Improve regexp for email

Previous regexp assumed that first level domain is <=4 symbols, but modern domain zones are longer, e.g. email foo@foo.forex was incorrectly considered invalid by the old regexp Move this stuff from macro expansion to the script itself: the new regexp does not work inside RPM-invoked shell due to further subshells being invoked by '()' in the regexp (I don't know how to deal with it, `shopt -u expand_aliases` does not help) [ Regexp is from logist/wl.cgi ]
2025-02-25 00:02:55 +00:00 · 2019-11-12 02:06:06 +03:00 · 2019-11-12 02:06:06 +03:00 · 300bd5e2db
commit 300bd5e2db
parent cc3afd8669
1 changed files with 33 additions and 17 deletions
--- a/kernel.spec
+++ b/kernel.spec
@ -1,10 +1,13 @@
+# _get_email() in %%build contains bashisms for regexping
+%define _buildshell /bin/bash
+
 %define kernelversion	5
 %define patchlevel	3
 # sublevel is used for stable-based kernels
 %define sublevel	10

 # Release number. Increase this before a rebuild.
-%define rpmrel		1
+%define rpmrel		2
 %define fullrpmrel	%{rpmrel}

 %define rpmtag		%{disttag}
@ -78,21 +81,6 @@
 %define certs_signing_key_rnd %{certs_dir_rnd}/signing_key.pem
 %define certs_key_config_rnd %{certs_dir_rnd}/x509.genkey
 %define certs_verify_tmp %{certs_dir_rnd}/verify.tmp
-# %%certs_email_rnd expansion has bashisms
-%define _buildshell /bin/bash
-# On ABF, %%packager == $username <$email>
-# Try to extract email from %%packager if it is set
-# https://stackoverflow.com/a/5719562
-%define certs_email_rnd %(\
-	if echo '%{packager}' | grep -q 'packager}$' || [ -z "%{packager}" ]; \
-		then echo 'rpmbuild@rosa.unknown' && exit 0; \
-		else temp="$(echo '%{packager}' | awk '{print $NF}' | tr -d '<>')"; \
-	fi; \
-	if [[ "$temp" =~ ^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$ ]]; \
-		then echo "$temp" && exit 0; \
-		else echo 'rpmbuild@rosa.unknown' && exit 0; \
-	fi; \
-	echo 'rpmbuild@rosa.unknown' )
 ############################################################################

 # Build defines
@ -818,6 +806,34 @@ cd %src_dir
 # https://www.ibm.com/support/knowledgecenter/en/SSB23S_1.1.0.13/gtps7/cfgcert.html
 %if %{enhanced_security}
 mkdir -p "%{certs_dir_rnd}"
+
+# On ABF, %%packager == $username <$email>
+# Try to extract email from %%packager if it is set
+_get_email(){
+	# Check that macro %%packager was set and is not empty
+	if echo '%{packager}' | grep -q 'packager}$' || [ -z "%{packager}" ]
+		# If was not set or is empty, use default email
+		then echo 'rpmbuild@rosa.unknown' && return
+		# Otherwise try to extract email from 'name <email>' or sth else
+		else temp="$(echo '%{packager}' | tr '[:upper:]' '[:lower:]' | tr ' ' '\n' | tr -d '<>' | grep -E '@.*\..*' | head -n 1)"
+	fi
+	# Validate that what we have now is a valid email
+	# https://stackoverflow.com/a/2138832, https://stackoverflow.com/a/41192733
+	# Note that we set %%_buildshell to /bin/bash to guarantee the work of this bashism
+	regex_email="^[a-z0-9!#\$%&'*+/=?^_\`{|}~-]+(\.[a-z0-9!#$%&'*+/=?^_\`{|}~-]+)*@([a-z0-9]([a-z0-9-]*[a-z0-9])?\.)+[a-z0-9]([a-z0-9-]*[a-z0-9])?\$"
+	if [[ "$temp" =~ ${regex_email} ]]
+		# If it is, use it
+		then echo "$temp" && return
+		# Otherwise use default email
+		else echo 'rpmbuild@rosa.unknown' && return
+	fi
+	# If script above has not return'ed for any reason,
+	# e.g. because of non-bash shell being not able to
+	# process regexp, use default email
+	echo 'rpmbuild@rosa.unknown'
+}
+email="$(_get_email)"
+
 cat <<EOF > "%{certs_key_config_rnd}"
 [ req ]
 # https://github.com/openssl/openssl/issues/3536
@ -830,7 +846,7 @@ distinguished_name = req_distinguished_name
 [ req_distinguished_name ]
 organizationName = %{vendor} rpmbuild
 commonName = Build time autogenerated kernel key
-emailAddress = %{certs_email_rnd}
+emailAddress = ${email}
 EOF
 cat "%{certs_key_config_rnd}"