From Fedora Project Wiki

Revision as of 06:32, 21 March 2013 by Stefw (talk | contribs) (→‎Prerequisite for Test Day: Command for installing software)

Fedora Test Days
Echo-testing-48px.png
Shared System Certificates

Date 2012-03-28
Time all day

Website QA/Fedora_19_test_days
IRC #fedora-test-day (webirc)
Mailing list test


Warning.png
In construction
This Test Day page is still in construction. It shall be ready for the Test Day - when this message is removed :) .
Note.png
Can't make the date?
If you come to this page before or after the test day is completed, your testing is still valuable, and you can use the information on this page to test, file any bugs you find at Bugzilla, and add your results to the results section. If this page is more than a month old when you arrive here, please check the current schedule and see if a similar but more recent Test Day is planned or has already happened.

What to test?

Today's instalment of Fedora Test Day will focus on testing the Shared System Certificates feature. The goal is to make NSS, GnuTLS, OpenSSL and Java share a default source for retrieving system certificate anchors and black list information.

The work done in Fedora 19 is an initial step of a comprehensive solution. But none the less it makes the installation of anchors and blacklists standardized across the various crypto libraries. Currently an 'extract' step is required, but in the future we hope to make this unnecessary.

Who's available

The following cast of characters will be available testing, workarounds, bug fixes, and general discussion ...

Prerequisite for Test Day

To test this feature you need an updated Fedora 19 system, with at least the following software:

  • p11-kit 0.17.4 (or later)
  • p11-kit-trust 0.17.4 (or later)
  • ca-certficates 2012.87-9 (or later)
  • nss 3.14.3-10 (or later)

The various test cases listed below have additional package requirements. You can either use the Live CD, or install the whole lot run this command on an Fedora 19 system:

{{{ sudo yum install gnutls-utils nss-tools openssl firefox epiphany java-1.7.0-openjdk-devel wget }}}

TODO: There will be a live image available for testing, which contains all of the above software.

How to test?

You can use the test cases below, or you can explore the feature further. At a high level the following are being tested

  • p11-kit-trust provides a replacement for the NSS libnssckbi.so module. The libnssckbi.so used to provide built in certificate trust anchors and blacklists, and now the p11-kit-trust.so module does this. So we'll be testing that NSS applications (like Firefox) continue to work as expected.
  • ca-certificates extracts files ready for p11-kit-trust.so to use. We'll be testing that these files are installed correctly to be picked up.
  • ca-certificates provides an update-ca-trust which extracts certificate anchor information from p11-kit-trust.so for crypto libraries (gnutls, openssl, java) that cannot yet read directly from p11-kit-trust.so on the fly. We'll test this extract process, and make sure that applications using these crypto libraries continue to work as expected.
  • There is now a standard method for adding a certificate anchor. We'll test that this works, and is picked up by all the applications.

The test cases below explore the above actions and more. You of course are free to go out of bounds and provide additional testing and feedback. Below is some documentation you may find useful as you do:

For each bug you find report a bug on Red Hat Bugzilla under the Fedora product, and the relevant component.

Update your machine

If you're running Fedora 19, make sure you have all the above packages updated. This feature is not testable on Fedora 18. Rawhide is not currently setup for testing this feature. Or:

Live image

Optionally, you may download a non-destructive Fedora 19 live image for your architecture. Tips on using a live image are available at FedoraLiveCD. Live images can be found here.

Test Cases

xxxxxxxxxxxxxxxxx TODO xxxxxxxxxxxxxxxxxxxxxx

Provide a list of test areas or test cases that you'd like contributors to execute. For other examples, see Category:Test_Cases.

Test Results

Construct a table or list to allow testers to post results. Each column should be a test case or configuration, and each row should consist of test results. Include some instructions on how to report bugs, and any special instructions. Here's an example, from a Palimpsest test day:

If you have problems with any of the tests, report a bug to Bugzilla usually for the component udisks, or gnome-disk-utility for bugs in the Palimpsest graphical front end itself. If you are unsure about exactly how to file the report or what other information to include, just ask on IRC and we will help you. Once you have completed the tests, add your results to the Results table below, following the example results from the first line as a template. The first column should be your name with a link to your User page in the Wiki if you have one. For each test case, use the result template to enter your result, as shown in the example result line.

User Sample test 1 Sample test 2 Sample test 3 Sample test 4 References
Sample User
none
Pass pass
Warning warn
[1]
Fail fail
[2]
  1. Test pass, but also encountered RHBZ #54321
  2. RHBZ #12345