Unified runner

3 years ago · 33e84e4762
parent 0e114bad9b
commit 33e84e4762
4 changed files with 55 additions and 69 deletions
--- a/71
+++ b/71
@ -5,11 +5,7 @@ OPENSSL_NAME = openssl-$(OPENSSL_VERSION)
 OPENSSL_DIR = build/$(OPENSSL_NAME)
 RUBY_MAJOR_VERSION = 2.3
 RUBY_VERSION = $(RUBY_MAJOR_VERSION).8
-RUBY_NAME = ruby-$(RUBY_VERSION)
-RUBY_DIR = build/$(RUBY_NAME)
-RUBY_OPENSSL_EXT_DIR = $(RUBY_DIR)/ext/openssl
 RBENV_DIR = $(RBENV_ROOT)/versions/$(RUBY_VERSION)-cryptcheck
-RUBY_LIB_DIR = $(RBENV_DIR)/lib/ruby/$(RUBY_MAJOR_VERSION).0
 RBENV_ROOT ?= ~/.rbenv
 export LIBRARY_PATH ?= $(PWD)/lib
 export C_INCLUDE_PATH ?= $(PWD)/build/openssl/include
@ -18,19 +14,14 @@ export LD_LIBRARY_PATH ?= $(PWD)/lib
 .SECONDARY:
 .SUFFIXES:

-all: libs ext
+all: libs rbenv

-clean: clean-libs clean-ext
+clean: clean-libs
 clean-libs:
 	[ -d "build/openssl/" ] \
 		&& find "build/openssl/" \( -name "*.o" -o -name "*.so" \) -delete \
 		|| true
 	rm -f lib/libcrypto.so* lib/libssl.so* "build/openssl//Makefile"
-clean-ext:
-	[ -d "$(RUBY_OPENSSL_EXT_DIR)" ] \
-		&& find "$(RUBY_OPENSSL_EXT_DIR)" \( -name "*.o" -o -name "*.so" \) -delete \
-		|| true
-	rm -f lib/openssl.so
 mr-proper:
 	rm -rf lib/libcrypto.so* lib/libssl.so* lib/openssl.so build

@ -49,20 +40,15 @@ build/openssl/: | $(OPENSSL_DIR)/
 $(OPENSSL_DIR)/: build/$(OPENSSL_NAME).tar.gz build/chacha-poly.patch
 	tar -C build -xf "build/$(OPENSSL_NAME).tar.gz"
 	patch -d "$(OPENSSL_DIR)" -p1 < build/chacha-poly.patch
-	patch -d "$(OPENSSL_DIR)" -p1 < patches/openssl/00_disable_digest_check.patch
+	for p in patches/openssl/*.patch; do patch -d "$@" -p1 < "$$p"; done

 build/openssl/Makefile: | build/openssl/
-	#cd $(OPENSSL_DIR) && ./Configure enable-ssl2 enable-ssl3 enable-weak-ssl-ciphers enable-zlib enable-rc5 enable-rc2 enable-gost enable-md2 enable-mdc2 enable-shared linux-x86_64
-	#cd $(OPENSSL_DIR) && ./config enable-ssl2 enable-ssl3 enable-md2 enable-rc5 enable-weak-ssl-ciphers shared
 	cd build/openssl/ && ./config enable-ssl2 enable-ssl3 enable-ssl3-method enable-md2 enable-rc5 enable-weak-ssl-ciphers enable-shared

 build/openssl/libssl.so \
 build/openssl/libcrypto.so: build/openssl/Makefile
 	$(MAKE) -C build/openssl/

-install-openssl: build/openssl/Makefile
-	$(MAKE) -C build/openssl/ install
-
 LIBS = lib/libssl.so lib/libcrypto.so lib/libssl.so.$(OPENSSL_LIB_VERSION) lib/libcrypto.so.$(OPENSSL_LIB_VERSION)
 lib/%.so: build/openssl/%.so
 	cp "$<" "$@"
@ -79,53 +65,22 @@ $(RBENV_ROOT)/plugins/ruby-build/: | $(RBENV_ROOT)/
 $(RBENV_ROOT)/plugins/ruby-build/share/ruby-build/$(RUBY_VERSION): | $(RBENV_ROOT)/plugins/ruby-build/

 build/$(RUBY_VERSION)-cryptcheck: $(RBENV_ROOT)/plugins/ruby-build/share/ruby-build/$(RUBY_VERSION)
-	cp "$<" "$@"
+	cp $< $@

-install-rbenv: build/$(RUBY_VERSION)-cryptcheck
-
-install-rbenv-cryptcheck: build/$(RUBY_VERSION)-cryptcheck $(LIBS) | build/openssl/
+rbenv: build/$(RUBY_VERSION)-cryptcheck $(LIBS) | $(OPENSSL_DIR)/
 	cat patches/ruby/*.patch | \
-	RUBY_BUILD_CACHE_PATH="$(PWD)/build" \
-	RUBY_BUILD_DEFINITIONS="$(PWD)/build" \
-	rbenv install -fp "$(RUBY_VERSION)-cryptcheck"
-	rbenv local "$(RUBY_VERSION)-cryptcheck"
-	gem update --system
+	RUBY_BUILD_CACHE_PATH=$(PWD)/build \
+	RUBY_BUILD_DEFINITIONS=$(PWD)/build \
+	MAKE_OPTS="-j $(shell nproc)" rbenv install -fp $(RUBY_VERSION)-cryptcheck
+	# rbenv sequester $(RUBY_VERSION)-cryptcheck
+	rbenv local $(RUBY_VERSION)-cryptcheck
 	gem install bundler
-	# bundle install --without test development
-
-$(RUBY_LIB_DIR)/openssl/ssl.rb: $(RUBY_OPENSSL_EXT_DIR)/lib/openssl/ssl.rb
-	cp "$<" "$@"
-
-$(RUBY_LIB_DIR)/x86_64-linux/openssl.so: $(RUBY_OPENSSL_EXT_DIR)/openssl.so
-	cp "$<" "$@"
-
-sync-ruby: $(RUBY_LIB_DIR)/openssl/ssl.rb $(RUBY_LIB_DIR)/x86_64-linux/openssl.so
-
-build/$(RUBY_NAME).tar.xz: | build/
-	wget "http://cache.ruby-lang.org/pub/ruby/$(RUBY_MAJOR_VERSION)/$(RUBY_NAME).tar.xz" -O "$@"
-
-$(RUBY_DIR)/: build/$(RUBY_NAME).tar.xz
-	tar -C build -xf "$<"
-	for p in patches/ruby/*.patch; do patch -d "$@" -p1 < $i; done
-
-$(RUBY_OPENSSL_EXT_DIR)/Makefile: libs | $(RUBY_DIR)/
-	cd "$(RUBY_OPENSSL_EXT_DIR)" && ruby extconf.rb
-
-$(RUBY_OPENSSL_EXT_DIR)/openssl.so: $(LIBS) $(RUBY_OPENSSL_EXT_DIR)/Makefile
-	top_srcdir=../.. $(MAKE) -C "$(RUBY_OPENSSL_EXT_DIR)"
-
-lib/openssl.so: $(RUBY_OPENSSL_EXT_DIR)/openssl.so
-	cp "$<" "$@"
-
-ext: lib/openssl.so
-
-install-ruby: $(RUBY_DIR)/
-	cd "$(RUBY_DIR)/" && ./configure --enable-shared --disable-install-rdoc && make install
+	bundle install

 spec/faketime/libfaketime.so: spec/faketime/faketime.c spec/faketime/faketime.h
-	$(CC) "$^" -o "$@" -shared -fPIC -ldl -std=c99 -Werror -Wall
+	$(CC) $^ -o $@ -shared -fPIC -ldl -std=c99 -Werror -Wall
 lib/libfaketime.so: spec/faketime/libfaketime.so
-	ln -fs "../$<" "$@"
+	ln -fs ../$< $@
 faketime: lib/libfaketime.so

 test-material:
--- a/bin/cryptcheck
+++ b/bin/cryptcheck
@ -0,0 +1,25 @@
+#!/usr/bin/env ruby
+require 'rubygems'
+require 'bundler/setup'
+require 'thor'
+require 'awesome_print'
+require 'cryptcheck'
+
+class CLI < Thor
+	option :'no-ipv4', type: :boolean, default: false, aliases: :'4'
+	option :'no-ipv6', type: :boolean, default: false, aliases: :'6'
+	option :json, type: :boolean, default: false, aliases: :j
+	option :quiet, type: :boolean, default: false, aliases: :q
+
+	desc 'https HOST [PORT]', 'Analyze HTTPS configuration for HOST:PORT'
+
+	def https(host, port = 443)
+		ENV['DISABLE_IPv4']        = 'true' if options[:'no-ipv4']
+		ENV['DISABLE_IPv6']        = 'true' if options[:'no-ipv6']
+		::CryptCheck::Logger.level = options[:quiet] ? :none : :info
+		result                     = ::CryptCheck::Tls::Https.analyze host, port
+		$stdout.isatty ? ap(result) : puts(JSON.pretty_generate(result)) if options[:json]
+	end
+end
+
+CLI.start ARGV
--- a/cryptcheck.gemspec
+++ b/cryptcheck.gemspec
@ -40,4 +40,5 @@ Gem::Specification.new do |spec|
 	spec.add_dependency 'ruby-progressbar'
 	spec.add_dependency 'colorize'
 	spec.add_dependency 'awesome_print'
+	spec.add_dependency 'thor'
 end
--- a/lib/cryptcheck/tls/host.rb
+++ b/lib/cryptcheck/tls/host.rb
@ -78,12 +78,12 @@ module CryptCheck
 								port:     port
 						}
 						case server
-							when Server
-								host[:handshakes] = server.to_h
-								host[:states]     = server.states
-								host[:grade]     = server.grade
-							else
-								host[:error] = server.to_s
+						when Server
+							host[:handshakes] = server.to_h
+							host[:states]     = server.states
+							host[:grade]      = server.grade
+						else
+							host[:error] = server.to_s
 						end
 						host
 					end
@ -95,12 +95,17 @@ module CryptCheck

 			def resolve
 				begin
-					ip = IPAddr.new @hostname
-					return [[nil, ip.to_s, ip.family, @port]]
-				rescue IPAddr::InvalidAddressError
+					begin
+						ip = IPAddr.new @hostname
+						return [[nil, ip.to_s, ip.family, @port]]
+					rescue IPAddr::InvalidAddressError
+					end
+					::Addrinfo.getaddrinfo(@hostname, nil, nil, :STREAM)
+							.collect { |a| [@hostname, a.ip_address, a.afamily, @port] }
+				end.reject do |family, *_|
+					(ENV['DISABLE_IPv6'] && family == Socket::AF_INET6) ||
+							(ENV['DISABLE_IPv4'] && family == Socket::AF_INET)
 				end
-				::Addrinfo.getaddrinfo(@hostname, nil, nil, :STREAM)
-						.collect { |a| [@hostname, a.ip_address, a.afamily, @port] }
 			end

 			def server(*args)