summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMartin Thomson <mt@lowentropy.net>2019-04-29 15:27:25 +1000
committerMartin Thomson <mt@lowentropy.net>2019-04-29 15:27:25 +1000
commit6b580f637d3bedd098b0ab8fd0b3920aa5b9dd4e (patch)
tree73e9d674bfc59b3c35c16cb48f982fb2666a1a9a
parent34c4c8d461cd9c4bcb970cbfb6d3b1bc4cebcc07 (diff)
downloadnss-hg-6b580f637d3bedd098b0ab8fd0b3920aa5b9dd4e.tar.gz
Bug 1543545 - Option to produce static libraries, r=kevinjacobs
Summary: The fine folks in application services would like to use NSS, but would greatly prefer static linking. Part of that is driven by iOS constraints on performance and a possible rejection from the store for dynamic linking (NSS dynamically loads softoken). This provides a build option that produces a fully statically linked set of libraries. Reviewers: KevinJacobs Tags: #secure-revision Bug #: 1543545 Differential Revision: https://phabricator.services.mozilla.com/D29303
-rwxr-xr-xbuild.sh3
-rw-r--r--coreconf/config.gypi9
-rw-r--r--coreconf/fuzz.sh2
-rw-r--r--gtests/pk11_gtest/pk11_gtest.gyp16
-rw-r--r--gtests/softoken_gtest/softoken_gtest.gyp2
-rw-r--r--gtests/ssl_gtest/ssl_gtest.gyp2
-rw-r--r--help.txt1
-rw-r--r--lib/pk11wrap/pk11load.c8
-rw-r--r--lib/pk11wrap/pk11wrap.gyp2
-rw-r--r--lib/softoken/pkcs11.c2
-rw-r--r--lib/softoken/softoken.gyp2
11 files changed, 30 insertions, 19 deletions
diff --git a/build.sh b/build.sh
index 66f598181..5501fe747 100755
--- a/build.sh
+++ b/build.sh
@@ -94,7 +94,8 @@ while [ $# -gt 0 ]; do
--sancov=?*) enable_sancov "${1#*=}" ;;
--emit-llvm) gyp_params+=(-Demit_llvm=1 -Dsign_libs=0) ;;
--no-zdefs) gyp_params+=(-Dno_zdefs=1) ;;
- --test) gyp_params+=(-Dtest_build=1) ;;
+ --test) gyp_params+=(-Dtest_build=1 -Dstatic_libs=1) ;;
+ --static) gyp_params+=(-Dstatic_libs=1) ;;
--ct-verif) gyp_params+=(-Dct_verif=1) ;;
--nspr) nspr_clean; rebuild_nspr=1 ;;
--with-nspr=?*) set_nspr_path "${1#*=}"; no_local_nspr=1 ;;
diff --git a/coreconf/config.gypi b/coreconf/config.gypi
index 761393d54..1dde15fe3 100644
--- a/coreconf/config.gypi
+++ b/coreconf/config.gypi
@@ -99,6 +99,7 @@
'moz_folded_library_name%': '',
'sanitizer_flags%': 0,
'test_build%': 0,
+ 'static_libs%': 0,
'no_zdefs%': 0,
'fuzz%': 0,
'fuzz_tls%': 0,
@@ -122,6 +123,7 @@
'variables': {
'mapfile%': '',
'test_build%': 0,
+ 'static_libs%': 0,
'debug_optimization_level%': '0',
'release_optimization_level%': '2',
},
@@ -142,6 +144,11 @@
'NSS_NO_INIT_SUPPORT',
],
}],
+ [ 'static_libs==1', {
+ 'variables': {
+ 'standalone_static_library': '1',
+ },
+ }],
[ 'OS!="android" and OS!="mac" and OS!="win"', {
'libraries': [
'-lpthread',
@@ -257,7 +264,7 @@
}],
}]
],
- }, 'test_build==1 and _type=="shared_library"', {
+ }, 'static_libs==1 and _type=="shared_library"', {
# When linking a shared lib against a static one, XCode doesn't
# export the latter's symbols by default. -all_load fixes that.
'xcode_settings': {
diff --git a/coreconf/fuzz.sh b/coreconf/fuzz.sh
index c7b8844b6..ef5c53c9d 100644
--- a/coreconf/fuzz.sh
+++ b/coreconf/fuzz.sh
@@ -14,7 +14,7 @@ if [ -z "$CC" ]; then
export CXX=clang++
fi
-gyp_params+=(-Dtest_build=1 -Dfuzz=1 -Dsign_libs=0)
+gyp_params+=(-Dtest_build=1 -Dstatic_libs=1 -Dfuzz=1 -Dsign_libs=0)
# Add debug symbols even for opt builds.
nspr_params+=(--enable-debug-symbols)
diff --git a/gtests/pk11_gtest/pk11_gtest.gyp b/gtests/pk11_gtest/pk11_gtest.gyp
index c8d04f017..dc2850a42 100644
--- a/gtests/pk11_gtest/pk11_gtest.gyp
+++ b/gtests/pk11_gtest/pk11_gtest.gyp
@@ -29,27 +29,29 @@
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
- '<(DEPTH)/lib/util/util.gyp:nssutil3',
'<(DEPTH)/cpputil/cpputil.gyp:cpputil',
'<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
],
'conditions': [
- [ 'test_build==1', {
+ [ 'static_libs==1', {
'dependencies': [
- '<(DEPTH)/lib/nss/nss.gyp:nss_static',
- '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
- '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
- '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
- '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
'<(DEPTH)/lib/base/base.gyp:nssb',
+ '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
+ '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
+ '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
'<(DEPTH)/lib/dev/dev.gyp:nssdev',
+ '<(DEPTH)/lib/freebl/freebl.gyp:freebl_static',
+ '<(DEPTH)/lib/nss/nss.gyp:nss_static',
+ '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
'<(DEPTH)/lib/pki/pki.gyp:nsspki',
'<(DEPTH)/lib/ssl/ssl.gyp:ssl',
+ '<(DEPTH)/lib/util/util.gyp:nssutil',
],
}, {
'dependencies': [
'<(DEPTH)/lib/nss/nss.gyp:nss3',
'<(DEPTH)/lib/ssl/ssl.gyp:ssl3',
+ '<(DEPTH)/lib/util/util.gyp:nssutil3',
],
}],
],
diff --git a/gtests/softoken_gtest/softoken_gtest.gyp b/gtests/softoken_gtest/softoken_gtest.gyp
index cff0ea414..42b9f1e76 100644
--- a/gtests/softoken_gtest/softoken_gtest.gyp
+++ b/gtests/softoken_gtest/softoken_gtest.gyp
@@ -19,7 +19,7 @@
'<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
],
'conditions': [
- [ 'test_build==1', {
+ [ 'static_libs==1', {
'dependencies': [
'<(DEPTH)/lib/nss/nss.gyp:nss_static',
'<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
diff --git a/gtests/ssl_gtest/ssl_gtest.gyp b/gtests/ssl_gtest/ssl_gtest.gyp
index 8dbd9fa34..fb0a8701e 100644
--- a/gtests/ssl_gtest/ssl_gtest.gyp
+++ b/gtests/ssl_gtest/ssl_gtest.gyp
@@ -76,7 +76,7 @@
'<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix',
],
'conditions': [
- [ 'test_build==1', {
+ [ 'static_libs==1', {
'dependencies': [
'<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
],
diff --git a/help.txt b/help.txt
index 210c054b1..547400b8e 100644
--- a/help.txt
+++ b/help.txt
@@ -40,6 +40,7 @@ NSS build tool options:
(requires the gold linker, use clang-3.8 for SAW)
--no-zdefs don't set -Wl,-z,defs
--test ignore map files and export everything we have
+ --static create static libraries and use static linking
--ct-verif build with valgrind for ct-verif
--nspr force a rebuild of NSPR
--with-nspr use the NSPR build at the given locations
diff --git a/lib/pk11wrap/pk11load.c b/lib/pk11wrap/pk11load.c
index d1f6ec442..45590fff9 100644
--- a/lib/pk11wrap/pk11load.c
+++ b/lib/pk11wrap/pk11load.c
@@ -353,7 +353,7 @@ SECMOD_SetRootCerts(PK11SlotInfo *slot, SECMODModule *mod)
}
}
-#ifndef NSS_TEST_BUILD
+#ifndef NSS_STATIC_SOFTOKEN
static const char *my_shlib_name =
SHLIB_PREFIX "nss" SHLIB_VERSION "." SHLIB_SUFFIX;
static const char *softoken_shlib_name =
@@ -403,7 +403,7 @@ secmod_LoadPKCS11Module(SECMODModule *mod, SECMODModule **oldModule)
/* internal modules get loaded from their internal list */
if (mod->internal && (mod->dllName == NULL)) {
-#ifdef NSS_TEST_BUILD
+#ifdef NSS_STATIC_SOFTOKEN
entry = (CK_C_GetFunctionList)NSC_GetFunctionList;
#else
/*
@@ -430,7 +430,7 @@ secmod_LoadPKCS11Module(SECMODModule *mod, SECMODModule **oldModule)
if (mod->isModuleDB) {
mod->moduleDBFunc = (CK_C_GetFunctionList)
-#ifdef NSS_TEST_BUILD
+#ifdef NSS_STATIC_SOFTOKEN
NSC_ModuleDBFunc;
#else
PR_FindSymbol(softokenLib, "NSC_ModuleDBFunc");
@@ -612,7 +612,7 @@ SECMOD_UnloadModule(SECMODModule *mod)
* if not, we should change this to SECFailure and move it above the
* mod->loaded = PR_FALSE; */
if (mod->internal && (mod->dllName == NULL)) {
-#ifndef NSS_TEST_BUILD
+#ifndef NSS_STATIC_SOFTOKEN
if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) {
if (softokenLib) {
disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
diff --git a/lib/pk11wrap/pk11wrap.gyp b/lib/pk11wrap/pk11wrap.gyp
index 35fdacef9..17de8add4 100644
--- a/lib/pk11wrap/pk11wrap.gyp
+++ b/lib/pk11wrap/pk11wrap.gyp
@@ -10,7 +10,7 @@
'target_name': 'pk11wrap_static',
'type': 'static_library',
'defines': [
- 'NSS_TEST_BUILD',
+ 'NSS_STATIC_SOFTOKEN',
],
'dependencies': [
'pk11wrap_base',
diff --git a/lib/softoken/pkcs11.c b/lib/softoken/pkcs11.c
index c9307e7cc..8fc9eda81 100644
--- a/lib/softoken/pkcs11.c
+++ b/lib/softoken/pkcs11.c
@@ -3157,7 +3157,7 @@ nsc_CommonFinalize(CK_VOID_PTR pReserved, PRBool isFIPS)
* this call doesn't force freebl to be reloaded. */
BL_SetForkState(PR_FALSE);
-#ifndef NSS_TEST_BUILD
+#ifndef NSS_STATIC_SOFTOKEN
/* unload freeBL shared library from memory. This may only decrement the
* OS refcount if it's been loaded multiple times, eg. by libssl */
BL_Unload();
diff --git a/lib/softoken/softoken.gyp b/lib/softoken/softoken.gyp
index ba917cfc8..c966e4719 100644
--- a/lib/softoken/softoken.gyp
+++ b/lib/softoken/softoken.gyp
@@ -10,7 +10,7 @@
'target_name': 'softokn_static',
'type': 'static_library',
'defines': [
- 'NSS_TEST_BUILD',
+ 'NSS_STATIC_SOFTOKEN',
],
'dependencies': [
'softokn_base',