBVIRTD_ARGS' $(SYSCONFDIR)/sysconfig/libvirtd | grep -- '--listen'`" = "" ]
 	then
-	    echo Make sure /etc/sysconfig/libvirtd is setup to listen to
+	    echo Make sure $(SYSCONFDIR)/sysconfig/libvirtd is setup to listen to
 	    echo TCP/IP connections and restart the libvirtd service
 	fi
     fi
-    if [ -r /etc/sysconfig/iptables ]
+    if [ -r $(SYSCONFDIR)/sysconfig/iptables ]
     then
-        if [ "`grep $PORT /etc/sysconfig/iptables`" = "" ]
+        if [ "`grep $PORT $(SYSCONFDIR)/sysconfig/iptables`" = "" ]
 	then
-	    echo Make sure /etc/sysconfig/iptables is setup to allow
+	    echo Make sure $(SYSCONFDIR)/sysconfig/iptables is setup to allow
 	    echo incoming TCP/IP connections on port $PORT and
 	    echo restart the iptables service
 	fi
     fi
 fi
+
+
+exit 0
+
+: <<=cut
+=pod
+
+=head1 NAME
+
+  virt-pki-validate - validate libvirt PKI files are configured correctly
+
+=head1 SYNOPSIS
+
+  virt-pki-validate
+
+=head1 DESCRIPTION
+
+This tool validates that the neccessary PKI files are configured for
+a secure libvirt server or client using the TLS encryption protocol.
+It will report any missing certificate or key files on the host. It
+should be run as root to ensure it can read all the neccessary files
+
+=head1 EXIT STATUS
+
+Upon successful validation, an exit status of 0 will be set. Upon
+failure a non-zero status will be set.
+
+=head1 AUTHOR
+
+Richard Jones
+
+=head1 BUGS
+
+Report any bugs discovered to the libvirt community via the
+mailing list C<http://libvirt.org/contact.html> or bug tracker C<http://libvirt.org/bugs.html>.
+Alternatively report bugs to your software distributor / vendor.
+
+=head1 COPYRIGHT
+
+Copyright 2006-2009 by Red Hat, Inc
+
+=head1 LICENSE
+
+virt-pki-validate is distributed under the terms of the GNU GPL v2+.
+This is free software; see the source for copying conditions. There
+is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
+PURPOSE
+
+=head1 SEE ALSO
+
+C<virsh(1)>, online PKI setup instructions C<http://libvirt.org/remote.html>
+
+=cut
-- 
2.39.5