summaryrefslogtreecommitdiff
path: root/Makefile
diff options
context:
space:
mode:
Diffstat (limited to 'Makefile')
-rw-r--r--Makefile268
1 files changed, 12 insertions, 256 deletions
diff --git a/Makefile b/Makefile
index 140e235f..a4e5b77d 100644
--- a/Makefile
+++ b/Makefile
@@ -1,261 +1,17 @@
+tag: commit
+ ./scripts/bump-tag
-KEY := /opt/swamid-credentials/swamid-signer.key
-CERT := /opt/swamid-credentials/swamid-signer.crt
-PASS := $(shell test -f /opt/swamid-credentials/swamid-signer-pass.txt && cat /opt/swamid-credentials/swamid-signer-pass.txt)
-DEST := /opt/published-metadata
-SRCDIRS=swamid-2.0 swamid-edugain swamid-testing
+boostrap-trust:
+ ./scripts/update-trust
-DAYS:=15
-DATE=$(shell perl scripts/expiration_date.pl $(DAYS))
-NOW=$(shell perl scripts/now_date.pl)
-RPI=false
-CONTACTS=false
-TOU=true
-ORG=true
-TRANSFORM=xslt/normalize.xsl
-ID=$(shell perl scripts/unique_id.pl)
-XSLTDEFS := --stringparam org $(ORG) --stringparam ID $(ID) --stringparam tou $(TOU) --stringparam rpi $(RPI) --stringparam defaultContact $(CONTACTS) --stringparam date $(DATE) --stringparam now $(NOW)
-SIGNER := xmlsec1 --sign --privkey-pem $(KEY),$(CERT) --pwd $(PASS) --id-attr:ID urn:oasis:names:tc:SAML:2.0:metadata:EntitiesDescriptor
-BASEURL := http://md.swamid.se/md
-SIGN := xslt/sign.xsl
-SITE := site/md.swamid.se
-TOU := swamid-tou-en.txt swamid-tou-sv.txt
+update: update-git
+ ./scripts/verify-tag && ./scripts/update-trust && rsync -avz --exclude .time --delete metadata/ /opt/metadata/
--include $(SWAMID_MK_CONFIG)
+update-git:
+ git checkout master && git reset --hard && git pull
-all: clean dependencies signtest sign clean web
+test:
+ cd metadata ; make test
-MXML=$(shell echo *.mxml)
-EDUGAINXML=$(patsubst swamid-edugain/%.xml,.time/%.time,$(wildcard swamid-edugain/*.xml))
-SWAMID20XML=$(patsubst swamid-2.0/%.xml,.time/%.time,$(wildcard swamid-2.0/*.xml))
-TESTINGXML=$(patsubst swamid-testing/%.xml,.time/%.time,$(wildcard swamid-testing/*.xml))
-
-sign: swamid upstream
-
-%.sig: %.mxml
- xsltproc $(XSLTDEFS) --stringparam target "$(BASEURL)/$*.xml" --xinclude $(TRANSFORM) $< > $*.n
- xsltproc $(XSLTDEFS) --xinclude $(SIGN) $*.n > $*.tbs
- $(SIGNER) --output $@ $*.tbs
- xmllint --xinclude --nowarning --noout --path schema --schema schema.xsd $@
- rm -f $*.tbs $*.n
-
-%.pub: %.sig
- mkdir -p $(DEST) && xmllint --nowarning --noout --path schema --schema schema.xsd $< && mv $< $(DEST)/$*.xml
-
-dependencies: swamid-interfederations-idp-2.0.xml swamid-interfederations-sp-2.0.xml
-
-upstream: edugain
-
-edugain:
- env SWAMID_MK_CONFIG=$(SWAMID_MK_CONFIG) $(MAKE) RPI=true CONTACTS=true swamid-edugain-testing-1.0.pub swamid-edugain-1.0.pub
-
-aggregate: swamid-interfederations
-
-swamid-interfederations: swamid-interfederations2
-
-swamid-interfederations2:
- scripts/aggregate.sh swamid-interfederations-2.0
- @# Blocked by SWAMID-OPS 2021-04-21
- @sed -i '/services.sheerid.com-Shibboleth-UK/d' swamid-interfederations-2.0.mxml
- @# Blocked by SWAMID-OPS 2021-12-10 SWAMID-550
- @sed -i '/verify-a.myunidays.com-shibboleth/d' swamid-interfederations-2.0.mxml
- @sed -i '/verify-l.myunidays.com-shibboleth/d' swamid-interfederations-2.0.mxml
- @sed -i '/mecenat.com-sp/d' swamid-interfederations-2.0.mxml
- @sed -i '/connect.mecenat.com-shibboleth/d' swamid-interfederations-2.0.mxml
- @sed -i '/verify.studentbeans.com-shibboleth/d' swamid-interfederations-2.0.mxml
- @sed -i '/federation.proxi.id-samlbridge-module.php-saml-sp-metadata.php-cyclone-saml-bridge/d' swamid-interfederations-2.0.mxml
- @# Blocked by SWAMID-OPS 2022-04-14 SWAMID-837
- @sed -i '/access-check.edugain.org-simplesaml-saml2-idp-metadata.php/d' swamid-interfederations-2.0.mxml
- @# Blocked by SWAMID-OPS 2022-04-25 SWAMID-854
- @sed -i '/potential.ly/d' swamid-interfederations-2.0.mxml
- @# Blocked 2022-09-23 , Invalid XML, Unlocked 2022-09-27 // Bjorn
- @#sed -i '/idp.ici.ro-idp-shibboleth.xml/d' swamid-interfederations-2.0.mxml
-
-swamid: swamid-2.0.pub swamid-discovery.pub swamid-idp.pub swamid-idp-transitive.pub swamid-sp-transitive.pub swamid-registered.pub swamid-testing-1.0.pub swamid-testing-idp-1.0.pub
-
-web: $(SITE) $(TOU)
- rsync -avz $(TOU) $(SITE)/ $(DEST)
-
-swamid-interfederations-idp-2.0.xml: swamid-interfederations-2.0.mxml
- @xsltproc --xinclude xslt/extract-idp.xslt swamid-interfederations-2.0.mxml > swamid-interfederations-idp-2.0.xml
- @# Empty PrivacyStatementURL 2020-12-09
- @#sed -i '/sso.irc.ugent.be-auth-realms-irc/d' swamid-interfederations-idp-2.0.xml
- @# Empty ds:KeyName 2021-03-26
- @#sed -i '/idp.kre.hu-simplesaml-saml2-idp-metadata/d' swamid-interfederations-idp-2.0.xml
- @#sed -i '/idp.kre.hu-simplesaml-saml2-idp-metadata/d' swamid-interfederations-2.0.mxml
-
-swamid-interfederations-sp-2.0.xml: swamid-interfederations-2.0.mxml
- @xsltproc --xinclude xslt/extract-sp.xslt swamid-interfederations-2.0.mxml > swamid-interfederations-sp-2.0.xml
-
-syntaxtest: clean dependencies schematest
-
-pedantic: clean dependencies schematest testRefedsRnS testEduGAINchecks
-
-schematest:
- @fail=false ; for x in $(MXML); do test=`xmllint --xinclude --nowarning --noout --path schema --schema schema.xsd $$x 2>&1`; rc=$$?; echo $$test | sed 's/fails to validate/&/;s/validates/&/'; if [ $$rc -gt 0 ]; then fail=true ; fi; done ; if $$fail ; then exit 1 ; fi
-
-clean:
- @rm -f *.xml *.tbs *.n *.sig
-
-tidy:
- @for x in `find $(SRCDIRS) -name \*.xml`; do xsltproc --stringparam regDate $(NOW) xslt/add-rpi.xsl $$x > $$x.c && mv $$x.c $$x; done
- @for x in `find $(SRCDIRS) -name \*.xml`; do xsltproc xslt/clean-entitydescriptor.xsl $$x > $$x.c && mv $$x.c $$x; done
-
-testRefedsRnS:
- @echo "Checking for refeds R&S compatibillity for entities exported to eduGAIN"
- @for x in `cat swamid-edugain-*.mxml | grep -v "\.mxml$$" | grep "xi:include" | awk -F\" '{print $$2}' | xargs grep -l SPSSODescriptor` ; do \
- got_refeds_RnS=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/Extensions/EntityAttributes/Attribute[@Name='http://macedir.org/entity-category']/AttributeValue" - 2>/dev/null | grep 'http://refeds.org/category/research-and-scholarship'` ; \
- if [ -n "$$got_refeds_RnS" ] ; then \
- http_post=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/AssertionConsumerService" - 2>/dev/null | grep 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'` ; \
- if [ -z "$$http_post" ] ; then echo " $$x: Missing HTTP-POST binding." | sed 's/.*/&/' ; fi ; \
- mdui_DisplayName=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/DisplayName" - 2>/dev/null | grep 'DisplayName'` ; \
- if [ -z "$$mdui_DisplayName" ] ; then echo " $$x: Missing mdui:DisplayName." | sed 's/.*/&/' ; fi ; \
- mdui_InformationURL=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/SPSSODescriptor/Extensions/UIInfo/InformationURL" - 2>/dev/null | grep 'InformationURL'` ; \
- if [ -z "$$mdui_InformationURL" ] ; then echo " $$x: Missing mdui:InformationURL." | sed 's/.*/&/' ; fi ; \
- tech_contact=`cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/ContactPerson[@contactType='technical']" - 2>/dev/null | grep 'EmailAddress'` ; \
- if [ -z "$$tech_contact" ] ; then echo " $$x: Missing ContactPerson contactType='technical'." | sed 's/.*/&/' ; fi ; \
- fi ; \
- done
-
-testEduGAINchecks:
- @echo "Checking for attributes not allowed in entities exported to eduGAIN"
- @for x in `cat swamid-edugain-*.mxml | grep -v "\.mxml$$" | grep "xi:include" | awk -F\" '{print $$2}' | xargs grep -l SPSSODescriptor` ; do \
- if ( grep -q "AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" $$x ); then \
- echo " $$x: AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" not allowed"; \
- fi ; \
- done
- @for x in `cat swamid-edugain-idp-1.0.mxml swamid-edugain-sp-1.0.mxml | grep -v "\.mxml$$" | grep "xi:include" | awk -F\" '{print $$2}'` ; do \
- sed 's;\(</*\)[a-z0-9]*:;\1;g' $$x | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Organization/OrganizationName' - 2>/dev/null | grep -vq "^$$" || echo " $$x missing OrganizationName" | sed 's/.*/&/' ; \
- sed 's;\(</*\)[a-z0-9]*:;\1;g' $$x | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Organization/OrganizationDisplayName' - 2>/dev/null | grep -vq "^$$" || echo " $$x missing OrganizationDisplayName" | sed 's/.*/&/' ; \
- sed 's;\(</*\)[a-z0-9]*:;\1;g' $$x | sed 's/xmlns="[^"]*"//' | xmllint --xpath '/EntityDescriptor/Organization/OrganizationURL' - 2>/dev/null | grep -vq "^$$" || echo " $$x missing OrganizationURL" | sed 's/.*/&/' ; \
- done
-
-
-testMDUI:
- @echo "Checking for uniq IdP MDUI DisplayName"
- @for lang in `find $(SRCDIRS) -name \*.xml -exec cat {} \; | sed -n 's/.*xml:lang="\([^"]*\)".*/\1/p' | sort -u` ; do for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l IDPSSODescriptor` ; do cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/IDPSSODescriptor/Extensions/UIInfo/DisplayName[@xml:lang='$$lang']" - 2>/dev/null | sed 's/^[ ]*//;s/[ ]*$$//' | tr -d '\n' | sed 's;<[^>]*>\([^<]*\)</[^>]*>;\1\n;g' | sed "s;^; $$x $$lang ;" | sed 's/.*/&/' ; done | sort -k 3 | uniq -d -f 2 ; done | grep . && exit 1 || true
-
-testIdPinSP:
- @echo "Check that SP:s does not define IDPSSODescriptor"
- @for spfile in `cat swamid-sp-2.0.mxml | grep -v "\.mxml$$" | grep "xi:include" | awk -F\" '{print $$2}'` ; do grep -q IDPSSODescriptor $$spfile && echo " $$spfile" | sed 's/.*/&/' ; done | grep . && exit 1 || exit 0
-
-testMDUIreach:
- @echo "Check that MDUI URLs are reachable"
- @cat swamid-idp-2.0.mxml swamid-sp-2.0.mxml | grep -v "\.mxml$$" | grep "xi:include" | awk -F\" '{print $$2}' | \
- xargs -n1 -P 10 scripts/verify-uiinfo-urls.sh
-
-testALlevel:
- @echo Fixa så att vi kollar!!!!!
- @echo "Check for IdP:s with AL3 without AL2"
- @for x in `find $(SRCDIRS) -name \*.xml`; do if grep -q http://www.swamid.se/policy/assurance/al3 $$x && ! grep -q http://www.swamid.se/policy/assurance/al2 $$x ; then echo " $$x" | sed 's/.*/&/' ; fi ; done
- @echo "Check for IdP:s with AL2 without AL1"
- @for x in `find $(SRCDIRS) -name \*.xml`; do if grep -q http://www.swamid.se/policy/assurance/al2 $$x && ! grep -q http://www.swamid.se/policy/assurance/al1 $$x ; then echo " $$x" | sed 's/.*/&/' ; fi ; done
-
-testBadStrings:
- @echo "Check for bad strings in metadata"
- @for x in `find $(SRCDIRS) -name \*.xml`; do grep -E 'ServiceName xml:lang="[^"]*"/>' $$x | sed 's/^/ /' ; done | grep . && exit 1 || exit 0
-
-testRoleDescriptor:
-
-testRegistrationAuthority:
- @echo "Check for registrationAuthority="http://www.swamid.se/" in EntityDescriptor/Extensions"
- @for x in `find $(SRCDIRS) -name \*.xml`; do \
- if ! cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/Extensions" - 2>/dev/null | grep -qE 'registrationAuthority="http://www.swamid.se/"|registrationAuthority="http://www.swamid.se/loop"' ; then \
- echo " $$x" | sed 's/.*/&/' ;\
- fi;\
- done | grep . && exit 1 || exit 0
-
-checkInvalidChars:
- @echo "Check for invalid characters"
- @for x in `find $(SRCDIRS) -name \*.xml`; do \
- if grep -q "&#13;" $$x ; then \
- echo " $$x" | sed 's/.*/&/' ;\
- fi;\
- done | grep . && exit 1 || exit 0
-
-checkUKalgorithms:
- @echo "Check for invalid algorithms in swamid-edugain"
- @xsltproc --xinclude xslt/check_uk_algorithms.xsl swamid-edugain-1.0.mxml 2>&1 | sed 's/.*/&/' | grep . && exit 1 || exit 0
-
-createMXMLfiles:
- @echo Recreating MXML files
- @scripts/create_mxml.sh | sed 's/.*/&/' | grep . && exit 1 || exit 0
-
-signtest: syntaxtest testMDUI testALlevel testEduGAINchecks testRefedsRnS testBadStrings testIdPinSP testRegistrationAuthority checkInvalidChars checkUKalgorithms
-test: createMXMLfiles signtest
-
-test2: $(EDUGAINXML) $(SWAMID20XML) $(TESTINGXML) test
-
-.time/%.time: swamid-edugain/%.xml
- @# make tidy
- @xsltproc --stringparam regDate $(NOW) xslt/add-rpi.xsl $< > $<.c && mv $<.c $<
- @xsltproc xslt/clean-entitydescriptor.xsl $< > $<.c && mv $<.c $<
-
- @# make schematest
- @xmllint --xinclude --nowarning --noout --path schema --schema schema.xsd $< 2>&1
-
- @echo $< done
- @touch -r $< $@
-
-.time/%.time: swamid-2.0/%.xml
- @# make tidy
- @xsltproc --stringparam regDate $(NOW) xslt/add-rpi.xsl $< > $<.c && mv $<.c $<
- @xsltproc xslt/clean-entitydescriptor.xsl $< > $<.c && mv $<.c $<
-
- @# make schematest
- @xmllint --xinclude --nowarning --noout --path schema --schema schema.xsd $< 2>&1
-
- @echo $< done
- @touch -r $< $@
-
-.time/%.time: swamid-testing/%.xml
- @# make tidy
- @xsltproc --stringparam regDate $(NOW) xslt/add-rpi.xsl $< > $<.c && mv $<.c $<
- @xsltproc xslt/clean-entitydescriptor.xsl $< > $<.c && mv $<.c $<
-
- @# make schematest
- @xmllint --xinclude --nowarning --noout --path schema --schema schema.xsd $< 2>&1
-
- @echo $< done
- @touch -r $< $@
-
-old_check:
- @# make testMDUI
- @#echo "Checking for bad lang codes"
- @# Lang = ISO_639-1
- @#cat $< | sed -n 's/.*xml:lang="\([^"]*\)".*/\1/p' | sort -u | grep -vxE 'cs|da|de|en|fi|fr|it|sv|no|nn|nb|is' | sed 's/.*/Bad lang code : &/' | grep . && exit 1 || true
- @#if [ `grep EntityAttributes $< | wc -l ` -gt 2 ]; then echo "Multiple EntityAttributes" | sed 's/.*/&/' ; exit 1; fi
- @#if ( grep -q IDPSSODescriptor $< ) ; then \
- #echo "Do IdP checks" ; \
- #echo ">Checking for uniq IdP MDUI DisplayName"; \
- #for lang in `cat $< | sed -n 's/.*xml:lang="\(..\)".*/\1/p' | sort -u` ; do \
- #mdui_displayname=`cat $< | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/IDPSSODescriptor/Extensions/UIInfo/DisplayName[@xml:lang='$$lang']" - 2>/dev/null | sed 's/^[ ]*//;s/[ ]*$$//' | tr -d '\n' | sed 's;<[^>]*>\([^<]*\)</[^>]*>;\1\n;g'`;\
- #organizationdisplayname=`cat $< | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/Organization/OrganizationDisplayName[@xml:lang='$$lang']" - 2>/dev/null | sed 's/^[ ]*//;s/[ ]*$$//' | tr -d '\n' | sed 's;<[^>]*>\([^<]*\)</[^>]*>;\1\n;g'` ;\
- #for x in `find $(SRCDIRS) -name \*.xml | xargs grep -l IDPSSODescriptor | egrep -v $<` ; do cat $$x | sed 's;\(</*\)[a-z0-9]*:;\1;g' | sed 's/xmlns="[^"]*"//' | xmllint --xpath "/EntityDescriptor/IDPSSODescriptor/Extensions/UIInfo/DisplayName[@xml:lang='$$lang']" - 2>/dev/null | tr -d '\n' | sed 's;<[^>]*>\([^<]*\)</[^>]*>;\1\n;g' | egrep "^$$mdui_displayname$$" | sed "s;^;Duplicate DisplayName in $$x for lang = $$lang\n;" | sed 's/.*/&/' ; done | grep . && exit 1 || true;\
- #done; \
- #echo ">Checking for invalid IPHint"; \
- #cat $< | sed -n 's;.*<[a-z0-9:]*IPHint>\(.*\)</[a-z0-9:]*IPHint>;\1;p' | grep -vE '^$$|^[0-9./a-fA-F:]*$$' | sed 's/.*/&/'; \
- #echo ">Checking for invalid geodata (syntax is geo:xx.yy,zz.vv)";\
- #cat $< | sed -n 's;.*<[a-z0-9:]*GeolocationHint>\(.*\)</[a-z0-9:]*GeolocationHint>;\1;p' | grep -vE '^$$|^geo:[0-9][0-9][0-9.]*,[0-9][0-9][0-9.]*$$' | sed 's/.*/&/' ; \
- #echo ">Check for IdP:s with Logos over http";\
- #cat $< | grep 'Logo .*http://' | sed 's/.*>\(.*\)<.*/\1/' | grep . && exit 1 || exit 0 ; \
- #fi
-
-
-deeptest: test testMDUIreach
-
-commit2: test2
- @git diff --color || true
- @echo ; echo -n "Run 'git commit -av'? [Y/n/skip] " ; read x ; case $$x in "Y"|"y"|"") git commit -av ;; s|skip) ;; *) exit 1 ;; esac
- @git status -u
- @echo "Checking for not committed files in swamid-*/" ; if git status --porcelain --ignored | awk '{print $$2}' | egrep "^swamid-edugain|^swamid-2.0/|^swamid-testing/" | sed 's/^/ /' | grep . ; then echo "Not committed files in swamid-*/, aborting" ; exit 1 ; fi
- @echo ; echo -n "Run 'git push'? [Y/n] " ; read x ; case $$x in "Y"|"y"|"") ;; *) exit 1 ;; esac
- @git push
-
-commit: tidy test
- @git diff --color || true
- @echo ; echo -n "Run 'git commit -av'? [Y/n/skip] " ; read x ; case $$x in "Y"|"y"|"") git commit -av ;; s|skip) ;; *) exit 1 ;; esac
- @git status -u
- @echo "Checking for not committed files in swamid-*/" ; if git status --porcelain --ignored | awk '{print $$2}' | egrep "^swamid-edugain|^swamid-2.0/|^swamid-testing/" | sed 's/^/ /' | grep . ; then echo "Not committed files in swamid-*/, aborting" ; exit 1 ; fi
- @echo ; echo -n "Run 'git push'? [Y/n] " ; read x ; case $$x in "Y"|"y"|"") ;; *) exit 1 ;; esac
- @git push
+commit:
+ cd metadata ; make commit
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-14 21:52:57 +0000