NSS tinderbox build slave setup on Windows

How to configure a Windows computer to build and test NSS.

When using a system provided by Mozilla IT:

• use user account cltbld
• programs, startup, edit the autostart command, disable or remove it

When using a clean system:

• follow the instructions found at https://developer.mozilla.org/en/Windows_Build_Prerequisites in particular the "software requirements", which involves (at least) installing an MSVC++ compiler and the Mozilla build package
• setup a user account, e.g. "tinderbox"

Below is the remaining work, which is common for both kind of systems.

First, let's setup outgoing email. We must run this with administrator permissions, because the "blat" command line email sending utility must write its default configuration to the system registry.

• figure out which SMTP server to use, depending on the network, e.g. smtp.mozilla.org
• decide which email address to use for bounces (e.g. youremail+buildslaveidentifier@yourdomain)
• in start menu, find accessoires, find command prompt, right click, run as administrator, cd to the mozilla-build directory, execute the appropriate start-msvc script, based on the compiler you've installed
• run "blat" to verify it's there, and it should print out help instructions
• setup email sending configuration for blat, which which will be stored and used by future invocations of blat. For example, run the following command (and pay special attention to include the trailing - (dash) sign):

 blat -install smtp.mozilla.org youremail+buildslaveidentifier@yourdomain 3 25 -

• you should get a success message (and NO "denied" message)
• test that you're able to send email, run:

 echo hello | blat - -to youraddress

• close the window having admin permissions

Second, the tools being executed by the test scripts might occassionaly crash, and we want the system to bring up prompts related to that. On newer Windows system follow instructions from http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/8e7a7f48-a65e-4cd5-a55a-a62e4f7604cc which in short says:

• control panel
• system and security
• attendance center, attendance, never search for solutions
• (alternatively you might find it at: Action Center, Change Action Center settings, Problem Report Settings, Never check for solutions)

Third, if your system has Windows Firewall enabled, we must configure it to allow incoming connections to the ports that the NSS tests use to run servers. With admin permissions:

• control panel
• windows firewall
• exceptions
• add port (5 times)
  • port numbers 8543, 8544, 8545, 8546, 8641
  • use a name like nss-test-$NUMBER
  • each time change the scope to "my subnet"

Finally, the remaining work will be done in a command prompt with regular permissions. If you like neither vim nor emacs, install another editor that is able to edit files with Unix line endings, e.g. Notepad++

• start cmd
• cd to mozilla-build directory
• run appropriate start-msvc command
• sanity check, run "which blat" and "which cvs" and "which cl", you should get good results.
• figure out where you want the data area to live. The remainder of these instructions will assume that you have a drive E: that we'll use.
• If you have just a single drive C: you should use "mkdir /tinderbox" and in the following instructions replace /e with /tinderbox - it might help you to know that /tinderbox is equivalent to /c/mozilla-build/msys/tinderbox
• Run the following commands to get the required scripts:

 cd /e
 cvs -d :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot co mozilla/security/tinderlight
 mkdir /e/mozilla/security/tinderlight/data/mozilla-cvs
 mkdir /e/pkits

• get PKITS_data.zip, use a browser to download https://kuix.de/mozilla/nss/PKITS_data.zip and place the file into e:\pkits
• back in the command prompt run:

 cd /e/pkits
 unzip PKITS_data.zip

• we must adjust the scripts found in mozilla/security/tinderlight, edit file env.sh and make the following changes:
  • Because NSPR can be built with two alternative flavors of Windows APIs (named WINNT and WIN95), and because Mozilla currently uses the WIN95 flavor, add the following line to the file, to make sure we test what Mozilla needds:

 OS_TARGET=WIN95

• • change MAKE line to make, not gmake:

 MAKE=make

• • change MAIL to good mail command for your environment, (also see above), and set variable TB_SERVER to be empty:

 MAIL="blat - -to tinderbox-daemon@tinderbox.mozilla.org"
 TB_SERVER=""

• • if necessary, adjust CVS_STABLE, e.g. use HEAD for nspr and jss, use NSS_3_13_4_BRANCH for all NSS directories, BUT DON'T change the line with ecl-curve.h (keep at 3_11_1_RTM)
  • enable the correct line for pkits, e.g.:

 export PKITS_DATA=/e/pkits

• • if desired, adjust CYCLE_MAX and CYCLE_TIME values
  • is your machine's IP registered in DNS? is your hostname a fully qualified domain name? If not, you must edit file config.sh and enable good HOST/DOMSUF lines. If your system only has a hostname, but you cannot find a fully qualified domain name for it, you can create an entry in the system's "host" file. Edit file %systemroot%\system32\drivers\etc/hosts, find the line containing "localhost", and append another name to that line. For example, if your hostname is "buildnss123", then append "buildnss123.localdomain" to the line, and configure DOMSUF=localdomain. Save and exit. Test to ping the combination of HOST dot DOMSUF and ensure it works
  • save the file
• have a look at

 ./tinder.sh --help

• You must make a couple of decisions. If you have only a single machine, you'll probably want the build script to alternate between the various combinations. However, combining "--cycles" with other unspecified configurations (which call the script to alternate between the unspecified options) might not work reliably. Recommendation: Only use --cycles if you explicitly configure each of bits, opt and branches to exactly one value.
• let's use a configuration that runs 32 bit, alternates between the branches (trunk/stable), and alternates between opt/debug, and runs all tests on each cycle, and doesn't test JSS.
• Edit new file /e/mozilla/security/tinderlight/run32 that we'll use to start the continous build test cycle, with contents:

 ./tinder.sh --nojss --bits=32 --permcvs=/e/mozilla/security/tinderlight/data/mozilla-cvs

• Save the file and

 chmod +x run

• you could start it automatically at login, but for now we'll start it manually. Go to directory /e/mozilla/security/tinderlight and:

 ./run

Disable "close program" or "debug program" prompts

Occassionally one of the tools will crash. Windows might display a prompt, offering to either "close program" or "debug program". Usually we don't want this prompt, as it requires manual interaction, but the test system is supposed to run without manual interaction. In order to disable the prompt, start the regedt32 tool, navigate to HKLM or HKCU\Software\Microsoft\Windows\Windows Error Reporting\ and create a new DWORD value named DontShowUI and it to 1.