diff mbox series

[bug#78302,3/3] gnu: Add nginx-http3.

Message ID 14148955ed0a90c32ce2daedd3854e9cc8391a6d.1746646353.git.ashish.is@lostca.se
State New
Headers
Series [bug#78302,1/3] gnu: nginx: Update to 1.27.5. [security fixes] |

Commit Message

Ashish SHUKLA May 7, 2025, 7:37 p.m. UTC 
  This package uses boringssl for QUIC support in nginx.

* gnu/packages/web.scm: Add nginx-http3.

Change-Id: I05348d57d5fcd4be661c3500b186df5e05f24160
---
 gnu/packages/web.scm | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)
diff mbox series

Patch

diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index cab378e582..b4b33fa2f4 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -123,6 +123,7 @@  (define-module (gnu packages web)
   #:use-module (gnu packages build-tools)
   #:use-module (gnu packages certs)
   #:use-module (gnu packages check)
+  #:use-module (gnu packages cmake)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages cpp)
   #:use-module (gnu packages crates-crypto)
@@ -712,6 +713,49 @@  (define-public nginx-documentation
        "This package provides HTML documentation for the nginx web server.")
       (license license:bsd-2))))
 
+(define-public nginx-http3
+  (let* ((boringssl-commit "864a235afcf4d2575b1eab8de96fbf0d84f6cda9")
+         (boringssl (origin
+                      (method git-fetch)
+                      (uri
+                        (git-reference
+                          (url "https://boringssl.googlesource.com/boringssl")
+                          (commit boringssl-commit)))
+                      (file-name (git-file-name "boringssl" boringssl-commit))
+                      (sha256 (base32 "0ayd3519zyrwn9ccmlch3j7qvkg80az7z278n2vhrrl977dakyny")))))
+    (package
+      (inherit nginx)
+      (name "nginx-http3")
+      (inputs
+        (modify-inputs (package-inputs nginx)
+          (replace "openssl" boringssl)))
+      (native-inputs
+        (modify-inputs (package-native-inputs nginx)
+          (append cmake-minimal)))
+      (arguments
+        (substitute-keyword-arguments (package-arguments nginx)
+          ((#:phases phases #~(list))
+           #~(modify-phases #$phases
+               (add-before 'configure 'build-boringssl
+                 (lambda* (#:key inputs parallel-build? #:allow-other-keys)
+                   (mkdir-p "boringssl-build")
+                   (let ((boringssl-build-dir (string-append (getcwd) "/boringssl-build")))
+                     (with-directory-excursion (assoc-ref inputs "openssl")
+                       (invoke "cmake" (string-append "-B" boringssl-build-dir)
+                               "-DCMAKE_BUILD_TYPE=RelWithDebInfo")
+                       (invoke "make" "-C" boringssl-build-dir
+                         (string-append "-j"
+                           (if parallel-build?
+                               (number->string (parallel-job-count))
+                               "1")))))))))
+
+          ((#:configure-flags flags #~(list))
+           #~(cons* "--with-http_v3_module"
+                    (string-append "--with-cc-opt=-I"
+                      (assoc-ref %build-inputs "openssl") "/include")
+                    (string-append "--with-ld-opt=-Lboringssl-build -lstdc++")
+                    #$flags)))))))
+
 (define-public nginx-accept-language-module
   ;; Upstream has never made a release; use current commit instead.
   (let ((commit "2f69842f83dac77f7d98b41a2b31b13b87aeaba7")