diff options
author | Tor Lillqvist <tml@collabora.com> | 2020-09-18 12:23:44 +0300 |
---|---|---|
committer | Tor Lillqvist <tml@collabora.com> | 2020-09-23 07:47:55 +0200 |
commit | 808e8a8e9e96b6c3fac3ddf291e3900a40846409 (patch) | |
tree | a5b07d1f8ad25e15d9e2be33d7a0c3e6308d2e5d | |
parent | de810a8e78da0d562092e35041c8a0aec92b9ee0 (diff) |
tdf#128136: Build curl, nss, and xmlsec for iOS, too
We must link nss statically, including the three dylibs that normally
are loaded at run-time, because including bare dylibs in an iOS appp
on the App Store is not OK. See
https://developer.apple.com/forums/thread/125796 .
For linking the softokn3 library statically, NSS already had code,
behind NSS_STATIC_SOFTOKEN ifdefs. Introduce two more macros:
NSS_STATIC_FREEBL for the freebl library and NSS_STATIC_PKCS11 for the
nssckbi library.
Turn off parallelism for the sub-make building nss. There seems to be
race conditions or something when running simultaneous instances of
the nsinstall.py script or the nsinstall program in nss (used when
building nss for the build platform).
When cross-compiling from macOS, use python3 to run the nsinstall.py
script, as it is Python 3.
Change-Id: Idd427b5ebf21f802b3feb0d5a3d259317ba8fc67
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103106
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Tor Lillqvist <tml@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103218
Tested-by: Jenkins
-rwxr-xr-x | bin/lo-all-static-libs | 41 | ||||
-rw-r--r-- | configure.ac | 6 | ||||
-rw-r--r-- | external/Module_external.mk | 2 | ||||
-rw-r--r-- | external/curl/UnpackedTarball_curl.mk | 1 | ||||
-rw-r--r-- | external/curl/curl-ios.patch.1 | 17 | ||||
-rw-r--r-- | external/nss/ExternalProject_nss.mk | 8 | ||||
-rw-r--r-- | external/nss/nss-ios.patch | 212 | ||||
-rw-r--r-- | svl/Library_svl.mk | 4 | ||||
-rw-r--r-- | xmlsecurity/source/xmlsec/nss/nssinitializer.cxx | 8 |
9 files changed, 275 insertions, 24 deletions
diff --git a/bin/lo-all-static-libs b/bin/lo-all-static-libs index 0fcea02eb53e..d89dd8eca296 100755 --- a/bin/lo-all-static-libs +++ b/bin/lo-all-static-libs @@ -59,6 +59,47 @@ ANDROID) iOS) oslibs="$WORKDIR/UnpackedTarball/icu/source/stubdata/*.a" oslibs="$oslibs $WORKDIR/UnpackedTarball/cppunit/src/cppunit/.libs/*.a" + + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nspr/out/lib/ds/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nspr/out/lib/libc/src/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nspr/out/pr/src/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/base/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/certdb/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/certhigh/out/*.a" + + # Yes, individual object files here, these are not in any .a + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/ckfw/builtins/out/*.o" + + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/ckfw/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/cryptohi/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/dev/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/freebl/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/freebl/out/Darwin_SINGLE_SHLIB/*.o" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/freebl/out/Darwin_SINGLE_SHLIB/deprecated/*.o" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/libpkix/pkix/certsel/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/libpkix/pkix/checker/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/libpkix/pkix/crlsel/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/libpkix/pkix/params/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/libpkix/pkix/results/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/libpkix/pkix/store/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/libpkix/pkix/top/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/libpkix/pkix/util/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/libpkix/pkix_pl_nss/module/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/libpkix/pkix_pl_nss/pki/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/libpkix/pkix_pl_nss/system/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/nss/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/pk11wrap/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/pkcs12/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/pkcs7/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/pki/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/smime/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/softoken/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/util/out/*.a" + + oslibs="$oslibs $WORKDIR/UnpackedTarball/curl/lib/.libs/*.a" + + oslibs="$oslibs $WORKDIR/UnpackedTarball/xmlsec/src/nss/.libs/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/xmlsec/src/.libs/*.a" ;; *) oslibs= diff --git a/configure.ac b/configure.ac index d57d80ef56f1..8926a1e7b980 100644 --- a/configure.ac +++ b/configure.ac @@ -9780,10 +9780,6 @@ if test "$with_system_curl" = "yes"; then fi ENABLE_CURL=TRUE -elif test $_os = iOS; then - # Let's see if we need curl, I think not? - AC_MSG_RESULT([none]) - ENABLE_CURL= else AC_MSG_RESULT([internal]) SYSTEM_CURL= @@ -9926,7 +9922,7 @@ AC_SUBST(SYSTEM_OPENLDAP) dnl =================================================================== dnl Check for system NSS dnl =================================================================== -if test $_os != iOS -a "$enable_fuzzers" != "yes"; then +if test "$enable_fuzzers" != "yes"; then libo_CHECK_SYSTEM_MODULE([nss],[NSS],[nss >= 3.9.3 nspr >= 4.8]) AC_DEFINE(HAVE_FEATURE_NSS) ENABLE_NSS="TRUE" diff --git a/external/Module_external.mk b/external/Module_external.mk index 41e018d2ef3f..1c722a325c2d 100644 --- a/external/Module_external.mk +++ b/external/Module_external.mk @@ -14,7 +14,7 @@ $(eval $(call gb_Module_add_moduledir,external,msc-externals)) endif $(eval $(call gb_Module_add_moduledirs,external,\ - $(if $(filter-out iOS,$(OS)),$(call gb_Helper_optional,XMLSEC,xmlsec)) \ + $(call gb_Helper_optional,XMLSEC,xmlsec) \ $(call gb_Helper_optional,ABW,libabw) \ $(call gb_Helper_optional,APACHE_COMMONS,apache-commons) \ $(call gb_Helper_optional,APR,apr) \ diff --git a/external/curl/UnpackedTarball_curl.mk b/external/curl/UnpackedTarball_curl.mk index 2cdfbfc08632..6171f17cba48 100644 --- a/external/curl/UnpackedTarball_curl.mk +++ b/external/curl/UnpackedTarball_curl.mk @@ -24,6 +24,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,curl,\ external/curl/curl-msvc-disable-protocols.patch.1 \ external/curl/curl-7.26.0_win-proxy.patch \ external/curl/zlib.patch.0 \ + external/curl/curl-ios.patch.1 \ )) ifeq ($(SYSTEM_NSS),) diff --git a/external/curl/curl-ios.patch.1 b/external/curl/curl-ios.patch.1 new file mode 100644 index 000000000000..1c8fd8f70566 --- /dev/null +++ b/external/curl/curl-ios.patch.1 @@ -0,0 +1,17 @@ +# -*- Mode: Diff -*- +# +# We don't want curl's configure script to add a -mmacosx-version-min +# option when it is for iOS we are building. In that case already $CC +# contains a -miphoneos-version-min option. + +--- curl/configure ++++ curl/configure +@@ -18976,7 +18976,7 @@ + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for *version-min in CFLAGS" >&5 + $as_echo_n "checking for *version-min in CFLAGS... " >&6; } + min="" +- if test -z "$(echo $CFLAGS | grep m.*os.*-version-min)"; then ++ if test -z "$(echo $CC $CFLAGS | grep m.*os.*-version-min)"; then + min="-mmacosx-version-min=10.8" + CFLAGS="$CFLAGS $min" + fi diff --git a/external/nss/ExternalProject_nss.mk b/external/nss/ExternalProject_nss.mk index 8b14ce58153d..a7099e34e7e7 100644 --- a/external/nss/ExternalProject_nss.mk +++ b/external/nss/ExternalProject_nss.mk @@ -58,12 +58,14 @@ $(call gb_ExternalProject_get_state_target,nss,build): $(call gb_ExternalExecuta CROSS_COMPILE=1 \ NSPR_CONFIGURE_OPTS="--build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM)") \ NSDISTMODE=copy \ - $(MAKE) AR="$(AR)" \ + $(MAKE) \ + -j1 \ + AR="$(AR)" \ RANLIB="$(RANLIB)" \ NMEDIT="$(NM)edit" \ COMMA=$(COMMA) \ - CC="$(CC)$(if $(filter ANDROID,$(OS)), -D_PR_NO_LARGE_FILES=1 -DSQLITE_DISABLE_LFS=1)" CCC="$(CXX)" \ - $(if $(CROSS_COMPILING),NSINSTALL="$(call gb_ExternalExecutable_get_command,python) $(SRCDIR)/external/nss/nsinstall.py") \ + CC="$(CC)$(if $(filter iOS,$(OS)), -DNSS_STATIC_SOFTOKEN=1 -DNSS_STATIC_FREEBL=1 -DNSS_STATIC_PKCS11=1)$(if $(filter ANDROID,$(OS)), -D_PR_NO_LARGE_FILES=1 -DSQLITE_DISABLE_LFS=1)" CCC="$(CXX)" \ + $(if $(CROSS_COMPILING),NSINSTALL="$(if $(filter MACOSX,$(OS_FOR_BUILD)),xcrun python3,$(call gb_ExternalExecutable_get_command,python)) $(SRCDIR)/external/nss/nsinstall.py") \ $(if $(filter ANDROID,$(OS)),OS_TARGET=Android OS_TARGET_RELEASE=16 ARCHFLAG="" DEFAULT_COMPILER=clang ANDROID_NDK=$(ANDROID_NDK_HOME) ANDROID_TOOLCHAIN_VERSION=$(ANDROID_GCC_TOOLCHAIN_VERSION) ANDROID_PREFIX=$(HOST_PLATFORM) ANDROID_SYSROOT=$(ANDROID_NDK_HOME)/sysroot ANDROID_TOOLCHAIN=$(ANDROID_BINUTILS_PREBUILT_ROOT)) \ NSS_DISABLE_GTESTS=1 \ nss_build_all \ diff --git a/external/nss/nss-ios.patch b/external/nss/nss-ios.patch index 000d1685abf5..3fbe1541e741 100644 --- a/external/nss/nss-ios.patch +++ b/external/nss/nss-ios.patch @@ -1,3 +1,201 @@ +--- a/a/nss/Makefile ++++ a/a/nss/Makefile +@@ -96,13 +96,11 @@ + ifdef NS_USE_GCC + NSPR_CONFIGURE_ENV = CC=gcc CXX=g++ + endif +-# Make sure to remove -arch arguments. NSPR can't handle that. +-remove_arch = $(filter-out __REMOVEME%,$(subst $(NULL) -arch , __REMOVEME,$(1))) + ifdef CC +-NSPR_CONFIGURE_ENV = CC="$(call remove_arch,$(CC))" ++NSPR_CONFIGURE_ENV = CC="$(CC)" + endif + ifdef CCC +-NSPR_CONFIGURE_ENV += CXX="$(call remove_arch,$(CCC))" ++NSPR_CONFIGURE_ENV += CXX="$(CCC)" + endif + + # +@@ -140,7 +140,6 @@ + + build_nspr: $(NSPR_CONFIG_STATUS) + $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) +- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)/pr/tests + + install_nspr: build_nspr + $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) install +--- a/a/nss/lib/ckfw/builtins/manifest.mn ++++ a/a/nss/lib/ckfw/builtins/manifest.mn +@@ -5,7 +5,7 @@ + + CORE_DEPTH = ../../.. + +-DIRS = . testlib ++DIRS = + + testlib: . + +--- a/a/nss/lib/nss/nssinit.c ++++ a/a/nss/lib/nss/nssinit.c +@@ -278,6 +278,7 @@ + const char *secmodprefix, + char **retoldpath, char **retnewpath) + { ++#ifndef NSS_STATIC_PKCS11 + char *path, *oldpath = NULL, *lastsep; + int len, path_len, secmod_len, dll_len; + +@@ -309,6 +309,10 @@ + } + *retoldpath = oldpath; + *retnewpath = path; ++#else ++ *retoldpath = NULL; ++ *retnewpath = PORT_Strdup("NSSCKBI"); ++#endif + return; + } + +--- a/a/nss/lib/pk11wrap/pk11load.c ++++ a/a/nss/lib/pk11wrap/pk11load.c +@@ -389,6 +389,8 @@ + /* + * load a new module into our address space and initialize it. + */ ++extern CK_RV NSSCKBI_C_GetFunctionList(); ++ + SECStatus + secmod_LoadPKCS11Module(SECMODModule *mod, SECMODModule **oldModule) + { +@@ -465,6 +465,7 @@ + /* load the library. If this succeeds, then we have to remember to + * unload the library if anything goes wrong from here on out... + */ ++#ifndef NSS_STATIC_PKCS11 // With NSS_STATIC_PKCS11, the only module wodule we load here is nssckbi + library = PR_LoadLibrary(mod->dllName); + mod->library = (void *)library; + +@@ -487,6 +487,11 @@ + mod->moduleDBFunc = (void *) + PR_FindSymbol(library, "NSS_ReturnModuleSpecData"); + } ++#else ++ if (strcmp(mod->dllName, "NSSCKBI") == 0) ++ fentry = NSSCKBI_C_GetFunctionList; ++#endif ++ + if (mod->moduleDBFunc == NULL) + mod->isModuleDB = PR_FALSE; + if ((ientry == NULL) && (fentry == NULL)) { +@@ -624,10 +624,12 @@ + } + fail: + mod->functionList = NULL; ++#ifndef NSS_STATIC_PKCS11 + disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD"); + if (library && !disableUnload) { + PR_UnloadLibrary(library); + } ++#endif + return SECFailure; + } + +--- a/a/nss/lib/ckfw/nssck.api ++++ a/a/nss/lib/ckfw/nssck.api +@@ -1842,7 +1842,11 @@ + + /* This one is always present */ + CK_RV CK_ENTRY ++#ifndef NSS_STATIC_PKCS11 + C_GetFunctionList ++#else ++NSSCKBI_C_GetFunctionList ++#endif + ( + CK_FUNCTION_LIST_PTR_PTR ppFunctionList + ) +--- a/a/nss/lib/freebl/loader.c ++++ a/a/nss/lib/freebl/loader.c +@@ -35,6 +35,7 @@ + static PRStatus + freebl_LoadDSO(void) + { ++#ifndef NSS_STATIC_FREEBL + PRLibrary *handle; + const char *name = getLibName(); + +@@ -47,32 +47,42 @@ + if (handle) { + PRFuncPtr address = PR_FindFunctionSymbol(handle, "FREEBL_GetVector"); + if (address) { +- FREEBLGetVectorFn *getVector = (FREEBLGetVectorFn *)address; ++#else ++ FREEBLGetVectorFn *getVector = FREEBL_GetVector; ++#endif + const FREEBLVector *dsoVector = getVector(); + if (dsoVector) { + unsigned short dsoVersion = dsoVector->version; + unsigned short myVersion = FREEBL_VERSION; + if (MSB(dsoVersion) == MSB(myVersion) && + LSB(dsoVersion) >= LSB(myVersion) && + dsoVector->length >= sizeof(FREEBLVector)) { + vector = dsoVector; ++#ifndef NSS_STATIC_FREEBL + libraryName = name; + blLib = handle; ++#else ++ libraryName = "self"; ++#endif + return PR_SUCCESS; + } + } ++ else ++ return PR_FAILURE; ++#ifndef NSS_STATIC_FREEBL + } + #ifdef DEBUG + if (blLib) { + PRStatus status = PR_UnloadLibrary(blLib); + PORT_Assert(PR_SUCCESS == status); + } + #else + if (blLib) + PR_UnloadLibrary(blLib); + #endif + } + return PR_FAILURE; ++#endif + } + + static const PRCallOnceType pristineCallOnce; +@@ -837,6 +837,7 @@ + void + BL_Unload(void) + { ++#ifndef NSS_STATIC_FREEBL + /* This function is not thread-safe, but doesn't need to be, because it is + * only called from functions that are also defined as not thread-safe, + * namely C_Finalize in softoken, and the SSL bypass shutdown callback called +@@ -852,6 +852,7 @@ + PR_UnloadLibrary(blLib); + #endif + } ++#endif + blLib = NULL; + loadFreeBLOnce = pristineCallOnce; + } +--- a/a/nspr/build/autoconf/config.sub 2017-09-07 15:29:45.031246453 +0200 ++++ a/a/nspr/build/autoconf/config.sub 2017-09-07 15:32:13.087235423 +0200 +@@ -111,6 +111,9 @@ + exit 1;; + esac + ++if test $1 = "arm64-apple-darwin"; then echo $1; exit; fi ++if test $1 = "aarch64-apple-darwin"; then echo $1; exit; fi ++ + # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). + # Here we must recognize all the valid KERNEL-OS combinations. + maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` --- a/a/nspr/config/autoconf.mk.in +++ a/a/nspr/config/autoconf.mk.in @@ -67,7 +67,7 @@ @@ -88,24 +286,14 @@ #elif defined(__aarch64__) #define _PR_SI_ARCHITECTURE "aarch64" #else ---- a/a/nspr/pr/src/Makefile.in -+++ a/a/nspr/pr/src/Makefile.in -@@ -180,7 +180,7 @@ - endif - - ifeq ($(OS_TARGET),MacOSX) --OS_LIBS = -framework CoreServices -framework CoreFoundation -+OS_LIBS = -framework CoreFoundation - endif - - EXTRA_LIBS += $(OS_LIBS) --- a/a/nss/cmd/shlibsign/sign.sh +++ a/a/nss/cmd/shlibsign/sign.sh -@@ -2,6 +2,8 @@ +@@ -2,6 +2,9 @@ # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. + ++# Pointless to sign anything for iOS as we don't build any real shared libraries +exit 0 # arguments: diff --git a/svl/Library_svl.mk b/svl/Library_svl.mk index b2ed3f5a6089..291e2557638c 100644 --- a/svl/Library_svl.mk +++ b/svl/Library_svl.mk @@ -21,7 +21,7 @@ $(eval $(call gb_Library_Library,svl)) $(eval $(call gb_Library_use_externals,svl,\ boost_headers \ - $(if $(filter LINUX MACOSX ANDROID %BSD SOLARIS HAIKU,$(OS)), \ + $(if $(filter LINUX MACOSX ANDROID iOS %BSD SOLARIS HAIKU,$(OS)), \ curl) \ dtoa \ icu_headers \ @@ -104,7 +104,7 @@ $(eval $(call gb_Library_use_system_win32_libs,svl,\ crypt32 \ )) else -ifneq (,$(filter DESKTOP,$(BUILD_TYPE))$(filter ANDROID,$(OS))) +ifneq (,$(filter DESKTOP,$(BUILD_TYPE))$(filter ANDROID iOS,$(OS))) $(eval $(call gb_Library_add_defs,svl,\ -DSVL_CRYPTO_NSS \ )) diff --git a/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx b/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx index f5ed1bc001cd..1d6dcda2f315 100644 --- a/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx +++ b/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx @@ -419,12 +419,17 @@ bool nsscrypto_initialize(css::uno::Reference<css::uno::XComponentContext> const #ifdef XMLSEC_CRYPTO_NSS bool return_value = true; -#if defined SYSTEM_NSS +#if defined SYSTEM_NSS || defined IOS // The statically linked nss on iOS acts as a "system" nss in this regards if (!SECMOD_HasRootCerts()) #endif { deleteRootsModule(); +#ifdef IOS // Use statically linked NSS + OUString rootModulePath("NSSCKBI"); + + if (true) +#else #if defined SYSTEM_NSS OUString rootModule("libnssckbi" SAL_DLLEXTENSION); #else @@ -434,6 +439,7 @@ bool nsscrypto_initialize(css::uno::Reference<css::uno::XComponentContext> const OUString rootModulePath; if (::osl::File::E_None == ::osl::File::getSystemPathFromFileURL(rootModule, rootModulePath)) +#endif { OString ospath = OUStringToOString(rootModulePath, osl_getThreadTextEncoding()); OString aStr = "name=\"" ROOT_CERTS "\" library=\"" + ospath + "\""; |