From 26a029d407be480d791972afb5975cf62c9360a6 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 02:47:55 +0200 Subject: Adding upstream version 124.0.1. Signed-off-by: Daniel Baumann --- security/moz.build | 188 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 188 insertions(+) create mode 100644 security/moz.build (limited to 'security/moz.build') diff --git a/security/moz.build b/security/moz.build new file mode 100644 index 0000000000..d19bb9e6e2 --- /dev/null +++ b/security/moz.build @@ -0,0 +1,188 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +with Files("**"): + BUG_COMPONENT = ("Core", "Security: PSM") + +with Files("generate*.py"): + BUG_COMPONENT = ("Firefox Build System", "General") + +with Files("nss/**"): + BUG_COMPONENT = ("NSS", "Libraries") + +with Files("nss.symbols"): + BUG_COMPONENT = ("NSS", "Libraries") + +if CONFIG["MOZ_SYSTEM_NSS"]: + Library("nss") + OS_LIBS += CONFIG["NSS_LIBS"] + +include("/build/gyp_base.mozbuild") +if CONFIG["MOZ_FOLD_LIBS"]: + GeckoSharedLibrary("nss", linkage=None) + # TODO: The library name can be changed when bug 845217 is fixed. + SHARED_LIBRARY_NAME = "nss3" + + USE_LIBS += [ + "nspr4", + "nss3_static", + "nssutil", + "plc4", + "plds4", + "smime3_static", + "ssl", + ] + + OS_LIBS += CONFIG["REALTIME_LIBS"] + + SYMBOLS_FILE = "nss.symbols" + # This changes the default targets in the NSS build, among + # other things. + gyp_vars["moz_fold_libs"] = 1 + # Some things in NSS need to link against nssutil, which + # gets folded, so this tells them what to link against. + gyp_vars["moz_folded_library_name"] = "nss" + # Force things in NSS that want to link against NSPR to link + # against the folded library. + gyp_vars["nspr_libs"] = "nss" +elif not CONFIG["MOZ_SYSTEM_NSS"]: + Library("nss") + USE_LIBS += [ + "nss3", + "nssutil3", + "smime3", + "sqlite", + "ssl3", + ] + gyp_vars["nspr_libs"] = "nspr" +else: + gyp_vars["nspr_libs"] = "nspr" + # Bug 1805371: We need a static copy of NSS for the tlsserver test + # binaries even when building with system NSS. But there's no good + # way to build NSS that does not pollute dist/bin with shared + # object files. For now, we have to build mozpkix only and disable + # the affected tests. + gyp_vars["mozpkix_only"] = 1 + +# This disables building some NSS tools. +gyp_vars["mozilla_client"] = 1 + +# This builds NSS tools in COMM applications that Firefox doesn't build. +if CONFIG["MOZ_BUILD_APP"].startswith("comm/"): + gyp_vars["comm_client"] = 1 + +# We run shlibsign as part of packaging, not build. +gyp_vars["sign_libs"] = 0 +gyp_vars["python"] = CONFIG["PYTHON3"] +# The NSS gyp files do not have a default for this. +gyp_vars["nss_dist_dir"] = "$PRODUCT_DIR/dist" +# NSS wants to put public headers in $nss_dist_dir/public/nss by default, +# which would wind up being mapped to dist/include/public/nss (by +# gyp_reader's `handle_copies`). +# This forces it to put them in dist/include/nss. +gyp_vars["nss_public_dist_dir"] = "$PRODUCT_DIR/dist" +gyp_vars["nss_dist_obj_dir"] = "$PRODUCT_DIR/dist/bin" +# We don't currently build NSS tests. +gyp_vars["disable_tests"] = 1 +gyp_vars["disable_dbm"] = 1 +gyp_vars["disable_libpkix"] = 1 +gyp_vars["enable_sslkeylogfile"] = 1 +# Whether we're using system NSS or Rust nssckbi, we don't need +# to build C nssckbi +gyp_vars["disable_ckbi"] = 1 +# pkg-config won't reliably find zlib on our builders, so just force it. +# System zlib is only used for modutil and signtool unless +# SSL zlib is enabled, which we are disabling immediately below this. +gyp_vars["zlib_libs"] = "-lz" +gyp_vars["ssl_enable_zlib"] = 0 +# System sqlite here is the in-tree mozsqlite. +gyp_vars["use_system_sqlite"] = 1 +gyp_vars["sqlite_libs"] = "sqlite" +gyp_vars["enable_draft_hpke"] = 1 + +# Clang can build NSS with its integrated assembler since version 9. +if ( + CONFIG["TARGET_CPU"] == "x86_64" + and CONFIG["CC_TYPE"] == "clang" + and int(CONFIG["CC_VERSION"].split(".")[0]) >= 9 +): + gyp_vars["force_integrated_as"] = 1 + + +if CONFIG["MOZ_SYSTEM_NSPR"]: + gyp_vars["nspr_include_dir"] = "%" + CONFIG["NSPR_INCLUDE_DIR"] + gyp_vars["nspr_lib_dir"] = "%" + CONFIG["NSPR_LIB_DIR"] +else: + gyp_vars["nspr_include_dir"] = "!/dist/include/nspr" + gyp_vars["nspr_lib_dir"] = "" # gyp wants a value, but we don't need + # it to be valid. + +# The Python scripts that detect clang need it to be set as CC +# in the environment, which isn't true here. I don't know that +# setting that would be harmful, but we already have this information +# anyway. +if CONFIG["CC_TYPE"] in ("clang", "clang-cl"): + gyp_vars["cc_is_clang"] = 1 +if CONFIG["GCC_USE_GNU_LD"]: + gyp_vars["cc_use_gnu_ld"] = 1 + +GYP_DIRS += ["nss"] +GYP_DIRS["nss"].input = "nss/nss.gyp" +GYP_DIRS["nss"].variables = gyp_vars + +sandbox_vars = { + # NSS explicitly exports its public symbols + # with linker scripts. + "COMPILE_FLAGS": { + "VISIBILITY": [], + "WARNINGS_CFLAGS": [ + f for f in CONFIG["WARNINGS_CFLAGS"] if f != "-Wsign-compare" + ], + }, + # NSS' build system doesn't currently build NSS with PGO. + # We could probably do so, but not without a lot of + # careful consideration. + "NO_PGO": True, +} +if CONFIG["OS_TARGET"] == "WINNT": + # We want to remove XP_WIN32 eventually. See bug 1535219 for details. + sandbox_vars["CFLAGS"] = [ + "-DXP_WIN32", + "-Wno-error=unused-function", # bug 1856445 + ] + if CONFIG["TARGET_CPU"] == "x86": + # This should really be the default. + sandbox_vars["ASFLAGS"] = ["-safeseh"] + + DELAYLOAD_DLLS += [ + "winmm.dll", + ] + +if CONFIG["OS_TARGET"] == "Android": + sandbox_vars["CFLAGS"] = [ + "-include", + TOPSRCDIR + "/security/manager/android_stub.h", + ] + if CONFIG["ANDROID_VERSION"]: + sandbox_vars["CFLAGS"] += ["-DANDROID_VERSION=" + CONFIG["ANDROID_VERSION"]] +if CONFIG["MOZ_SYSTEM_NSS"]: + sandbox_vars["CXXFLAGS"] = CONFIG["NSS_CFLAGS"] +GYP_DIRS["nss"].sandbox_vars = sandbox_vars +GYP_DIRS["nss"].no_chromium = True +GYP_DIRS["nss"].no_unified = True +# This maps action names from gyp files to +# Python scripts that can be used in moz.build GENERATED_FILES. +GYP_DIRS["nss"].action_overrides = { + "generate_mapfile": "generate_mapfile.py", +} + +if CONFIG["NSS_EXTRA_SYMBOLS_FILE"]: + DEFINES["NSS_EXTRA_SYMBOLS_FILE"] = CONFIG["NSS_EXTRA_SYMBOLS_FILE"] + +SPHINX_TREES["nss"] = "nss/doc/rst" + +with Files("nss/doc/rst/**"): + SCHEDULES.exclusive = ["nss"] -- cgit v1.2.3