Bug 1618782 - Use winchecksec on Windows cross builds too. r=rstewart

Differential Revision: https://phabricator.services.mozilla.com/D68162

browser/config/mozconfigs/win32/common-win32

@@ -28,14 +28,13 @@ mk_add_options "export PATH=${VSPATH}/VC/bin/Hostx64/x86:${MOZ_FETCHES_DIR}/nsis
 
 unset VC_PATH
 
-else # ! Linux
+fi
+
 export WINCHECKSEC="${MOZ_FETCHES_DIR}/winchecksec/winchecksec.exe"
 if [ ! -f "${WINCHECKSEC}" ]; then
     unset WINCHECKSEC
 fi
 
-fi
-
 export PDBSTR="${MOZ_FETCHES_DIR}/pdbstr/pdbstr.exe"
 if [ -f "${PDBSTR}" ]; then
     chmod +x "${PDBSTR}"

browser/config/mozconfigs/win64-aarch64/common-win64

@@ -29,17 +29,22 @@ mk_add_options "export WINEPATH=${VSPATH}/VC/bin/Hostx64/x64"
 
 unset VC_PATH
 
-else # ! Linux
+fi
+
 export WINCHECKSEC="${MOZ_FETCHES_DIR}/winchecksec/winchecksec.exe"
 if [ ! -f "${WINCHECKSEC}" ]; then
     unset WINCHECKSEC
 fi
 
-fi
-
 export PDBSTR="${MOZ_FETCHES_DIR}/pdbstr/pdbstr.exe"
 if [ -f "${PDBSTR}" ]; then
     chmod +x "${PDBSTR}"
 else
     unset PDBSTR
 fi
+
+# Temporary signal to toolchain.configure that our compiler is patched to
+# support CFG, until such support can be assumed.
+if test -z "$USE_ARTIFACT"; then
+  ac_add_options --enable-hardening
+fi

browser/config/mozconfigs/win64/common-win64

@@ -28,14 +28,13 @@ mk_add_options "export PATH=${VSPATH}/VC/bin/Hostx64/x64:${MOZ_FETCHES_DIR}/nsis
 
 unset VC_PATH
 
-else # ! Linux
+fi
+
 export WINCHECKSEC="${MOZ_FETCHES_DIR}/winchecksec/winchecksec.exe"
 if [ ! -f "${WINCHECKSEC}" ]; then
     unset WINCHECKSEC
 fi
 
-fi
-
 export PDBSTR="${MOZ_FETCHES_DIR}/pdbstr/pdbstr.exe"
 if [ -f "${PDBSTR}" ]; then
     chmod +x "${PDBSTR}"

build/win32/autowinchecksec.py

@@ -28,8 +28,14 @@
           "not set, can't check DEP/ASLR etc. status.")
     sys.exit(1)
 
+wine = buildconfig.substs.get('WINE')
+if wine:
+    cmd = [wine, winchecksec_path]
+else:
+    cmd = [winchecksec_path]
+
 try:
-    result = subprocess.check_output([winchecksec_path, '-j', binary_path],
+    result = subprocess.check_output(cmd + ['-j', binary_path],
                                      universal_newlines=True)
 
 except subprocess.CalledProcessError as e:

config/rules.mk

@@ -703,7 +703,7 @@ syms:: $(2)
 $(2): $(1)
 ifdef MOZ_CRASHREPORTER
 	$$(call py3_action,dumpsymbols,$$(abspath $$<) $$(abspath $$@) $$(DUMP_SYMBOLS_FLAGS))
-ifeq ($(HOST_OS_ARCH),WINNT)
+ifeq ($(OS_ARCH),WINNT)
 ifdef WINCHECKSEC
 	$$(PYTHON3) $$(topsrcdir)/build/win32/autowinchecksec.py $$<
 endif # WINCHECKSEC

taskcluster/ci/instrumented-build/kind.yml

@@ -202,6 +202,7 @@ jobs:
                 - linux64-dump-syms
                 - linux64-wine
                 - linux64-liblowercase
+                - win64-winchecksec
             fetch:
                 - nsis-3.01-win
                 - upx-3.95-win
@@ -244,6 +245,7 @@ jobs:
                 - linux64-dump-syms
                 - linux64-wine
                 - linux64-liblowercase
+                - win64-winchecksec
             fetch:
                 - nsis-3.01-win
                 - upx-3.95-win

toolkit/moz.configure

@@ -2008,7 +2008,7 @@ def allow_missing_winchecksec(automation, c_compiler):
 
 check_prog('WINCHECKSEC', ['winchecksec.exe'], paths=toolchain_search_path,
            allow_missing=allow_missing_winchecksec,
-           when=compile_environment & target_is_windows & host_is_windows)
+           when=compile_environment & target_is_windows)
 
 # Fork server
 @depends(target, build_project)