diff options
| author | Moonchild <moonchild@palemoon.org> | 2022-04-08 13:07:17 +0000 |
|---|---|---|
| committer | Moonchild <moonchild@palemoon.org> | 2022-04-08 13:07:17 +0000 |
| commit | 330b866f465f58e1fed01e819eef7043d6c9f628 (patch) | |
| tree | 5a8caddcfa6a0d09733daa403da974a5032ceb4a | |
| parent | edcbb85f5e53802ab9bbe92132be241265036d32 (diff) | |
| parent | 4f6406f03320be7c01e5866455ec392aacd0b123 (diff) | |
| download | uxp-330b866f465f58e1fed01e819eef7043d6c9f628.tar.gz | |
Merge pull request 'Land final NSS-gyp work' (#1850) from nss-gyp-work into master
Reviewed-on: https://repo.palemoon.org/MoonchildProductions/UXP/pulls/1850
| -rw-r--r-- | build/autoconf/nspr-build.m4 | 2 | ||||
| -rw-r--r-- | build/gyp.mozbuild | 39 | ||||
| -rw-r--r-- | build/gyp_base.mozbuild | 36 | ||||
| -rw-r--r-- | build/moz.configure/init.configure | 1 | ||||
| -rw-r--r-- | config/external/nss/Makefile.in | 460 | ||||
| -rw-r--r-- | config/external/nss/crmf/moz.build | 15 | ||||
| -rw-r--r-- | config/external/nss/moz.build | 39 | ||||
| -rw-r--r-- | config/external/nss/nss.mk | 27 | ||||
| -rw-r--r-- | moz.build | 2 | ||||
| -rw-r--r-- | python/mozbuild/mozbuild/frontend/context.py | 9 | ||||
| -rw-r--r-- | python/mozbuild/mozbuild/frontend/emitter.py | 3 | ||||
| -rw-r--r-- | python/mozbuild/mozbuild/frontend/gyp_reader.py | 216 | ||||
| -rw-r--r-- | python/mozbuild/mozbuild/frontend/reader.py | 6 | ||||
| -rw-r--r-- | security/Makefile.in | 2 | ||||
| -rw-r--r-- | security/generate_certdata.py | 20 | ||||
| -rw-r--r-- | security/generate_mapfile.py | 54 | ||||
| -rw-r--r-- | security/moz.build | 123 | ||||
| -rw-r--r-- | security/nss.symbols (renamed from config/external/nss/nss.symbols) | 0 | ||||
| -rw-r--r-- | security/nss/coreconf/config.gypi | 18 | ||||
| -rw-r--r-- | security/nss/lib/freebl/freebl.gyp | 4 |
20 files changed, 446 insertions, 630 deletions
diff --git a/build/autoconf/nspr-build.m4 b/build/autoconf/nspr-build.m4 index b53fb4d37f..2858d1f2bd 100644 --- a/build/autoconf/nspr-build.m4 +++ b/build/autoconf/nspr-build.m4 @@ -138,6 +138,8 @@ if test -n "$NSPR_CFLAGS" -o -n "$NSPR_LIBS"; then , AC_MSG_ERROR([system NSPR does not support PR_UINT64 or including prtypes.h does not provide it])) CFLAGS=$_SAVE_CFLAGS + NSPR_INCLUDE_DIR=`echo ${NSPR_CFLAGS} | sed -e 's/.*-I\([^ ]*\).*/\1/'` + NSPR_LIB_DIR=`echo ${NSPR_LIBS} | sed -e 's/.*-L\([^ ]*\).*/\1/'` elif test -z "$JS_POSIX_NSPR"; then NSPR_INCLUDE_DIR="${DIST}/include/nspr" NSPR_CFLAGS="-I${NSPR_INCLUDE_DIR}" diff --git a/build/gyp.mozbuild b/build/gyp.mozbuild index 9e6b63d7ad..f61772ecc3 100644 --- a/build/gyp.mozbuild +++ b/build/gyp.mozbuild @@ -3,7 +3,9 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -gyp_vars = { +include('gyp_base.mozbuild') + +gyp_vars.update({ 'lsan': 0, 'asan': 0, 'build_with_mozilla': 1, @@ -65,42 +67,17 @@ gyp_vars = { # linker to throw away uneeded bits. 'include_isac': 1, 'include_pcm16b': 1, -} - -os = CONFIG['OS_TARGET'] - -if os == 'WINNT': - gyp_vars.update( - MSVS_VERSION=CONFIG['_MSVS_VERSION'], - MSVS_OS_BITS=64 if CONFIG['HAVE_64BIT_BUILD'] else 32, - ) - -flavors = { - 'WINNT': 'win', - 'Linux': 'linux', - 'SunOS': 'solaris', - 'GNU/kFreeBSD': 'freebsd', - 'DragonFly': 'dragonfly', - 'FreeBSD': 'freebsd', - 'NetBSD': 'netbsd', - 'OpenBSD': 'openbsd', -} -gyp_vars['OS'] = flavors.get(os) - -arches = { - 'x86_64': 'x64', - 'x86': 'ia32', - 'aarch64': 'arm64', -} - -gyp_vars['target_arch'] = arches.get(CONFIG['CPU_ARCH'], CONFIG['CPU_ARCH']) +}) if CONFIG['ARM_ARCH']: if int(CONFIG['ARM_ARCH']) < 7: gyp_vars['armv7'] = 0 gyp_vars['arm_neon_optional'] = 0 + elif os == 'Android': + gyp_vars['armv7'] = 1 else: - # armv7 always uses CPU detection, so we have to set armv7=0 + # CPU detection for ARM works on Android only. armv7 always uses CPU + # detection, so we have to set armv7=0 for non-Android target gyp_vars['armv7'] = 0 # For libyuv gyp_vars['arm_version'] = int(CONFIG['ARM_ARCH']) diff --git a/build/gyp_base.mozbuild b/build/gyp_base.mozbuild new file mode 100644 index 0000000000..a1f8acb099 --- /dev/null +++ b/build/gyp_base.mozbuild @@ -0,0 +1,36 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +gyp_vars = {} + +os = CONFIG['OS_TARGET'] + +if os == 'WINNT': + gyp_vars.update( + MSVS_VERSION=CONFIG['_MSVS_VERSION'], + MSVS_OS_BITS=64 if CONFIG['HAVE_64BIT_BUILD'] else 32, + ) + +flavors = { + 'WINNT': 'win', + 'Linux': 'linux', + 'Darwin': 'mac' if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'cocoa' else 'ios', + 'SunOS': 'solaris', + 'GNU/kFreeBSD': 'freebsd', + 'DragonFly': 'dragonfly', + 'FreeBSD': 'freebsd', + 'NetBSD': 'netbsd', + 'OpenBSD': 'openbsd', +} +gyp_vars['OS'] = flavors.get(os) + +arches = { + 'x86_64': 'x64', + 'x86': 'ia32', + 'aarch64': 'arm64', +} + +gyp_vars['host_arch'] = arches.get(CONFIG['HOST_CPU_ARCH'], CONFIG['HOST_CPU_ARCH']) +gyp_vars['target_arch'] = arches.get(CONFIG['CPU_ARCH'], CONFIG['CPU_ARCH']) diff --git a/build/moz.configure/init.configure b/build/moz.configure/init.configure index 8f275aee01..6c4f74c0d8 100644 --- a/build/moz.configure/init.configure +++ b/build/moz.configure/init.configure @@ -518,6 +518,7 @@ def host_variables(host): HOST_OS_ARCH=os_arch, ) +set_config('HOST_CPU_ARCH', delayed_getattr(host, 'cpu')) set_config('HOST_OS_ARCH', delayed_getattr(host_variables, 'HOST_OS_ARCH')) add_old_configure_assignment('HOST_OS_ARCH', delayed_getattr(host_variables, 'HOST_OS_ARCH')) diff --git a/config/external/nss/Makefile.in b/config/external/nss/Makefile.in deleted file mode 100644 index f01426d512..0000000000 --- a/config/external/nss/Makefile.in +++ /dev/null @@ -1,460 +0,0 @@ -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -CC_WRAPPER = -CXX_WRAPPER = - -default:: - -include $(topsrcdir)/config/makefiles/functions.mk - -NSS_LIBS = \ - nss3 \ - nssutil3 \ - smime3 \ - ssl3 \ - $(NULL) - -ifdef MOZ_FOLD_LIBS -NSS_DLLS = $(LIBRARY_NAME) -else -NSS_DLLS = $(NSS_LIBS) -endif - -NSS_EXTRA_DLLS = \ - nssckbi \ - softokn3 \ - $(NULL) - -ifndef NSS_DISABLE_DBM -NSS_EXTRA_DLLS += nssdbm3 -endif - -SDK_LIBS = crmf - -ifneq (,$(filter WINNT,$(OS_ARCH))) -SDK_LIBS += $(NSS_DLLS) -endif - -# Default -HAVE_FREEBL_LIBS = 1 - -# SunOS SPARC - -ifeq ($(OS_ARCH), SunOS) -ifneq (86,$(findstring 86,$(OS_TEST))) -ifdef HAVE_64BIT_BUILD -HAVE_FREEBL_LIBS = -HAVE_FREEBL_LIBS_64 = 1 -else -HAVE_FREEBL_LIBS = -HAVE_FREEBL_LIBS_32FPU = 1 -HAVE_FREEBL_LIBS_32INT64 = 1 -endif -endif -endif - -ifeq ($(OS_TARGET),Linux) -HAVE_FREEBL_LIBS = -HAVE_FREEBL_LIBS_PRIV = 1 -FREEBL_LOWHASH_FLAG = FREEBL_LOWHASH=1 -endif - -ifdef HAVE_FREEBL_LIBS -NSS_EXTRA_DLLS += freebl3 -endif -ifdef HAVE_FREEBL_LIBS_PRIV -NSS_EXTRA_DLLS += freeblpriv3 -endif -ifdef HAVE_FREEBL_LIBS_32INT32 -NSS_EXTRA_DLLS += freebl_32int_3 -endif -ifdef HAVE_FREEBL_LIBS_32FPU -NSS_EXTRA_DLLS += freebl_32fpu_3 -endif -ifdef HAVE_FREEBL_LIBS_32INT64 -NSS_EXTRA_DLLS += freebl_32int64_3 -endif -ifdef HAVE_FREEBL_LIBS_64 -NSS_EXTRA_DLLS += freebl_64int_3 -NSS_EXTRA_DLLS += freebl_64fpu_3 -endif - -# For all variables such as DLLFLAGS, that may contain $(DIST) -DIST := $(ABS_DIST) -# TODO: move this all to configure, but in Python -ifndef MOZ_BUILD_NSPR -NSPR_INCLUDE_DIR = $(firstword $(filter -I%,$(NSPR_CFLAGS))) -ifneq (,$(strip $(NSPR_INCLUDE_DIR))) -NSPR_INCLUDE_DIR := $(subst -I,,$(subst -I$(DIST),-I$(ABS_DIST),$(NSPR_INCLUDE_DIR))) -else -$(error Your NSPR CFLAGS are broken!) -endif -NSPR_LIB_DIR = $(firstword $(filter -L%,$(NSPR_LIBS))) -ifneq (,$(strip $(NSPR_LIB_DIR))) -NSPR_LIB_DIR := $(subst -L,,$(subst -L$(DIST),-L$(ABS_DIST),$(NSPR_LIB_DIR))) -else -$(error Your NSPR LDFLAGS are broken!) -endif -endif - -# To get debug symbols from NSS -export MOZ_DEBUG_SYMBOLS - -DEFAULT_GMAKE_FLAGS = -DEFAULT_GMAKE_FLAGS += CC='$(CC)' -DEFAULT_GMAKE_FLAGS += MT='$(MT)' -DEFAULT_GMAKE_FLAGS += LD='$(LD)' -DEFAULT_GMAKE_FLAGS += SOURCE_MD_DIR=$(ABS_DIST) -DEFAULT_GMAKE_FLAGS += SOURCE_MDHEADERS_DIR=$(NSPR_INCLUDE_DIR) -DEFAULT_GMAKE_FLAGS += DIST=$(ABS_DIST) -DEFAULT_GMAKE_FLAGS += NSPR_INCLUDE_DIR=$(NSPR_INCLUDE_DIR) -DEFAULT_GMAKE_FLAGS += NSPR_LIB_DIR=$(NSPR_LIB_DIR) -DEFAULT_GMAKE_FLAGS += MOZILLA_CLIENT=1 -DEFAULT_GMAKE_FLAGS += NO_MDUPDATE=1 -DEFAULT_GMAKE_FLAGS += NSS_ENABLE_ECC=1 -DEFAULT_GMAKE_FLAGS += NSS_ENABLE_TLS_1_3=1 -ifeq ($(OS_ARCH)_$(GNU_CC),WINNT_1) -DEFAULT_GMAKE_FLAGS += OS_DLLFLAGS='-static-libgcc' NSPR31_LIB_PREFIX=lib -endif -DEFAULT_GMAKE_FLAGS += SQLITE_LIB_NAME=mozsqlite3 -DEFAULT_GMAKE_FLAGS += SQLITE_LIB_DIR=$(ABS_DIST)/../db/sqlite3/src -DEFAULT_GMAKE_FLAGS += SQLITE_INCLUDE_DIR=$(ABS_DIST)/include -ifdef NSS_DISABLE_DBM -DEFAULT_GMAKE_FLAGS += NSS_DISABLE_DBM=1 -endif -# Hack to force NSS build system to use "normal" object directories -DEFAULT_GMAKE_FLAGS += topsrcdir='$(topsrcdir)' -# topsrcdir can't be expanded here because msys path mangling likes to break -# paths in that case. -DEFAULT_GMAKE_FLAGS += BUILD='$(MOZ_BUILD_ROOT)/security/$$(subst $$(topsrcdir)/security/,,$$(CURDIR))' -DEFAULT_GMAKE_FLAGS += BUILD_TREE='$$(BUILD)' OBJDIR='$$(BUILD)' DEPENDENCIES='$$(BUILD)/.deps' SINGLE_SHLIB_DIR='$$(BUILD)' -DEFAULT_GMAKE_FLAGS += SOURCE_XP_DIR=$(ABS_DIST) -ifndef MOZ_DEBUG -DEFAULT_GMAKE_FLAGS += BUILD_OPT=1 OPT_CODE_SIZE=1 -endif -ifdef GNU_CC -DEFAULT_GMAKE_FLAGS += NS_USE_GCC=1 -else -DEFAULT_GMAKE_FLAGS += NS_USE_GCC= -endif -ifdef USE_N32 -# It is not really necessary to specify USE_PTHREADS=1. USE_PTHREADS -# merely adds _PTH to coreconf's OBJDIR name. -DEFAULT_GMAKE_FLAGS += USE_N32=1 USE_PTHREADS=1 -endif -ifdef HAVE_64BIT_BUILD -DEFAULT_GMAKE_FLAGS += USE_64=1 -endif -ifeq ($(OS_ARCH),WINNT) -DEFAULT_GMAKE_FLAGS += OS_TARGET=WIN95 -ifdef MOZ_DEBUG -ifndef MOZ_NO_DEBUG_RTL -DEFAULT_GMAKE_FLAGS += USE_DEBUG_RTL=1 -endif -endif -endif # WINNT -ifeq ($(OS_ARCH),Darwin) -# Make nsinstall use absolute symlinks by default when building NSS -# for Mozilla on Mac OS X. (Bugzilla bug 193164) -ifndef NSDISTMODE -DEFAULT_GMAKE_FLAGS += NSDISTMODE=absolute_symlink -endif -ifdef MACOS_SDK_DIR -DEFAULT_GMAKE_FLAGS += MACOS_SDK_DIR=$(MACOS_SDK_DIR) -endif -endif - -# Turn off TLS compression support because it requires system zlib. -# See bug 580679 comment 18. -DEFAULT_GMAKE_FLAGS += NSS_SSL_ENABLE_ZLIB= - -# Disable building of the test programs in security/nss/lib/zlib -DEFAULT_GMAKE_FLAGS += PROGRAMS= - -# Disable creating .chk files. They will be generated from packager.mk -# When bug 681624 lands, we can replace CHECKLOC= with SKIP_SHLIBSIGN=1 -DEFAULT_GMAKE_FLAGS += CHECKLOC= - -ifdef CROSS_COMPILE - -DEFAULT_GMAKE_FLAGS += \ - NATIVE_CC='$(HOST_CC)' \ - CC='$(CC)' \ - CCC='$(CXX)' \ - AS='$(AS)' \ - AR='$(AR) $(AR_FLAGS:$@=$$@)' \ - RANLIB='$(RANLIB)' \ - RC='$(RC) $(RCFLAGS)' \ - OS_ARCH='$(OS_ARCH)' \ - OS_TEST='$(OS_TEST)' \ - CPU_ARCH='$(TARGET_CPU)' \ - $(NULL) - -endif - -ifdef WRAP_LDFLAGS -NSS_EXTRA_LDFLAGS += $(WRAP_LDFLAGS) -endif - -# The SHARED_LIBS part is needed unconditionally on Android. It's not -# clear why this is the case, but see bug 1133073 (starting around -# comment #8) for context. -ifneq (,$(or $(MOZ_GLUE_WRAP_LDFLAGS), $(filter Android, $(OS_TARGET)))) -NSS_EXTRA_LDFLAGS += $(SHARED_LIBS:$(DEPTH)%=$(MOZ_BUILD_ROOT)%) $(MOZ_GLUE_WRAP_LDFLAGS) -endif - -ifneq (,$(NSS_EXTRA_LDFLAGS)) -DEFAULT_GMAKE_FLAGS += \ - LDFLAGS='$(LDFLAGS) $(NSS_EXTRA_LDFLAGS)' \ - DSO_LDOPTS='$(DSO_LDOPTS) $(LDFLAGS) $(NSS_EXTRA_LDFLAGS)' \ - $(NULL) -endif - -DEFAULT_GMAKE_FLAGS += FREEBL_NO_DEPEND=0 $(FREEBL_LOWHASH_FLAG) -DEFAULT_GMAKE_FLAGS += NSS_ALLOW_SSLKEYLOGFILE=1 - -ifdef MOZ_NO_WLZDEFS -DEFAULT_GMAKE_FLAGS += ZDEFS_FLAG= -endif -ifdef MOZ_CFLAGS_NSS -NSS_XCFLAGS += $(filter-out -W%,$(CFLAGS)) -DEFAULT_GMAKE_FLAGS += DARWIN_DYLIB_VERSIONS='-compatibility_version 1 -current_version 1 $(LDFLAGS)' -endif -ifeq (1_1,$(CLANG_CL)_$(MOZ_ASAN)) -XLDFLAGS := $(OS_LDFLAGS) -DEFAULT_GMAKE_FLAGS += XLDFLAGS='$(XLDFLAGS)' -endif - -DEFAULT_GMAKE_FLAGS += NSS_NO_PKCS11_BYPASS=1 - -# Put NSS headers directly under $(DIST)/include -DEFAULT_GMAKE_FLAGS += PUBLIC_EXPORT_DIR='$(ABS_DIST)/include/$$(MODULE)' -DEFAULT_GMAKE_FLAGS += SOURCE_XPHEADERS_DIR='$$(SOURCE_XP_DIR)/include/$$(MODULE)' -DEFAULT_GMAKE_FLAGS += MODULE_INCLUDES='$$(addprefix -I$$(SOURCE_XP_DIR)/include/,$$(REQUIRES))' - -# Work around NSS's MAKE_OBJDIR being racy. See bug #836220 -DEFAULT_GMAKE_FLAGS += MAKE_OBJDIR='$$(INSTALL) -D $$(OBJDIR)' - -# Work around NSS adding IMPORT_LIBRARY to TARGETS with no rule for -# it, creating race conditions. See bug #836220 -DEFAULT_GMAKE_FLAGS += TARGETS='$$(LIBRARY) $$(SHARED_LIBRARY) $$(PROGRAM)' - -ifdef MOZ_FOLD_LIBS_FLAGS -NSS_XCFLAGS += $(MOZ_FOLD_LIBS_FLAGS) -endif - -# Pass on the MSVC target arch from the main build system. -# Note this is case- and switch-character sensitive, while -# the MSVC option is not. -ifeq (WINNT,$(OS_TARGET)) -NSS_XCFLAGS += $(filter -arch:%,$(CFLAGS)) -endif - -# Enable short header experiment. Firefox only. -NSS_XCFLAGS += -DNSS_ENABLE_TLS13_SHORT_HEADERS - -# Export accumulated XCFLAGS to modify nss defaults. -DEFAULT_GMAKE_FLAGS += XCFLAGS='$(NSS_XCFLAGS)' - -NSS_SRCDIR = $(topsrcdir) - -NSS_DIRS = -ifndef MOZ_FOLD_LIBS -NSS_DIRS += nss/lib -else -ifndef NSS_DISABLE_DBM -NSS_DIRS += nss/lib/dbm -endif -endif -NSS_DIRS += \ - nss/cmd/lib \ - nss/cmd/shlibsign \ - $(NULL) - -ifdef ENABLE_TESTS -NSS_DIRS += \ - nss/cmd/certutil \ - nss/cmd/pk12util \ - nss/cmd/modutil \ - $(NULL) -endif - -ifneq (,$(filter %--build-id,$(LDFLAGS))) -DEFAULT_GMAKE_ENV = LDFLAGS=-Wl,--build-id -endif - -ifdef MOZ_FOLD_LIBS -# TODO: The following can be replaced by something simpler when bug 844880 -# is fixed. -# All static libraries required for nss, smime, ssl and nssutil. -# The strip is needed to remove potential linefeed characters, since they hang -# around in some cases on Windows. -NSS_STATIC_LIBS := $(strip $(shell $(MAKE) --no-print-directory -f $(srcdir)/nss.mk DEPTH='$(DEPTH)' topsrcdir='$(topsrcdir)' srcdir='$(srcdir)' echo-variable-libs)) -# Corresponding build directories -NSS_STATIC_DIRS := $(foreach lib,$(NSS_STATIC_LIBS),$(patsubst %/,%,$(dir $(lib)))) -NSS_DIRS += $(NSS_STATIC_DIRS) - -# TODO: The following can be replaced by something simpler when bug 844884 -# is fixed. -# Remaining nss/lib directories -NSS_DIRS += nss/lib/freebl nss/lib/softoken nss/lib/jar nss/lib/crmf nss/lib/ckfw - -DEFAULT_GMAKE_FLAGS += NSS_DISABLE_LIBPKIX=1 - -ifeq (WINNT,$(OS_TARGET)) -NSS_DIRS += nss/lib/zlib -endif -endif # MOZ_FOLD_LIBS - -# Filter-out $(LIBRARY_NAME) because it's already handled in config/rules.mk. -NSS_DIST_DLL_FILES := $(addprefix $(DIST)/lib/$(DLL_PREFIX),$(addsuffix $(DLL_SUFFIX),$(filter-out $(LIBRARY_NAME),$(NSS_DLLS)) $(NSS_EXTRA_DLLS))) -NSS_DIST_DLL_DEST := $(DIST)/bin -NSS_DIST_DLL_TARGET := target -INSTALL_TARGETS += NSS_DIST_DLL - -ifeq ($(OS_ARCH)_$(1), SunOS_softokn3) -# has to use copy mode on Solaris, see #665509 -$(DIST)/bin/$(DLL_PREFIX)softokn3$(DLL_SUFFIX): INSTALL := $(NSINSTALL) -t -endif - -NSS_SDK_LIB_FILES := \ - $(addprefix $(DIST)/lib/$(LIB_PREFIX),$(addsuffix .$(LIB_SUFFIX),$(SDK_LIBS))) \ - $(addprefix $(DIST)/bin/$(DLL_PREFIX),$(addsuffix $(DLL_SUFFIX),$(NSS_DLLS))) \ - $(NULL) -NSS_SDK_LIB_DEST := $(DIST)/sdk/lib -NSS_SDK_LIB_TARGET := target -INSTALL_TARGETS += NSS_SDK_LIB - -ifdef MOZ_FOLD_LIBS -# Add all static libraries for nss, smime, ssl and nssutil -STATIC_LIBS += $(addprefix $(DEPTH)/security/,$(NSS_STATIC_LIBS)) - -IMPORT_LIB_FILES = $(IMPORT_LIBRARY) -IMPORT_LIB_DEST ?= $(DIST)/lib -IMPORT_LIB_TARGET = target -INSTALL_TARGETS += IMPORT_LIB - -endif # MOZ_FOLD_LIBS - -include $(topsrcdir)/config/rules.mk - -ifeq (1,$(ALLOW_COMPILER_WARNINGS)) -DEFAULT_GMAKE_FLAGS += NSS_ENABLE_WERROR=0 -endif - -# Can't pass this in DEFAULT_GMAKE_FLAGS because that overrides -# definitions in NSS, so just export it into the sub-make's environment. -ifeq (WINNT_1,$(OS_TARGET)_$(MOZ_MEMORY)) -DLLFLAGS := -LIBPATH:$(ABS_DIST)/../mozglue/build -DEFAULTLIB:mozglue -export DLLFLAGS -endif - -ifdef MOZ_FOLD_LIBS -# Force the linker to include everything from the static libraries. -EXPAND_LIBS_EXEC += --extract - -$(SHARED_LIBRARY): $(addprefix $(DEPTH)/security/,$(NSS_STATIC_LIBS)) - -ifdef IMPORT_LIB_SUFFIX -IMPORT_PREFIX = $(LIB_PREFIX) -IMPORT_SUFFIX = .$(IMPORT_LIB_SUFFIX) -else -IMPORT_PREFIX = $(DLL_PREFIX) -IMPORT_SUFFIX = $(DLL_SUFFIX) -endif - -NSPR_IMPORT_LIBS = $(addprefix $(DIST)/lib/$(IMPORT_PREFIX),$(addsuffix $(IMPORT_SUFFIX),nspr4 plc4 plds4)) -SQLITE_IMPORT_LIB = $(DIST)/lib/$(IMPORT_PREFIX)mozsqlite3$(IMPORT_SUFFIX) - -# TODO: The following can be replaced by something simpler when bug 844884 -# is fixed. -# Associate target files with the rules that build them. -$(DIST)/lib/$(LIB_PREFIX)crmf.$(LIB_SUFFIX): libs-nss/lib/crmf -$(DIST)/lib/$(DLL_PREFIX)freebl3$(DLL_SUFFIX): libs-nss/lib/freebl -$(DIST)/lib/$(DLL_PREFIX)nssckbi$(DLL_SUFFIX): libs-nss/lib/ckfw -$(DIST)/lib/$(DLL_PREFIX)softokn3$(DLL_SUFFIX): libs-nss/lib/softoken -$(DIST)/lib/$(DLL_PREFIX)nssdbm3$(DLL_SUFFIX): libs-nss/lib/softoken -$(foreach lib,$(NSS_STATIC_LIBS),$(eval $(DEPTH)/security/$(lib): libs-$(patsubst %/,%,$(dir $(lib))))) - -# Create fake import libraries for the folded libraries, so that linking -# against them works both for the NSS build system (see dependencies below) -# and for the rest of the mozilla build system. -$(NSPR_IMPORT_LIBS) \ -$(SQLITE_IMPORT_LIB) \ -$(DIST)/lib/$(IMPORT_PREFIX)nssutil3$(IMPORT_SUFFIX) \ -$(DIST)/lib/$(IMPORT_PREFIX)ssl3$(IMPORT_SUFFIX) \ -$(DIST)/lib/$(IMPORT_PREFIX)smime3$(IMPORT_SUFFIX): $(DIST)/lib/$(IMPORT_PREFIX)nss3$(IMPORT_SUFFIX) -ifeq (WINNT,$(OS_TARGET)) - cp $< $@ -else - ln -sf $< $@ -endif - -# Interdependencies between nss sub-directories, and dependencies on NSPR/SQLite -libs-nss/lib/ckfw: libs-nss/lib/nss/../base $(NSPR_IMPORT_LIBS) -libs-nss/lib/softoken: $(NSPR_IMPORT_LIBS) $(SQLITE_IMPORT_LIB) -libs-nss/lib/softoken: libs-nss/lib/freebl -ifndef NSS_DISABLE_DBM -libs-nss/lib/softoken: libs-nss/lib/dbm -endif -libs-nss/lib/softoken: $(DIST)/lib/$(IMPORT_PREFIX)nssutil3$(IMPORT_SUFFIX) -libs-nss/lib/freebl: $(DIST)/lib/$(IMPORT_PREFIX)nssutil3$(IMPORT_SUFFIX) $(NSPR_IMPORT_LIBS) - -# For each directory where we build static libraries, force the NSS build system -# to only build static libraries. -$(addprefix libs-,$(NSS_STATIC_DIRS)): DEFAULT_GMAKE_FLAGS += SHARED_LIBRARY= IMPORT_LIBRARY= -else -$(STATIC_LIBS) $(NSS_DIST_DLL_FILES) $(NSS_SDK_LIB_FILES): libs-nss/lib -endif # MOZ_FOLD_LIBS - -ifeq ($(NSINSTALL_PY),$(NSINSTALL)) -DEFAULT_GMAKE_FLAGS += PYTHON='$(PYTHON)' -DEFAULT_GMAKE_FLAGS += NSINSTALL_PY='$(abspath $(topsrcdir)/config/nsinstall.py)' -DEFAULT_GMAKE_FLAGS += NSINSTALL='$$(PYTHON) $$(NSINSTALL_PY)' -else -DEFAULT_GMAKE_FLAGS += NSINSTALL='$(abspath $(NSINSTALL))' -endif -ifeq ($(OS_ARCH),WINNT) -DEFAULT_GMAKE_FLAGS += INSTALL='$$(NSINSTALL) -t' -endif -DEFAULT_GMAKE_FLAGS += $(EXTRA_GMAKE_FLAGS) - -$(addprefix libs-,$(NSS_DIRS)): libs-%: -# Work around NSS's export rule being racy when recursing for private_export -# See bug #836220. -$(addprefix export-,$(NSS_DIRS)): EXTRA_GMAKE_FLAGS = PRIVATE_EXPORTS= -$(addprefix export-,$(NSS_DIRS)): export-%: private_export-% -$(addprefix private_export-,$(NSS_DIRS)): EXTRA_GMAKE_FLAGS = -$(addprefix private_export-,$(NSS_DIRS)): private_export-%: - -$(foreach p,libs export private_export,$(addprefix $(p)-,$(NSS_DIRS))): - $(DEFAULT_GMAKE_ENV) $(MAKE) -C $(NSS_SRCDIR)/security/$* $(@:-$*=) $(DEFAULT_GMAKE_FLAGS) - -export:: $(addprefix export-,$(NSS_DIRS)) - -$(addprefix clean-,$(NSS_DIRS)): clean-%: - $(MAKE) -C $(NSS_SRCDIR)/security/$* $(DEFAULT_GMAKE_FLAGS) clean - -clean clobber clobber_all realclean distclean depend:: $(addprefix clean-,$(NSS_DIRS)) - -NSS_CMD_TARGETS := $(addprefix libs-,$(filter-out nss/cmd/lib,$(filter nss/cmd/%,$(NSS_DIRS)))) -target:: $(NSS_CMD_TARGETS) - -ifdef MOZ_FOLD_LIBS -$(NSS_CMD_TARGETS): $(addprefix $(DIST)/lib/$(IMPORT_PREFIX),$(addsuffix $(IMPORT_SUFFIX),$(NSS_LIBS))) -libs-nss/cmd/modutil: libs-nss/lib/jar -ifeq (WINNT,$(OS_TARGET)) -libs-nss/cmd/modutil: libs-nss/lib/zlib -endif -$(NSS_CMD_TARGETS): libs-nss/cmd/lib -else -$(NSS_CMD_TARGETS): libs-nss/lib libs-nss/cmd/lib -endif # MOZ_FOLD_LIBS - -# Work around NSS build system race condition creating certdata.c in -# security/nss/lib/ckfw/builtins. See bug #836220. -libs-nss/lib$(if $(MOZ_FOLD_LIBS),/ckfw): $(call mkdir_deps,$(DEPTH)/security/nss/lib/ckfw/builtins) - diff --git a/config/external/nss/crmf/moz.build b/config/external/nss/crmf/moz.build deleted file mode 100644 index 9a17c6b5ab..0000000000 --- a/config/external/nss/crmf/moz.build +++ /dev/null @@ -1,15 +0,0 @@ -# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -Library('crmf') - -USE_LIBS += [ - # The dependency on nss is not real, but is required to force the - # parent directory being built before this one. This has no - # practical effect on linkage, since the only thing linking crmf - # will need nss anyways. - 'nss', - 'static:/security/nss/lib/crmf/crmf', -] diff --git a/config/external/nss/moz.build b/config/external/nss/moz.build deleted file mode 100644 index ff1befc94c..0000000000 --- a/config/external/nss/moz.build +++ /dev/null @@ -1,39 +0,0 @@ -# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -DIRS += ['crmf'] - -if CONFIG['MOZ_FOLD_LIBS']: - GeckoSharedLibrary('nss', linkage=None) - # TODO: The library name can be changed when bug 845217 is fixed. - SHARED_LIBRARY_NAME = 'nss3' - - SDK_LIBRARY = True - - USE_LIBS += [ - 'nspr4', - 'plc4', - 'plds4', - ] - - OS_LIBS += CONFIG['REALTIME_LIBS'] - - SYMBOLS_FILE = 'nss.symbols' -else: - Library('nss') - USE_LIBS += [ - '/security/nss/lib/nss/nss3', - '/security/nss/lib/smime/smime3', - '/security/nss/lib/ssl/ssl3', - '/security/nss/lib/util/nssutil3', - ] - -USE_LIBS += ['sqlite'] - -# XXX: We should fix these warnings. -ALLOW_COMPILER_WARNINGS = True - -if CONFIG['NSS_EXTRA_SYMBOLS_FILE']: - DEFINES['NSS_EXTRA_SYMBOLS_FILE'] = CONFIG['NSS_EXTRA_SYMBOLS_FILE'] diff --git a/config/external/nss/nss.mk b/config/external/nss/nss.mk deleted file mode 100644 index 38d234a0b9..0000000000 --- a/config/external/nss/nss.mk +++ /dev/null @@ -1,27 +0,0 @@ -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -include $(DEPTH)/config/autoconf.mk - -include $(topsrcdir)/config/config.mk - -dirs := - -define add_dirs -SHARED_LIBRARY_DIRS := -include $(topsrcdir)/security/$(1)/config.mk -dirs += $$(addprefix $(1)/,$$(SHARED_LIBRARY_DIRS)) $(1) -endef -$(foreach dir,util nss ssl smime,$(eval $(call add_dirs,nss/lib/$(dir)))) - -libs := -define add_lib -LIBRARY_NAME := -include $(topsrcdir)/security/$(1)/manifest.mn -libs += $$(addprefix $(1)/,$(LIB_PREFIX)$$(LIBRARY_NAME).$(LIB_SUFFIX)) -endef -$(foreach dir,$(dirs),$(eval $(call add_lib,$(dir)))) - -echo-variable-%: - @echo $($*) @@ -73,7 +73,7 @@ if not CONFIG['MOZ_DISABLE_PLATFORM']: DIRS += [ 'config/external', - 'config/external/nss', + 'security', ] if CONFIG['BUILD_CTYPES']: diff --git a/python/mozbuild/mozbuild/frontend/context.py b/python/mozbuild/mozbuild/frontend/context.py index f81665b52b..7c44a6836a 100644 --- a/python/mozbuild/mozbuild/frontend/context.py +++ b/python/mozbuild/mozbuild/frontend/context.py @@ -1567,7 +1567,10 @@ VARIABLES = { 'variables': dict, 'input': unicode, 'sandbox_vars': dict, + 'no_chromium': bool, + 'no_unified': bool, 'non_unified_sources': StrictOrderingOnAppendList, + 'action_overrides': dict, }), list, """Defines a list of object directories handled by gyp configurations. @@ -1582,9 +1585,15 @@ VARIABLES = { - sandbox_vars, a dictionary containing variables and values to pass to the mozbuild processor on top of those derived from gyp configuration. + - no_chromium, a boolean which if set to True disables some + special handling that emulates gyp_chromium. + - no_unified, a boolean which if set to True disables source + file unification entirely. - non_unified_sources, a list containing sources files, relative to the current moz.build, that should be excluded from source file unification. + - action_overrides, a dict of action_name to values of the `script` + attribute to use for GENERATED_FILES for the specified action. Typical use looks like: GYP_DIRS += ['foo', 'bar'] diff --git a/python/mozbuild/mozbuild/frontend/emitter.py b/python/mozbuild/mozbuild/frontend/emitter.py index 49ec1e8d7a..78d92c4236 100644 --- a/python/mozbuild/mozbuild/frontend/emitter.py +++ b/python/mozbuild/mozbuild/frontend/emitter.py @@ -135,9 +135,6 @@ class TreeMetadataEmitter(LoggingMixin): if os.path.exists(subconfigures): paths = open(subconfigures).read().splitlines() self._external_paths = set(mozpath.normsep(d) for d in paths) - # Add security/nss manually, since it doesn't have a subconfigure. - self._external_paths.add('security/nss') - self._emitter_time = 0.0 self._object_count = 0 self._test_files_converter = SupportFilesConverter() diff --git a/python/mozbuild/mozbuild/frontend/gyp_reader.py b/python/mozbuild/mozbuild/frontend/gyp_reader.py index 459c553c3e..e6d2607032 100644 --- a/python/mozbuild/mozbuild/frontend/gyp_reader.py +++ b/python/mozbuild/mozbuild/frontend/gyp_reader.py @@ -5,6 +5,7 @@ from __future__ import absolute_import, unicode_literals import gyp +import gyp.msvs_emulation import sys import os import types @@ -12,6 +13,7 @@ import mozpack.path as mozpath from mozpack.files import FileFinder from .sandbox import alphabetical_sorted from .context import ( + ObjDirPath, SourcePath, TemplateContext, VARIABLES, @@ -38,13 +40,20 @@ chrome_src = mozpath.abspath(mozpath.join(mozpath.dirname(gyp.__file__), '../../../..')) script_dir = mozpath.join(chrome_src, 'build') + +def encode(value): + if isinstance(value, unicode): + return value.encode('utf-8') + return value + + # Default variables gyp uses when evaluating gyp files. generator_default_variables = { } -for dirname in ['INTERMEDIATE_DIR', 'SHARED_INTERMEDIATE_DIR', 'PRODUCT_DIR', - 'LIB_DIR', 'SHARED_LIB_DIR']: +for dirname in [b'INTERMEDIATE_DIR', b'SHARED_INTERMEDIATE_DIR', b'PRODUCT_DIR', + b'LIB_DIR', b'SHARED_LIB_DIR']: # Some gyp steps fail if these are empty(!). - generator_default_variables[dirname] = b'dir' + generator_default_variables[dirname] = b'$' + dirname for unused in ['RULE_INPUT_PATH', 'RULE_INPUT_ROOT', 'RULE_INPUT_NAME', 'RULE_INPUT_DIRNAME', 'RULE_INPUT_EXT', @@ -68,13 +77,37 @@ class GypContext(TemplateContext): allowed_variables=VARIABLES, config=config) -def encode(value): - if isinstance(value, unicode): - return value.encode('utf-8') - return value +def handle_actions(actions, context, action_overrides): + idir = '$INTERMEDIATE_DIR/' + for action in actions: + name = action['action_name'] + if name not in action_overrides: + raise RuntimeError('GYP action %s not listed in action_overrides' % name) + outputs = action['outputs'] + if len(outputs) > 1: + raise NotImplementedError('GYP actions with more than one output not supported: %s' % name) + output = outputs[0] + if not output.startswith(idir): + raise NotImplementedError('GYP actions outputting to somewhere other than <(INTERMEDIATE_DIR) not supported: %s' % output) + output = output[len(idir):] + context['GENERATED_FILES'] += [output] + g = context['GENERATED_FILES'][output] + g.script = action_overrides[name] + g.inputs = action['inputs'] +def handle_copies(copies, context): + dist = '$PRODUCT_DIR/dist/' + for copy in copies: + dest = copy['destination'] + if not dest.startswith(dist): + raise NotImplementedError('GYP copies to somewhere other than <(PRODUCT_DIR)/dist not supported: %s' % dest) + dest_paths = dest[len(dist):].split('/') + exports = context['EXPORTS'] + while dest_paths: + exports = getattr(exports, dest_paths.pop(0)) + exports += sorted(copy['files'], key=lambda x: x.lower()) -def read_from_gyp(config, path, output, vars, non_unified_sources = set()): +def read_from_gyp(config, path, output, vars, no_chromium, no_unified, action_overrides, non_unified_sources = set()): """Read a gyp configuration and emits GypContexts for the backend to process. @@ -84,10 +117,17 @@ def read_from_gyp(config, path, output, vars, non_unified_sources = set()): processor. """ + is_win = config.substs['OS_TARGET'] == 'WINNT' + is_msvc = bool(config.substs['_MSC_VER']) # gyp expects plain str instead of unicode. The frontend code gives us # unicode strings, so convert them. path = encode(path) str_vars = dict((name, encode(value)) for name, value in vars.items()) + if is_msvc: + # This isn't actually used anywhere in this generator, but it's needed + # to override the registry detection of VC++ in gyp. + os.environ['GYP_MSVS_OVERRIDE_PATH'] = 'fake_path' + os.environ['GYP_MSVS_VERSION'] = config.substs['MSVS_VERSION'] params = { b'parallel': False, @@ -96,18 +136,23 @@ def read_from_gyp(config, path, output, vars, non_unified_sources = set()): b'root_targets': None, } - # Files that gyp_chromium always includes - includes = [encode(mozpath.join(script_dir, 'common.gypi'))] - finder = FileFinder(chrome_src, find_executables=False) - includes.extend(encode(mozpath.join(chrome_src, name)) - for name, _ in finder.find('*/supplement.gypi')) + if no_chromium: + includes = [] + depth = mozpath.dirname(path) + else: + depth = chrome_src + # Files that gyp_chromium always includes + includes = [encode(mozpath.join(script_dir, 'common.gypi'))] + finder = FileFinder(chrome_src, find_executables=False) + includes.extend(encode(mozpath.join(chrome_src, name)) + for name, _ in finder.find('*/supplement.gypi')) # Read the given gyp file and its dependencies. generator, flat_list, targets, data = \ gyp.Load([path], format=b'mozbuild', default_variables=str_vars, includes=includes, - depth=encode(chrome_src), + depth=encode(depth), params=params) # Process all targets from the given gyp files and its dependencies. @@ -146,60 +191,136 @@ def read_from_gyp(config, path, output, vars, non_unified_sources = set()): 'in %s' % (c, target_name, build_file)) target_conf = spec['configurations'][c] + if 'actions' in spec: + handle_actions(spec['actions'], context, action_overrides) + if 'copies' in spec: + handle_copies(spec['copies'], context) + + use_libs = [] + libs = [] + def add_deps(s): + for t in s.get('dependencies', []) + s.get('dependencies_original', []): + ty = targets[t]['type'] + if ty in ('static_library', 'shared_library'): + use_libs.append(targets[t]['target_name']) + # Manually expand out transitive dependencies-- + # gyp won't do this for static libs or none targets. + if ty in ('static_library', 'none'): + add_deps(targets[t]) + libs.extend(spec.get('libraries', [])) + #XXX: this sucks, but webrtc breaks with this right now because + # it builds a library called 'gtest' and we just get lucky + # that it isn't in USE_LIBS by that name anywhere. + if no_chromium: + add_deps(spec) + + os_libs = [] + for l in libs: + if l.startswith('-'): + os_libs.append(l) + elif l.endswith('.lib'): + os_libs.append(l[:-4]) + elif l: + # For library names passed in from moz.build. + use_libs.append(os.path.basename(l)) + if spec['type'] == 'none': + if not ('actions' in spec or 'copies' in spec): continue - elif spec['type'] == 'static_library': + elif spec['type'] in ('static_library', 'shared_library', 'executable'): # Remove leading 'lib' from the target_name if any, and use as # library name. name = spec['target_name'] - if name.startswith('lib'): - name = name[3:] - # The context expects an unicode string. - context['LIBRARY_NAME'] = name.decode('utf-8') + if spec['type'] in ('static_library', 'shared_library'): + if name.startswith('lib'): + name = name[3:] + # The context expects an unicode string. + context['LIBRARY_NAME'] = name.decode('utf-8') + else: + context['PROGRAM'] = name.decode('utf-8') + if spec['type'] == 'shared_library': + context['FORCE_SHARED_LIB'] = True + elif spec['type'] == 'static_library' and spec.get('variables', {}).get('no_expand_libs', '0') == '1': + # PSM links a NSS static library, but our folded libnss + # doesn't actually export everything that all of the + # objects within would need, so that one library + # should be built as a real static library. + context['NO_EXPAND_LIBS'] = True + if use_libs: + context['USE_LIBS'] = sorted(use_libs, key=lambda s: s.lower()) + if os_libs: + context['OS_LIBS'] = os_libs # gyp files contain headers and asm sources in sources lists. sources = [] unified_sources = [] extensions = set() + use_defines_in_asflags = False for f in spec.get('sources', []): ext = mozpath.splitext(f)[-1] extensions.add(ext) - s = SourcePath(context, f) + if f.startswith('$INTERMEDIATE_DIR/'): + s = ObjDirPath(context, f.replace('$INTERMEDIATE_DIR/', '!')) + else: + s = SourcePath(context, f) if ext == '.h': continue - if ext != '.S' and s not in non_unified_sources: + if ext == '.def': + context['SYMBOLS_FILE'] = s + elif ext != '.S' and not no_unified and s not in non_unified_sources: unified_sources.append(s) else: sources.append(s) + # The Mozilla build system doesn't use DEFINES for building + # ASFILES. + if ext == '.s': + use_defines_in_asflags = True # The context expects alphabetical order when adding sources context['SOURCES'] = alphabetical_sorted(sources) context['UNIFIED_SOURCES'] = alphabetical_sorted(unified_sources) - for define in target_conf.get('defines', []): + defines = target_conf.get('defines', []) + if is_msvc and no_chromium: + msvs_settings = gyp.msvs_emulation.MsvsSettings(spec, {}) + defines.extend(msvs_settings.GetComputedDefines(c)) + for define in defines: if '=' in define: name, value = define.split('=', 1) context['DEFINES'][name] = value else: context['DEFINES'][define] = True + product_dir_dist = '$PRODUCT_DIR/dist/' for include in target_conf.get('include_dirs', []): - # moz.build expects all LOCAL_INCLUDES to exist, so ensure they do. - # - # NB: gyp files sometimes have actual absolute paths (e.g. - # /usr/include32) and sometimes paths that moz.build considers - # absolute, i.e. starting from topsrcdir. There's no good way - # to tell them apart here, and the actual absolute paths are - # likely bogus. In any event, actual absolute paths will be - # filtered out by trying to find them in topsrcdir. - if include.startswith('/'): - resolved = mozpath.abspath(mozpath.join(config.topsrcdir, include[1:])) + if include.startswith(product_dir_dist): + # special-case includes of <(PRODUCT_DIR)/dist/ to match + # handle_copies above. This is used for NSS' exports. + include = '!/dist/include/' + include[len(product_dir_dist):] + elif include.startswith(config.topobjdir): + # NSPR_INCLUDE_DIR gets passed into the NSS build this way. + include = '!/' + mozpath.relpath(include, config.topobjdir) else: - resolved = mozpath.abspath(mozpath.join(mozpath.dirname(build_file), include)) - if not os.path.exists(resolved): - continue + # moz.build expects all LOCAL_INCLUDES to exist, so ensure they do. + # + # NB: gyp files sometimes have actual absolute paths (e.g. + # /usr/include32) and sometimes paths that moz.build considers + # absolute, i.e. starting from topsrcdir. There's no good way + # to tell them apart here, and the actual absolute paths are + # likely bogus. In any event, actual absolute paths will be + # filtered out by trying to find them in topsrcdir. + if include.startswith('/'): + resolved = mozpath.abspath(mozpath.join(config.topsrcdir, include[1:])) + else: + resolved = mozpath.abspath(mozpath.join(mozpath.dirname(build_file), include)) + if not os.path.exists(resolved): + continue context['LOCAL_INCLUDES'] += [include] context['ASFLAGS'] = target_conf.get('asflags_mozilla', []) + if use_defines_in_asflags and defines: + context['ASFLAGS'] += ['-D' + d for d in defines] + if config.substs['OS_TARGET'] == 'SunOS': + context['LDFLAGS'] = target_conf.get('ldflags', []) flags = target_conf.get('cflags_mozilla', []) if flags: suffix_map = { @@ -227,22 +348,23 @@ def read_from_gyp(config, path, output, vars, non_unified_sources = set()): else: context[var].extend(f) else: - # Ignore other types than static_library because we don't have + # Ignore other types because we don't have # anything using them, and we're not testing them. They can be # added when that becomes necessary. raise NotImplementedError('Unsupported gyp target type: %s' % spec['type']) - # Add some features to all contexts. Put here in case LOCAL_INCLUDES - # order matters. - context['LOCAL_INCLUDES'] += [ - '!/ipc/ipdl/_ipdlheaders', - '/ipc/chromium/src', - '/ipc/glue', - ] - # These get set via VC project file settings for normal GYP builds. - if config.substs['OS_TARGET'] == 'WINNT': - context['DEFINES']['UNICODE'] = True - context['DEFINES']['_UNICODE'] = True + if not no_chromium: + # Add some features to all contexts. Put here in case LOCAL_INCLUDES + # order matters. + context['LOCAL_INCLUDES'] += [ + '!/ipc/ipdl/_ipdlheaders', + '/ipc/chromium/src', + '/ipc/glue', + ] + # These get set via VC project file settings for normal GYP builds. + if is_win: + context['DEFINES']['UNICODE'] = True + context['DEFINES']['_UNICODE'] = True context['DISABLE_STL_WRAPPING'] = True yield context diff --git a/python/mozbuild/mozbuild/frontend/reader.py b/python/mozbuild/mozbuild/frontend/reader.py index a7d7e8b71a..165a8b7119 100644 --- a/python/mozbuild/mozbuild/frontend/reader.py +++ b/python/mozbuild/mozbuild/frontend/reader.py @@ -1128,12 +1128,18 @@ class BuildReader(object): raise SandboxValidationError('Cannot find %s.' % source, context) non_unified_sources.add(source) + action_overrides = {} + for action, script in gyp_dir.action_overrides.iteritems(): + action_overrides[action] = SourcePath(context, script) time_start = time.time() for gyp_context in read_from_gyp(context.config, mozpath.join(curdir, gyp_dir.input), mozpath.join(context.objdir, target_dir), gyp_dir.variables, + gyp_dir.no_chromium, + gyp_dir.no_unified, + action_overrides, non_unified_sources = non_unified_sources): gyp_context.update(gyp_dir.sandbox_vars) gyp_contexts.append(gyp_context) diff --git a/security/Makefile.in b/security/Makefile.in new file mode 100644 index 0000000000..6e6e7faa05 --- /dev/null +++ b/security/Makefile.in @@ -0,0 +1,2 @@ +NSS_DISABLE_AVX2 = 1 +export NSS_DISABLE_AVX2
\ No newline at end of file diff --git a/security/generate_certdata.py b/security/generate_certdata.py new file mode 100644 index 0000000000..96622e8d2a --- /dev/null +++ b/security/generate_certdata.py @@ -0,0 +1,20 @@ +#!/usr/bin/env python +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# +# This exists to paper over differences between gyp's `action` definitions +# and moz.build `GENERATED_FILES` semantics. + +import buildconfig +import os +import subprocess + + +def main(output, *inputs): + env = dict(os.environ) + env['PERL'] = str(buildconfig.substs['PERL']) + output.write(subprocess.check_output([buildconfig.substs['PYTHON'], + inputs[0], inputs[2]], env=env)) + return None diff --git a/security/generate_mapfile.py b/security/generate_mapfile.py new file mode 100644 index 0000000000..71e5066e78 --- /dev/null +++ b/security/generate_mapfile.py @@ -0,0 +1,54 @@ +#!/usr/bin/env python + +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# This script processes NSS .def files according to the rules defined in +# a comment at the top of each one. The files are used to define the +# exports from NSS shared libraries, with -DEFFILE on Windows, a linker +# script on Linux, or with -exported_symbols_list on OS X. +# +# The NSS build system processes them using a series of sed replacements, +# but the Mozilla build system is already running a Python script to generate +# the file so it's simpler to just do the replacement in Python. + +import buildconfig + + +def main(output, input): + # There's a check in old-configure.in under the system-nss handling + # that should match this. + if buildconfig.substs['OS_ARCH'] not in ('Linux', 'SunOS', 'Darwin'): + print "Error: unhandled OS_ARCH %s" % buildconfig.substs['OS_ARCH'] + return 1 + is_linux = buildconfig.substs['OS_ARCH'] in ('Linux', 'SunOS') + + with open(input, 'rb') as f: + for line in f: + line = line.rstrip() + # Remove all lines containing ';-' + if ';-' in line: + continue + # On non-Linux, remove all lines containing ';+' + if not is_linux and ';+' in line: + continue + # Remove the string ' DATA '. + line = line.replace(' DATA ', '') + # Remove the string ';+' + line = line.replace(';+', '') + # Remove the string ';;' + line = line.replace(';;', '') + # If a ';' is present, remove everything after it, + # and on non-Linux, remove it as well. + i = line.find(';') + if i != -1: + if is_linux: + line = line[:i+1] + else: + line = line[:i] + # On non-Linux, symbols get an underscore in front. + if line and not is_linux: + output.write('_') + output.write(line) + output.write('\n')
\ No newline at end of file diff --git a/security/moz.build b/security/moz.build new file mode 100644 index 0000000000..13de8e62aa --- /dev/null +++ b/security/moz.build @@ -0,0 +1,123 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +include('/build/gyp_base.mozbuild') +if CONFIG['MOZ_FOLD_LIBS']: + GeckoSharedLibrary('nss', linkage=None) + # TODO: The library name can be changed when bug 845217 is fixed. + SHARED_LIBRARY_NAME = 'nss3' + + SDK_LIBRARY = True + + USE_LIBS += [ + 'nspr4', + 'nss3_static', + 'nssutil', + 'plc4', + 'plds4', + 'smime3_static', + 'ssl', + ] + + OS_LIBS += CONFIG['REALTIME_LIBS'] + + SYMBOLS_FILE = 'nss.symbols' + # This changes the default targets in the NSS build, among + # other things. + gyp_vars['moz_fold_libs'] = 1 + # Some things in NSS need to link against nssutil, which + # gets folded, so this tells them what to link against. + gyp_vars['moz_folded_library_name'] = 'nss' + # Force things in NSS that want to link against NSPR to link + # against the folded library. + gyp_vars['nspr_libs'] = 'nss' +else: + Library('nss') + USE_LIBS += [ + 'nss3', + 'nssutil3', + 'smime3', + 'sqlite', + 'ssl3', + ] + gyp_vars['nspr_libs'] = 'nspr4 plc4 plds4' + +# This disables building some NSS tools. +gyp_vars['mozilla_client'] = 1 +# We run shlibsign as part of packaging, not build. +gyp_vars['sign_libs'] = 0 +gyp_vars['python'] = CONFIG['PYTHON'] +# The NSS gyp files do not have a default for this. +gyp_vars['nss_dist_dir'] = '$PRODUCT_DIR/dist' +# NSS wants to put public headers in $nss_dist_dir/public/nss by default, +# which would wind up being mapped to dist/include/public/nss (by +# gyp_reader's `handle_copies`). +# This forces it to put them in dist/include/nss. +gyp_vars['nss_public_dist_dir'] = '$PRODUCT_DIR/dist' +gyp_vars['nss_dist_obj_dir'] = '$PRODUCT_DIR/dist/bin' +# We don't currently build NSS tests. +gyp_vars['disable_tests'] = 1 +if CONFIG['NSS_DISABLE_DBM']: + gyp_vars['disable_dbm'] = 1 +gyp_vars['disable_libpkix'] = 1 +gyp_vars['enable_sslkeylogfile'] = 1 +# pkg-config won't reliably find zlib on our builders, so just force it. +# System zlib is only used for modutil and signtool unless +# SSL zlib is enabled, which we are disabling immediately below this. +gyp_vars['zlib_libs'] = '-lz' +gyp_vars['ssl_enable_zlib'] = 0 +# System sqlite here is the in-tree mozsqlite. +gyp_vars['use_system_sqlite'] = 1 +gyp_vars['sqlite_libs'] = 'sqlite' +gyp_vars['nspr_include_dir'] = CONFIG['NSPR_INCLUDE_DIR'] +gyp_vars['nspr_lib_dir'] = CONFIG['NSPR_LIB_DIR'] +# The Python scripts that detect clang need it to be set as CC +# in the environment, which isn't true here. I don't know that +# setting that would be harmful, but we already have this information +# anyway. +gyp_vars['NSS_DISABLE_AVX2'] = 1 +if CONFIG['CLANG_CXX']: + gyp_vars['cc_is_clang'] = 1 + +GYP_DIRS += ['nss'] +GYP_DIRS['nss'].input = 'nss/nss.gyp' +GYP_DIRS['nss'].variables = gyp_vars + +sandbox_vars = { + # NSS explicitly exports its public symbols + # with linker scripts. + 'NO_VISIBILITY_FLAGS': True, + # XXX: We should fix these warnings. + 'ALLOW_COMPILER_WARNINGS': True, + # NSS' build system doesn't currently build NSS with PGO. + # We could probably do so, but not without a lot of + # careful consideration. + 'NO_PGO': True, +} +if CONFIG['OS_TARGET'] == 'WINNT': + if CONFIG['CPU_ARCH'] == 'x86': + # This should really be the default. + sandbox_vars['ASFLAGS'] = ['-safeseh'] +if CONFIG['OS_TARGET'] == 'Android': + sandbox_vars['CFLAGS'] = [ + '-include', TOPSRCDIR + '/security/manager/android_stub.h', + # Setting sandbox_vars['DEFINES'] is broken currently. + '-DCHECK_FORK_GETPID', + ] + if CONFIG['ANDROID_VERSION']: + sandbox_vars['CFLAGS'] += ['-DANDROID_VERSION=' + CONFIG['ANDROID_VERSION']] +GYP_DIRS['nss'].sandbox_vars = sandbox_vars +GYP_DIRS['nss'].no_chromium = True +GYP_DIRS['nss'].no_unified = True +# This maps action names from gyp files to +# Python scripts that can be used in moz.build GENERATED_FILES. +GYP_DIRS['nss'].action_overrides = { + 'generate_certdata_c': 'generate_certdata.py', + 'generate_mapfile': 'generate_mapfile.py', +} + +if CONFIG['NSS_EXTRA_SYMBOLS_FILE']: + DEFINES['NSS_EXTRA_SYMBOLS_FILE'] = CONFIG['NSS_EXTRA_SYMBOLS_FILE']
\ No newline at end of file diff --git a/config/external/nss/nss.symbols b/security/nss.symbols index 83f5dc524c..83f5dc524c 100644 --- a/config/external/nss/nss.symbols +++ b/security/nss.symbols diff --git a/security/nss/coreconf/config.gypi b/security/nss/coreconf/config.gypi index d188759653..30d9b254f0 100644 --- a/security/nss/coreconf/config.gypi +++ b/security/nss/coreconf/config.gypi @@ -37,7 +37,7 @@ },{ 'use_system_sqlite%': 0, }], - ['OS=="mac" or OS=="ios" or OS=="win"', { + ['OS=="mac" or OS=="ios" or OS=="solaris" or OS=="win"', { 'cc_use_gnu_ld%': 0, }, { 'cc_use_gnu_ld%': 1, @@ -100,6 +100,7 @@ 'disable_tests%': 0, 'disable_chachapoly%': 0, 'disable_dbm%': 1, + 'disable_avx2%': 1, 'disable_libpkix%': 1, 'disable_werror%': 0, 'disable_altivec%': 0, @@ -392,6 +393,11 @@ '_REENTRANT', ], }], + [ 'OS!="mac" and OS!="ios" and OS!="solaris" and OS!="win"', { + 'ldflags': [ + '-z', 'noexecstack', + ], + }], [ 'OS!="mac" and OS!="ios" and OS!="win"', { 'cflags': [ '-fPIC', @@ -405,9 +411,6 @@ 'cflags_cc': [ '-std=c++11', ], - 'ldflags': [ - '-z', 'noexecstack', - ], 'conditions': [ [ 'target_arch=="ia32"', { 'cflags': ['-m32'], @@ -564,6 +567,11 @@ 'NSS_DISABLE_DBM', ], }], + [ 'disable_avx2==1', { + 'defines': [ + 'NSS_DISABLE_AVX2', + ], + }], [ 'disable_libpkix==1', { 'defines': [ 'NSS_DISABLE_LIBPKIX', @@ -642,7 +650,7 @@ }, }, 'conditions': [ - [ 'cc_use_gnu_ld==1', { + [ 'cc_use_gnu_ld==1 or OS=="solaris"', { 'variables': { 'process_map_file': ['/bin/sh', '-c', '/usr/bin/env grep -v ";-" >(mapfile) | sed -e "s,;+,," -e "s; DATA ;;" -e "s,;;,," -e "s,;.*,;," > >@(_outputs)'], }, diff --git a/security/nss/lib/freebl/freebl.gyp b/security/nss/lib/freebl/freebl.gyp index dd9446da60..a5f5c8d0ec 100644 --- a/security/nss/lib/freebl/freebl.gyp +++ b/security/nss/lib/freebl/freebl.gyp @@ -129,7 +129,7 @@ '<(DEPTH)/exports.gyp:nss_exports' ], 'conditions': [ - [ 'target_arch=="x64"', { + [ 'target_arch=="x64" and disable_avx2==0', { 'cflags': [ '-mssse3', '-msse4.1', @@ -179,7 +179,7 @@ '-mfpu=neon' ], }], - [ 'target_arch=="x64"', { + [ 'target_arch=="x64" and disable_avx2==0', { 'sources': [ 'verified/Hacl_Poly1305_256.c', 'verified/Hacl_Chacha20_Vec256.c', |