client.py - update_nssckbi - security/nss/TAG-INFO-CKBI

RESOLVED FIXED in mozilla13

Status

()

Core
Security: PSM
RESOLVED FIXED
6 years ago
5 years ago

People

(Reporter: kaie, Assigned: kaie)

Tracking

Trunk
mozilla13
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 2 obsolete attachments)

(Assignee)

Description

6 years ago
Created attachment 572059 [details] [diff] [review]
Patch v1

In the Mozilla application code, we sometimes apply a newer NSS roots module on top of the most recent NSS release.

When we do so, this information is difficult to notice in the code.
In order to improve visibility, I propose the following change:

- in addition to our existing security/nss/TAG-INFO
  introduce an additional file security/nss/TAG-CKBI-INFO

- file TAG-CKBI-INFO should contain the tag used for directory
  mozilla/security/nss/lib/ckfw/builtins

- whenever we use the old command update_nss
  (which will update all of NSS including the roots module)
  then let's write this tag into both files

- whenever we update only the roots module by using command update_nssckbi
  then let's this the tag to the new file TAG-CKBI-INFO


This new command has another benefit:

In the future, we don't need to deal with individual patches on the various Mozilla release branches. We can tell people to simply run this command to import the newer roots module.

Patch attached
Attachment #572059 - Flags: review?(bsmith)
Comment on attachment 572059 [details] [diff] [review]
Patch v1

LGTM. Since I know very little about how the root database module works, Bob should verify that the directories are the correct ones.
Attachment #572059 - Flags: review?(rrelyea)
Attachment #572059 - Flags: review?(bsmith)
Attachment #572059 - Flags: review+

Comment 2

5 years ago
Comment on attachment 572059 [details] [diff] [review]
Patch v1

>+    do_cvs_export(NSSCKBI_DIRS, tag, options.cvsroot, options.cvs)
>+    print >>file("security/nss/TAG-CKBI-INFO", "w"), tag

Kai, I recommend adding security/nss/lib/ckfw/builtins/TAG-INFO instead.

Comment 3

5 years ago
To elaborate on my recommendation: by using the same file name,
we can locate all the tag info files using a simple query like
http://mxr.mozilla.org/mozilla-central/find?text=&string=TAG-INFO
(Assignee)

Comment 4

5 years ago
(In reply to Wan-Teh Chang from comment #2)
> 
> Kai, I recommend adding security/nss/lib/ckfw/builtins/TAG-INFO instead.

Well, here is my motivation for the patch as is:

Only the NSS developers know about this "weird" separate versioning of that builtins directory.
If we hide that file inside that subdirectory, nobody will find it, except us experts.

By having both files next to each other in the security/nss directories, everyone will immediately notice there are two separate versions involved, even without prior education.
(Assignee)

Comment 5

5 years ago
(In reply to Wan-Teh Chang from comment #3)
> To elaborate on my recommendation: by using the same file name,
> we can locate all the tag info files using a simple query like
> http://mxr.mozilla.org/mozilla-central/find?text=&string=TAG-INFO

Sure, but are "we" really the target audience, or is the target audience tghe people who want to quickly learn what NSPR/NSS versions are used by a given Firefox source snapshot? In my opinion it's the latter.

The world is aware that we have separate NSPR and NSS libaries, but they probably not aware that we have this "separate versioned builtin roots module" thing.

Comment 6

5 years ago
I think I need a little background here:

Are these file files that are in our CVS tree, or are they the files added to our tar balls, or are they files that are imported into Hg?

From wtc's comments, I suspect it's that last.

Since the file is added by script, it would be quite simple to get both worlds either by:
1) Making 2 copies. or
2) Making 1 copy at wtc's location and adding a link from kai's name (assume Hg handles symbolic links).
3) Making 1 copy at wtc's location, and a second 'pointer file' which tells the user where the second one is.

bob

Comment 7

5 years ago
Kai: I believe the file name CKBI-TAG-INFO would also allow
my MXR query in comment 3 to find it.  We should only add
one copy of this file.  We can add it to the location you
proposed.
(Assignee)

Comment 8

5 years ago
Bob, I will explain it to you in today's NSS conf call.
(Assignee)

Comment 9

5 years ago
(In reply to Wan-Teh Chang from comment #7)
> Kai: I believe the file name CKBI-TAG-INFO would also allow
> my MXR query in comment 3 to find it.

Wan-Teh, I really like your creative proposal, thank you very much for this idea!
I will attach a new patch.

I think both CKBI-TAG-INFO and TAG-INFO-CKBI will work.
Do you have a preference between these two alternatives?


> We can add it to the location you proposed.

Thank you!
(Assignee)

Updated

5 years ago
Summary: client.py - update_nssckbi - security/nss/TAG-CKBI-INFO → client.py - update_nssckbi - security/nss/CKBI-TAG-INFO
(Assignee)

Comment 10

5 years ago
Created attachment 598244 [details] [diff] [review]
Patch v2

Carrying forward r=bsmith

I've implemented Wan-Teh's change request.
Attachment #572059 - Attachment is obsolete: true
Attachment #572059 - Flags: review?(rrelyea)
Attachment #598244 - Flags: superreview?(wtc)
Attachment #598244 - Flags: review+

Comment 11

5 years ago
Comment on attachment 598244 [details] [diff] [review]
Patch v2

r=wtc.  Note: TAG-INFO-CKBI would also work, and would allow the
two files to show up together in "ls" output.  You can pick the
one you prefer.
Attachment #598244 - Flags: superreview?(wtc) → superreview+

Comment 12

5 years ago
I just noticed that you also suggested TAG-INFO-CKBI.
My preference is TAG-INFO-CKBI.
(Assignee)

Comment 13

5 years ago
Ok. Will use TAG-INFO-CKBI
(Assignee)

Updated

5 years ago
Summary: client.py - update_nssckbi - security/nss/CKBI-TAG-INFO → client.py - update_nssckbi - security/nss/TAG-INFO-CKBI
(Assignee)

Comment 14

5 years ago
Created attachment 598457 [details] [diff] [review]
Patch v3

Updated patch to our preferred filename, carrying forward reviews.
Attachment #598244 - Attachment is obsolete: true
Attachment #598457 - Flags: superreview+
Attachment #598457 - Flags: review+
Commit message from IRC:
"Bug 699905 - Add update_nssckbi to client.py; r=bsmith r=wtc"

Will push this tomorrow if it hasn't otherwise been done by then :-)
Keywords: checkin-needed
https://hg.mozilla.org/integration/mozilla-inbound/rev/d138ca47dbe2
Status: NEW → ASSIGNED
Keywords: checkin-needed
OS: Linux → All
Hardware: x86 → All
Target Milestone: --- → mozilla13
https://hg.mozilla.org/mozilla-central/rev/d138ca47dbe2
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.