diff options
| -rwxr-xr-x | bin/lo-all-static-libs | 41 | ||||
| -rw-r--r-- | configure.ac | 6 | ||||
| -rw-r--r-- | external/Module_external.mk | 2 | ||||
| -rw-r--r-- | external/curl/UnpackedTarball_curl.mk | 1 | ||||
| -rw-r--r-- | external/curl/curl-ios.patch.1 | 17 | ||||
| -rw-r--r-- | external/nss/ExternalProject_nss.mk | 8 | ||||
| -rw-r--r-- | external/nss/nss-ios.patch | 214 | ||||
| -rw-r--r-- | svl/Library_svl.mk | 4 | ||||
| -rw-r--r-- | xmlsecurity/source/xmlsec/nss/nssinitializer.cxx | 8 |
9 files changed, 276 insertions, 25 deletions
diff --git a/bin/lo-all-static-libs b/bin/lo-all-static-libs index 0fcea02eb53e..d89dd8eca296 100755 --- a/bin/lo-all-static-libs +++ b/bin/lo-all-static-libs @@ -59,6 +59,47 @@ ANDROID) iOS) oslibs="$WORKDIR/UnpackedTarball/icu/source/stubdata/*.a" oslibs="$oslibs $WORKDIR/UnpackedTarball/cppunit/src/cppunit/.libs/*.a" + + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nspr/out/lib/ds/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nspr/out/lib/libc/src/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nspr/out/pr/src/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/base/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/certdb/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/certhigh/out/*.a" + + # Yes, individual object files here, these are not in any .a + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/ckfw/builtins/out/*.o" + + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/ckfw/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/cryptohi/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/dev/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/freebl/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/freebl/out/Darwin_SINGLE_SHLIB/*.o" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/freebl/out/Darwin_SINGLE_SHLIB/deprecated/*.o" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/libpkix/pkix/certsel/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/libpkix/pkix/checker/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/libpkix/pkix/crlsel/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/libpkix/pkix/params/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/libpkix/pkix/results/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/libpkix/pkix/store/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/libpkix/pkix/top/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/libpkix/pkix/util/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/libpkix/pkix_pl_nss/module/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/libpkix/pkix_pl_nss/pki/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/libpkix/pkix_pl_nss/system/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/nss/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/pk11wrap/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/pkcs12/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/pkcs7/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/pki/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/smime/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/softoken/out/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/nss/nss/lib/util/out/*.a" + + oslibs="$oslibs $WORKDIR/UnpackedTarball/curl/lib/.libs/*.a" + + oslibs="$oslibs $WORKDIR/UnpackedTarball/xmlsec/src/nss/.libs/*.a" + oslibs="$oslibs $WORKDIR/UnpackedTarball/xmlsec/src/.libs/*.a" ;; *) oslibs= diff --git a/configure.ac b/configure.ac index e8d33b6c3958..6f58132ae7a9 100644 --- a/configure.ac +++ b/configure.ac @@ -9356,10 +9356,6 @@ if test "$with_system_curl" = "yes"; then fi ENABLE_CURL=TRUE -elif test $_os = iOS; then - # Let's see if we need curl, I think not? - AC_MSG_RESULT([none]) - ENABLE_CURL= else AC_MSG_RESULT([internal]) SYSTEM_CURL= @@ -9503,7 +9499,7 @@ AC_SUBST(SYSTEM_OPENLDAP) dnl =================================================================== dnl Check for system NSS dnl =================================================================== -if test $_os != iOS -a "$enable_fuzzers" != "yes"; then +if test "$enable_fuzzers" != "yes"; then libo_CHECK_SYSTEM_MODULE([nss],[NSS],[nss >= 3.9.3 nspr >= 4.8]) AC_DEFINE(HAVE_FEATURE_NSS) ENABLE_NSS="TRUE" diff --git a/external/Module_external.mk b/external/Module_external.mk index f3855063053c..563c78248325 100644 --- a/external/Module_external.mk +++ b/external/Module_external.mk @@ -14,7 +14,7 @@ $(eval $(call gb_Module_add_moduledir,external,msc-externals)) endif $(eval $(call gb_Module_add_moduledirs,external,\ - $(if $(filter-out iOS,$(OS)),$(call gb_Helper_optional,XMLSEC,xmlsec)) \ + $(call gb_Helper_optional,XMLSEC,xmlsec) \ $(call gb_Helper_optional,ABW,libabw) \ $(call gb_Helper_optional,APACHE_COMMONS,apache-commons) \ $(call gb_Helper_optional,APR,apr) \ diff --git a/external/curl/UnpackedTarball_curl.mk b/external/curl/UnpackedTarball_curl.mk index 2cdfbfc08632..6171f17cba48 100644 --- a/external/curl/UnpackedTarball_curl.mk +++ b/external/curl/UnpackedTarball_curl.mk @@ -24,6 +24,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,curl,\ external/curl/curl-msvc-disable-protocols.patch.1 \ external/curl/curl-7.26.0_win-proxy.patch \ external/curl/zlib.patch.0 \ + external/curl/curl-ios.patch.1 \ )) ifeq ($(SYSTEM_NSS),) diff --git a/external/curl/curl-ios.patch.1 b/external/curl/curl-ios.patch.1 new file mode 100644 index 000000000000..1c8fd8f70566 --- /dev/null +++ b/external/curl/curl-ios.patch.1 @@ -0,0 +1,17 @@ +# -*- Mode: Diff -*- +# +# We don't want curl's configure script to add a -mmacosx-version-min +# option when it is for iOS we are building. In that case already $CC +# contains a -miphoneos-version-min option. + +--- curl/configure ++++ curl/configure +@@ -18976,7 +18976,7 @@ + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for *version-min in CFLAGS" >&5 + $as_echo_n "checking for *version-min in CFLAGS... " >&6; } + min="" +- if test -z "$(echo $CFLAGS | grep m.*os.*-version-min)"; then ++ if test -z "$(echo $CC $CFLAGS | grep m.*os.*-version-min)"; then + min="-mmacosx-version-min=10.8" + CFLAGS="$CFLAGS $min" + fi diff --git a/external/nss/ExternalProject_nss.mk b/external/nss/ExternalProject_nss.mk index 2e304bf4f99b..b52dd37c4f81 100644 --- a/external/nss/ExternalProject_nss.mk +++ b/external/nss/ExternalProject_nss.mk @@ -50,12 +50,14 @@ $(call gb_ExternalProject_get_state_target,nss,build): $(call gb_ExternalExecuta $(if $(filter ARM64,$(CPUNAME)),CPU_ARCH=aarch64) \ NSPR_CONFIGURE_OPTS="--build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM)") \ NSDISTMODE=copy \ - $(MAKE) AR="$(AR)" \ + $(MAKE) \ + -j1 \ + AR="$(AR)" \ RANLIB="$(RANLIB)" \ NMEDIT="$(NM)edit" \ COMMA=$(COMMA) \ - CC="$(CC)$(if $(filter ANDROID,$(OS)), -D_PR_NO_LARGE_FILES=1 -DSQLITE_DISABLE_LFS=1)" CCC="$(CXX)" \ - $(if $(CROSS_COMPILING),NSINSTALL="$(call gb_ExternalExecutable_get_command,python) $(SRCDIR)/external/nss/nsinstall.py") \ + CC="$(CC)$(if $(filter iOS,$(OS)), -DNSS_STATIC_SOFTOKEN=1 -DNSS_STATIC_FREEBL=1 -DNSS_STATIC_PKCS11=1)$(if $(filter ANDROID,$(OS)), -D_PR_NO_LARGE_FILES=1 -DSQLITE_DISABLE_LFS=1)" CCC="$(CXX)" \ + $(if $(CROSS_COMPILING),NSINSTALL="$(if $(filter MACOSX,$(OS_FOR_BUILD)),xcrun python3,$(call gb_ExternalExecutable_get_command,python)) $(SRCDIR)/external/nss/nsinstall.py") \ $(if $(filter ANDROID,$(OS)),OS_TARGET=Android OS_TARGET_RELEASE=16 ARCHFLAG="" DEFAULT_COMPILER=clang ANDROID_NDK=$(ANDROID_NDK_HOME) ANDROID_TOOLCHAIN_VERSION=$(ANDROID_GCC_TOOLCHAIN_VERSION) ANDROID_PREFIX=$(HOST_PLATFORM) ANDROID_SYSROOT=$(ANDROID_NDK_HOME)/sysroot ANDROID_TOOLCHAIN=$(ANDROID_BINUTILS_PREBUILT_ROOT)) \ NSS_DISABLE_GTESTS=1 \ nss_build_all \ diff --git a/external/nss/nss-ios.patch b/external/nss/nss-ios.patch index 9d4af2c724e9..65115a96e806 100644 --- a/external/nss/nss-ios.patch +++ b/external/nss/nss-ios.patch @@ -1,3 +1,201 @@ +--- a/a/nss/Makefile ++++ a/a/nss/Makefile +@@ -96,13 +96,11 @@ + ifdef NS_USE_GCC + NSPR_CONFIGURE_ENV = CC=gcc CXX=g++ + endif +-# Make sure to remove -arch arguments. NSPR can't handle that. +-remove_arch = $(filter-out __REMOVEME%,$(subst $(NULL) -arch , __REMOVEME,$(1))) + ifdef CC +-NSPR_CONFIGURE_ENV = CC="$(call remove_arch,$(CC))" ++NSPR_CONFIGURE_ENV = CC="$(CC)" + endif + ifdef CCC +-NSPR_CONFIGURE_ENV += CXX="$(call remove_arch,$(CCC))" ++NSPR_CONFIGURE_ENV += CXX="$(CCC)" + endif + + # +@@ -140,7 +140,6 @@ + + build_nspr: $(NSPR_CONFIG_STATUS) + $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) +- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)/pr/tests + + install_nspr: build_nspr + $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) install +--- a/a/nss/lib/ckfw/builtins/manifest.mn ++++ a/a/nss/lib/ckfw/builtins/manifest.mn +@@ -5,7 +5,7 @@ + + CORE_DEPTH = ../../.. + +-DIRS = . testlib ++DIRS = + + testlib: . + +--- a/a/nss/lib/nss/nssinit.c ++++ a/a/nss/lib/nss/nssinit.c +@@ -278,6 +278,7 @@ + const char *secmodprefix, + char **retoldpath, char **retnewpath) + { ++#ifndef NSS_STATIC_PKCS11 + char *path, *oldpath = NULL, *lastsep; + int len, path_len, secmod_len, dll_len; + +@@ -309,6 +309,10 @@ + } + *retoldpath = oldpath; + *retnewpath = path; ++#else ++ *retoldpath = NULL; ++ *retnewpath = PORT_Strdup("NSSCKBI"); ++#endif + return; + } + +--- a/a/nss/lib/pk11wrap/pk11load.c ++++ a/a/nss/lib/pk11wrap/pk11load.c +@@ -389,6 +389,8 @@ + /* + * load a new module into our address space and initialize it. + */ ++extern CK_RV NSSCKBI_C_GetFunctionList(); ++ + SECStatus + secmod_LoadPKCS11Module(SECMODModule *mod, SECMODModule **oldModule) + { +@@ -465,6 +465,7 @@ + /* load the library. If this succeeds, then we have to remember to + * unload the library if anything goes wrong from here on out... + */ ++#ifndef NSS_STATIC_PKCS11 // With NSS_STATIC_PKCS11, the only module wodule we load here is nssckbi + library = PR_LoadLibrary(mod->dllName); + mod->library = (void *)library; + +@@ -487,6 +487,11 @@ + mod->moduleDBFunc = (void *) + PR_FindSymbol(library, "NSS_ReturnModuleSpecData"); + } ++#else ++ if (strcmp(mod->dllName, "NSSCKBI") == 0) ++ fentry = NSSCKBI_C_GetFunctionList; ++#endif ++ + if (mod->moduleDBFunc == NULL) + mod->isModuleDB = PR_FALSE; + if ((ientry == NULL) && (fentry == NULL)) { +@@ -624,10 +624,12 @@ + } + fail: + mod->functionList = NULL; ++#ifndef NSS_STATIC_PKCS11 + disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD"); + if (library && !disableUnload) { + PR_UnloadLibrary(library); + } ++#endif + return SECFailure; + } + +--- a/a/nss/lib/ckfw/nssck.api ++++ a/a/nss/lib/ckfw/nssck.api +@@ -1842,7 +1842,11 @@ + + /* This one is always present */ + CK_RV CK_ENTRY ++#ifndef NSS_STATIC_PKCS11 + C_GetFunctionList ++#else ++NSSCKBI_C_GetFunctionList ++#endif + ( + CK_FUNCTION_LIST_PTR_PTR ppFunctionList + ) +--- a/a/nss/lib/freebl/loader.c ++++ a/a/nss/lib/freebl/loader.c +@@ -35,6 +35,7 @@ + static PRStatus + freebl_LoadDSO(void) + { ++#ifndef NSS_STATIC_FREEBL + PRLibrary *handle; + const char *name = getLibName(); + +@@ -47,32 +47,42 @@ + if (handle) { + PRFuncPtr address = PR_FindFunctionSymbol(handle, "FREEBL_GetVector"); + if (address) { +- FREEBLGetVectorFn *getVector = (FREEBLGetVectorFn *)address; ++#else ++ FREEBLGetVectorFn *getVector = FREEBL_GetVector; ++#endif + const FREEBLVector *dsoVector = getVector(); + if (dsoVector) { + unsigned short dsoVersion = dsoVector->version; + unsigned short myVersion = FREEBL_VERSION; + if (MSB(dsoVersion) == MSB(myVersion) && + LSB(dsoVersion) >= LSB(myVersion) && + dsoVector->length >= sizeof(FREEBLVector)) { + vector = dsoVector; ++#ifndef NSS_STATIC_FREEBL + libraryName = name; + blLib = handle; ++#else ++ libraryName = "self"; ++#endif + return PR_SUCCESS; + } + } ++ else ++ return PR_FAILURE; ++#ifndef NSS_STATIC_FREEBL + } + #ifdef DEBUG + if (blLib) { + PRStatus status = PR_UnloadLibrary(blLib); + PORT_Assert(PR_SUCCESS == status); + } + #else + if (blLib) + PR_UnloadLibrary(blLib); + #endif + } + return PR_FAILURE; ++#endif + } + + static const PRCallOnceType pristineCallOnce; +@@ -837,6 +837,7 @@ + void + BL_Unload(void) + { ++#ifndef NSS_STATIC_FREEBL + /* This function is not thread-safe, but doesn't need to be, because it is + * only called from functions that are also defined as not thread-safe, + * namely C_Finalize in softoken, and the SSL bypass shutdown callback called +@@ -852,6 +852,7 @@ + PR_UnloadLibrary(blLib); + #endif + } ++#endif + blLib = NULL; + loadFreeBLOnce = pristineCallOnce; + } +--- a/a/nspr/build/autoconf/config.sub 2017-09-07 15:29:45.031246453 +0200 ++++ a/a/nspr/build/autoconf/config.sub 2017-09-07 15:32:13.087235423 +0200 +@@ -111,6 +111,9 @@ + exit 1;; + esac + ++if test $1 = "arm64-apple-darwin"; then echo $1; exit; fi ++if test $1 = "aarch64-apple-darwin"; then echo $1; exit; fi ++ + # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). + # Here we must recognize all the valid KERNEL-OS combinations. + maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` --- a/a/nspr/config/autoconf.mk.in +++ a/a/nspr/config/autoconf.mk.in @@ -67,7 +67,7 @@ @@ -76,7 +274,7 @@ +endif endif - MKDEPEND_DIR = $(CORE_DEPTH)/coreconf/mkdepend + #################################################################### --- a/a/nspr/pr/include/md/_darwin.h +++ a/a/nspr/pr/include/md/_darwin.h @@ -26,6 +26,8 @@ @@ -88,24 +286,14 @@ #elif defined(__aarch64__) #define _PR_SI_ARCHITECTURE "aarch64" #else ---- a/a/nspr/pr/src/Makefile.in -+++ a/a/nspr/pr/src/Makefile.in -@@ -180,7 +180,7 @@ - endif - - ifeq ($(OS_TARGET),MacOSX) --OS_LIBS = -framework CoreServices -framework CoreFoundation -+OS_LIBS = -framework CoreFoundation - endif - - EXTRA_LIBS += $(OS_LIBS) --- a/a/nss/cmd/shlibsign/sign.sh +++ a/a/nss/cmd/shlibsign/sign.sh -@@ -2,6 +2,8 @@ +@@ -2,6 +2,9 @@ # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. + ++# Pointless to sign anything for iOS as we don't build any real shared libraries +exit 0 # arguments: diff --git a/svl/Library_svl.mk b/svl/Library_svl.mk index c49417d21512..bb2e9ad46799 100644 --- a/svl/Library_svl.mk +++ b/svl/Library_svl.mk @@ -21,7 +21,7 @@ $(eval $(call gb_Library_Library,svl)) $(eval $(call gb_Library_use_externals,svl,\ boost_headers \ - $(if $(filter LINUX MACOSX ANDROID %BSD SOLARIS HAIKU,$(OS)), \ + $(if $(filter LINUX MACOSX ANDROID iOS %BSD SOLARIS HAIKU,$(OS)), \ curl) \ icu_headers \ icuuc \ @@ -103,7 +103,7 @@ $(eval $(call gb_Library_use_system_win32_libs,svl,\ crypt32 \ )) else -ifneq (,$(filter DESKTOP,$(BUILD_TYPE))$(filter ANDROID,$(OS))) +ifneq (,$(filter DESKTOP,$(BUILD_TYPE))$(filter ANDROID iOS,$(OS))) $(eval $(call gb_Library_add_defs,svl,\ -DSVL_CRYPTO_NSS \ )) diff --git a/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx b/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx index d486676bff8b..8c71ed12b67d 100644 --- a/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx +++ b/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx @@ -342,12 +342,17 @@ bool nsscrypto_initialize(css::uno::Reference<css::uno::XComponentContext> const #ifdef XMLSEC_CRYPTO_NSS bool return_value = true; -#if defined SYSTEM_NSS +#if defined SYSTEM_NSS || defined IOS // The statically linked nss on iOS acts as a "system" nss in this regards if (!SECMOD_HasRootCerts()) #endif { deleteRootsModule(); +#ifdef IOS // Use statically linked NSS + OUString rootModulePath("NSSCKBI"); + + if (true) +#else #if defined SYSTEM_NSS OUString rootModule("libnssckbi" SAL_DLLEXTENSION); #else @@ -357,6 +362,7 @@ bool nsscrypto_initialize(css::uno::Reference<css::uno::XComponentContext> const OUString rootModulePath; if (::osl::File::E_None == ::osl::File::getSystemPathFromFileURL(rootModule, rootModulePath)) +#endif { OString ospath = OUStringToOString(rootModulePath, osl_getThreadTextEncoding()); OString aStr = "name=\"" ROOT_CERTS "\" library=\"" + ospath + "\""; |