Closed Bug 858231 Opened 12 years ago Closed 12 years ago

Update Mozilla 23 to use NSS 3.15 (uses a new directory layout)

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla24
Tracking Flags:
Tracking Status
firefox23 + fixed
firefox24 --- fixed

People

(Reporter: KaiE, Assigned: briansmith)

References

Details

Attachments

(5 files, 1 obsolete file)

Adapt security/build rules to new NSS layout
2.17 KB, patch
briansmith
: review+
Details | Diff | Splinter Review
Refine HAVE_FREEBL_LIBS_32 into HAVE_FREEBL_LIBS_32INT32 and HAVE_FREEBL_LIBS_32FPU
1.07 KB, patch
ginnchen+exoracle
: review+
wtc
: checkin+
Details | Diff | Splinter Review
Upgrade to NSS_3_15_BETA2
197.12 KB, patch
KaiE
: review+
wtc
: checkin+
Details | Diff | Splinter Review
final for mozilla-central
9.76 KB, patch
wtc
: review+
Details | Diff | Splinter Review
final for mozilla-aurora 23
83.60 KB, patch
wtc
: review+
lsblakk
: approval-mozilla-aurora+
Details | Diff | Splinter Review
Attached patch patch to adjust dbm build rules (obsolete) — Splinter Review
The NSS team is working on NSS version 3.15, which will use a new layout for its directories. The client.py script has already been updated to pull from the new location in bug 853775. As a first step for this task, mozilla-central should pull the NSS_3_15_BETA1 tag. I already did some local experimentation, and I can propose steps to perform the landing. Also, it seems (luckily) the beta1 tag makes the currently local patches in mozilla-central obsolete. I propose: - rm -rf dbm security/dbm security/coreconf - rm security/patches/*.patch - hg addremove HG discovers that some of the deletions are moves. But even for the files where hg doesn't detect the move, I don't think it matters. History for NSS is contained in the upstream NSS repository anyway. On top of above, I used a small patch to security/build that allowed my local Linux build to pass the NSS directory. I'll attach that patch. I don't know if it's sufficient. You might want to test on the other platforms prior to landing this patch.
Comment on attachment 733530 [details] [diff] [review] patch to adjust dbm build rules Review of attachment 733530 [details] [diff] [review]: ----------------------------------------------------------------- ::: security/build/Makefile.in @@ +298,5 @@ > endif > > NSS_DIRS = > ifndef NSS_DISABLE_DBM > +NSS_DIRS += nss/lib/dbm I think you can remove this, although you probably need to do something for DBM not to be built with NSS_DISABLE_DBM is set (which it is on android)
Comment on attachment 733530 [details] [diff] [review] patch to adjust dbm build rules Review of attachment 733530 [details] [diff] [review]: ----------------------------------------------------------------- ::: security/build/Makefile.in @@ +298,5 @@ > endif > > NSS_DIRS = > ifndef NSS_DISABLE_DBM > +NSS_DIRS += nss/lib/dbm Yes, we should simply remove this (lines 301-303). NSS_DISABLE_DBM is now handled by nss/lib/{Makefile,manifest.mn}. @@ -440,5 @@ > libs-nss/lib/softoken: $(NSPR_IMPORT_LIBS) $(SQLITE_IMPORT_LIB) > libs-nss/lib/softoken: libs-nss/lib/freebl > -ifndef NSS_DISABLE_DBM > -libs-nss/lib/softoken: libs-dbm > -endif Did you delete this because libs-dbm isn't defined? http://mxr.mozilla.org/mozilla-central/search?string=libs-dbm
Assignee: nobody → mh+mozilla
Attachment #733530 - Attachment is obsolete: true
Assignee: mh+mozilla → nobody
https://hg.mozilla.org/integration/mozilla-inbound/rev/0857f2bc8f8a https://hg.mozilla.org/integration/mozilla-inbound/rev/c4bac10ee49e In addition to following Kai's instructions and merging glandium's changes, I updated configure.in to require NSS 3.15 and I updated security/patches/README to remove the references to the no-longer-needed private patches that we previously had in mozilla-central. Thanks for the help with this!
Target Milestone: --- → mozilla23
https://hg.mozilla.org/mozilla-central/rev/0857f2bc8f8a https://hg.mozilla.org/mozilla-central/rev/c4bac10ee49e
Assignee: nobody → bsmith
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Reopening, because that was only a beta, but this bug is track the full landing including the final release of NSS 3.15 (pending).
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Whiteboard: [keep-open]
Blocks: 700693
Comment on attachment 736404 [details] [diff] [review] Adapt security/build rules to new NSS layout Review of attachment 736404 [details] [diff] [review]: ----------------------------------------------------------------- ::: security/build/Makefile.in @@ +302,5 @@ > NSS_DIRS += nss/lib > +else > +ifndef NSS_DISABLE_DBM > +NSS_DIRS += nss/lib/dbm > +endif I think it is better to add nss/lib/dbm here: 336 # Remaining nss/lib directories 337 NSS_DIRS += nss/lib/freebl nss/lib/softoken nss/lib/jar nss/lib/crmf nss/lib/ckfw nss/lib/libpkix
In security/nss/lib/freebl/Makefile, HAVE_ABI32_INT32, USE_ABI32_INT32 sections under SPARC 32bit are removed. Is it intentional? But in security/build/Makefile.in, it still have HAVE_FREEBL_LIBS_32 = 1 It caused build failure.
Ginn: yes, we dropped Solaris SPARC v8 support in NSS 3.15 (bug 841664). Could you create a patch for security/build/Makefile.in? You may just need to delete the line HAVE_FREEBL_LIBS_32 = 1 I have another question for you: which versions of the Solaris Studio compiler do you use? There are a lot of compiler warnings when NSS is compiled with the latest version of the Solaris Studio compiler. It will be easier to fix those warnings if I only need to support recent versions of Solaris Studio.
Ginn: I looked into the security/build/Makefile.in problem. I think HAVE_FREEBL_LIBS_32 needs to be refined into two variables: HAVE_FREEBL_LIBS_32INT32 HAVE_FREEBL_LIBS_32FPU and ifdef HAVE_FREEBL_LIBS_32INT32 NSS_EXTRA_DLLS += freebl_32int_3 endif ifdef HAVE_FREEBL_LIBS_32FPU NSS_EXTRA_DLLS += freebl_32fpu_3 endif
Ginn: please review and test this patch. If it works, please check it in for me. Thanks. Description: Refine HAVE_FREEBL_LIBS_32 into HAVE_FREEBL_LIBS_32INT32 and HAVE_FREEBL_LIBS_32FPU, and set only HAVE_FREEBL_LIBS_32FPU to 1 for 32-bit Solaris SPARC builds.
Attachment #739871 - Flags: review?(ginn.chen)
(In reply to Wan-Teh Chang from comment #9) > I have another question for you: which versions of the Solaris Studio > compiler do you use? There are a lot of compiler warnings when NSS is > compiled with the latest version of the Solaris Studio compiler. It > will be easier to fix those warnings if I only need to support recent > versions of Solaris Studio. I'm using Solaris Studio 12.2 and 12.3 for Firefox. I guess another team is compiling NSS with Studio 12.1. IMO, you only need to consider 12.3. If it breaks 12.1 or 12.2, they should apply workarounds on their local workspace.
Attachment #739871 - Flags: review?(ginn.chen) → review+
Whiteboard: [keep-open] → [leave open]
I've tagged NSS_3_15_BETA2. Could you please pick it up in mozilla-central?
Attachment #739871 - Flags: checkin+
status-firefox23: --- → ?
tracking-firefox23: --- → ?
Summary: Update PSM to use NSS 3.15 (uses a new directory layout) → Update Mozilla 23 to use NSS 3.15 (uses a new directory layout)
Kai, this is the patch to push NSS_3_15_BETA2 to m-c. I noticed that Brian did not add the .cvsignore files when he pushed NSS_3_15_BETA1, so I didn't add those files either. https://hg.mozilla.org/integration/mozilla-inbound/rev/08e868f22c98
Attachment #743333 - Flags: review?(kaie)
Attachment #743333 - Flags: checkin+
Comment on attachment 743333 [details] [diff] [review] Upgrade to NSS_3_15_BETA2 Kai, I saw these in the diffs: >diff --git a/security/nss/cmd/pk11gcmtest/Makefile b/security/nss/cmd/pk11gcmtest/Makefile >old mode 100644 >new mode 100755 >diff --git a/security/nss/tests/libpkix/certs/make-ca-u50-u51 b/security/nss/tests/libpkix/certs/make-ca-u50-u51 >old mode 100644 >new mode 100755 Do you know why? I wonder if they are caused by files being pushed on Windows vs. on Linux.
Comment on attachment 743333 [details] [diff] [review] Upgrade to NSS_3_15_BETA2 I didn't review this long patch, I think it's not necessary. I assume you simply used the "python client.py update_nss" script.
Attachment #743333 - Flags: review?(kaie) → review+
(In reply to Wan-Teh Chang from comment #17) > Comment on attachment 743333 [details] [diff] [review] > Upgrade to NSS_3_15_BETA2 > > Kai, I saw these in the diffs: > > >diff --git a/security/nss/cmd/pk11gcmtest/Makefile b/security/nss/cmd/pk11gcmtest/Makefile > >old mode 100644 > >new mode 100755 > > >diff --git a/security/nss/tests/libpkix/certs/make-ca-u50-u51 b/security/nss/tests/libpkix/certs/make-ca-u50-u51 > >old mode 100644 > >new mode 100755 > > Do you know why? I wonder if they are caused by files being > pushed on Windows vs. on Linux. I did a little searching and I found that this does indeed seem to be caused by me doing the update on Windows. khuey (who just updated NSPR in mozilla-beta) and I both use Windows as our primary dev. platform. Until we can find a real solution, I will do the updates of NSS and NSPR in my Linux VM. Probably we should just change all the test scripts so that the executable bit does not need to be set (i.e. explicitly invoke the interpreter when running any script). Anybody disagree? If not, I will file the bug in NSS.
NSS_3_15_BETA3 (tagged this morning) pushed to mozilla-inbound: https://hg.mozilla.org/integration/mozilla-inbound/rev/0314d200873a
(In reply to Brian Smith (:bsmith) from comment #19) > > Probably we should just change all the test scripts so that the executable > bit does not need to be set (i.e. explicitly invoke the interpreter when > running any script). Anybody disagree? If not, I will file the bug in NSS. This seems like an over-reaction. Do you know why nss/tests/all.sh, which is marked as executable, doesn't have the permission mode problem when you pushed it to mozilla-central on Windows?
NSS_3_15_BETA3 with two local patches (bug-835919.patch and bug-832272.patch) pushed to mozilla-inbound: https://hg.mozilla.org/integration/mozilla-inbound/rev/c6f5c1bbcf76
Status: REOPENED → ASSIGNED
NSS_3_15_BETA4 pushed to mozilla-inbound: https://hg.mozilla.org/integration/mozilla-inbound/rev/06e3d7e19a09
NSS_3_15_BETA5 pushed to mozilla-inbound: https://hg.mozilla.org/integration/mozilla-inbound/rev/cc8bbdd0533c
I had to revert to NSS_3_15_BETA4 in mozilla-inbound because NSS_3_15_BETA5 broke three Mozilla build bots: https://hg.mozilla.org/integration/mozilla-inbound/rev/cd4d5caefa88 I filed bug 874261 for the Mozilla build system problem.
Second attempt at pushing NSS_3_15_BETA5 to mozilla-inbound, without Kai's SECITEM_ReallocItemV2 patch this time to work around bug 874261: https://hg.mozilla.org/integration/mozilla-inbound/rev/011a86ed18fe
NSS_3_15_BETA6 pushed to mozilla-inbound: https://hg.mozilla.org/integration/mozilla-inbound/rev/84985c77b141 To work around bug 874261, I applied a private patch to avoid using the new SECITEM_ReallocItemV2 function.
undoing: status-firefox24: --- → fixed because the main change hasn't landed yet
status-firefox24: fixed → ---
Final versions of NSS 3.15 and NSPR 4.10 have been released. We must upgrade mozilla-central (24) and mozilla-aurora (23) to pick them up.
mozilla-central currently uses NSPR (portable runtime) version: NSPR_4_10_BETA2 NSS (security library) version: NSS_3_15_BETA6 This patch was produced using: python client.py update_nspr NSPR_4_10_RTM python client.py update_nss NSS_3_15_RTM
Attachment #758583 - Flags: review?(wtc)
Attachment #758585 - Flags: review?(wtc)
Comment on attachment 758585 [details] [diff] [review] final for mozilla-aurora 23 approval required because of the rule "must ship final versions of nspr/nss in releases"
Attachment #758585 - Flags: approval-mozilla-aurora?
Comment on attachment 758583 [details] [diff] [review] final for mozilla-central Review of attachment 758583 [details] [diff] [review]: ----------------------------------------------------------------- r=wtc. IMPORTANT: please remove the local patch security/patches/revert-bug-808217.patch and remove the description of that patch in security/patches/README. Watch out for linker errors (unresolved symbol SECITEM_ReallocItemV2) on the Android and B2G build bots.
Attachment #758583 - Flags: review?(wtc) → review+
Comment on attachment 758585 [details] [diff] [review] final for mozilla-aurora 23 Review of attachment 758585 [details] [diff] [review]: ----------------------------------------------------------------- r=wtc. IMPORTANT: change nsprpub/config/prdepend.h.
Attachment #758585 - Flags: review?(wtc) → review+
(In reply to Wan-Teh Chang from comment #39) > IMPORTANT: please remove the local patch > security/patches/revert-bug-808217.patch > and remove the description of that patch in security/patches/README. https://hg.mozilla.org/integration/mozilla-inbound/rev/6486354e07e4 I read your comment, but then forgot to do it at the same time of the landing. And immediately after I checked in, mozilla-inbound was closed because of other bustage :) This cleanup is for tracking purposes, only, and doesn't affect the build. I'll do it after the tree opens.
(In reply to Wan-Teh Chang from comment #40) > > IMPORTANT: change nsprpub/config/prdepend.h. I wonder why the client.py script didn't make that change on the aurora branch...
> Watch out for linker errors (unresolved symbol SECITEM_ReallocItemV2) on the > Android and B2G build bots. We didn't get such errors after the landing. We are fine. > IMPORTANT: please remove the local patch > security/patches/revert-bug-808217.patch > and remove the description of that patch in security/patches/README. done: https://hg.mozilla.org/integration/mozilla-inbound/rev/796a79fc347a The work for mozilla-central is done. It's OK to set this to fixed, after inbound has been merged into central.
Whiteboard: [leave open]
https://hg.mozilla.org/mozilla-central/rev/34ad18786196 https://hg.mozilla.org/mozilla-central/rev/796a79fc347a
Status: ASSIGNED → RESOLVED
Closed: 12 years ago12 years ago
Resolution: --- → FIXED
Attachment #758585 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
https://hg.mozilla.org/releases/mozilla-aurora/rev/5cd24379d192 I forgot to set the author before pushing :(. Please make sure your attached patches have it in the future.
status-firefox23: affectedfixed
status-firefox24: --- → fixed
http://hg.mozilla.org/mozilla-central/rev/c4bac10ee49e#l1.12 Native NSS version check does not work AM_PATH_NSS - need version specified in format \D+.\D+.\D+ otherwise it would not detect and think 3.14.3 - as 3.15 - compatible
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: