source: mod_gnutls/test/Makefile.am @ cf4e708

debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
Last change on this file since cf4e708 was cf4e708, checked in by Thomas Klute <thomas2.klute@…>, 5 years ago

Run tests in separate network namespaces

Creating a network namespace for each test avoids port conflicts so
Apache instances can run in parallel, and also isolates the tests from
the host system.

Test namespaces are automatically used if the "unshare" command is
available, and can be disabled by passing "--disable-test-namespaces"
to ./configure.

  • Property mode set to 100644
File size: 6.2 KB
RevLine 
[33af2b7]1SUBDIRS = tests
2
3dist_check_SCRIPTS = test-00_basic.bash \
[c51e33a]4        test-01_serverwide_priorities.bash \
5        test-02_cache_in_vhost.bash \
6        test-03_cachetimeout_in_vhost.bash \
7        test-04_basic_nosni.bash \
8        test-05_mismatched-priorities.bash \
9        test-06_verify_sni_a.bash \
10        test-07_verify_sni_b.bash \
11        test-08_verify_no_sni_fallback_to_first_vhost.bash \
12        test-09_verify_no_sni_fails_with_wrong_order.bash \
13        test-10_basic_client_verification.bash \
14        test-11_basic_client_verification_fail.bash \
15        test-12_cgi_variables.bash \
16        test-13_cgi_variables_no_client_cert.bash \
[65c18ce]17        test-14_basic_openpgp.bash
18if USE_MSVA
[33af2b7]19dist_check_SCRIPTS += test-15_basic_msva.bash
[65c18ce]20endif
[33af2b7]21dist_check_SCRIPTS += test-16_view-status.bash \
[eea8a16]22        test-17_cgi_vars_large_cert.bash \
[6e6a4e4]23        test-18_client_verification_wrong_cert.bash \
[ed82a6a]24        test-19_TLS_reverse_proxy.bash \
25        test-20_TLS_reverse_proxy_client_auth.bash \
[907ae8f]26        test-21_TLS_reverse_proxy_wrong_cert.bash \
[f030883]27        test-22_TLS_reverse_proxy_crl_revoke.bash \
[3f00958]28        test-23_TLS_reverse_proxy_mismatched_priorities.bash \
29        test-24_pkcs11_cert.bash
[5951102]30
[33af2b7]31TESTS = $(dist_check_SCRIPTS)
[8f90bf4]32
[9a4d250]33# Identities in the miniature CA, server, and client environment for
34# the test suite
35identities = server authority client imposter rogueca
36# Append strings after ":=" to each identity to generate a list of
37# necessary files
38pgp_tokens = $(identities:=/secring.gpg) $(identities:=/cert.pgp) \
39        $(identities:=/secret.pgp)
40x509_keys = $(identities:=/secret.key)
41x509_certs = $(identities:=/x509.pem)
42x509_tokens = $(x509_certs) $(x509_keys)
43tokens = $(x509_tokens) $(pgp_tokens)
44
[fc8e463b]45include $(srcdir)/test_ca.mk
[9a4d250]46
[39bd695]47# Test cases trying to create keys and certificates in parallel causes
48# race conditions. Ensure that all keys and certificates are generated
49# before tests get to run.
50#
51# NOTE: Once the support files have been generated, test cases can be
52# run with multiple jobs, but real parallelization would require
53# dynamic port assignments. At the moment, lock files ensure that only
54# one Apache instance (possibly plus a proxy back end instance) is
55# running at any time, so test cases actually have to wait for each
56# other - just not in any particular order.
[9a4d250]57check_DATA = $(tokens) server/crl.pem
[39bd695]58
[98ab9db]59MOSTLYCLEANFILES = cache/* logs/* outputs/* server/crl.pem
[6ce02e2]60
[90a31a4]61cert_templates = authority.template.in client.template.in \
62        imposter.template.in rogueca.template server.template.in
63generated_templates = authority.template client.template \
64        imposter.template server.template
65
[9a4d250]66# Delete X.509 private keys on full clean. Note that unless you need
67# to generate fresh keys, the "mostlyclean" target should be
68# sufficient (see below).
69CLEANFILES = $(x509_keys)
70
[90a31a4]71# Delete X.509 certificates and generated templates on "mostlyclean"
72# target. Certificates can be rebuilt without generating new key
73# pairs, and regenerating them makes it possible to change identities
74# (e.g. host names) without wasting entropy on new keys (which would
75# happen after "clean").
[9a4d250]76MOSTLYCLEANFILES += */x509.pem $(generated_templates) *.uid
77
[90a31a4]78
[6ce02e2]79# Delete PGP keyrings on "mostlyclean" target. They are created from
80# the X.509 private keys and certificates with an expiration time of
81# one day, so regenerating them is both fast and frequently
82# necessary.
[9a4d250]83MOSTLYCLEANFILES += */*.pgp */*.gpg */*.gpg~ */gpg.conf authority/lock
84# GnuPG random pool, no need to regenerate on every build
85CLEANFILES += authority/random_seed
[1708045]86
[9a4d250]87# Delete lock files for test servers on "mostlyclean" target.
88MOSTLYCLEANFILES += *.lock
89
90# rule to build MSVA trust database
91if USE_MSVA
92msva_home = msva.gnupghome
93check_DATA += $(msva_home)/trustdb.gpg client.uid
94MOSTLYCLEANFILES += $(msva_home)/trustdb.gpg
95$(msva_home)/trustdb.gpg: authority/minimal.pgp client/cert.pgp
96        mkdir -p -m 0700 $(dir $@)
97        GNUPGHOME=$(dir $@) gpg --import < $<
98        printf "%s:6:\n" "$$(GNUPGHOME=authority gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=$(dir $@) gpg --import-ownertrust
99        GNUPGHOME=$(dir $@) gpg --import < client/cert.pgp
100        printf "keyserver does-not-exist.example\n" > $(msva_home)/gpg.conf
101endif
[3f00958]102
[349fd6e]103# SoftHSM files
[3f00958]104check_DATA += server/softhsm.db
[9a4d250]105MOSTLYCLEANFILES += tests/24_pkcs11_cert/softhsm.conf server/softhsm.db
106
107
108check_DATA += make-test-dirs
109extra_dirs = logs cache outputs
110make-test-dirs:
111        mkdir -p $(extra_dirs)
112.PHONY: make-test-dirs
[3f00958]113
[9a4d250]114clean-local:
115        -rmdir $(identities) || true
116        -rmdir $(extra_dirs) || true
117if USE_MSVA
118        -rmdir $(msva_home) || true
119endif
[33af2b7]120
[9a4d250]121# Apache configuration and data files
[af7da2d]122apache_data = base_apache.conf cgi_module.conf data/* mime.types proxy_mods.conf
[33af2b7]123
[3ccceed]124EXTRA_DIST = $(apache_data) $(cert_templates) *.uid.in common.bash \
125        proxy_backend.bash runtests server-crl.template server-softhsm.conf \
126        softhsm.bash
[52c3f68]127
[34e5dc7]128# Lockfile for the main Apache process
129test_lockfile = ./test.lock
[412ee84]130# Lockfile for the proxy backend Apache process (if any)
131backend_lockfile = ./backend.lock
132# Maximum wait time in seconds for flock to aquire instance lock
133# files, or Apache to remove its PID file
[50eab8e]134lock_wait = 30
135
[34e5dc7]136# port for the main Apache server
137TEST_PORT ?= 9932
138# port for MSVA in test cases that use it
139MSVA_PORT ?= 9933
[a61edfd]140# maximum time to wait for MSVA startup (milliseconds)
141TEST_MSVA_MAX_WAIT ?= 10000
142# wait loop time for MSVA startup (milliseconds)
143TEST_MSVA_WAIT ?= 400
[34e5dc7]144# seconds for the HTTP request to be sent and responded to
145TEST_QUERY_DELAY ?= 30
146
[af7da2d]147AM_TESTS_ENVIRONMENT = export APACHE2=$(APACHE2); \
[26081ce]148        export AP_LIBEXECDIR=$(AP_LIBEXECDIR); \
[34e5dc7]149        export TEST_LOCK_WAIT="$(lock_wait)"; \
[26081ce]150        export TEST_HOST="$(TEST_HOST)"; \
[34e5dc7]151        export TEST_PORT="$(TEST_PORT)"; \
152        export MSVA_PORT="$(MSVA_PORT)"; \
153        export TEST_MSVA_MAX_WAIT="$(TEST_MSVA_MAX_WAIT)"; \
154        export TEST_MSVA_WAIT="$(TEST_MSVA_WAIT)"; \
155        export TEST_QUERY_DELAY="$(TEST_QUERY_DELAY)"; \
[a08b25e]156        export BACKEND_HOST="$(TEST_HOST)";
[f9f184f]157
[cf4e708]158if ENABLE_NETNS
159AM_TESTS_ENVIRONMENT += export UNSHARE="$(UNSHARE)"; \
160        export USE_TEST_NAMESPACE=1;
161endif
[412ee84]162# Without flock tests must not run in parallel. Otherwise set lock files.
163if DISABLE_FLOCK
164.NOTPARALLEL:
165else
166AM_TESTS_ENVIRONMENT += export FLOCK="$(FLOCK)"; \
167        export TEST_LOCK="$(test_lockfile)"; \
168        export BACKEND_LOCK="$(backend_lockfile)";
169endif
170
[f9f184f]171# Echo AM_TESTS_ENVIRONMENT. This can be useful for debugging, e.g. if
172# you want to manually run an Apache instance with Valgrind using the
173# same configuration as a test case.
174show-test-env: export TEST_ENV=$(AM_TESTS_ENVIRONMENT)
175show-test-env:
176        @echo "$${TEST_ENV}"
Note: See TracBrowser for help on using the repository browser.