[gentoo-dev] [PATCH 3/3] net-misc/curl: wire up live ebuild for openssl-quic

[kangie@gentoo.org]

From: Matt Jolly <kangie@gentoo.org>

Thanks to dev-libs/openssl exposing a QUIC API from
3.2, cURL is able to use OpenSSL as a QUIC backend.

This commit enables users to select between the
`curl_quic_ngtcp2` and `curl_quic_openssl` backends
via their associated USE_EXPAND and provides a mechanism
to easily add more backends as they are implemented.

It also renames the live ebuild's `nghttp3` USE to
`http3` to support its use as a generic feature
flag, and to align with net-analyzer/wireshark
and www-serners/nginx.

Finally, we get to drop a disgusting pkg-config
workaround thanks to some upstream efforts
that render it irrelevant (and detrimental
to a successful build).

Signed-off-by: Matt Jolly <kangie@gentoo.org>
---
 net-misc/curl/curl-9999.ebuild | 70 +++++++++++++---------------------
 net-misc/curl/metadata.xml     |  4 +-
 2 files changed, 30 insertions(+), 44 deletions(-)

diff --git a/net-misc/curl/curl-9999.ebuild b/net-misc/curl/curl-9999.ebuild
index 7f560fb74a9b..b42cca9c5152 100644
--- a/net-misc/curl/curl-9999.ebuild
+++ b/net-misc/curl/curl-9999.ebuild
@@ -26,16 +26,22 @@ fi
 
 LICENSE="BSD curl ISC test? ( BSD-4 )"
 SLOT="0"
-IUSE="+adns +alt-svc brotli debug +ftp gnutls gopher +hsts +http2 idn +imap kerberos ldap mbedtls nghttp3 +openssl +pop3"
-IUSE+=" +psl +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
-# These select the default SSL implementation
-IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
+IUSE="+adns +alt-svc brotli debug +ftp gnutls gopher +hsts +http2 http3 idn +imap kerberos ldap mbedtls +openssl +pop3"
+IUSE+=" +psl +progress-meter quic rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
+# These select the default tls implementation / which quic impl to use
+IUSE+=" curl_quic_openssl curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
 RESTRICT="!test? ( test )"
 
-# Only one default ssl provider can be enabled
-# The default ssl provider needs its USE satisfied
-# nghttp3 = https://bugs.gentoo.org/912029
+# Only one default ssl / quic provider can be enabled
+# The default provider needs its USE satisfied
 REQUIRED_USE="
+	quic? (
+		^^ (
+			curl_quic_openssl
+			curl_quic_ngtcp2
+		)
+		http3
+	)
 	ssl? (
 		^^ (
 			curl_ssl_gnutls
@@ -44,13 +50,13 @@ REQUIRED_USE="
 			curl_ssl_rustls
 		)
 	)
+	curl_quic_openssl? ( openssl )
+	curl_quic_ngtcp2? ( gnutls )
 	curl_ssl_gnutls? ( gnutls )
 	curl_ssl_mbedtls? ( mbedtls )
 	curl_ssl_openssl? ( openssl )
 	curl_ssl_rustls? ( rustls )
-	nghttp3? (
-		!openssl
-		alt-svc )
+	http3? ( alt-svc quic )
 "
 
 # cURL's docs and CI/CD are great resources for confirming supported versions
@@ -60,20 +66,21 @@ REQUIRED_USE="
 # - https://github.com/curl/curl/blob/master/.github/workflows/quiche-linux.yml (CI/CD for TCP/2)
 # However 'supported' vs 'works' are two entirely different things; be sane but
 # don't be afraid to require a later version.
-
+# ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls backend at a time.
 RDEPEND="
 	>=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
 	adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] )
 	brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
 	http2? ( >=net-libs/nghttp2-1.12.0:=[${MULTILIB_USEDEP}] )
+	http3? ( >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}] )
 	idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] )
 	kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
 	ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
-	nghttp3? (
-		>=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}]
-		>=net-libs/ngtcp2-1.2.0[gnutls,ssl,-openssl,${MULTILIB_USEDEP}]
-	)
 	psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
+	quic? (
+		curl_quic_openssl? ( >=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] )
+		curl_quic_ngtcp2? ( >=net-libs/ngtcp2-1.2.0[gnutls,ssl,-openssl,${MULTILIB_USEDEP}] )
+	)
 	rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
 	ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
 	ssl? (
@@ -104,7 +111,7 @@ BDEPEND="
 	test? (
 		sys-apps/diffutils
 		http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
-		nghttp3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+		http3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
 	)
 	verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
 "
@@ -262,8 +269,9 @@ multilib_src_configure() {
 		--without-libgsasl
 		$(use_with psl libpsl)
 		--without-msh3
-		$(use_with nghttp3)
-		$(use_with nghttp3 ngtcp2)
+		$(use_with http3 nghttp3)
+		$(use_with curl_quic_ngtcp2 ngtcp2)
+		$(use_with curl_quic_openssl openssl-quic)
 		--without-quiche
 		$(use_with rtmp librtmp)
 		--without-schannel
@@ -285,7 +293,7 @@ multilib_src_configure() {
 		)
 	fi
 
-	if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then
+	if use test && multilib_is_native_abi && ( use http2 || use http3 ); then
 		myconf+=(
 			--with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
 		)
@@ -305,30 +313,6 @@ multilib_src_configure() {
 		sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
 	fi
 
-	# Fix up the pkg-config file to be more robust.
-	# https://github.com/curl/curl/issues/864
-	local priv=() libs=()
-	# We always enable zlib.
-	libs+=( "-lz" )
-	priv+=( "zlib" )
-	if use http2; then
-		libs+=( "-lnghttp2" )
-		priv+=( "libnghttp2" )
-	fi
-	if use nghttp3; then
-		libs+=( "-lnghttp3" "-lngtcp2" )
-		priv+=( "libnghttp3" "libngtcp2" )
-	fi
-	if use ssl && use curl_ssl_openssl; then
-		libs+=( "-lssl" "-lcrypto" )
-		priv+=( "openssl" )
-	fi
-	grep -q Requires.private libcurl.pc && die "need to update ebuild"
-	libs=$(printf '|%s' "${libs[@]}")
-	sed -i -r \
-		-e "/^Libs.private/s:(${libs#|})( |$)::g" \
-		libcurl.pc || die
-	echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
 }
 
 multilib_src_compile() {
diff --git a/net-misc/curl/metadata.xml b/net-misc/curl/metadata.xml
index d79a1ed4affd..884608c7c1f5 100644
--- a/net-misc/curl/metadata.xml
+++ b/net-misc/curl/metadata.xml
@@ -17,11 +17,13 @@
 		<flag name="hsts">Enable HTTP Strict Transport Security</flag>
 		<flag name="imap">Enable Internet Message Access Protocol support</flag>
 		<flag name="mbedtls">Enable mbedtls ssl backend</flag>
-		<flag name="nghttp3">Enable HTTP/3.0 support using <pkg>net-libs/nghttp3</pkg> and <pkg>net-libs/ngtcp2</pkg></flag>
+		<flag name="nghttp3">Enable HTTP/3 support using <pkg>net-libs/nghttp3</pkg></flag>
+		<flag name="http3">Enable HTTP/3 support</flag>
 		<flag name="openssl">Enable openssl ssl backend</flag>
 		<flag name="pop3">Enable Post Office Protocol 3 support</flag>
 		<flag name="progress-meter">Enable the progress meter</flag>
 		<flag name="psl">Enable Public Suffix List (PSL) support. See https://daniel.haxx.se/blog/2024/01/10/psl-in-curl/.</flag>
+		<flag name="quic">Enable support for QUIC (RFC 9000); a UDP-based protocol intended to replace TCP</flag>
 		<flag name="rtmp">Enable RTMP Streaming Media support</flag>
 		<flag name="rustls">Enable Rustls ssl backend</flag>
 		<flag name="smtp">Enable Simple Mail Transfer Protocol support</flag>
-- 
2.45.2