From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 48D2E15817D for ; Fri, 21 Jun 2024 13:17:09 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C2DA1E2AC7; Fri, 21 Jun 2024 13:16:16 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 9BBFCE2AC3 for ; Fri, 21 Jun 2024 13:16:15 +0000 (UTC) From: kangie@gentoo.org To: gentoo-dev@lists.gentoo.org Cc: Matt Jolly Subject: [gentoo-dev] [PATCH 3/3] net-misc/curl: wire up live ebuild for openssl-quic Date: Fri, 21 Jun 2024 23:15:52 +1000 Message-ID: <20240621131552.526393-4-kangie@gentoo.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240621131552.526393-1-kangie@gentoo.org> References: <20240621131552.526393-1-kangie@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Archives-Salt: b1d75bc3-0e93-4a4f-b922-e4749fc16612 X-Archives-Hash: 2e996a8ff4ca03dc8e28edd76fcff524 From: Matt Jolly Thanks to dev-libs/openssl exposing a QUIC API from 3.2, cURL is able to use OpenSSL as a QUIC backend. This commit enables users to select between the `curl_quic_ngtcp2` and `curl_quic_openssl` backends via their associated USE_EXPAND and provides a mechanism to easily add more backends as they are implemented. It also renames the live ebuild's `nghttp3` USE to `http3` to support its use as a generic feature flag, and to align with net-analyzer/wireshark and www-serners/nginx. Finally, we get to drop a disgusting pkg-config workaround thanks to some upstream efforts that render it irrelevant (and detrimental to a successful build). Signed-off-by: Matt Jolly --- net-misc/curl/curl-9999.ebuild | 70 +++++++++++++--------------------- net-misc/curl/metadata.xml | 4 +- 2 files changed, 30 insertions(+), 44 deletions(-) diff --git a/net-misc/curl/curl-9999.ebuild b/net-misc/curl/curl-9999.ebuild index 7f560fb74a9b..b42cca9c5152 100644 --- a/net-misc/curl/curl-9999.ebuild +++ b/net-misc/curl/curl-9999.ebuild @@ -26,16 +26,22 @@ fi LICENSE="BSD curl ISC test? ( BSD-4 )" SLOT="0" -IUSE="+adns +alt-svc brotli debug +ftp gnutls gopher +hsts +http2 idn +imap kerberos ldap mbedtls nghttp3 +openssl +pop3" -IUSE+=" +psl +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd" -# These select the default SSL implementation -IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls" +IUSE="+adns +alt-svc brotli debug +ftp gnutls gopher +hsts +http2 http3 idn +imap kerberos ldap mbedtls +openssl +pop3" +IUSE+=" +psl +progress-meter quic rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd" +# These select the default tls implementation / which quic impl to use +IUSE+=" curl_quic_openssl curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls" RESTRICT="!test? ( test )" -# Only one default ssl provider can be enabled -# The default ssl provider needs its USE satisfied -# nghttp3 = https://bugs.gentoo.org/912029 +# Only one default ssl / quic provider can be enabled +# The default provider needs its USE satisfied REQUIRED_USE=" + quic? ( + ^^ ( + curl_quic_openssl + curl_quic_ngtcp2 + ) + http3 + ) ssl? ( ^^ ( curl_ssl_gnutls @@ -44,13 +50,13 @@ REQUIRED_USE=" curl_ssl_rustls ) ) + curl_quic_openssl? ( openssl ) + curl_quic_ngtcp2? ( gnutls ) curl_ssl_gnutls? ( gnutls ) curl_ssl_mbedtls? ( mbedtls ) curl_ssl_openssl? ( openssl ) curl_ssl_rustls? ( rustls ) - nghttp3? ( - !openssl - alt-svc ) + http3? ( alt-svc quic ) " # cURL's docs and CI/CD are great resources for confirming supported versions @@ -60,20 +66,21 @@ REQUIRED_USE=" # - https://github.com/curl/curl/blob/master/.github/workflows/quiche-linux.yml (CI/CD for TCP/2) # However 'supported' vs 'works' are two entirely different things; be sane but # don't be afraid to require a later version. - +# ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls backend at a time. RDEPEND=" >=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}] adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] ) brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] ) http2? ( >=net-libs/nghttp2-1.12.0:=[${MULTILIB_USEDEP}] ) + http3? ( >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}] ) idn? ( net-dns/libidn2:=[static-libs?,${MULTILIB_USEDEP}] ) kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] ) - nghttp3? ( - >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}] - >=net-libs/ngtcp2-1.2.0[gnutls,ssl,-openssl,${MULTILIB_USEDEP}] - ) psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] ) + quic? ( + curl_quic_openssl? ( >=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] ) + curl_quic_ngtcp2? ( >=net-libs/ngtcp2-1.2.0[gnutls,ssl,-openssl,${MULTILIB_USEDEP}] ) + ) rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] ) ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] ) ssl? ( @@ -104,7 +111,7 @@ BDEPEND=" test? ( sys-apps/diffutils http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] ) - nghttp3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] ) + http3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] ) ) verify-sig? ( sec-keys/openpgp-keys-danielstenberg ) " @@ -262,8 +269,9 @@ multilib_src_configure() { --without-libgsasl $(use_with psl libpsl) --without-msh3 - $(use_with nghttp3) - $(use_with nghttp3 ngtcp2) + $(use_with http3 nghttp3) + $(use_with curl_quic_ngtcp2 ngtcp2) + $(use_with curl_quic_openssl openssl-quic) --without-quiche $(use_with rtmp librtmp) --without-schannel @@ -285,7 +293,7 @@ multilib_src_configure() { ) fi - if use test && multilib_is_native_abi && ( use http2 || use nghttp3 ); then + if use test && multilib_is_native_abi && ( use http2 || use http3 ); then myconf+=( --with-test-nghttpx="${BROOT}/usr/bin/nghttpx" ) @@ -305,30 +313,6 @@ multilib_src_configure() { sed -i -e '/SUBDIRS/s:scripts::' Makefile || die fi - # Fix up the pkg-config file to be more robust. - # https://github.com/curl/curl/issues/864 - local priv=() libs=() - # We always enable zlib. - libs+=( "-lz" ) - priv+=( "zlib" ) - if use http2; then - libs+=( "-lnghttp2" ) - priv+=( "libnghttp2" ) - fi - if use nghttp3; then - libs+=( "-lnghttp3" "-lngtcp2" ) - priv+=( "libnghttp3" "libngtcp2" ) - fi - if use ssl && use curl_ssl_openssl; then - libs+=( "-lssl" "-lcrypto" ) - priv+=( "openssl" ) - fi - grep -q Requires.private libcurl.pc && die "need to update ebuild" - libs=$(printf '|%s' "${libs[@]}") - sed -i -r \ - -e "/^Libs.private/s:(${libs#|})( |$)::g" \ - libcurl.pc || die - echo "Requires.private: ${priv[*]}" >> libcurl.pc || die } multilib_src_compile() { diff --git a/net-misc/curl/metadata.xml b/net-misc/curl/metadata.xml index d79a1ed4affd..884608c7c1f5 100644 --- a/net-misc/curl/metadata.xml +++ b/net-misc/curl/metadata.xml @@ -17,11 +17,13 @@ Enable HTTP Strict Transport Security Enable Internet Message Access Protocol support Enable mbedtls ssl backend - Enable HTTP/3.0 support using net-libs/nghttp3 and net-libs/ngtcp2 + Enable HTTP/3 support using net-libs/nghttp3 + Enable HTTP/3 support Enable openssl ssl backend Enable Post Office Protocol 3 support Enable the progress meter Enable Public Suffix List (PSL) support. See https://daniel.haxx.se/blog/2024/01/10/psl-in-curl/. + Enable support for QUIC (RFC 9000); a UDP-based protocol intended to replace TCP Enable RTMP Streaming Media support Enable Rustls ssl backend Enable Simple Mail Transfer Protocol support -- 2.45.2