Closed Bug 1343206 Opened 8 years ago Closed 8 years ago

Don't build NSS commands

Categories

(Firefox Build System :: General, defect)

Product:
Firefox Build System
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: franziskus, Unassigned)

Details

It looks like Firefox is currently building the NSS commands (in cmd/). This is probably not necessary. We could save some time here.
Some are used, like certutil or shlibsign, and maybe some others. It's also more of a NSS::Build thing.
Ah, interesting. Why do we use shlibsign? This is pretty much independent of the NSS build config as Firefox doesn't build a standard config. If you think there's nothing we can save here, close the bug. I was only surprised to see certain parts being build by Firefox.
We use certutil+pk12util for testing, we have a testing CA + some testing certs generated by that CA checked into the tree: https://dxr.mozilla.org/mozilla-central/source/build/pgo/certs and we install them into the profile we use to run Mochitest: https://dxr.mozilla.org/mozilla-central/rev/e1135c6fdc9bcd80d38f7285b269e030716dcb72/testing/mochitest/runtests.py#1642 We run shlibsign to generate the chk files on some builds during packaging (not Mac or cross-compiles): https://dxr.mozilla.org/mozilla-central/rev/e1135c6fdc9bcd80d38f7285b269e030716dcb72/toolkit/mozapps/installer/packager.py#110 We only really do that because historically we did. Given that FIPS mode seems to be broken entirely (bug 1337950) maybe we should just stop doing that? People who need FIPS should be using Firefox built against a system NSS that's FIPS certified.
Also, note that unless I screwed up in the gyp file, we are only supposed to be building a few of the NSS cmds: https://hg.mozilla.org/projects/nss/annotate/be2b42874670/nss.gyp#l107
I see. That makes sense. > Given that FIPS mode seems to be broken entirely (bug 1337950) maybe we should just stop doing that? People who need FIPS should be using Firefox built against a system NSS that's FIPS certified. I agree. But that's a bigger discussion. It got started but I don't think there's a decision yet. I close this one and we can come back for shlibsign later.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INVALID
Component: Build Config → General
Product: Firefox → Firefox Build System
You need to log in before you can comment on or make changes to this bug.