X5U urls are sent as inaccessible `file://` URLs in development

[mythmon]

STR

1. Run Autograph from docker: docker run mozilla/autograph
2. Request a signature using the Normandy development credentials: curl -XPOST -d '{...}' https://localhost:8765/sign/data
3. Query the returned x5u to validate the key.

Expected results

The x5u URL is accessible without additional, undocumented configuration.

Actual results

The x5u URL is a file:// URL that is inaccessible in the documented configuration.

This makes it impossible to use Normandy and Autograph in development, making Normandy development significantly harder to get right.

[g-k]

@mythmon where does the normandy dev autograph config live?

[g-k]

OK so the planned fix is:

• [ ] always return http:// or https:// X5Us
• [ ] in dev mode, have autograph serve the files referenced by X5Us from a local static directory localhost/static/. This might require changes to https://github.com/mozilla-services/autograph/blob/master/tools/genpki/genpki.go too.

[mythmon]

@mythmon where does the normandy dev autograph config live?

The default autograph config includes the Normandy development config.

[leplatrem]

I missed the conversation on Slack, but I share this need :)

This is what devs have to do when setting up a local Remote Settings server: https://remote-settings.readthedocs.io/en/latest/tutorial-local-server.html#configure-multi-signoff

[jvehent]

Where are we on this? I remember the conversation but not the resolution. Is that still blocking normandy and kinto?

[leplatrem]

It makes local development setup quite tedious, it would be nice to fix. But it's not blocking per-se