Commit Graph

86 Commits

Author SHA1 Message Date
William Lallemand
7acdc3f6ff DOC: install: remove boringssl from the list of supported libraries
BoringSSL support is known to be broken since 2021, it was removed from
the CI at this time and never fixed.
(30ee2965b6)

Even the QUIC code for boringSSL was removed in 2022.
(e06f7459fa)
2024-06-10 18:54:28 +02:00
Willy Tarreau
555772e961 MINOR: version: mention that it's development again
This essentially reverts 2e42a19cde.
2024-05-29 14:59:19 +02:00
Willy Tarreau
2e42a19cde MINOR: version: mention that it's 3.0 LTS now.
The version will be maintained up to around Q2 2029. Let's
also update the INSTALL file to mention this.
2024-05-29 14:40:26 +02:00
Willy Tarreau
8452a3f7c9 DOC: install: update the range of tested openssl version to cover 3.3
OpenSSL 3.3 is known to work since it's tested on the CI, to let's add
it to the list of known good versions.
2024-05-29 10:23:59 +02:00
Willy Tarreau
2a949be18d DOC: install: update quick build reminders with some missing options
The quick build reminders claimed to present "all options" but were
still missing QUIC. It was also the moment to split FreeBSD and
OpenBSD apart since the latter uses LibreSSL and does not require
the openssl compatibility wrapper. We also replace the hard-coded
number of cpus for the parallel build, by the real number reported
by the system.
2024-05-29 08:43:01 +02:00
Willy Tarreau
763475fa11 DOC: install: clarify the build process by splitting it into subsections
The doc about the build process has grown to a point where it was painful
to read when searching a specific element. This commit cuts it into a few
sub-categories for ease of searching, and it also adds a summary of the
most commonly used makefile variables, their usage and default settings.
2024-04-11 18:02:26 +02:00
Willy Tarreau
ac73a23454 BUILD: makefile: also drop DEBUG_CFLAGS
This one is often used as a gateway to inject regular CFLAGS, even though
not designed for this. It's now ignored, but any attempt at setting it
reports a warning suggesting to use CFLAGS or ARCH_FLAGS instead.
2024-04-11 17:33:28 +02:00
Willy Tarreau
95be48358d BUILD: makefile: rename SPEC_CFLAGS to NOWARN_CFLAGS
Now that the variable only serves to disable warnings, let's give it a
more suitable name and document its (rare) usage for package maintainers.
2024-04-11 17:33:28 +02:00
Willy Tarreau
056c718853 BUILD: makefile: split WARN_CFLAGS from SPEC_CFLAGS
It's currently not possible to only set some -Wno... without breaking
the -W... and conversely. Let's split both sets apart so that it's now
possible to set -W... alone in WARN_CFLAGS to enable only some warnings,
and pass the -Wno... in SPEC_CFLAGS without losing the enabled ones.
2024-04-11 17:33:28 +02:00
Willy Tarreau
fc27ed9f18 BUILD: makefile: add FAILFAST to select the -Wfatal-errors behavior
-Wfatal-errors is set by default and is not supported on older compilers.
Since it's part of all the automatically detected flags, it's painful to
remove when needed. Also it's a matter of taste, some developers might
prefer to get a long list of all errors at once, others prefer that the
build stops immediately after the root cause.

The default is now back to no -Wfatal-errors, and when FAILFAST is set to
any non-empty non-zero value, -Wfatal-errors is added:

 $ make TARGET=linux-glibc USE_OPENSSL=0 USE_QUIC=1 FAILFAST=0 2>&1 | wc
    132     536    6111

 $ make TARGET=linux-glibc USE_OPENSSL=0 USE_QUIC=1 FAILFAST=1 2>&1 | wc
      8      39     362
2024-04-11 17:33:28 +02:00
Willy Tarreau
617e646ec0 BUILD: makefile: make the ERR variable also support 0
It's among the options that change a lot on the developer's side and it's
tempting to change from ERR=1 to ERR=0 on the make command line by reusing
the history, except it doesn't work. Let's explictily permit ERR=0 to
disable -Werror like ERR= does.
2024-04-11 17:33:28 +02:00
Willy Tarreau
81a239cf3d BUILD: makefile: extract ARCH_FLAGS out of LDFLAGS
ARCH_FLAGS used to be merged into LDFLAGS so that it was not possible to
pass extra options to LDFLAGS without losing ARCH_FLAGS. This commit now
splits them apart and leaves LDFLAGS empty by default. The doc explains
how to use it for rpath and such occasional use cases.
2024-04-11 17:33:28 +02:00
Willy Tarreau
88c151f9ca BUILD: makefile: drop the ARCH variable and better document ARCH_FLAGS
ARCH_FLAGS was always present and is documented as being fed to both
CC and LD during the build. This is meant for options that need to be
consistent between the two stages such as -pg, -flto, -fsanitize=address,
-m64, -g etc. Its doc was lacking a bit of clarity though, and it was
not enumerated in the makefile's variables list.

ARCH however was only documented as affecting ARCH_FLAGS, and was just
never used as the only two really usable and supported ARCH_FLAGS options
were -m32 and -m64. In addition it was even written in the makefile that
it was CPU that was affecting the ARCH_FLAGS. Let's just drop ARCH and
improve the documentation on ARCH_FLAGS. Again, if ARCH is set, a warning
is emitted explaining how to proceed.

ARCH_FLAGS is now preset to -g so that we finally have a correct place
to deal with such debugging options that need to be passed to both
stages. The fedora and musl CI workflows were updated to also use it
instead of sticking to duplicate DEBUG_CFLAGS+LDFLAGS.

It's also worth noting that BUILD_ARCH was being passed to the build
process and never used anywhere in the code, so its removal will not
be noticed.
2024-04-11 17:33:28 +02:00
Willy Tarreau
018443b8a1 BUILD: makefile: get rid of the CPU variable
The CPU variable, when used, is almost always exclusively used with
"generic" to disable any CPU-specific optimizations, or "native" to
enable "-march=native". Other options are not used and are just making
CPU_CFLAGS more confusing.

This commit just drops all pre-configured variants and replaces them
with documentation about examples of supported options. CPU_CFLAGS is
preserved as it appears that it's mostly used as a proxy to inject the
distro's CFLAGS, and it's just empty by default.

The CPU variable is checked, and if set to anything but "generic", it
emits a warning about its deprecation and invites the user to read
INSTALL.

Users who would just set CPU_CFLAGS will be able to continue to do so,
those who were using CPU=native will have to pass CPU_CFLAGS=-march=native
and those who were passing one of the other options will find it in the
doc as well.

Note that this also removes the "CPU=" line from haproxy -vv, that most
users got used to seeing set to "generic" or occasionally "native"
anyway, thus that didn't provide any useful information.
2024-04-11 17:33:28 +02:00
Willy Tarreau
8194499bec BUILD: makefile: move -O2 from CPU_CFLAGS to OPT_CFLAGS
CPU_CFLAGS is meant to set the CPU-specific options (-mcpu, -march etc).
The fact that it also includes the optimization level is annoying because
one cannot be set without replacing the other. Let's move the optimization
level to a new independent OPT_CFLAGS that is added early to the list, so
that other CFLAGS (including CPU_CFLAGS) can continue to override it if
necessary.
2024-04-11 17:25:45 +02:00
Willy Tarreau
97725dd136 BUILD: makefile: drop the SMALL_OPTS settings
These settings were appended to the final build CFLAGS and used to
contain a mix of obsolete settings that can equally be passed in one
of the many other variables such as DEFINE or more recently CFLAGS.
Let's just drop the obsolete comment about it, and check if anything
was forced there, then emit a warning suggesting to move that to other
variables such as DEFINE or CFLAGS, so as to be kind to package
maintainers.
2024-04-11 17:25:45 +02:00
Willy Tarreau
5f1768b78a BUILD: makefile: allow to use CFLAGS to append build options
CFLAGS has always been a troublemaker because the variable was preset
based on other options, including dynamically detected ones, so
overriding it would just lose the original contents, forcing users
to resort to various alternatives such as DEFINE, ADDINC or SMALL_OPTS.

Now that the variable's usage was cleared, let's just preset it to
empty (and it MUST absolutely remain like this) and append it at the
end of the compiler's options. This will now allow to change an
optimization level, force a CPU type or disable a warning as users
commonly expect from CFLAGS passed to a makefile, and not to override
*all* the compiler flags as it has progressively become.
2024-04-11 17:25:45 +02:00
Willy Tarreau
772f9a5874 BUILD: pools: make DEBUG_MEMORY_POOLS=1 the default option
This option has been set by default for a very long time and also
complicates the manipulation of the DEBUG variable. Let's make it
the official default and permit to unset it by setting it to zero.
The other pool-related DEBUG options were adjusted to also explicitly
check for the zero value for consistency.
2024-04-11 17:25:45 +02:00
Willy Tarreau
b70981532a BUILD: debug: make DEBUG_STRICT=1 the default
We continue to carry it in the makefile, which adds to the difficulty
of passing new options. Let's make DEBUG_STRICT=1 the default so that
one has to explicitly pass DEBUG_STRICT=0 to disable it. This allows us
to remove the option from the default DEBUG variable in the makefile.
2024-04-11 17:25:45 +02:00
Willy Tarreau
d78c346670 BUILD: makefile: support USE_xxx=0 as well
William rightfully reported that not supporting =0 to disable a USE_xxx
option is sometimes painful (e.g. a script might do USE_xxx=$(command)).
It's not that difficult to handle actually, we just need to consider the
value 0 as empty at the few places that test for an empty string in
options.mk, and in each "ifneq" test in the main Makefile, so let's do
that. We even take care of preserving the original value in the build
options string so that building with USE_OPENSSL=0 will be reported
as-is in haproxy -vv, and with "-OPENSSL" in the feature list.
2024-04-11 11:06:19 +02:00
Abhijeet Rastogi
2192dfa6b6 DOC: install: recommend pcre2
Makefile comments are also updated to recommend the PCRE2 related
options. PCRE1 is EOL by now:

   https://www.mail-archive.com/haproxy@formilux.org/msg41326.html
2024-02-08 08:55:57 +01:00
Lukas Tribus
e9bfc25581 DOC: install: clarify WolfSSL chroot requirements 2024-02-07 11:17:53 +01:00
William Lallemand
6d00505cd3 DOC: INSTALL: require at least WolfSSL 5.6.6
WolfSSL 5.6.6 introduces the equivalent of the clienthello callback, so
lets switch to this version.
2024-01-12 17:48:45 +01:00
Willy Tarreau
0fccee6abe DOC: install: update the list of openssl versions
3.2-final still builds without warnings and works at first glance, so
let's update the list of versions in the INSTALL file.
2023-11-23 16:29:42 +01:00
Ilya Shipitsin
80813cdd2a CLEANUP: assorted typo fixes in the code and comments
This is 37th iteration of typo fixes
2023-11-23 16:23:14 +01:00
William Lallemand
2d213b268e DOC: install: update the wolfSSL required version
WolfSSL 5.6.4 was released with a lot of fixes for HAProxy, update the
required version so all supported reg-tests are working.
2023-11-03 19:02:23 +01:00
Andrew Hopkins
b3f94f8b3b BUILD: ssl: Build with new cryptographic library AWS-LC
This adds a new option for the Makefile USE_OPENSSL_AWSLC, and
update the documentation with instructions to use HAProxy with
AWS-LC.

Update the type of the OCSP callback retrieved with
SSL_CTX_get_tlsext_status_cb with the actual type for
libcrypto versions greater than 1.0.2. This doesn't affect
OpenSSL which casts the callback to void* in SSL_CTX_ctrl.
2023-09-04 18:19:18 +02:00
Frdric Lcaille
53d002dc15 DOC: install: Document how to build a limited support for QUIC
Document how to compile a limited support for QUIC (without QUIC O-RTT)
when building haproxy against OpenSSL (without QUIC support).
2023-07-21 20:27:13 +02:00
Willy Tarreau
9dc8308a67 MINOR: version: mention that it's development again
This essentially reverts b9b6e94474.
2023-05-31 16:28:34 +02:00
Willy Tarreau
b9b6e94474 MINOR: version: mention that it's LTS now.
The version will be maintained up to around Q2 2028. Let's
also update the INSTALL file to mention this.
2023-05-31 16:23:56 +02:00
Willy Tarreau
9afc4170e1 DOC: install: clarify a few points on the wolfSSL build method
Let's make clear which commands goes into the wolfSSL directory and
which one in the haproxy directory. Also, let's add a paragraph in the
QUIC section explaining how to proceed with wolfSSL.
2023-05-31 15:39:21 +02:00
Willy Tarreau
4f634a2e1b DOC: install: mention the common strict-aliasing warning on older compilers
In the errors and warnings section about common issues, it's useful to
mention the strict-aliasing warning that was happening with gcc-4.4 that
may still be found on old systems, especially since it will probably take
ages to build there and the warning is harmless.
2023-05-31 15:27:01 +02:00
William Lallemand
f9c0bca452 DOC: install: specify the minimum openssl version recommended
Specify 1.1.1 as the minimum openssl version with full keywords support
in haproxy configuration.
2023-05-26 14:44:33 +02:00
William Lallemand
44c73cea08 DOC: install: add details about WolfSSL
Add details about WolfSSL compilation and support.
2023-05-26 10:39:27 +02:00
Willy Tarreau
3098540bba DOC: install: update reference to known supported versions
Gcc 13 is known to work, OpenSSL 3.1 and wolfSSL as well. Add a few
hints about build errors when using QUIC + OpenSSL and warnings about
the dramatic OpenSSL 3.x performance regression.
2023-05-24 22:32:46 +02:00
Willy Tarreau
2fefab6f90 DOC: fix a few reported typos in the config and install doc
These are only the few relevant changes among those reported here:

  https://github.com/haproxy/haproxy/actions/runs/4856148287/jobs/8655397661
2023-05-07 07:10:55 +02:00
Willy Tarreau
989c55dc2f MINOR: version: mention that it's development again
This essentially reverts d705b85a4a.
2022-12-01 15:24:10 +01:00
Willy Tarreau
d705b85a4a MINOR: version: mention that it's stable now
This version will be maintained up to around Q1 2024. The INSTALL file
also mentions it.
2022-12-01 15:15:24 +01:00
Christian Ruppert
3214b44702 BUILD: Makefile: Add Lua 5.4 autodetect
This patch is based on:
https://www.mail-archive.com/haproxy@formilux.org/msg39689.html
Thanks to Callum Farmer!

Signed-off-by: Christian Ruppert <idl0r@qasl.de>
2022-07-04 17:28:48 +02:00
Willy Tarreau
6391bb2de0 MINOR: version: it's development again
This essentially reverts b2c1e081f7.
2022-05-31 17:04:45 +02:00
Willy Tarreau
b2c1e081f7 MINOR: version: mention that it's LTS now.
The version will be maintained up to around Q2 2027. Let's
also update the INSTALL file to mention this.
2022-05-31 16:53:13 +02:00
Willy Tarreau
cd50e7673f DOC: install: update supported OpenSSL versions in the INSTALL doc
OpenSSL 3.0 is now supported but was not mentioned. Also, it was
found that OpenSSL 0.9.8 doesn't build anymore since 2.5 due to
some of the functions used in the JWT token processing, and since
nobody complained, it seems it's not worth fixing it so support for
it was removed.
2022-05-31 11:45:50 +02:00
Willy Tarreau
ff3333e658 DOC: install: update gcc version requirements
It turns out that gcc-3.4 doesn't build anymore (and it has probably been
the case since 2.4 or so). gcc-4.2 does build fine though, let's mark it
as the oldest supported one. Now that gcc-12 works, also update the most
recently known-to-work version.
2022-05-11 11:31:15 +02:00
Willy Tarreau
2b4dc5cbfc DOC: fix typo "ant" for "and" in INSTALL
Tomas Zubiri reported this typo in the doc that apparently exists in
2.5 as well.
2022-05-08 10:59:00 +02:00
Willy Tarreau
f985f03fe4 DOC: install: document the fact that SSL engines are not enabled by default
SSL engines used to be built by default for a long time but they're now
disabled consecutive to the API change that makes OpenSSL 3.0 spew plenty
of warnings. Support may still be enabled by passing USE_ENGINE=1.
2022-04-11 19:00:27 +02:00
Ilya Shipitsin
8541748d52 DOC: adjust QUIC instruction in INSTALL
enable-tls1_3 is default, no need to specify it. make "libdir" explicit,
later example uses "lib" which was changed in 3.0.1 to "lib64"
2022-04-11 07:14:55 +02:00
Willy Tarreau
0dd8dd6c71 DOC: install: describe how to choose options used in the DEBUG variable
This enumerates a few of the options that are expected to have an effect
on the process' self-checks at the expense of more or less performance,
and how to choose sets of options for different deployments.
2022-03-01 08:31:50 +01:00
Willy Tarreau
09bdb11cc6 DOC: install: describe the DEP variable
The variable was quickly mentioned in the makefile but not in the INSTALL
file. Let's describe its use cases and limitations.
2022-03-01 07:46:52 +01:00
Willy Tarreau
e97b04b0d7 DOC: install: it's DEBUG_CFLAGS, not DEBUG, which is set to -g
The INSTALL doc stated that the DEBUG variable is set to -g by default
but that's not true, it's DEBUG_CFLAGS.
2022-03-01 07:40:24 +01:00
Willy Tarreau
3b068c45ee MINOR: version: it's development again
This essentially reverts 9dc4057df0.
2021-11-23 15:48:35 +01:00