source: mod_gnutls/test/test_ca.mk @ 5b6a5d9

debian/masterdebian/stretch-backportsjessie-backportsupstream
Last change on this file since 5b6a5d9 was 5b6a5d9, checked in by Thomas Klute <thomas2.klute@…>, 4 years ago

Test suite: Honor "--disable-flock" while creating PGP certificates

Two hardcoded calls to flock were left in the rule to create PGP
certificates. They did not use timeouts and thus should work even on
Hurd, but the "--disable-flock" option should be applied consistently.

  • Property mode set to 100644
File size: 3.3 KB
RevLine 
[4b53371]1#!/usr/bin/make -f
[9a4d250]2# Authors:
3# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
4# Thomas Klute <thomas2.klute@uni-dortmund.de>
[4b53371]5
[9a4d250]6# General rules to set up a miniature CA & server & client environment
7# for the test suite
[4b53371]8
[33af2b7]9%.template: $(srcdir)/%.template.in
[4b53371]10        sed s/__HOSTNAME__/$(TEST_HOST)/ < $< > $@
11
[33af2b7]12%.uid: $(srcdir)/%.uid.in
[4b53371]13        sed s/__HOSTNAME__/$(TEST_HOST)/ < $< > $@
14
15%/secret.key:
16        mkdir -p $(dir $@)
17        chmod 0700 $(dir $@)
18        certtool --generate-privkey > $@
19
[3e800f9]20%/secring.gpg: %.uid %/secret.key
[4b53371]21        rm -f $(dir $@)pubring.gpg $(dir $@)secring.gpg $(dir $@)trustdb.gpg
[c25fc5d]22        PEM2OPENPGP_EXPIRATION=86400 PEM2OPENPGP_USAGE_FLAGS=authenticate,certify,sign pem2openpgp "$$(cat $<)" < $(dir $@)secret.key | GNUPGHOME=$(dir $@) gpg --import
[4b53371]23        printf "%s:6:\n" "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=$(dir $@) gpg --import-ownertrust
24
[3e800f9]25%/gpg.conf: %/secring.gpg
26        printf "default-key %s\n" "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
27
28%/secret.pgp: %/secring.gpg
29        GNUPGHOME=$(dir $@) gpg --armor --batch --no-tty --yes --export-secret-key "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
30
31%/minimal.pgp: %/secring.gpg
32        GNUPGHOME=$(dir $@) gpg --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
33
[d92899e]34# Import and signing modify the shared keyring, which leads to race
35# conditions with parallel make. Locking avoids this problem.
[3e800f9]36%/cert.pgp: %/minimal.pgp authority/gpg.conf
[5b6a5d9]37        GNUPGHOME=authority $(GPG_FLOCK) gpg --import $<
38        GNUPGHOME=authority $(GPG_FLOCK) gpg --batch --sign-key --no-tty --yes "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)"
[3e800f9]39        GNUPGHOME=authority gpg --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
40
41# special cases for the authorities' root certs:
[4b53371]42authority/x509.pem: authority.template authority/secret.key
[c32240f]43        certtool --generate-self-signed --load-privkey authority/secret.key --template authority.template > $@
[33af2b7]44rogueca/x509.pem: $(srcdir)/rogueca.template rogueca/secret.key
45        certtool --generate-self-signed --load-privkey rogueca/secret.key --template $(srcdir)/rogueca.template > $@
[4b53371]46
[a63301f]47%/cert-request: %.template %/secret.key
[c32240f]48        certtool --generate-request --load-privkey $(dir $@)secret.key --template $< > $@
[4b53371]49
[a63301f]50%/x509.pem: %.template %/cert-request authority/secret.key authority/x509.pem
[c32240f]51        certtool --generate-certificate --load-ca-certificate authority/x509.pem --load-ca-privkey authority/secret.key --load-request $(dir $@)cert-request --template $< > $@
[4b53371]52
[3f00958]53%/softhsm.db: %/x509.pem %/secret.key
[33af2b7]54        SOFTHSM_CONF="$(srcdir)/$(*)-softhsm.conf" $(srcdir)/softhsm.bash init $(dir $@)secret.key $(dir $@)x509.pem
55
56# Generate CRL revoking a certain certificate. Currently used to
57# revoke the server certificate and check if setting the CRL as
58# GnuTLSProxyCRLFile causes the connection to the back end server to
59# fail.
60%/crl.pem: %/x509.pem ${srcdir}/%-crl.template
61        certtool --generate-crl \
62                --load-ca-privkey authority/secret.key \
63                --load-ca-certificate authority/x509.pem \
64                --load-certificate $< \
65                --template "${srcdir}/$(*)-crl.template" \
66                > $@
Note: See TracBrowser for help on using the repository browser.