mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-07 18:04:46 +00:00
5615541267
2019-12-06 Daiki Ueno <dueno@redhat.com> * lib/pki/pki3hack.c: Bug 1593167, certdb: propagate trust information if trust module is loaded afterwards, r=rrelyea,keeler Summary: When the builtin trust module is loaded after some temp certs being created, these temp certs are usually not accompanied by trust information. This causes a problem in Firefox as it loads the module from a separate thread while accessing the network cache which populates temp certs. This change makes it properly roll up the trust information, if a temp cert doesn't have trust information. Reviewers: rrelyea, keeler Reviewed By: rrelyea, keeler Subscribers: reviewbot, heftig Bug #: 1593167 [c46bc59ce7d4] [tip] 2019-11-08 Martin Thomson <mt@lowentropy.net> * lib/ssl/tls13subcerts.c: Bug 1594965 - Include saltLength in DC SPKI, r=kjacobs Summary: I discovered this when validating new additions to our root store policy. The encodings there didn't line up with what we were producing with DC. [661058254ade] 2019-12-04 J.C. Jones <jjones@mozilla.com> * automation/release/nss-release-helper.py: Bug 1535787 - Further improvements to the release-helper API r=mt [7baba392bf8b] * automation/release/nss-release-helper.py: Bug 1535787 - flake8 style updates to nss-release-helper.py r=kjacobs Depends on D23757 [b31e68a789fa] * automation/release/nss-release-helper.py: Bug 1535787 - Use Python for the regexes in nss-release-helper r=keeler,kjacobs automation/release/nss-release-helper.py doesn't actually edit the files correctly on MacOS due to differences between GNU and BSD sed. It's python, so let's just use python regexes. [92271739e848] 2019-12-04 Franziskus Kiefer <franziskuskiefer@gmail.com> * automation/taskcluster/graph/src/extend.js, automation/taskcluster/graph/src/queue.js, automation/taskcluster/scripts/check_abi.sh, build.sh, coreconf/config.gypi, help.txt, lib/freebl/freebl_base.gypi, mach, tests/all.sh, tests/common/init.sh, tests/remote/Makefile: Bug 1594933 - disable libnssdbm by default; keep build on CI, r=jcj Disale libnssdbm by default and add flag to enable it in builds. On CI a build and certs test with enabled legacy DB are added. Note that for some reason the coverage build fails. I have no idea why. I'm open for ideas. [c1fad130dce2] 2019-12-03 Makoto Kato <m_kato@ga2.so-net.ne.jp> * lib/freebl/Makefile, lib/freebl/freebl.gyp, lib/freebl/gcm- arm32-neon.c, lib/freebl/gcm.c: Bug 1562548 - Improve GCM perfomance on aarch32 using NEON. r=kjacobs Optimize GCM perfomance using https://conradoplg.cryptoland.net/files/2010/12/gcm14.pdf via ARM's NEON. [a9ba652046e6] 2019-12-03 J.C. Jones <jjones@mozilla.com> * automation/abi-check/expected-report-libssl3.so.txt, automation/abi- check/previous-nss-release, lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h: Set version numbers to 3.49 beta [3051793c68fc] 2019-12-02 J.C. Jones <jjones@mozilla.com> * .hgtags: Added tag NSS_3_48_BETA1 for changeset 77976f3fefca [06d5b4f91a9c] Differential Revision: https://phabricator.services.mozilla.com/D56378 --HG-- extra : moz-landing-system : lando
64 lines
3.3 KiB
Plaintext
64 lines
3.3 KiB
Plaintext
Usage: build.sh [-h] [-c|-cc] [-v] [-j <n>] [--gyp|-g] [--opt|-o]
|
|
[-t <x64|ia32|...>|--target=<x64|ia32|...>]
|
|
[--clang|--gcc|--msvc] [--scan-build[=dir]] [--disable-tests]
|
|
[--pprof] [--asan] [--msan] [--ubsan[=bool,shift,...]
|
|
[--fuzz[=tls|oss]] [--sancov[=edge|bb|func|...]]
|
|
[--emit-llvm] [--no-zdefs] [--static] [--ct-verif]
|
|
[--nspr|--with-nspr=<include>:<lib>|--system-nspr]
|
|
[--system-sqlite] [--enable-fips] [--enable-libpkix]
|
|
[--mozpkix-only] [-D<gyp-option>]
|
|
[--rebuild] [--enable-legacy-db]
|
|
|
|
This script builds NSS with gyp and ninja.
|
|
|
|
NSS build tool options:
|
|
|
|
-h display this help and exit
|
|
-c clean before build
|
|
-cc clean without building
|
|
-v verbose build
|
|
-j <n> run at most <n> concurrent jobs
|
|
--gyp|-g force a rerun of gyp
|
|
--opt|-o do an opt build
|
|
--target|-t specify target architecture (e.g., ia32, x64, aarch64)
|
|
--clang build with clang and clang++
|
|
--gcc build with gcc and g++
|
|
--msvc build with MSVC
|
|
--scan-build run the build with scan-build
|
|
--scan-build=<dir> sets the output path for scan-build
|
|
--disable-tests don't build tests and corresponding cmdline utils
|
|
--pprof build with gperftool support
|
|
--asan enable address sanitizer
|
|
--msan enable memory sanitizer
|
|
--ubsan enable undefined behavior sanitizer
|
|
--ubsan=bool,shift,... sets specific UB sanitizers
|
|
--fuzz build fuzzing targets (this always enables static builds)
|
|
--fuzz=tls to enable TLS fuzzing mode
|
|
--fuzz=oss to build for OSS-Fuzz
|
|
--sancov do sanitize coverage builds
|
|
--sancov=func sets coverage to function level for example
|
|
--emit-llvm emit LLVM bitcode while building
|
|
(requires the gold linker, use clang-3.8 for SAW)
|
|
--no-zdefs don't set -Wl,-z,defs
|
|
--static create static libraries and use static linking
|
|
--ct-verif build with valgrind for ct-verif
|
|
--nspr force a rebuild of NSPR
|
|
--nspr-test-build when building NSPR also build its tests
|
|
--nspr-test-run when building NSPR tests also run its tests
|
|
--nspr-only exit after building NSPR
|
|
--with-nspr use the NSPR build at the given locations
|
|
--with-nspr=<include>:<lib> sets include and lib paths
|
|
--system-nspr attempt to use system nspr
|
|
shorthand for --with-nspr=/usr/include/nspr:
|
|
--system-sqlite use system sqlite
|
|
--enable-fips enable FIPS checks
|
|
--enable-libpkix make libpkix part of the build
|
|
--enable-legacy-db enable the legacy db (libnssdbm)
|
|
--mozpkix-only build only static mozpkix and mozpkix-test libraries
|
|
support for this build option is limited
|
|
--disable-keylog disable support for logging key data to a file specified
|
|
by the SSLKEYLOGFILE environment variable
|
|
-D<gyp-option> pass an option directly to gyp
|
|
--rebuild build again using the last set of options provided
|
|
(all other arguments are ignored if --rebuild is used)
|