gecko-dev/security/moz.build

187 lines
6.1 KiB
Python

# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
# vim: set filetype=python:
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
with Files("**"):
BUG_COMPONENT = ("Core", "Security: PSM")
with Files("generate*.py"):
BUG_COMPONENT = ("Firefox Build System", "General")
with Files("nss/**"):
BUG_COMPONENT = ("NSS", "Libraries")
with Files("nss.symbols"):
BUG_COMPONENT = ("NSS", "Libraries")
if CONFIG["MOZ_SYSTEM_NSS"]:
Library("nss")
OS_LIBS += CONFIG["NSS_LIBS"]
include("/build/gyp_base.mozbuild")
if CONFIG["MOZ_FOLD_LIBS"]:
GeckoSharedLibrary("nss", linkage=None)
# TODO: The library name can be changed when bug 845217 is fixed.
SHARED_LIBRARY_NAME = "nss3"
USE_LIBS += [
"nspr4",
"nss3_static",
"nssutil",
"plc4",
"plds4",
"smime3_static",
"ssl",
]
OS_LIBS += CONFIG["REALTIME_LIBS"]
SYMBOLS_FILE = "nss.symbols"
# This changes the default targets in the NSS build, among
# other things.
gyp_vars["moz_fold_libs"] = 1
# Some things in NSS need to link against nssutil, which
# gets folded, so this tells them what to link against.
gyp_vars["moz_folded_library_name"] = "nss"
# Force things in NSS that want to link against NSPR to link
# against the folded library.
gyp_vars["nspr_libs"] = "nss"
elif not CONFIG["MOZ_SYSTEM_NSS"]:
Library("nss")
USE_LIBS += [
"nss3",
"nssutil3",
"smime3",
"sqlite",
"ssl3",
]
gyp_vars["nspr_libs"] = "nspr"
else:
gyp_vars["nspr_libs"] = "nspr"
# Bug 1805371: We need a static copy of NSS for the tlsserver test
# binaries even when building with system NSS. But there's no good
# way to build NSS that does not pollute dist/bin with shared
# object files. For now, we have to build mozpkix only and disable
# the affected tests.
gyp_vars["mozpkix_only"] = 1
# This disables building some NSS tools.
gyp_vars["mozilla_client"] = 1
# This builds NSS tools in COMM applications that Firefox doesn't build.
if CONFIG["MOZ_BUILD_APP"].startswith("comm/"):
gyp_vars["comm_client"] = 1
# We run shlibsign as part of packaging, not build.
gyp_vars["sign_libs"] = 0
gyp_vars["python"] = CONFIG["PYTHON3"]
# The NSS gyp files do not have a default for this.
gyp_vars["nss_dist_dir"] = "$PRODUCT_DIR/dist"
# NSS wants to put public headers in $nss_dist_dir/public/nss by default,
# which would wind up being mapped to dist/include/public/nss (by
# gyp_reader's `handle_copies`).
# This forces it to put them in dist/include/nss.
gyp_vars["nss_public_dist_dir"] = "$PRODUCT_DIR/dist"
gyp_vars["nss_dist_obj_dir"] = "$PRODUCT_DIR/dist/bin"
# We don't currently build NSS tests.
gyp_vars["disable_tests"] = 1
gyp_vars["disable_dbm"] = 1
gyp_vars["disable_libpkix"] = 1
gyp_vars["enable_sslkeylogfile"] = 1
# Whether we're using system NSS or Rust nssckbi, we don't need
# to build C nssckbi
gyp_vars["disable_ckbi"] = 1
# pkg-config won't reliably find zlib on our builders, so just force it.
# System zlib is only used for modutil and signtool unless
# SSL zlib is enabled, which we are disabling immediately below this.
gyp_vars["zlib_libs"] = "-lz"
gyp_vars["ssl_enable_zlib"] = 0
# System sqlite here is the in-tree mozsqlite.
gyp_vars["use_system_sqlite"] = 1
gyp_vars["sqlite_libs"] = "sqlite"
gyp_vars["enable_draft_hpke"] = 1
# Clang can build NSS with its integrated assembler since version 9.
if (
CONFIG["CPU_ARCH"] == "x86_64"
and CONFIG["CC_TYPE"] == "clang"
and int(CONFIG["CC_VERSION"].split(".")[0]) >= 9
):
gyp_vars["force_integrated_as"] = 1
if CONFIG["MOZ_SYSTEM_NSPR"]:
gyp_vars["nspr_include_dir"] = "%" + CONFIG["NSPR_INCLUDE_DIR"]
gyp_vars["nspr_lib_dir"] = "%" + CONFIG["NSPR_LIB_DIR"]
else:
gyp_vars["nspr_include_dir"] = "!/dist/include/nspr"
gyp_vars["nspr_lib_dir"] = "" # gyp wants a value, but we don't need
# it to be valid.
# The Python scripts that detect clang need it to be set as CC
# in the environment, which isn't true here. I don't know that
# setting that would be harmful, but we already have this information
# anyway.
if CONFIG["CC_TYPE"] in ("clang", "clang-cl"):
gyp_vars["cc_is_clang"] = 1
if CONFIG["GCC_USE_GNU_LD"]:
gyp_vars["cc_use_gnu_ld"] = 1
GYP_DIRS += ["nss"]
GYP_DIRS["nss"].input = "nss/nss.gyp"
GYP_DIRS["nss"].variables = gyp_vars
sandbox_vars = {
# NSS explicitly exports its public symbols
# with linker scripts.
"COMPILE_FLAGS": {
"VISIBILITY": [],
"WARNINGS_CFLAGS": [
f for f in CONFIG["WARNINGS_CFLAGS"] if f != "-Wsign-compare"
],
},
# NSS' build system doesn't currently build NSS with PGO.
# We could probably do so, but not without a lot of
# careful consideration.
"NO_PGO": True,
}
if CONFIG["OS_TARGET"] == "WINNT":
# We want to remove XP_WIN32 eventually. See bug 1535219 for details.
sandbox_vars["CFLAGS"] = ["-DXP_WIN32"]
if CONFIG["CPU_ARCH"] == "x86":
# This should really be the default.
sandbox_vars["ASFLAGS"] = ["-safeseh"]
DELAYLOAD_DLLS += [
"winmm.dll",
]
if CONFIG["OS_TARGET"] == "Android":
sandbox_vars["CFLAGS"] = [
"-include",
TOPSRCDIR + "/security/manager/android_stub.h",
]
if CONFIG["ANDROID_VERSION"]:
sandbox_vars["CFLAGS"] += ["-DANDROID_VERSION=" + CONFIG["ANDROID_VERSION"]]
if CONFIG["MOZ_SYSTEM_NSS"]:
sandbox_vars["CXXFLAGS"] = CONFIG["NSS_CFLAGS"]
GYP_DIRS["nss"].sandbox_vars = sandbox_vars
GYP_DIRS["nss"].no_chromium = True
GYP_DIRS["nss"].no_unified = True
# This maps action names from gyp files to
# Python scripts that can be used in moz.build GENERATED_FILES.
GYP_DIRS["nss"].action_overrides = {
"generate_certdata_c": "generate_certdata.py",
"generate_mapfile": "generate_mapfile.py",
}
if CONFIG["NSS_EXTRA_SYMBOLS_FILE"]:
DEFINES["NSS_EXTRA_SYMBOLS_FILE"] = CONFIG["NSS_EXTRA_SYMBOLS_FILE"]
SPHINX_TREES["nss"] = "nss/doc/rst"
with Files("nss/doc/rst/**"):
SCHEDULES.exclusive = ["nss"]