source: mod_gnutls/test/TestMakefile @ 349fd6e

debian/masterdebian/stretch-backportsjessie-backportsupstream
Last change on this file since 349fd6e was d92899e, checked in by Thomas Klute <thomas2.klute@…>, 5 years ago

Test suite: Add lock file for the shared GnuPG keyring

Key import and signing modify the shared keyring, which leads to race
conditions with parallel make. Locking avoids this problem.

  • Property mode set to 100644
File size: 4.1 KB
Line 
1#!/usr/bin/make -f
2
3# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
4
5# run these tests to ensure that mod_gnutls can handle a range of
6# simple configuration choices.
7
8export TEST_HOST ?= localhost
9export TEST_IP ?= ::1
10# chosen at random:
11export TEST_PORT ?= 9932
12export MSVA_PORT ?= 9933
13
14export TEST_GAP ?= 1.5
15export TEST_QUERY_DELAY ?= 30
16
17TEST_LOCK := ./test.lock
18
19all: setup.done
20        TEST_LOCK=$(TEST_LOCK) ./runtests
21
22t-%: setup.done
23        TEST_LOCK=$(TEST_LOCK) ./runtests $@
24
25
26
27
28
29### for setting up a little miniature CA + server + client environment:
30identities := server authority client imposter rogueca
31tokens := x509.pem secring.gpg secret.key cert.pgp secret.pgp
32all_tokens := $(foreach id,$(identities),$(foreach token,$(tokens),$(id)/$(token)))
33
34%.template: %.template.in
35        sed s/__HOSTNAME__/$(TEST_HOST)/ < $< > $@
36
37server.uid: server.uid.in
38        sed s/__HOSTNAME__/$(TEST_HOST)/ < $< > $@
39
40%/secret.key:
41        mkdir -p $(dir $@)
42        chmod 0700 $(dir $@)
43        certtool --generate-privkey > $@
44
45%/secring.gpg: %.uid %/secret.key
46        rm -f $(dir $@)pubring.gpg $(dir $@)secring.gpg $(dir $@)trustdb.gpg
47        PEM2OPENPGP_EXPIRATION=86400 PEM2OPENPGP_USAGE_FLAGS=authenticate,certify,sign pem2openpgp "$$(cat $<)" < $(dir $@)secret.key | GNUPGHOME=$(dir $@) gpg --import
48        printf "%s:6:\n" "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=$(dir $@) gpg --import-ownertrust
49
50%/gpg.conf: %/secring.gpg
51        printf "default-key %s\n" "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
52
53%/secret.pgp: %/secring.gpg
54        GNUPGHOME=$(dir $@) gpg --armor --batch --no-tty --yes --export-secret-key "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
55
56%/minimal.pgp: %/secring.gpg
57        GNUPGHOME=$(dir $@) gpg --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
58
59# Import and signing modify the shared keyring, which leads to race
60# conditions with parallel make. Locking avoids this problem.
61%/cert.pgp: %/minimal.pgp authority/gpg.conf
62        GNUPGHOME=authority flock authority/lock gpg --import $<
63        GNUPGHOME=authority flock authority/lock gpg --batch --sign-key --no-tty --yes "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)"
64        GNUPGHOME=authority gpg --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
65
66# special cases for the authorities' root certs:
67authority/x509.pem: authority.template authority/secret.key
68        certtool --generate-self-signed --load-privkey authority/secret.key --template authority.template > $@
69rogueca/x509.pem: rogueca.template rogueca/secret.key
70        certtool --generate-self-signed --load-privkey rogueca/secret.key --template rogueca.template > $@
71
72%/cert-request: %.template %/secret.key
73        certtool --generate-request --load-privkey $(dir $@)secret.key --template $< > $@
74
75%/x509.pem: %.template %/cert-request authority/secret.key authority/x509.pem
76        certtool --generate-certificate --load-ca-certificate authority/x509.pem --load-ca-privkey authority/secret.key --load-request $(dir $@)cert-request --template $< > $@
77
78%/softhsm.db: %/x509.pem %/secret.key
79        SOFTHSM_CONF="$(*)-softhsm.conf" ./softhsm.bash init $(dir $@)secret.key $(dir $@)x509.pem
80
81msva.gnupghome/trustdb.gpg: authority/minimal.pgp client/cert.pgp
82        mkdir -p -m 0700 $(dir $@)
83        GNUPGHOME=$(dir $@) gpg --import < $<
84        printf "%s:6:\n" "$$(GNUPGHOME=authority gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=$(dir $@) gpg --import-ownertrust
85        GNUPGHOME=$(dir $@) gpg --import < client/cert.pgp
86        printf "keyserver does-not-exist.example\n" > msva.gnupghome/gpg.conf
87
88
89setup.done: $(all_tokens) msva.gnupghome/trustdb.gpg
90        mkdir -p logs cache outputs
91        touch setup.done
92
93
94clean:
95        rm -rf server client authority logs cache outputs setup.done \
96        server.template msva.gnupghome \
97        */*.pgp */*.gpg */*.gpg~ */*.pem */*.key authority.template \
98        client.template server.uid *.lock tests/*/*.pem
99        rmdir imposter rogueca || true
100
101.PHONY: all clean
Note: See TracBrowser for help on using the repository browser.