summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--build/autoconf/nspr-build.m42
-rw-r--r--config/external/nss/Makefile.in460
-rw-r--r--config/external/nss/crmf/moz.build15
-rw-r--r--config/external/nss/moz.build39
-rw-r--r--config/external/nss/nss.mk27
-rw-r--r--moz.build2
-rw-r--r--python/mozbuild/mozbuild/frontend/emitter.py3
-rw-r--r--security/Makefile.in2
-rw-r--r--security/generate_certdata.py11
-rw-r--r--security/generate_mapfile.py54
-rw-r--r--security/moz.build123
-rw-r--r--security/nss.symbols (renamed from config/external/nss/nss.symbols)0
12 files changed, 193 insertions, 545 deletions
diff --git a/build/autoconf/nspr-build.m4 b/build/autoconf/nspr-build.m4
index b53fb4d37f..2858d1f2bd 100644
--- a/build/autoconf/nspr-build.m4
+++ b/build/autoconf/nspr-build.m4
@@ -138,6 +138,8 @@ if test -n "$NSPR_CFLAGS" -o -n "$NSPR_LIBS"; then
,
AC_MSG_ERROR([system NSPR does not support PR_UINT64 or including prtypes.h does not provide it]))
CFLAGS=$_SAVE_CFLAGS
+ NSPR_INCLUDE_DIR=`echo ${NSPR_CFLAGS} | sed -e 's/.*-I\([^ ]*\).*/\1/'`
+ NSPR_LIB_DIR=`echo ${NSPR_LIBS} | sed -e 's/.*-L\([^ ]*\).*/\1/'`
elif test -z "$JS_POSIX_NSPR"; then
NSPR_INCLUDE_DIR="${DIST}/include/nspr"
NSPR_CFLAGS="-I${NSPR_INCLUDE_DIR}"
diff --git a/config/external/nss/Makefile.in b/config/external/nss/Makefile.in
deleted file mode 100644
index f01426d512..0000000000
--- a/config/external/nss/Makefile.in
+++ /dev/null
@@ -1,460 +0,0 @@
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-CC_WRAPPER =
-CXX_WRAPPER =
-
-default::
-
-include $(topsrcdir)/config/makefiles/functions.mk
-
-NSS_LIBS = \
- nss3 \
- nssutil3 \
- smime3 \
- ssl3 \
- $(NULL)
-
-ifdef MOZ_FOLD_LIBS
-NSS_DLLS = $(LIBRARY_NAME)
-else
-NSS_DLLS = $(NSS_LIBS)
-endif
-
-NSS_EXTRA_DLLS = \
- nssckbi \
- softokn3 \
- $(NULL)
-
-ifndef NSS_DISABLE_DBM
-NSS_EXTRA_DLLS += nssdbm3
-endif
-
-SDK_LIBS = crmf
-
-ifneq (,$(filter WINNT,$(OS_ARCH)))
-SDK_LIBS += $(NSS_DLLS)
-endif
-
-# Default
-HAVE_FREEBL_LIBS = 1
-
-# SunOS SPARC
-
-ifeq ($(OS_ARCH), SunOS)
-ifneq (86,$(findstring 86,$(OS_TEST)))
-ifdef HAVE_64BIT_BUILD
-HAVE_FREEBL_LIBS =
-HAVE_FREEBL_LIBS_64 = 1
-else
-HAVE_FREEBL_LIBS =
-HAVE_FREEBL_LIBS_32FPU = 1
-HAVE_FREEBL_LIBS_32INT64 = 1
-endif
-endif
-endif
-
-ifeq ($(OS_TARGET),Linux)
-HAVE_FREEBL_LIBS =
-HAVE_FREEBL_LIBS_PRIV = 1
-FREEBL_LOWHASH_FLAG = FREEBL_LOWHASH=1
-endif
-
-ifdef HAVE_FREEBL_LIBS
-NSS_EXTRA_DLLS += freebl3
-endif
-ifdef HAVE_FREEBL_LIBS_PRIV
-NSS_EXTRA_DLLS += freeblpriv3
-endif
-ifdef HAVE_FREEBL_LIBS_32INT32
-NSS_EXTRA_DLLS += freebl_32int_3
-endif
-ifdef HAVE_FREEBL_LIBS_32FPU
-NSS_EXTRA_DLLS += freebl_32fpu_3
-endif
-ifdef HAVE_FREEBL_LIBS_32INT64
-NSS_EXTRA_DLLS += freebl_32int64_3
-endif
-ifdef HAVE_FREEBL_LIBS_64
-NSS_EXTRA_DLLS += freebl_64int_3
-NSS_EXTRA_DLLS += freebl_64fpu_3
-endif
-
-# For all variables such as DLLFLAGS, that may contain $(DIST)
-DIST := $(ABS_DIST)
-# TODO: move this all to configure, but in Python
-ifndef MOZ_BUILD_NSPR
-NSPR_INCLUDE_DIR = $(firstword $(filter -I%,$(NSPR_CFLAGS)))
-ifneq (,$(strip $(NSPR_INCLUDE_DIR)))
-NSPR_INCLUDE_DIR := $(subst -I,,$(subst -I$(DIST),-I$(ABS_DIST),$(NSPR_INCLUDE_DIR)))
-else
-$(error Your NSPR CFLAGS are broken!)
-endif
-NSPR_LIB_DIR = $(firstword $(filter -L%,$(NSPR_LIBS)))
-ifneq (,$(strip $(NSPR_LIB_DIR)))
-NSPR_LIB_DIR := $(subst -L,,$(subst -L$(DIST),-L$(ABS_DIST),$(NSPR_LIB_DIR)))
-else
-$(error Your NSPR LDFLAGS are broken!)
-endif
-endif
-
-# To get debug symbols from NSS
-export MOZ_DEBUG_SYMBOLS
-
-DEFAULT_GMAKE_FLAGS =
-DEFAULT_GMAKE_FLAGS += CC='$(CC)'
-DEFAULT_GMAKE_FLAGS += MT='$(MT)'
-DEFAULT_GMAKE_FLAGS += LD='$(LD)'
-DEFAULT_GMAKE_FLAGS += SOURCE_MD_DIR=$(ABS_DIST)
-DEFAULT_GMAKE_FLAGS += SOURCE_MDHEADERS_DIR=$(NSPR_INCLUDE_DIR)
-DEFAULT_GMAKE_FLAGS += DIST=$(ABS_DIST)
-DEFAULT_GMAKE_FLAGS += NSPR_INCLUDE_DIR=$(NSPR_INCLUDE_DIR)
-DEFAULT_GMAKE_FLAGS += NSPR_LIB_DIR=$(NSPR_LIB_DIR)
-DEFAULT_GMAKE_FLAGS += MOZILLA_CLIENT=1
-DEFAULT_GMAKE_FLAGS += NO_MDUPDATE=1
-DEFAULT_GMAKE_FLAGS += NSS_ENABLE_ECC=1
-DEFAULT_GMAKE_FLAGS += NSS_ENABLE_TLS_1_3=1
-ifeq ($(OS_ARCH)_$(GNU_CC),WINNT_1)
-DEFAULT_GMAKE_FLAGS += OS_DLLFLAGS='-static-libgcc' NSPR31_LIB_PREFIX=lib
-endif
-DEFAULT_GMAKE_FLAGS += SQLITE_LIB_NAME=mozsqlite3
-DEFAULT_GMAKE_FLAGS += SQLITE_LIB_DIR=$(ABS_DIST)/../db/sqlite3/src
-DEFAULT_GMAKE_FLAGS += SQLITE_INCLUDE_DIR=$(ABS_DIST)/include
-ifdef NSS_DISABLE_DBM
-DEFAULT_GMAKE_FLAGS += NSS_DISABLE_DBM=1
-endif
-# Hack to force NSS build system to use "normal" object directories
-DEFAULT_GMAKE_FLAGS += topsrcdir='$(topsrcdir)'
-# topsrcdir can't be expanded here because msys path mangling likes to break
-# paths in that case.
-DEFAULT_GMAKE_FLAGS += BUILD='$(MOZ_BUILD_ROOT)/security/$$(subst $$(topsrcdir)/security/,,$$(CURDIR))'
-DEFAULT_GMAKE_FLAGS += BUILD_TREE='$$(BUILD)' OBJDIR='$$(BUILD)' DEPENDENCIES='$$(BUILD)/.deps' SINGLE_SHLIB_DIR='$$(BUILD)'
-DEFAULT_GMAKE_FLAGS += SOURCE_XP_DIR=$(ABS_DIST)
-ifndef MOZ_DEBUG
-DEFAULT_GMAKE_FLAGS += BUILD_OPT=1 OPT_CODE_SIZE=1
-endif
-ifdef GNU_CC
-DEFAULT_GMAKE_FLAGS += NS_USE_GCC=1
-else
-DEFAULT_GMAKE_FLAGS += NS_USE_GCC=
-endif
-ifdef USE_N32
-# It is not really necessary to specify USE_PTHREADS=1. USE_PTHREADS
-# merely adds _PTH to coreconf's OBJDIR name.
-DEFAULT_GMAKE_FLAGS += USE_N32=1 USE_PTHREADS=1
-endif
-ifdef HAVE_64BIT_BUILD
-DEFAULT_GMAKE_FLAGS += USE_64=1
-endif
-ifeq ($(OS_ARCH),WINNT)
-DEFAULT_GMAKE_FLAGS += OS_TARGET=WIN95
-ifdef MOZ_DEBUG
-ifndef MOZ_NO_DEBUG_RTL
-DEFAULT_GMAKE_FLAGS += USE_DEBUG_RTL=1
-endif
-endif
-endif # WINNT
-ifeq ($(OS_ARCH),Darwin)
-# Make nsinstall use absolute symlinks by default when building NSS
-# for Mozilla on Mac OS X. (Bugzilla bug 193164)
-ifndef NSDISTMODE
-DEFAULT_GMAKE_FLAGS += NSDISTMODE=absolute_symlink
-endif
-ifdef MACOS_SDK_DIR
-DEFAULT_GMAKE_FLAGS += MACOS_SDK_DIR=$(MACOS_SDK_DIR)
-endif
-endif
-
-# Turn off TLS compression support because it requires system zlib.
-# See bug 580679 comment 18.
-DEFAULT_GMAKE_FLAGS += NSS_SSL_ENABLE_ZLIB=
-
-# Disable building of the test programs in security/nss/lib/zlib
-DEFAULT_GMAKE_FLAGS += PROGRAMS=
-
-# Disable creating .chk files. They will be generated from packager.mk
-# When bug 681624 lands, we can replace CHECKLOC= with SKIP_SHLIBSIGN=1
-DEFAULT_GMAKE_FLAGS += CHECKLOC=
-
-ifdef CROSS_COMPILE
-
-DEFAULT_GMAKE_FLAGS += \
- NATIVE_CC='$(HOST_CC)' \
- CC='$(CC)' \
- CCC='$(CXX)' \
- AS='$(AS)' \
- AR='$(AR) $(AR_FLAGS:$@=$$@)' \
- RANLIB='$(RANLIB)' \
- RC='$(RC) $(RCFLAGS)' \
- OS_ARCH='$(OS_ARCH)' \
- OS_TEST='$(OS_TEST)' \
- CPU_ARCH='$(TARGET_CPU)' \
- $(NULL)
-
-endif
-
-ifdef WRAP_LDFLAGS
-NSS_EXTRA_LDFLAGS += $(WRAP_LDFLAGS)
-endif
-
-# The SHARED_LIBS part is needed unconditionally on Android. It's not
-# clear why this is the case, but see bug 1133073 (starting around
-# comment #8) for context.
-ifneq (,$(or $(MOZ_GLUE_WRAP_LDFLAGS), $(filter Android, $(OS_TARGET))))
-NSS_EXTRA_LDFLAGS += $(SHARED_LIBS:$(DEPTH)%=$(MOZ_BUILD_ROOT)%) $(MOZ_GLUE_WRAP_LDFLAGS)
-endif
-
-ifneq (,$(NSS_EXTRA_LDFLAGS))
-DEFAULT_GMAKE_FLAGS += \
- LDFLAGS='$(LDFLAGS) $(NSS_EXTRA_LDFLAGS)' \
- DSO_LDOPTS='$(DSO_LDOPTS) $(LDFLAGS) $(NSS_EXTRA_LDFLAGS)' \
- $(NULL)
-endif
-
-DEFAULT_GMAKE_FLAGS += FREEBL_NO_DEPEND=0 $(FREEBL_LOWHASH_FLAG)
-DEFAULT_GMAKE_FLAGS += NSS_ALLOW_SSLKEYLOGFILE=1
-
-ifdef MOZ_NO_WLZDEFS
-DEFAULT_GMAKE_FLAGS += ZDEFS_FLAG=
-endif
-ifdef MOZ_CFLAGS_NSS
-NSS_XCFLAGS += $(filter-out -W%,$(CFLAGS))
-DEFAULT_GMAKE_FLAGS += DARWIN_DYLIB_VERSIONS='-compatibility_version 1 -current_version 1 $(LDFLAGS)'
-endif
-ifeq (1_1,$(CLANG_CL)_$(MOZ_ASAN))
-XLDFLAGS := $(OS_LDFLAGS)
-DEFAULT_GMAKE_FLAGS += XLDFLAGS='$(XLDFLAGS)'
-endif
-
-DEFAULT_GMAKE_FLAGS += NSS_NO_PKCS11_BYPASS=1
-
-# Put NSS headers directly under $(DIST)/include
-DEFAULT_GMAKE_FLAGS += PUBLIC_EXPORT_DIR='$(ABS_DIST)/include/$$(MODULE)'
-DEFAULT_GMAKE_FLAGS += SOURCE_XPHEADERS_DIR='$$(SOURCE_XP_DIR)/include/$$(MODULE)'
-DEFAULT_GMAKE_FLAGS += MODULE_INCLUDES='$$(addprefix -I$$(SOURCE_XP_DIR)/include/,$$(REQUIRES))'
-
-# Work around NSS's MAKE_OBJDIR being racy. See bug #836220
-DEFAULT_GMAKE_FLAGS += MAKE_OBJDIR='$$(INSTALL) -D $$(OBJDIR)'
-
-# Work around NSS adding IMPORT_LIBRARY to TARGETS with no rule for
-# it, creating race conditions. See bug #836220
-DEFAULT_GMAKE_FLAGS += TARGETS='$$(LIBRARY) $$(SHARED_LIBRARY) $$(PROGRAM)'
-
-ifdef MOZ_FOLD_LIBS_FLAGS
-NSS_XCFLAGS += $(MOZ_FOLD_LIBS_FLAGS)
-endif
-
-# Pass on the MSVC target arch from the main build system.
-# Note this is case- and switch-character sensitive, while
-# the MSVC option is not.
-ifeq (WINNT,$(OS_TARGET))
-NSS_XCFLAGS += $(filter -arch:%,$(CFLAGS))
-endif
-
-# Enable short header experiment. Firefox only.
-NSS_XCFLAGS += -DNSS_ENABLE_TLS13_SHORT_HEADERS
-
-# Export accumulated XCFLAGS to modify nss defaults.
-DEFAULT_GMAKE_FLAGS += XCFLAGS='$(NSS_XCFLAGS)'
-
-NSS_SRCDIR = $(topsrcdir)
-
-NSS_DIRS =
-ifndef MOZ_FOLD_LIBS
-NSS_DIRS += nss/lib
-else
-ifndef NSS_DISABLE_DBM
-NSS_DIRS += nss/lib/dbm
-endif
-endif
-NSS_DIRS += \
- nss/cmd/lib \
- nss/cmd/shlibsign \
- $(NULL)
-
-ifdef ENABLE_TESTS
-NSS_DIRS += \
- nss/cmd/certutil \
- nss/cmd/pk12util \
- nss/cmd/modutil \
- $(NULL)
-endif
-
-ifneq (,$(filter %--build-id,$(LDFLAGS)))
-DEFAULT_GMAKE_ENV = LDFLAGS=-Wl,--build-id
-endif
-
-ifdef MOZ_FOLD_LIBS
-# TODO: The following can be replaced by something simpler when bug 844880
-# is fixed.
-# All static libraries required for nss, smime, ssl and nssutil.
-# The strip is needed to remove potential linefeed characters, since they hang
-# around in some cases on Windows.
-NSS_STATIC_LIBS := $(strip $(shell $(MAKE) --no-print-directory -f $(srcdir)/nss.mk DEPTH='$(DEPTH)' topsrcdir='$(topsrcdir)' srcdir='$(srcdir)' echo-variable-libs))
-# Corresponding build directories
-NSS_STATIC_DIRS := $(foreach lib,$(NSS_STATIC_LIBS),$(patsubst %/,%,$(dir $(lib))))
-NSS_DIRS += $(NSS_STATIC_DIRS)
-
-# TODO: The following can be replaced by something simpler when bug 844884
-# is fixed.
-# Remaining nss/lib directories
-NSS_DIRS += nss/lib/freebl nss/lib/softoken nss/lib/jar nss/lib/crmf nss/lib/ckfw
-
-DEFAULT_GMAKE_FLAGS += NSS_DISABLE_LIBPKIX=1
-
-ifeq (WINNT,$(OS_TARGET))
-NSS_DIRS += nss/lib/zlib
-endif
-endif # MOZ_FOLD_LIBS
-
-# Filter-out $(LIBRARY_NAME) because it's already handled in config/rules.mk.
-NSS_DIST_DLL_FILES := $(addprefix $(DIST)/lib/$(DLL_PREFIX),$(addsuffix $(DLL_SUFFIX),$(filter-out $(LIBRARY_NAME),$(NSS_DLLS)) $(NSS_EXTRA_DLLS)))
-NSS_DIST_DLL_DEST := $(DIST)/bin
-NSS_DIST_DLL_TARGET := target
-INSTALL_TARGETS += NSS_DIST_DLL
-
-ifeq ($(OS_ARCH)_$(1), SunOS_softokn3)
-# has to use copy mode on Solaris, see #665509
-$(DIST)/bin/$(DLL_PREFIX)softokn3$(DLL_SUFFIX): INSTALL := $(NSINSTALL) -t
-endif
-
-NSS_SDK_LIB_FILES := \
- $(addprefix $(DIST)/lib/$(LIB_PREFIX),$(addsuffix .$(LIB_SUFFIX),$(SDK_LIBS))) \
- $(addprefix $(DIST)/bin/$(DLL_PREFIX),$(addsuffix $(DLL_SUFFIX),$(NSS_DLLS))) \
- $(NULL)
-NSS_SDK_LIB_DEST := $(DIST)/sdk/lib
-NSS_SDK_LIB_TARGET := target
-INSTALL_TARGETS += NSS_SDK_LIB
-
-ifdef MOZ_FOLD_LIBS
-# Add all static libraries for nss, smime, ssl and nssutil
-STATIC_LIBS += $(addprefix $(DEPTH)/security/,$(NSS_STATIC_LIBS))
-
-IMPORT_LIB_FILES = $(IMPORT_LIBRARY)
-IMPORT_LIB_DEST ?= $(DIST)/lib
-IMPORT_LIB_TARGET = target
-INSTALL_TARGETS += IMPORT_LIB
-
-endif # MOZ_FOLD_LIBS
-
-include $(topsrcdir)/config/rules.mk
-
-ifeq (1,$(ALLOW_COMPILER_WARNINGS))
-DEFAULT_GMAKE_FLAGS += NSS_ENABLE_WERROR=0
-endif
-
-# Can't pass this in DEFAULT_GMAKE_FLAGS because that overrides
-# definitions in NSS, so just export it into the sub-make's environment.
-ifeq (WINNT_1,$(OS_TARGET)_$(MOZ_MEMORY))
-DLLFLAGS := -LIBPATH:$(ABS_DIST)/../mozglue/build -DEFAULTLIB:mozglue
-export DLLFLAGS
-endif
-
-ifdef MOZ_FOLD_LIBS
-# Force the linker to include everything from the static libraries.
-EXPAND_LIBS_EXEC += --extract
-
-$(SHARED_LIBRARY): $(addprefix $(DEPTH)/security/,$(NSS_STATIC_LIBS))
-
-ifdef IMPORT_LIB_SUFFIX
-IMPORT_PREFIX = $(LIB_PREFIX)
-IMPORT_SUFFIX = .$(IMPORT_LIB_SUFFIX)
-else
-IMPORT_PREFIX = $(DLL_PREFIX)
-IMPORT_SUFFIX = $(DLL_SUFFIX)
-endif
-
-NSPR_IMPORT_LIBS = $(addprefix $(DIST)/lib/$(IMPORT_PREFIX),$(addsuffix $(IMPORT_SUFFIX),nspr4 plc4 plds4))
-SQLITE_IMPORT_LIB = $(DIST)/lib/$(IMPORT_PREFIX)mozsqlite3$(IMPORT_SUFFIX)
-
-# TODO: The following can be replaced by something simpler when bug 844884
-# is fixed.
-# Associate target files with the rules that build them.
-$(DIST)/lib/$(LIB_PREFIX)crmf.$(LIB_SUFFIX): libs-nss/lib/crmf
-$(DIST)/lib/$(DLL_PREFIX)freebl3$(DLL_SUFFIX): libs-nss/lib/freebl
-$(DIST)/lib/$(DLL_PREFIX)nssckbi$(DLL_SUFFIX): libs-nss/lib/ckfw
-$(DIST)/lib/$(DLL_PREFIX)softokn3$(DLL_SUFFIX): libs-nss/lib/softoken
-$(DIST)/lib/$(DLL_PREFIX)nssdbm3$(DLL_SUFFIX): libs-nss/lib/softoken
-$(foreach lib,$(NSS_STATIC_LIBS),$(eval $(DEPTH)/security/$(lib): libs-$(patsubst %/,%,$(dir $(lib)))))
-
-# Create fake import libraries for the folded libraries, so that linking
-# against them works both for the NSS build system (see dependencies below)
-# and for the rest of the mozilla build system.
-$(NSPR_IMPORT_LIBS) \
-$(SQLITE_IMPORT_LIB) \
-$(DIST)/lib/$(IMPORT_PREFIX)nssutil3$(IMPORT_SUFFIX) \
-$(DIST)/lib/$(IMPORT_PREFIX)ssl3$(IMPORT_SUFFIX) \
-$(DIST)/lib/$(IMPORT_PREFIX)smime3$(IMPORT_SUFFIX): $(DIST)/lib/$(IMPORT_PREFIX)nss3$(IMPORT_SUFFIX)
-ifeq (WINNT,$(OS_TARGET))
- cp $< $@
-else
- ln -sf $< $@
-endif
-
-# Interdependencies between nss sub-directories, and dependencies on NSPR/SQLite
-libs-nss/lib/ckfw: libs-nss/lib/nss/../base $(NSPR_IMPORT_LIBS)
-libs-nss/lib/softoken: $(NSPR_IMPORT_LIBS) $(SQLITE_IMPORT_LIB)
-libs-nss/lib/softoken: libs-nss/lib/freebl
-ifndef NSS_DISABLE_DBM
-libs-nss/lib/softoken: libs-nss/lib/dbm
-endif
-libs-nss/lib/softoken: $(DIST)/lib/$(IMPORT_PREFIX)nssutil3$(IMPORT_SUFFIX)
-libs-nss/lib/freebl: $(DIST)/lib/$(IMPORT_PREFIX)nssutil3$(IMPORT_SUFFIX) $(NSPR_IMPORT_LIBS)
-
-# For each directory where we build static libraries, force the NSS build system
-# to only build static libraries.
-$(addprefix libs-,$(NSS_STATIC_DIRS)): DEFAULT_GMAKE_FLAGS += SHARED_LIBRARY= IMPORT_LIBRARY=
-else
-$(STATIC_LIBS) $(NSS_DIST_DLL_FILES) $(NSS_SDK_LIB_FILES): libs-nss/lib
-endif # MOZ_FOLD_LIBS
-
-ifeq ($(NSINSTALL_PY),$(NSINSTALL))
-DEFAULT_GMAKE_FLAGS += PYTHON='$(PYTHON)'
-DEFAULT_GMAKE_FLAGS += NSINSTALL_PY='$(abspath $(topsrcdir)/config/nsinstall.py)'
-DEFAULT_GMAKE_FLAGS += NSINSTALL='$$(PYTHON) $$(NSINSTALL_PY)'
-else
-DEFAULT_GMAKE_FLAGS += NSINSTALL='$(abspath $(NSINSTALL))'
-endif
-ifeq ($(OS_ARCH),WINNT)
-DEFAULT_GMAKE_FLAGS += INSTALL='$$(NSINSTALL) -t'
-endif
-DEFAULT_GMAKE_FLAGS += $(EXTRA_GMAKE_FLAGS)
-
-$(addprefix libs-,$(NSS_DIRS)): libs-%:
-# Work around NSS's export rule being racy when recursing for private_export
-# See bug #836220.
-$(addprefix export-,$(NSS_DIRS)): EXTRA_GMAKE_FLAGS = PRIVATE_EXPORTS=
-$(addprefix export-,$(NSS_DIRS)): export-%: private_export-%
-$(addprefix private_export-,$(NSS_DIRS)): EXTRA_GMAKE_FLAGS =
-$(addprefix private_export-,$(NSS_DIRS)): private_export-%:
-
-$(foreach p,libs export private_export,$(addprefix $(p)-,$(NSS_DIRS))):
- $(DEFAULT_GMAKE_ENV) $(MAKE) -C $(NSS_SRCDIR)/security/$* $(@:-$*=) $(DEFAULT_GMAKE_FLAGS)
-
-export:: $(addprefix export-,$(NSS_DIRS))
-
-$(addprefix clean-,$(NSS_DIRS)): clean-%:
- $(MAKE) -C $(NSS_SRCDIR)/security/$* $(DEFAULT_GMAKE_FLAGS) clean
-
-clean clobber clobber_all realclean distclean depend:: $(addprefix clean-,$(NSS_DIRS))
-
-NSS_CMD_TARGETS := $(addprefix libs-,$(filter-out nss/cmd/lib,$(filter nss/cmd/%,$(NSS_DIRS))))
-target:: $(NSS_CMD_TARGETS)
-
-ifdef MOZ_FOLD_LIBS
-$(NSS_CMD_TARGETS): $(addprefix $(DIST)/lib/$(IMPORT_PREFIX),$(addsuffix $(IMPORT_SUFFIX),$(NSS_LIBS)))
-libs-nss/cmd/modutil: libs-nss/lib/jar
-ifeq (WINNT,$(OS_TARGET))
-libs-nss/cmd/modutil: libs-nss/lib/zlib
-endif
-$(NSS_CMD_TARGETS): libs-nss/cmd/lib
-else
-$(NSS_CMD_TARGETS): libs-nss/lib libs-nss/cmd/lib
-endif # MOZ_FOLD_LIBS
-
-# Work around NSS build system race condition creating certdata.c in
-# security/nss/lib/ckfw/builtins. See bug #836220.
-libs-nss/lib$(if $(MOZ_FOLD_LIBS),/ckfw): $(call mkdir_deps,$(DEPTH)/security/nss/lib/ckfw/builtins)
-
diff --git a/config/external/nss/crmf/moz.build b/config/external/nss/crmf/moz.build
deleted file mode 100644
index 9a17c6b5ab..0000000000
--- a/config/external/nss/crmf/moz.build
+++ /dev/null
@@ -1,15 +0,0 @@
-# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-Library('crmf')
-
-USE_LIBS += [
- # The dependency on nss is not real, but is required to force the
- # parent directory being built before this one. This has no
- # practical effect on linkage, since the only thing linking crmf
- # will need nss anyways.
- 'nss',
- 'static:/security/nss/lib/crmf/crmf',
-]
diff --git a/config/external/nss/moz.build b/config/external/nss/moz.build
deleted file mode 100644
index ff1befc94c..0000000000
--- a/config/external/nss/moz.build
+++ /dev/null
@@ -1,39 +0,0 @@
-# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-DIRS += ['crmf']
-
-if CONFIG['MOZ_FOLD_LIBS']:
- GeckoSharedLibrary('nss', linkage=None)
- # TODO: The library name can be changed when bug 845217 is fixed.
- SHARED_LIBRARY_NAME = 'nss3'
-
- SDK_LIBRARY = True
-
- USE_LIBS += [
- 'nspr4',
- 'plc4',
- 'plds4',
- ]
-
- OS_LIBS += CONFIG['REALTIME_LIBS']
-
- SYMBOLS_FILE = 'nss.symbols'
-else:
- Library('nss')
- USE_LIBS += [
- '/security/nss/lib/nss/nss3',
- '/security/nss/lib/smime/smime3',
- '/security/nss/lib/ssl/ssl3',
- '/security/nss/lib/util/nssutil3',
- ]
-
-USE_LIBS += ['sqlite']
-
-# XXX: We should fix these warnings.
-ALLOW_COMPILER_WARNINGS = True
-
-if CONFIG['NSS_EXTRA_SYMBOLS_FILE']:
- DEFINES['NSS_EXTRA_SYMBOLS_FILE'] = CONFIG['NSS_EXTRA_SYMBOLS_FILE']
diff --git a/config/external/nss/nss.mk b/config/external/nss/nss.mk
deleted file mode 100644
index 38d234a0b9..0000000000
--- a/config/external/nss/nss.mk
+++ /dev/null
@@ -1,27 +0,0 @@
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-include $(DEPTH)/config/autoconf.mk
-
-include $(topsrcdir)/config/config.mk
-
-dirs :=
-
-define add_dirs
-SHARED_LIBRARY_DIRS :=
-include $(topsrcdir)/security/$(1)/config.mk
-dirs += $$(addprefix $(1)/,$$(SHARED_LIBRARY_DIRS)) $(1)
-endef
-$(foreach dir,util nss ssl smime,$(eval $(call add_dirs,nss/lib/$(dir))))
-
-libs :=
-define add_lib
-LIBRARY_NAME :=
-include $(topsrcdir)/security/$(1)/manifest.mn
-libs += $$(addprefix $(1)/,$(LIB_PREFIX)$$(LIBRARY_NAME).$(LIB_SUFFIX))
-endef
-$(foreach dir,$(dirs),$(eval $(call add_lib,$(dir))))
-
-echo-variable-%:
- @echo $($*)
diff --git a/moz.build b/moz.build
index a251a8f0e1..7d6e035a5f 100644
--- a/moz.build
+++ b/moz.build
@@ -73,7 +73,7 @@ if not CONFIG['MOZ_DISABLE_PLATFORM']:
DIRS += [
'config/external',
- 'config/external/nss',
+ 'security',
]
if CONFIG['BUILD_CTYPES']:
diff --git a/python/mozbuild/mozbuild/frontend/emitter.py b/python/mozbuild/mozbuild/frontend/emitter.py
index 49ec1e8d7a..78d92c4236 100644
--- a/python/mozbuild/mozbuild/frontend/emitter.py
+++ b/python/mozbuild/mozbuild/frontend/emitter.py
@@ -135,9 +135,6 @@ class TreeMetadataEmitter(LoggingMixin):
if os.path.exists(subconfigures):
paths = open(subconfigures).read().splitlines()
self._external_paths = set(mozpath.normsep(d) for d in paths)
- # Add security/nss manually, since it doesn't have a subconfigure.
- self._external_paths.add('security/nss')
-
self._emitter_time = 0.0
self._object_count = 0
self._test_files_converter = SupportFilesConverter()
diff --git a/security/Makefile.in b/security/Makefile.in
new file mode 100644
index 0000000000..6e6e7faa05
--- /dev/null
+++ b/security/Makefile.in
@@ -0,0 +1,2 @@
+NSS_DISABLE_AVX2 = 1
+export NSS_DISABLE_AVX2 \ No newline at end of file
diff --git a/security/generate_certdata.py b/security/generate_certdata.py
new file mode 100644
index 0000000000..3cb1aae5bb
--- /dev/null
+++ b/security/generate_certdata.py
@@ -0,0 +1,11 @@
+#!/usr/bin/env python
+#
+# This exists to paper over differences between gyp's `action` definitions
+# and moz.build `GENERATED_FILES` semantics.
+
+import buildconfig
+import subprocess
+
+def main(output, *inputs):
+ output.write(subprocess.check_output([buildconfig.substs['PERL']] + list(inputs)))
+ return None \ No newline at end of file
diff --git a/security/generate_mapfile.py b/security/generate_mapfile.py
new file mode 100644
index 0000000000..3e841ea4b1
--- /dev/null
+++ b/security/generate_mapfile.py
@@ -0,0 +1,54 @@
+#!/usr/bin/env python
+
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# This script processes NSS .def files according to the rules defined in
+# a comment at the top of each one. The files are used to define the
+# exports from NSS shared libraries, with -DEFFILE on Windows, a linker
+# script on Linux, or with -exported_symbols_list on OS X.
+#
+# The NSS build system processes them using a series of sed replacements,
+# but the Mozilla build system is already running a Python script to generate
+# the file so it's simpler to just do the replacement in Python.
+
+import buildconfig
+
+
+def main(output, input):
+ # There's a check in old-configure.in under the system-nss handling
+ # that should match this.
+ if buildconfig.substs['OS_ARCH'] not in ('Linux', 'Darwin'):
+ print "Error: unhandled OS_ARCH %s" % buildconfig.substs['OS_ARCH']
+ return 1
+ is_linux = buildconfig.substs['OS_ARCH'] == 'Linux'
+
+ with open(input, 'rb') as f:
+ for line in f:
+ line = line.rstrip()
+ # Remove all lines containing ';-'
+ if ';-' in line:
+ continue
+ # On non-Linux, remove all lines containing ';+'
+ if not is_linux and ';+' in line:
+ continue
+ # Remove the string ' DATA '.
+ line = line.replace(' DATA ', '')
+ # Remove the string ';+'
+ line = line.replace(';+', '')
+ # Remove the string ';;'
+ line = line.replace(';;', '')
+ # If a ';' is present, remove everything after it,
+ # and on non-Linux, remove it as well.
+ i = line.find(';')
+ if i != -1:
+ if is_linux:
+ line = line[:i+1]
+ else:
+ line = line[:i]
+ # On non-Linux, symbols get an underscore in front.
+ if line and not is_linux:
+ output.write('_')
+ output.write(line)
+ output.write('\n') \ No newline at end of file
diff --git a/security/moz.build b/security/moz.build
new file mode 100644
index 0000000000..13de8e62aa
--- /dev/null
+++ b/security/moz.build
@@ -0,0 +1,123 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include('/build/gyp_base.mozbuild')
+if CONFIG['MOZ_FOLD_LIBS']:
+ GeckoSharedLibrary('nss', linkage=None)
+ # TODO: The library name can be changed when bug 845217 is fixed.
+ SHARED_LIBRARY_NAME = 'nss3'
+
+ SDK_LIBRARY = True
+
+ USE_LIBS += [
+ 'nspr4',
+ 'nss3_static',
+ 'nssutil',
+ 'plc4',
+ 'plds4',
+ 'smime3_static',
+ 'ssl',
+ ]
+
+ OS_LIBS += CONFIG['REALTIME_LIBS']
+
+ SYMBOLS_FILE = 'nss.symbols'
+ # This changes the default targets in the NSS build, among
+ # other things.
+ gyp_vars['moz_fold_libs'] = 1
+ # Some things in NSS need to link against nssutil, which
+ # gets folded, so this tells them what to link against.
+ gyp_vars['moz_folded_library_name'] = 'nss'
+ # Force things in NSS that want to link against NSPR to link
+ # against the folded library.
+ gyp_vars['nspr_libs'] = 'nss'
+else:
+ Library('nss')
+ USE_LIBS += [
+ 'nss3',
+ 'nssutil3',
+ 'smime3',
+ 'sqlite',
+ 'ssl3',
+ ]
+ gyp_vars['nspr_libs'] = 'nspr4 plc4 plds4'
+
+# This disables building some NSS tools.
+gyp_vars['mozilla_client'] = 1
+# We run shlibsign as part of packaging, not build.
+gyp_vars['sign_libs'] = 0
+gyp_vars['python'] = CONFIG['PYTHON']
+# The NSS gyp files do not have a default for this.
+gyp_vars['nss_dist_dir'] = '$PRODUCT_DIR/dist'
+# NSS wants to put public headers in $nss_dist_dir/public/nss by default,
+# which would wind up being mapped to dist/include/public/nss (by
+# gyp_reader's `handle_copies`).
+# This forces it to put them in dist/include/nss.
+gyp_vars['nss_public_dist_dir'] = '$PRODUCT_DIR/dist'
+gyp_vars['nss_dist_obj_dir'] = '$PRODUCT_DIR/dist/bin'
+# We don't currently build NSS tests.
+gyp_vars['disable_tests'] = 1
+if CONFIG['NSS_DISABLE_DBM']:
+ gyp_vars['disable_dbm'] = 1
+gyp_vars['disable_libpkix'] = 1
+gyp_vars['enable_sslkeylogfile'] = 1
+# pkg-config won't reliably find zlib on our builders, so just force it.
+# System zlib is only used for modutil and signtool unless
+# SSL zlib is enabled, which we are disabling immediately below this.
+gyp_vars['zlib_libs'] = '-lz'
+gyp_vars['ssl_enable_zlib'] = 0
+# System sqlite here is the in-tree mozsqlite.
+gyp_vars['use_system_sqlite'] = 1
+gyp_vars['sqlite_libs'] = 'sqlite'
+gyp_vars['nspr_include_dir'] = CONFIG['NSPR_INCLUDE_DIR']
+gyp_vars['nspr_lib_dir'] = CONFIG['NSPR_LIB_DIR']
+# The Python scripts that detect clang need it to be set as CC
+# in the environment, which isn't true here. I don't know that
+# setting that would be harmful, but we already have this information
+# anyway.
+gyp_vars['NSS_DISABLE_AVX2'] = 1
+if CONFIG['CLANG_CXX']:
+ gyp_vars['cc_is_clang'] = 1
+
+GYP_DIRS += ['nss']
+GYP_DIRS['nss'].input = 'nss/nss.gyp'
+GYP_DIRS['nss'].variables = gyp_vars
+
+sandbox_vars = {
+ # NSS explicitly exports its public symbols
+ # with linker scripts.
+ 'NO_VISIBILITY_FLAGS': True,
+ # XXX: We should fix these warnings.
+ 'ALLOW_COMPILER_WARNINGS': True,
+ # NSS' build system doesn't currently build NSS with PGO.
+ # We could probably do so, but not without a lot of
+ # careful consideration.
+ 'NO_PGO': True,
+}
+if CONFIG['OS_TARGET'] == 'WINNT':
+ if CONFIG['CPU_ARCH'] == 'x86':
+ # This should really be the default.
+ sandbox_vars['ASFLAGS'] = ['-safeseh']
+if CONFIG['OS_TARGET'] == 'Android':
+ sandbox_vars['CFLAGS'] = [
+ '-include', TOPSRCDIR + '/security/manager/android_stub.h',
+ # Setting sandbox_vars['DEFINES'] is broken currently.
+ '-DCHECK_FORK_GETPID',
+ ]
+ if CONFIG['ANDROID_VERSION']:
+ sandbox_vars['CFLAGS'] += ['-DANDROID_VERSION=' + CONFIG['ANDROID_VERSION']]
+GYP_DIRS['nss'].sandbox_vars = sandbox_vars
+GYP_DIRS['nss'].no_chromium = True
+GYP_DIRS['nss'].no_unified = True
+# This maps action names from gyp files to
+# Python scripts that can be used in moz.build GENERATED_FILES.
+GYP_DIRS['nss'].action_overrides = {
+ 'generate_certdata_c': 'generate_certdata.py',
+ 'generate_mapfile': 'generate_mapfile.py',
+}
+
+if CONFIG['NSS_EXTRA_SYMBOLS_FILE']:
+ DEFINES['NSS_EXTRA_SYMBOLS_FILE'] = CONFIG['NSS_EXTRA_SYMBOLS_FILE'] \ No newline at end of file
diff --git a/config/external/nss/nss.symbols b/security/nss.symbols
index 83f5dc524c..83f5dc524c 100644
--- a/config/external/nss/nss.symbols
+++ b/security/nss.symbols