source: mod_gnutls/test/TestMakefile @ 7adbcd7

debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
Last change on this file since 7adbcd7 was 7adbcd7, checked in by Thomas Klute <thomas2.klute@…>, 5 years ago

Test suite: Wait loop for MSVA startup

Until now, there was a fixed wait time for MSVA startup. This caused one
of two problems: Either the wait time was short, risiking a test failure
due to MSVA not being ready in time, or it was long, making test runs
slow. Waiting just a short time but retrying for a longer time if
necessary helps.

  • Property mode set to 100644
File size: 4.9 KB
RevLine 
[4b53371]1#!/usr/bin/make -f
2
3# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
4
5# run these tests to ensure that mod_gnutls can handle a range of
6# simple configuration choices.
7
[33af2b7]8export srcdir ?= .
[af7da2d]9# If the Apache binary is not set, try to find apache2 in default PATH
10# (should only happen when the test script is run manually)
11export APACHE2 ?= apache2
[33af2b7]12
[4b53371]13export TEST_HOST ?= localhost
14export TEST_IP ?= ::1
15# chosen at random:
16export TEST_PORT ?= 9932
[e3cbda4]17export MSVA_PORT ?= 9933
[4b53371]18
[7adbcd7]19export TEST_GAP ?= 0.4
20export TEST_MSVA_MAX_WAIT ?= 10
[232fb60]21export TEST_QUERY_DELAY ?= 30
[4b53371]22
[9a06bbd]23TEST_LOCK := ./test.lock
24
[4b53371]25all: setup.done
[33af2b7]26        TEST_LOCK=$(TEST_LOCK) $(srcdir)/runtests
[4b53371]27
28t-%: setup.done
[33af2b7]29        TEST_LOCK=$(TEST_LOCK) $(srcdir)/runtests $@
[4b53371]30
31
32
33
34
35### for setting up a little miniature CA + server + client environment:
36identities := server authority client imposter rogueca
[3e800f9]37tokens := x509.pem secring.gpg secret.key cert.pgp secret.pgp
[4b53371]38all_tokens := $(foreach id,$(identities),$(foreach token,$(tokens),$(id)/$(token)))
39
[33af2b7]40%.template: $(srcdir)/%.template.in
[4b53371]41        sed s/__HOSTNAME__/$(TEST_HOST)/ < $< > $@
42
[33af2b7]43%.uid: $(srcdir)/%.uid.in
[4b53371]44        sed s/__HOSTNAME__/$(TEST_HOST)/ < $< > $@
45
46%/secret.key:
47        mkdir -p $(dir $@)
48        chmod 0700 $(dir $@)
49        certtool --generate-privkey > $@
50
[3e800f9]51%/secring.gpg: %.uid %/secret.key
[4b53371]52        rm -f $(dir $@)pubring.gpg $(dir $@)secring.gpg $(dir $@)trustdb.gpg
[c25fc5d]53        PEM2OPENPGP_EXPIRATION=86400 PEM2OPENPGP_USAGE_FLAGS=authenticate,certify,sign pem2openpgp "$$(cat $<)" < $(dir $@)secret.key | GNUPGHOME=$(dir $@) gpg --import
[4b53371]54        printf "%s:6:\n" "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=$(dir $@) gpg --import-ownertrust
55
[3e800f9]56%/gpg.conf: %/secring.gpg
57        printf "default-key %s\n" "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
58
59%/secret.pgp: %/secring.gpg
60        GNUPGHOME=$(dir $@) gpg --armor --batch --no-tty --yes --export-secret-key "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
61
62%/minimal.pgp: %/secring.gpg
63        GNUPGHOME=$(dir $@) gpg --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
64
[d92899e]65# Import and signing modify the shared keyring, which leads to race
66# conditions with parallel make. Locking avoids this problem.
[3e800f9]67%/cert.pgp: %/minimal.pgp authority/gpg.conf
[d92899e]68        GNUPGHOME=authority flock authority/lock gpg --import $<
69        GNUPGHOME=authority flock authority/lock gpg --batch --sign-key --no-tty --yes "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)"
[3e800f9]70        GNUPGHOME=authority gpg --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
71
72# special cases for the authorities' root certs:
[4b53371]73authority/x509.pem: authority.template authority/secret.key
[c32240f]74        certtool --generate-self-signed --load-privkey authority/secret.key --template authority.template > $@
[33af2b7]75rogueca/x509.pem: $(srcdir)/rogueca.template rogueca/secret.key
76        certtool --generate-self-signed --load-privkey rogueca/secret.key --template $(srcdir)/rogueca.template > $@
[4b53371]77
78%/cert-request: %.template %/secret.key
[c32240f]79        certtool --generate-request --load-privkey $(dir $@)secret.key --template $< > $@
[4b53371]80
81%/x509.pem: %.template %/cert-request authority/secret.key authority/x509.pem
[c32240f]82        certtool --generate-certificate --load-ca-certificate authority/x509.pem --load-ca-privkey authority/secret.key --load-request $(dir $@)cert-request --template $< > $@
[4b53371]83
[3f00958]84%/softhsm.db: %/x509.pem %/secret.key
[33af2b7]85        SOFTHSM_CONF="$(srcdir)/$(*)-softhsm.conf" $(srcdir)/softhsm.bash init $(dir $@)secret.key $(dir $@)x509.pem
86
87# Generate CRL revoking a certain certificate. Currently used to
88# revoke the server certificate and check if setting the CRL as
89# GnuTLSProxyCRLFile causes the connection to the back end server to
90# fail.
91%/crl.pem: %/x509.pem ${srcdir}/%-crl.template
92        certtool --generate-crl \
93                --load-ca-privkey authority/secret.key \
94                --load-ca-certificate authority/x509.pem \
95                --load-certificate $< \
96                --template "${srcdir}/$(*)-crl.template" \
97                > $@
[3f00958]98
[e3cbda4]99msva.gnupghome/trustdb.gpg: authority/minimal.pgp client/cert.pgp
[37b52ea]100        mkdir -p -m 0700 $(dir $@)
[e3cbda4]101        GNUPGHOME=$(dir $@) gpg --import < $<
102        printf "%s:6:\n" "$$(GNUPGHOME=authority gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=$(dir $@) gpg --import-ownertrust
103        GNUPGHOME=$(dir $@) gpg --import < client/cert.pgp
104        printf "keyserver does-not-exist.example\n" > msva.gnupghome/gpg.conf
105
106
[33af2b7]107setup.done: $(all_tokens) msva.gnupghome/trustdb.gpg client.uid
[4b53371]108        mkdir -p logs cache outputs
109        touch setup.done
110
111
112clean:
[1b57c56]113        rm -rf server client authority logs cache outputs setup.done \
[33af2b7]114        server.template imposter.template msva.gnupghome \
[1b57c56]115        */*.pgp */*.gpg */*.gpg~ */*.pem */*.key authority.template \
[33af2b7]116        client.template client.uid server.uid *.lock tests/*/*.pem
[1b57c56]117        rmdir imposter rogueca || true
[4b53371]118
119.PHONY: all clean
Note: See TracBrowser for help on using the repository browser.