Open Bug 1117750 Opened 5 years ago Updated 5 years ago
Look into generating the testing profile certificate databases at certificate generation time or build-time
Right now we have this Python script that generates our CA certificate and test server certificates: http://dxr.mozilla.org/mozilla-central/source/build/pgo/genpgocert.py We run this script when we need to change our testing certificates in some fundamental way (the CA cert has expired, or we need to add or remove server certs) and we commit the resulting files: http://dxr.mozilla.org/mozilla-central/source/build/pgo/certs At test runtime, the Mochitest harness uses those checked-in certs to fill a cert DB in the testing profile: http://hg.mozilla.org/mozilla-central/annotate/636498d041b5/testing/mochitest/runtests.py#l1134 Of course this requires runnable versions of certutil/pk12util at test runtime, which means for cross-compile scenarios (Android/B2G) we need to have those in the hostutils package. I believe we could instead just do the profile cert DB generation in genpgocert.py and commit the results to the tree. This would essentially involve taking the code from runtests.py and moving it into genpgocert.py, and then committing the results, ensuring that they get copied to a useful place in the test package, and then modifying the runtests.py code to simply copy them to the testing profile. This would simplify things at test runtime, which is always nice.
You need to log in before you can comment on or make changes to this bug.