source: mod_gnutls/test/TestMakefile @ 33af2b7

asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
Last change on this file since 33af2b7 was 33af2b7, checked in by Thomas Klute <thomas2.klute@…>, 6 years ago

Test suite: Add tests to "dist" target and support VPATH builds

Supporting VPATH builds requires using $srcdir to find non-generated
data rather than fixed relative paths. If test are not called through
the make system, local defaults must be used. Not changing directories
during tests any more makes this easier.

A few files (e.g. templates, generated CRL) have been moved around to
better match the new structure.

  • Property mode set to 100644
File size: 4.7 KB
RevLine 
[4b53371]1#!/usr/bin/make -f
2
3# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
4
5# run these tests to ensure that mod_gnutls can handle a range of
6# simple configuration choices.
7
[33af2b7]8export srcdir ?= .
9
[4b53371]10export TEST_HOST ?= localhost
11export TEST_IP ?= ::1
12# chosen at random:
13export TEST_PORT ?= 9932
[e3cbda4]14export MSVA_PORT ?= 9933
[4b53371]15
16export TEST_GAP ?= 1.5
[232fb60]17export TEST_QUERY_DELAY ?= 30
[4b53371]18
[9a06bbd]19TEST_LOCK := ./test.lock
20
[4b53371]21all: setup.done
[33af2b7]22        TEST_LOCK=$(TEST_LOCK) $(srcdir)/runtests
[4b53371]23
24t-%: setup.done
[33af2b7]25        TEST_LOCK=$(TEST_LOCK) $(srcdir)/runtests $@
[4b53371]26
27
28
29
30
31### for setting up a little miniature CA + server + client environment:
32identities := server authority client imposter rogueca
[3e800f9]33tokens := x509.pem secring.gpg secret.key cert.pgp secret.pgp
[4b53371]34all_tokens := $(foreach id,$(identities),$(foreach token,$(tokens),$(id)/$(token)))
35
[33af2b7]36%.template: $(srcdir)/%.template.in
[4b53371]37        sed s/__HOSTNAME__/$(TEST_HOST)/ < $< > $@
38
[33af2b7]39%.uid: $(srcdir)/%.uid.in
[4b53371]40        sed s/__HOSTNAME__/$(TEST_HOST)/ < $< > $@
41
42%/secret.key:
43        mkdir -p $(dir $@)
44        chmod 0700 $(dir $@)
45        certtool --generate-privkey > $@
46
[3e800f9]47%/secring.gpg: %.uid %/secret.key
[4b53371]48        rm -f $(dir $@)pubring.gpg $(dir $@)secring.gpg $(dir $@)trustdb.gpg
[c25fc5d]49        PEM2OPENPGP_EXPIRATION=86400 PEM2OPENPGP_USAGE_FLAGS=authenticate,certify,sign pem2openpgp "$$(cat $<)" < $(dir $@)secret.key | GNUPGHOME=$(dir $@) gpg --import
[4b53371]50        printf "%s:6:\n" "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=$(dir $@) gpg --import-ownertrust
51
[3e800f9]52%/gpg.conf: %/secring.gpg
53        printf "default-key %s\n" "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
54
55%/secret.pgp: %/secring.gpg
56        GNUPGHOME=$(dir $@) gpg --armor --batch --no-tty --yes --export-secret-key "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
57
58%/minimal.pgp: %/secring.gpg
59        GNUPGHOME=$(dir $@) gpg --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
60
[d92899e]61# Import and signing modify the shared keyring, which leads to race
62# conditions with parallel make. Locking avoids this problem.
[3e800f9]63%/cert.pgp: %/minimal.pgp authority/gpg.conf
[d92899e]64        GNUPGHOME=authority flock authority/lock gpg --import $<
65        GNUPGHOME=authority flock authority/lock gpg --batch --sign-key --no-tty --yes "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)"
[3e800f9]66        GNUPGHOME=authority gpg --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
67
68# special cases for the authorities' root certs:
[4b53371]69authority/x509.pem: authority.template authority/secret.key
[c32240f]70        certtool --generate-self-signed --load-privkey authority/secret.key --template authority.template > $@
[33af2b7]71rogueca/x509.pem: $(srcdir)/rogueca.template rogueca/secret.key
72        certtool --generate-self-signed --load-privkey rogueca/secret.key --template $(srcdir)/rogueca.template > $@
[4b53371]73
74%/cert-request: %.template %/secret.key
[c32240f]75        certtool --generate-request --load-privkey $(dir $@)secret.key --template $< > $@
[4b53371]76
77%/x509.pem: %.template %/cert-request authority/secret.key authority/x509.pem
[c32240f]78        certtool --generate-certificate --load-ca-certificate authority/x509.pem --load-ca-privkey authority/secret.key --load-request $(dir $@)cert-request --template $< > $@
[4b53371]79
[3f00958]80%/softhsm.db: %/x509.pem %/secret.key
[33af2b7]81        SOFTHSM_CONF="$(srcdir)/$(*)-softhsm.conf" $(srcdir)/softhsm.bash init $(dir $@)secret.key $(dir $@)x509.pem
82
83# Generate CRL revoking a certain certificate. Currently used to
84# revoke the server certificate and check if setting the CRL as
85# GnuTLSProxyCRLFile causes the connection to the back end server to
86# fail.
87%/crl.pem: %/x509.pem ${srcdir}/%-crl.template
88        certtool --generate-crl \
89                --load-ca-privkey authority/secret.key \
90                --load-ca-certificate authority/x509.pem \
91                --load-certificate $< \
92                --template "${srcdir}/$(*)-crl.template" \
93                > $@
[3f00958]94
[e3cbda4]95msva.gnupghome/trustdb.gpg: authority/minimal.pgp client/cert.pgp
[37b52ea]96        mkdir -p -m 0700 $(dir $@)
[e3cbda4]97        GNUPGHOME=$(dir $@) gpg --import < $<
98        printf "%s:6:\n" "$$(GNUPGHOME=authority gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=$(dir $@) gpg --import-ownertrust
99        GNUPGHOME=$(dir $@) gpg --import < client/cert.pgp
100        printf "keyserver does-not-exist.example\n" > msva.gnupghome/gpg.conf
101
102
[33af2b7]103setup.done: $(all_tokens) msva.gnupghome/trustdb.gpg client.uid
[4b53371]104        mkdir -p logs cache outputs
105        touch setup.done
106
107
108clean:
[1b57c56]109        rm -rf server client authority logs cache outputs setup.done \
[33af2b7]110        server.template imposter.template msva.gnupghome \
[1b57c56]111        */*.pgp */*.gpg */*.gpg~ */*.pem */*.key authority.template \
[33af2b7]112        client.template client.uid server.uid *.lock tests/*/*.pem
[1b57c56]113        rmdir imposter rogueca || true
[4b53371]114
115.PHONY: all clean
Note: See TracBrowser for help on using the repository browser.