Initialising Firefox profile from command line

I'm trying to provision a Vagrant box with a root CA and install it in Firefox. I've figured out that I can install the certificate using certutil but the problem is it requires an existing Firefox profile to which to add the certificate.

On a fresh new box the profile is created the first time Firefox is run. This is problematic because Firefox won't run properly without a display, but that can be worked around by using the -headless option. But this then needs to be killed manually. Since it takes a bit of time for it to create the new profile, it requires a hack using sleep. Overall I've got the following:

#!/bin/bash
sudo DEBIAN_FRONTEND=noninteractive apt-get -y install \
     firefox \
     libnss3-tools
# create a new profile
firefox -headless &
sleep 2
kill $!
# install the root CA into all profiles
cert="${HOME}/mycert.cer"
for certDb in $(find ${HOME}/.mozilla* -name "cert8.db"); do
    certDir="$(dirname ${certDb})"
    echo ${certDir}
    certutil -A -n "mycert" -t "TCu,Cuw,Tuw" -i "${cert}" -d "${certDir}"
done

Is there a better way to do this without using sleep and kill?


I avoided using sleep and kill by calling Firefox like this:

firefox --headless --new-tab "javascript:top.window.close()"

Update

Fission, Firefox's new site isolation feature, seems to break this.


I don't do provisioning, so this is just an educated guess:

This might be more of a hack than what you are already doing, but maybe it will give you some ideas.

(Do step 3 once first. If it turns up any matches in binary files, this approach won't work - at least, not without a lot of experimental tweaking that might have to be modified with new releases.)

1) Create a new Firefox install on another machine (which never had Firefox or other Mozilla stuff installed on it) to use as a template.

Don't do anything else to it that you don't want all users to have. Make sure there's nothing "interesting" in any of the other directories under $HOME/.mozilla - like bits from other apps and that only the one new user profile has been created under $HOME/.mozilla/firefox.

Copy $HOME/.mozilla (using cp -a, etc.) as a template (MT for short).

2) On each new machine, install MT as $HOME/.mozilla (Make sure the new files are owned by the current user and group.) This will give each user the same profile name random-string.default. If you want to, you can rename it to anything else you like as long as you also change the entry in profile.ini that points to it.

3) This might work as is. I can't tell because my profile is old with a lot of modifications. Just to make sure:

grep -rl template-user-home-directory * | less

in the profile sub-directory tree. (You only do the less part once. It will either always or never be an issue. Replace template-user-home-directory with the actual path of the user directory on the original machine.)

If it comes up empty, you're done. If not:

4) Take the output from the above grep (making sure it ends up with full relative paths in it) and use it to loop across all those files using sed -i (or a similar tool) to replace template-user-home-directory with the current user home directory wherever it occurs.

This should be OK as long as it doesn't turn up any matches in binary files. With binary files, all bets are off.

HTH