summaryrefslogtreecommitdiffstats
path: root/security/moz.build
diff options
context:
space:
mode:
Diffstat (limited to 'security/moz.build')
-rw-r--r--security/moz.build186
1 files changed, 186 insertions, 0 deletions
diff --git a/security/moz.build b/security/moz.build
new file mode 100644
index 0000000000..c1f9155c80
--- /dev/null
+++ b/security/moz.build
@@ -0,0 +1,186 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+with Files("**"):
+ BUG_COMPONENT = ("Core", "Security: PSM")
+
+with Files("generate*.py"):
+ BUG_COMPONENT = ("Firefox Build System", "General")
+
+with Files("nss/**"):
+ BUG_COMPONENT = ("NSS", "Libraries")
+
+with Files("nss.symbols"):
+ BUG_COMPONENT = ("NSS", "Libraries")
+
+if CONFIG["MOZ_SYSTEM_NSS"]:
+ Library("nss")
+ OS_LIBS += CONFIG["NSS_LIBS"]
+
+include("/build/gyp_base.mozbuild")
+if CONFIG["MOZ_FOLD_LIBS"]:
+ GeckoSharedLibrary("nss", linkage=None)
+ # TODO: The library name can be changed when bug 845217 is fixed.
+ SHARED_LIBRARY_NAME = "nss3"
+
+ USE_LIBS += [
+ "nspr4",
+ "nss3_static",
+ "nssutil",
+ "plc4",
+ "plds4",
+ "smime3_static",
+ "ssl",
+ ]
+
+ OS_LIBS += CONFIG["REALTIME_LIBS"]
+
+ SYMBOLS_FILE = "nss.symbols"
+ # This changes the default targets in the NSS build, among
+ # other things.
+ gyp_vars["moz_fold_libs"] = 1
+ # Some things in NSS need to link against nssutil, which
+ # gets folded, so this tells them what to link against.
+ gyp_vars["moz_folded_library_name"] = "nss"
+ # Force things in NSS that want to link against NSPR to link
+ # against the folded library.
+ gyp_vars["nspr_libs"] = "nss"
+elif not CONFIG["MOZ_SYSTEM_NSS"]:
+ Library("nss")
+ USE_LIBS += [
+ "nss3",
+ "nssutil3",
+ "smime3",
+ "sqlite",
+ "ssl3",
+ ]
+ gyp_vars["nspr_libs"] = "nspr"
+else:
+ gyp_vars["nspr_libs"] = "nspr"
+ # Bug 1805371: We need a static copy of NSS for the tlsserver test
+ # binaries even when building with system NSS. But there's no good
+ # way to build NSS that does not pollute dist/bin with shared
+ # object files. For now, we have to build mozpkix only and disable
+ # the affected tests.
+ gyp_vars["mozpkix_only"] = 1
+
+# This disables building some NSS tools.
+gyp_vars["mozilla_client"] = 1
+
+# This builds NSS tools in COMM applications that Firefox doesn't build.
+if CONFIG["MOZ_BUILD_APP"].startswith("comm/"):
+ gyp_vars["comm_client"] = 1
+
+# We run shlibsign as part of packaging, not build.
+gyp_vars["sign_libs"] = 0
+gyp_vars["python"] = CONFIG["PYTHON3"]
+# The NSS gyp files do not have a default for this.
+gyp_vars["nss_dist_dir"] = "$PRODUCT_DIR/dist"
+# NSS wants to put public headers in $nss_dist_dir/public/nss by default,
+# which would wind up being mapped to dist/include/public/nss (by
+# gyp_reader's `handle_copies`).
+# This forces it to put them in dist/include/nss.
+gyp_vars["nss_public_dist_dir"] = "$PRODUCT_DIR/dist"
+gyp_vars["nss_dist_obj_dir"] = "$PRODUCT_DIR/dist/bin"
+# We don't currently build NSS tests.
+gyp_vars["disable_tests"] = 1
+gyp_vars["disable_dbm"] = 1
+gyp_vars["disable_libpkix"] = 1
+gyp_vars["enable_sslkeylogfile"] = 1
+# Whether we're using system NSS or Rust nssckbi, we don't need
+# to build C nssckbi
+gyp_vars["disable_ckbi"] = 1
+# pkg-config won't reliably find zlib on our builders, so just force it.
+# System zlib is only used for modutil and signtool unless
+# SSL zlib is enabled, which we are disabling immediately below this.
+gyp_vars["zlib_libs"] = "-lz"
+gyp_vars["ssl_enable_zlib"] = 0
+# System sqlite here is the in-tree mozsqlite.
+gyp_vars["use_system_sqlite"] = 1
+gyp_vars["sqlite_libs"] = "sqlite"
+gyp_vars["enable_draft_hpke"] = 1
+
+# Clang can build NSS with its integrated assembler since version 9.
+if (
+ CONFIG["CPU_ARCH"] == "x86_64"
+ and CONFIG["CC_TYPE"] == "clang"
+ and int(CONFIG["CC_VERSION"].split(".")[0]) >= 9
+):
+ gyp_vars["force_integrated_as"] = 1
+
+
+if CONFIG["MOZ_SYSTEM_NSPR"]:
+ gyp_vars["nspr_include_dir"] = "%" + CONFIG["NSPR_INCLUDE_DIR"]
+ gyp_vars["nspr_lib_dir"] = "%" + CONFIG["NSPR_LIB_DIR"]
+else:
+ gyp_vars["nspr_include_dir"] = "!/dist/include/nspr"
+ gyp_vars["nspr_lib_dir"] = "" # gyp wants a value, but we don't need
+ # it to be valid.
+
+# The Python scripts that detect clang need it to be set as CC
+# in the environment, which isn't true here. I don't know that
+# setting that would be harmful, but we already have this information
+# anyway.
+if CONFIG["CC_TYPE"] in ("clang", "clang-cl"):
+ gyp_vars["cc_is_clang"] = 1
+if CONFIG["GCC_USE_GNU_LD"]:
+ gyp_vars["cc_use_gnu_ld"] = 1
+
+GYP_DIRS += ["nss"]
+GYP_DIRS["nss"].input = "nss/nss.gyp"
+GYP_DIRS["nss"].variables = gyp_vars
+
+sandbox_vars = {
+ # NSS explicitly exports its public symbols
+ # with linker scripts.
+ "COMPILE_FLAGS": {
+ "VISIBILITY": [],
+ "WARNINGS_CFLAGS": [
+ f for f in CONFIG["WARNINGS_CFLAGS"] if f != "-Wsign-compare"
+ ],
+ },
+ # NSS' build system doesn't currently build NSS with PGO.
+ # We could probably do so, but not without a lot of
+ # careful consideration.
+ "NO_PGO": True,
+}
+if CONFIG["OS_TARGET"] == "WINNT":
+ # We want to remove XP_WIN32 eventually. See bug 1535219 for details.
+ sandbox_vars["CFLAGS"] = ["-DXP_WIN32"]
+ if CONFIG["CPU_ARCH"] == "x86":
+ # This should really be the default.
+ sandbox_vars["ASFLAGS"] = ["-safeseh"]
+
+ DELAYLOAD_DLLS += [
+ "winmm.dll",
+ ]
+
+if CONFIG["OS_TARGET"] == "Android":
+ sandbox_vars["CFLAGS"] = [
+ "-include",
+ TOPSRCDIR + "/security/manager/android_stub.h",
+ ]
+ if CONFIG["ANDROID_VERSION"]:
+ sandbox_vars["CFLAGS"] += ["-DANDROID_VERSION=" + CONFIG["ANDROID_VERSION"]]
+if CONFIG["MOZ_SYSTEM_NSS"]:
+ sandbox_vars["CXXFLAGS"] = CONFIG["NSS_CFLAGS"]
+GYP_DIRS["nss"].sandbox_vars = sandbox_vars
+GYP_DIRS["nss"].no_chromium = True
+GYP_DIRS["nss"].no_unified = True
+# This maps action names from gyp files to
+# Python scripts that can be used in moz.build GENERATED_FILES.
+GYP_DIRS["nss"].action_overrides = {
+ "generate_certdata_c": "generate_certdata.py",
+ "generate_mapfile": "generate_mapfile.py",
+}
+
+if CONFIG["NSS_EXTRA_SYMBOLS_FILE"]:
+ DEFINES["NSS_EXTRA_SYMBOLS_FILE"] = CONFIG["NSS_EXTRA_SYMBOLS_FILE"]
+
+SPHINX_TREES["nss"] = "nss/doc/rst"
+
+with Files("nss/doc/rst/**"):
+ SCHEDULES.exclusive = ["nss"]