Bug 1372515 - allow enabling libpkix in gyp builds, r=ttaubert
authorFranziskus Kiefer <franziskuskiefer@gmail.com>
Fri, 09 Jun 2017 19:22:05 +0200
changeset 13441 b8baae5d5f2503e7398fdeab3022d86db45ab3d0
parent 13440 ea7b2fad9fc21787a9c60fbdbd04db753bf8a9d9
child 13442 a1a6eb781dd42f333e5929a36807a88dc715da1d
push id2253
push userfranziskuskiefer@gmail.com
push dateTue, 13 Jun 2017 09:21:30 +0000
reviewersttaubert
bugs1372515
Bug 1372515 - allow enabling libpkix in gyp builds, r=ttaubert Differential Revision: https://nss-review.dev.mozaws.net/D350
build.sh
cmd/platlibs.gypi
gtests/freebl_gtest/freebl_gtest.gyp
gtests/nss_bogo_shim/nss_bogo_shim.gyp
gtests/ssl_gtest/ssl_gtest.gyp
gtests/util_gtest/util_gtest.gyp
help.txt
lib/libpkix/libpkix.gyp
lib/nss/nss.gyp
mach
nss.gyp
readme.md
--- a/build.sh
+++ b/build.sh
@@ -88,16 +88,17 @@ while [ $# -gt 0 ]; do
         --sancov=?*) enable_sancov "${1#*=}" ;;
         --pprof) gyp_params+=(-Duse_pprof=1) ;;
         --ct-verif) gyp_params+=(-Dct_verif=1) ;;
         --disable-tests) gyp_params+=(-Ddisable_tests=1) ;;
         --no-zdefs) gyp_params+=(-Dno_zdefs=1) ;;
         --system-sqlite) gyp_params+=(-Duse_system_sqlite=1) ;;
         --with-nspr=?*) set_nspr_path "${1#*=}"; no_local_nspr=1 ;;
         --system-nspr) set_nspr_path "/usr/include/nspr/:"; no_local_nspr=1 ;;
+        --enable-libpkix) gyp_params+=(-Ddisable_libpkix=0) ;;
         *) show_help; exit 2 ;;
     esac
     shift
 done
 
 if [ "$opt_build" = 1 ]; then
     target=Release
 else
--- a/cmd/platlibs.gypi
+++ b/cmd/platlibs.gypi
@@ -28,39 +28,25 @@
           '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap',
           '<(DEPTH)/lib/softoken/softoken.gyp:softokn',
           '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
           '<(DEPTH)/lib/pki/pki.gyp:nsspki',
           '<(DEPTH)/lib/dev/dev.gyp:nssdev',
           '<(DEPTH)/lib/base/base.gyp:nssb',
           '<(DEPTH)/lib/freebl/freebl.gyp:freebl',
           '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3',
+          '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix',
         ],
         'conditions': [
           [ 'disable_dbm==0', {
             'dependencies': [
               '<(DEPTH)/lib/dbm/src/src.gyp:dbm',
               '<(DEPTH)/lib/softoken/legacydb/legacydb.gyp:nssdbm',
             ],
           }],
-          [ 'disable_libpkix==0', {
-            'dependencies': [
-              '<(DEPTH)/lib/libpkix/pkix/certsel/certsel.gyp:pkixcertsel',
-              '<(DEPTH)/lib/libpkix/pkix/checker/checker.gyp:pkixchecker',
-              '<(DEPTH)/lib/libpkix/pkix/params/params.gyp:pkixparams',
-              '<(DEPTH)/lib/libpkix/pkix/results/results.gyp:pkixresults',
-              '<(DEPTH)/lib/libpkix/pkix/top/top.gyp:pkixtop',
-              '<(DEPTH)/lib/libpkix/pkix/util/util.gyp:pkixutil',
-              '<(DEPTH)/lib/libpkix/pkix/crlsel/crlsel.gyp:pkixcrlsel',
-              '<(DEPTH)/lib/libpkix/pkix/store/store.gyp:pkixstore',
-              '<(DEPTH)/lib/libpkix/pkix_pl_nss/pki/pki.gyp:pkixpki',
-              '<(DEPTH)/lib/libpkix/pkix_pl_nss/system/system.gyp:pkixsystem',
-              '<(DEPTH)/lib/libpkix/pkix_pl_nss/module/module.gyp:pkixmodule'
-            ],
-          }],
         ]},{ # !use_static_libs
           'conditions': [
             ['moz_fold_libs==0', {
               'dependencies': [
                 '<(DEPTH)/lib/ssl/ssl.gyp:ssl3',
                 '<(DEPTH)/lib/smime/smime.gyp:smime3',
                 '<(DEPTH)/lib/nss/nss.gyp:nss3',
               ],
--- a/gtests/freebl_gtest/freebl_gtest.gyp
+++ b/gtests/freebl_gtest/freebl_gtest.gyp
@@ -46,16 +46,17 @@
         '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
         '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
         '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
         '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
         '<(DEPTH)/lib/base/base.gyp:nssb',
         '<(DEPTH)/lib/dev/dev.gyp:nssdev',
         '<(DEPTH)/lib/pki/pki.gyp:nsspki',
         '<(DEPTH)/lib/ssl/ssl.gyp:ssl',
+        '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix',
       ],
       'conditions': [
         [ 'OS=="win"', {
           'libraries': [
             'advapi32.lib',
           ],
         }],
       ],
--- a/gtests/nss_bogo_shim/nss_bogo_shim.gyp
+++ b/gtests/nss_bogo_shim/nss_bogo_shim.gyp
@@ -30,39 +30,25 @@
         '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
         '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap',
         '<(DEPTH)/lib/softoken/softoken.gyp:softokn',
         '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
         '<(DEPTH)/lib/pki/pki.gyp:nsspki',
         '<(DEPTH)/lib/dev/dev.gyp:nssdev',
         '<(DEPTH)/lib/base/base.gyp:nssb',
         '<(DEPTH)/lib/freebl/freebl.gyp:freebl',
-        '<(DEPTH)/lib/zlib/zlib.gyp:nss_zlib'
+        '<(DEPTH)/lib/zlib/zlib.gyp:nss_zlib',
+        '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix',
       ],
       'conditions': [
         [ 'disable_dbm==0', {
           'dependencies': [
             '<(DEPTH)/lib/dbm/src/src.gyp:dbm',
           ],
         }],
-        [ 'disable_libpkix==0', {
-          'dependencies': [
-            '<(DEPTH)/lib/libpkix/pkix/certsel/certsel.gyp:pkixcertsel',
-            '<(DEPTH)/lib/libpkix/pkix/checker/checker.gyp:pkixchecker',
-            '<(DEPTH)/lib/libpkix/pkix/crlsel/crlsel.gyp:pkixcrlsel',
-            '<(DEPTH)/lib/libpkix/pkix/params/params.gyp:pkixparams',
-            '<(DEPTH)/lib/libpkix/pkix/results/results.gyp:pkixresults',
-            '<(DEPTH)/lib/libpkix/pkix/store/store.gyp:pkixstore',
-            '<(DEPTH)/lib/libpkix/pkix/top/top.gyp:pkixtop',
-            '<(DEPTH)/lib/libpkix/pkix/util/util.gyp:pkixutil',
-            '<(DEPTH)/lib/libpkix/pkix_pl_nss/system/system.gyp:pkixsystem',
-            '<(DEPTH)/lib/libpkix/pkix_pl_nss/module/module.gyp:pkixmodule',
-            '<(DEPTH)/lib/libpkix/pkix_pl_nss/pki/pki.gyp:pkixpki',
-          ],
-        }],
       ],
     }
   ],
   'target_defaults': {
     'defines': [
       'NSS_USE_STATIC_LIBS'
     ],
     'include_dirs': [
--- a/gtests/ssl_gtest/ssl_gtest.gyp
+++ b/gtests/ssl_gtest/ssl_gtest.gyp
@@ -57,16 +57,17 @@
         '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
         '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
         '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
         '<(DEPTH)/lib/pki/pki.gyp:nsspki',
         '<(DEPTH)/lib/dev/dev.gyp:nssdev',
         '<(DEPTH)/lib/base/base.gyp:nssb',
         '<(DEPTH)/lib/zlib/zlib.gyp:nss_zlib',
         '<(DEPTH)/cpputil/cpputil.gyp:cpputil',
+        '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix',
       ],
       'conditions': [
         [ 'test_build==1', {
           'dependencies': [
             '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
           ],
         }, {
           'dependencies': [
@@ -76,31 +77,16 @@
             '<(DEPTH)/lib/freebl/freebl.gyp:freebl',
           ],
         }],
         [ 'disable_dbm==0', {
           'dependencies': [
             '<(DEPTH)/lib/dbm/src/src.gyp:dbm',
           ],
         }],
-        [ 'disable_libpkix==0', {
-          'dependencies': [
-            '<(DEPTH)/lib/libpkix/pkix/certsel/certsel.gyp:pkixcertsel',
-            '<(DEPTH)/lib/libpkix/pkix/checker/checker.gyp:pkixchecker',
-            '<(DEPTH)/lib/libpkix/pkix/crlsel/crlsel.gyp:pkixcrlsel',
-            '<(DEPTH)/lib/libpkix/pkix/params/params.gyp:pkixparams',
-            '<(DEPTH)/lib/libpkix/pkix/results/results.gyp:pkixresults',
-            '<(DEPTH)/lib/libpkix/pkix/store/store.gyp:pkixstore',
-            '<(DEPTH)/lib/libpkix/pkix/top/top.gyp:pkixtop',
-            '<(DEPTH)/lib/libpkix/pkix/util/util.gyp:pkixutil',
-            '<(DEPTH)/lib/libpkix/pkix_pl_nss/system/system.gyp:pkixsystem',
-            '<(DEPTH)/lib/libpkix/pkix_pl_nss/module/module.gyp:pkixmodule',
-            '<(DEPTH)/lib/libpkix/pkix_pl_nss/pki/pki.gyp:pkixpki',
-          ],
-        }],
       ],
     }
   ],
   'target_defaults': {
     'include_dirs': [
       '../../lib/ssl'
     ],
     'defines': [
--- a/gtests/util_gtest/util_gtest.gyp
+++ b/gtests/util_gtest/util_gtest.gyp
@@ -24,16 +24,17 @@
         '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
         '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
         '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
         '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
         '<(DEPTH)/lib/base/base.gyp:nssb',
         '<(DEPTH)/lib/dev/dev.gyp:nssdev',
         '<(DEPTH)/lib/pki/pki.gyp:nsspki',
         '<(DEPTH)/lib/ssl/ssl.gyp:ssl',
+        '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix',
       ],
       'conditions': [
         [ 'OS=="win"', {
           'libraries': [
             'advapi32.lib',
           ],
         }],
       ],
--- a/help.txt
+++ b/help.txt
@@ -1,13 +1,13 @@
 Usage: build.sh [-hcv] [-j <n>] [--nspr] [--gyp|-g] [--opt|-o] [-m32]
                 [--test] [--pprof] [--scan-build[=output]] [--ct-verif]
                 [--asan] [--ubsan] [--msan] [--sancov[=edge|bb|func|...]]
                 [--disable-tests] [--fuzz[=tls|oss]] [--system-sqlite]
-                [--no-zdefs] [--with-nspr] [--system-nspr]
+                [--no-zdefs] [--with-nspr] [--system-nspr] [--enable-libpkix]
 
 This script builds NSS with gyp and ninja.
 
 This build system is still under development.  It does not yet support all
 the features or platforms that NSS supports.
 
 NSS build tool options:
 
@@ -35,8 +35,9 @@ NSS build tool options:
                      --sancov=func sets coverage to function level for example
     --disable-tests  don't build tests and corresponding cmdline utils
     --system-sqlite  use system sqlite
     --no-zdefs       don't set -Wl,-z,defs
     --with-nspr      don't build NSPR but use the one at the given location, e.g.
                      --with-nspr=/path/to/nspr/include:/path/to/nspr/lib
     --system-nspr    use system nspr. This requires an installation of NSPR and
                      might not work on all systems.
+    --enable-libpkix make libpkix part of the build.
new file mode 100644
--- /dev/null
+++ b/lib/libpkix/libpkix.gyp
@@ -0,0 +1,31 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'libpkix',
+      'type': 'none',
+      'conditions': [
+        [ 'disable_libpkix==0', {
+          'dependencies': [
+            'pkix/certsel/certsel.gyp:pkixcertsel',
+            'pkix/checker/checker.gyp:pkixchecker',
+            'pkix/crlsel/crlsel.gyp:pkixcrlsel',
+            'pkix/params/params.gyp:pkixparams',
+            'pkix/results/results.gyp:pkixresults',
+            'pkix/store/store.gyp:pkixstore',
+            'pkix/top/top.gyp:pkixtop',
+            'pkix/util/util.gyp:pkixutil',
+            'pkix_pl_nss/module/module.gyp:pkixmodule',
+            'pkix_pl_nss/pki/pki.gyp:pkixpki',
+            'pkix_pl_nss/system/system.gyp:pkixsystem',
+          ],
+        }],
+      ],
+    },
+  ],
+}
\ No newline at end of file
--- a/lib/nss/nss.gyp
+++ b/lib/nss/nss.gyp
@@ -28,34 +28,18 @@
         'nss_static',
         '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
         '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
         '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap',
         '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
         '<(DEPTH)/lib/pki/pki.gyp:nsspki',
         '<(DEPTH)/lib/dev/dev.gyp:nssdev',
         '<(DEPTH)/lib/base/base.gyp:nssb',
+        '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix',
       ],
-      'conditions': [
-        [ 'disable_libpkix==0', {
-          'dependencies': [
-            '<(DEPTH)/lib/libpkix/pkix/certsel/certsel.gyp:pkixcertsel',
-            '<(DEPTH)/lib/libpkix/pkix/checker/checker.gyp:pkixchecker',
-            '<(DEPTH)/lib/libpkix/pkix/params/params.gyp:pkixparams',
-            '<(DEPTH)/lib/libpkix/pkix/results/results.gyp:pkixresults',
-            '<(DEPTH)/lib/libpkix/pkix/top/top.gyp:pkixtop',
-            '<(DEPTH)/lib/libpkix/pkix/util/util.gyp:pkixutil',
-            '<(DEPTH)/lib/libpkix/pkix/crlsel/crlsel.gyp:pkixcrlsel',
-            '<(DEPTH)/lib/libpkix/pkix/store/store.gyp:pkixstore',
-            '<(DEPTH)/lib/libpkix/pkix_pl_nss/pki/pki.gyp:pkixpki',
-            '<(DEPTH)/lib/libpkix/pkix_pl_nss/system/system.gyp:pkixsystem',
-            '<(DEPTH)/lib/libpkix/pkix_pl_nss/module/module.gyp:pkixmodule'
-          ],
-          }],
-        ],
     },
     {
       'target_name': 'nss3',
       'type': 'shared_library',
       'dependencies': [
         'nss3_deps',
         '<(DEPTH)/lib/util/util.gyp:nssutil3',
       ],
--- a/mach
+++ b/mach
@@ -95,17 +95,23 @@ class buildAction(argparse.Action):
         cwd = os.path.dirname(os.path.abspath(__file__))
         subprocess.check_call([cwd + "/build.sh"] + values)
 
 
 class testAction(argparse.Action):
     def runTest(self, test, cycles="standard"):
         cwd = os.path.dirname(os.path.abspath(__file__))
         domsuf = os.getenv('DOMSUF', "localdomain")
-        env = {"NSS_TESTS": test, "NSS_CYCLES": cycles, "DOMSUF": domsuf}
+        host = os.getenv('HOST', "localhost")
+        env = {
+            "NSS_TESTS": test,
+            "NSS_CYCLES": cycles,
+            "DOMSUF": domsuf,
+            "HOST": host
+        }
         command = cwd + "/tests/all.sh"
         subprocess.check_call(command, env=env)
 
     def __call__(self, parser, args, values, option_string=None):
         self.runTest(values)
 
 
 def parse_arguments():
@@ -126,17 +132,17 @@ def parse_arguments():
         'cf_args',
         nargs='*',
         help="clang-format folders and noroot if you don't want to use sudo",
         action=cfAction)
 
     parser_test = subparsers.add_parser(
         'tests', help='Run tests through tests/all.sh.')
     tests = [
-        "cipher", "lowhash", "libpkix", "cert", "dbtests", "tools", "fips",
+        "cipher", "lowhash", "chains", "cert", "dbtests", "tools", "fips",
         "sdr", "crmf", "smime", "ssl", "ocsp", "merge", "pkits", "ec",
         "gtests", "ssl_gtests"
     ]
     parser_test.add_argument(
         'test', choices=tests, help="Available tests", action=testAction)
     return parser.parse_args()
 
 
--- a/nss.gyp
+++ b/nss.gyp
@@ -54,45 +54,31 @@
         'lib/nss/nss.gyp:nss_static',
         'lib/pk11wrap/pk11wrap.gyp:pk11wrap',
         'lib/pkcs12/pkcs12.gyp:pkcs12',
         'lib/pkcs7/pkcs7.gyp:pkcs7',
         'lib/pki/pki.gyp:nsspki',
         'lib/smime/smime.gyp:smime',
         'lib/softoken/softoken.gyp:softokn',
         'lib/ssl/ssl.gyp:ssl',
-        'lib/util/util.gyp:nssutil'
+        'lib/util/util.gyp:nssutil',
+        'lib/libpkix/libpkix.gyp:libpkix',
       ],
       'conditions': [
         [ 'OS=="linux"', {
           'dependencies': [
             'lib/sysinit/sysinit.gyp:nsssysinit_static',
           ],
         }],
         [ 'disable_dbm==0', {
           'dependencies': [
             'lib/dbm/src/src.gyp:dbm',
             'lib/softoken/legacydb/legacydb.gyp:nssdbm',
           ],
         }],
-        [ 'disable_libpkix==0', {
-          'dependencies': [
-            'lib/libpkix/pkix/certsel/certsel.gyp:pkixcertsel',
-            'lib/libpkix/pkix/checker/checker.gyp:pkixchecker',
-            'lib/libpkix/pkix/crlsel/crlsel.gyp:pkixcrlsel',
-            'lib/libpkix/pkix/params/params.gyp:pkixparams',
-            'lib/libpkix/pkix/results/results.gyp:pkixresults',
-            'lib/libpkix/pkix/store/store.gyp:pkixstore',
-            'lib/libpkix/pkix/top/top.gyp:pkixtop',
-            'lib/libpkix/pkix/util/util.gyp:pkixutil',
-            'lib/libpkix/pkix_pl_nss/module/module.gyp:pkixmodule',
-            'lib/libpkix/pkix_pl_nss/pki/pki.gyp:pkixpki',
-            'lib/libpkix/pkix_pl_nss/system/system.gyp:pkixsystem',
-          ],
-        }],
         [ 'use_system_sqlite==0', {
           'dependencies': [
             'lib/sqlite/sqlite.gyp:sqlite',
           ],
         }],
         [ 'moz_fold_libs==1', {
           'dependencies': [
             'lib/nss/nss.gyp:nss3_static',
--- a/readme.md
+++ b/readme.md
@@ -37,19 +37,20 @@ After changing into the NSS directory a 
 Once the build is done the build output is found in the directory
 `../dist/Debug` for debug builds and `../dist/Release` for opt builds.
 Exported header files can be found in the `include` directory, library files in
 directory `lib`, and tools in directory `bin`. In order to run the tools, set
 your system environment to use the libraries of your build from the "lib"
 directory, e.g., using the `LD_LIBRARY_PATH` or `DYLD_LIBRARY_PATH`.
 
     Usage: build.sh [-hcv] [-j <n>] [--nspr] [--gyp|-g] [--opt|-o] [-m32]
-                    [--test] [--fuzz] [--pprof] [--scan-build[=output]]
+                    [--test] [--pprof] [--scan-build[=output]] [--ct-verif]
                     [--asan] [--ubsan] [--msan] [--sancov[=edge|bb|func|...]]
-                    [--ct-verif] [--disable-tests]
+                    [--disable-tests] [--fuzz[=tls|oss]] [--system-sqlite]
+                    [--no-zdefs] [--with-nspr] [--system-nspr] [--enable-libpkix]
 
     This script builds NSS with gyp and ninja.
 
     This build system is still under development.  It does not yet support all
     the features or platforms that NSS supports.
 
     NSS build tool options:
 
@@ -57,28 +58,37 @@ directory, e.g., using the `LD_LIBRARY_P
         -c               clean before build
         -v               verbose build
         -j <n>           run at most <n> concurrent jobs
         --nspr           force a rebuild of NSPR
         --gyp|-g         force a rerun of gyp
         --opt|-o         do an opt build
         -m32             do a 32-bit build on a 64-bit system
         --test           ignore map files and export everything we have
-        --fuzz           enable fuzzing mode. this always enables test builds
+        --fuzz           build fuzzing targets (this always enables test builds)
+                         --fuzz=tls to enable TLS fuzzing mode
+                         --fuzz=oss to build for OSS-Fuzz
         --pprof          build with gperftool support
         --ct-verif       build with valgrind for ct-verif
         --scan-build     run the build with scan-build (scan-build has to be in the path)
                          --scan-build=/out/path sets the output path for scan-build
         --asan           do an asan build
         --ubsan          do an ubsan build
                          --ubsan=bool,shift,... sets specific UB sanitizers
         --msan           do an msan build
         --sancov         do sanitize coverage builds
                          --sancov=func sets coverage to function level for example
         --disable-tests  don't build tests and corresponding cmdline utils
+        --system-sqlite  use system sqlite
+        --no-zdefs       don't set -Wl,-z,defs
+        --with-nspr      don't build NSPR but use the one at the given location, e.g.
+                         --with-nspr=/path/to/nspr/include:/path/to/nspr/lib
+        --system-nspr    use system nspr. This requires an installation of NSPR and
+                         might not work on all systems.
+        --enable-libpkix make libpkix part of the build.
 
 ## Building NSS (legacy build system)
 
 After changing into the NSS directory a typical build of 32-bit NSS is done as
 follows:
 
     make nss_build_all