BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

haproxy: 2.9.2 -> 2.9.3; Enable QUIC support

Browse source 
This allows switching SSL Libraries between OpenSSL, QuicTLS, LibreSSL,
and WolfSSL.
The default is changed to QuicTLS, as it is feature-compatible with
OpenSSL and not experimental.
Also switched to PCRE2 and Lua 5.4.
This commit is contained in:
Adrian Pistol 2023-10-21 00:10:33 +02:00
parent 156d23e183
commit 6d3fd3e368
1 changed files with 35 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

62
pkgs/tools/networking/haproxy/default.nix
View file

@ -1,39 +1,44 @@
{ useLua ? true { useLua ? true
, usePcre ? true , usePcre ? true
# QUIC "is currently supported as an experimental feature" so shouldn't be enabled by default
, useQuicTls ? false
, withPrometheusExporter ? true , withPrometheusExporter ? true
, sslLibrary ? "quictls"
, stdenv , stdenv
, lib , lib
, fetchurl , fetchurl
, nixosTests , nixosTests
, zlib , zlib
, libxcrypt , libxcrypt
, openssl ? null , wolfssl
, quictls ? null , libressl
, lua5_3 ? null , quictls
, pcre ? null , openssl
, systemd ? null , lua5_4
, pcre2
, systemd
}: }:
assert useLua -> lua5_3 != null; assert lib.assertOneOf "sslLibrary" sslLibrary [ "quictls" "openssl" "libressl" "wolfssl" ];
assert usePcre -> pcre != null; let
assert useQuicTls -> quictls != null; sslPkgs = {
assert !useQuicTls -> openssl != null; inherit quictls openssl libressl;
wolfssl = wolfssl.override {
let sslPkg = if useQuicTls then quictls else openssl; variant = "haproxy";
extraConfigureFlags = [ "--enable-quic" ];
};
};
sslPkg = sslPkgs.${sslLibrary};
in stdenv.mkDerivation (finalAttrs: { in stdenv.mkDerivation (finalAttrs: {
pname = "haproxy"; pname = "haproxy";
version = "2.9.2"; version = "2.9.3";
src = fetchurl { src = fetchurl {
url = "https://www.haproxy.org/download/${lib.versions.majorMinor finalAttrs.version}/src/haproxy-${finalAttrs.version}.tar.gz"; url = "https://www.haproxy.org/download/${lib.versions.majorMinor finalAttrs.version}/src/haproxy-${finalAttrs.version}.tar.gz";
hash = "sha256-hRrugw7CjBeRJGqf1EePZD0RWlY92Qf2YSzDgalSqzw="; hash = "sha256-7VF8ZavYaUVBH2vLGMfsZXpwaTHLeB6igwY7oKdYWMA=";
}; };
buildInputs = [ sslPkg zlib libxcrypt ] buildInputs = [ sslPkg zlib libxcrypt ]
++ lib.optional useLua lua5_3 ++ lib.optional useLua lua5_4
++ lib.optional usePcre pcre ++ lib.optional usePcre pcre2
++ lib.optional stdenv.isLinux systemd; ++ lib.optional stdenv.isLinux systemd;
# TODO: make it work on bsd as well # TODO: make it work on bsd as well
@ -46,20 +51,23 @@ in stdenv.mkDerivation (finalAttrs: {
]; ];
buildFlags = [ buildFlags = [
"USE_OPENSSL=yes"
"SSL_LIB=${sslPkg}/lib"
"SSL_INC=${sslPkg}/include"
"USE_ZLIB=yes" "USE_ZLIB=yes"
] ++ lib.optionals useQuicTls [ "USE_OPENSSL=yes"
"USE_QUIC=1" "SSL_INC=${lib.getDev sslPkg}/include"
"SSL_LIB=${lib.getDev sslPkg}/lib"
"USE_QUIC=yes"
] ++ lib.optionals (sslLibrary == "openssl") [
"USE_QUIC_OPENSSL_COMPAT=yes"
] ++ lib.optionals (sslLibrary == "wolfssl") [
"USE_OPENSSL_WOLFSSL=yes"
] ++ lib.optionals usePcre [ ] ++ lib.optionals usePcre [
"USE_PCRE=yes" "USE_PCRE2=yes"
"USE_PCRE_JIT=yes" "USE_PCRE2_JIT=yes"
] ++ lib.optionals useLua [ ] ++ lib.optionals useLua [
"USE_LUA=yes" "USE_LUA=yes"
"LUA_LIB_NAME=lua" "LUA_LIB_NAME=lua"
"LUA_LIB=${lua5_3}/lib" "LUA_LIB=${lua5_4}/lib"
"LUA_INC=${lua5_3}/include" "LUA_INC=${lua5_4}/include"
] ++ lib.optionals stdenv.isLinux [ ] ++ lib.optionals stdenv.isLinux [
"USE_SYSTEMD=yes" "USE_SYSTEMD=yes"
"USE_GETADDRINFO=1" "USE_GETADDRINFO=1"
@ -84,7 +92,7 @@ in stdenv.mkDerivation (finalAttrs: {
tens of thousands of connections is clearly realistic with todays tens of thousands of connections is clearly realistic with todays
hardware. hardware.
''; '';
maintainers = with lib.maintainers; [ ]; maintainers = with lib.maintainers; [ vifino ];
platforms = with lib.platforms; linux ++ darwin; platforms = with lib.platforms; linux ++ darwin;
mainProgram = "haproxy"; mainProgram = "haproxy";
}; };