moz.build (8258B)
1 # -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- 2 # vim: set filetype=python: 3 # This Source Code Form is subject to the terms of the Mozilla Public 4 # License, v. 2.0. If a copy of the MPL was not distributed with this 5 # file, You can obtain one at http://mozilla.org/MPL/2.0/. 6 7 DIRS += ["abridged_certs", "qwac_trust_anchors"] 8 9 TEST_DIRS += ["tests"] 10 11 XPIDL_SOURCES += [ 12 "nsICertificateDialogs.idl", 13 "nsICertOverrideService.idl", 14 "nsICertStorage.idl", 15 "nsICertTree.idl", 16 "nsIClientAuthDialogService.idl", 17 "nsIClientAuthRememberService.idl", 18 "nsIContentSignatureVerifier.idl", 19 "nsICryptoHash.idl", 20 "nsIDataStorage.idl", 21 "nsINSSComponent.idl", 22 "nsINSSErrorsService.idl", 23 "nsINSSVersion.idl", 24 "nsIOSKeyStore.idl", 25 "nsIOSReauthenticator.idl", 26 "nsIPK11Token.idl", 27 "nsIPK11TokenDB.idl", 28 "nsIPKCS11Module.idl", 29 "nsIPKCS11ModuleDB.idl", 30 "nsIPKCS11Slot.idl", 31 "nsIPublicKeyPinningService.idl", 32 "nsISecretDecoderRing.idl", 33 "nsISecurityUITelemetry.idl", 34 "nsISiteSecurityService.idl", 35 "nsITLSSocketControl.idl", 36 "nsITokenPasswordDialogs.idl", 37 "nsITransportSecurityInfo.idl", 38 "nsIX509Cert.idl", 39 "nsIX509CertDB.idl", 40 "nsIX509CertValidity.idl", 41 ] 42 43 XPIDL_MODULE = "pipnss" 44 45 XPCOM_MANIFESTS += [ 46 "components.conf", 47 ] 48 49 EXTRA_JS_MODULES.psm += [ 50 "ClientAuthDialogService.sys.mjs", 51 "DER.sys.mjs", 52 "QWACs.sys.mjs", 53 "RemoteSecuritySettings.sys.mjs", 54 "X509.sys.mjs", 55 ] 56 57 EXPORTS += [ 58 "CommonSocketControl.h", 59 "CryptoTask.h", 60 "EnterpriseRoots.h", 61 "nsClientAuthRemember.h", 62 "nsNSSCallbacks.h", 63 "nsNSSCertificate.h", 64 "nsNSSComponent.h", 65 "nsNSSHelper.h", 66 "nsRandomGenerator.h", 67 "nsSecureBrowserUI.h", 68 "nsSecurityHeaderParser.h", 69 "NSSErrorsService.h", 70 "nsSSLSocketProvider.h", 71 "nsTLSSocketProvider.h", 72 "RootCertificateTelemetryUtils.h", 73 "ScopedNSSTypes.h", 74 "SharedCertVerifier.h", 75 "SSLServerCertVerification.h", 76 "TransportSecurityInfo.h", 77 ] 78 79 EXPORTS.mozilla += [ 80 "crypto_hash/crypto_hash_sha2.h", 81 "PublicSSL.h", 82 ] 83 84 EXPORTS.mozilla.psm += [ 85 "IPCClientCertsChild.h", 86 "IPCClientCertsParent.h", 87 "SelectTLSClientAuthCertChild.h", 88 "SelectTLSClientAuthCertParent.h", 89 "TransportSecurityInfo.h", 90 "VerifySSLServerCertChild.h", 91 "VerifySSLServerCertParent.h", 92 ] 93 94 UNIFIED_SOURCES += [ 95 "AppSignatureVerification.cpp", 96 "AppTrustDomain.cpp", 97 "CertStorageMemoryReporting.cpp", 98 "CommonSocketControl.cpp", 99 "ContentSignatureVerifier.cpp", 100 "CryptoTask.cpp", 101 "DataStorageManager.cpp", 102 "EnterpriseRoots.cpp", 103 "IPCClientCertsChild.cpp", 104 "IPCClientCertsParent.cpp", 105 "md4.c", 106 "nsCertOverrideService.cpp", 107 "nsCertTree.cpp", 108 "nsNSSCallbacks.cpp", 109 "nsNSSCertHelper.cpp", 110 "nsNSSCertificate.cpp", 111 "nsNSSCertificateDB.cpp", 112 "nsNSSCertTrust.cpp", 113 "nsNSSComponent.cpp", 114 "nsNSSIOLayer.cpp", 115 "nsNSSModule.cpp", 116 "nsNSSVersion.cpp", 117 "nsNTLMAuthModule.cpp", 118 "nsPK11TokenDB.cpp", 119 "nsPKCS11Slot.cpp", 120 "nsPKCS12Blob.cpp", 121 "nsRandomGenerator.cpp", 122 "nsSecureBrowserUI.cpp", 123 "nsSecurityHeaderParser.cpp", 124 "NSSErrorsService.cpp", 125 "nsSiteSecurityService.cpp", 126 "NSSKeyStore.cpp", 127 "nsSSLSocketProvider.cpp", 128 "NSSSocketControl.cpp", 129 "nsTLSSocketProvider.cpp", 130 "OSKeyStore.cpp", 131 "PDFSignatureVerification.cpp", 132 "PKCS11ModuleDB.cpp", 133 "PSMRunnable.cpp", 134 "PublicKeyPinningService.cpp", 135 "QWACs.cpp", 136 "QWACTrustDomain.cpp", 137 "RootCertificateTelemetryUtils.cpp", 138 "SecretDecoderRing.cpp", 139 "SSLServerCertVerification.cpp", 140 "TLSClientAuthCertSelection.cpp", 141 "TransportSecurityInfo.cpp", 142 "VerifySSLServerCertChild.cpp", 143 "VerifySSLServerCertParent.cpp", 144 "X509CertValidity.cpp", 145 ] 146 147 if CONFIG["OS_ARCH"] == "Darwin": 148 # On macOS this file includes CoreFoundation.h, which contains definitions 149 # that conflict with headers included in other unified source files. We 150 # compile this one independently to prevent that interference. 151 SOURCES += [ 152 "nsClientAuthRemember.cpp", 153 ] 154 else: 155 UNIFIED_SOURCES += [ 156 "nsClientAuthRemember.cpp", 157 ] 158 159 if CONFIG["OS_ARCH"] == "WINNT": 160 # On Windows this file includes ntsecapi.h, which contains definitions that 161 # conflict with headers included in other unified source files. We compile 162 # this one independently to prevent that interference. 163 SOURCES += [ 164 "OSReauthenticator.cpp", 165 ] 166 else: 167 UNIFIED_SOURCES += [ 168 "OSReauthenticator.cpp", 169 ] 170 171 if CONFIG["MOZ_WIDGET_TOOLKIT"] == "gtk": 172 UNIFIED_SOURCES += [ 173 "LibSecret.cpp", 174 ] 175 CFLAGS += CONFIG["GLIB_CFLAGS"] 176 CXXFLAGS += CONFIG["GLIB_CFLAGS"] 177 CFLAGS += CONFIG["MOZ_GTK3_CFLAGS"] 178 CXXFLAGS += CONFIG["MOZ_GTK3_CFLAGS"] 179 180 if CONFIG["TARGET_KERNEL"] == "Darwin": 181 UNIFIED_SOURCES += [ 182 "KeychainSecret.cpp", 183 "OSReauthenticatorDarwin.mm", 184 ] 185 OS_LIBS += [ 186 "-framework CoreFoundation", 187 "-framework LocalAuthentication", 188 "-framework Security", 189 ] 190 191 IPDL_SOURCES += [ 192 "PIPCClientCerts.ipdl", 193 "PSelectTLSClientAuthCert.ipdl", 194 "PSMIPCTypes.ipdlh", 195 "PVerifySSLServerCert.ipdl", 196 ] 197 198 # Required by OSClientCerts, IPCClientCerts and CredentialManagerSecret. 199 if CONFIG["OS_ARCH"] == "WINNT": 200 OS_LIBS += [ 201 "advapi32", 202 "bcrypt", 203 "credui", 204 "crypt32", 205 "kernel32", 206 "ncrypt", 207 "ntdll", 208 "synchronization", 209 "userenv", 210 "ws2_32", 211 ] 212 213 UNIFIED_SOURCES += [ 214 "CredentialManagerSecret.cpp", 215 ] 216 217 FINAL_LIBRARY = "xul" 218 219 LOCAL_INCLUDES += [ 220 "!/dist/public/nss", 221 "/dom/base", 222 "/dom/crypto", 223 "/netwerk/base", 224 "/security/certverifier", 225 "/third_party/rust/cose-c/include", 226 "/xpcom/base", 227 "/xpcom/build", 228 ] 229 230 GeneratedFile( 231 "nsSTSPreloadListGenerated.inc", 232 script="../../../xpcom/ds/tools/make_dafsa.py", 233 inputs=["nsSTSPreloadList.inc"], 234 ) 235 236 DEFINES["SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES"] = "True" 237 DEFINES["NSS_ENABLE_ECC"] = "True" 238 if CONFIG["MOZ_SYSTEM_NSS"]: 239 DEFINES["MOZ_SYSTEM_NSS"] = True 240 241 # mozpkix is linked statically from the in-tree sources independent of whether 242 # system NSS is used or not. 243 USE_LIBS += ["mozpkix"] 244 245 include("/ipc/chromium/chromium-config.mozbuild") 246 247 if CONFIG["CC_TYPE"] in ("clang", "gcc"): 248 CXXFLAGS += [ 249 "-Wextra", 250 # -Wextra enables this warning, but it's too noisy to be useful. 251 "-Wno-missing-field-initializers", 252 ] 253 254 # Gecko headers aren't warning-free enough for us to enable these warnings. 255 CXXFLAGS += [ 256 "-Wno-unused-parameter", 257 ] 258 259 headers_arrays_certs = [ 260 ( 261 "xpcshell.inc", 262 "xpcshellRoots", 263 [ 264 "tests/unit/test_signed_apps/xpcshellTestRoot.pem", 265 "tests/unit/test_signed_apps/xpcshellTestRoot2.pem", 266 ], 267 ), 268 ("addons-public.inc", "addonsPublicRoots", ["addons-public.pem"]), 269 ( 270 "addons-public-intermediate.inc", 271 "addonsPublicIntermediates", 272 [ 273 "addons-public-intermediate.pem", 274 "addons-public-2018-intermediate.pem", 275 ], 276 ), 277 ("addons-stage.inc", "addonsStageRoots", ["addons-stage.pem"]), 278 ( 279 "addons-stage-intermediate.inc", 280 "addonsStageIntermediates", 281 ["addons-stage-intermediate.pem"], 282 ), 283 ( 284 "content-signature-prod.inc", 285 "contentSignatureProdRoots", 286 ["content-signature-prod.pem"], 287 ), 288 ( 289 "content-signature-stage.inc", 290 "contentSignatureStageRoots", 291 ["content-signature-stage.pem"], 292 ), 293 # The dev root is the same as the stage root. 294 ( 295 "content-signature-dev.inc", 296 "contentSignatureDevRoots", 297 ["content-signature-stage.pem"], 298 ), 299 ( 300 "content-signature-local.inc", 301 "contentSignatureLocalRoots", 302 ["content-signature-local.pem"], 303 ), 304 ] 305 306 for header, array_name, certs in headers_arrays_certs: 307 GeneratedFile( 308 header, 309 script="gen_cert_header.py", 310 entry_point="generate", 311 inputs=certs, 312 flags=[array_name], 313 )