# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- # vim: set filetype=python: # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. with Files("**"): BUG_COMPONENT = ("Core", "Security: PSM") with Files("generate*.py"): BUG_COMPONENT = ("Firefox Build System", "General") with Files("nss/**"): BUG_COMPONENT = ("NSS", "Libraries") with Files("nss.symbols"): BUG_COMPONENT = ("NSS", "Libraries") if CONFIG["MOZ_SYSTEM_NSS"]: Library("nss") OS_LIBS += CONFIG["NSS_LIBS"] include("/build/gyp_base.mozbuild") if CONFIG["MOZ_FOLD_LIBS"]: GeckoSharedLibrary("nss", linkage=None) # TODO: The library name can be changed when bug 845217 is fixed. SHARED_LIBRARY_NAME = "nss3" USE_LIBS += [ "nspr4", "nss3_static", "nssutil", "plc4", "plds4", "smime3_static", "ssl", ] OS_LIBS += CONFIG["REALTIME_LIBS"] SYMBOLS_FILE = "nss.symbols" # This changes the default targets in the NSS build, among # other things. gyp_vars["moz_fold_libs"] = 1 # Some things in NSS need to link against nssutil, which # gets folded, so this tells them what to link against. gyp_vars["moz_folded_library_name"] = "nss" # Force things in NSS that want to link against NSPR to link # against the folded library. gyp_vars["nspr_libs"] = "nss" elif not CONFIG["MOZ_SYSTEM_NSS"]: Library("nss") USE_LIBS += [ "nss3", "nssutil3", "smime3", "sqlite", "ssl3", ] gyp_vars["nspr_libs"] = "nspr" else: gyp_vars["nspr_libs"] = "nspr" # Bug 1805371: We need a static copy of NSS for the tlsserver test # binaries even when building with system NSS. But there's no good # way to build NSS that does not pollute dist/bin with shared # object files. For now, we have to build mozpkix only and disable # the affected tests. gyp_vars["mozpkix_only"] = 1 # This disables building some NSS tools. gyp_vars["mozilla_client"] = 1 # This builds NSS tools in COMM applications that Firefox doesn't build. if CONFIG["MOZ_BUILD_APP"].startswith("comm/"): gyp_vars["comm_client"] = 1 # We run shlibsign as part of packaging, not build. gyp_vars["sign_libs"] = 0 gyp_vars["python"] = CONFIG["PYTHON3"] # The NSS gyp files do not have a default for this. gyp_vars["nss_dist_dir"] = "$PRODUCT_DIR/dist" # NSS wants to put public headers in $nss_dist_dir/public/nss by default, # which would wind up being mapped to dist/include/public/nss (by # gyp_reader's `handle_copies`). # This forces it to put them in dist/include/nss. gyp_vars["nss_public_dist_dir"] = "$PRODUCT_DIR/dist" gyp_vars["nss_dist_obj_dir"] = "$PRODUCT_DIR/dist/bin" # We don't currently build NSS tests. gyp_vars["disable_tests"] = 1 gyp_vars["disable_dbm"] = 1 gyp_vars["disable_libpkix"] = 1 gyp_vars["enable_sslkeylogfile"] = 1 # Whether we're using system NSS or Rust nssckbi, we don't need # to build C nssckbi gyp_vars["disable_ckbi"] = 1 # pkg-config won't reliably find zlib on our builders, so just force it. # System zlib is only used for modutil and signtool unless # SSL zlib is enabled, which we are disabling immediately below this. gyp_vars["zlib_libs"] = "-lz" gyp_vars["ssl_enable_zlib"] = 0 # System sqlite here is the in-tree mozsqlite. gyp_vars["use_system_sqlite"] = 1 gyp_vars["sqlite_libs"] = "sqlite" gyp_vars["enable_draft_hpke"] = 1 # This makes a block in security/nss/coreconf/config.gypi happy, but it # doesn't actually matter because it's for xcode settings, which the # build system ignores. gyp_vars["iphone_deployment_target"] = "doesntmatter" # Clang can build NSS with its integrated assembler since version 9. if ( CONFIG["TARGET_CPU"] == "x86_64" and CONFIG["CC_TYPE"] == "clang" and int(CONFIG["CC_VERSION"].split(".")[0]) >= 9 ): gyp_vars["force_integrated_as"] = 1 if CONFIG["MOZ_SYSTEM_NSPR"]: gyp_vars["nspr_include_dir"] = "%" + CONFIG["NSPR_INCLUDE_DIR"] gyp_vars["nspr_lib_dir"] = "%" + CONFIG["NSPR_LIB_DIR"] else: gyp_vars["nspr_include_dir"] = "!/dist/include/nspr" gyp_vars["nspr_lib_dir"] = "" # gyp wants a value, but we don't need # it to be valid. # The Python scripts that detect clang need it to be set as CC # in the environment, which isn't true here. I don't know that # setting that would be harmful, but we already have this information # anyway. if CONFIG["CC_TYPE"] in ("clang", "clang-cl"): gyp_vars["cc_is_clang"] = 1 if CONFIG["GCC_USE_GNU_LD"]: gyp_vars["cc_use_gnu_ld"] = 1 GYP_DIRS += ["nss"] GYP_DIRS["nss"].input = "nss/nss.gyp" GYP_DIRS["nss"].variables = gyp_vars sandbox_vars = { # NSS explicitly exports its public symbols # with linker scripts. "COMPILE_FLAGS": { "VISIBILITY": [], "WARNINGS_CFLAGS": [ f for f in CONFIG["WARNINGS_CFLAGS"] if f != "-Wsign-compare" ], }, # NSS' build system doesn't currently build NSS with PGO. # We could probably do so, but not without a lot of # careful consideration. "NO_PGO": True, } if CONFIG["OS_TARGET"] == "WINNT": # We want to remove XP_WIN32 eventually. See bug 1535219 for details. sandbox_vars["CFLAGS"] = [ "-DXP_WIN32", "-Wno-error=unused-function", # bug 1856445 ] if CONFIG["TARGET_CPU"] == "x86": # This should really be the default. sandbox_vars["ASFLAGS"] = ["-safeseh"] DELAYLOAD_DLLS += [ "winmm.dll", ] if CONFIG["OS_TARGET"] == "Android": sandbox_vars["CFLAGS"] = [ "-include", TOPSRCDIR + "/security/manager/android_stub.h", ] if CONFIG["ANDROID_VERSION"]: sandbox_vars["CFLAGS"] += ["-DANDROID_VERSION=" + CONFIG["ANDROID_VERSION"]] if CONFIG["MOZ_SYSTEM_NSS"]: sandbox_vars["CXXFLAGS"] = CONFIG["NSS_CFLAGS"] GYP_DIRS["nss"].sandbox_vars = sandbox_vars GYP_DIRS["nss"].no_chromium = True GYP_DIRS["nss"].no_unified = True # This maps action names from gyp files to # Python scripts that can be used in moz.build GENERATED_FILES. GYP_DIRS["nss"].action_overrides = { "generate_mapfile": "generate_mapfile.py", } if CONFIG["NSS_EXTRA_SYMBOLS_FILE"]: DEFINES["NSS_EXTRA_SYMBOLS_FILE"] = CONFIG["NSS_EXTRA_SYMBOLS_FILE"] SPHINX_TREES["nss"] = "nss/doc/rst" with Files("nss/doc/rst/**"): SCHEDULES.exclusive = ["nss"]