Commit Graph

619 Commits

Author SHA1 Message Date
Andrew Hopkins
b3f94f8b3b BUILD: ssl: Build with new cryptographic library AWS-LC
This adds a new option for the Makefile USE_OPENSSL_AWSLC, and
update the documentation with instructions to use HAProxy with
AWS-LC.

Update the type of the OCSP callback retrieved with
SSL_CTX_get_tlsext_status_cb with the actual type for
libcrypto versions greater than 1.0.2. This doesn't affect
OpenSSL which casts the callback to void* in SSL_CTX_ctrl.
2023-09-04 18:19:18 +02:00
Willy Tarreau
bd84387beb MEDIUM: capabilities: enable support for Linux capabilities
For a while there has been the constraint of having to run as root for
transparent proxying, and we're starting to see some cases where QUIC is
not running in socket-per-connection mode due to the missing capability
that would be needed to bind a privileged port. It's not realistic to
ask all QUIC users on port 443 to run as root, so instead let's provide
a basic support for capabilities at least on linux. The ones currently
supported are cap_net_raw, cap_net_admin and cap_net_bind_service. The
mechanism was made OS-specific with a dedicated file because it really
is. It can be easily refined later for other OSes if needed.

A new keyword "setcaps" is added to the global section, to enumerate the
capabilities that must be kept when switching from root to non-root. This
is ignored in other situations though. HAProxy has to be built with
USE_LINUX_CAP=1 for this to be supported, which is enabled by default
for linux-glibc, linux-glibc-legacy and linux-musl.

A good way to test this is to start haproxy with such a config:

    global
        uid 1000
        setcap cap_net_bind_service

    frontend test
        mode http
        timeout client 3s
        bind quic4@:443 ssl crt rsa+dh2048.pem allow-0rtt

and run it under "sudo strace -e trace=bind,setuid", then connecting
there from an H3 client. The bind() syscall must succeed despite the
user id having been switched.
2023-08-29 11:11:50 +02:00
Amaury Denoyelle
5db6dde058 MINOR: proto: define dedicated protocol for active reverse connect
A new protocol named "reverse_connect" is created. This will be used to
instantiate connections that are opened by a reverse bind.

For the moment, only a minimal set of callbacks are defined with no real
work. This will be extended along the next patches.
2023-08-24 17:02:37 +02:00
Aurelien DARRAGON
3b4d2b7975 DEV: makefile: fix POSIX compatibility for "range" target
make "range" which was introduced with 06d34d4 ("DEV: makefile: add a
new "range" target to iteratively build all commits") does not work with
POSIX shells (namely: bourne shell), and will fail with this kind of
errors:

   |/bin/sh: 6: Syntax error: "(" unexpected (expecting ")")
   |make: *** [Makefile:1226: range] Error 2

This is because arrays and arithmetic expressions which are used for the
"range" target are not supported by sh (unlike bash and other "modern"
interpreters).

However the make "all" target already complies with POSIX, so in this
commit we try to make "range" target POSIX compliant to ensure that the
makefile works as expected on systems where make uses /bin/sh as default
intepreter and where /bin/sh points to POSIX shell.
2023-08-17 00:09:05 +02:00
William Lallemand
6ecb7df4e1 BUILD: Makefile: realigned USE_* options in make help
Realigned the USE_* options of `make help` because of the length of
USE_QUIC_OPENSSL_COMPAT.

No backport needed.
2023-08-17 00:03:01 +02:00
William Lallemand
17bfc75974 BUILD: Makefile: add USE_QUIC_OPENSSL_COMPAT to make help
Add the missing USE_QUIC_OPENSSL_COMPAT option to `make help`.

No backport needed.
2023-08-17 00:01:27 +02:00
William Lallemand
1b5f9de1b4 BUILD: Makefile: add the USE_QUIC option to make help
Add the missing "USE_QUIC" option to `make help`.

Must be backported as far as 2.4.
2023-08-16 23:41:15 +02:00
Willy Tarreau
06d34d40db DEV: makefile: add a new "range" target to iteratively build all commits
This will iterate over all commits in the range passed in RANGE, or all
those from master to RANGE if no ".." exists in RANGE, and run "make all"
with the exact same variables. This aims to ease the verification that
no build failure exists inside a series. In case of error, it prints the
faulty commit and stops there with the tree checked out. Example:

  $ make-disctcc range RANGE=HEAD
  Found 14 commit(s) in range master..HEAD.
  Current branch is 20230809-plock+tbl+peers-4
  Starting to building now...
  [ 1/14 ]   392922bc5 #############################
  (...)
  Done! 14 commit(s) built successfully for RANGE master..HEAD

Maybe in the future it will automatically use HEAD as a default for RANGE
depending on the feedback.

It's not listed in the help target so as not to encourage users to try it
as it can very quickly become confusing due to the checkouts.
2023-08-09 18:02:30 +02:00
Frédéric Lécaille
444c1a4113 MINOR: quic: Split QUIC connection code into three parts
Move the TX part of the code to quic_tx.c.
Add quic_tx-t.h and quic_tx.h headers for this TX part code.
The definition of quic_tx_packet struct has been move from quic_conn-t.h to
quic_tx-t.h.

Same thing for the TX part:
Move the RX part of the code to quic_rx.c.
Add quic_rx-t.h and quic_rx.h headers for this TX part code.
The definition of quic_rx_packet struct has been move from quic_conn-t.h to
quic_rx-t.h.
2023-07-27 10:51:03 +02:00
Frédéric Lécaille
7008f16d57 MINOR: quic: Add a new quic_ack.c C module for QUIC acknowledgements
Extract the code in relation with the QUIC acknowledgements from quic_conn.c
to quic_ack.c to accelerate the compilation of quic_conn.c.
2023-07-27 10:51:03 +02:00
Frédéric Lécaille
f454b78fa9 MINOR: quic: Add new "QUIC over SSL" C module.
Move the code which directly calls the functions of the OpenSSL QUIC API into
quic_ssl.c new C file.
Some code have been extracted from qc_conn_finalize() to implement only
the QUIC TLS part (see quic_tls_finalize()) into quic_tls.c.
qc_conn_finalize() has also been exported to be used from this new quic_ssl.c
C module.
2023-07-27 10:51:03 +02:00
Frédéric Lécaille
953e67abb6 MINOR: quic: Export QUIC CLI code from quic_conn.c
To accelerate the compilation of quic_conn.c file, export the code in relation
with the QUIC CLI from quic_conn.c to quic_cli.c.
2023-07-27 10:51:03 +02:00
Frédéric Lécaille
6334f4f6c5 MINOR: quic: Export QUIC traces code from quic_conn.c
To accelerate the compilation of quic_conn.c file, export the code in relation
with the traces from quic_conn.c to quic_trace.c.
Also add some headers (quic_trace-t.h and quic_trace.h).
2023-07-27 10:51:03 +02:00
Frédéric Lécaille
2f155639a8 MINOR: quic: Add a compilation option for the QUIC OpenSSL wrapper
Add USE_QUIC_OPENSSL_COMPAT new compilation option to support the
QUIC OpenSSL wrapper build.
2023-07-21 15:53:41 +02:00
Willy Tarreau
7663301ea7 BUILD: Makefile: use -pthread not -lpthread when threads are enabled
-pthread is normally the right way to enable threads, it involves -lpthread
at the end of the arguments, and also enables -D_REENTRANT=1. We normally
don't care about the subtle difference, but building with a static openssl
library that has threads enabled breaks because -lpthread is placed before
the SSL_LDFLAGS and openssl doesn't find pthread_atfork().

Let's change the flag to -pthread once for all, that's something we've
considered over the last decade without having a good reason to do it
since it didn't bring any value. Now at least it fixes a build issues,
this is a good reason. This doesn't need to be backported since it is
one of the consequences of the new more flexible build options in 2.8.
2023-05-31 12:06:41 +02:00
Willy Tarreau
6626195ff2 BUILD: makefile: search for SSL_INC/wolfssl before SSL_INC
Building with an install of wolfssl and openssl side-by-side breaks
because for wolfssl we need the two include levels and since some
names are in common, this results in some files being found in the
original openssl tree. Let's swap the two include paths so that all
that is related to wolfssl is found there first when needed.

No backport is needed.
2023-05-25 20:17:27 +02:00
Willy Tarreau
6777357a5e BUILD: makefile: fix build options when building tools first
Due to the test on the target introduced by commit 9577a152b ("BUILD:
makefile: do not erase build options for some build options"), if a
tool (e.g. halog) is build first before haproxy after a clean or a
fresh source extraction, the .build_opts file does not exist and
"make" complains since there's no such target. Make sure to define
the empty target for all "else" blocks there. No backport is needed.
2023-05-24 17:23:45 +02:00
Willy Tarreau
9577a152b5 BUILD: makefile: do not erase build options for some build options
One painfully annoying thing with the build options change detection
is that they get rebuild for about everything except when the build
target is exactly "reg-tests". But in practice every time reg tests
are run we end up having to experience a full rebuild because the
reg-tests script runs "make version" which is sufficient to refresh
the file.

There are two issues here. The first one is that we ought to skip all
targets that do not make use of the build options. This includes all
the tools such as "flags" for example, or utility targets like "tags",
"help" or "version". The second issue is that with most of these extra
targets we do not set the TARGET variable, and that one is used when
creating the build_opts file, so let's preserve the file when TARGET
is not set.

Now it's possible to re-run a make after a make reg-tests without having
to rebuild the whole project.
2023-05-24 16:23:24 +02:00
Willy Tarreau
060769836e CLEANUP: makefile: don't display a dummy features list without a target
"make help" ends with a list of enabled/disabled features for TARGET '',
which makes no sense. Let's only display enabled/disabled features when
a target is set. It also removes visual pollution when users seek help.
2023-05-24 16:23:24 +02:00
Dragan Dosen
c2d35dc84a BUG/MINOR: makefile: use USE_LIBATOMIC instead of USE_ATOMIC
The issue was introduced with commit c108f37c2 ("BUILD: makefile:
rework 51D to split v3/v4"), and is also related to commit b16d9b58
("BUILD: makefile: never force -latomic, set USE_LIBATOMIC instead")
where USE_ATOMIC has been replaced.
2023-05-15 16:08:03 +02:00
Willy Tarreau
29dcc5e559 DEBUG: list: add DEBUG_LIST to purposely corrupt list heads after delete
LIST_DELETE doesn't affect the previous pointers of the stored element.
This can sometimes hide bugs when such a pointer is reused by accident
in a LIST_NEXT() or equivalent after having been detached for example, or
ia another LIST_DELETE is performed again, something that LIST_DEL_INIT()
is immune to. By compiling with -DDEBUG_LIST, we'll replace a freshly
detached list element with two invalid pointers that will cause a crash
in case of accidental misuse. It's not enabled by default.
2023-05-11 11:33:35 +02:00
Frédéric Lécaille
db4bc6b4f3 MINOR: quic: Add a fake congestion control algorithm named "nocc"
This algorithm does nothing except initializing the congestion control window
to a fixed value. Very smart!

Modify the QUIC congestion control configuration parser to support this new
algorithm. The congestion control algorithm must be set as follows:

     quic-cc-algo nocc-<cc window size(KB))

For instance if "nocc-15" is provided as quic-cc-algo keyword value, this
will set a fixed window of 15KB.
2023-03-31 17:09:03 +02:00
David Carlier
cec3baa4fa BUILD: da: extends CFLAGS to support API v3 from 3.1.7 and onwards.
Minor build update to still both support the v2 and v3 api from
the 3.1.7 release which supports a cache but would need a shift
in the HAProxy build not necessary at the moment.
In the second half of the year and for the next major HAProxy release
branch, v2 could be dropped altogether thus the next HAProxy 2.9
major release will contain more changes towards the v3 support
and reminder for the v2 EOL.

To be backported.
2023-03-28 08:40:34 +02:00
Amaury Denoyelle
565e3cc43a BUILD: makefile: fix PCRE overriding specific lib path
PCRE relies on pcre-config binary tool to provide includes/libs paths.
This may generate standard entries such as '/usr/lib' which will
override more specific ones if present before them on the linking step.

This situation was encountered when building with both QuicTLS and PCRE.
This generates a linking error as the default SSL libraries were used
for linking even with correct SSL flags pointing to QuicTLS dirs.

To fix this issue, USE_PCRE and its affiliated options have been moved
at the end of 'use_opts' variable. Indeed, related CFLAGS/LDFLAGS are
concatenated in their order of appearance through the macro
collect_opts_flags (see include/make/options.mk). PCRE in the last
position ensures it won't override specific entries declared before.
2023-02-03 09:42:49 +01:00
Aurelien DARRAGON
b2bb9257d2 MINOR: proxy/http_ext: introduce proxy forwarded option
Introducing http_ext class for http extension related work that
doesn't fit into existing http classes.

HTTP extension "forwarded", introduced with 7239 RFC is now supported
by haproxy.

The option supports various modes from simple to complex usages involving
custom sample expressions.

  Examples :

    # Those servers want the ip address and protocol of the client request
    # Resulting header would look like this:
    #   forwarded: proto=http;for=127.0.0.1
    backend www_default
        mode http
        option forwarded
        #equivalent to: option forwarded proto for

    # Those servers want the requested host and hashed client ip address
    # as well as client source port (you should use seed for xxh32 if ensuring
    # ip privacy is a concern)
    # Resulting header would look like this:
    #   forwarded: host="haproxy.org";for="_000000007F2F367E:60138"
    backend www_host
        mode http
        option forwarded host for-expr src,xxh32,hex for_port

    # Those servers want custom data in host, for and by parameters
    # Resulting header would look like this:
    #   forwarded: host="host.com";by=_haproxy;for="[::1]:10"
    backend www_custom
        mode http
        option forwarded host-expr str(host.com) by-expr str(_haproxy) for for_port-expr int(10)

    # Those servers want random 'for' obfuscated identifiers for request
    # tracing purposes while protecting sensitive IP information
    # Resulting header would look like this:
    #   forwarded: for=_000000002B1F4D63
    backend www_for_hide
        mode http
        option forwarded for-expr rand,hex

By default (no argument provided), forwarded option will try to mimic
x-forward-for common setups (source client ip address + source protocol)

The option is not available for frontends.
no option forwarded is supported.

More info about 7239 RFC here: https://www.rfc-editor.org/rfc/rfc7239.html

More info about the feature in doc/configuration.txt

This should address feature request GH #575

Depends on:
  - "MINOR: http_htx: add http_append_header() to append value to header"
  - "MINOR: sample: add ARGC_OPT"
  - "MINOR: proxy: introduce http only options"
2023-01-27 15:18:59 +01:00
Willy Tarreau
23078c8f2f BUILD: makefile: also list per-option settings in 'make opts'
Thanks to the generic naming of the build options, it's now relatively
easy to enumerate all _CFLAGS and _LDFLAGS for defined USE_* options.
That was added to the first line of 'make opts', but is only listed for
enabled options, non-empty variables or cmd-line defined variables.
2022-12-23 17:33:53 +01:00
Willy Tarreau
6a2cd33509 BUILD: makefile: remove the special case of the SSL option
By creating USE_SSL and enabling it when USE_OPENSSL is set, we can
get rid of the special case that was made with it regarding cflags
collect and when resetting options. The option doesn't need to be
manually set, though in the future it might prove useful if other
non-openssl API are supported.
2022-12-23 16:53:35 +01:00
Willy Tarreau
2b8d0978f3 BUILD: makefile: make all OpenSSL variants use the same settings
It's getting complicated to configure includes and lib dirs for
OpenSSL API variants such as WolfSSL, because some settings are
common and others are specific but carry a prefix that doesn't
match the USE_* rule scheme.

This patch simplifies everything by considering that all SSL libs
will use SSL_INC, SSL_LIB, SSL_CFLAGS and SSL_LDFLAGS. That's much
more convenient. This works thanks to the settings collector which
explicitly checks the SSL_* settings. When USE_OPENSSL_WOLFSSL is
set, then USE_OPENSSL is implied, so that there's no need to
duplicate maintenance effort.
2022-12-23 16:53:35 +01:00
Willy Tarreau
323b50b0f1 BUILD: makefile: support WURFL_CFLAGS and WURFL_LDFLAGS
The CFLAGS and LDFLAGS appended by USE_WURFL can now be overridden
using WURFL_CFLAGS and WURFL_LDFLAGS.
2022-12-23 16:53:35 +01:00
Willy Tarreau
3f2803e5cb BUILD: makefile: refactor support for 51DEGREES v3/v4
In order to simplify maintenance and long-term evolutions, now the
feature remains enabled by setting USE_51DEGREES=1 and the version
is set in 51DEGREES_VER (3 or 4 are supported only). The default
version remains 3. All 51DEGREES flags are shared between both
versions and only use the "51DEGREES_" prefix.

The related CFLAGS and LDFLAGS can now be overridden using
51DEGREES_CFLAGS and 51DEGREES_LDFLAGS, both of which are automatically
collected into the respective OPTIONS_*. The USE_51DEGREES_V4 option is
now removed, and the doc was updated.
2022-12-23 16:53:35 +01:00
Willy Tarreau
6985e2a9a6 BUILD: makefile: support PCRE[2]_CFLAGS and PCRE[2]_LDFLAGS
The CFLAGS and LDFLAGS appended by USE_PCRE/USE_PCRE2 can now be
overridden using PCRE_CFLAGS/PCRE2_CFLAGS and PCRE_LDFLAGS/PCRE2_LDFLAGS.

Its worth noting that PCRE2_LDFLAGS did already exist and was preset from
the pkgconfig output then complemented with -lpcre2-posix, and only then
the -L and optional -Wl,-Bstatic were appended when adding them to the
resulting global LDFLAGS. A search on the net did not reveal any use of
PCRE2_LDFLAGS in any public build scripts, and for consistency sake it's
important to make sure that we can now finally override the -L settings
like we're able to do with every other build option. Thus the meaning of
this variable changed to include all the related ldflags (-L and -Wl).

These flags are now automatically collected into OPTIONS_*.
2022-12-23 16:53:35 +01:00
Willy Tarreau
202295436c BUILD: makefile: support DEVICEATLAS_CFLAGS and DEVICEATLAS_LDFLAGS
The CFLAGS and LDFLAGS appended by USE_DEVICEATLAS can now be overridden
using DEVICEATLAS_CFLAGS and DEVICEATLAS_LDFLAGS.
2022-12-23 16:53:35 +01:00
Willy Tarreau
b2ef365de2 BUILD: makefile: support LUA_CFLAGS and LUA_LDFLAGS
The CFLAGS and LDFLAGS appended by USE_LUA can now be overridden using
LUA_CFLAGS and LUA_LDFLAGS. Note that if these flags are forced, they
have to contain the optional -DHLUA_PREPEND_PATH= since this is added
to CFLAGS.
2022-12-23 16:53:35 +01:00
Willy Tarreau
7f48b6f1a4 BUILD: makefile: support WOLFSSL_CFLAGS and WOLFSSL_LDFLAGS
The CFLAGS and LDFLAGS appended by USE_WOLFSSL can now be overridden
using WOLFSSL_CFLAGS and WOLFSSL_LDFLAGS.
2022-12-23 16:53:35 +01:00
Willy Tarreau
e609ac1bbe BUILD: makefile: support OPENSSL_CFLAGS and OPENSSL_LDFLAGS
The CFLAGS and LDFLAGS appended by USE_OPENSSL can now be overridden
using OPENSSL_CFLAGS and OPENSSL_LDFLAGS.
2022-12-23 16:53:35 +01:00
Willy Tarreau
a88cc63d09 BUILD: makefile: support ENGINE_CFLAGS
The CFLAGS appended by USE_ENGINE can now be overridden using
ENGINE_CFLAGS. These would have been better located inside the
OPENSSL stuff but it's a bit too late now.
2022-12-23 16:53:35 +01:00
Willy Tarreau
d957924e68 BUILD: makefile: support ZLIB_CFLAGS and ZLIB_LDFLAGS
The CFLAGS and LDFLAGS appended by USE_ZLIB can now be overridden using
ZLIB_CFLAGS and ZLIB_LDFLAGS.
2022-12-23 16:53:35 +01:00
Willy Tarreau
f852d31145 BUILD: makefile: support SYSTEMD_LDFLAGS
The LDFLAGS appended by USE_SYSTEMD can now be overridden using
SYSTEMD_LDFLAGS.
2022-12-23 16:53:35 +01:00
Willy Tarreau
eb12fcc40a BUILD: makefile: support BACKTRACE_LDFLAGS
The LDFLAGS appended by USE_BACKTRACE can now be overridden using
BACKTRACE_LDFLAGS.
2022-12-23 16:53:35 +01:00
Willy Tarreau
3b66494d25 BUILD: makefile: support THREAD_LDFLAGS
The LDFLAGS appended by USE_THREAD can now be overridden using
THREAD_LDFLAGS.
2022-12-23 16:53:35 +01:00
Willy Tarreau
84e3283be3 BUILD: makefile: support RT_LDFLAGS
The LDFLAGS appended by USE_RT can now be overridden using
RT_LDFLAGS.
2022-12-23 16:53:35 +01:00
Willy Tarreau
2b5c9f7b4f BUILD: makefile: support LIBCRYPT_LDFLAGS
The LDFLAGS appended by USE_LIBCRYPT can now be overridden using
LIBCRYPT_LDFLAGS.
2022-12-23 16:53:35 +01:00
Willy Tarreau
c108f37c2a BUILD: makefile: rework 51D to split v3/v4
There are multiple options for 51DEGREES, v3/v4, threading or not,
pattern/trie for v3, vhash for v4, use of libatomic, etc. While the
current rules deal with all of that correctly, it's too difficult to
focus on one version because the two are interleaved for every single
option. Let's just split them into two independent blocks. This removes
some if/endif, and makes the lecture much more straightforward.
2022-12-23 16:53:35 +01:00
Willy Tarreau
f6ceb0ec4e CLEANUP: makefile: properly indent ifeq/ifneq conditional blocks
Some conditional blocks have become out of control over time and are
totally unreadble. It took 15 minutes to figure what "endif" matched
what "if" in the PCRE one for example, and DA and 51D use multiple
levels as well that are not easy to sort out.

Let's reindent the whole thing. Most places that were already indented
used 2 spaces per level, so here we're keeping that principle. It was
just not done on the two last ones that are used to define some rules
because we don't want spaces before rule names. A few had the opening
condition indicated on the endif line.

It would be desirable that over time this more maintainable layout is
preserved.
2022-12-23 16:53:35 +01:00
Willy Tarreau
8ea58f5c76 BUILD: makefile: properly report USE_PCRE/USE_PCRE2 in features
The PCRE/PCRE2 CFLAGS forcefully add -DUSE_PCRE or -DUSE_PCRE2 because
we want that USE_STATIC_PCRE or USE_PCRE_JIT implicitly enables them.
However, doing it this way is incorrect because the option is not visible
in BUILD_FEATURES, and for example, some regtests depending on such
features (such as map_redirect.vtc) would be skipped if only the static
or jit versions are enabled.

The correct way to do this is to always set USE_PCRE feature for such
variants instead of adding the define.

This could almost be backported but would require to backport other
makefile patches and likely only has effects on the reg-tests at the
moment, so it's probably not worth the hassle.
2022-12-23 16:53:35 +01:00
Willy Tarreau
f297b18eac BUILD: makefile: add an implicit USE_MATH variable for -lm
Lua and 51d make use of -lm, which would be better served by having its
own option than being passed in the LDFLAGS. It also simplifies linking
against a static version of libm. The option uses its own LDFLAGS which
are automatically collected into OPTIONS_LDFLAGS.
2022-12-23 16:53:35 +01:00
Willy Tarreau
b16d9b5816 BUILD: makefile: never force -latomic, set USE_LIBATOMIC instead
Two places, 51Dv4 and AIX7.2, used to forcefully add -latomic to the
ldflags (and via different variables). This must not be done because
it depends on compiler, arch, etc. USE_LIBATOMIC=implicit is much
better: it allows the user to forcefully disable it if undesired.
The LIBATOMIC_LDFLAGS are set to -latomic and automatically added
to OPTIONS_LDFLAGS.

It will make this dependency appear in haproxy -vv but that's not
and issue and it may even sometimes help when troubleshooting.
2022-12-23 16:53:35 +01:00
Willy Tarreau
447247aa8d BUILD: makefile: do not restrict Lua's prepend path to empty LUA_LIB_NAME
The HLUA_PREPEND_PATH and HLUA_PREPEND_CPATH settings were only applied
when LUA_LIB_NAME was empty, otherwise they were silently ignored. Let's
take them out of that conditional block as this makes no sense to enforce
such a restriction (the main reason in fact is that this whole block is
unreadable).

Also take this opportunity to unfold the last two imbricated tests of
LUA_LIB_NAME and put comments around certain blocks to know what "endif"
matches what "if".
2022-12-23 16:53:35 +01:00
Willy Tarreau
2a3a882fe2 BUILD: makefile: make sure LUA_INC and LUA_LIB are always initialized
While LUA_INC is sometimes set in the makefile (only when LUA_LIB_NAME
is not set), LUA_LIB is never pre-initialized and faces the risk of
being accidently inherited from the environment. Let's make sure both
are properly reset first when not explicitly set. For this we always
set LUA_INC based on the autodetection if it's not set, and always
pre-initialize LUA_LIB to empty. This also helps make that block
slightly less difficult to understand.
2022-12-23 16:53:35 +01:00
Willy Tarreau
682b78b4e6 BUILD: makefile: reference libdl only once
There used to be special cases where USE_DL was only for the SSL library,
then for Lua, then was used globally, but each of them kept their own copy
of -ldl. When building on a system supporting libdl, with SSL and Lua
enabled, no less than 3 -ldl are found on the linker's command line.

What matters is only that it's close to the end, so let's remove the old
specific ones and move the global one to the end. The option now uses its
own DL_LDFLAGS that is automatically collected into OPTIONS_LDFLAGS.
2022-12-23 16:53:35 +01:00