Created attachment 572059 [details] [diff] [review] Patch v1 In the Mozilla application code, we sometimes apply a newer NSS roots module on top of the most recent NSS release. When we do so, this information is difficult to notice in the code. In order to improve visibility, I propose the following change: - in addition to our existing security/nss/TAG-INFO introduce an additional file security/nss/TAG-CKBI-INFO - file TAG-CKBI-INFO should contain the tag used for directory mozilla/security/nss/lib/ckfw/builtins - whenever we use the old command update_nss (which will update all of NSS including the roots module) then let's write this tag into both files - whenever we update only the roots module by using command update_nssckbi then let's this the tag to the new file TAG-CKBI-INFO This new command has another benefit: In the future, we don't need to deal with individual patches on the various Mozilla release branches. We can tell people to simply run this command to import the newer roots module. Patch attached
Comment on attachment 572059 [details] [diff] [review] Patch v1 LGTM. Since I know very little about how the root database module works, Bob should verify that the directories are the correct ones.
Comment on attachment 572059 [details] [diff] [review] Patch v1 >+ do_cvs_export(NSSCKBI_DIRS, tag, options.cvsroot, options.cvs) >+ print >>file("security/nss/TAG-CKBI-INFO", "w"), tag Kai, I recommend adding security/nss/lib/ckfw/builtins/TAG-INFO instead.
To elaborate on my recommendation: by using the same file name, we can locate all the tag info files using a simple query like http://mxr.mozilla.org/mozilla-central/find?text=&string=TAG-INFO
(In reply to Wan-Teh Chang from comment #2) > > Kai, I recommend adding security/nss/lib/ckfw/builtins/TAG-INFO instead. Well, here is my motivation for the patch as is: Only the NSS developers know about this "weird" separate versioning of that builtins directory. If we hide that file inside that subdirectory, nobody will find it, except us experts. By having both files next to each other in the security/nss directories, everyone will immediately notice there are two separate versions involved, even without prior education.
(In reply to Wan-Teh Chang from comment #3) > To elaborate on my recommendation: by using the same file name, > we can locate all the tag info files using a simple query like > http://mxr.mozilla.org/mozilla-central/find?text=&string=TAG-INFO Sure, but are "we" really the target audience, or is the target audience tghe people who want to quickly learn what NSPR/NSS versions are used by a given Firefox source snapshot? In my opinion it's the latter. The world is aware that we have separate NSPR and NSS libaries, but they probably not aware that we have this "separate versioned builtin roots module" thing.
I think I need a little background here: Are these file files that are in our CVS tree, or are they the files added to our tar balls, or are they files that are imported into Hg? From wtc's comments, I suspect it's that last. Since the file is added by script, it would be quite simple to get both worlds either by: 1) Making 2 copies. or 2) Making 1 copy at wtc's location and adding a link from kai's name (assume Hg handles symbolic links). 3) Making 1 copy at wtc's location, and a second 'pointer file' which tells the user where the second one is. bob
Kai: I believe the file name CKBI-TAG-INFO would also allow my MXR query in comment 3 to find it. We should only add one copy of this file. We can add it to the location you proposed.
Bob, I will explain it to you in today's NSS conf call.
(In reply to Wan-Teh Chang from comment #7) > Kai: I believe the file name CKBI-TAG-INFO would also allow > my MXR query in comment 3 to find it. Wan-Teh, I really like your creative proposal, thank you very much for this idea! I will attach a new patch. I think both CKBI-TAG-INFO and TAG-INFO-CKBI will work. Do you have a preference between these two alternatives? > We can add it to the location you proposed. Thank you!
Created attachment 598244 [details] [diff] [review] Patch v2 Carrying forward r=bsmith I've implemented Wan-Teh's change request.
Comment on attachment 598244 [details] [diff] [review] Patch v2 r=wtc. Note: TAG-INFO-CKBI would also work, and would allow the two files to show up together in "ls" output. You can pick the one you prefer.
I just noticed that you also suggested TAG-INFO-CKBI. My preference is TAG-INFO-CKBI.
Ok. Will use TAG-INFO-CKBI
Created attachment 598457 [details] [diff] [review] Patch v3 Updated patch to our preferred filename, carrying forward reviews.
Commit message from IRC: "Bug 699905 - Add update_nssckbi to client.py; r=bsmith r=wtc" Will push this tomorrow if it hasn't otherwise been done by then :-)