diff --git a/Makefile b/Makefile index 745789ef39..e09918c1a7 100644 --- a/Makefile +++ b/Makefile @@ -8,17 +8,25 @@ NOTARY_VERSION := $(shell cat NOTARY_VERSION) GITCOMMIT := $(shell git rev-parse --short HEAD) GITUNTRACKEDCHANGES := $(shell git status --porcelain --untracked-files=no) ifneq ($(GITUNTRACKEDCHANGES),) - GITCOMMIT := $(GITCOMMIT)-dirty +GITCOMMIT := $(GITCOMMIT)-dirty endif CTIMEVAR=-X $(NOTARY_PKG)/version.GitCommit='$(GITCOMMIT)' -X $(NOTARY_PKG)/version.NotaryVersion='$(NOTARY_VERSION)' GO_LDFLAGS=-ldflags "-w $(CTIMEVAR)" GO_LDFLAGS_STATIC=-ldflags "-w $(CTIMEVAR) -extldflags -static" GOOSES = darwin freebsd linux GOARCHS = amd64 -NOTARY_BUILDFLAGS="pkcs11" +NOTARY_BUILDTAGS="pkcs11" GO_EXC = go NOTARYDIR := /go/src/github.com/docker/notary +# check to be sure pkcs11 lib is always imported with a build tag +GO_LIST_PKCS11 := $(shell go list -e -f '{{join .Deps "\n"}}' ./... | xargs go list -e -f '{{if not .Standard}}{{.ImportPath}}{{end}}' | grep -q pkcs11) +ifeq ($(GO_LIST_PKCS11),) +$(info pkcs11 import was not found anywhere without a build tag, yay) +else +$(error You are importing pkcs11 somewhere and not using a build tag) +endif + # go cover test variables COVERDIR=.cover COVERPROFILE=$(COVERDIR)/cover.out @@ -27,7 +35,7 @@ PKGS = $(shell go list ./... | tr '\n' ' ') GO_VERSION = $(shell go version | awk '{print $$3}') -.PHONY: clean all fmt vet lint build test binaries cross cover docker-images +.PHONY: clean all fmt vet lint build test binaries cross cover docker-images notary-dockerfile .DELETE_ON_ERROR: cover .DEFAULT: default @@ -50,15 +58,15 @@ version/version.go: ${PREFIX}/bin/notary-server: NOTARY_VERSION $(shell find . -type f -name '*.go') @echo "+ $@" - @godep go build -tags ${NOTARY_BUILDFLAGS} -o $@ ${GO_LDFLAGS} ./cmd/notary-server + @godep go build -tags ${NOTARY_BUILDTAGS} -o $@ ${GO_LDFLAGS} ./cmd/notary-server ${PREFIX}/bin/notary: NOTARY_VERSION $(shell find . -type f -name '*.go') @echo "+ $@" - @godep go build -tags ${NOTARY_BUILDFLAGS} -o $@ ${GO_LDFLAGS} ./cmd/notary + @godep go build -tags ${NOTARY_BUILDTAGS} -o $@ ${GO_LDFLAGS} ./cmd/notary ${PREFIX}/bin/notary-signer: NOTARY_VERSION $(shell find . -type f -name '*.go') @echo "+ $@" - @godep go build -tags ${NOTARY_BUILDFLAGS} -o $@ ${GO_LDFLAGS} ./cmd/notary-signer + @godep go build -tags ${NOTARY_BUILDTAGS} -o $@ ${GO_LDFLAGS} ./cmd/notary-signer vet: go_version @echo "+ $@" @@ -74,21 +82,20 @@ lint: build: go_version @echo "+ $@" - @go build -tags ${NOTARY_BUILDFLAGS} -v ${GO_LDFLAGS} ./... + @go build -tags ${NOTARY_BUILDTAGS} -v ${GO_LDFLAGS} ./... test: OPTS = test: go_version @echo "+ $@ $(OPTS)" - go test -tags ${NOTARY_BUILDFLAGS} $(OPTS) ./... + go test -tags ${NOTARY_BUILDTAGS} $(OPTS) ./... test-full: vet lint @echo "+ $@" - go test -tags ${NOTARY_BUILDFLAGS} -v ./... + go test -tags ${NOTARY_BUILDTAGS} -v ./... protos: @protoc --go_out=plugins=grpc:. proto/*.proto - # This allows coverage for a package to come from tests in different package. # Requires that the following: # go get github.com/wadey/gocovmerge; go install github.com/wadey/gocovmerge @@ -112,7 +119,7 @@ cover: gen-cover @go tool cover -html="$(COVERPROFILE)" # Codecov knows how to merge multiple coverage files -ci: OPTS = -race -coverpkg "$(shell ./coverpkg.sh $(1) $(NOTARY_PKG))" +ci: OPTS = -tags ${NOTARY_BUILDTAGS} -race -coverpkg "$(shell ./coverpkg.sh $(1) $(NOTARY_PKG))" GO_EXC := godep go ci: gen-cover @gocovmerge $(shell ls -1 $(COVERDIR)/* | tr "\n" " ") > $(COVERPROFILE) diff --git a/cmd/notary-signer/main.go b/cmd/notary-signer/main.go index a904ba76ae..5b16c622fa 100644 --- a/cmd/notary-signer/main.go +++ b/cmd/notary-signer/main.go @@ -1,3 +1,5 @@ +// +build pkcs11 + package main import ( diff --git a/cmd/notary-signer/main_test.go b/cmd/notary-signer/main_test.go index 15b2c2ad1e..0864708f78 100644 --- a/cmd/notary-signer/main_test.go +++ b/cmd/notary-signer/main_test.go @@ -1,3 +1,5 @@ +// +build pkcs11 + package main import ( diff --git a/signer/api/api_pkcs11_test.go b/signer/api/api_pkcs11_test.go new file mode 100644 index 0000000000..f73091e916 --- /dev/null +++ b/signer/api/api_pkcs11_test.go @@ -0,0 +1,43 @@ +// +build pkcs11 + +package api_test + +import ( + "os" + "testing" + + "github.com/miekg/pkcs11" +) + +func SetupHSMEnv(t *testing.T) (*pkcs11.Ctx, pkcs11.SessionHandle) { + var libPath = "/usr/local/lib/softhsm/libsofthsm2.so" + if _, err := os.Stat(libPath); err != nil { + t.Skipf("Skipping test. Library path: %s does not exist", libPath) + } + + p := pkcs11.New(libPath) + + if p == nil { + t.Fatalf("Failed to init library") + } + + if err := p.Initialize(); err != nil { + t.Fatalf("Initialize error %s\n", err.Error()) + } + + slots, err := p.GetSlotList(true) + if err != nil { + t.Fatalf("Failed to list HSM slots %s", err) + } + + session, err := p.OpenSession(slots[0], pkcs11.CKF_SERIAL_SESSION|pkcs11.CKF_RW_SESSION) + if err != nil { + t.Fatalf("Failed to Start Session with HSM %s", err) + } + + if err = p.Login(session, pkcs11.CKU_USER, "1234"); err != nil { + t.Fatalf("User PIN %s\n", err.Error()) + } + + return p, session +} diff --git a/signer/api/api_test.go b/signer/api/api_test.go index 4fcf24ea23..729a3aaee7 100644 --- a/signer/api/api_test.go +++ b/signer/api/api_test.go @@ -7,7 +7,6 @@ import ( "io/ioutil" "net/http" "net/http/httptest" - "os" "strings" "testing" @@ -16,7 +15,6 @@ import ( "github.com/docker/notary/signer/api" "github.com/docker/notary/trustmanager" "github.com/docker/notary/tuf/data" - "github.com/miekg/pkcs11" "github.com/stretchr/testify/assert" pb "github.com/docker/notary/proto" @@ -32,39 +30,6 @@ var ( passphraseRetriever = func(string, string, bool, int) (string, bool, error) { return "passphrase", false, nil } ) -func SetupHSMEnv(t *testing.T) (*pkcs11.Ctx, pkcs11.SessionHandle) { - var libPath = "/usr/local/lib/softhsm/libsofthsm2.so" - if _, err := os.Stat(libPath); err != nil { - t.Skipf("Skipping test. Library path: %s does not exist", libPath) - } - - p := pkcs11.New(libPath) - - if p == nil { - t.Fatalf("Failed to init library") - } - - if err := p.Initialize(); err != nil { - t.Fatalf("Initialize error %s\n", err.Error()) - } - - slots, err := p.GetSlotList(true) - if err != nil { - t.Fatalf("Failed to list HSM slots %s", err) - } - - session, err := p.OpenSession(slots[0], pkcs11.CKF_SERIAL_SESSION|pkcs11.CKF_RW_SESSION) - if err != nil { - t.Fatalf("Failed to Start Session with HSM %s", err) - } - - if err = p.Login(session, pkcs11.CKU_USER, "1234"); err != nil { - t.Fatalf("User PIN %s\n", err.Error()) - } - - return p, session -} - func setup(cryptoServices signer.CryptoServiceIndex) { server = httptest.NewServer(api.Handlers(cryptoServices)) deleteKeyBaseURL = fmt.Sprintf("%s/delete", server.URL) diff --git a/signer/api/rsa_hardware_crypto_service.go b/signer/api/rsa_hardware_crypto_service.go index 8e673be341..640f2891d4 100644 --- a/signer/api/rsa_hardware_crypto_service.go +++ b/signer/api/rsa_hardware_crypto_service.go @@ -1,3 +1,5 @@ +// +build pkcs11 + package api import ( diff --git a/signer/keys/keys.go b/signer/keys/keys.go index 80396c6939..6403c217e2 100644 --- a/signer/keys/keys.go +++ b/signer/keys/keys.go @@ -1,3 +1,5 @@ +// +build pkcs11 + package keys import (