Closed Bug 783549 (external-psm) Opened 13 years ago Closed 5 years ago

Add a configure option to allow the use of an external PSM (overriding mozilla/security/manager)

Categories

(Firefox Build System :: General, defect)

Product:
Firefox Build System
Component:
General
Version:
17 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX
Milestone:
mozilla17

People

(Reporter: KaiE, Unassigned)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

patch v1
7.56 KB, patch
Details | Diff | Splinter Review
I propose that comm-central uses a fork of directory mozilla/security/manager We should have a configure option that disables this directory, and allows applications such as Thunderbird to instead build their own copy (such as the fork contained in comm-central).
Alias: external-psm
Blocks: 739563
Attached patch patch v1Splinter Review
Depends on: comm-psm
Comment on attachment 652815 [details] [diff] [review] patch v1 Please don't add a configure option for that. Worst case, just make it an AC_SUBST, and define the variable before calling configure. We don't need to cruft configure with temporary stuff. That being said, why not simply disable psm with --disable-crypto, if that still works (if it doesn't, then there's bug to file to either fix it, or remove it). That still allows you to add psm in c-c. Last but not least, I don't understand how doing it in c-c makes the situation any better. The schedule and release process is the same on both ends, it should be about as problematic (or not) in both cases. If you can't close in on a fix for gecko for FF 17, why can you for TB 17? If you really have concerns about breaking FF when fixing TB, then why not fix under #ifdef MOZ_THUNDERBIRD knobs? It wouldn't be a first, and would certainly not be as awful as forking PSM.
> We don't need to cruft configure with temporary stuff. I don't intend this fork to be temporary. > Last but not least, I don't understand how doing it in c-c makes the > situation any better. The schedule and release process is the same on both > ends, it should be about as problematic (or not) in both cases. If you can't > close in on a fix for gecko for FF 17, why can you for TB 17? Because Thunderbird can have its own rules, because I need Thunderbird specific code, and I can't add Thunderbird specific code as long as it's shared code. > If you really have concerns about breaking FF when fixing TB, I don't have concerns about breaking FF. FF changes already broke TB, and I'm trying to undo that. But I couldn't find an approach that is acceptable to FF people, I don't see a solution for shared code that I'm able to get done on my own, and nobody is helping (as in writing code) to get it done in time for TB 17. > then why not fix under > #ifdef MOZ_THUNDERBIRD knobs? It wouldn't be a first, and would certainly > not be as awful as forking PSM. Would work for me, if people really allow it. Although it should be #ifndef MOZ_FIREFOX (in order to cover other applications like SeaMonkey, too, and all other applications that want error reporting in their app). But I don't expect this approach to work, I already predict Brian complaining that code becomes too unreadable. > Last but not least, I don't understand how doing it in c-c makes the > situation any better. c-c can have its own rules and doesn't need to care about preferences of FF developers.
> > #ifdef > Would work for me, if people really allow it. But I don't expect this approach to work, > I already predict Brian complaining that code becomes too unreadable. Can you ask Brian first?
(In reply to Ben Bucksch (:BenB) from comment #4) > > Can you ask Brian first? futile
(In reply to Mike Hommey [:glandium] from comment #2) > > That being said, why not simply disable psm with --disable-crypto, I'm OK with removing the old --disable-crypto code, BUT > That still allows you to add psm in c-c. I don't see how that would work. Building mozilla-central requires the interfaces that are contained in PSM. If you argue that mozilla-central should build with thinking "there is no PSM", then I don't understand how it would find the external files from the external PSM.
The important part was "if that still works (if it doesn't, then there's bug to file to either fix it, or remove it)". You're basically saying --disable-crypto doesn't work anymore. Then it should go away.
Mike, do you still think we should avoid a configure option and require the use of an environment variable? If yes, I might make a new patch.
(In reply to Mike Hommey [:glandium] from comment #7) > You're basically saying > --disable-crypto doesn't work anymore. Then it should go away. I've filed bug 784628 for that work.
I still think forking psm is wrong
(In reply to Mike Hommey [:glandium] from comment #10) > I still think forking psm is wrong me too, but I don't see another solution to keep Thunderbird functonality alive.
(In reply to Kai Engert (:kaie) from comment #11) > (In reply to Mike Hommey [:glandium] from comment #10) > > I still think forking psm is wrong > > me too, but I don't see another solution to keep Thunderbird functonality > alive. I gave you one on irc. That you don't want to do it or don't have time for it is not the same thing as having no other solution.
> You're basically saying --disable-crypto doesn't work anymore. No, he's saying that the option does exactly what it says: If you build with that option, you get a Firefox that can't do SSL. The reason for that option is export restrictions: Under US law, if you distribute SSL, you're a weapons of mass destruction dealer (not kidding) and need to be registered.
> > I don't see another solution > I gave you one on irc. Could you please also state it here?
(In reply to Ben Bucksch (:BenB) from comment #13) > > You're basically saying --disable-crypto doesn't work anymore. > > No, he's saying that the option does exactly what it says: If you build with > that option, you get a Firefox that can't do SSL. The reason for that option > is export restrictions: Under US law, if you distribute SSL, you're a > weapons of mass destruction dealer (not kidding) and need to be registered. Then a psm can be built separately, and linked like other c-c components. (In reply to Ben Bucksch (:BenB) from comment #14) > > > I don't see another solution > > I gave you one on irc. > > Could you please also state it here? It boils down to having opt-in nsIBadCertListener and nsISLLErrorListener generic implementations somewhere in toolkit.
I suggest we WONTFIX this. Kai, please correct me if I am mistaken, but I think you are proposing to fork PSM in comm-central because you expect that the set of people working on the forked version will change, or that the review policies for the forked version will be more lenient. I do not think either of those things is the case. All the PSM peers would still be expected to maintain the forked version. And, if anything, the patch acceptance requirements for the forked version would get *more* stringent, not less. At some point in the future, I hope that the Thunderbird product has a huge group of contributors and I wouldn't be surprised if at some point those contributors decided "Firefox guys are holding us back and we'd rather do the work without them." But, we're far from the point now.
Status: NEW → UNCONFIRMED
Ever confirmed: false
In reply to comment 15: See bug 784628. In reply to comment 16: bsmith, UNCONFIRMED is for bugs from end users that may be of low quality. No bug reported by a developer should ever be unconfirmed. I am on record above to have considered this fork overkill. But given that even patches (!) from TB authors might not be accepted, if Firefox people consider it unnecessary for Firefox (but TB), not even within a #ifdef (!), you're basically *forcing* a fork. I can now see where Kai is coming from.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Kai, another option is to fork all of Mozilla.
I'm no longer interested to spend time on this task. Feel free to do with this bug report what you want. Good luck.
Product: Core → Firefox Build System
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: