source: mod_gnutls/test/TestMakefile @ 03295a9

debian/masterdebian/stretch-backportsjessie-backportsupstream
Last change on this file since 03295a9 was 33af2b7, checked in by Thomas Klute <thomas2.klute@…>, 5 years ago

Test suite: Add tests to "dist" target and support VPATH builds

Supporting VPATH builds requires using $srcdir to find non-generated
data rather than fixed relative paths. If test are not called through
the make system, local defaults must be used. Not changing directories
during tests any more makes this easier.

A few files (e.g. templates, generated CRL) have been moved around to
better match the new structure.

  • Property mode set to 100644
File size: 4.7 KB
Line 
1#!/usr/bin/make -f
2
3# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
4
5# run these tests to ensure that mod_gnutls can handle a range of
6# simple configuration choices.
7
8export srcdir ?= .
9
10export TEST_HOST ?= localhost
11export TEST_IP ?= ::1
12# chosen at random:
13export TEST_PORT ?= 9932
14export MSVA_PORT ?= 9933
15
16export TEST_GAP ?= 1.5
17export TEST_QUERY_DELAY ?= 30
18
19TEST_LOCK := ./test.lock
20
21all: setup.done
22        TEST_LOCK=$(TEST_LOCK) $(srcdir)/runtests
23
24t-%: setup.done
25        TEST_LOCK=$(TEST_LOCK) $(srcdir)/runtests $@
26
27
28
29
30
31### for setting up a little miniature CA + server + client environment:
32identities := server authority client imposter rogueca
33tokens := x509.pem secring.gpg secret.key cert.pgp secret.pgp
34all_tokens := $(foreach id,$(identities),$(foreach token,$(tokens),$(id)/$(token)))
35
36%.template: $(srcdir)/%.template.in
37        sed s/__HOSTNAME__/$(TEST_HOST)/ < $< > $@
38
39%.uid: $(srcdir)/%.uid.in
40        sed s/__HOSTNAME__/$(TEST_HOST)/ < $< > $@
41
42%/secret.key:
43        mkdir -p $(dir $@)
44        chmod 0700 $(dir $@)
45        certtool --generate-privkey > $@
46
47%/secring.gpg: %.uid %/secret.key
48        rm -f $(dir $@)pubring.gpg $(dir $@)secring.gpg $(dir $@)trustdb.gpg
49        PEM2OPENPGP_EXPIRATION=86400 PEM2OPENPGP_USAGE_FLAGS=authenticate,certify,sign pem2openpgp "$$(cat $<)" < $(dir $@)secret.key | GNUPGHOME=$(dir $@) gpg --import
50        printf "%s:6:\n" "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=$(dir $@) gpg --import-ownertrust
51
52%/gpg.conf: %/secring.gpg
53        printf "default-key %s\n" "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
54
55%/secret.pgp: %/secring.gpg
56        GNUPGHOME=$(dir $@) gpg --armor --batch --no-tty --yes --export-secret-key "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
57
58%/minimal.pgp: %/secring.gpg
59        GNUPGHOME=$(dir $@) gpg --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
60
61# Import and signing modify the shared keyring, which leads to race
62# conditions with parallel make. Locking avoids this problem.
63%/cert.pgp: %/minimal.pgp authority/gpg.conf
64        GNUPGHOME=authority flock authority/lock gpg --import $<
65        GNUPGHOME=authority flock authority/lock gpg --batch --sign-key --no-tty --yes "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)"
66        GNUPGHOME=authority gpg --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
67
68# special cases for the authorities' root certs:
69authority/x509.pem: authority.template authority/secret.key
70        certtool --generate-self-signed --load-privkey authority/secret.key --template authority.template > $@
71rogueca/x509.pem: $(srcdir)/rogueca.template rogueca/secret.key
72        certtool --generate-self-signed --load-privkey rogueca/secret.key --template $(srcdir)/rogueca.template > $@
73
74%/cert-request: %.template %/secret.key
75        certtool --generate-request --load-privkey $(dir $@)secret.key --template $< > $@
76
77%/x509.pem: %.template %/cert-request authority/secret.key authority/x509.pem
78        certtool --generate-certificate --load-ca-certificate authority/x509.pem --load-ca-privkey authority/secret.key --load-request $(dir $@)cert-request --template $< > $@
79
80%/softhsm.db: %/x509.pem %/secret.key
81        SOFTHSM_CONF="$(srcdir)/$(*)-softhsm.conf" $(srcdir)/softhsm.bash init $(dir $@)secret.key $(dir $@)x509.pem
82
83# Generate CRL revoking a certain certificate. Currently used to
84# revoke the server certificate and check if setting the CRL as
85# GnuTLSProxyCRLFile causes the connection to the back end server to
86# fail.
87%/crl.pem: %/x509.pem ${srcdir}/%-crl.template
88        certtool --generate-crl \
89                --load-ca-privkey authority/secret.key \
90                --load-ca-certificate authority/x509.pem \
91                --load-certificate $< \
92                --template "${srcdir}/$(*)-crl.template" \
93                > $@
94
95msva.gnupghome/trustdb.gpg: authority/minimal.pgp client/cert.pgp
96        mkdir -p -m 0700 $(dir $@)
97        GNUPGHOME=$(dir $@) gpg --import < $<
98        printf "%s:6:\n" "$$(GNUPGHOME=authority gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=$(dir $@) gpg --import-ownertrust
99        GNUPGHOME=$(dir $@) gpg --import < client/cert.pgp
100        printf "keyserver does-not-exist.example\n" > msva.gnupghome/gpg.conf
101
102
103setup.done: $(all_tokens) msva.gnupghome/trustdb.gpg client.uid
104        mkdir -p logs cache outputs
105        touch setup.done
106
107
108clean:
109        rm -rf server client authority logs cache outputs setup.done \
110        server.template imposter.template msva.gnupghome \
111        */*.pgp */*.gpg */*.gpg~ */*.pem */*.key authority.template \
112        client.template client.uid server.uid *.lock tests/*/*.pem
113        rmdir imposter rogueca || true
114
115.PHONY: all clean
Note: See TracBrowser for help on using the repository browser.