[4b53371] | 1 | #!/usr/bin/make -f |
---|
| 2 | |
---|
| 3 | # Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net> |
---|
| 4 | |
---|
| 5 | # run these tests to ensure that mod_gnutls can handle a range of |
---|
| 6 | # simple configuration choices. |
---|
| 7 | |
---|
| 8 | export TEST_HOST ?= localhost |
---|
| 9 | export TEST_IP ?= ::1 |
---|
| 10 | # chosen at random: |
---|
| 11 | export TEST_PORT ?= 9932 |
---|
[e3cbda4] | 12 | export MSVA_PORT ?= 9933 |
---|
[4b53371] | 13 | |
---|
| 14 | export TEST_GAP ?= 1.5 |
---|
[dda3acf] | 15 | export TEST_QUERY_DELAY ?= 6 |
---|
[4b53371] | 16 | |
---|
[9a06bbd] | 17 | TEST_LOCK := ./test.lock |
---|
| 18 | |
---|
[4b53371] | 19 | all: setup.done |
---|
[9a06bbd] | 20 | TEST_LOCK=$(TEST_LOCK) ./runtests |
---|
[4b53371] | 21 | |
---|
| 22 | t-%: setup.done |
---|
[9a06bbd] | 23 | TEST_LOCK=$(TEST_LOCK) ./runtests $@ |
---|
[4b53371] | 24 | |
---|
| 25 | |
---|
| 26 | |
---|
| 27 | |
---|
| 28 | |
---|
| 29 | ### for setting up a little miniature CA + server + client environment: |
---|
| 30 | identities := server authority client imposter rogueca |
---|
[3e800f9] | 31 | tokens := x509.pem secring.gpg secret.key cert.pgp secret.pgp |
---|
[4b53371] | 32 | all_tokens := $(foreach id,$(identities),$(foreach token,$(tokens),$(id)/$(token))) |
---|
| 33 | |
---|
| 34 | %.template: %.template.in |
---|
| 35 | sed s/__HOSTNAME__/$(TEST_HOST)/ < $< > $@ |
---|
| 36 | |
---|
| 37 | server.uid: server.uid.in |
---|
| 38 | sed s/__HOSTNAME__/$(TEST_HOST)/ < $< > $@ |
---|
| 39 | |
---|
| 40 | %/secret.key: |
---|
| 41 | mkdir -p $(dir $@) |
---|
| 42 | chmod 0700 $(dir $@) |
---|
| 43 | certtool --generate-privkey > $@ |
---|
| 44 | |
---|
[3e800f9] | 45 | %/secring.gpg: %.uid %/secret.key |
---|
[4b53371] | 46 | rm -f $(dir $@)pubring.gpg $(dir $@)secring.gpg $(dir $@)trustdb.gpg |
---|
[c25fc5d] | 47 | PEM2OPENPGP_EXPIRATION=86400 PEM2OPENPGP_USAGE_FLAGS=authenticate,certify,sign pem2openpgp "$$(cat $<)" < $(dir $@)secret.key | GNUPGHOME=$(dir $@) gpg --import |
---|
[4b53371] | 48 | printf "%s:6:\n" "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=$(dir $@) gpg --import-ownertrust |
---|
| 49 | |
---|
[3e800f9] | 50 | %/gpg.conf: %/secring.gpg |
---|
| 51 | printf "default-key %s\n" "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@ |
---|
| 52 | |
---|
| 53 | %/secret.pgp: %/secring.gpg |
---|
| 54 | GNUPGHOME=$(dir $@) gpg --armor --batch --no-tty --yes --export-secret-key "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@ |
---|
| 55 | |
---|
| 56 | %/minimal.pgp: %/secring.gpg |
---|
| 57 | GNUPGHOME=$(dir $@) gpg --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@ |
---|
| 58 | |
---|
| 59 | %/cert.pgp: %/minimal.pgp authority/gpg.conf |
---|
| 60 | GNUPGHOME=authority gpg --import $< |
---|
| 61 | GNUPGHOME=authority gpg --batch --sign-key --no-tty --yes "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" |
---|
| 62 | GNUPGHOME=authority gpg --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@ |
---|
| 63 | |
---|
| 64 | # special cases for the authorities' root certs: |
---|
[4b53371] | 65 | authority/x509.pem: authority.template authority/secret.key |
---|
[c32240f] | 66 | certtool --generate-self-signed --load-privkey authority/secret.key --template authority.template > $@ |
---|
[4b53371] | 67 | rogueca/x509.pem: rogueca.template rogueca/secret.key |
---|
[c32240f] | 68 | certtool --generate-self-signed --load-privkey rogueca/secret.key --template rogueca.template > $@ |
---|
[4b53371] | 69 | |
---|
| 70 | %/cert-request: %.template %/secret.key |
---|
[c32240f] | 71 | certtool --generate-request --load-privkey $(dir $@)secret.key --template $< > $@ |
---|
[4b53371] | 72 | |
---|
| 73 | %/x509.pem: %.template %/cert-request authority/secret.key authority/x509.pem |
---|
[c32240f] | 74 | certtool --generate-certificate --load-ca-certificate authority/x509.pem --load-ca-privkey authority/secret.key --load-request $(dir $@)cert-request --template $< > $@ |
---|
[4b53371] | 75 | |
---|
[e3cbda4] | 76 | msva.gnupghome/trustdb.gpg: authority/minimal.pgp client/cert.pgp |
---|
[37b52ea] | 77 | mkdir -p -m 0700 $(dir $@) |
---|
[e3cbda4] | 78 | GNUPGHOME=$(dir $@) gpg --import < $< |
---|
| 79 | printf "%s:6:\n" "$$(GNUPGHOME=authority gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=$(dir $@) gpg --import-ownertrust |
---|
| 80 | GNUPGHOME=$(dir $@) gpg --import < client/cert.pgp |
---|
| 81 | printf "keyserver does-not-exist.example\n" > msva.gnupghome/gpg.conf |
---|
| 82 | |
---|
| 83 | |
---|
| 84 | setup.done: $(all_tokens) msva.gnupghome/trustdb.gpg |
---|
[4b53371] | 85 | mkdir -p logs cache outputs |
---|
| 86 | touch setup.done |
---|
| 87 | |
---|
| 88 | |
---|
| 89 | clean: |
---|
[a8df590] | 90 | rm -rf server client authority logs cache outputs setup.done server.template msva.gnupghome \ |
---|
[87208b5] | 91 | */*.pgp */*.gpg */*.gpg~ */*.pem */*.key authority.template client.template server.uid |
---|
| 92 | rmdir imposter rogueca |
---|
[4b53371] | 93 | |
---|
| 94 | .PHONY: all clean |
---|