The build always uses them anyways, but configure tests don't, and some
of them fail as a consequence in some cases (example: when UBsan is
enabled, all AC_LANG_CPLUSPLUS + AC_CHECK_FUNCS tests fail). We also had
similar problems in the past, such as bug 1513605.
By adding the PIC flags to CFLAGS and CXXFLAGS, we ensure old-configure
tests use the flags as well.
While here, we also remove DSO_CFLAGS, which was always empty, and we
stop passing -fPIC to wasm compiles, because it has no effect there.
Differential Revision: https://phabricator.services.mozilla.com/D108560
The build always uses them anyways, but configure tests don't, and some
of them fail as a consequence in some cases (example: when UBsan is
enabled, all AC_LANG_CPLUSPLUS + AC_CHECK_FUNCS tests fail). We also had
similar problems in the past, such as bug 1513605.
By adding the PIC flags to CFLAGS and CXXFLAGS, we ensure old-configure
tests use the flags as well.
While here, we also remove DSO_CFLAGS, which was always empty, and we
stop passing -fPIC to wasm compiles, because it has no effect there.
Differential Revision: https://phabricator.services.mozilla.com/D108560
At the same time, remove the global define, which isn't necessary and
triggers some rebuilds. Nothing is using MOZ_UPDATE_AGENT right now
so it's safe to enable more broadly, and it will be used to gate new
background update work.
Differential Revision: https://phabricator.services.mozilla.com/D102786
At the same time, remove the global define, which isn't necessary and
triggers some rebuilds. Nothing is using MOZ_UPDATE_AGENT right now
so it's safe to enable more broadly, and it will be used to gate new
background update work.
Differential Revision: https://phabricator.services.mozilla.com/D102786
We already know the project name, we should unbundle it
from the project path.
This change is possible due to the work in 1664083,
and puts us back to the state before 1255185.
Differential Revision: https://phabricator.services.mozilla.com/D106293
Spidermonkey package builds don't have MOZ_AUTOMATION set (for good
reasons), which means they don't automatically get the sysroot through
MOZ_FETCHES_DIR. We need a way for that particular build to set its
sysroot.
Because the setup for sysroot is more elaborated than adding --sysroot
to C{,XX}FLAGS, it's more convenient to have an option for this.
And while at it, we might as well make that a full-fledged option,
although, we only make it available when targetting Linux (although it
could be useful for other OSes, but there's overlap with other options
on Android, and Mac, so for now, Linux-only will do).
This also allows to pass --without-sysroot along with
--enable-bootstrap, where the bootstrapped sysroot is not used.
Differential Revision: https://phabricator.services.mozilla.com/D106352
This means --enable-bootstrap now is the same as what
--enable-bootstrap=install currently does. --enable-bootstrap=install is at the
same time desupported.
We also remove --enable-bootstrap=update, which is not worth supporting.
Differential Revision: https://phabricator.services.mozilla.com/D105719
This changes things such that setting e.g. NASM=/usr/bin/nasm will avoid
bootstrapping nasm even when bootstrapping is enabled.
This is not applied to CC/CXX/HOST_CC/HOST_CXX because things are more
complicated.
This also simplifies how check_prog is called for a bootstrapped tool,
and avoids the repetition of when.
CBINDGEN handling needs the pattern being applied manually because it
currently doesn't use check_prog. Once --enable-bootstrap=install
becomes the default on developer builds, it will be possible to simplify
this.
Differential Revision: https://phabricator.services.mozilla.com/D105718
Because --with-ccache without a value fulfills a @depends_if, we need to
check for the length. And because we check the length, we can just use a
@depends.
Differential Revision: https://phabricator.services.mozilla.com/D106084
- Only bootstrap sccache when building with --with-ccache=sccache or
CCACHE=sccache
- Don't bootstrap dump_syms or nasm on builds that don't compile
Differential Revision: https://phabricator.services.mozilla.com/D105704
Instead of preemptively check for it, and then check if it's good enough to
build AV1, only check for (and bootstrap) nasm when building AV1 requires
it.
At the same time, we future-proof the code to be able to handle multiple
things requiring nasm, which we're going to add shortly.
Differential Revision: https://phabricator.services.mozilla.com/D105425
We want to find the full path to the correct `lldb-server` in the NDK.
We reference this variable in a later patch when preparing the device for
debugging.
Differential Revision: https://phabricator.services.mozilla.com/D94380
None of HAVE_NASM, HAVE_YASM, NASM_MAJOR_VERSION and NASM_MINOR_VERSION are
used. Also, the YASM variable is not necessary for old-configure anymore.
Differential Revision: https://phabricator.services.mozilla.com/D105269
* Puts the docs in order, so that contributors aren't jumping to the
middle of the page to install system tools, then back to the top to
clone Firefox.
* Removes docs on MacPorts since it's being removed in bug 1688263.
* Removes step to manually install brew packages since that happens
automatically in bootstrap now.
* Simplifies mercurial installation docs
* Removes unnecessary mozconfig-tweaking instructions
* Removes almost-always-unnecessary DEFINE and troubleshooting
information.
Differential Revision: https://phabricator.services.mozilla.com/D102973
Bug 1690930 added sysroots that can be bootstrapped. With this change,
we allow --enable-bootstrap=install to pull the right sysroot for the
configured target, and --enable-bootstrap to update it if it was already
there.
Differential Revision: https://phabricator.services.mozilla.com/D104797
We used to only push to opt-level=2 on --enable-release builds, to make
local builds faster with opt-level=1. Years later, it seems opt-level=2 makes no noticeable
difference in build times vs. opt-level=1, neither on my Threadripper
workstation at -j64 or my M1 Macbook Air at -j4.
That's one less difference to carry.
Differential Revision: https://phabricator.services.mozilla.com/D103266
2021-01-22 Kevin Jacobs <kjacobs@mozilla.com>
* automation/abi-check/previous-nss-release, lib/nss/nss.h,
lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.62 Beta
[680ec01577b9]
2021-01-23 Kevin Jacobs <kjacobs@mozilla.com>
* tests/chains/scenarios/nameconstraints.cfg,
tests/libpkix/certs/NameConstraints.ipaca.cert,
tests/libpkix/certs/NameConstraints.ocsp1.cert:
Bug 1686134 - Renew two chains libpkix test certificates. r=rrelyea
[3ddcd845704c]
2021-01-25 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/common/testvectors/hpke-vectors.h,
gtests/pk11_gtest/pk11_hpke_unittest.cc, lib/pk11wrap/pk11hpke.c,
lib/pk11wrap/pk11hpke.h, lib/pk11wrap/pk11pub.h:
Bug 1678398 - Update HPKE to draft-07. r=mt
This patch updates HPKE to draft-07. A few other minor changes are
included:
- Refactor HPKE gtests for increased parameterized testing.
- Replace memcpy calls with PORT_Memcpy
- Serialization tweaks to make way for context Export/Import (D99277).
This should not be landed without an ECH update, as fixed ECH test
vectors will otherwise fail to decrypt.
[e0bf8cadadc7]
* automation/abi-check/expected-report-libnss3.so.txt,
gtests/pk11_gtest/pk11_hpke_unittest.cc, lib/nss/nss.def,
lib/pk11wrap/pk11hpke.c, lib/pk11wrap/pk11pub.h:
Bug 1678398 - Add Export/Import functions for HPKE context. r=mt
This patch adds and exports two new HPKE functions:
`PK11_HPKE_ExportContext` and `PK11_HPKE_ImportContext`, which are
used to export a serialized HPKE context, then later reimport that
context and resume Open and Export operations. Only receiver
contexts are currently supported for export (see the rationale in
pk11pub.h).
One other change introduced here is that `PK11_HPKE_GetEncapPubKey`
now works as expected on the receiver side.
If the `wrapKey` argument is provided to the Export/Import
functions, then the symmetric keys are wrapped with AES Key Wrap
with Padding (SP800-38F, 6.3) prior to serialization.
[8bcd12ab3b34]
* automation/abi-check/expected-report-libssl3.so.txt,
gtests/ssl_gtest/libssl_internals.c,
gtests/ssl_gtest/libssl_internals.h,
gtests/ssl_gtest/ssl_extension_unittest.cc,
gtests/ssl_gtest/tls_ech_unittest.cc, lib/ssl/ssl3con.c,
lib/ssl/ssl3ext.c, lib/ssl/ssl3ext.h, lib/ssl/sslexp.h,
lib/ssl/sslimpl.h, lib/ssl/sslsecur.c, lib/ssl/sslsock.c,
lib/ssl/sslt.h, lib/ssl/tls13con.c, lib/ssl/tls13con.h,
lib/ssl/tls13ech.c, lib/ssl/tls13ech.h, lib/ssl/tls13exthandle.c,
lib/ssl/tls13exthandle.h, lib/ssl/tls13hashstate.c,
lib/ssl/tls13hashstate.h:
Bug 1681585 - Update ECH to Draft-09. r=mt
This patch updates ECH implementation to draft-09. Changes of note
are:
- Acceptance signal derivation is now based on the handshake secret.
- `config_id` hint changes from 32B to 8B, trial decryption added on
the server.
- Duplicate code in HRR cookie handling has been consolidated into
`tls13_HandleHrrCookie`.
- `ech_is_inner` extension is added, which causes a server to indicate
ECH acceptance.
- Per the above, support signaling ECH acceptance when acting as a
backend server in split-mode (i.e. when there is no other local
Encrypted Client Hello state).
[ed07a2e2a124]
2021-01-24 Kevin Jacobs <kjacobs@mozilla.com>
* cmd/selfserv/selfserv.c:
Bug 1681585 - Add ECH support to selfserv. r=mt
Usage example: mkdir dbdir && cd dbdir certutil -N -d . certutil -S
-s "CN=ech-public.com" -n ech-public.com -x -t "C,C,C" -m 1234 -d .
certutil -S -s "CN=ech-private-backend.com" -n ech-private-
backend.com -x -t "C,C,C" -m 2345 -d . ../dist/Debug/bin/selfserv -a
ech-public.com -a ech-private-backend.com -n ech-public.com -n ech-
private-backend.com -p 8443 -d dbdir/ -X publicname:ech-public.com
(Copy echconfig from selfserv output and paste into the below
command) ../dist/Debug/bin/tstclnt -D -p 8443 -v -A
tests/ssl/sslreq.dat -h ech-private-backend.com -o -N <echconfig> -v
[92dcda94c1d4]
Differential Revision: https://phabricator.services.mozilla.com/D102982
This adds a --enable-bootstrap build flag that will automatically update
cbindgen, node, clang, sccache, nasm, wine, lucetc, dump_syms, pdbstr,
and winchecksec if they are already installed in ~/.mozbuild.
Eventually, we'll want to allow to install toolchains that weren't
already install, but one step at a time.
This explicitly doesn't cover rustc, which is its own can of worms, or
android-{ndk,sdk}, which are not installed via toolchain artifacts
currently.
Differential Revision: https://phabricator.services.mozilla.com/D101723
Instead of adding all possible tool paths from ~/.mozbuild, we only
add the relevant paths for each of the tools we search for.
Differential Revision: https://phabricator.services.mozilla.com/D101718
The only thing that varies between toolchain_search_path and
host_toolchain_search_path is the path to the MSVC C/C++ compiler and
tools, because MSVC has a different compiler for each platform, and host
and target platforms may differ (when e.g. compiling for arm64 on
x86_64).
However, we don't use the MSVC compiler anymore, and the only thing we
use its path for is the assembler, which we don't use for host things
(and we don't have a HOST_AS), and to derive the path to some system
headers/SDK.
Differential Revision: https://phabricator.services.mozilla.com/D101714
Agi Sferro
Alexandru Michis
Mike Hommey
Csoregi Natalia
Nick Alexander
Christian Holler
Cosmin Sabou
Mitchell Hentges
Benjamin Beurdouche
Butkovits Atila
Calixte Denizet
Noemi Erli
Dorel Luca
Aaron Klotz
David Major
Kevin Jacobs