(→Prerequisite for Test Day: Move software tool installs to its own page) |
(→How to test?: Update the how to test section) |
||
Line 47: | Line 47: | ||
* '''ca-certificates''' extracts files ready for ''p11-kit-trust.so'' to use. We'll be testing that these files are installed correctly to be picked up. | * '''ca-certificates''' extracts files ready for ''p11-kit-trust.so'' to use. We'll be testing that these files are installed correctly to be picked up. | ||
* '''ca-certificates''' provides an ''update-ca-trust'' which | * '''ca-certificates''' provides an ''update-ca-trust'' script which uses '''p11-kit''' to extract certificate anchor information from ''p11-kit-trust.so'' for crypto libraries (gnutls, openssl, java) that cannot yet read directly from ''p11-kit-trust.so'' on the fly. We'll test this extract process, and make sure that applications using these crypto libraries continue to work as expected. | ||
* There is now a standard method for adding a certificate anchor. We'll test that this works, and is picked up by all the applications. | * There is now a standard method for adding a certificate anchor. We'll test that this works, and is picked up by all the applications. | ||
Line 60: | Line 60: | ||
=== '''Update your machine''' === | === '''Update your machine''' === | ||
If you're running Fedora 19, make sure you have all the above packages updated. This feature is not testable on Fedora 18 | If you're running Fedora 19, make sure you have all the above packages updated. This feature is not testable on Fedora 18 or Rawhide at the current time. Alternatively: | ||
=== '''Live image''' === | === '''Live image''' === |
Revision as of 07:09, 21 March 2013
Fedora Test Days | |
---|---|
Shared System Certificates | |
Date | 2012-03-28 |
Time | all day |
Website | QA/Fedora_19_test_days |
IRC | #fedora-test-day (webirc) |
Mailing list | test |
What to test?
Today's instalment of Fedora Test Day will focus on testing the Shared System Certificates feature. The goal is to make NSS, GnuTLS, OpenSSL and Java share a default source for retrieving system certificate anchors and black list information.
The work done in Fedora 19 is an initial step of a comprehensive solution. But none the less it makes the installation of anchors and blacklists standardized across the various crypto libraries. Currently an 'extract' step is required, but in the future we hope to make this unnecessary.
Who's available
The following cast of characters will be available testing, workarounds, bug fixes, and general discussion ...
- Development - Stef Walter (stefw), Key Engert (kaie)
- Quality Assurance - Jiri Jaburek (jjaburek), Ales Marecek (alich)
Prerequisite for Test Day
To test this feature you need an updated Fedora 19 system, with at least the following software:
- p11-kit 0.17.4 (or later)
- p11-kit-trust 0.17.4 (or later)
- ca-certficates 2012.87-9 (or later)
- nss 3.14.3-10 (or later)
See the detailed prerequisites page to get yourself setup for the test cases below.
TODO: There will be a live image available for testing.
How to test?
You can use the test cases below, or you can explore the feature further. At a high level the following are being tested
- p11-kit-trust provides a replacement for the NSS libnssckbi.so module. The libnssckbi.so used to provide built in certificate trust anchors and blacklists, and now the p11-kit-trust.so module does this. So we'll be testing that NSS applications (like Firefox) continue to work as expected.
- ca-certificates extracts files ready for p11-kit-trust.so to use. We'll be testing that these files are installed correctly to be picked up.
- ca-certificates provides an update-ca-trust script which uses p11-kit to extract certificate anchor information from p11-kit-trust.so for crypto libraries (gnutls, openssl, java) that cannot yet read directly from p11-kit-trust.so on the fly. We'll test this extract process, and make sure that applications using these crypto libraries continue to work as expected.
- There is now a standard method for adding a certificate anchor. We'll test that this works, and is picked up by all the applications.
The test cases below explore the above actions and more. You of course are free to go out of bounds and provide additional testing and feedback. Below is some documentation you may find useful as you do:
- http://p11-glue.freedesktop.org/doc/p11-kit/trust.html
- http://p11-glue.freedesktop.org/trust-module.html
For each bug you find report a bug on Red Hat Bugzilla under the Fedora product, and the relevant component.
Update your machine
If you're running Fedora 19, make sure you have all the above packages updated. This feature is not testable on Fedora 18 or Rawhide at the current time. Alternatively:
Live image
Optionally, you may download a non-destructive Fedora 19 live image for your architecture. Tips on using a live image are available at FedoraLiveCD. Live images can be found here.
Test Cases
xxxxxxxxxxxxxxxxx TODO xxxxxxxxxxxxxxxxxxxxxx
Provide a list of test areas or test cases that you'd like contributors to execute. For other examples, see Category:Test_Cases.
Test Results
Construct a table or list to allow testers to post results. Each column should be a test case or configuration, and each row should consist of test results. Include some instructions on how to report bugs, and any special instructions. Here's an example, from a Palimpsest test day:
If you have problems with any of the tests, report a bug to Bugzilla usually for the component udisks, or gnome-disk-utility for bugs in the Palimpsest graphical front end itself. If you are unsure about exactly how to file the report or what other information to include, just ask on IRC and we will help you. Once you have completed the tests, add your results to the Results table below, following the example results from the first line as a template. The first column should be your name with a link to your User page in the Wiki if you have one. For each test case, use the result template to enter your result, as shown in the example result line.
User | Sample test 1 | Sample test 2 | Sample test 3 | Sample test 4 | References |
---|---|---|---|---|---|
Sample User |