1 # -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
2 # vim: set filetype=python:
3 # This Source Code Form is subject to the terms of the Mozilla Public
4 # License, v. 2.0. If a copy of the MPL was not distributed with this
5 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 BUG_COMPONENT = ("Core", "Security: PSM")
10 with Files("generate*.py"):
11 BUG_COMPONENT = ("Firefox Build System", "General")
14 BUG_COMPONENT = ("NSS", "Libraries")
16 with Files("nss.symbols"):
17 BUG_COMPONENT = ("NSS", "Libraries")
19 if CONFIG["MOZ_SYSTEM_NSS"]:
21 OS_LIBS += CONFIG["NSS_LIBS"]
23 include("/build/gyp_base.mozbuild")
24 if CONFIG["MOZ_FOLD_LIBS"]:
25 GeckoSharedLibrary("nss", linkage=None)
26 # TODO: The library name can be changed when bug 845217 is fixed.
27 SHARED_LIBRARY_NAME = "nss3"
39 OS_LIBS += CONFIG["REALTIME_LIBS"]
41 SYMBOLS_FILE = "nss.symbols"
42 # This changes the default targets in the NSS build, among
44 gyp_vars["moz_fold_libs"] = 1
45 # Some things in NSS need to link against nssutil, which
46 # gets folded, so this tells them what to link against.
47 gyp_vars["moz_folded_library_name"] = "nss"
48 # Force things in NSS that want to link against NSPR to link
49 # against the folded library.
50 gyp_vars["nspr_libs"] = "nss"
51 elif not CONFIG["MOZ_SYSTEM_NSS"]:
60 gyp_vars["nspr_libs"] = "nspr"
62 gyp_vars["nspr_libs"] = "nspr"
63 # Bug 1805371: We need a static copy of NSS for the tlsserver test
64 # binaries even when building with system NSS. But there's no good
65 # way to build NSS that does not pollute dist/bin with shared
66 # object files. For now, we have to build mozpkix only and disable
68 gyp_vars["mozpkix_only"] = 1
70 # This disables building some NSS tools.
71 gyp_vars["mozilla_client"] = 1
73 # This builds NSS tools in COMM applications that Firefox doesn't build.
74 if CONFIG["MOZ_BUILD_APP"].startswith("comm/"):
75 gyp_vars["comm_client"] = 1
77 # We run shlibsign as part of packaging, not build.
78 gyp_vars["sign_libs"] = 0
79 gyp_vars["python"] = CONFIG["PYTHON3"]
80 # The NSS gyp files do not have a default for this.
81 gyp_vars["nss_dist_dir"] = "$PRODUCT_DIR/dist"
82 # NSS wants to put public headers in $nss_dist_dir/public/nss by default,
83 # which would wind up being mapped to dist/include/public/nss (by
84 # gyp_reader's `handle_copies`).
85 # This forces it to put them in dist/include/nss.
86 gyp_vars["nss_public_dist_dir"] = "$PRODUCT_DIR/dist"
87 gyp_vars["nss_dist_obj_dir"] = "$PRODUCT_DIR/dist/bin"
88 # We don't currently build NSS tests.
89 gyp_vars["disable_tests"] = 1
90 gyp_vars["disable_dbm"] = 1
91 gyp_vars["disable_libpkix"] = 1
92 gyp_vars["enable_sslkeylogfile"] = 1
93 # Whether we're using system NSS or Rust nssckbi, we don't need
95 gyp_vars["disable_ckbi"] = 1
96 # pkg-config won't reliably find zlib on our builders, so just force it.
97 # System zlib is only used for modutil and signtool unless
98 # SSL zlib is enabled, which we are disabling immediately below this.
99 gyp_vars["zlib_libs"] = "-lz"
100 gyp_vars["ssl_enable_zlib"] = 0
101 # System sqlite here is the in-tree mozsqlite.
102 gyp_vars["use_system_sqlite"] = 1
103 gyp_vars["sqlite_libs"] = "sqlite"
104 gyp_vars["enable_draft_hpke"] = 1
105 # This makes a block in security/nss/coreconf/config.gypi happy, but it
106 # doesn't actually matter because it's for xcode settings, which the
107 # build system ignores.
108 gyp_vars["iphone_deployment_target"] = "doesntmatter"
110 # Clang can build NSS with its integrated assembler since version 9.
112 CONFIG["TARGET_CPU"] == "x86_64"
113 and CONFIG["CC_TYPE"] == "clang"
114 and int(CONFIG["CC_VERSION"].split(".")[0]) >= 9
116 gyp_vars["force_integrated_as"] = 1
119 if CONFIG["MOZ_SYSTEM_NSPR"]:
120 gyp_vars["nspr_include_dir"] = "%" + CONFIG["NSPR_INCLUDE_DIR"]
121 gyp_vars["nspr_lib_dir"] = "%" + CONFIG["NSPR_LIB_DIR"]
123 gyp_vars["nspr_include_dir"] = "!/dist/include/nspr"
124 gyp_vars["nspr_lib_dir"] = "" # gyp wants a value, but we don't need
127 # The Python scripts that detect clang need it to be set as CC
128 # in the environment, which isn't true here. I don't know that
129 # setting that would be harmful, but we already have this information
131 if CONFIG["CC_TYPE"] in ("clang", "clang-cl"):
132 gyp_vars["cc_is_clang"] = 1
133 if CONFIG["GCC_USE_GNU_LD"]:
134 gyp_vars["cc_use_gnu_ld"] = 1
137 GYP_DIRS["nss"].input = "nss/nss.gyp"
138 GYP_DIRS["nss"].variables = gyp_vars
141 # NSS explicitly exports its public symbols
142 # with linker scripts.
146 f for f in CONFIG["WARNINGS_CFLAGS"] if f != "-Wsign-compare"
149 # NSS' build system doesn't currently build NSS with PGO.
150 # We could probably do so, but not without a lot of
151 # careful consideration.
154 if CONFIG["OS_TARGET"] == "WINNT":
155 # We want to remove XP_WIN32 eventually. See bug 1535219 for details.
156 sandbox_vars["CFLAGS"] = [
158 "-Wno-error=unused-function", # bug 1856445
160 if CONFIG["TARGET_CPU"] == "x86":
161 # This should really be the default.
162 sandbox_vars["ASFLAGS"] = ["-safeseh"]
168 if CONFIG["OS_TARGET"] == "Android":
169 sandbox_vars["CFLAGS"] = [
171 TOPSRCDIR + "/security/manager/android_stub.h",
173 if CONFIG["ANDROID_VERSION"]:
174 sandbox_vars["CFLAGS"] += ["-DANDROID_VERSION=" + CONFIG["ANDROID_VERSION"]]
175 if CONFIG["MOZ_SYSTEM_NSS"]:
176 sandbox_vars["CXXFLAGS"] = CONFIG["NSS_CFLAGS"]
177 GYP_DIRS["nss"].sandbox_vars = sandbox_vars
178 GYP_DIRS["nss"].no_chromium = True
179 GYP_DIRS["nss"].no_unified = True
180 # This maps action names from gyp files to
181 # Python scripts that can be used in moz.build GENERATED_FILES.
182 GYP_DIRS["nss"].action_overrides = {
183 "generate_mapfile": "generate_mapfile.py",
186 if CONFIG["NSS_EXTRA_SYMBOLS_FILE"]:
187 DEFINES["NSS_EXTRA_SYMBOLS_FILE"] = CONFIG["NSS_EXTRA_SYMBOLS_FILE"]
189 SPHINX_TREES["nss"] = "nss/doc/rst"
191 with Files("nss/doc/rst/**"):
192 SCHEDULES.exclusive = ["nss"]