Package Details: nginx-quic 1.21.3-2

Git Clone URL: https://aur.archlinux.org/nginx-quic.git (read-only, click to copy)
Package Base: nginx-quic
Description: Lightweight HTTP server and IMAP/POP3 proxy server, HTTP/3 QUIC branch
Upstream URL: https://nginx.org
Keywords: http3 nginx quic webserver
Licenses: custom
Conflicts: nginx
Provides: nginx, nginx-mainline
Submitter: DasSkelett
Maintainer: DasSkelett
Last Packager: DasSkelett
Votes: 4
Popularity: 0.087738
First Submitted: 2020-12-20 02:20
Last Updated: 2021-09-12 23:05

Required by (168)

Sources (4)

Latest Comments

1 2 Next › Last »

jskier commented on 2021-09-13 00:43

Thank you, works now.

I was able to remove D_FORTIFY_SOURCE revert and it still compiles, I'll play around with it some more; not sure if that was the problem.

DasSkelett commented on 2021-09-12 22:05

Ugh, I feared this would happen. I removed the workarounds for the broken boringssl compilation in the last update, as I saw some upstream commits that might have fixed them. My compile tests worked just fine, with D_FORTIFY_SOURCE set and after clearing the ccache cache. But apparently it still fails for others.
Sorry for the disruption.

I'm going to push a commit adding the workarounds back, and with some additional changes that should speed up compile time, especially without ccache.
If you encounter problems again, please let me know.

jskier commented on 2021-09-12 19:57

1.21.3-1, build seems to fail right away on boringssl: nginx-quic/src/boringssl/crypto/test/abi_test.cc: In function ‘void abi_test::internal::FatalError(Args ...) [with Args = {const char*}]’: /home/user/.cache/yay/nginx-quic/src/boringssl/crypto/test/abi_test.cc:211:8: error: ignoring return value of ‘ssize_t write(int, const void*, size_t)’ declared with attribute ‘warn_unused_result’ [-Werror=unused-result] 211 | write(STDERR_FILENO, buf, strlen(buf)); | ~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

DasSkelett commented on 2021-09-05 19:43

As per @dantix' suggestion, this package now also provides nginx-mainline, and is restructured to a split-package with the additional nginx-quic-src.

Quick testing with the echo module went well. However not all (AUR) extension packages may work fine with the QUIC additions (or are just outdated in general).

If you are concerned about your storage space, be aware that makepkg -i builds and installs the source package as well (which is 14 MiB zstd-compressed and 25 MiB on-disk), in this case you should not use -i but install the binary package manually (and remove the -src.pkg.tar.zst).

DasSkelett commented on 2021-09-05 13:26

@dantix that would make sense, I guess. But there appears to be more to it than just adding a provides for nginx-mainline, the modules all depend on a -src package as well. So I need to make this a split package, find out how to package sources in general and how the extension modules expect this source to be packaged. I'll take a look when I have some time.

dantix commented on 2021-09-04 22:36

Hi, wouldn't it make sense to set nginx-mainline in provides in order to support mainline extensions since it is same version as mainline?

DasSkelett commented on 2021-06-11 12:31

2021-07-14: I'm aware of the nginx mainline 1.21.1 release. However, this time there's a merge conflict when trying to merge the mainline commits into the nginx-quic branch. It's difficult to handle these programmatically inside the build script.
I'm hoping that upstream will do the merge themselves soon, so I can update the package.
Edit: Done, upstream merged with default branch.

2021-06-11: I just switched the package over to the upstream merge of 1.21.0, and also included some newer commits (+ updated boringssl).

It looks like this has fixed whatever was broken previously, QUIC works fine in Firefox and Chrome again!

Important breaking change: the $http3 variable has been removed. If you used it in the Alt-Svc header or logging, you need to replace it with h3-29or even just h3. Keep in mind that Firefox 89 does not yet recognize the final h3= in the Alt-Svc header (will be enabled in Firefox 90), so you need to keep h3-29= around for now. Example:

add_header Alt-Svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';

DasSkelett commented on 2021-05-26 10:23

Updated to 1.21.0-ish, which contains some exciting QUIC changes (connection migration), and also a fix for CVE-2021-23017 (resolver 1-byte memory overwrite).

You may encounter issues building with GCC 11, I'm looking for ways to fix this. In theory it's just a new warning, but unfortunately boringssl forces -Werror in their CMakeLists.txt. If someone has an idea or the necessary CMake knowledge to circumvent this without writing a custom patch, I'd be glad for some advice.

Edit: I think I was able to find an acceptable fix, please let me know if it still doesn't work.

Edit 2: While compilation works fine, nginx-quic 1.21.0 seems to be broken when acting as proxy. No idea whether this is caused by plain nginx changes, nginx-quic additions or some incompatibility between them. Will keep an eye on it and update the package if I spot an obvious fix commit. In the mean time you might want to hold off updating to 1.21.0.

jskier commented on 2021-04-25 01:44

Works great now, thanks!

DasSkelett commented on 2021-04-24 19:57

That's interesting. This abi_test.cc unused result... error happens if you build with -D_FORTIFY_SOURCE, which turns some minor code quality issues into errors (in this case it's return values of Boringssl test functions called being ignored, which probably isn't a big deal).

The PKGBUILD contains a line to overwrite -D_FORTIFY_SOURCE with 0 if it's set in the $CPPFLAGS environment variable. But testing shows that setting it in $CXXFLAGS makes the compilation fail as well.

While I bumped the Boringssl commit as well with the nginx 1.20 update, I don't think it caused it, since I had the problem before. I suspect your build environment changed (something has added -D_FORTIFY_SOURCE to the $CXXFLAGS), which causes the build to fail now. In any case, I'm about to push fix to also clear the option from $CXXFLAGS like it already happens with $CPPFLAGS.

Edit: pushed the fix, please try again, it should work for you as well now.

Further edit: Looks like pacman got an update that changed some build flags, including moving -D_FORTIFY_SOURCE to $CFLAGS and making $CXXFLAGS a copy of $CFLAGS. So that's what changed.
- https://github.com/archlinux/svntogit-packages/commit/a790c389cb0fd2ddd35e1f581ee337f6891801fc
- https://gitlab.archlinux.org/archlinux/rfcs/-/blob/master/rfcs/0003-buildflags.rst#specification