1117750 - Look into generating the testing profile certificate databases at certificate generation time or build-time

Status: NEW

(Testing :: Mochitest, defect)

Description

[(not currently active) Ted Mielczarek]

Right now we have this Python script that generates our CA certificate and test server certificates:
http://dxr.mozilla.org/mozilla-central/source/build/pgo/genpgocert.py

We run this script when we need to change our testing certificates in some fundamental way (the CA cert has expired, or we need to add or remove server certs) and we commit the resulting files:
http://dxr.mozilla.org/mozilla-central/source/build/pgo/certs

At test runtime, the Mochitest harness uses those checked-in certs to fill a cert DB in the testing profile:
http://hg.mozilla.org/mozilla-central/annotate/636498d041b5/testing/mochitest/runtests.py#l1134

Of course this requires runnable versions of certutil/pk12util at test runtime, which means for cross-compile scenarios (Android/B2G) we need to have those in the hostutils package.

I believe we could instead just do the profile cert DB generation in genpgocert.py and commit the results to the tree. This would essentially involve taking the code from runtests.py and moving it into genpgocert.py, and then committing the results, ensuring that they get copied to a useful place in the test package, and then modifying the runtests.py code to simply copy them to the testing profile. This would simplify things at test runtime, which is always nice.