From 2d4ed9bae6f9c80d75cf5ef18ccdac85cf889ff3 Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Wed, 9 Jun 2021 00:32:53 +0200
Subject: nixos/tests/custom-ca: disable firefox test integration

Firefox has been decoupled from the system certificate store since the
nss p11-kit integration in combination with our cacert package does not
expose CKA_NSS_MOZILLA_CA_POLICY, which among other things is required
for addon updates.
---
 nixos/tests/custom-ca.nix | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/nixos/tests/custom-ca.nix b/nixos/tests/custom-ca.nix
index 7ce1101911d..26f29a3e68f 100644
--- a/nixos/tests/custom-ca.nix
+++ b/nixos/tests/custom-ca.nix
@@ -107,8 +107,15 @@ in
           '';
         };
 
-      environment.systemPackages = with pkgs;
-        [ xdotool firefox chromium falkon midori ];
+      environment.systemPackages = with pkgs; [
+        xdotool
+        # Firefox was disabled here, because we needed to disable p11-kit support in nss,
+        # which is why it will not use the system certificate store for the time being.
+        # firefox
+        chromium
+        falkon
+        midori
+      ];
     };
 
   testScript = ''
@@ -145,7 +152,14 @@ in
     with subtest("Unknown CA is untrusted in curl"):
         machine.fail("curl -fv https://bad.example.com")
 
-    browsers = ["firefox", "chromium", "falkon", "midori"]
+    browsers = [
+      # Firefox was disabled here, because we needed to disable p11-kit support in nss,
+      # which is why it will not use the system certificate store for the time being.
+      # "firefox",
+      "chromium",
+      "falkon",
+      "midori"
+    ]
     errors = ["Security Risk", "not private", "Certificate Error", "Security"]
 
     machine.wait_for_x()
-- 
cgit 1.4.1