source: mod_gnutls/test/test_ca.mk @ 4d2d182

debian/masterdebian/stretch-backportsjessie-backportsupstream
Last change on this file since 4d2d182 was 5b6a5d9, checked in by Thomas Klute <thomas2.klute@…>, 4 years ago

Test suite: Honor "--disable-flock" while creating PGP certificates

Two hardcoded calls to flock were left in the rule to create PGP
certificates. They did not use timeouts and thus should work even on
Hurd, but the "--disable-flock" option should be applied consistently.

  • Property mode set to 100644
File size: 3.3 KB
Line 
1#!/usr/bin/make -f
2# Authors:
3# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
4# Thomas Klute <thomas2.klute@uni-dortmund.de>
5
6# General rules to set up a miniature CA & server & client environment
7# for the test suite
8
9%.template: $(srcdir)/%.template.in
10        sed s/__HOSTNAME__/$(TEST_HOST)/ < $< > $@
11
12%.uid: $(srcdir)/%.uid.in
13        sed s/__HOSTNAME__/$(TEST_HOST)/ < $< > $@
14
15%/secret.key:
16        mkdir -p $(dir $@)
17        chmod 0700 $(dir $@)
18        certtool --generate-privkey > $@
19
20%/secring.gpg: %.uid %/secret.key
21        rm -f $(dir $@)pubring.gpg $(dir $@)secring.gpg $(dir $@)trustdb.gpg
22        PEM2OPENPGP_EXPIRATION=86400 PEM2OPENPGP_USAGE_FLAGS=authenticate,certify,sign pem2openpgp "$$(cat $<)" < $(dir $@)secret.key | GNUPGHOME=$(dir $@) gpg --import
23        printf "%s:6:\n" "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=$(dir $@) gpg --import-ownertrust
24
25%/gpg.conf: %/secring.gpg
26        printf "default-key %s\n" "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
27
28%/secret.pgp: %/secring.gpg
29        GNUPGHOME=$(dir $@) gpg --armor --batch --no-tty --yes --export-secret-key "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
30
31%/minimal.pgp: %/secring.gpg
32        GNUPGHOME=$(dir $@) gpg --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
33
34# Import and signing modify the shared keyring, which leads to race
35# conditions with parallel make. Locking avoids this problem.
36%/cert.pgp: %/minimal.pgp authority/gpg.conf
37        GNUPGHOME=authority $(GPG_FLOCK) gpg --import $<
38        GNUPGHOME=authority $(GPG_FLOCK) gpg --batch --sign-key --no-tty --yes "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)"
39        GNUPGHOME=authority gpg --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
40
41# special cases for the authorities' root certs:
42authority/x509.pem: authority.template authority/secret.key
43        certtool --generate-self-signed --load-privkey authority/secret.key --template authority.template > $@
44rogueca/x509.pem: $(srcdir)/rogueca.template rogueca/secret.key
45        certtool --generate-self-signed --load-privkey rogueca/secret.key --template $(srcdir)/rogueca.template > $@
46
47%/cert-request: %.template %/secret.key
48        certtool --generate-request --load-privkey $(dir $@)secret.key --template $< > $@
49
50%/x509.pem: %.template %/cert-request authority/secret.key authority/x509.pem
51        certtool --generate-certificate --load-ca-certificate authority/x509.pem --load-ca-privkey authority/secret.key --load-request $(dir $@)cert-request --template $< > $@
52
53%/softhsm.db: %/x509.pem %/secret.key
54        SOFTHSM_CONF="$(srcdir)/$(*)-softhsm.conf" $(srcdir)/softhsm.bash init $(dir $@)secret.key $(dir $@)x509.pem
55
56# Generate CRL revoking a certain certificate. Currently used to
57# revoke the server certificate and check if setting the CRL as
58# GnuTLSProxyCRLFile causes the connection to the back end server to
59# fail.
60%/crl.pem: %/x509.pem ${srcdir}/%-crl.template
61        certtool --generate-crl \
62                --load-ca-privkey authority/secret.key \
63                --load-ca-certificate authority/x509.pem \
64                --load-certificate $< \
65                --template "${srcdir}/$(*)-crl.template" \
66                > $@
Note: See TracBrowser for help on using the repository browser.