source: mod_gnutls/test/TestMakefile @ af7da2d

debian/masterdebian/stretch-backportsjessie-backportsupstream
Last change on this file since af7da2d was af7da2d, checked in by Thomas Klute <thomas2.klute@…>, 4 years ago

Test suite: Start Apache directly again, search for httpd

Fedora installs a version of apachectl that does not pass arguments
through to Apache and relies on the system wide configuration. Thus
running the test suite there requires calling the Apache binary
directly. Search for it as "apache2" (name used in Debian) as well as
"httpd" (Fedora).

Also include test/cgi_module.conf and test/proxy_mods.conf in the
distribution archive.

  • Property mode set to 100644
File size: 4.9 KB
Line 
1#!/usr/bin/make -f
2
3# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
4
5# run these tests to ensure that mod_gnutls can handle a range of
6# simple configuration choices.
7
8export srcdir ?= .
9# If the Apache binary is not set, try to find apache2 in default PATH
10# (should only happen when the test script is run manually)
11export APACHE2 ?= apache2
12
13export TEST_HOST ?= localhost
14export TEST_IP ?= ::1
15# chosen at random:
16export TEST_PORT ?= 9932
17export MSVA_PORT ?= 9933
18
19export TEST_GAP ?= 1.5
20export TEST_QUERY_DELAY ?= 30
21
22TEST_LOCK := ./test.lock
23
24all: setup.done
25        TEST_LOCK=$(TEST_LOCK) $(srcdir)/runtests
26
27t-%: setup.done
28        TEST_LOCK=$(TEST_LOCK) $(srcdir)/runtests $@
29
30
31
32
33
34### for setting up a little miniature CA + server + client environment:
35identities := server authority client imposter rogueca
36tokens := x509.pem secring.gpg secret.key cert.pgp secret.pgp
37all_tokens := $(foreach id,$(identities),$(foreach token,$(tokens),$(id)/$(token)))
38
39%.template: $(srcdir)/%.template.in
40        sed s/__HOSTNAME__/$(TEST_HOST)/ < $< > $@
41
42%.uid: $(srcdir)/%.uid.in
43        sed s/__HOSTNAME__/$(TEST_HOST)/ < $< > $@
44
45%/secret.key:
46        mkdir -p $(dir $@)
47        chmod 0700 $(dir $@)
48        certtool --generate-privkey > $@
49
50%/secring.gpg: %.uid %/secret.key
51        rm -f $(dir $@)pubring.gpg $(dir $@)secring.gpg $(dir $@)trustdb.gpg
52        PEM2OPENPGP_EXPIRATION=86400 PEM2OPENPGP_USAGE_FLAGS=authenticate,certify,sign pem2openpgp "$$(cat $<)" < $(dir $@)secret.key | GNUPGHOME=$(dir $@) gpg --import
53        printf "%s:6:\n" "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=$(dir $@) gpg --import-ownertrust
54
55%/gpg.conf: %/secring.gpg
56        printf "default-key %s\n" "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
57
58%/secret.pgp: %/secring.gpg
59        GNUPGHOME=$(dir $@) gpg --armor --batch --no-tty --yes --export-secret-key "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
60
61%/minimal.pgp: %/secring.gpg
62        GNUPGHOME=$(dir $@) gpg --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
63
64# Import and signing modify the shared keyring, which leads to race
65# conditions with parallel make. Locking avoids this problem.
66%/cert.pgp: %/minimal.pgp authority/gpg.conf
67        GNUPGHOME=authority flock authority/lock gpg --import $<
68        GNUPGHOME=authority flock authority/lock gpg --batch --sign-key --no-tty --yes "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)"
69        GNUPGHOME=authority gpg --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
70
71# special cases for the authorities' root certs:
72authority/x509.pem: authority.template authority/secret.key
73        certtool --generate-self-signed --load-privkey authority/secret.key --template authority.template > $@
74rogueca/x509.pem: $(srcdir)/rogueca.template rogueca/secret.key
75        certtool --generate-self-signed --load-privkey rogueca/secret.key --template $(srcdir)/rogueca.template > $@
76
77%/cert-request: %.template %/secret.key
78        certtool --generate-request --load-privkey $(dir $@)secret.key --template $< > $@
79
80%/x509.pem: %.template %/cert-request authority/secret.key authority/x509.pem
81        certtool --generate-certificate --load-ca-certificate authority/x509.pem --load-ca-privkey authority/secret.key --load-request $(dir $@)cert-request --template $< > $@
82
83%/softhsm.db: %/x509.pem %/secret.key
84        SOFTHSM_CONF="$(srcdir)/$(*)-softhsm.conf" $(srcdir)/softhsm.bash init $(dir $@)secret.key $(dir $@)x509.pem
85
86# Generate CRL revoking a certain certificate. Currently used to
87# revoke the server certificate and check if setting the CRL as
88# GnuTLSProxyCRLFile causes the connection to the back end server to
89# fail.
90%/crl.pem: %/x509.pem ${srcdir}/%-crl.template
91        certtool --generate-crl \
92                --load-ca-privkey authority/secret.key \
93                --load-ca-certificate authority/x509.pem \
94                --load-certificate $< \
95                --template "${srcdir}/$(*)-crl.template" \
96                > $@
97
98msva.gnupghome/trustdb.gpg: authority/minimal.pgp client/cert.pgp
99        mkdir -p -m 0700 $(dir $@)
100        GNUPGHOME=$(dir $@) gpg --import < $<
101        printf "%s:6:\n" "$$(GNUPGHOME=authority gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=$(dir $@) gpg --import-ownertrust
102        GNUPGHOME=$(dir $@) gpg --import < client/cert.pgp
103        printf "keyserver does-not-exist.example\n" > msva.gnupghome/gpg.conf
104
105
106setup.done: $(all_tokens) msva.gnupghome/trustdb.gpg client.uid
107        mkdir -p logs cache outputs
108        touch setup.done
109
110
111clean:
112        rm -rf server client authority logs cache outputs setup.done \
113        server.template imposter.template msva.gnupghome \
114        */*.pgp */*.gpg */*.gpg~ */*.pem */*.key authority.template \
115        client.template client.uid server.uid *.lock tests/*/*.pem
116        rmdir imposter rogueca || true
117
118.PHONY: all clean
Note: See TracBrowser for help on using the repository browser.