source: mod_gnutls/test/TestMakefile @ 52c3f68

debian/masterdebian/stretch-backportsjessie-backportsupstream
Last change on this file since 52c3f68 was 52c3f68, checked in by Thomas Klute <thomas2.klute@…>, 5 years ago

Detect apache(2?)ctl and use it instead of starting Apache directly

This should help with portability across distributions that install the
Apache binary under different paths.

  • Property mode set to 100644
File size: 4.8 KB
Line 
1#!/usr/bin/make -f
2
3# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
4
5# run these tests to ensure that mod_gnutls can handle a range of
6# simple configuration choices.
7
8export srcdir ?= .
9# try default PATH for apachectl if missing (should only happen when
10# the test script is run manually)
11export APACHECTL ?= apachectl
12
13export TEST_HOST ?= localhost
14export TEST_IP ?= ::1
15# chosen at random:
16export TEST_PORT ?= 9932
17export MSVA_PORT ?= 9933
18
19export TEST_GAP ?= 1.5
20export TEST_QUERY_DELAY ?= 30
21
22TEST_LOCK := ./test.lock
23
24all: setup.done
25        TEST_LOCK=$(TEST_LOCK) $(srcdir)/runtests
26
27t-%: setup.done
28        TEST_LOCK=$(TEST_LOCK) $(srcdir)/runtests $@
29
30
31
32
33
34### for setting up a little miniature CA + server + client environment:
35identities := server authority client imposter rogueca
36tokens := x509.pem secring.gpg secret.key cert.pgp secret.pgp
37all_tokens := $(foreach id,$(identities),$(foreach token,$(tokens),$(id)/$(token)))
38
39%.template: $(srcdir)/%.template.in
40        sed s/__HOSTNAME__/$(TEST_HOST)/ < $< > $@
41
42%.uid: $(srcdir)/%.uid.in
43        sed s/__HOSTNAME__/$(TEST_HOST)/ < $< > $@
44
45%/secret.key:
46        mkdir -p $(dir $@)
47        chmod 0700 $(dir $@)
48        certtool --generate-privkey > $@
49
50%/secring.gpg: %.uid %/secret.key
51        rm -f $(dir $@)pubring.gpg $(dir $@)secring.gpg $(dir $@)trustdb.gpg
52        PEM2OPENPGP_EXPIRATION=86400 PEM2OPENPGP_USAGE_FLAGS=authenticate,certify,sign pem2openpgp "$$(cat $<)" < $(dir $@)secret.key | GNUPGHOME=$(dir $@) gpg --import
53        printf "%s:6:\n" "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=$(dir $@) gpg --import-ownertrust
54
55%/gpg.conf: %/secring.gpg
56        printf "default-key %s\n" "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
57
58%/secret.pgp: %/secring.gpg
59        GNUPGHOME=$(dir $@) gpg --armor --batch --no-tty --yes --export-secret-key "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
60
61%/minimal.pgp: %/secring.gpg
62        GNUPGHOME=$(dir $@) gpg --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
63
64# Import and signing modify the shared keyring, which leads to race
65# conditions with parallel make. Locking avoids this problem.
66%/cert.pgp: %/minimal.pgp authority/gpg.conf
67        GNUPGHOME=authority flock authority/lock gpg --import $<
68        GNUPGHOME=authority flock authority/lock gpg --batch --sign-key --no-tty --yes "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)"
69        GNUPGHOME=authority gpg --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
70
71# special cases for the authorities' root certs:
72authority/x509.pem: authority.template authority/secret.key
73        certtool --generate-self-signed --load-privkey authority/secret.key --template authority.template > $@
74rogueca/x509.pem: $(srcdir)/rogueca.template rogueca/secret.key
75        certtool --generate-self-signed --load-privkey rogueca/secret.key --template $(srcdir)/rogueca.template > $@
76
77%/cert-request: %.template %/secret.key
78        certtool --generate-request --load-privkey $(dir $@)secret.key --template $< > $@
79
80%/x509.pem: %.template %/cert-request authority/secret.key authority/x509.pem
81        certtool --generate-certificate --load-ca-certificate authority/x509.pem --load-ca-privkey authority/secret.key --load-request $(dir $@)cert-request --template $< > $@
82
83%/softhsm.db: %/x509.pem %/secret.key
84        SOFTHSM_CONF="$(srcdir)/$(*)-softhsm.conf" $(srcdir)/softhsm.bash init $(dir $@)secret.key $(dir $@)x509.pem
85
86# Generate CRL revoking a certain certificate. Currently used to
87# revoke the server certificate and check if setting the CRL as
88# GnuTLSProxyCRLFile causes the connection to the back end server to
89# fail.
90%/crl.pem: %/x509.pem ${srcdir}/%-crl.template
91        certtool --generate-crl \
92                --load-ca-privkey authority/secret.key \
93                --load-ca-certificate authority/x509.pem \
94                --load-certificate $< \
95                --template "${srcdir}/$(*)-crl.template" \
96                > $@
97
98msva.gnupghome/trustdb.gpg: authority/minimal.pgp client/cert.pgp
99        mkdir -p -m 0700 $(dir $@)
100        GNUPGHOME=$(dir $@) gpg --import < $<
101        printf "%s:6:\n" "$$(GNUPGHOME=authority gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=$(dir $@) gpg --import-ownertrust
102        GNUPGHOME=$(dir $@) gpg --import < client/cert.pgp
103        printf "keyserver does-not-exist.example\n" > msva.gnupghome/gpg.conf
104
105
106setup.done: $(all_tokens) msva.gnupghome/trustdb.gpg client.uid
107        mkdir -p logs cache outputs
108        touch setup.done
109
110
111clean:
112        rm -rf server client authority logs cache outputs setup.done \
113        server.template imposter.template msva.gnupghome \
114        */*.pgp */*.gpg */*.gpg~ */*.pem */*.key authority.template \
115        client.template client.uid server.uid *.lock tests/*/*.pem
116        rmdir imposter rogueca || true
117
118.PHONY: all clean
Note: See TracBrowser for help on using the repository browser.