From ee653e81f67a42841c86f7797395643001fa1565 Mon Sep 17 00:00:00 2001
From: r00t <bts@square-r00t.net>
Date: Sat, 26 May 2018 08:40:21 -0400
Subject: [PATCH] grrr. validation errors, but i think it's how i'm modifying
 the thing

---
 bdisk/bdisk.xsd                 | 133 ++++++++++++++++++++------------
 bdisk/confparse.py              |  50 ++++++++----
 bdisk/utils.py                  |  10 +++
 docs/examples/multi_profile.xml |  35 +++++----
 docs/examples/regen_multi.py    |   2 +-
 5 files changed, 146 insertions(+), 84 deletions(-)

diff --git a/bdisk/bdisk.xsd b/bdisk/bdisk.xsd
index e54c4e1..90c6c26 100644
--- a/bdisk/bdisk.xsd
+++ b/bdisk/bdisk.xsd
@@ -13,7 +13,7 @@
         <xs:restriction base="xs:string">
             <xs:pattern value="\w+:(/?/?)[^\s]+"/>
             <xs:pattern value=".*\{variable%[A-Za-z0-9_]\}.*"/>
-            <xs:pattern value=".*\{xpath%[A-Za-z0-9_/\(\)\.\*@\-]+\}.*"/>
+            <xs:pattern value=".*\{xpath%[&quot;'A-Za-z0-9_/\(\)\.\*@\-\[\]=]+\}.*"/>
         </xs:restriction>
     </xs:simpleType>
     <!-- END t_btag_uri -->
@@ -23,7 +23,7 @@
         <xs:restriction base="xs:string">
             <xs:pattern value="([a-z0-9._-]+){1,255}"/>
             <xs:pattern value=".*\{variable%[A-Za-z0-9_]\}.*"/>
-            <xs:pattern value=".*\{xpath%[A-Za-z0-9_/\(\)\.\*@\-]+\}.*"/>
+            <xs:pattern value=".*\{xpath%[&quot;'A-Za-z0-9_/\(\)\.\*@\-\[\]=]+\}.*"/>
             <!-- We don't allow (string)(regex) or (regex)(string) or (string)(regex)(string) or multiple regexes -->
             <!-- because that's just... not feasible to manage from a parsing perspective. -->
             <xs:pattern value="\{regex%.+\}"/>
@@ -75,7 +75,7 @@
         <xs:restriction base="xs:string">
             <xs:pattern value="($[156]($rounds=[0-9]+)?$[a-zA-Z0-9./]{1,16}$?|auto|)"/>
             <xs:pattern value="\{variable%[A-Za-z0-9_]\}"/>
-            <xs:pattern value="\{xpath%[A-Za-z0-9_\(\)\.\*\-/]+\}"/>
+            <xs:pattern value="\{xpath%[&quot;'A-Za-z0-9_\(\)\.\*\-/\[\]=]+\}"/>
         </xs:restriction>
     </xs:simpleType>
     <!-- END t_pass_salt -->
@@ -90,9 +90,9 @@
         <!-- sha512: "[a-zA-Z0-9./]{86}" -->
         <xs:simpleContent>
             <xs:extension base="xs:string">
-                <xs:attribute name="hash_algo" type="t_pass_hash_algo"/>
+                <xs:attribute name="hash_algo" type="t_pass_hash_algo" use="optional"/>
                 <xs:attribute name="hashed" type="xs:boolean" use="required"/>
-                <xs:attribute name="salt" type="t_pass_salt"/>
+                <xs:attribute name="salt" type="t_pass_salt" use="optional"/>
             </xs:extension>
         </xs:simpleContent>
     </xs:complexType>
@@ -105,7 +105,7 @@
             <xs:pattern value=""/>
             <xs:pattern value="(.+)/([^/]+)"/>
             <xs:pattern value="((.+)/([^/]+))?\{variable%[A-Za-z0-9_]\}((.+)/([^/]+))?"/>
-            <xs:pattern value="((.+)/([^/]+))?\{xpath%[A-Za-z0-9_\(\)\.\*\-/]+\}((.+)/([^/]+))?"/>
+            <xs:pattern value="((.+)/([^/]+))?\{xpath%[&quot;'A-Za-z0-9_\(\)\.\*\-/\[\]=]+\}((.+)/([^/]+))?"/>
         </xs:restriction>
     </xs:simpleType>
     <!-- END t_path -->
@@ -180,6 +180,8 @@
                         <!-- We can't validate an actual ISO-3166 ALPHA-2 code, but we can validate the format. -->
                         <!-- TODO: maybe cron the generation of an external namespace? -->
                         <xs:pattern value="[A-Z]{2}"/>
+                        <xs:pattern value=".*\{variable%[A-Za-z0-9_]\}.*"/>
+                        <xs:pattern value=".*\{xpath%[&quot;'A-Za-z0-9_/\(\)\.\*@\-\[\]=]+\}.*"/>
                     </xs:restriction>
                 </xs:simpleType>
             </xs:element>
@@ -234,7 +236,7 @@
         <xs:restriction base="xs:string">
             <xs:pattern value="[a-z_]([a-z0-9_-]{0,31}|[a-z0-9_-]{0,30}$)"/>
             <xs:pattern value="\{variable%[A-Za-z0-9_]\}"/>
-            <xs:pattern value="\{xpath%[A-Za-z0-9_\(\)\.\*\-/]+\}"/>
+            <xs:pattern value="\{xpath%[&quot;'A-Za-z0-9_\(\)\.\*\-/\[\]=]+\}"/>
         </xs:restriction>
     </xs:simpleType>
     <!-- END t_username -->
@@ -244,7 +246,7 @@
     <xs:element name="bdisk">
         <xs:complexType>
             <!-- Should this be xs:sequence instead? -->
-            <xs:choice>
+            <xs:sequence>
                 <!-- BDISK/PROFILE -->
                 <xs:element name="profile" maxOccurs="unbounded" minOccurs="1">
                     <xs:complexType>
@@ -275,7 +277,7 @@
                                                                 <!-- refer to the 2009 POSIX spec, "3.282 Portable Filename Character Set" -->
                                                                 <!-- http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_282 -->
                                                                 <!-- (We use this string to name some files.) -->
-                                                                <xs:pattern value="([a-z0-9._-]+){1,255}"/>
+                                                                <xs:pattern value="([A-Za-z0-9._-]+){1,255}"/>
                                                                 <xs:pattern value="\{variable%[A-Za-z0-9_]\}"/>
                                                                 <xs:pattern value="\{xpath%[A-Za-z0-9_\(\)\.\*\-/]+\}"/>
                                                             </xs:restriction>
@@ -306,14 +308,14 @@
                                                 <xs:all>
                                                     <!-- BDISK/PROFILE/META/DEV/AUTHOR -->
                                                     <xs:element name="author" maxOccurs="1" minOccurs="1"
-                                                                type="xs:string"/>
+                                                                type="xs:normalizedString"/>
                                                     <!-- END BDISK/PROFILE/META/DEV/AUTHOR -->
                                                     <!-- BDISK/PROFILE/META/DEV/EMAIL -->
                                                     <!-- The following does NOT WORK. Shame, really. -->
                                                     <!-- It seems to be an invalid pattern per my XSD validator (xmllint). -->
                                                     <!--<xs:pattern value="([!#-&apos;*+/-9=?A-Z^-~-]+(\.[!#-&apos;*+/-9=?A-Z^-~-]+)*|&quot;([]!#-[^-~ \t]|(\\[\t -~]))+&quot;)@([!#-&apos;*+/-9=?A-Z^-~-]+(\.[!#-&apos;*+/-9=?A-Z^-~-]+)*|\[[\t -Z^-~]*])"/>-->
                                                     <xs:element name="email" maxOccurs="1" minOccurs="1"
-                                                                type="xs:string"/>
+                                                                type="xs:normalizedString"/>
                                                     <!-- END BDISK/PROFILE/META/DEV/EMAIL -->
                                                     <!-- BDISK/PROFILE/META/DEV/WEBSITE -->
                                                     <xs:element name="website" maxOccurs="1" minOccurs="1"
@@ -327,11 +329,25 @@
                                         <xs:element name="uri" maxOccurs="1" minOccurs="1" type="t_btag_uri"/>
                                         <!-- END BDISK/PROFILE/META/URI -->
                                         <!-- BDISK/PROFILE/META/VER -->
-                                        <xs:element name="ver" maxOccurs="1" minOccurs="1" type="xs:string"/>
+                                        <xs:element name="ver" maxOccurs="1" minOccurs="1">
+                                            <xs:simpleType>
+                                                <xs:restriction base="xs:normalizedString">
+                                                    <!-- Like ../names/uxname, this is also used to name certain files so, POSIX portable filename. -->
+                                                    <xs:pattern value="([A-Za-z0-9._-]+){1,255}"/>
+                                                    <xs:pattern value="\{variable%[A-Za-z0-9_]\}"/>
+                                                    <xs:pattern value="\{xpath%[A-Za-z0-9_\(\)\.\*\-/]+\}"/>
+                                                </xs:restriction>
+                                            </xs:simpleType>
+                                        </xs:element>
                                         <!-- END BDISK/PROFILE/META/VER -->
                                         <!-- BDISK/PROFILE/META/MAX_RECURSE -->
-                                        <xs:element name="max_recurse" maxOccurs="1" minOccurs="1"
-                                                    type="xs:positiveInteger"/>
+                                        <xs:element name="max_recurse" maxOccurs="1" minOccurs="1">
+                                            <xs:simpleType>
+                                                <xs:restriction base="xs:positiveInteger">
+                                                    <xs:maxExclusive value="1000"/>
+                                                </xs:restriction>
+                                            </xs:simpleType>
+                                        </xs:element>
                                         <!-- END BDISK/PROFILE/META/MAX_RECURSE -->
                                         <!-- BDISK/PROFILE/META/REGEXES -->
                                         <xs:element name="regexes" maxOccurs="1" minOccurs="0">
@@ -389,12 +405,20 @@
                                             <xs:complexType>
                                                 <xs:all>
                                                     <!-- BDISK/PROFILE/ACCOUNTS/USER/USERNAME -->
-                                                    <xs:element name="username" type="t_username" minOccurs="1"
-                                                                maxOccurs="1"/>
+                                                    <xs:element name="username" type="t_username" maxOccurs="1"
+                                                                minOccurs="1"/>
                                                     <!-- END BDISK/PROFILE/ACCOUNTS/USER/USERNAME -->
                                                     <!-- BDISK/PROFILE/ACCOUNTS/USER/COMMENT -->
-                                                    <xs:element name="comment" type="xs:string" maxOccurs="1"
-                                                                minOccurs="0"/>
+                                                    <!-- https://en.wikipedia.org/wiki/Gecos_field -->
+                                                    <!-- Through experimentation, this *seems* to cap at 990 chars. -->
+                                                    <xs:element name="comment" maxOccurs="1"
+                                                                minOccurs="0">
+                                                        <xs:simpleType>
+                                                            <xs:restriction base="xs:normalizedString">
+                                                                <xs:maxLength value="990"/>
+                                                            </xs:restriction>
+                                                        </xs:simpleType>
+                                                    </xs:element>
                                                     <!-- END BDISK/PROFILE/ACCOUNTS/USER/COMMENT -->
                                                     <!-- BDISK/PROFILE/ACCOUNTS/USER/PASSWORD -->
                                                     <xs:element name="password" type="t_password" maxOccurs="1"
@@ -439,8 +463,10 @@
                                                             <xs:simpleContent>
                                                                 <xs:extension base="t_remote_file">
                                                                     <!-- There is NO way we can validate this, because it will vary based on the algorithms supported by the build host. -->
-                                                                    <xs:attribute name="hash_algo" type="xs:string" use="required"/>
-                                                                    <xs:attribute name="explicit" type="xs:boolean" use="required"/>
+                                                                    <xs:attribute name="hash_algo" type="xs:string"
+                                                                                  use="required"/>
+                                                                    <xs:attribute name="explicit" type="xs:boolean"
+                                                                                  use="required"/>
                                                                 </xs:extension>
                                                             </xs:simpleContent>
                                                         </xs:complexType>
@@ -452,15 +478,17 @@
                                                             <xs:simpleContent>
                                                                 <xs:extension base="t_remote_file">
                                                                     <!-- Required; otherwise there's no point using it. -->
-                                                                    <xs:attribute name="keys" type="t_gpg_keyid_list" use="required"/>
-                                                                    <xs:attribute name="keyserver" type="t_btag_uri"/>
+                                                                    <xs:attribute name="keys" type="t_gpg_keyid_list"
+                                                                                  use="required"/>
+                                                                    <xs:attribute name="keyserver" type="t_btag_uri"
+                                                                                  use="optional"/>
                                                                 </xs:extension>
                                                             </xs:simpleContent>
                                                         </xs:complexType>
                                                     </xs:element>
                                                     <!-- END BDISK/PROFILE/SOURCES/SOURCE/SIG-->
                                                 </xs:all>
-                                                <xs:attribute name="arch">
+                                                <xs:attribute name="arch" use="required">
                                                     <xs:simpleType>
                                                         <xs:restriction base="xs:string">
                                                             <xs:pattern value="(i686|x86(_64)?|32|64)"/>
@@ -590,7 +618,7 @@
                                                                 minOccurs="0"/>
                                                     <!-- END BDISK/PROFILE/GPG/KEY/COMMENT -->
                                                 </xs:all>
-                                                <xs:attribute name="algo">
+                                                <xs:attribute name="algo" use="optional">
                                                     <xs:simpleType>
                                                         <xs:restriction base="xs:string">
                                                             <xs:enumeration value="rsa"/>
@@ -600,9 +628,9 @@
                                                 </xs:attribute>
                                                 <!-- We COULD constrain this further, but it's conditional upon the algo type. So we'll do that in BDisk itself. -->
                                                 <!-- But it may be possible? https://stackoverflow.com/a/39045446/733214 -->
-                                                <xs:attribute name="keysize" type="xs:positiveInteger"/>
+                                                <xs:attribute name="keysize" type="xs:positiveInteger" use="optional"/>
                                                 <!-- XSD doesn't have a datatype for Epoch vs. 0 (for no expire). -->
-                                                <xs:attribute name="expire">
+                                                <xs:attribute name="expire" use="optional">
                                                     <xs:simpleType>
                                                         <!--This is xs:integer instead of xs:positiveInteger because 0 will fail validation then. -->
                                                         <xs:restriction base="xs:integer">
@@ -614,10 +642,10 @@
                                         </xs:element>
                                         <!-- END BDISK/PROFILE/GPG/KEY -->
                                     </xs:sequence>
-                                    <xs:attribute name="keyid" type="t_gpg_keyid"/>
-                                    <xs:attribute name="publish" type="xs:boolean"/>
-                                    <xs:attribute name="prompt_passphrase" type="xs:boolean"/>
-                                    <xs:attribute name="gnupghome">
+                                    <xs:attribute name="keyid" type="t_gpg_keyid" use="required"/>
+                                    <xs:attribute name="publish" type="xs:boolean" use="optional"/>
+                                    <xs:attribute name="prompt_passphrase" type="xs:boolean" use="required"/>
+                                    <xs:attribute name="gnupghome" use="optional">
                                         <xs:simpleType>
                                             <xs:restriction base="xs:string">
                                                 <xs:pattern value="(.+)/([^/]+)"/>
@@ -691,7 +719,7 @@
                                         </xs:element>
                                         <!-- END BDISK/PROFILE/PKI/CLIENT -->
                                     </xs:sequence>
-                                    <xs:attribute name="overwrite" type="xs:boolean"/>
+                                    <xs:attribute name="overwrite" type="xs:boolean" use="required"/>
                                 </xs:complexType>
                             </xs:element>
                             <!-- END BDISK/PROFILE/PKI -->
@@ -700,45 +728,45 @@
                                 <xs:complexType>
                                     <xs:all>
                                         <!-- BDISK/PROFILE/SYNC/IPXE -->
-                                        <xs:element name="ipxe">
+                                        <xs:element name="ipxe" maxOccurs="1" minOccurs="0">
                                             <xs:complexType>
                                                 <xs:simpleContent>
                                                     <xs:extension base="t_path">
-                                                        <xs:attribute name="enabled" type="xs:boolean"/>
+                                                        <xs:attribute name="enabled" type="xs:boolean" use="optional"/>
                                                     </xs:extension>
                                                 </xs:simpleContent>
                                             </xs:complexType>
                                         </xs:element>
                                         <!-- END BDISK/PROFILE/SYNC/IPXE -->
                                         <!-- BDISK/PROFILE/SYNC/TFTP -->
-                                        <xs:element name="tftp">
+                                        <xs:element name="tftp" maxOccurs="1" minOccurs="0">
                                             <xs:complexType>
                                                 <xs:simpleContent>
                                                     <xs:extension base="t_path">
-                                                        <xs:attribute name="enabled" type="xs:boolean"/>
+                                                        <xs:attribute name="enabled" type="xs:boolean" use="optional"/>
                                                     </xs:extension>
                                                 </xs:simpleContent>
                                             </xs:complexType>
                                         </xs:element>
                                         <!-- END BDISK/PROFILE/SYNC/TFTP -->
                                         <!-- BDISK/PROFILE/SYNC/ISO -->
-                                        <xs:element name="iso">
+                                        <xs:element name="iso" maxOccurs="1" minOccurs="0">
                                             <xs:complexType>
                                                 <xs:simpleContent>
                                                     <xs:extension base="t_path">
-                                                        <xs:attribute name="enabled" type="xs:boolean"/>
+                                                        <xs:attribute name="enabled" type="xs:boolean" use="optional"/>
                                                     </xs:extension>
                                                 </xs:simpleContent>
                                             </xs:complexType>
                                         </xs:element>
                                         <!-- END BDISK/PROFILE/SYNC/ISO -->
                                         <!-- BDISK/PROFILE/SYNC/GPG -->
-                                        <xs:element name="gpg">
+                                        <xs:element name="gpg" maxOccurs="1" minOccurs="0">
                                             <xs:complexType>
                                                 <xs:simpleContent>
                                                     <xs:extension base="t_path">
-                                                        <xs:attribute name="enabled" type="xs:boolean"/>
-                                                        <xs:attribute name="format">
+                                                        <xs:attribute name="enabled" type="xs:boolean" use="optional"/>
+                                                        <xs:attribute name="format" use="required">
                                                             <xs:simpleType>
                                                                 <xs:restriction base="xs:string">
                                                                     <xs:enumeration value="asc"/>
@@ -752,17 +780,19 @@
                                         </xs:element>
                                         <!-- END BDISK/PROFILE/SYNC/GPG -->
                                         <!-- BDISK/PROFILE/SYNC/RSYNC -->
-                                        <xs:element name="rsync">
+                                        <xs:element name="rsync" maxOccurs="1" minOccurs="1">
                                             <xs:complexType>
                                                 <xs:sequence>
                                                     <!-- BDISK/PROFILE/SYNC/RSYNC/USER -->
-                                                    <xs:element name="user" type="t_username"/>
+                                                    <xs:element name="user" type="t_username" maxOccurs="1"
+                                                                minOccurs="1"/>
                                                     <!-- END BDISK/PROFILE/SYNC/RSYNC/USER -->
                                                     <!-- BDISK/PROFILE/SYNC/RSYNC/HOST -->
-                                                    <xs:element name="host" type="t_net_loc"/>
+                                                    <xs:element name="host" type="t_net_loc" maxOccurs="1"
+                                                                minOccurs="1"/>
                                                     <!-- END BDISK/PROFILE/SYNC/RSYNC/HOST -->
                                                     <!-- BDISK/PROFILE/SYNC/RSYNC/PORT -->
-                                                    <xs:element name="port">
+                                                    <xs:element name="port" maxOccurs="1" minOccurs="0">
                                                         <xs:simpleType>
                                                             <xs:restriction base="xs:positiveInteger">
                                                                 <xs:minInclusive value="1"/>
@@ -773,14 +803,15 @@
                                                     <!-- END BDISK/PROFILE/SYNC/RSYNC/PORT -->
                                                     <xs:choice>
                                                         <!-- BDISK/PROFILE/SYNC/RSYNC/PUBKEY -->
-                                                        <xs:element name="pubkey" type="t_path"/>
+                                                        <xs:element name="pubkey" type="t_path" maxOccurs="1"
+                                                                    minOccurs="1"/>
                                                         <!-- END BDISK/PROFILE/SYNC/RSYNC/PUBKEY -->
                                                         <!-- BDISK/PROFILE/SYNC/RSYNC/PUBKEY -->
-                                                        <xs:element name="password"/>
+                                                        <xs:element name="password" maxOccurs="1" minOccurs="1"/>
                                                         <!-- END BDISK/PROFILE/SYNC/RSYNC/PUBKEY -->
                                                     </xs:choice>
                                                 </xs:sequence>
-                                                <xs:attribute name="enabled" type="xs:boolean"/>
+                                                <xs:attribute name="enabled" type="xs:boolean" use="required"/>
                                             </xs:complexType>
                                         </xs:element>
                                         <!-- END BDISK/PROFILE/SYNC/IPXE -->
@@ -789,9 +820,9 @@
                             </xs:element>
                             <!-- END BDISK/PROFILE/SYNC -->
                         </xs:all>
-                        <xs:attribute name="id" type="xs:positiveInteger"/>
-                        <xs:attribute name="name" type="xs:string"/>
-                        <xs:attribute name="uuid">
+                        <xs:attribute name="id" type="xs:positiveInteger" use="optional"/>
+                        <xs:attribute name="name" type="xs:string" use="optional"/>
+                        <xs:attribute name="uuid" use="optional">
                             <xs:simpleType>
                                 <xs:restriction base="xs:string">
                                     <xs:pattern
@@ -802,7 +833,7 @@
                     </xs:complexType>
                 </xs:element>
                 <!-- END BDISK/PROFILE -->
-            </xs:choice>
+            </xs:sequence>
         </xs:complexType>
     </xs:element>
     <!-- END BDISK -->
diff --git a/bdisk/confparse.py b/bdisk/confparse.py
index ab3c608..ec8080f 100644
--- a/bdisk/confparse.py
+++ b/bdisk/confparse.py
@@ -12,7 +12,8 @@ transform = utils.transform()
 valid = utils.valid()
 
 class Conf(object):
-    def __init__(self, cfg, profile = None, validate = False):
+    def __init__(self, cfg, profile = None, validate_cfg = False,
+                 xsd_file = None):
         """
         A configuration object.
 
@@ -40,6 +41,9 @@ class Conf(object):
                         You can provide any combination of these
                         (e.g. "profile={'id': 2, 'name' = 'some_profile'}").
         """
+        if validate_cfg == 'pre':
+            # Validate before attempting any other operations
+            self.validate()
         self.xml_suppl = utils.xml_supplicant(cfg, profile = profile)
         self.xml = self.xml_suppl.xml
         for e in self.xml_suppl.xml.iter():
@@ -48,12 +52,11 @@ class Conf(object):
         with open('/tmp/parsed.xml', 'wb') as f:
             f.write(lxml.etree.tostring(self.xml_suppl.xml))
         self.profile = self.xml_suppl.profile
-        self.xsd = None
+        self.xsd = xsd_file
         self.cfg = {}
-        #if validate:
-            #if not self.validate():  # Need to write the XSD
-            #    raise ValueError('The configuration did not pass XSD/schema '
-            #                     'validation')
+        if validate_cfg:
+            # Validation post-substitution
+            self.validate()
 
     def get_pki_obj(self, pki, pki_type):
         elem = {}
@@ -99,7 +102,7 @@ class Conf(object):
                 _source_item['hash_algo'] = None
         if item == 'sig':
             if elem.get('keys', False):
-                _keys = [i.strip() for i in elem.attrib['keys'].split(',')]
+                _keys = [i.strip() for i in elem.attrib['keys'].split()]
                 _source_item['keys'] = _keys
             else:
                 _source_item['keys'] = []
@@ -108,9 +111,9 @@ class Conf(object):
             else:
                 _source_item['keyserver'] = None
         _item = elem.text
-        _flags = elem.get('flags', [])
+        _flags = elem.get('flags', '')
         if _flags:
-            for f in _flags.split(','):
+            for f in _flags.split():
                 if f.strip().lower() == 'none':
                     continue
                 _source_item['flags'].append(f.strip().lower())
@@ -129,10 +132,12 @@ class Conf(object):
         return(_source_item)
 
     def get_xsd(self):
-        path = os.path.join(os.path.dirname(__file__),
-                            'bdisk.xsd')
-        with open(path, 'r') as f:
-            xsd = f.read()
+        if not self.xsd:
+            path = os.path.join(os.path.dirname(__file__), 'bdisk.xsd')
+        else:
+            path = os.path.abspath(os.path.expanduser(self.xsd))
+        with open(path, 'rb') as f:
+            xsd = lxml.etree.parse(f)
         return(xsd)
 
     def parse_accounts(self):
@@ -302,5 +307,20 @@ class Conf(object):
         return()
 
     def validate(self):
-        self.xsd = etree.XMLSchema(self.get_xsd())
-        return(self.xsd.validate(self.xml))
\ No newline at end of file
+        # TODO: perform further validations that we can't do in XSD.
+        # TODO: FIX ME. ALWAYS RETURNS INVALID:
+        # lxml.etree.DocumentInvalid: Element 'bdisk': No matching global declaration available for the validation root.
+        xsd = self.get_xsd()
+        self.xsd = etree.XMLSchema(xsd)
+        # This would return a bool if it validates or not.
+        #self.xsd.validate(self.xml)
+        # We want to get a more detailed exception.
+        #xml = self.xml_suppl.return_full().getroottree()
+        xml = self.xml_suppl.return_full()
+        with open('/tmp/bdisk.xml', 'wb') as f:
+            f.write(etree.tostring(xml))
+        with open('/tmp/bdisk.xsd', 'wb') as f:
+            f.write(etree.tostring(xsd))
+        self.xsd.assertValid(xml)
+        #print(self.xsd.validate(xml))
+        return()
diff --git a/bdisk/utils.py b/bdisk/utils.py
index 7dab775..a057f1b 100644
--- a/bdisk/utils.py
+++ b/bdisk/utils.py
@@ -975,6 +975,16 @@ class xml_supplicant(object):
                 ).format(element.text))
         return(path)
 
+    def return_full(self):
+        #nsmap = self.return_naked_ns()
+        local_xml = lxml.etree.Element('bdisk',
+                                       nsmap = self.orig_xml.nsmap,
+                                       attrib = self.orig_xml.attrib)
+        local_xml.text = '\n    '
+        for elem in self.xml.xpath('/bdisk/profile'):
+            local_xml.append(copy.deepcopy(elem))
+        return(local_xml)
+
     def return_naked_ns(self):
         # It's so stupid I have to do this.
         return(self.orig_xml.nsmap)
diff --git a/docs/examples/multi_profile.xml b/docs/examples/multi_profile.xml
index b741664..bb9dcb2 100644
--- a/docs/examples/multi_profile.xml
+++ b/docs/examples/multi_profile.xml
@@ -4,6 +4,7 @@
         <meta>
             <names>
                 <name>BDISK</name>
+                <!--<name>{xpath%../uxname/text()}</name>-->
                 <uxname>bdisk</uxname>
                 <!-- Just like with previous versions of BDisk, you can reference other values...
                      but now with the neat benefits of XPath! Everything you could do in build.ini's and more.
@@ -56,16 +57,16 @@
             <source arch="x86_64">
                 <mirror>http://archlinux.mirror.domain.tld</mirror>
                 <rootpath>/iso/latest</rootpath>
-                <tarball flags="regex,latest">{regex%tarball_x86_64}</tarball>
-                <checksum hash_algo="sha1" explicit="false">sha1sums.txt</checksum>
-                <sig keys="7F2D434B9741E8AC" keyserver="hkp://pool.sks-keyservers.net" flags="regex,latest">{regex%sig_x86_64}</sig>
+                <tarball flags="regex latest">{regex%tarball_x86_64}</tarball>
+                <checksum hash_algo="sha1" explicit="false" flags="latest">sha1sums.txt</checksum>
+                <sig keys="7F2D434B9741E8AC" keyserver="hkp://pool.sks-keyservers.net" flags="regex latest">{regex%sig_x86_64}</sig>
             </source>
             <source arch="i686">
                 <mirror>http://archlinux32.mirror.domain.tld</mirror>
                 <rootpath>/iso/latest</rootpath>
-                <tarball flags="regex,latest">{regex%tarball_i686}</tarball>
+                <tarball flags="regex latest">{regex%tarball_i686}</tarball>
                 <checksum hash_algo="sha512" explicit="true">cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e</checksum>
-                <sig keys="248BF41F9BDD61D41D060AE774EDA3C6B06D0506" keyserver="hkp://pool.sks-keyservers.net" flags="regex,latest">{regex%sig_i686}</sig>
+                <sig keys="248BF41F9BDD61D41D060AE774EDA3C6B06D0506" keyserver="hkp://pool.sks-keyservers.net" flags="regex latest">{regex%sig_i686}</sig>
             </source>
         </sources>
         <build its_full_of_stars="true">
@@ -89,7 +90,7 @@
         <ipxe sign="true" iso="true">
             <uri>{xpath%//meta/dev/website/text()}/ipxe</uri>
         </ipxe>
-        <pki overwrite="no">
+        <pki overwrite="false">
             <!-- http://ipxe.org/crypto -->
             <ca>
                 <cert hash_algo="sha512">{xpath%../../../build/paths/pki/text()}/ca.crt</cert>
@@ -125,7 +126,7 @@
                 <csr/>
                 <key cipher="none" passphrase="none" keysize="4096">{xpath%//build/paths/pki/text()}/{xpath%../../../meta/names/uxname/text()}.key</key>
                 <subject>
-                    <commonName>some client name</commonName>
+                    <commonName>website.tld</commonName>
                     <countryName>XX</countryName>
                     <localityName>Some City</localityName>
                     <stateOrProvinceName>Some State</stateOrProvinceName>
@@ -137,7 +138,7 @@
         </pki>
         <!-- If prompt_passphrase is "no" and passphrase attribute is not given for a gpg element, we will try to use a
              blank passphrase for all operations. -->
-        <gpg keyid="none" gnupghome="none" publish="no" prompt_passphrase="no">
+        <gpg keyid="none" gnupghome="none" publish="false" prompt_passphrase="false">
             <!-- The below is only used if we are generating a key (i.e. keyid="none"). -->
             <key algo="rsa" keysize="4096" expire="0">
                 <name>{xpath%../../../meta/dev/author/text()}</name>
@@ -162,7 +163,7 @@
 <profile name="alternate" id="2" uuid="2ed07c19-2071-4d66-8569-da40475ba716">
         <meta>
             <names>
-                <name>AnotherCD</name>
+                <name>ALTCD</name>
                 <uxname>bdisk_alt</uxname>
                 <pname>{xpath%../name/text()}</pname>
             </names>
@@ -197,16 +198,16 @@
             <source arch="x86_64">
                 <mirror>http://archlinux.mirror.domain.tld</mirror>
                 <rootpath>/iso/latest</rootpath>
-                <tarball flags="regex,latest">{regex%tarball_x86_64}</tarball>
-                <checksum hash_algo="sha1" explicit="false">sha1sums.txt</checksum>
-                <sig keys="7F2D434B9741E8AC" keyserver="hkp://pool.sks-keyservers.net" flags="regex,latest">{regex%sig_x86_64}</sig>
+                <tarball flags="regex latest">{regex%tarball_x86_64}</tarball>
+                <checksum hash_algo="sha1" explicit="false" flags="latest">sha1sums.txt</checksum>
+                <sig keys="7F2D434B9741E8AC" keyserver="hkp://pool.sks-keyservers.net" flags="regex latest">{regex%sig_x86_64}</sig>
             </source>
             <source arch="i686">
                 <mirror>http://archlinux32.mirror.domain.tld</mirror>
                 <rootpath>/iso/latest</rootpath>
-                <tarball flags="regex,latest">{regex%tarball_i686}</tarball>
+                <tarball flags="regex latest">{regex%tarball_i686}</tarball>
                 <checksum hash_algo="sha512" explicit="true">cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e</checksum>
-                <sig keys="248BF41F9BDD61D41D060AE774EDA3C6B06D0506" keyserver="hkp://pool.sks-keyservers.net" flags="regex,latest">{regex%sig_i686}</sig>
+                <sig keys="248BF41F9BDD61D41D060AE774EDA3C6B06D0506" keyserver="hkp://pool.sks-keyservers.net" flags="regex latest">{regex%sig_i686}</sig>
             </source>
         </sources>
         <build its_full_of_stars="true">
@@ -230,7 +231,7 @@
         <ipxe sign="true" iso="true">
             <uri>{xpath%//meta/dev/website/text()}/ipxe</uri>
         </ipxe>
-        <pki overwrite="no">
+        <pki overwrite="false">
             <ca>
                 <cert hash_algo="sha512">{xpath%../../../build/paths/pki/text()}/ca.crt</cert>
                 <csr/>
@@ -252,7 +253,7 @@
                 <csr/>
                 <key cipher="none" passphrase="none" keysize="4096">{xpath%//build/paths/pki/text()}/{xpath%../../../meta/names/uxname/text()}.key</key>
                 <subject>
-                    <commonName>some client name</commonName>
+                    <commonName>website.tld</commonName>
                     <countryName>XX</countryName>
                     <localityName>Some City</localityName>
                     <stateOrProvinceName>Some State</stateOrProvinceName>
@@ -262,7 +263,7 @@
                 </subject>
             </client>
         </pki>
-        <gpg keyid="none" gnupghome="none" publish="no" prompt_passphrase="no">
+        <gpg keyid="none" gnupghome="none" publish="false" prompt_passphrase="false">
             <key algo="rsa" keysize="4096" expire="0">
                 <name>{xpath%../../../meta/dev/author/text()}</name>
                 <email>{xpath%../../../meta/dev/email/text()}</email>
diff --git a/docs/examples/regen_multi.py b/docs/examples/regen_multi.py
index bf32799..1ead8dc 100755
--- a/docs/examples/regen_multi.py
+++ b/docs/examples/regen_multi.py
@@ -40,7 +40,7 @@ alt_profile.attrib['name'] = 'alternate'
 alt_profile.attrib['id'] = '2'
 alt_profile.attrib['uuid'] = '2ed07c19-2071-4d66-8569-da40475ba716'
 
-meta_tags = {'name': 'AnotherCD',
+meta_tags = {'name': 'ALTCD',
              'uxname': 'bdisk_alt',
              'pname': '{xpath%../name/text()}',
              'desc': 'Another rescue/restore live environment.',