source: mod_gnutls/test/TestMakefile @ 9a4d250

asynciodebian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
Last change on this file since 9a4d250 was 9a4d250, checked in by Thomas Klute <thomas2.klute@…>, 5 years ago

Avoid external make calls for test environment setup

All targets needed to set up the test suite environment are now
directly handled by the makefile created through automake, avoiding
any external make calls. The rules for X.509 and PGP certificate
management are included from the old test makefile through automake.

Note that those included rules use syntax that automake warns is GNU
make specific and might not work with other make implementations. This
is not a regression, just increased visibility, so automake
portability warnings are ignored.

  • Property mode set to 100644
File size: 3.3 KB
Line 
1#!/usr/bin/make -f
2# Authors:
3# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
4# Thomas Klute <thomas2.klute@uni-dortmund.de>
5
6# General rules to set up a miniature CA & server & client environment
7# for the test suite
8
9%.template: $(srcdir)/%.template.in
10        sed s/__HOSTNAME__/$(TEST_HOST)/ < $< > $@
11
12%.uid: $(srcdir)/%.uid.in
13        sed s/__HOSTNAME__/$(TEST_HOST)/ < $< > $@
14
15%/secret.key:
16        mkdir -p $(dir $@)
17        chmod 0700 $(dir $@)
18        certtool --generate-privkey > $@
19
20%/secring.gpg: %.uid %/secret.key
21        rm -f $(dir $@)pubring.gpg $(dir $@)secring.gpg $(dir $@)trustdb.gpg
22        PEM2OPENPGP_EXPIRATION=86400 PEM2OPENPGP_USAGE_FLAGS=authenticate,certify,sign pem2openpgp "$$(cat $<)" < $(dir $@)secret.key | GNUPGHOME=$(dir $@) gpg --import
23        printf "%s:6:\n" "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=$(dir $@) gpg --import-ownertrust
24
25%/gpg.conf: %/secring.gpg
26        printf "default-key %s\n" "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
27
28%/secret.pgp: %/secring.gpg
29        GNUPGHOME=$(dir $@) gpg --armor --batch --no-tty --yes --export-secret-key "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
30
31%/minimal.pgp: %/secring.gpg
32        GNUPGHOME=$(dir $@) gpg --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
33
34# Import and signing modify the shared keyring, which leads to race
35# conditions with parallel make. Locking avoids this problem.
36%/cert.pgp: %/minimal.pgp authority/gpg.conf
37        GNUPGHOME=authority flock authority/lock gpg --import $<
38        GNUPGHOME=authority flock authority/lock gpg --batch --sign-key --no-tty --yes "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)"
39        GNUPGHOME=authority gpg --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
40
41# special cases for the authorities' root certs:
42authority/x509.pem: authority.template authority/secret.key
43        certtool --generate-self-signed --load-privkey authority/secret.key --template authority.template > $@
44rogueca/x509.pem: $(srcdir)/rogueca.template rogueca/secret.key
45        certtool --generate-self-signed --load-privkey rogueca/secret.key --template $(srcdir)/rogueca.template > $@
46
47%/cert-request: %.template %/secret.key
48        certtool --generate-request --load-privkey $(dir $@)secret.key --template $< > $@
49
50%/x509.pem: %.template %/cert-request authority/secret.key authority/x509.pem
51        certtool --generate-certificate --load-ca-certificate authority/x509.pem --load-ca-privkey authority/secret.key --load-request $(dir $@)cert-request --template $< > $@
52
53%/softhsm.db: %/x509.pem %/secret.key
54        SOFTHSM_CONF="$(srcdir)/$(*)-softhsm.conf" $(srcdir)/softhsm.bash init $(dir $@)secret.key $(dir $@)x509.pem
55
56# Generate CRL revoking a certain certificate. Currently used to
57# revoke the server certificate and check if setting the CRL as
58# GnuTLSProxyCRLFile causes the connection to the back end server to
59# fail.
60%/crl.pem: %/x509.pem ${srcdir}/%-crl.template
61        certtool --generate-crl \
62                --load-ca-privkey authority/secret.key \
63                --load-ca-certificate authority/x509.pem \
64                --load-certificate $< \
65                --template "${srcdir}/$(*)-crl.template" \
66                > $@
Note: See TracBrowser for help on using the repository browser.