diff options
-rw-r--r-- | build/autoconf/nspr-build.m4 | 2 | ||||
-rw-r--r-- | config/external/nss/Makefile.in | 460 | ||||
-rw-r--r-- | config/external/nss/crmf/moz.build | 15 | ||||
-rw-r--r-- | config/external/nss/moz.build | 39 | ||||
-rw-r--r-- | config/external/nss/nss.mk | 27 | ||||
-rw-r--r-- | moz.build | 2 | ||||
-rw-r--r-- | python/mozbuild/mozbuild/frontend/emitter.py | 3 | ||||
-rw-r--r-- | security/Makefile.in | 2 | ||||
-rw-r--r-- | security/generate_certdata.py | 11 | ||||
-rw-r--r-- | security/generate_mapfile.py | 54 | ||||
-rw-r--r-- | security/moz.build | 123 | ||||
-rw-r--r-- | security/nss.symbols (renamed from config/external/nss/nss.symbols) | 0 |
12 files changed, 193 insertions, 545 deletions
diff --git a/build/autoconf/nspr-build.m4 b/build/autoconf/nspr-build.m4 index b53fb4d37f..2858d1f2bd 100644 --- a/build/autoconf/nspr-build.m4 +++ b/build/autoconf/nspr-build.m4 @@ -138,6 +138,8 @@ if test -n "$NSPR_CFLAGS" -o -n "$NSPR_LIBS"; then , AC_MSG_ERROR([system NSPR does not support PR_UINT64 or including prtypes.h does not provide it])) CFLAGS=$_SAVE_CFLAGS + NSPR_INCLUDE_DIR=`echo ${NSPR_CFLAGS} | sed -e 's/.*-I\([^ ]*\).*/\1/'` + NSPR_LIB_DIR=`echo ${NSPR_LIBS} | sed -e 's/.*-L\([^ ]*\).*/\1/'` elif test -z "$JS_POSIX_NSPR"; then NSPR_INCLUDE_DIR="${DIST}/include/nspr" NSPR_CFLAGS="-I${NSPR_INCLUDE_DIR}" diff --git a/config/external/nss/Makefile.in b/config/external/nss/Makefile.in deleted file mode 100644 index f01426d512..0000000000 --- a/config/external/nss/Makefile.in +++ /dev/null @@ -1,460 +0,0 @@ -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -CC_WRAPPER = -CXX_WRAPPER = - -default:: - -include $(topsrcdir)/config/makefiles/functions.mk - -NSS_LIBS = \ - nss3 \ - nssutil3 \ - smime3 \ - ssl3 \ - $(NULL) - -ifdef MOZ_FOLD_LIBS -NSS_DLLS = $(LIBRARY_NAME) -else -NSS_DLLS = $(NSS_LIBS) -endif - -NSS_EXTRA_DLLS = \ - nssckbi \ - softokn3 \ - $(NULL) - -ifndef NSS_DISABLE_DBM -NSS_EXTRA_DLLS += nssdbm3 -endif - -SDK_LIBS = crmf - -ifneq (,$(filter WINNT,$(OS_ARCH))) -SDK_LIBS += $(NSS_DLLS) -endif - -# Default -HAVE_FREEBL_LIBS = 1 - -# SunOS SPARC - -ifeq ($(OS_ARCH), SunOS) -ifneq (86,$(findstring 86,$(OS_TEST))) -ifdef HAVE_64BIT_BUILD -HAVE_FREEBL_LIBS = -HAVE_FREEBL_LIBS_64 = 1 -else -HAVE_FREEBL_LIBS = -HAVE_FREEBL_LIBS_32FPU = 1 -HAVE_FREEBL_LIBS_32INT64 = 1 -endif -endif -endif - -ifeq ($(OS_TARGET),Linux) -HAVE_FREEBL_LIBS = -HAVE_FREEBL_LIBS_PRIV = 1 -FREEBL_LOWHASH_FLAG = FREEBL_LOWHASH=1 -endif - -ifdef HAVE_FREEBL_LIBS -NSS_EXTRA_DLLS += freebl3 -endif -ifdef HAVE_FREEBL_LIBS_PRIV -NSS_EXTRA_DLLS += freeblpriv3 -endif -ifdef HAVE_FREEBL_LIBS_32INT32 -NSS_EXTRA_DLLS += freebl_32int_3 -endif -ifdef HAVE_FREEBL_LIBS_32FPU -NSS_EXTRA_DLLS += freebl_32fpu_3 -endif -ifdef HAVE_FREEBL_LIBS_32INT64 -NSS_EXTRA_DLLS += freebl_32int64_3 -endif -ifdef HAVE_FREEBL_LIBS_64 -NSS_EXTRA_DLLS += freebl_64int_3 -NSS_EXTRA_DLLS += freebl_64fpu_3 -endif - -# For all variables such as DLLFLAGS, that may contain $(DIST) -DIST := $(ABS_DIST) -# TODO: move this all to configure, but in Python -ifndef MOZ_BUILD_NSPR -NSPR_INCLUDE_DIR = $(firstword $(filter -I%,$(NSPR_CFLAGS))) -ifneq (,$(strip $(NSPR_INCLUDE_DIR))) -NSPR_INCLUDE_DIR := $(subst -I,,$(subst -I$(DIST),-I$(ABS_DIST),$(NSPR_INCLUDE_DIR))) -else -$(error Your NSPR CFLAGS are broken!) -endif -NSPR_LIB_DIR = $(firstword $(filter -L%,$(NSPR_LIBS))) -ifneq (,$(strip $(NSPR_LIB_DIR))) -NSPR_LIB_DIR := $(subst -L,,$(subst -L$(DIST),-L$(ABS_DIST),$(NSPR_LIB_DIR))) -else -$(error Your NSPR LDFLAGS are broken!) -endif -endif - -# To get debug symbols from NSS -export MOZ_DEBUG_SYMBOLS - -DEFAULT_GMAKE_FLAGS = -DEFAULT_GMAKE_FLAGS += CC='$(CC)' -DEFAULT_GMAKE_FLAGS += MT='$(MT)' -DEFAULT_GMAKE_FLAGS += LD='$(LD)' -DEFAULT_GMAKE_FLAGS += SOURCE_MD_DIR=$(ABS_DIST) -DEFAULT_GMAKE_FLAGS += SOURCE_MDHEADERS_DIR=$(NSPR_INCLUDE_DIR) -DEFAULT_GMAKE_FLAGS += DIST=$(ABS_DIST) -DEFAULT_GMAKE_FLAGS += NSPR_INCLUDE_DIR=$(NSPR_INCLUDE_DIR) -DEFAULT_GMAKE_FLAGS += NSPR_LIB_DIR=$(NSPR_LIB_DIR) -DEFAULT_GMAKE_FLAGS += MOZILLA_CLIENT=1 -DEFAULT_GMAKE_FLAGS += NO_MDUPDATE=1 -DEFAULT_GMAKE_FLAGS += NSS_ENABLE_ECC=1 -DEFAULT_GMAKE_FLAGS += NSS_ENABLE_TLS_1_3=1 -ifeq ($(OS_ARCH)_$(GNU_CC),WINNT_1) -DEFAULT_GMAKE_FLAGS += OS_DLLFLAGS='-static-libgcc' NSPR31_LIB_PREFIX=lib -endif -DEFAULT_GMAKE_FLAGS += SQLITE_LIB_NAME=mozsqlite3 -DEFAULT_GMAKE_FLAGS += SQLITE_LIB_DIR=$(ABS_DIST)/../db/sqlite3/src -DEFAULT_GMAKE_FLAGS += SQLITE_INCLUDE_DIR=$(ABS_DIST)/include -ifdef NSS_DISABLE_DBM -DEFAULT_GMAKE_FLAGS += NSS_DISABLE_DBM=1 -endif -# Hack to force NSS build system to use "normal" object directories -DEFAULT_GMAKE_FLAGS += topsrcdir='$(topsrcdir)' -# topsrcdir can't be expanded here because msys path mangling likes to break -# paths in that case. -DEFAULT_GMAKE_FLAGS += BUILD='$(MOZ_BUILD_ROOT)/security/$$(subst $$(topsrcdir)/security/,,$$(CURDIR))' -DEFAULT_GMAKE_FLAGS += BUILD_TREE='$$(BUILD)' OBJDIR='$$(BUILD)' DEPENDENCIES='$$(BUILD)/.deps' SINGLE_SHLIB_DIR='$$(BUILD)' -DEFAULT_GMAKE_FLAGS += SOURCE_XP_DIR=$(ABS_DIST) -ifndef MOZ_DEBUG -DEFAULT_GMAKE_FLAGS += BUILD_OPT=1 OPT_CODE_SIZE=1 -endif -ifdef GNU_CC -DEFAULT_GMAKE_FLAGS += NS_USE_GCC=1 -else -DEFAULT_GMAKE_FLAGS += NS_USE_GCC= -endif -ifdef USE_N32 -# It is not really necessary to specify USE_PTHREADS=1. USE_PTHREADS -# merely adds _PTH to coreconf's OBJDIR name. -DEFAULT_GMAKE_FLAGS += USE_N32=1 USE_PTHREADS=1 -endif -ifdef HAVE_64BIT_BUILD -DEFAULT_GMAKE_FLAGS += USE_64=1 -endif -ifeq ($(OS_ARCH),WINNT) -DEFAULT_GMAKE_FLAGS += OS_TARGET=WIN95 -ifdef MOZ_DEBUG -ifndef MOZ_NO_DEBUG_RTL -DEFAULT_GMAKE_FLAGS += USE_DEBUG_RTL=1 -endif -endif -endif # WINNT -ifeq ($(OS_ARCH),Darwin) -# Make nsinstall use absolute symlinks by default when building NSS -# for Mozilla on Mac OS X. (Bugzilla bug 193164) -ifndef NSDISTMODE -DEFAULT_GMAKE_FLAGS += NSDISTMODE=absolute_symlink -endif -ifdef MACOS_SDK_DIR -DEFAULT_GMAKE_FLAGS += MACOS_SDK_DIR=$(MACOS_SDK_DIR) -endif -endif - -# Turn off TLS compression support because it requires system zlib. -# See bug 580679 comment 18. -DEFAULT_GMAKE_FLAGS += NSS_SSL_ENABLE_ZLIB= - -# Disable building of the test programs in security/nss/lib/zlib -DEFAULT_GMAKE_FLAGS += PROGRAMS= - -# Disable creating .chk files. They will be generated from packager.mk -# When bug 681624 lands, we can replace CHECKLOC= with SKIP_SHLIBSIGN=1 -DEFAULT_GMAKE_FLAGS += CHECKLOC= - -ifdef CROSS_COMPILE - -DEFAULT_GMAKE_FLAGS += \ - NATIVE_CC='$(HOST_CC)' \ - CC='$(CC)' \ - CCC='$(CXX)' \ - AS='$(AS)' \ - AR='$(AR) $(AR_FLAGS:$@=$$@)' \ - RANLIB='$(RANLIB)' \ - RC='$(RC) $(RCFLAGS)' \ - OS_ARCH='$(OS_ARCH)' \ - OS_TEST='$(OS_TEST)' \ - CPU_ARCH='$(TARGET_CPU)' \ - $(NULL) - -endif - -ifdef WRAP_LDFLAGS -NSS_EXTRA_LDFLAGS += $(WRAP_LDFLAGS) -endif - -# The SHARED_LIBS part is needed unconditionally on Android. It's not -# clear why this is the case, but see bug 1133073 (starting around -# comment #8) for context. -ifneq (,$(or $(MOZ_GLUE_WRAP_LDFLAGS), $(filter Android, $(OS_TARGET)))) -NSS_EXTRA_LDFLAGS += $(SHARED_LIBS:$(DEPTH)%=$(MOZ_BUILD_ROOT)%) $(MOZ_GLUE_WRAP_LDFLAGS) -endif - -ifneq (,$(NSS_EXTRA_LDFLAGS)) -DEFAULT_GMAKE_FLAGS += \ - LDFLAGS='$(LDFLAGS) $(NSS_EXTRA_LDFLAGS)' \ - DSO_LDOPTS='$(DSO_LDOPTS) $(LDFLAGS) $(NSS_EXTRA_LDFLAGS)' \ - $(NULL) -endif - -DEFAULT_GMAKE_FLAGS += FREEBL_NO_DEPEND=0 $(FREEBL_LOWHASH_FLAG) -DEFAULT_GMAKE_FLAGS += NSS_ALLOW_SSLKEYLOGFILE=1 - -ifdef MOZ_NO_WLZDEFS -DEFAULT_GMAKE_FLAGS += ZDEFS_FLAG= -endif -ifdef MOZ_CFLAGS_NSS -NSS_XCFLAGS += $(filter-out -W%,$(CFLAGS)) -DEFAULT_GMAKE_FLAGS += DARWIN_DYLIB_VERSIONS='-compatibility_version 1 -current_version 1 $(LDFLAGS)' -endif -ifeq (1_1,$(CLANG_CL)_$(MOZ_ASAN)) -XLDFLAGS := $(OS_LDFLAGS) -DEFAULT_GMAKE_FLAGS += XLDFLAGS='$(XLDFLAGS)' -endif - -DEFAULT_GMAKE_FLAGS += NSS_NO_PKCS11_BYPASS=1 - -# Put NSS headers directly under $(DIST)/include -DEFAULT_GMAKE_FLAGS += PUBLIC_EXPORT_DIR='$(ABS_DIST)/include/$$(MODULE)' -DEFAULT_GMAKE_FLAGS += SOURCE_XPHEADERS_DIR='$$(SOURCE_XP_DIR)/include/$$(MODULE)' -DEFAULT_GMAKE_FLAGS += MODULE_INCLUDES='$$(addprefix -I$$(SOURCE_XP_DIR)/include/,$$(REQUIRES))' - -# Work around NSS's MAKE_OBJDIR being racy. See bug #836220 -DEFAULT_GMAKE_FLAGS += MAKE_OBJDIR='$$(INSTALL) -D $$(OBJDIR)' - -# Work around NSS adding IMPORT_LIBRARY to TARGETS with no rule for -# it, creating race conditions. See bug #836220 -DEFAULT_GMAKE_FLAGS += TARGETS='$$(LIBRARY) $$(SHARED_LIBRARY) $$(PROGRAM)' - -ifdef MOZ_FOLD_LIBS_FLAGS -NSS_XCFLAGS += $(MOZ_FOLD_LIBS_FLAGS) -endif - -# Pass on the MSVC target arch from the main build system. -# Note this is case- and switch-character sensitive, while -# the MSVC option is not. -ifeq (WINNT,$(OS_TARGET)) -NSS_XCFLAGS += $(filter -arch:%,$(CFLAGS)) -endif - -# Enable short header experiment. Firefox only. -NSS_XCFLAGS += -DNSS_ENABLE_TLS13_SHORT_HEADERS - -# Export accumulated XCFLAGS to modify nss defaults. -DEFAULT_GMAKE_FLAGS += XCFLAGS='$(NSS_XCFLAGS)' - -NSS_SRCDIR = $(topsrcdir) - -NSS_DIRS = -ifndef MOZ_FOLD_LIBS -NSS_DIRS += nss/lib -else -ifndef NSS_DISABLE_DBM -NSS_DIRS += nss/lib/dbm -endif -endif -NSS_DIRS += \ - nss/cmd/lib \ - nss/cmd/shlibsign \ - $(NULL) - -ifdef ENABLE_TESTS -NSS_DIRS += \ - nss/cmd/certutil \ - nss/cmd/pk12util \ - nss/cmd/modutil \ - $(NULL) -endif - -ifneq (,$(filter %--build-id,$(LDFLAGS))) -DEFAULT_GMAKE_ENV = LDFLAGS=-Wl,--build-id -endif - -ifdef MOZ_FOLD_LIBS -# TODO: The following can be replaced by something simpler when bug 844880 -# is fixed. -# All static libraries required for nss, smime, ssl and nssutil. -# The strip is needed to remove potential linefeed characters, since they hang -# around in some cases on Windows. -NSS_STATIC_LIBS := $(strip $(shell $(MAKE) --no-print-directory -f $(srcdir)/nss.mk DEPTH='$(DEPTH)' topsrcdir='$(topsrcdir)' srcdir='$(srcdir)' echo-variable-libs)) -# Corresponding build directories -NSS_STATIC_DIRS := $(foreach lib,$(NSS_STATIC_LIBS),$(patsubst %/,%,$(dir $(lib)))) -NSS_DIRS += $(NSS_STATIC_DIRS) - -# TODO: The following can be replaced by something simpler when bug 844884 -# is fixed. -# Remaining nss/lib directories -NSS_DIRS += nss/lib/freebl nss/lib/softoken nss/lib/jar nss/lib/crmf nss/lib/ckfw - -DEFAULT_GMAKE_FLAGS += NSS_DISABLE_LIBPKIX=1 - -ifeq (WINNT,$(OS_TARGET)) -NSS_DIRS += nss/lib/zlib -endif -endif # MOZ_FOLD_LIBS - -# Filter-out $(LIBRARY_NAME) because it's already handled in config/rules.mk. -NSS_DIST_DLL_FILES := $(addprefix $(DIST)/lib/$(DLL_PREFIX),$(addsuffix $(DLL_SUFFIX),$(filter-out $(LIBRARY_NAME),$(NSS_DLLS)) $(NSS_EXTRA_DLLS))) -NSS_DIST_DLL_DEST := $(DIST)/bin -NSS_DIST_DLL_TARGET := target -INSTALL_TARGETS += NSS_DIST_DLL - -ifeq ($(OS_ARCH)_$(1), SunOS_softokn3) -# has to use copy mode on Solaris, see #665509 -$(DIST)/bin/$(DLL_PREFIX)softokn3$(DLL_SUFFIX): INSTALL := $(NSINSTALL) -t -endif - -NSS_SDK_LIB_FILES := \ - $(addprefix $(DIST)/lib/$(LIB_PREFIX),$(addsuffix .$(LIB_SUFFIX),$(SDK_LIBS))) \ - $(addprefix $(DIST)/bin/$(DLL_PREFIX),$(addsuffix $(DLL_SUFFIX),$(NSS_DLLS))) \ - $(NULL) -NSS_SDK_LIB_DEST := $(DIST)/sdk/lib -NSS_SDK_LIB_TARGET := target -INSTALL_TARGETS += NSS_SDK_LIB - -ifdef MOZ_FOLD_LIBS -# Add all static libraries for nss, smime, ssl and nssutil -STATIC_LIBS += $(addprefix $(DEPTH)/security/,$(NSS_STATIC_LIBS)) - -IMPORT_LIB_FILES = $(IMPORT_LIBRARY) -IMPORT_LIB_DEST ?= $(DIST)/lib -IMPORT_LIB_TARGET = target -INSTALL_TARGETS += IMPORT_LIB - -endif # MOZ_FOLD_LIBS - -include $(topsrcdir)/config/rules.mk - -ifeq (1,$(ALLOW_COMPILER_WARNINGS)) -DEFAULT_GMAKE_FLAGS += NSS_ENABLE_WERROR=0 -endif - -# Can't pass this in DEFAULT_GMAKE_FLAGS because that overrides -# definitions in NSS, so just export it into the sub-make's environment. -ifeq (WINNT_1,$(OS_TARGET)_$(MOZ_MEMORY)) -DLLFLAGS := -LIBPATH:$(ABS_DIST)/../mozglue/build -DEFAULTLIB:mozglue -export DLLFLAGS -endif - -ifdef MOZ_FOLD_LIBS -# Force the linker to include everything from the static libraries. -EXPAND_LIBS_EXEC += --extract - -$(SHARED_LIBRARY): $(addprefix $(DEPTH)/security/,$(NSS_STATIC_LIBS)) - -ifdef IMPORT_LIB_SUFFIX -IMPORT_PREFIX = $(LIB_PREFIX) -IMPORT_SUFFIX = .$(IMPORT_LIB_SUFFIX) -else -IMPORT_PREFIX = $(DLL_PREFIX) -IMPORT_SUFFIX = $(DLL_SUFFIX) -endif - -NSPR_IMPORT_LIBS = $(addprefix $(DIST)/lib/$(IMPORT_PREFIX),$(addsuffix $(IMPORT_SUFFIX),nspr4 plc4 plds4)) -SQLITE_IMPORT_LIB = $(DIST)/lib/$(IMPORT_PREFIX)mozsqlite3$(IMPORT_SUFFIX) - -# TODO: The following can be replaced by something simpler when bug 844884 -# is fixed. -# Associate target files with the rules that build them. -$(DIST)/lib/$(LIB_PREFIX)crmf.$(LIB_SUFFIX): libs-nss/lib/crmf -$(DIST)/lib/$(DLL_PREFIX)freebl3$(DLL_SUFFIX): libs-nss/lib/freebl -$(DIST)/lib/$(DLL_PREFIX)nssckbi$(DLL_SUFFIX): libs-nss/lib/ckfw -$(DIST)/lib/$(DLL_PREFIX)softokn3$(DLL_SUFFIX): libs-nss/lib/softoken -$(DIST)/lib/$(DLL_PREFIX)nssdbm3$(DLL_SUFFIX): libs-nss/lib/softoken -$(foreach lib,$(NSS_STATIC_LIBS),$(eval $(DEPTH)/security/$(lib): libs-$(patsubst %/,%,$(dir $(lib))))) - -# Create fake import libraries for the folded libraries, so that linking -# against them works both for the NSS build system (see dependencies below) -# and for the rest of the mozilla build system. -$(NSPR_IMPORT_LIBS) \ -$(SQLITE_IMPORT_LIB) \ -$(DIST)/lib/$(IMPORT_PREFIX)nssutil3$(IMPORT_SUFFIX) \ -$(DIST)/lib/$(IMPORT_PREFIX)ssl3$(IMPORT_SUFFIX) \ -$(DIST)/lib/$(IMPORT_PREFIX)smime3$(IMPORT_SUFFIX): $(DIST)/lib/$(IMPORT_PREFIX)nss3$(IMPORT_SUFFIX) -ifeq (WINNT,$(OS_TARGET)) - cp $< $@ -else - ln -sf $< $@ -endif - -# Interdependencies between nss sub-directories, and dependencies on NSPR/SQLite -libs-nss/lib/ckfw: libs-nss/lib/nss/../base $(NSPR_IMPORT_LIBS) -libs-nss/lib/softoken: $(NSPR_IMPORT_LIBS) $(SQLITE_IMPORT_LIB) -libs-nss/lib/softoken: libs-nss/lib/freebl -ifndef NSS_DISABLE_DBM -libs-nss/lib/softoken: libs-nss/lib/dbm -endif -libs-nss/lib/softoken: $(DIST)/lib/$(IMPORT_PREFIX)nssutil3$(IMPORT_SUFFIX) -libs-nss/lib/freebl: $(DIST)/lib/$(IMPORT_PREFIX)nssutil3$(IMPORT_SUFFIX) $(NSPR_IMPORT_LIBS) - -# For each directory where we build static libraries, force the NSS build system -# to only build static libraries. -$(addprefix libs-,$(NSS_STATIC_DIRS)): DEFAULT_GMAKE_FLAGS += SHARED_LIBRARY= IMPORT_LIBRARY= -else -$(STATIC_LIBS) $(NSS_DIST_DLL_FILES) $(NSS_SDK_LIB_FILES): libs-nss/lib -endif # MOZ_FOLD_LIBS - -ifeq ($(NSINSTALL_PY),$(NSINSTALL)) -DEFAULT_GMAKE_FLAGS += PYTHON='$(PYTHON)' -DEFAULT_GMAKE_FLAGS += NSINSTALL_PY='$(abspath $(topsrcdir)/config/nsinstall.py)' -DEFAULT_GMAKE_FLAGS += NSINSTALL='$$(PYTHON) $$(NSINSTALL_PY)' -else -DEFAULT_GMAKE_FLAGS += NSINSTALL='$(abspath $(NSINSTALL))' -endif -ifeq ($(OS_ARCH),WINNT) -DEFAULT_GMAKE_FLAGS += INSTALL='$$(NSINSTALL) -t' -endif -DEFAULT_GMAKE_FLAGS += $(EXTRA_GMAKE_FLAGS) - -$(addprefix libs-,$(NSS_DIRS)): libs-%: -# Work around NSS's export rule being racy when recursing for private_export -# See bug #836220. -$(addprefix export-,$(NSS_DIRS)): EXTRA_GMAKE_FLAGS = PRIVATE_EXPORTS= -$(addprefix export-,$(NSS_DIRS)): export-%: private_export-% -$(addprefix private_export-,$(NSS_DIRS)): EXTRA_GMAKE_FLAGS = -$(addprefix private_export-,$(NSS_DIRS)): private_export-%: - -$(foreach p,libs export private_export,$(addprefix $(p)-,$(NSS_DIRS))): - $(DEFAULT_GMAKE_ENV) $(MAKE) -C $(NSS_SRCDIR)/security/$* $(@:-$*=) $(DEFAULT_GMAKE_FLAGS) - -export:: $(addprefix export-,$(NSS_DIRS)) - -$(addprefix clean-,$(NSS_DIRS)): clean-%: - $(MAKE) -C $(NSS_SRCDIR)/security/$* $(DEFAULT_GMAKE_FLAGS) clean - -clean clobber clobber_all realclean distclean depend:: $(addprefix clean-,$(NSS_DIRS)) - -NSS_CMD_TARGETS := $(addprefix libs-,$(filter-out nss/cmd/lib,$(filter nss/cmd/%,$(NSS_DIRS)))) -target:: $(NSS_CMD_TARGETS) - -ifdef MOZ_FOLD_LIBS -$(NSS_CMD_TARGETS): $(addprefix $(DIST)/lib/$(IMPORT_PREFIX),$(addsuffix $(IMPORT_SUFFIX),$(NSS_LIBS))) -libs-nss/cmd/modutil: libs-nss/lib/jar -ifeq (WINNT,$(OS_TARGET)) -libs-nss/cmd/modutil: libs-nss/lib/zlib -endif -$(NSS_CMD_TARGETS): libs-nss/cmd/lib -else -$(NSS_CMD_TARGETS): libs-nss/lib libs-nss/cmd/lib -endif # MOZ_FOLD_LIBS - -# Work around NSS build system race condition creating certdata.c in -# security/nss/lib/ckfw/builtins. See bug #836220. -libs-nss/lib$(if $(MOZ_FOLD_LIBS),/ckfw): $(call mkdir_deps,$(DEPTH)/security/nss/lib/ckfw/builtins) - diff --git a/config/external/nss/crmf/moz.build b/config/external/nss/crmf/moz.build deleted file mode 100644 index 9a17c6b5ab..0000000000 --- a/config/external/nss/crmf/moz.build +++ /dev/null @@ -1,15 +0,0 @@ -# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -Library('crmf') - -USE_LIBS += [ - # The dependency on nss is not real, but is required to force the - # parent directory being built before this one. This has no - # practical effect on linkage, since the only thing linking crmf - # will need nss anyways. - 'nss', - 'static:/security/nss/lib/crmf/crmf', -] diff --git a/config/external/nss/moz.build b/config/external/nss/moz.build deleted file mode 100644 index ff1befc94c..0000000000 --- a/config/external/nss/moz.build +++ /dev/null @@ -1,39 +0,0 @@ -# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -DIRS += ['crmf'] - -if CONFIG['MOZ_FOLD_LIBS']: - GeckoSharedLibrary('nss', linkage=None) - # TODO: The library name can be changed when bug 845217 is fixed. - SHARED_LIBRARY_NAME = 'nss3' - - SDK_LIBRARY = True - - USE_LIBS += [ - 'nspr4', - 'plc4', - 'plds4', - ] - - OS_LIBS += CONFIG['REALTIME_LIBS'] - - SYMBOLS_FILE = 'nss.symbols' -else: - Library('nss') - USE_LIBS += [ - '/security/nss/lib/nss/nss3', - '/security/nss/lib/smime/smime3', - '/security/nss/lib/ssl/ssl3', - '/security/nss/lib/util/nssutil3', - ] - -USE_LIBS += ['sqlite'] - -# XXX: We should fix these warnings. -ALLOW_COMPILER_WARNINGS = True - -if CONFIG['NSS_EXTRA_SYMBOLS_FILE']: - DEFINES['NSS_EXTRA_SYMBOLS_FILE'] = CONFIG['NSS_EXTRA_SYMBOLS_FILE'] diff --git a/config/external/nss/nss.mk b/config/external/nss/nss.mk deleted file mode 100644 index 38d234a0b9..0000000000 --- a/config/external/nss/nss.mk +++ /dev/null @@ -1,27 +0,0 @@ -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -include $(DEPTH)/config/autoconf.mk - -include $(topsrcdir)/config/config.mk - -dirs := - -define add_dirs -SHARED_LIBRARY_DIRS := -include $(topsrcdir)/security/$(1)/config.mk -dirs += $$(addprefix $(1)/,$$(SHARED_LIBRARY_DIRS)) $(1) -endef -$(foreach dir,util nss ssl smime,$(eval $(call add_dirs,nss/lib/$(dir)))) - -libs := -define add_lib -LIBRARY_NAME := -include $(topsrcdir)/security/$(1)/manifest.mn -libs += $$(addprefix $(1)/,$(LIB_PREFIX)$$(LIBRARY_NAME).$(LIB_SUFFIX)) -endef -$(foreach dir,$(dirs),$(eval $(call add_lib,$(dir)))) - -echo-variable-%: - @echo $($*) @@ -73,7 +73,7 @@ if not CONFIG['MOZ_DISABLE_PLATFORM']: DIRS += [ 'config/external', - 'config/external/nss', + 'security', ] if CONFIG['BUILD_CTYPES']: diff --git a/python/mozbuild/mozbuild/frontend/emitter.py b/python/mozbuild/mozbuild/frontend/emitter.py index 49ec1e8d7a..78d92c4236 100644 --- a/python/mozbuild/mozbuild/frontend/emitter.py +++ b/python/mozbuild/mozbuild/frontend/emitter.py @@ -135,9 +135,6 @@ class TreeMetadataEmitter(LoggingMixin): if os.path.exists(subconfigures): paths = open(subconfigures).read().splitlines() self._external_paths = set(mozpath.normsep(d) for d in paths) - # Add security/nss manually, since it doesn't have a subconfigure. - self._external_paths.add('security/nss') - self._emitter_time = 0.0 self._object_count = 0 self._test_files_converter = SupportFilesConverter() diff --git a/security/Makefile.in b/security/Makefile.in new file mode 100644 index 0000000000..6e6e7faa05 --- /dev/null +++ b/security/Makefile.in @@ -0,0 +1,2 @@ +NSS_DISABLE_AVX2 = 1 +export NSS_DISABLE_AVX2
\ No newline at end of file diff --git a/security/generate_certdata.py b/security/generate_certdata.py new file mode 100644 index 0000000000..3cb1aae5bb --- /dev/null +++ b/security/generate_certdata.py @@ -0,0 +1,11 @@ +#!/usr/bin/env python +# +# This exists to paper over differences between gyp's `action` definitions +# and moz.build `GENERATED_FILES` semantics. + +import buildconfig +import subprocess + +def main(output, *inputs): + output.write(subprocess.check_output([buildconfig.substs['PERL']] + list(inputs))) + return None
\ No newline at end of file diff --git a/security/generate_mapfile.py b/security/generate_mapfile.py new file mode 100644 index 0000000000..3e841ea4b1 --- /dev/null +++ b/security/generate_mapfile.py @@ -0,0 +1,54 @@ +#!/usr/bin/env python + +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# This script processes NSS .def files according to the rules defined in +# a comment at the top of each one. The files are used to define the +# exports from NSS shared libraries, with -DEFFILE on Windows, a linker +# script on Linux, or with -exported_symbols_list on OS X. +# +# The NSS build system processes them using a series of sed replacements, +# but the Mozilla build system is already running a Python script to generate +# the file so it's simpler to just do the replacement in Python. + +import buildconfig + + +def main(output, input): + # There's a check in old-configure.in under the system-nss handling + # that should match this. + if buildconfig.substs['OS_ARCH'] not in ('Linux', 'Darwin'): + print "Error: unhandled OS_ARCH %s" % buildconfig.substs['OS_ARCH'] + return 1 + is_linux = buildconfig.substs['OS_ARCH'] == 'Linux' + + with open(input, 'rb') as f: + for line in f: + line = line.rstrip() + # Remove all lines containing ';-' + if ';-' in line: + continue + # On non-Linux, remove all lines containing ';+' + if not is_linux and ';+' in line: + continue + # Remove the string ' DATA '. + line = line.replace(' DATA ', '') + # Remove the string ';+' + line = line.replace(';+', '') + # Remove the string ';;' + line = line.replace(';;', '') + # If a ';' is present, remove everything after it, + # and on non-Linux, remove it as well. + i = line.find(';') + if i != -1: + if is_linux: + line = line[:i+1] + else: + line = line[:i] + # On non-Linux, symbols get an underscore in front. + if line and not is_linux: + output.write('_') + output.write(line) + output.write('\n')
\ No newline at end of file diff --git a/security/moz.build b/security/moz.build new file mode 100644 index 0000000000..13de8e62aa --- /dev/null +++ b/security/moz.build @@ -0,0 +1,123 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +include('/build/gyp_base.mozbuild') +if CONFIG['MOZ_FOLD_LIBS']: + GeckoSharedLibrary('nss', linkage=None) + # TODO: The library name can be changed when bug 845217 is fixed. + SHARED_LIBRARY_NAME = 'nss3' + + SDK_LIBRARY = True + + USE_LIBS += [ + 'nspr4', + 'nss3_static', + 'nssutil', + 'plc4', + 'plds4', + 'smime3_static', + 'ssl', + ] + + OS_LIBS += CONFIG['REALTIME_LIBS'] + + SYMBOLS_FILE = 'nss.symbols' + # This changes the default targets in the NSS build, among + # other things. + gyp_vars['moz_fold_libs'] = 1 + # Some things in NSS need to link against nssutil, which + # gets folded, so this tells them what to link against. + gyp_vars['moz_folded_library_name'] = 'nss' + # Force things in NSS that want to link against NSPR to link + # against the folded library. + gyp_vars['nspr_libs'] = 'nss' +else: + Library('nss') + USE_LIBS += [ + 'nss3', + 'nssutil3', + 'smime3', + 'sqlite', + 'ssl3', + ] + gyp_vars['nspr_libs'] = 'nspr4 plc4 plds4' + +# This disables building some NSS tools. +gyp_vars['mozilla_client'] = 1 +# We run shlibsign as part of packaging, not build. +gyp_vars['sign_libs'] = 0 +gyp_vars['python'] = CONFIG['PYTHON'] +# The NSS gyp files do not have a default for this. +gyp_vars['nss_dist_dir'] = '$PRODUCT_DIR/dist' +# NSS wants to put public headers in $nss_dist_dir/public/nss by default, +# which would wind up being mapped to dist/include/public/nss (by +# gyp_reader's `handle_copies`). +# This forces it to put them in dist/include/nss. +gyp_vars['nss_public_dist_dir'] = '$PRODUCT_DIR/dist' +gyp_vars['nss_dist_obj_dir'] = '$PRODUCT_DIR/dist/bin' +# We don't currently build NSS tests. +gyp_vars['disable_tests'] = 1 +if CONFIG['NSS_DISABLE_DBM']: + gyp_vars['disable_dbm'] = 1 +gyp_vars['disable_libpkix'] = 1 +gyp_vars['enable_sslkeylogfile'] = 1 +# pkg-config won't reliably find zlib on our builders, so just force it. +# System zlib is only used for modutil and signtool unless +# SSL zlib is enabled, which we are disabling immediately below this. +gyp_vars['zlib_libs'] = '-lz' +gyp_vars['ssl_enable_zlib'] = 0 +# System sqlite here is the in-tree mozsqlite. +gyp_vars['use_system_sqlite'] = 1 +gyp_vars['sqlite_libs'] = 'sqlite' +gyp_vars['nspr_include_dir'] = CONFIG['NSPR_INCLUDE_DIR'] +gyp_vars['nspr_lib_dir'] = CONFIG['NSPR_LIB_DIR'] +# The Python scripts that detect clang need it to be set as CC +# in the environment, which isn't true here. I don't know that +# setting that would be harmful, but we already have this information +# anyway. +gyp_vars['NSS_DISABLE_AVX2'] = 1 +if CONFIG['CLANG_CXX']: + gyp_vars['cc_is_clang'] = 1 + +GYP_DIRS += ['nss'] +GYP_DIRS['nss'].input = 'nss/nss.gyp' +GYP_DIRS['nss'].variables = gyp_vars + +sandbox_vars = { + # NSS explicitly exports its public symbols + # with linker scripts. + 'NO_VISIBILITY_FLAGS': True, + # XXX: We should fix these warnings. + 'ALLOW_COMPILER_WARNINGS': True, + # NSS' build system doesn't currently build NSS with PGO. + # We could probably do so, but not without a lot of + # careful consideration. + 'NO_PGO': True, +} +if CONFIG['OS_TARGET'] == 'WINNT': + if CONFIG['CPU_ARCH'] == 'x86': + # This should really be the default. + sandbox_vars['ASFLAGS'] = ['-safeseh'] +if CONFIG['OS_TARGET'] == 'Android': + sandbox_vars['CFLAGS'] = [ + '-include', TOPSRCDIR + '/security/manager/android_stub.h', + # Setting sandbox_vars['DEFINES'] is broken currently. + '-DCHECK_FORK_GETPID', + ] + if CONFIG['ANDROID_VERSION']: + sandbox_vars['CFLAGS'] += ['-DANDROID_VERSION=' + CONFIG['ANDROID_VERSION']] +GYP_DIRS['nss'].sandbox_vars = sandbox_vars +GYP_DIRS['nss'].no_chromium = True +GYP_DIRS['nss'].no_unified = True +# This maps action names from gyp files to +# Python scripts that can be used in moz.build GENERATED_FILES. +GYP_DIRS['nss'].action_overrides = { + 'generate_certdata_c': 'generate_certdata.py', + 'generate_mapfile': 'generate_mapfile.py', +} + +if CONFIG['NSS_EXTRA_SYMBOLS_FILE']: + DEFINES['NSS_EXTRA_SYMBOLS_FILE'] = CONFIG['NSS_EXTRA_SYMBOLS_FILE']
\ No newline at end of file diff --git a/config/external/nss/nss.symbols b/security/nss.symbols index 83f5dc524c..83f5dc524c 100644 --- a/config/external/nss/nss.symbols +++ b/security/nss.symbols |