Bug 1479787 - use NSS mozpkix in Firefox, r=mt,keeler,glandium

Differential Revision: https://phabricator.services.mozilla.com/D2725
Differential Revision: https://phabricator.services.mozilla.com/D2860

--HG--
extra : rebase_source : 189c13c2a3104c106fcabad5998af6cb2e20d4a5
This commit is contained in:
Franziskus Kiefer 2018-10-02 14:59:34 +02:00
parent 526b07f729
commit a52a8495f9
65 changed files with 213 additions and 230 deletions

View File

@ -30,7 +30,6 @@ FINAL_LIBRARY = 'xul'
LOCAL_INCLUDES += [
'/security/manager/ssl',
'/security/pkix/include',
'/xpcom/build',
]

View File

@ -85,7 +85,6 @@ LOCAL_INCLUDES += [
'/dom/media/platforms',
'/dom/media/platforms/agnostic',
'/security/certverifier',
'/security/pkix/include',
]
FINAL_LIBRARY = 'xul-gtest'

View File

@ -25,8 +25,6 @@ LOCAL_INCLUDES += [
'/dom/crypto',
'/dom/webauthn',
'/security/manager/ssl',
'/security/pkix/include',
'/security/pkix/lib',
]
MOCHITEST_MANIFESTS += ['tests/mochitest.ini']

View File

@ -7,7 +7,7 @@
#include "mozilla/dom/WebAuthnUtil.h"
#include "nsIEffectiveTLDService.h"
#include "nsNetUtil.h"
#include "pkixutil.h"
#include "mozpkix/pkixutil.h"
namespace mozilla {
namespace dom {

View File

@ -60,8 +60,6 @@ LOCAL_INCLUDES += [
'/dom/base',
'/dom/crypto',
'/security/manager/ssl',
'/security/pkix/include',
'/security/pkix/lib',
]
if CONFIG['OS_ARCH'] == 'WINNT':

View File

@ -301,7 +301,6 @@ LOCAL_INCLUDES += [
'/dom/base',
'/netwerk/protocol/http',
'/netwerk/socket',
'/security/pkix/include'
]
if CONFIG['CC_TYPE'] in ('clang', 'gcc'):

View File

@ -127,7 +127,6 @@ LOCAL_INCLUDES += [
'/dom/base',
'/netwerk/base',
'/netwerk/cookie',
'/security/pkix/include',
]
EXTRA_COMPONENTS += [

View File

@ -39,7 +39,7 @@
#include "nsProxyRelease.h"
#include "nsSocketTransport2.h"
#include "nsStringStream.h"
#include "pkix/pkixnss.h"
#include "mozpkix/pkixnss.h"
#include "sslt.h"
#include "NSSErrorsService.h"
#include "TunnelUtils.h"

View File

@ -1776,8 +1776,8 @@ if test -n "$_USE_SYSTEM_NSS"; then
AM_PATH_NSS(3.40, [MOZ_SYSTEM_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
fi
NSS_CFLAGS="$NSS_CFLAGS -I${DIST}/include/nss"
if test -z "$MOZ_SYSTEM_NSS"; then
NSS_CFLAGS="-I${DIST}/include/nss"
case "${OS_ARCH}" in
# Only few platforms have been tested with GYP
WINNT|Darwin|Linux|DragonFly|FreeBSD|NetBSD|OpenBSD|SunOS)

View File

@ -36,8 +36,8 @@
#include "nsProxyRelease.h"
#include "nsString.h"
#include "nsTHashtable.h"
#include "pkix/pkix.h"
#include "pkix/pkixnss.h"
#include "mozpkix/pkix.h"
#include "mozpkix/pkixnss.h"
#include "plstr.h"
#include "secmime.h"

View File

@ -17,7 +17,7 @@
#include "nsIX509CertDB.h"
#include "nsNSSCertificate.h"
#include "nsNetUtil.h"
#include "pkix/pkixnss.h"
#include "mozpkix/pkixnss.h"
#include "prerror.h"
// Generated by gen_cert_header.py, which gets called by the build system.

View File

@ -7,7 +7,7 @@
#ifndef AppTrustDomain_h
#define AppTrustDomain_h
#include "pkix/pkixtypes.h"
#include "mozpkix/pkixtypes.h"
#include "mozilla/StaticMutex.h"
#include "mozilla/UniquePtr.h"
#include "nsDebug.h"

View File

@ -17,7 +17,6 @@ FINAL_LIBRARY = 'xul'
LOCAL_INCLUDES += [
'/security/certverifier',
'/security/manager/ssl',
'/security/pkix/include',
'/third_party/rust/cose-c/include',
]

View File

@ -7,7 +7,7 @@
#ifndef BRNameMatchingPolicy_h
#define BRNameMatchingPolicy_h
#include "pkix/pkixtypes.h"
#include "mozpkix/pkixtypes.h"
namespace mozilla { namespace psm {

View File

@ -23,8 +23,8 @@
#include "nsPromiseFlatString.h"
#include "nsServiceManagerUtils.h"
#include "pk11pub.h"
#include "pkix/pkix.h"
#include "pkix/pkixnss.h"
#include "mozpkix/pkix.h"
#include "mozpkix/pkixnss.h"
#include "secmod.h"
using namespace mozilla::ct;

View File

@ -17,7 +17,7 @@
#include "mozilla/TimeStamp.h"
#include "mozilla/UniquePtr.h"
#include "nsString.h"
#include "pkix/pkixtypes.h"
#include "mozpkix/pkixtypes.h"
#if defined(_MSC_VER)
#pragma warning(push)

View File

@ -16,7 +16,7 @@
#include "nsDependentString.h"
#include "nsString.h"
#include "pk11pub.h"
#include "pkix/pkixtypes.h"
#include "mozpkix/pkixtypes.h"
namespace mozilla { namespace psm {

View File

@ -28,9 +28,9 @@
#include "nsThreadUtils.h"
#include "nss.h"
#include "pk11pub.h"
#include "pkix/Result.h"
#include "pkix/pkix.h"
#include "pkix/pkixnss.h"
#include "mozpkix/Result.h"
#include "mozpkix/pkix.h"
#include "mozpkix/pkixnss.h"
#include "prerror.h"
#include "secerr.h"

View File

@ -13,7 +13,7 @@
#include "mozilla/TimeStamp.h"
#include "nsICertBlocklist.h"
#include "nsString.h"
#include "pkix/pkixtypes.h"
#include "mozpkix/pkixtypes.h"
#include "secmodt.h"
namespace mozilla { namespace psm {

View File

@ -28,7 +28,7 @@
#include "NSSCertDBTrustDomain.h"
#include "pk11pub.h"
#include "pkix/pkixnss.h"
#include "mozpkix/pkixnss.h"
#include "ScopedNSSTypes.h"
#include "secerr.h"

View File

@ -28,8 +28,8 @@
#include "hasht.h"
#include "mozilla/Mutex.h"
#include "mozilla/Vector.h"
#include "pkix/Result.h"
#include "pkix/Time.h"
#include "mozpkix/Result.h"
#include "mozpkix/Time.h"
#include "prerror.h"
#include "seccomon.h"

View File

@ -7,7 +7,7 @@
#ifndef mozilla_psm__OCSPVerificationTrustDomain_h
#define mozilla_psm__OCSPVerificationTrustDomain_h
#include "pkix/pkixtypes.h"
#include "mozpkix/pkixtypes.h"
#include "NSSCertDBTrustDomain.h"
namespace mozilla { namespace psm {

View File

@ -29,13 +29,10 @@ if not CONFIG['NSS_NO_EV_CERTS']:
LOCAL_INCLUDES += [
'/security/ct',
'/security/manager/ssl',
'/security/pkix/include',
'/security/pkix/lib',
]
DIRS += [
'../ct',
'../pkix',
]
TEST_DIRS += [

View File

@ -8,8 +8,8 @@
#define BTVerifier_h
#include "BTInclusionProof.h"
#include "pkix/Input.h"
#include "pkix/Result.h"
#include "mozpkix/Input.h"
#include "mozpkix/Result.h"
namespace mozilla { namespace ct {

View File

@ -10,7 +10,7 @@
#include "CTLog.h"
#include "CTVerifyResult.h"
#include "certt.h"
#include "pkix/Result.h"
#include "mozpkix/Result.h"
namespace mozilla { namespace ct {

View File

@ -10,8 +10,8 @@
#include "CTSerialization.h"
#include "hasht.h"
#include "pkix/pkixnss.h"
#include "pkixutil.h"
#include "mozpkix/pkixnss.h"
#include "mozpkix/pkixutil.h"
namespace mozilla { namespace ct {

View File

@ -13,9 +13,9 @@
#include "CTUtils.h"
#include "SignedCertificateTimestamp.h"
#include "SignedTreeHead.h"
#include "pkix/Input.h"
#include "pkix/Result.h"
#include "pkix/pkix.h"
#include "mozpkix/Input.h"
#include "mozpkix/Result.h"
#include "mozpkix/pkix.h"
namespace mozilla { namespace ct {

View File

@ -10,8 +10,8 @@
#include <vector>
#include "hasht.h"
#include "pkix/pkixnss.h"
#include "pkixutil.h"
#include "mozpkix/pkixnss.h"
#include "mozpkix/pkixutil.h"
namespace mozilla { namespace ct {

View File

@ -7,8 +7,8 @@
#ifndef CTObjectsExtractor_h
#define CTObjectsExtractor_h
#include "pkix/Input.h"
#include "pkix/Result.h"
#include "mozpkix/Input.h"
#include "mozpkix/Result.h"
#include "SignedCertificateTimestamp.h"
namespace mozilla { namespace ct {

View File

@ -9,7 +9,7 @@
#include "CTLog.h"
#include "CTVerifyResult.h"
#include "pkix/Result.h"
#include "mozpkix/Result.h"
namespace mozilla { namespace ct {

View File

@ -9,8 +9,8 @@
#include <vector>
#include "pkix/Input.h"
#include "pkix/Result.h"
#include "mozpkix/Input.h"
#include "mozpkix/Result.h"
#include "SignedCertificateTimestamp.h"
#include "SignedTreeHead.h"

View File

@ -13,8 +13,8 @@
#include "keyhi.h"
#include "keythi.h"
#include "pk11pub.h"
#include "pkix/Input.h"
#include "pkix/Result.h"
#include "mozpkix/Input.h"
#include "mozpkix/Result.h"
#define MOZILLA_CT_ARRAY_LENGTH(x) (sizeof(x) / sizeof((x)[0]))

View File

@ -11,9 +11,9 @@
#include "CTLogVerifier.h"
#include "CTVerifyResult.h"
#include "pkix/Input.h"
#include "pkix/Result.h"
#include "pkix/Time.h"
#include "mozpkix/Input.h"
#include "mozpkix/Result.h"
#include "mozpkix/Time.h"
#include "SignedCertificateTimestamp.h"
namespace mozilla { namespace ct {

View File

@ -8,8 +8,8 @@
#define SignedCertificateTimestamp_h
#include "Buffer.h"
#include "pkix/Input.h"
#include "pkix/Result.h"
#include "mozpkix/Input.h"
#include "mozpkix/Result.h"
// Structures related to Certificate Transparency (RFC 6962).
namespace mozilla { namespace ct {

View File

@ -31,15 +31,6 @@ UNIFIED_SOURCES += [
'SignedCertificateTimestamp.cpp',
]
LOCAL_INCLUDES += [
'/security/pkix/include',
'/security/pkix/lib',
]
DIRS += [
'../pkix',
]
TEST_DIRS += [
'tests/gtest',
]

View File

@ -12,13 +12,13 @@
#include "BTInclusionProof.h"
#include "CTSerialization.h"
#include "gtest/gtest.h"
#include "pkix/Input.h"
#include "pkix/pkix.h"
#include "pkix/pkixnss.h"
#include "pkix/pkixtypes.h"
#include "pkix/Result.h"
#include "pkixcheck.h"
#include "pkixutil.h"
#include "mozpkix/Input.h"
#include "mozpkix/pkix.h"
#include "mozpkix/pkixnss.h"
#include "mozpkix/pkixtypes.h"
#include "mozpkix/Result.h"
#include "mozpkix/pkixcheck.h"
#include "mozpkix/pkixutil.h"
#include "SignedCertificateTimestamp.h"
#include "SignedTreeHead.h"

View File

@ -9,8 +9,8 @@
#include <iostream>
#include "pkix/Input.h"
#include "pkix/Time.h"
#include "mozpkix/Input.h"
#include "mozpkix/Time.h"
#include "seccomon.h"
#include "SignedCertificateTimestamp.h"
#include "SignedTreeHead.h"

View File

@ -17,8 +17,6 @@ SOURCES += [
LOCAL_INCLUDES += [
'../..',
'/security/pkix/include',
'/security/pkix/lib',
]
if not CONFIG['MOZ_DEBUG']:

View File

@ -12,7 +12,7 @@
#include "NSSCertDBTrustDomain.h"
#include "nsServiceManagerUtils.h"
#include "nsThreadUtils.h"
#include "pkix/pkixnss.h"
#include "mozpkix/pkixnss.h"
using namespace mozilla::pkix;

View File

@ -7,7 +7,7 @@
#ifndef CSTrustDomain_h
#define CSTrustDomain_h
#include "pkix/pkixtypes.h"
#include "mozpkix/pkixtypes.h"
#include "mozilla/StaticMutex.h"
#include "mozilla/UniquePtr.h"
#include "nsDebug.h"

View File

@ -26,7 +26,7 @@
#include "nsPromiseFlatString.h"
#include "nsTHashtable.h"
#include "nsThreadUtils.h"
#include "pkix/Input.h"
#include "mozpkix/Input.h"
#include "prtime.h"
NS_IMPL_ISUPPORTS(CertBlocklist, nsICertBlocklist)

View File

@ -14,7 +14,7 @@
#include "nsIX509CertDB.h"
#include "nsString.h"
#include "nsTHashtable.h"
#include "pkix/Input.h"
#include "mozpkix/Input.h"
#define NS_CERT_BLOCKLIST_CID \
{0x11aefd53, 0x2fbb, 0x4c92, {0xa0, 0xc1, 0x05, 0x32, 0x12, 0xae, 0x42, 0xd0} }

View File

@ -23,8 +23,8 @@
#include "nsSecurityHeaderParser.h"
#include "nsStreamUtils.h"
#include "nsWhitespaceTokenizer.h"
#include "pkix/pkix.h"
#include "pkix/pkixtypes.h"
#include "mozpkix/pkix.h"
#include "mozpkix/pkixtypes.h"
#include "secerr.h"
NS_IMPL_ISUPPORTS(ContentSignatureVerifier,

View File

@ -6,7 +6,7 @@
#include "nsNSSComponent.h"
#include "nsServiceManagerUtils.h"
#include "pkix/pkixnss.h"
#include "mozpkix/pkixnss.h"
#include "secerr.h"
#include "sslerr.h"

View File

@ -15,7 +15,7 @@
#include "nsISiteSecurityService.h"
#include "nsServiceManagerUtils.h"
#include "nsSiteSecurityService.h"
#include "pkix/pkixtypes.h"
#include "mozpkix/pkixtypes.h"
#include "seccomon.h"
#include "sechash.h"

View File

@ -11,7 +11,7 @@
#include "nsNSSCertificate.h"
#include "nsString.h"
#include "nsTArray.h"
#include "pkix/Time.h"
#include "mozpkix/Time.h"
namespace mozilla {
class OriginAttributes;

View File

@ -130,8 +130,8 @@
#include "nsString.h"
#include "nsURLHelper.h"
#include "nsXPCOMCIDInternal.h"
#include "pkix/pkix.h"
#include "pkix/pkixnss.h"
#include "mozpkix/pkix.h"
#include "mozpkix/pkixnss.h"
#include "secerr.h"
#include "secoidt.h"
#include "secport.h"

View File

@ -23,7 +23,7 @@
#include "nsReadableUtils.h"
#include "nsServiceManagerUtils.h"
#include "nsXULAppAPI.h"
#include "pkix/pkixtypes.h"
#include "mozpkix/pkixtypes.h"
#include "secerr.h"
//#define DEBUG_SSL_VERBOSE //Enable this define to get minimal

View File

@ -20,7 +20,7 @@
#include "nsITransportSecurityInfo.h"
#include "nsNSSCertificate.h"
#include "nsString.h"
#include "pkix/pkixtypes.h"
#include "mozpkix/pkixtypes.h"
namespace mozilla { namespace psm {

View File

@ -176,7 +176,6 @@ LOCAL_INCLUDES += [
'/dom/base',
'/dom/crypto',
'/security/certverifier',
'/security/pkix/include',
]
LOCAL_INCLUDES += [
@ -201,6 +200,10 @@ if not CONFIG['MOZ_SYSTEM_NSS']:
'crmf',
]
# mozpkix is linked statically from the in-tree sources independent of whether
# system NSS is used or not.
USE_LIBS += [ 'mozpkix' ]
include('/ipc/chromium/chromium-config.mozbuild')
if CONFIG['CC_TYPE'] in ('clang', 'gcc'):

View File

@ -23,7 +23,7 @@
#include "nsXPCOMCID.h"
#include "nsString.h"
#include "nsTreeColumns.h"
#include "pkix/pkixtypes.h"
#include "mozpkix/pkixtypes.h"
using namespace mozilla;

View File

@ -33,7 +33,7 @@
#include "nsProtectedAuthThread.h"
#include "nsProxyRelease.h"
#include "nsStringStream.h"
#include "pkix/pkixtypes.h"
#include "mozpkix/pkixtypes.h"
#include "ssl.h"
#include "sslproto.h"

View File

@ -14,7 +14,7 @@
#include "nspr.h"
#include "nsString.h"
#include "pk11func.h"
#include "pkix/pkixtypes.h"
#include "mozpkix/pkixtypes.h"
using mozilla::OriginAttributes;
using mozilla::TimeDuration;

View File

@ -35,9 +35,9 @@
#include "nsThreadUtils.h"
#include "nsUnicharUtils.h"
#include "nspr.h"
#include "pkix/pkixnss.h"
#include "pkix/pkixtypes.h"
#include "pkix/Result.h"
#include "mozpkix/pkixnss.h"
#include "mozpkix/pkixtypes.h"
#include "mozpkix/Result.h"
#include "prerror.h"
#include "secasn1.h"
#include "secder.h"

View File

@ -15,6 +15,9 @@
#include "mozilla/Casting.h"
#include "mozilla/Services.h"
#include "mozilla/Unused.h"
#include "mozpkix/Time.h"
#include "mozpkix/pkixnss.h"
#include "mozpkix/pkixtypes.h"
#include "nsArray.h"
#include "nsArrayUtils.h"
#include "nsCOMPtr.h"
@ -37,9 +40,6 @@
#include "nsReadableUtils.h"
#include "nsThreadUtils.h"
#include "nspr.h"
#include "pkix/Time.h"
#include "pkix/pkixnss.h"
#include "pkix/pkixtypes.h"
#include "secasn1.h"
#include "secder.h"
#include "secerr.h"

View File

@ -52,7 +52,7 @@
#include "nsXULAppAPI.h"
#include "nss.h"
#include "p12plcy.h"
#include "pkix/pkixnss.h"
#include "mozpkix/pkixnss.h"
#include "secerr.h"
#include "secmod.h"
#include "ssl.h"

View File

@ -38,8 +38,8 @@
#include "nsNSSHelper.h"
#include "nsPrintfCString.h"
#include "nsServiceManagerUtils.h"
#include "pkix/pkixnss.h"
#include "pkix/pkixtypes.h"
#include "mozpkix/pkixnss.h"
#include "mozpkix/pkixtypes.h"
#include "prmem.h"
#include "prnetdb.h"
#include "secder.h"

View File

@ -21,7 +21,7 @@
#include "nsReadableUtils.h"
#include "nsThreadUtils.h"
#include "p12plcy.h"
#include "pkix/pkixtypes.h"
#include "mozpkix/pkixtypes.h"
#include "secerr.h"
using namespace mozilla;

View File

@ -14,7 +14,7 @@
#include "nsISiteSecurityService.h"
#include "nsString.h"
#include "nsTArray.h"
#include "pkix/pkixtypes.h"
#include "mozpkix/pkixtypes.h"
#include "prtime.h"
class nsIURI;

View File

@ -11,8 +11,8 @@
#include "mozilla/Casting.h"
#include "mozilla/Sprintf.h"
#include "nss.h"
#include "pkix/pkixtypes.h"
#include "pkixtestutil.h"
#include "mozpkix/pkixtypes.h"
#include "mozpkix/test/pkixtestutil.h"
#include "prerr.h"
#include "secerr.h"

View File

@ -18,8 +18,6 @@ SOURCES += [
LOCAL_INCLUDES += [
'/security/certverifier',
'/security/manager/ssl',
'/security/pkix/include',
'/security/pkix/test/lib',
'/third_party/rust/cose-c/include',
]

View File

@ -16,10 +16,9 @@ LOCAL_INCLUDES += [
]
USE_LIBS += [
'mozillapkix',
'mozpkix',
'nspr',
'nss',
'pkixtestutil',
'tlsserver',
]

View File

@ -6,8 +6,8 @@
#include <stdio.h>
#include "pkixtestutil.h"
#include "pkixtestnss.h"
#include "mozpkix/test/pkixtestutil.h"
#include "mozpkix/test/pkixtestnss.h"
#include "TLSServer.h"
#include "secder.h"
#include "secerr.h"

View File

@ -9,9 +9,8 @@ UNIFIED_SOURCES += [
'TLSServer.cpp',
]
LOCAL_INCLUDES += [
'../../../../../../pkix/include',
'../../../../../../pkix/test/lib',
USE_LIBS += [
'mozpkix-testlib',
]
Library('tlsserver')

View File

@ -19,130 +19,137 @@ with Files("nss.symbols"):
if CONFIG['MOZ_SYSTEM_NSS']:
Library('nss')
OS_LIBS += CONFIG['NSS_LIBS']
include('/build/gyp_base.mozbuild')
if CONFIG['MOZ_FOLD_LIBS']:
GeckoSharedLibrary('nss', linkage=None)
# TODO: The library name can be changed when bug 845217 is fixed.
SHARED_LIBRARY_NAME = 'nss3'
USE_LIBS += [
'nspr4',
'nss3_static',
'nssutil',
'plc4',
'plds4',
'smime3_static',
'ssl',
]
OS_LIBS += CONFIG['REALTIME_LIBS']
SYMBOLS_FILE = 'nss.symbols'
# This changes the default targets in the NSS build, among
# other things.
gyp_vars['moz_fold_libs'] = 1
# Some things in NSS need to link against nssutil, which
# gets folded, so this tells them what to link against.
gyp_vars['moz_folded_library_name'] = 'nss'
# Force things in NSS that want to link against NSPR to link
# against the folded library.
gyp_vars['nspr_libs'] = 'nss'
elif not CONFIG['MOZ_SYSTEM_NSS']:
Library('nss')
USE_LIBS += [
'nss3',
'nssutil3',
'smime3',
'sqlite',
'ssl3',
]
gyp_vars['nspr_libs'] = 'nspr'
else:
include('/build/gyp_base.mozbuild')
if CONFIG['MOZ_FOLD_LIBS']:
GeckoSharedLibrary('nss', linkage=None)
# TODO: The library name can be changed when bug 845217 is fixed.
SHARED_LIBRARY_NAME = 'nss3'
# Build mozpkix and mozpkix-test only
gyp_vars['nspr_libs'] = 'nspr'
gyp_vars['mozpkix_only'] = 1
USE_LIBS += [
'nspr4',
'nss3_static',
'nssutil',
'plc4',
'plds4',
'smime3_static',
'ssl',
]
# This disables building some NSS tools.
gyp_vars['mozilla_client'] = 1
# We run shlibsign as part of packaging, not build.
gyp_vars['sign_libs'] = 0
gyp_vars['python'] = CONFIG['PYTHON']
# The NSS gyp files do not have a default for this.
gyp_vars['nss_dist_dir'] = '$PRODUCT_DIR/dist'
# NSS wants to put public headers in $nss_dist_dir/public/nss by default,
# which would wind up being mapped to dist/include/public/nss (by
# gyp_reader's `handle_copies`).
# This forces it to put them in dist/include/nss.
gyp_vars['nss_public_dist_dir'] = '$PRODUCT_DIR/dist'
gyp_vars['nss_dist_obj_dir'] = '$PRODUCT_DIR/dist/bin'
# We don't currently build NSS tests.
gyp_vars['disable_tests'] = 1
if CONFIG['NSS_DISABLE_DBM']:
gyp_vars['disable_dbm'] = 1
gyp_vars['disable_libpkix'] = 1
# pkg-config won't reliably find zlib on our builders, so just force it.
# System zlib is only used for modutil and signtool unless
# SSL zlib is enabled, which we are disabling immediately below this.
gyp_vars['zlib_libs'] = '-lz'
gyp_vars['ssl_enable_zlib'] = 0
# System sqlite here is the in-tree mozsqlite.
gyp_vars['use_system_sqlite'] = 1
gyp_vars['sqlite_libs'] = 'sqlite'
OS_LIBS += CONFIG['REALTIME_LIBS']
SYMBOLS_FILE = 'nss.symbols'
# This changes the default targets in the NSS build, among
# other things.
gyp_vars['moz_fold_libs'] = 1
# Some things in NSS need to link against nssutil, which
# gets folded, so this tells them what to link against.
gyp_vars['moz_folded_library_name'] = 'nss'
# Force things in NSS that want to link against NSPR to link
# against the folded library.
gyp_vars['nspr_libs'] = 'nss'
else:
Library('nss')
USE_LIBS += [
'nss3',
'nssutil3',
'smime3',
'sqlite',
'ssl3',
]
gyp_vars['nspr_libs'] = 'nspr'
if CONFIG['MOZ_SYSTEM_NSPR']:
gyp_vars['nspr_include_dir'] = '%' + CONFIG['NSPR_INCLUDE_DIR']
gyp_vars['nspr_lib_dir'] = '%' + CONFIG['NSPR_LIB_DIR']
else:
gyp_vars['nspr_include_dir'] = '!/dist/include/nspr'
gyp_vars['nspr_lib_dir'] = '' # gyp wants a value, but we don't need
# it to be valid.
# This disables building some NSS tools.
gyp_vars['mozilla_client'] = 1
# We run shlibsign as part of packaging, not build.
gyp_vars['sign_libs'] = 0
gyp_vars['python'] = CONFIG['PYTHON']
# The NSS gyp files do not have a default for this.
gyp_vars['nss_dist_dir'] = '$PRODUCT_DIR/dist'
# NSS wants to put public headers in $nss_dist_dir/public/nss by default,
# which would wind up being mapped to dist/include/public/nss (by
# gyp_reader's `handle_copies`).
# This forces it to put them in dist/include/nss.
gyp_vars['nss_public_dist_dir'] = '$PRODUCT_DIR/dist'
gyp_vars['nss_dist_obj_dir'] = '$PRODUCT_DIR/dist/bin'
# We don't currently build NSS tests.
gyp_vars['disable_tests'] = 1
if CONFIG['NSS_DISABLE_DBM']:
gyp_vars['disable_dbm'] = 1
gyp_vars['disable_libpkix'] = 1
# pkg-config won't reliably find zlib on our builders, so just force it.
# System zlib is only used for modutil and signtool unless
# SSL zlib is enabled, which we are disabling immediately below this.
gyp_vars['zlib_libs'] = '-lz'
gyp_vars['ssl_enable_zlib'] = 0
# System sqlite here is the in-tree mozsqlite.
gyp_vars['use_system_sqlite'] = 1
gyp_vars['sqlite_libs'] = 'sqlite'
# The Python scripts that detect clang need it to be set as CC
# in the environment, which isn't true here. I don't know that
# setting that would be harmful, but we already have this information
# anyway.
if CONFIG['CC_TYPE'] in ('clang', 'clang-cl'):
gyp_vars['cc_is_clang'] = 1
if CONFIG['GCC_USE_GNU_LD']:
gyp_vars['cc_use_gnu_ld'] = 1
if CONFIG['MOZ_SYSTEM_NSPR']:
gyp_vars['nspr_include_dir'] = '%' + CONFIG['NSPR_INCLUDE_DIR']
gyp_vars['nspr_lib_dir'] = '%' + CONFIG['NSPR_LIB_DIR']
else:
gyp_vars['nspr_include_dir'] = '!/dist/include/nspr'
gyp_vars['nspr_lib_dir'] = '' # gyp wants a value, but we don't need
# it to be valid.
GYP_DIRS += ['nss']
GYP_DIRS['nss'].input = 'nss/nss.gyp'
GYP_DIRS['nss'].variables = gyp_vars
# The Python scripts that detect clang need it to be set as CC
# in the environment, which isn't true here. I don't know that
# setting that would be harmful, but we already have this information
# anyway.
if CONFIG['CC_TYPE'] in ('clang', 'clang-cl'):
gyp_vars['cc_is_clang'] = 1
if CONFIG['GCC_USE_GNU_LD']:
gyp_vars['cc_use_gnu_ld'] = 1
GYP_DIRS += ['nss']
GYP_DIRS['nss'].input = 'nss/nss.gyp'
GYP_DIRS['nss'].variables = gyp_vars
sandbox_vars = {
# NSS explicitly exports its public symbols
# with linker scripts.
'COMPILE_FLAGS': {
'VISIBILITY': [],
# XXX: We should fix these warnings.
'WARNINGS_AS_ERRORS': [],
},
# NSS' build system doesn't currently build NSS with PGO.
# We could probably do so, but not without a lot of
# careful consideration.
'NO_PGO': True,
}
if CONFIG['OS_TARGET'] == 'WINNT':
if CONFIG['CPU_ARCH'] == 'x86':
# This should really be the default.
sandbox_vars['ASFLAGS'] = ['-safeseh']
if CONFIG['MOZ_FOLD_LIBS_FLAGS']:
sandbox_vars['CFLAGS'] = CONFIG['MOZ_FOLD_LIBS_FLAGS']
if CONFIG['OS_TARGET'] == 'Android':
sandbox_vars['CFLAGS'] = [
'-include', TOPSRCDIR + '/security/manager/android_stub.h',
# Setting sandbox_vars['DEFINES'] is broken currently.
'-DCHECK_FORK_GETPID',
]
if CONFIG['ANDROID_VERSION']:
sandbox_vars['CFLAGS'] += ['-DANDROID_VERSION=' + CONFIG['ANDROID_VERSION']]
GYP_DIRS['nss'].sandbox_vars = sandbox_vars
GYP_DIRS['nss'].no_chromium = True
GYP_DIRS['nss'].no_unified = True
# This maps action names from gyp files to
# Python scripts that can be used in moz.build GENERATED_FILES.
GYP_DIRS['nss'].action_overrides = {
'generate_certdata_c': 'generate_certdata.py',
'generate_mapfile': 'generate_mapfile.py',
}
sandbox_vars = {
# NSS explicitly exports its public symbols
# with linker scripts.
'COMPILE_FLAGS': {
'VISIBILITY': [],
# XXX: We should fix these warnings.
'WARNINGS_AS_ERRORS': [],
},
# NSS' build system doesn't currently build NSS with PGO.
# We could probably do so, but not without a lot of
# careful consideration.
'NO_PGO': True,
}
if CONFIG['OS_TARGET'] == 'WINNT':
if CONFIG['CPU_ARCH'] == 'x86':
# This should really be the default.
sandbox_vars['ASFLAGS'] = ['-safeseh']
if CONFIG['MOZ_FOLD_LIBS_FLAGS']:
sandbox_vars['CFLAGS'] = CONFIG['MOZ_FOLD_LIBS_FLAGS']
if CONFIG['OS_TARGET'] == 'Android':
sandbox_vars['CFLAGS'] = [
'-include', TOPSRCDIR + '/security/manager/android_stub.h',
# Setting sandbox_vars['DEFINES'] is broken currently.
'-DCHECK_FORK_GETPID',
]
if CONFIG['ANDROID_VERSION']:
sandbox_vars['CFLAGS'] += ['-DANDROID_VERSION=' + CONFIG['ANDROID_VERSION']]
if CONFIG['MOZ_SYSTEM_NSS']:
sandbox_vars['CXXFLAGS'] = CONFIG['NSS_CFLAGS']
GYP_DIRS['nss'].sandbox_vars = sandbox_vars
GYP_DIRS['nss'].no_chromium = True
GYP_DIRS['nss'].no_unified = True
# This maps action names from gyp files to
# Python scripts that can be used in moz.build GENERATED_FILES.
GYP_DIRS['nss'].action_overrides = {
'generate_certdata_c': 'generate_certdata.py',
'generate_mapfile': 'generate_mapfile.py',
}
if CONFIG['NSS_EXTRA_SYMBOLS_FILE']:
DEFINES['NSS_EXTRA_SYMBOLS_FILE'] = CONFIG['NSS_EXTRA_SYMBOLS_FILE']