From 6d3fd3e368a6f83ba097afe276b195a2b080a948 Mon Sep 17 00:00:00 2001 From: Adrian Pistol Date: Sat, 21 Oct 2023 00:10:33 +0200 Subject: [PATCH] haproxy: 2.9.2 -> 2.9.3; Enable QUIC support This allows switching SSL Libraries between OpenSSL, QuicTLS, LibreSSL, and WolfSSL. The default is changed to QuicTLS, as it is feature-compatible with OpenSSL and not experimental. Also switched to PCRE2 and Lua 5.4. --- pkgs/tools/networking/haproxy/default.nix | 62 +++++++++++++---------- 1 file changed, 35 insertions(+), 27 deletions(-) diff --git a/pkgs/tools/networking/haproxy/default.nix b/pkgs/tools/networking/haproxy/default.nix index e76317b7c43e..579124a5c90e 100644 --- a/pkgs/tools/networking/haproxy/default.nix +++ b/pkgs/tools/networking/haproxy/default.nix @@ -1,39 +1,44 @@ { useLua ? true , usePcre ? true -# QUIC "is currently supported as an experimental feature" so shouldn't be enabled by default -, useQuicTls ? false , withPrometheusExporter ? true +, sslLibrary ? "quictls" , stdenv , lib , fetchurl , nixosTests , zlib , libxcrypt -, openssl ? null -, quictls ? null -, lua5_3 ? null -, pcre ? null -, systemd ? null +, wolfssl +, libressl +, quictls +, openssl +, lua5_4 +, pcre2 +, systemd }: -assert useLua -> lua5_3 != null; -assert usePcre -> pcre != null; -assert useQuicTls -> quictls != null; -assert !useQuicTls -> openssl != null; - -let sslPkg = if useQuicTls then quictls else openssl; +assert lib.assertOneOf "sslLibrary" sslLibrary [ "quictls" "openssl" "libressl" "wolfssl" ]; +let + sslPkgs = { + inherit quictls openssl libressl; + wolfssl = wolfssl.override { + variant = "haproxy"; + extraConfigureFlags = [ "--enable-quic" ]; + }; + }; + sslPkg = sslPkgs.${sslLibrary}; in stdenv.mkDerivation (finalAttrs: { pname = "haproxy"; - version = "2.9.2"; + version = "2.9.3"; src = fetchurl { url = "https://www.haproxy.org/download/${lib.versions.majorMinor finalAttrs.version}/src/haproxy-${finalAttrs.version}.tar.gz"; - hash = "sha256-hRrugw7CjBeRJGqf1EePZD0RWlY92Qf2YSzDgalSqzw="; + hash = "sha256-7VF8ZavYaUVBH2vLGMfsZXpwaTHLeB6igwY7oKdYWMA="; }; buildInputs = [ sslPkg zlib libxcrypt ] - ++ lib.optional useLua lua5_3 - ++ lib.optional usePcre pcre + ++ lib.optional useLua lua5_4 + ++ lib.optional usePcre pcre2 ++ lib.optional stdenv.isLinux systemd; # TODO: make it work on bsd as well @@ -46,20 +51,23 @@ in stdenv.mkDerivation (finalAttrs: { ]; buildFlags = [ - "USE_OPENSSL=yes" - "SSL_LIB=${sslPkg}/lib" - "SSL_INC=${sslPkg}/include" "USE_ZLIB=yes" - ] ++ lib.optionals useQuicTls [ - "USE_QUIC=1" + "USE_OPENSSL=yes" + "SSL_INC=${lib.getDev sslPkg}/include" + "SSL_LIB=${lib.getDev sslPkg}/lib" + "USE_QUIC=yes" + ] ++ lib.optionals (sslLibrary == "openssl") [ + "USE_QUIC_OPENSSL_COMPAT=yes" + ] ++ lib.optionals (sslLibrary == "wolfssl") [ + "USE_OPENSSL_WOLFSSL=yes" ] ++ lib.optionals usePcre [ - "USE_PCRE=yes" - "USE_PCRE_JIT=yes" + "USE_PCRE2=yes" + "USE_PCRE2_JIT=yes" ] ++ lib.optionals useLua [ "USE_LUA=yes" "LUA_LIB_NAME=lua" - "LUA_LIB=${lua5_3}/lib" - "LUA_INC=${lua5_3}/include" + "LUA_LIB=${lua5_4}/lib" + "LUA_INC=${lua5_4}/include" ] ++ lib.optionals stdenv.isLinux [ "USE_SYSTEMD=yes" "USE_GETADDRINFO=1" @@ -84,7 +92,7 @@ in stdenv.mkDerivation (finalAttrs: { tens of thousands of connections is clearly realistic with todays hardware. ''; - maintainers = with lib.maintainers; [ ]; + maintainers = with lib.maintainers; [ vifino ]; platforms = with lib.platforms; linux ++ darwin; mainProgram = "haproxy"; };