source: mod_gnutls/test/Makefile.am @ 5b6a5d9

debian/masterdebian/stretch-backportsjessie-backportsupstream
Last change on this file since 5b6a5d9 was 5b6a5d9, checked in by Thomas Klute <thomas2.klute@…>, 4 years ago

Test suite: Honor "--disable-flock" while creating PGP certificates

Two hardcoded calls to flock were left in the rule to create PGP
certificates. They did not use timeouts and thus should work even on
Hurd, but the "--disable-flock" option should be applied consistently.

  • Property mode set to 100644
File size: 6.4 KB
Line 
1SUBDIRS = tests
2
3dist_check_SCRIPTS = test-00_basic.bash \
4        test-01_serverwide_priorities.bash \
5        test-02_cache_in_vhost.bash \
6        test-03_cachetimeout_in_vhost.bash \
7        test-04_basic_nosni.bash \
8        test-05_mismatched-priorities.bash \
9        test-06_verify_sni_a.bash \
10        test-07_verify_sni_b.bash \
11        test-08_verify_no_sni_fallback_to_first_vhost.bash \
12        test-09_verify_no_sni_fails_with_wrong_order.bash \
13        test-10_basic_client_verification.bash \
14        test-11_basic_client_verification_fail.bash \
15        test-12_cgi_variables.bash \
16        test-13_cgi_variables_no_client_cert.bash \
17        test-14_basic_openpgp.bash
18if USE_MSVA
19dist_check_SCRIPTS += test-15_basic_msva.bash
20endif
21dist_check_SCRIPTS += test-16_view-status.bash \
22        test-17_cgi_vars_large_cert.bash \
23        test-18_client_verification_wrong_cert.bash \
24        test-19_TLS_reverse_proxy.bash \
25        test-20_TLS_reverse_proxy_client_auth.bash \
26        test-21_TLS_reverse_proxy_wrong_cert.bash \
27        test-22_TLS_reverse_proxy_crl_revoke.bash \
28        test-23_TLS_reverse_proxy_mismatched_priorities.bash \
29        test-24_pkcs11_cert.bash
30
31TESTS = $(dist_check_SCRIPTS)
32
33# Identities in the miniature CA, server, and client environment for
34# the test suite
35identities = server authority client imposter rogueca
36# Append strings after ":=" to each identity to generate a list of
37# necessary files
38pgp_tokens = $(identities:=/secring.gpg) $(identities:=/cert.pgp) \
39        $(identities:=/secret.pgp)
40x509_keys = $(identities:=/secret.key)
41x509_certs = $(identities:=/x509.pem)
42x509_tokens = $(x509_certs) $(x509_keys)
43tokens = $(x509_tokens) $(pgp_tokens)
44
45if !DISABLE_FLOCK
46# flock command for write access to the authority keyring
47GPG_FLOCK = $(FLOCK) authority/lock
48endif
49
50include $(srcdir)/test_ca.mk
51
52# Test cases trying to create keys and certificates in parallel causes
53# race conditions. Ensure that all keys and certificates are generated
54# before tests get to run.
55#
56# NOTE: Once the support files have been generated, test cases can be
57# run with multiple jobs, but real parallelization would require
58# dynamic port assignments. At the moment, lock files ensure that only
59# one Apache instance (possibly plus a proxy back end instance) is
60# running at any time, so test cases actually have to wait for each
61# other - just not in any particular order.
62check_DATA = $(tokens) server/crl.pem
63
64MOSTLYCLEANFILES = cache/* logs/* outputs/* server/crl.pem
65
66cert_templates = authority.template.in client.template.in \
67        imposter.template.in rogueca.template server.template.in
68generated_templates = authority.template client.template \
69        imposter.template server.template
70
71# Delete X.509 private keys on full clean. Note that unless you need
72# to generate fresh keys, the "mostlyclean" target should be
73# sufficient (see below).
74CLEANFILES = $(x509_keys)
75
76# Delete X.509 certificates and generated templates on "mostlyclean"
77# target. Certificates can be rebuilt without generating new key
78# pairs, and regenerating them makes it possible to change identities
79# (e.g. host names) without wasting entropy on new keys (which would
80# happen after "clean").
81MOSTLYCLEANFILES += */x509.pem $(generated_templates) *.uid
82
83
84# Delete PGP keyrings on "mostlyclean" target. They are created from
85# the X.509 private keys and certificates with an expiration time of
86# one day, so regenerating them is both fast and frequently
87# necessary.
88MOSTLYCLEANFILES += */*.pgp */*.gpg */*.gpg~ */gpg.conf authority/lock
89# GnuPG random pool, no need to regenerate on every build
90CLEANFILES += authority/random_seed
91
92# Delete lock files for test servers on "mostlyclean" target.
93MOSTLYCLEANFILES += *.lock
94
95# rule to build MSVA trust database
96if USE_MSVA
97msva_home = msva.gnupghome
98check_DATA += $(msva_home)/trustdb.gpg client.uid
99MOSTLYCLEANFILES += $(msva_home)/trustdb.gpg
100$(msva_home)/trustdb.gpg: authority/minimal.pgp client/cert.pgp
101        mkdir -p -m 0700 $(dir $@)
102        GNUPGHOME=$(dir $@) gpg --import < $<
103        printf "%s:6:\n" "$$(GNUPGHOME=authority gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=$(dir $@) gpg --import-ownertrust
104        GNUPGHOME=$(dir $@) gpg --import < client/cert.pgp
105        printf "keyserver does-not-exist.example\n" > $(msva_home)/gpg.conf
106endif
107
108# SoftHSM files
109check_DATA += server/softhsm.db
110MOSTLYCLEANFILES += tests/24_pkcs11_cert/softhsm.conf server/softhsm.db
111
112
113check_DATA += make-test-dirs
114extra_dirs = logs cache outputs
115make-test-dirs:
116        mkdir -p $(extra_dirs)
117.PHONY: make-test-dirs
118
119clean-local:
120        -rmdir $(identities) || true
121        -rmdir $(extra_dirs) || true
122if USE_MSVA
123        -rmdir $(msva_home) || true
124endif
125
126# Apache configuration and data files
127apache_data = base_apache.conf cgi_module.conf data/* mime.types proxy_mods.conf
128
129EXTRA_DIST = $(apache_data) $(cert_templates) *.uid.in common.bash \
130        proxy_backend.bash runtests server-crl.template server-softhsm.conf \
131        softhsm.bash
132
133# Lockfile for the main Apache process
134test_lockfile = ./test.lock
135# Lockfile for the proxy backend Apache process (if any)
136backend_lockfile = ./backend.lock
137# Maximum wait time in seconds for flock to aquire instance lock
138# files, or Apache to remove its PID file
139lock_wait = 30
140
141# port for the main Apache server
142TEST_PORT ?= 9932
143# port for MSVA in test cases that use it
144MSVA_PORT ?= 9933
145# maximum time to wait for MSVA startup (milliseconds)
146TEST_MSVA_MAX_WAIT ?= 10000
147# wait loop time for MSVA startup (milliseconds)
148TEST_MSVA_WAIT ?= 400
149# seconds for the HTTP request to be sent and responded to
150TEST_QUERY_DELAY ?= 30
151
152AM_TESTS_ENVIRONMENT = export APACHE2=$(APACHE2); \
153        export AP_LIBEXECDIR=$(AP_LIBEXECDIR); \
154        export TEST_LOCK_WAIT="$(lock_wait)"; \
155        export TEST_HOST="$(TEST_HOST)"; \
156        export TEST_PORT="$(TEST_PORT)"; \
157        export MSVA_PORT="$(MSVA_PORT)"; \
158        export TEST_MSVA_MAX_WAIT="$(TEST_MSVA_MAX_WAIT)"; \
159        export TEST_MSVA_WAIT="$(TEST_MSVA_WAIT)"; \
160        export TEST_QUERY_DELAY="$(TEST_QUERY_DELAY)"; \
161        export BACKEND_HOST="$(TEST_HOST)";
162
163if ENABLE_NETNS
164AM_TESTS_ENVIRONMENT += export UNSHARE="$(UNSHARE)"; \
165        export USE_TEST_NAMESPACE=1;
166endif
167# Without flock tests must not run in parallel. Otherwise set lock files.
168if DISABLE_FLOCK
169.NOTPARALLEL:
170else
171AM_TESTS_ENVIRONMENT += export FLOCK="$(FLOCK)"; \
172        export TEST_LOCK="$(test_lockfile)"; \
173        export BACKEND_LOCK="$(backend_lockfile)";
174endif
175
176# Echo AM_TESTS_ENVIRONMENT. This can be useful for debugging, e.g. if
177# you want to manually run an Apache instance with Valgrind using the
178# same configuration as a test case.
179show-test-env: export TEST_ENV=$(AM_TESTS_ENVIRONMENT)
180show-test-env:
181        @echo "$${TEST_ENV}"
Note: See TracBrowser for help on using the repository browser.