From 300bd5e2db92cd66f8736cfbea46c5217864576e Mon Sep 17 00:00:00 2001 From: Mikhail Novosyolov Date: Tue, 12 Nov 2019 02:06:06 +0300 Subject: [PATCH] Improve regexp for email Previous regexp assumed that first level domain is <=4 symbols, but modern domain zones are longer, e.g. email foo@foo.forex was incorrectly considered invalid by the old regexp Move this stuff from macro expansion to the script itself: the new regexp does not work inside RPM-invoked shell due to further subshells being invoked by '()' in the regexp (I don't know how to deal with it, `shopt -u expand_aliases` does not help) [ Regexp is from logist/wl.cgi ] --- kernel.spec | 50 +++++++++++++++++++++++++++++++++----------------- 1 file changed, 33 insertions(+), 17 deletions(-) diff --git a/kernel.spec b/kernel.spec index 27bd57c..b4bfdb5 100644 --- a/kernel.spec +++ b/kernel.spec @@ -1,10 +1,13 @@ +# _get_email() in %%build contains bashisms for regexping +%define _buildshell /bin/bash + %define kernelversion 5 %define patchlevel 3 # sublevel is used for stable-based kernels %define sublevel 10 # Release number. Increase this before a rebuild. -%define rpmrel 1 +%define rpmrel 2 %define fullrpmrel %{rpmrel} %define rpmtag %{disttag} @@ -78,21 +81,6 @@ %define certs_signing_key_rnd %{certs_dir_rnd}/signing_key.pem %define certs_key_config_rnd %{certs_dir_rnd}/x509.genkey %define certs_verify_tmp %{certs_dir_rnd}/verify.tmp -# %%certs_email_rnd expansion has bashisms -%define _buildshell /bin/bash -# On ABF, %%packager == $username <$email> -# Try to extract email from %%packager if it is set -# https://stackoverflow.com/a/5719562 -%define certs_email_rnd %(\ - if echo '%{packager}' | grep -q 'packager}$' || [ -z "%{packager}" ]; \ - then echo 'rpmbuild@rosa.unknown' && exit 0; \ - else temp="$(echo '%{packager}' | awk '{print $NF}' | tr -d '<>')"; \ - fi; \ - if [[ "$temp" =~ ^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$ ]]; \ - then echo "$temp" && exit 0; \ - else echo 'rpmbuild@rosa.unknown' && exit 0; \ - fi; \ - echo 'rpmbuild@rosa.unknown' ) ############################################################################ # Build defines @@ -818,6 +806,34 @@ cd %src_dir # https://www.ibm.com/support/knowledgecenter/en/SSB23S_1.1.0.13/gtps7/cfgcert.html %if %{enhanced_security} mkdir -p "%{certs_dir_rnd}" + +# On ABF, %%packager == $username <$email> +# Try to extract email from %%packager if it is set +_get_email(){ + # Check that macro %%packager was set and is not empty + if echo '%{packager}' | grep -q 'packager}$' || [ -z "%{packager}" ] + # If was not set or is empty, use default email + then echo 'rpmbuild@rosa.unknown' && return + # Otherwise try to extract email from 'name ' or sth else + else temp="$(echo '%{packager}' | tr '[:upper:]' '[:lower:]' | tr ' ' '\n' | tr -d '<>' | grep -E '@.*\..*' | head -n 1)" + fi + # Validate that what we have now is a valid email + # https://stackoverflow.com/a/2138832, https://stackoverflow.com/a/41192733 + # Note that we set %%_buildshell to /bin/bash to guarantee the work of this bashism + regex_email="^[a-z0-9!#\$%&'*+/=?^_\`{|}~-]+(\.[a-z0-9!#$%&'*+/=?^_\`{|}~-]+)*@([a-z0-9]([a-z0-9-]*[a-z0-9])?\.)+[a-z0-9]([a-z0-9-]*[a-z0-9])?\$" + if [[ "$temp" =~ ${regex_email} ]] + # If it is, use it + then echo "$temp" && return + # Otherwise use default email + else echo 'rpmbuild@rosa.unknown' && return + fi + # If script above has not return'ed for any reason, + # e.g. because of non-bash shell being not able to + # process regexp, use default email + echo 'rpmbuild@rosa.unknown' +} +email="$(_get_email)" + cat < "%{certs_key_config_rnd}" [ req ] # https://github.com/openssl/openssl/issues/3536 @@ -830,7 +846,7 @@ distinguished_name = req_distinguished_name [ req_distinguished_name ] organizationName = %{vendor} rpmbuild commonName = Build time autogenerated kernel key -emailAddress = %{certs_email_rnd} +emailAddress = ${email} EOF cat "%{certs_key_config_rnd}"