From Fedora Project Wiki

(→‎Test Fixture Files: Streamline commands, use path that won't get deleted)
Line 40: Line 40:


Install one file that we'll use for the entire time during our tests:
Install one file that we'll use for the entire time during our tests:
  cd /etc/pki/ca-trust/source/
  $ cd /etc/pki/ca-trust/source/
  sudo wget http://kuix.de/fedora/p11-kit-f19/distrust-test-sub.p11-kit
  $ sudo wget http://kuix.de/fedora/p11-kit-f19/distrust-test-sub.p11-kit


Download a few files and tools that we'll use later:
Download a few files and tools that we'll use later:
  cd /tmp/
  $ mkdir -p ~/shared-system-certificate-test-day
  wget http://kuix.de/fedora/p11-kit-f19/ca.pem
$ cd ~/shared-system-certificate-test-day
wget http://kuix.de/fedora/p11-kit-f19/testing-default-distrust.p11-kit
  $ wget http://kuix.de/fedora/p11-kit-f19/ca.pem \
wget http://kuix.de/fedora/p11-kit-f19/test9430.java
        http://kuix.de/fedora/p11-kit-f19/testing-default-distrust.p11-kit \
wget http://kuix.de/fedora/p11-kit-f19/test9431.java
        http://kuix.de/fedora/p11-kit-f19/test9430.java \
wget http://kuix.de/fedora/p11-kit-f19/testbz443.java
        http://kuix.de/fedora/p11-kit-f19/test9431.java \
  javac test9430.java
        http://kuix.de/fedora/p11-kit-f19/testbz443.java
  javac test9431.java
  $ javac test9430.java
  javac testbz443.java
  $ javac test9431.java
  $ javac testbz443.java


==Test commands information==
==Test commands information==

Revision as of 07:49, 21 March 2013

The various test cases for the Shared System Certificates Test day require some preparation. Some of this is done for you by using the live CD.

TODO: Document what's included on the Live CD.

Necessary Software

Install this software:

$ sudo yum install gnutls-utils nss-tools openssl firefox epiphany java-1.7.0-openjdk-devel wget

Make sure the following software is at least these versions:

  • p11-kit: 0.17.4
  • p11-kit-trust: 0.17.4
  • ca-certficates: 2012.87-9
  • nss: 3.14.3-10
$ sudo yum update p11-kit p11-kit-trust ca-certificates nss

Ensure you have sudo permission

Because we are configuring the default system behaviour, the user account that you will use for testing needs permission to use the sudo command. You can test using

sudo bash

If it works, good. If not, you must login to your system as the root user, edit file /etc/sudoers and add the following line. Replace the word myself with the name of your user account.

myself     ALL=(ALL)	ALL

Firefox Profiles

For tests that involve firefox, please use a fresh Firefox profile (firefox -P) prior to a each new test cycle. This is to make sure that changes made to CA trust settings from earlier tests will be cleaned, and that you will get the exact behaviour as described on this page. An alternative to creating a fresh profile, quit Firefox and run

$ rm -f ~/.mozilla/firefox/*/*.db
$ ls ~/.mozilla/firefox/*/*.db
ls: cannot access ~/.mozilla/firefox/*/*.db: No such file or directory

Test Fixture Files

Install one file that we'll use for the entire time during our tests:

$ cd /etc/pki/ca-trust/source/
$ sudo wget http://kuix.de/fedora/p11-kit-f19/distrust-test-sub.p11-kit

Download a few files and tools that we'll use later:

$ mkdir -p ~/shared-system-certificate-test-day
$ cd ~/shared-system-certificate-test-day
$ wget http://kuix.de/fedora/p11-kit-f19/ca.pem \
       http://kuix.de/fedora/p11-kit-f19/testing-default-distrust.p11-kit \
       http://kuix.de/fedora/p11-kit-f19/test9430.java \
       http://kuix.de/fedora/p11-kit-f19/test9431.java \
       http://kuix.de/fedora/p11-kit-f19/testbz443.java
$ javac test9430.java
$ javac test9431.java
$ javac testbz443.java

Test commands information

This section lists the commands that we will use to see the current system behaviour, and that we will re-run times whenever we modify the system configuration. These will be listed in the individual test cases, but to give an overview:

Test (A): Testing with OpenSSL command line tool:

openssl s_client -verify 5 -connect HOST:PORT

Test (B): Testing with GnuTLS command line tool:

gnutls-cli -p PORT HOST

Test (C): Testing curl curl command line tool:

curl --head  https://HOST:PORT

Test (D): Testing with Firefox (uses NSS), open:

https://HOST:PORT

Test (E): Testing with Epiphany (uses GnuTLS), open:

https://HOST:PORT

Test (F): For Java we'll use our compiled minimal programs (above).