Backed out changeset 2b0d4df90489 (bug 1396137) for build bustage, at least on Android at security/manager/ssl/nsNSSComponent.cpp:1915: 'savedPRErrorCode1' was not declared in this scope etc. r=backout on a CLOSED TREE
authorSebastian Hengst <archaeopteryx@coole-files.de>
Tue, 05 Sep 2017 19:08:12 +0200
changeset 428428 2adbaf665a26354a7abced57248a05fc4f27d854
parent 428427 f08a3cf8fcb64c1e710e41e09733ef9094b1a080
child 428429 54c594c4f68c977a7e0d02464409ef405713170c
push id7761
push userjlund@mozilla.com
push dateFri, 15 Sep 2017 00:19:52 +0000
treeherdermozilla-beta@c38455951db4 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbackout
bugs1396137
milestone57.0a1
backs out2b0d4df90489db8e1922c28cf3c9fc973ce86d0b
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out changeset 2b0d4df90489 (bug 1396137) for build bustage, at least on Android at security/manager/ssl/nsNSSComponent.cpp:1915: 'savedPRErrorCode1' was not declared in this scope etc. r=backout on a CLOSED TREE
security/manager/ssl/nsNSSComponent.cpp
--- a/security/manager/ssl/nsNSSComponent.cpp
+++ b/security/manager/ssl/nsNSSComponent.cpp
@@ -1763,30 +1763,29 @@ GetNSSProfilePath(nsAutoCString& aProfil
 
 #ifndef ANDROID
 // Given a profile path, attempt to rename the PKCS#11 module DB to
 // "<original name>.fips". In the case of a catastrophic failure (e.g. out of
 // memory), returns a failing nsresult. If execution could conceivably proceed,
 // returns NS_OK even if renaming the file didn't work. This simplifies the
 // logic of the calling code.
 static nsresult
-AttemptToRenamePKCS11ModuleDB(const nsACString& profilePath,
-                              const nsACString& moduleDBFilename)
+AttemptToRenamePKCS11ModuleDB(const nsACString& profilePath)
 {
   // profilePath may come from the environment variable
   // MOZPSM_NSSDBDIR_OVERRIDE. If so, the user's NSS DBs are most likely not in
   // their profile directory and we shouldn't mess with them.
   const char* dbDirOverride = getenv("MOZPSM_NSSDBDIR_OVERRIDE");
   if (dbDirOverride && strlen(dbDirOverride) > 0) {
     MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
             ("MOZPSM_NSSDBDIR_OVERRIDE set - not renaming PKCS#11 module DB"));
     return NS_OK;
   }
-  nsAutoCString destModuleDBFilename(moduleDBFilename);
-  destModuleDBFilename.Append(".fips");
+  NS_NAMED_LITERAL_CSTRING(moduleDBFilename, "secmod.db");
+  NS_NAMED_LITERAL_CSTRING(destModuleDBFilename, "secmod.db.fips");
   nsCOMPtr<nsIFile> dbFile = do_CreateInstance("@mozilla.org/file/local;1");
   if (!dbFile) {
     return NS_ERROR_FAILURE;
   }
   nsresult rv = dbFile->InitWithNativePath(profilePath);
   if (NS_FAILED(rv)) {
     return rv;
   }
@@ -1798,17 +1797,17 @@ AttemptToRenamePKCS11ModuleDB(const nsAC
   bool exists;
   rv = dbFile->Exists(&exists);
   if (NS_FAILED(rv)) {
     return rv;
   }
   // This is strange, but not a catastrophic failure.
   if (!exists) {
     MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
-            ("%s doesn't exist?", PromiseFlatCString(moduleDBFilename).get()));
+            ("%s doesn't exist?", moduleDBFilename.get()));
     return NS_OK;
   }
   nsCOMPtr<nsIFile> destDBFile = do_CreateInstance("@mozilla.org/file/local;1");
   if (!destDBFile) {
     return NS_ERROR_FAILURE;
   }
   rv = destDBFile->InitWithNativePath(profilePath);
   if (NS_FAILED(rv)) {
@@ -1841,32 +1840,16 @@ AttemptToRenamePKCS11ModuleDB(const nsAC
     return rv;
   }
   // This may fail on, e.g., a read-only file system. This would be unfortunate,
   // but again it isn't catastropic and we would want to fall back to
   // initializing NSS in no-DB mode.
   Unused << dbFile->MoveToNative(profileDir, destModuleDBFilename);
   return NS_OK;
 }
-
-// We may be using the legacy databases, in which case we need to use
-// "secmod.db". We may be using the sqlite-backed databases, in which case we
-// need to use "pkcs11.txt".
-static nsresult
-AttemptToRenameBothPKCS11ModuleDBVersions(const nsACString& profilePath)
-{
-  NS_NAMED_LITERAL_CSTRING(legacyModuleDBFilename, "secmod.db");
-  NS_NAMED_LITERAL_CSTRING(sqlModuleDBFilename, "pkcs11.txt");
-  nsresult rv = AttemptToRenamePKCS11ModuleDB(profilePath,
-                                              legacyModuleDBFilename);
-  if (NS_FAILED(rv)) {
-    return rv;
-  }
-  return AttemptToRenamePKCS11ModuleDB(profilePath, sqlModuleDBFilename);
-}
 #endif // ifndef ANDROID
 
 // Given a profile directory, attempt to initialize NSS. If nocertdb is true,
 // (or if we don't have a profile directory) simply initialize NSS in no DB mode
 // and return. Otherwise, first attempt to initialize in read/write mode, and
 // then read-only mode if that fails. If both attempts fail, we may be failing
 // to initialize an NSS DB collection that has FIPS mode enabled. Attempt to
 // ascertain if this is the case, and if so, rename the offending PKCS#11 module
@@ -1906,28 +1889,22 @@ InitializeNSSWithFallbacks(const nsACStr
   if (srv == SECSuccess) {
     MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("initialized NSS in r-o mode"));
     return NS_OK;
   }
 #ifndef ANDROID
   savedPRErrorCode2 = PR_GetError();
 #endif // ifndef ANDROID
 
-  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
-          ("failed to initialize NSS with codes %d %d", savedPRErrorCode1,
-           savedPRErrorCode2));
-
 #ifndef ANDROID
   // That failed as well. Maybe we're trying to load a PKCS#11 module DB that is
   // in FIPS mode, but we don't support FIPS? Test load NSS without PKCS#11
   // modules. If that succeeds, that's probably what's going on.
   if (!safeMode && (savedPRErrorCode1 == SEC_ERROR_LEGACY_DATABASE ||
-                    savedPRErrorCode2 == SEC_ERROR_LEGACY_DATABASE ||
-                    savedPRErrorCode1 == SEC_ERROR_PKCS11_DEVICE_ERROR ||
-                    savedPRErrorCode2 == SEC_ERROR_PKCS11_DEVICE_ERROR)) {
+                    savedPRErrorCode2 == SEC_ERROR_LEGACY_DATABASE)) {
     MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("attempting no-module db init"));
     // It would make sense to initialize NSS in read-only mode here since this
     // is just a test to see if the PKCS#11 module DB being in FIPS mode is the
     // problem, but for some reason the combination of read-only and no-moddb
     // flags causes NSS initialization to fail, so unfortunately we have to use
     // read-write mode.
     srv = ::mozilla::psm::InitializeNSS(profilePathCStr.get(), false, false);
     if (srv == SECSuccess) {
@@ -1936,17 +1913,17 @@ InitializeNSSWithFallbacks(const nsACStr
       srv = NSS_Shutdown();
       if (srv != SECSuccess) {
         return NS_ERROR_FAILURE;
       }
       MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("trying to rename module db"));
       // If this fails non-catastrophically, we'll attempt to initialize NSS
       // again in r/w then r-o mode (both of which will fail), and then we'll
       // fall back to NSS_NoDB_Init, which is the behavior we want.
-      nsresult rv = AttemptToRenameBothPKCS11ModuleDBVersions(profilePath);
+      nsresult rv = AttemptToRenamePKCS11ModuleDB(profilePath);
       if (NS_FAILED(rv)) {
         return rv;
       }
       srv = ::mozilla::psm::InitializeNSS(profilePathCStr.get(), false, true);
       if (srv == SECSuccess) {
         MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("initialized in r/w mode"));
         return NS_OK;
       }