Enable debug output from the rust compiler when we're doing so
for the C/C++ compilers.
MozReview-Commit-ID: K0iqlPZ1Thu
--HG--
extra : rebase_source : 21220c0b7eeaa9036346e87d2bd1d475a129920e
Key size enforcement for TLS certificates happens at two levels: PSM and NSS.
PSM enforces a minimum of 1024 bits. NSS enforces a minimum of 1023 bits by
default. The NSS error is not overridable, but the PSM error is. This change
allows users to connect to devices with small RSA keys (as little as 512 bits)
using the certificate error override functionality.
MozReview-Commit-ID: 2TZ8c4I3hXC
--HG--
extra : rebase_source : a9c550f15261c711e789a670c90c129c65802ff0
Our current build system support for Rust compiles any Rust crate into a
so-called staticlib, which is a static library (.a file) that includes
the Rust runtime. That staticlib is then linked into libxul. For
supporting multiple crates, this approach breaks down, as linking
multiple copies of the Rust runtime is going to fail.
For supporting multiple crates, the approach taken here is to compile
each crate into a so-called rlib, which is essentially a staticlib
without the Rust runtime linked in. The build system takes note of
every crate destined for linking with libxul (treating them like static
libraries generated from C/C++ files), and generates a super-crate,
whimsically named "rul", that is compiled as a staticlib (so as to
include the Rust runtime) and then linked into libxul. Thus only one
copy of the Rust runtime is included, and the Rust compiler can take
care of any inter-crate dependencies.
This patch currently only supports Rust code in shared libraries, not in
binaries.
- Merge in test changes from Bug 1255784.
- Remove the unnecessary mutex
- Stop doing direct memory work in NSS Token
- Clean up direct memory work in ContentParent
- In order to store persistent crypto parameters, the NSSToken had to move
onto the main thread and be interfaced with via IDL/IPDL.
- Support Register/Sign via NSS using a long-lived secret key
- Rename the softtoken/usbtoken "enable" prefs, because of hierarchy issues
with the WebIDL Pref shadowing.
- Also orders the includes on nsNSSModule.cpp
- Attestation Certificates are in Part 2.
Updates per keeler review comments:
- Use //-style comments everywhere
- Refactor the PrivateKeyFromKeyHandle method
- Rename the logging and fix extraneous NS_WARN_IF/logging combinations
- Other updates from review
April 11-12:
- Correct usage of the "usageCount" flag for PK11_UnwrapPrivKey
- Rebase up to latest
April 15:
- Rebase to latest
MozReview-Commit-ID: 6T8jNmwFvHJ
--HG--
extra : transplant_source : w%26%CES%2Cu%04%3EAl%04%2Cb%E2v%C9%08%3A%CC%F4
Our current build system support for Rust compiles any Rust crate into a
so-called staticlib, which is a static library (.a file) that includes
the Rust runtime. That staticlib is then linked into libxul. For
supporting multiple crates, this approach breaks down, as linking
multiple copies of the Rust runtime is going to fail.
For supporting multiple crates, the approach taken here is to compile
each crate into a so-called rlib, which is essentially a staticlib
without the Rust runtime linked in. The build system takes note of
every crate destined for linking with libxul (treating them like static
libraries generated from C/C++ files), and generates a super-crate,
whimsically named "rul", that is compiled as a staticlib (so as to
include the Rust runtime) and then linked into libxul. Thus only one
copy of the Rust runtime is included, and the Rust compiler can take
care of any inter-crate dependencies.
This patch currently only supports Rust code in shared libraries, not in
binaries. The handling for the rul crate is placed in the common
backend, with a special hook for derived backends to handle shared
library objects.
In contrast to the GNU AS manual, the syntax for the .section directive
uses '%progbits' instead of '@progbits'; at least on ARM. Looking at the
ICU tools and the generated files confirms this.
Multiple people have complained that the build output of printing the
source files being built adds little value. I agree. The extra output
doesn't give really helpful progress info because sources can be built
in non-deterministic order. Furthermore, the extra output hides useful
output like compiler warnings.
This patch makes the default build system output even less verbose. We
no longer print the individual source targets when they are built. We do
still print the targets for binaries, so some sense of progress can be
inferred.
If people like verbosity, they can export the undocumented
BUILD_VERBOSE_LOG environment variable can be set to restore the old
behavior.
MozReview-Commit-ID: KeaeJJkjPJn
--HG--
extra : rebase_source : a90b4b82eeef48d9bd896b5c12907ce05a650d4d
Also fixes bug 926980 - load ICU data from an archive file.
Stop invoking ICU's autoconf build system. Instead, have hand-authored
moz.build files under config/external/icu to build what we need. In addition,
we'll commit a pre-built copy of the ICU data file (currently icudt56l.dat)
under config/external/icu/data to avoid having to build ICU host tools to
generate it. config/external/icu/data also contains some assembly files
which can generate an object file containing the ICU data file contents
so that the JS shell (or standalone JS builds) can be linked directly to
the data without having to deal with the external data file. This requires
yasm or GNU as.
Various bits of packaging have been updated to account for the ICU data file.
XPCOM initialization now sets the ICU data directory so ICU can locate its
data file.
The update-icu.sh script has been modified to read the list of C/C++ source
files out of the ICU Makefiles and update `sources.mozbuild` files under
config/external/icu, as well as build a local copy of ICU using its
autoconf build system to generate the ICU data file to be committed in-tree.
MozReview-Commit-ID: 8Pfkzqt6S1W
--HG--
extra : rebase_source : 31426cddddb5543e0191059ba2f2eb069abe7727
Gradle produces signed, unaligned APK files. We expect unsigned,
unaligned APK files. This change discards any existing signature,
turning a signed, unaligned APK into an unsigned, unaligned APK.
Sadly |zip -q| does not silence a warning message about "nothing to
do" so we pipe to /dev/null.
MozReview-Commit-ID: DnSGJCvHsym
--HG--
extra : rebase_source : ee7884847767c0a075e3cfd404ba695d07f47e93
extra : histedit_source : 6aaa07eac03d69668f8556b84d1c1bae51c8ea22
It's an opt-in flag that allows to display where the build is in
terminal window titles. The fact that it's opt-in and likely unknown
makes it very low-value, and the fact that it was added in an era where
builds were not very well parallelized made it have a meaning, but now
that builds are parallelized, its meaningfulness is diminished.
Let's just remove it.
When a built-in root certificate has its trust changed from the default value,
the platform has to essentially create a copy of it in the read/write
certificate database with the new trust settings. At that point, the desired
behavior is that the platform still considers that certificate a built-in root.
Before this patch, this would indeed happen for the duration of that run of the
platform, but as soon as it restarted, the certificate in question would only
appear to be from the read/write database, and thus was not considered a
built-in root. This patch changes the test of built-in-ness to explicitly
search the built-in certificate slot for the certificate in question. If found,
it is considered a built-in root.
MozReview-Commit-ID: HCtZpPQVEGZ
--HG--
extra : rebase_source : 759e9c5a7bb14f14a77e62eae2ba40c085f04ccd
They were behind WANT_MOZILLA_CONFIG_OS_VERSION, which nothing has been
setting ever since the ifdef was changed from
MOZILLA_CONFIG_IGNORE_OS_VERSION... in 2000. Not that anything was
setting MOZILLA_CONFIG_IGNORE_OS_VERSION either... well, at least not in
Gecko.
Our STL wrappers do various different things, one of which is including
mozalloc.h for infallible operator new. mozalloc.h includes stdlib.h,
which, in libstdc++ >= 6 is now itself a wrapper around cstdlib, which
circles back to our STL wrapper.
But of the things our STL wrappers do, including mozalloc.h is not one
that is necessary for cstdlib. So skip including mozalloc.h in our
cstdlib wrapper.
Additionally, some C++ sources (in media/mtransport) are including
headers in an extern "C" block, which end up including stdlib.h, which
ends up including cstdlib because really, this is all C++, and our
wrapper pre-includes <new> for mozalloc.h, which fails because templates
don't work inside extern "C". So, don't pre-include <new> when we're not
including mozalloc.h.
When a built-in root certificate has its trust changed from the default value,
the platform has to essentially create a copy of it in the read/write
certificate database with the new trust settings. At that point, the desired
behavior is that the platform still considers that certificate a built-in root.
Before this patch, this would indeed happen for the duration of that run of the
platform, but as soon as it restarted, the certificate in question would only
appear to be from the read/write database, and thus was not considered a
built-in root. This patch changes the test of built-in-ness to explicitly
search the built-in certificate slot for the certificate in question. If found,
it is considered a built-in root.
MozReview-Commit-ID: HCtZpPQVEGZ
--HG--
extra : rebase_source : 898ef37459723f1d8479cfdc58658ccb00e782a9