author Mike Hommey <>
Mon, 28 Mar 2016 07:29:08 +0900
changeset 290996 63338edce3ba60f6668973b60bf832560e78d7c4
parent 290992 f4e24db79431e447e3f6b2758ec6dba4dca817c2
child 291158 2e966a1f371c9d2e4bd376202e79ea70b13d800c
permissions -rw-r--r--
Bug 1260066 - Don't allow to use sandbox primitives from anywhere but global scope and templates. r=nalexander The initial goal of templates was to provide a way to write shorter constructs for some generic tasks during configure. But the limitations of the sandbox and the properties of templates made them used for more general functions. Consequently, this led to templates having to be available from anywhere, which, in turn, led to difficult to introspect constructs. With bug 1257823, we've made almost everything use set_config and similar functions from the global scope, but we don't enforce that those primitives are only used at the global scope. This change does that: it enforces that primitives are only used at the global scope. Or in templates. Now, since templates were used for other purposes than generic uses of other primitives, we now allow non-template functions to be declared. Those can be used everywhere, but don't have access to the sandbox primitives.

# -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
# vim: set filetype=python:
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at

def encoded_open(path, mode):
    encoding = 'mbcs' if sys.platform == 'win32' else 'utf-8'
    return, mode, encoding)

option(env='AUTOCONF', nargs=1, help='Path to autoconf 2.13')

@depends(mozconfig, 'AUTOCONF')
def autoconf(mozconfig, autoconf):
    mozconfig_autoconf = None
    if mozconfig['path']:
        make_extra = mozconfig['make_extra']
        if make_extra:
            for assignment in make_extra:
                m = re.match('(?:export\s+)?AUTOCONF\s*:?=\s*(.+)$',
                if m:
                    mozconfig_autoconf =

    autoconf = autoconf[0] if autoconf else None

    for ac in (mozconfig_autoconf, autoconf, 'autoconf-2.13', 'autoconf2.13',
        if ac:
            autoconf = find_program(ac)
            if autoconf:
        fink = find_program('fink')
        if fink:
            autoconf = os.path.normpath(os.path.join(
                fink, '..', '..', 'lib', 'autoconf2.13', 'bin', 'autoconf'))
            brew = find_program('brew')
            if brew:
                autoconf = os.path.normpath(os.path.join(
                    brew, '..', '..', 'Cellar', 'autoconf213', '2.13', 'bin',

    if not autoconf:
        die('Could not find autoconf 2.13')

    if not os.path.exists(autoconf):
        die('Could not find autoconf 2.13 at %s', autoconf)

    return autoconf

set_config('AUTOCONF', autoconf)

# See comment in mozconfig_options() from build/moz.configure/init.configure
# This gives access to the sandbox. Don't copy this blindly.
def check_mozconfig_variables():
    # This escapes the sandbox. Don't copy this. This is only here because it
    # is a one off until old-configure is gone.
    all_options = __sandbox__._options.itervalues()

    @depends(early_options, wanted_mozconfig_variables)
    def check_mozconfig_variables(early_options, wanted_mozconfig_variables):
        for option in all_options:
            if (option.env and option.env not in early_options and
                    option.env not in wanted_mozconfig_variables):
                die('You need to add `%s` to the `wanted_mozconfig_variables` '
                    'list in build/moz.configure/init.configure.', option.env)


@depends('OLD_CONFIGURE', mozconfig, autoconf, check_build_environment, shell,
         old_configure_assignments, build_project)
@imports(_from='__builtin__', _import='open')
@imports(_from='__builtin__', _import='print')
# Import getmtime without overwriting the sandbox os.path.
@imports(_from='os.path', _import='getmtime')
@imports(_from='mozbuild.shellutil', _import='quote')
def prepare_configure(old_configure, mozconfig, autoconf, build_env, shell,
                      old_configure_assignments, build_project):
    # os.path.abspath in the sandbox will ensure forward slashes on Windows,
    # which is actually necessary because this path actually ends up literally
    # as $0, and backslashes there breaks autoconf's detection of the source
    # directory.
    old_configure = os.path.abspath(old_configure[0])
    if build_project == 'js':
        old_configure_dir = os.path.dirname(old_configure)
        if not old_configure_dir.endswith('/js/src'):
            old_configure = os.path.join(old_configure_dir, 'js', 'src',

    refresh = True
    if os.path.exists(old_configure):
        mtime = getmtime(old_configure)
        aclocal = os.path.join(build_env.topsrcdir, 'build', 'autoconf',
        for input in itertools.chain(
            (old_configure + '.in',
             os.path.join(os.path.dirname(old_configure), 'aclocal.m4')),
            if getmtime(input) > mtime:
            refresh = False

    if refresh:'Refreshing %s with %s', old_configure, autoconf)
        script = subprocess.check_output([
            shell, autoconf,
            '--localdir=%s' % os.path.dirname(old_configure),
            old_configure + '.in'])

        # Make old-configure append to config.log, where we put our own log.
        # This could be done with a m4 macro, but it's way easier this way
        script = script.replace('>./config.log', '>>./config.log')

        with open(old_configure, 'wb') as fh:

    cmd = [shell, old_configure]
    with encoded_open('old-configure.vars', 'w') as out:
        if mozconfig['path']:
            for key, value in mozconfig['env']['added'].items():
                print("export %s=%s" % (key, quote(value)), file=out)
            for key, (old, value) in mozconfig['env']['modified'].items():
                print("export %s=%s" % (key, quote(value)), file=out)
            for key, value in mozconfig['vars']['added'].items():
                print("%s=%s" % (key, quote(value)), file=out)
            for key, (old, value) in mozconfig['vars']['modified'].items():
                print("%s=%s" % (key, quote(value)), file=out)
            for t in ('env', 'vars'):
                for key in mozconfig[t]['removed'].keys():
                    print("unset %s" % key, file=out)

        # Autoconf is special, because it might be passed from
        # mozconfig['make_extra'], which we don't pass automatically above.
        print('export AUTOCONF=%s' % quote(autoconf), file=out)

        for assignment in old_configure_assignments:
            print(assignment, file=out)

    return cmd

def old_configure_options(*options):
    for opt in options:
        option(opt, nargs='*', help='Help missing for old configure options')

    def all_options(help):
        return list(options)

    return depends(prepare_configure, extra_old_configure_args, all_options,


    # Below are the configure flags used by comm-central.
@imports(_from='__builtin__', _import='compile')
@imports(_from='__builtin__', _import='open')
@imports(_from='__builtin__', _import='zip')
@imports(_from='mozbuild.shellutil', _import='quote')
def old_configure(prepare_configure, extra_old_configure_args, all_options,
    cmd = prepare_configure

    # old-configure only supports the options listed in @old_configure_options
    # so we don't need to pass it every single option we've been passed. Only
    # the ones that are not supported by python configure need to.
    cmd += [
        for name, value in zip(all_options, options)
        if value.origin != 'default'

    # We also pass it the options from js/moz.configure so that it can pass
    # them down to js/src/configure. Note this list is empty when running
    # js/src/configure, in which case we don't need to pass those options
    # to old-configure since old-configure doesn't handle them anyways.
    if extra_old_configure_args:
        cmd += extra_old_configure_args

    # For debugging purpose, in case it's not what we'd expect.'running %s', ' '.join(quote(a) for a in cmd))

    # Our logging goes to config.log, the same file old.configure uses.
    # We can't share the handle on the file, so close it. We assume nothing
    # beyond this point is going to be interesting to log to config.log from
    # our end, so we don't make the effort to recreate a logging.FileHandler.
    logger = logging.getLogger('moz.configure')
    for handler in logger.handlers:
        if isinstance(handler, logging.FileHandler):

    log_size = os.path.getsize('config.log')

    ret =
    if ret:
        with log.queue_debug():
            with open('config.log') as fh:
                for line in fh:
            log.error('old-configure failed')

    raw_config = {}
    with encoded_open('', 'r') as fh:
        code = compile(, '', 'exec')
        # Every variation of the exec() function I tried led to:
        # SyntaxError: unqualified exec is not allowed in function 'main' it
        # contains a nested function with free variables
        exec code in raw_config

    # Ensure all the flags known to old-configure appear in the
    # @old_configure_options above.
    all_options = set(all_options)
    for flag in raw_config['flags']:
        if flag not in all_options:
            die('Missing option in `@old_configure_options` in %s: %s',
                __file__, flag)

    # If the code execution above fails, we want to keep the file around for
    # debugging.
    return raw_config

# set_config is only available in the global namespace, not directly in
# @depends functions, but we do need to enumerate the result of
# old_configure, so we cheat.
def set_old_configure_config(name, value):
    __sandbox__.set_config_impl(name, value)

# Same as set_old_configure_config, but for set_define.
def set_old_configure_define(name, value):
    __sandbox__.set_define_impl(name, value)

def post_old_configure(raw_config):
    for k, v in raw_config['substs']:
            k[1:-1], v[1:-1] if isinstance(v, types.StringTypes) else v)

    for k, v in dict(raw_config['defines']).iteritems():
        set_old_configure_define(k[1:-1], v[1:-1])