use wolssl and nghttp3/ngtcp2

Signed-off-by: Zoey <zoey@z0ey.de>

.github/workflows/dependency-updates.yml

@@ -5,34 +5,84 @@ on:
  - cron: "0 */6 * * *"
  workflow_dispatch:
 jobs:
- quiche-update:
+ wolfssl-update:
  runs-on: ubuntu-latest
  steps:
  - name: Checkout
  uses: actions/checkout@v4
- - name: update quiche version
+ - name: update wolfssl version
  id: update
  run: |
- QUICHE_VERSION="$(
- git ls-remote --tags https://github.com/cloudflare/quiche \
+ WS_VERSION="$(
+ git ls-remote --tags https://github.com/wolfSSL/wolfssl v*.*.*-stable \
  | cut -d/ -f3 \
  | sort -V \
  | tail -1 \
  | sed -E "s/\^\{\}//"
  )"
- sed -i "s|ARG QUICHE_VERSION=.*|ARG QUICHE_VERSION=$QUICHE_VERSION|" Dockerfile
- sed -i "s|ARG QUICHE_VERSION=.*|ARG QUICHE_VERSION=$QUICHE_VERSION \\\|" alpine.Dockerfile
- sed -i "s|ARG QUICHE_VERSION=.*|ARG QUICHE_VERSION=$QUICHE_VERSION \\\|" debian.Dockerfile
- echo "version=$QUICHE_VERSION" >> $GITHUB_OUTPUT
+ sed -i "s|ARG WS_VERSION=.*|ARG WS_VERSION=$WS_VERSION|" Dockerfile
+ echo "version=$WS_VERSION" >> $GITHUB_OUTPUT
  - name: Create Pull Request
  uses: peter-evans/create-pull-request@v5
  with:
  signoff: true
  delete-branch: true
- commit-message: update quiche version to ${{ steps.update.outputs.version }}
- branch: update-quiche-version
- title: update quiche version to ${{ steps.update.outputs.version }}
- body: update quiche version to ${{ steps.update.outputs.version }}
+ commit-message: update wolfssl version to ${{ steps.update.outputs.version }}
+ branch: update-wolfssl-version
+ title: update wolfssl version to ${{ steps.update.outputs.version }}
+ body: update wolfssl version to ${{ steps.update.outputs.version }}
+ nghttp3-update:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ - name: update nghttp3 version
+ id: update
+ run: |
+ NGH3_VERSION="$(
+ git ls-remote --tags https://github.com/ngtcp2/nghttp3 v*.*.* \
+ | cut -d/ -f3 \
+ | sort -V \
+ | tail -1 \
+ | sed -E "s/\^\{\}//"
+ )"
+ sed -i "s|ARG NGH3_VERSION=.*|ARG NGH3_VERSION=$NGH3_VERSION|" Dockerfile
+ echo "version=$NGH3_VERSION" >> $GITHUB_OUTPUT
+ - name: Create Pull Request
+ uses: peter-evans/create-pull-request@v5
+ with:
+ signoff: true
+ delete-branch: true
+ commit-message: update nghttp3 version to ${{ steps.update.outputs.version }}
+ branch: update-nghttp3-version
+ title: update nghttp3 version to ${{ steps.update.outputs.version }}
+ body: update nghttp3 version to ${{ steps.update.outputs.version }}
+ ngtcp2-update:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ - name: update ngtcp2 version
+ id: update
+ run: |
+ NT2_VERSION="$(
+ git ls-remote --tags https://github.com/ngtcp2/ngtcp2 v*.*.* \
+ | cut -d/ -f3 \
+ | sort -V \
+ | tail -1 \
+ | sed -E "s/\^\{\}//"
+ )"
+ sed -i "s|ARG NT2_VERSION=.*|ARG NT2_VERSION=$NT2_VERSION|" Dockerfile
+ echo "version=$NT2_VERSION" >> $GITHUB_OUTPUT
+ - name: Create Pull Request
+ uses: peter-evans/create-pull-request@v5
+ with:
+ signoff: true
+ delete-branch: true
+ commit-message: update ngtcp2 version to ${{ steps.update.outputs.version }}
+ branch: update-ngtcp2-version
+ title: update ngtcp2 version to ${{ steps.update.outputs.version }}
+ body: update ngtcp2 version to ${{ steps.update.outputs.version }}
  curl-update:
  runs-on: ubuntu-latest
  steps:
@@ -46,11 +96,11 @@ jobs:
  | cut -d/ -f3 \
  | sort -V \
  | tail -1 \
- | sed -E "s/\^\{\}//"
+ | sed -E "s/\^\{\}//" \
+ | sed "s|curl-||g" \
+ | sed "s|_|\.|g"
  )"
  sed -i "s|ARG CURL_VERSION=.*|ARG CURL_VERSION=$CURL_VERSION|" Dockerfile
- sed -i "s|ARG CURL_VERSION=.*|ARG CURL_VERSION=$CURL_VERSION \\\|" alpine.Dockerfile
- sed -i "s|ARG CURL_VERSION=.*|ARG CURL_VERSION=$CURL_VERSION \\\|" debian.Dockerfile
  echo "version=$CURL_VERSION" >> $GITHUB_OUTPUT
  - name: Create Pull Request
  uses: peter-evans/create-pull-request@v5

.github/workflows/docker.yml

@@ -17,7 +17,7 @@ jobs:
  uses: actions/checkout@v4
  - name: Read version
  id: version
- run: echo "version=$(echo $(cat Dockerfile | grep -wE "ARG CURL_VERSION=*" | sed "s|ARG CURL_VERSION=||g" | sed "s| \\\||g" | sed "s|_|\.|g")-quiche-$(cat Dockerfile | grep -wE "ARG QUICHE_VERSION=*" | sed "s|ARG QUICHE_VERSION=||g" | sed "s| \\\||g"))" >> $GITHUB_OUTPUT
+ run: echo "version=$(echo curl-$(cat Dockerfile | grep -wE "ARG CURL_VERSION=*" | sed "s|ARG CURL_VERSION=||g")-wolfssl-$(cat Dockerfile | grep -wE "ARG WS_VERSION=*" | sed "s|ARG WS_VERSION=v\([0-9.]\+\).*|\1|g")-nghttp3-$(cat Dockerfile | grep -wE "ARG NGH3_VERSION=*" | sed "s|ARG NGH3_VERSION=v||g")-ngtcp2-$(cat Dockerfile | grep -wE "ARG NT2_VERSION=*" | sed "s|ARG NT2_VERSION=v||g"))" >> $GITHUB_OUTPUT
  - name: Set up QEMU
  uses: docker/setup-qemu-action@v3
  with:

Dockerfile

@@ -1,25 +1,46 @@
-FROM rust:1.74.1-alpine3.18 as build
+FROM alpine:3.19.0 as build
 
-ARG QUICHE_VERSION=0.20.0
 ARG CURL_VERSION=curl-8_5_0
+ARG WS_VERSION=v5.6.4-stable
+ARG NGH3_VERSION=v1.1.0
+ARG NT2_VERSION=v1.1.0
 
-WORKDIR /src
-RUN apk add --no-cache ca-certificates git build-base cmake autoconf automake libtool nghttp2-dev nghttp2-static zlib-dev zlib-static && \
- git clone --recursive --branch "$QUICHE_VERSION" https://github.com/cloudflare/quiche /src/quiche && \
- cd /src/quiche && \
- CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse cargo build --package quiche --release --features ffi,pkg-config-meta,qlog && \
- mkdir -vp /src/quiche/quiche/deps/boringssl/src/lib && \
- ln -vnf $(find target/release -name libcrypto.a -o -name libssl.a) quiche/deps/boringssl/src/lib && \
- git clone --recursive --branch "$CURL_VERSION" https://github.com/curl/curl /src/curl && \
+RUN apk add --no-cache ca-certificates git build-base cmake autoconf automake coreutils libtool \
+ nghttp2-dev nghttp2-static zlib-dev zlib-static && \
+ \
+ git clone --recursive --branch "$WS_VERSION" https://github.com/wolfSSL/wolfssl /src/wolfssl && \
+ cd /src/wolfssl && \
+ /src/wolfssl/autogen.sh && \
+ /src/wolfssl/configure --prefix=/usr --enable-curl --disable-oldtls --enable-quic --enable-ech --enable-psk --enable-session-ticket --enable-earlydata --disable-shared --enable-static && \
+ make && \
+ make install && \
+ \
+ git clone --recursive --branch "$NGH3_VERSION" https://github.com/ngtcp2/nghttp3 /src/nghttp3 && \
+ cd /src/nghttp3 && \
+ autoreconf -fi && \
+ /src/nghttp3/configure --prefix=/usr --enable-lib-only --disable-shared --enable-static && \
+ make && \
+ make install && \
+ \
+ git clone --recursive --branch "$NT2_VERSION" https://github.com/ngtcp2/ngtcp2 /src/ngtcp2 && \
+ cd /src/ngtcp2 && \
+ autoreconf -fi && \
+ /src/ngtcp2/configure --prefix=/usr --with-wolfssl --enable-lib-only --disable-shared --enable-static && \
+ make && \
+ make install && \
+ \
+ mkdir /src/curl && \
+ wget "https://curl.se/download/curl-$CURL_VERSION.tar.gz" -O - | tar xz -C /src/curl --strip-components=1 && \
  cd /src/curl && \
  autoreconf -fi && \
- ./configure LDFLAGS="-Wl,-rpath,/src/quiche/target/release -static" PKG_CONFIG="pkg-config --static" --with-openssl=/src/quiche/quiche/deps/boringssl/src --with-quiche=/src/quiche/target/release --with-nghttp2 --disable-shared --enable-static && \
- make -j "$(nproc)" LDFLAGS="-Wl,-rpath,/src/quiche/target/release -L/src/quiche/quiche/deps/boringssl/src/lib -L/src/quiche/target/release -static -all-static" && \
+ /src/curl/configure LDFLAGS="-static" PKG_CONFIG="pkg-config --static" --with-wolfssl --with-nghttp2 --with-ngtcp2 --with-nghttp3 --disable-ech --enable-websockets --disable-shared --enable-static --disable-libcurl-option && \
+ make -j "$(nproc)" LDFLAGS="-static -all-static" && \
  strip -s /src/curl/src/curl
 
 FROM alpine:3.19.0
 COPY --from=build /src/curl/src/curl /usr/local/bin/curl
 RUN apk add --no-cache ca-certificates tzdata && \
+ curl -V && \
  curl --compressed --http3-only -sIL https://quic.nginx.org && \
  mkdir -vp /host