This is an automated email from the ASF dual-hosted git repository.
bneradt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/trafficserver-ci.git
The following commit(s) were added to refs/heads/main by this push:
new cb1e261 rockylinux:8 - quiche with openssl build tools (#343)
cb1e261 is described below
commit cb1e261183455658cb29de5cb6d7ddf82859b51a
Author: Brian Neradt <[email protected]>
AuthorDate: Fri May 3 16:36:28 2024 -0500
rockylinux:8 - quiche with openssl build tools (#343)
Build both openssl and boringssl quiche dependencies.
---
docker/rockylinux8/Dockerfile | 51 ++++++---
...ild_h3_tools.sh => build_boringssl_h3_tools.sh} | 113 +++++++++----------
...build_h3_tools.sh => build_openssl_h3_tools.sh} | 125 ++++++---------------
3 files changed, 119 insertions(+), 170 deletions(-)
diff --git a/docker/rockylinux8/Dockerfile b/docker/rockylinux8/Dockerfile
index f100ea9..b093687 100644
--- a/docker/rockylinux8/Dockerfile
+++ b/docker/rockylinux8/Dockerfile
@@ -17,6 +17,13 @@ RUN <<EOF
autoconf automake libtool \
gcc-toolset-11 gcc-toolset-11-libasan-devel
+ # build_h3_tools.sh dependencies.
+ dnf -y install \
+ python38-devel \
+ libev-devel jemalloc-devel libxml2-devel \
+ c-ares-devel libevent-devel jansson-devel cjose-devel \
+ zlib-devel systemd-devel
+
# Various other tools
dnf -y install \
sudo git rpm-build distcc-server file wget openssl hwloc \
@@ -36,6 +43,9 @@ RUN <<EOF
dnf -y install \
python3 httpd-tools procps-ng nmap-ncat python3-pip \
python3-gunicorn python3-requests python3-devel python3-psutil telnet
+
+ # This keeps our Docker layers smaller.
+ dnf clean all
EOF
#-------------------------------------------------------------------------------
@@ -70,29 +80,39 @@ RUN pip3 install pipenv httpbin
#-------------------------------------------------------------------------------
# Install the HTTP/3 build tools, including openssl-quic.
#-------------------------------------------------------------------------------
+
+ARG h3_tools_dir=/root/build_h3_tools
+RUN mkdir -p ${h3_tools_dir}
+COPY build_boringssl_h3_tools.sh ${h3_tools_dir}
+# boringssl
RUN <<EOF
set -e
- dnf install -y python38-devel cargo
alternatives --set python /usr/bin/python3.8
- dnf -y install \
- libev-devel jemalloc-devel libxml2-devel \
- c-ares-devel libevent-devel jansson-devel cjose-devel \
- zlib-devel systemd-devel
+ # go will be installed by build_boringssl_h3_tools.sh
+ dnf remove -y golang rust
+ dnf install -y cargo
+ # This keeps our Docker layers smaller.
+ dnf clean all
EOF
-# go and rust will be installed by build_h3_tools.
-RUN dnf remove -y golang rust
-ARG h3_tools_dir=/root/build_h3_tools
+RUN <<EOF
+ set -e
+ cd ${h3_tools_dir}
+ export BASE=/opt/h3-tools-boringssl
+ bash ${h3_tools_dir}/build_boringssl_h3_tools.sh
+ cd /root
+ rm -rf ${h3_tools_dir} /root/.rustup
+EOF
+# openssl: These are stored in /opt so that CI can easily access the curl,
+# h2load, etc., from there.
RUN mkdir -p ${h3_tools_dir}
-COPY /build_h3_tools.sh ${h3_tools_dir}/build_h3_tools.sh
-# This will install OpenSSL QUIC and related tools in /opt.
+COPY build_openssl_h3_tools.sh ${h3_tools_dir}
RUN <<EOF
set -e
cd ${h3_tools_dir}
- bash ${h3_tools_dir}/build_h3_tools.sh
-
- # Removing the build dir is crucial to keeping the Docker image size
- # reasonable.
+ export BASE=/opt
+ bash ${h3_tools_dir}/build_openssl_h3_tools.sh
+ cd /root
rm -rf ${h3_tools_dir} /root/.rustup
EOF
@@ -103,6 +123,7 @@ EOF
# Autests require some go applications.
RUN <<EOF
set -e
+ ln -s /opt/h3-tools-boringssl/go /opt/go
echo 'export PATH=$PATH:/opt/go/bin' | tee -a /etc/profile.d/go.sh
echo 'export GOBIN=/opt/go/bin' | tee -a /etc/profile.d/go.sh
@@ -146,7 +167,7 @@ RUN <<EOF
cmake --install build_openssl
# boringssl nuraft
- BORINGSSL_PREFIX=/opt/boringssl
+ BORINGSSL_PREFIX=/opt/h3-tools-boringssl/boringssl
BORINGSSL_LIB="${BORINGSSL_PREFIX}/lib"
if [ -e /etc/redhat-release ]; then
BORINGSSL_LIB="${BORINGSSL_PREFIX}/lib64"
diff --git a/docker/rockylinux8/build_h3_tools.sh
b/docker/rockylinux8/build_boringssl_h3_tools.sh
old mode 100644
new mode 100755
similarity index 72%
copy from docker/rockylinux8/build_h3_tools.sh
copy to docker/rockylinux8/build_boringssl_h3_tools.sh
index 16a71cc..e1b758b
--- a/docker/rockylinux8/build_h3_tools.sh
+++ b/docker/rockylinux8/build_boringssl_h3_tools.sh
@@ -1,6 +1,7 @@
#!/usr/bin/env bash
#
-# Simple script to build OpenSSL and various tools with H3 and QUIC support.
+# Simple script to build BoringsSSL and various tools with H3 and QUIC support
+# including quiche+BoringSSL.
# This probably needs to be modified based on platform.
#
# Licensed to the Apache Software Foundation (ASF) under one
@@ -21,37 +22,32 @@
set -e
-
# This is a slightly modified version of:
-#
https://github.com/apache/trafficserver/blob/19dfdd4753232d0b77ca555f7ef5f5ba3d2ccae1/tools/build_h3_tools.sh
+#
https://github.com/apache/trafficserver/blob/master/tools/build_boringssl_h3_tools.sh
#
# This present script been modified from the latter in the following ways:
#
-# * This version checks out specific commits of the repos so that people
-# creating images from the corresponding Dockerfile do not get different
-# versions of these over time.
-#
-# * It also doesn't run sudo since the Dockerfile will run this as root.
+# * It doesn't run sudo since the Dockerfile will run this as root.
#
-# * It also doesn't use a mktemp since the caller sets up a temporary directory
+# * It doesn't use a mktemp since the caller sets up a temporary directory
# that it later removes.
-# Update this as the draft we support updates.
-OPENSSL_BRANCH=${OPENSSL_BRANCH:-"openssl-3.1.4+quic"}
+WORKDIR="$(pwd)"
# Set these, if desired, to change these to your preferred installation
# directory
-BASE=${BASE:-"/opt"}
-OPENSSL_BASE=${OPENSSL_BASE:-"${BASE}/openssl-quic"}
-OPENSSL_PREFIX=${OPENSSL_PREFIX:-"${OPENSSL_BASE}-${OPENSSL_BRANCH}"}
+BASE=${BASE:-"/opt/h3-tools-boringssl"}
MAKE="make"
+echo "Building boringssl H3 dependencies in ${WORKDIR}. Installation will be
done in ${BASE}"
+
CFLAGS=${CFLAGS:-"-O3 -g"}
CXXFLAGS=${CXXFLAGS:-"-O3 -g"}
+BORINGSSL_PATH="${BASE}/boringssl"
if [ -e /etc/redhat-release ]; then
MAKE="gmake"
- TMP_QUICHE_BSSL_PATH="${BASE}/boringssl/lib64"
+ TMP_BORINGSSL_LIB_PATH="${BASE}/boringssl/lib64"
echo
"+-------------------------------------------------------------------------+"
echo "| You probably need to run this, or something like this, for your
system: |"
echo "|
|"
@@ -64,7 +60,7 @@ if [ -e /etc/redhat-release ]; then
echo
echo
elif [ -e /etc/debian_version ]; then
- TMP_QUICHE_BSSL_PATH="${BASE}/boringssl/lib"
+ TMP_BORINGSSL_LIB_PATH="${BASE}/boringssl/lib"
echo
"+-------------------------------------------------------------------------+"
echo "| You probably need to run this, or something like this, for your
system: |"
echo "|
|"
@@ -86,8 +82,8 @@ if [ `uname -s` = "Darwin" ]; then
echo
"+-------------------------------------------------------------------------+"
fi
-if [ -z ${QUICHE_BSSL_PATH+x} ]; then
- QUICHE_BSSL_PATH=${TMP_QUICHE_BSSL_PATH:-"${BASE}/boringssl/lib"}
+if [ -z ${BORINGSSL_LIB_PATH+x} ]; then
+ BORINGSSL_LIB_PATH=${TMP_BORINGSSL_LIB_PATH:-"${BORINGSSL_PATH}/lib"}
fi
set -x
@@ -135,12 +131,26 @@ if [ ! -d boringssl ]; then
cd ..
fi
cd boringssl
+
+# un-set it for a bit.
+set +e
+BSSL_C_FLAGS="-Wdangling-pointer=0"
+GCCO=$(eval "gcc --help=warnings | grep dangling-pointer=")
+retVal=$?
+if [ $retVal -eq 1 ]; then
+ BSSL_C_FLAGS=""
+fi
+set -e
+
+# Note: -Wdangling-pointer=0
+# We may have some issues with latest GCC compilers, so disabling
-Wdangling-pointer=
cmake \
-B build-shared \
-DGO_EXECUTABLE=${GO_BINARY_PATH} \
-DCMAKE_INSTALL_PREFIX=${BASE}/boringssl \
-DCMAKE_BUILD_TYPE=Release \
-DCMAKE_CXX_FLAGS='-Wno-error=ignored-attributes' \
+ -DCMAKE_C_FLAGS=${BSSL_C_FLAGS} \
-DBUILD_SHARED_LIBS=1
cmake \
-B build-static \
@@ -148,27 +158,24 @@ cmake \
-DCMAKE_INSTALL_PREFIX=${BASE}/boringssl \
-DCMAKE_BUILD_TYPE=Release \
-DCMAKE_CXX_FLAGS='-Wno-error=ignored-attributes' \
+ -DCMAKE_C_FLAGS=${BSSL_C_FLAGS} \
-DBUILD_SHARED_LIBS=0
cmake --build build-shared -j ${num_threads}
cmake --build build-static -j ${num_threads}
cmake --install build-shared
cmake --install build-static
chmod -R a+rX ${BASE}
+
cd ..
# Build quiche
# Steps borrowed from:
https://github.com/apache/trafficserver-ci/blob/main/docker/rockylinux8/Dockerfile
echo "Building quiche"
-# Install the latest rust.
-mkdir -p src
-wget https://sh.rustup.rs -O src/rustup.sh
-bash src/rustup.sh -y
-source /root/.cargo/env
QUICHE_BASE="${BASE:-/opt}/quiche"
-[ ! -d quiche ] && git clone --recursive
https://github.com/cloudflare/quiche.git
+[ ! -d quiche ] && git clone https://github.com/cloudflare/quiche.git
cd quiche
-git checkout 0.20.1
-QUICHE_BSSL_PATH=${QUICHE_BSSL_PATH} QUICHE_BSSL_LINK_KIND=dylib cargo build
-j4 --package quiche --release --features ffi,pkg-config-meta,qlog
+git checkout 0.21.0
+QUICHE_BSSL_PATH=${BORINGSSL_LIB_PATH} QUICHE_BSSL_LINK_KIND=dylib cargo build
-j4 --package quiche --release --features ffi,pkg-config-meta,qlog
mkdir -p ${QUICHE_BASE}/lib/pkgconfig
mkdir -p ${QUICHE_BASE}/include
cp target/release/libquiche.a ${QUICHE_BASE}/lib/
@@ -178,30 +185,7 @@ cp target/release/quiche.pc ${QUICHE_BASE}/lib/pkgconfig
chmod -R a+rX ${BASE}
cd ..
-echo "Building OpenSSL with QUIC support"
-[ ! -d openssl-quic ] && git clone -b ${OPENSSL_BRANCH} --depth 1
https://github.com/quictls/openssl.git openssl-quic
-cd openssl-quic
-./config enable-tls1_3 --prefix=${OPENSSL_PREFIX}
-${MAKE} -j ${num_threads}
-${MAKE} install_sw
-chmod -R a+rX ${BASE}
-
-# The symlink target provides a more convenient path for the user while also
-# providing, in the symlink source, the precise branch of the OpenSSL build.
-ln -sf ${OPENSSL_PREFIX} ${OPENSSL_BASE}
-chmod -R a+rX ${BASE}
-cd ..
-
-# OpenSSL will install in /lib or lib64 depending upon the architecture.
-if [ -d "${OPENSSL_PREFIX}/lib" ]; then
- OPENSSL_LIB="${OPENSSL_PREFIX}/lib"
-elif [ -d "${OPENSSL_PREFIX}/lib64" ]; then
- OPENSSL_LIB="${OPENSSL_PREFIX}/lib64"
-else
- echo "Could not find the OpenSSL install library directory."
- exit 1
-fi
-LDFLAGS=${LDFLAGS:-"-Wl,-rpath,${OPENSSL_LIB}"}
+LDFLAGS=${LDFLAGS:-"-Wl,-rpath,${BORINGSSL_LIB_PATH}"}
# Then nghttp3
echo "Building nghttp3..."
@@ -211,7 +195,7 @@ git submodule update --init
autoreconf -if
./configure \
--prefix=${BASE} \
- PKG_CONFIG_PATH=${BASE}/lib/pkgconfig:${OPENSSL_LIB}/pkgconfig \
+ PKG_CONFIG_PATH=${BASE}/lib/pkgconfig:${BORINGSSL_LIB_PATH}/pkgconfig \
CFLAGS="${CFLAGS}" \
CXXFLAGS="${CXXFLAGS}" \
LDFLAGS="${LDFLAGS}" \
@@ -228,9 +212,12 @@ cd ngtcp2
autoreconf -if
./configure \
--prefix=${BASE} \
- PKG_CONFIG_PATH=${BASE}/lib/pkgconfig:${OPENSSL_LIB}/pkgconfig \
- CFLAGS="${CFLAGS}" \
- CXXFLAGS="${CXXFLAGS}" \
+ --with-boringssl \
+ BORINGSSL_CFLAGS="-I${BORINGSSL_PATH}/include" \
+ BORINGSSL_LIBS="-L${BORINGSSL_LIB_PATH} -lssl -lcrypto" \
+ PKG_CONFIG_PATH=${BASE}/lib/pkgconfig \
+ CFLAGS="${CFLAGS} -fPIC" \
+ CXXFLAGS="${CXXFLAGS} -fPIC" \
LDFLAGS="${LDFLAGS}" \
--enable-lib-only
${MAKE} -j ${num_threads}
@@ -255,11 +242,13 @@ fi
# Note for FreeBSD: This will not build h2load. h2load can be run on a remote
machine.
./configure \
--prefix=${BASE} \
- PKG_CONFIG_PATH=${BASE}/lib/pkgconfig:${OPENSSL_LIB}/pkgconfig \
- CFLAGS="${CFLAGS}" \
- CXXFLAGS="${CXXFLAGS}" \
- LDFLAGS="${LDFLAGS} -L${OPENSSL_LIB}" \
+ PKG_CONFIG_PATH=${BASE}/lib/pkgconfig \
+ CFLAGS="${CFLAGS} -I${BORINGSSL_PATH}/include" \
+ CXXFLAGS="${CXXFLAGS} -I${BORINGSSL_PATH}/include" \
+ LDFLAGS="${LDFLAGS}" \
+ OPENSSL_LIBS="-lcrypto -lssl -L${BORINGSSL_LIB_PATH}" \
--enable-http3 \
+ --disable-examples \
${ENABLE_APP}
${MAKE} -j ${num_threads}
${MAKE} install
@@ -268,20 +257,20 @@ cd ..
# Then curl
echo "Building curl ..."
-[ ! -d curl ] && git clone --depth 1 -b curl-8_5_0
https://github.com/curl/curl.git
+[ ! -d curl ] && git clone --depth 1 -b curl-8_7_1
https://github.com/curl/curl.git
cd curl
# On mac autoreconf fails on the first attempt with an issue finding ltmain.sh.
# The second runs fine.
autoreconf -fi || autoreconf -fi
./configure \
--prefix=${BASE} \
- --with-ssl=${OPENSSL_PREFIX} \
+ --with-openssl="${BORINGSSL_PATH}" \
--with-nghttp2=${BASE} \
--with-nghttp3=${BASE} \
--with-ngtcp2=${BASE} \
+ LDFLAGS="${LDFLAGS} -L${BORINGSSL_LIB_PATH}
-Wl,-rpath,${BORINGSSL_LIB_PATH}" \
CFLAGS="${CFLAGS}" \
- CXXFLAGS="${CXXFLAGS}" \
- LDFLAGS="${LDFLAGS}"
+ CXXFLAGS="${CXXFLAGS}"
${MAKE} -j ${num_threads}
${MAKE} install
chmod -R a+rX ${BASE}
diff --git a/docker/rockylinux8/build_h3_tools.sh
b/docker/rockylinux8/build_openssl_h3_tools.sh
old mode 100644
new mode 100755
similarity index 75%
rename from docker/rockylinux8/build_h3_tools.sh
rename to docker/rockylinux8/build_openssl_h3_tools.sh
index 16a71cc..beeadee
--- a/docker/rockylinux8/build_h3_tools.sh
+++ b/docker/rockylinux8/build_openssl_h3_tools.sh
@@ -1,6 +1,7 @@
#!/usr/bin/env bash
#
-# Simple script to build OpenSSL and various tools with H3 and QUIC support.
+# Simple script to build OpenSSL and various tools with H3 and QUIC support
+# including quiche+openssl-quictls.
# This probably needs to be modified based on platform.
#
# Licensed to the Apache Software Foundation (ASF) under one
@@ -21,37 +22,35 @@
set -e
-
# This is a slightly modified version of:
-#
https://github.com/apache/trafficserver/blob/19dfdd4753232d0b77ca555f7ef5f5ba3d2ccae1/tools/build_h3_tools.sh
+#
https://github.com/apache/trafficserver/blob/master/tools/build_openssl_h3_tools.sh
#
# This present script been modified from the latter in the following ways:
#
-# * This version checks out specific commits of the repos so that people
-# creating images from the corresponding Dockerfile do not get different
-# versions of these over time.
-#
-# * It also doesn't run sudo since the Dockerfile will run this as root.
+# * It doesn't run sudo since the Dockerfile will run this as root.
#
-# * It also doesn't use a mktemp since the caller sets up a temporary directory
+# * It doesn't use a mktemp since the caller sets up a temporary directory
# that it later removes.
+WORKDIR="$(pwd)"
+
# Update this as the draft we support updates.
OPENSSL_BRANCH=${OPENSSL_BRANCH:-"openssl-3.1.4+quic"}
# Set these, if desired, to change these to your preferred installation
# directory
-BASE=${BASE:-"/opt"}
+BASE=${BASE:-"/opt/h3-tools-openssl"}
OPENSSL_BASE=${OPENSSL_BASE:-"${BASE}/openssl-quic"}
OPENSSL_PREFIX=${OPENSSL_PREFIX:-"${OPENSSL_BASE}-${OPENSSL_BRANCH}"}
MAKE="make"
+echo "Building openssl/quictls H3 dependencies in ${WORKDIR}. Installation
will be done in ${BASE}"
+
CFLAGS=${CFLAGS:-"-O3 -g"}
CXXFLAGS=${CXXFLAGS:-"-O3 -g"}
if [ -e /etc/redhat-release ]; then
MAKE="gmake"
- TMP_QUICHE_BSSL_PATH="${BASE}/boringssl/lib64"
echo
"+-------------------------------------------------------------------------+"
echo "| You probably need to run this, or something like this, for your
system: |"
echo "|
|"
@@ -64,7 +63,6 @@ if [ -e /etc/redhat-release ]; then
echo
echo
elif [ -e /etc/debian_version ]; then
- TMP_QUICHE_BSSL_PATH="${BASE}/boringssl/lib"
echo
"+-------------------------------------------------------------------------+"
echo "| You probably need to run this, or something like this, for your
system: |"
echo "|
|"
@@ -86,10 +84,6 @@ if [ `uname -s` = "Darwin" ]; then
echo
"+-------------------------------------------------------------------------+"
fi
-if [ -z ${QUICHE_BSSL_PATH+x} ]; then
- QUICHE_BSSL_PATH=${TMP_QUICHE_BSSL_PATH:-"${BASE}/boringssl/lib"}
-fi
-
set -x
if [ `uname -s` = "Linux" ]
then
@@ -102,82 +96,6 @@ else
num_threads=$(sysctl -n hw.logicalcpu)
fi
-# boringssl
-echo "Building boringssl..."
-
-# We need this go version.
-mkdir -p ${BASE}/go
-
-if [ `uname -m` = "arm64" -o `uname -m` = "aarch64" ]; then
- ARCH="arm64"
-else
- ARCH="amd64"
-fi
-
-if [ `uname -s` = "Darwin" ]; then
- OS="darwin"
-elif [ `uname -s` = "FreeBSD" ]; then
- OS="freebsd"
-else
- OS="linux"
-fi
-
-wget https://go.dev/dl/go1.21.6.${OS}-${ARCH}.tar.gz
-rm -rf ${BASE}/go && tar -C ${BASE} -xf go1.21.6.${OS}-${ARCH}.tar.gz
-rm go1.21.6.${OS}-${ARCH}.tar.gz
-chmod -R a+rX ${BASE}
-
-GO_BINARY_PATH=${BASE}/go/bin/go
-if [ ! -d boringssl ]; then
- git clone https://boringssl.googlesource.com/boringssl
- cd boringssl
- git checkout a1843d660b47116207877614af53defa767be46a
- cd ..
-fi
-cd boringssl
-cmake \
- -B build-shared \
- -DGO_EXECUTABLE=${GO_BINARY_PATH} \
- -DCMAKE_INSTALL_PREFIX=${BASE}/boringssl \
- -DCMAKE_BUILD_TYPE=Release \
- -DCMAKE_CXX_FLAGS='-Wno-error=ignored-attributes' \
- -DBUILD_SHARED_LIBS=1
-cmake \
- -B build-static \
- -DGO_EXECUTABLE=${GO_BINARY_PATH} \
- -DCMAKE_INSTALL_PREFIX=${BASE}/boringssl \
- -DCMAKE_BUILD_TYPE=Release \
- -DCMAKE_CXX_FLAGS='-Wno-error=ignored-attributes' \
- -DBUILD_SHARED_LIBS=0
-cmake --build build-shared -j ${num_threads}
-cmake --build build-static -j ${num_threads}
-cmake --install build-shared
-cmake --install build-static
-chmod -R a+rX ${BASE}
-cd ..
-
-# Build quiche
-# Steps borrowed from:
https://github.com/apache/trafficserver-ci/blob/main/docker/rockylinux8/Dockerfile
-echo "Building quiche"
-# Install the latest rust.
-mkdir -p src
-wget https://sh.rustup.rs -O src/rustup.sh
-bash src/rustup.sh -y
-source /root/.cargo/env
-QUICHE_BASE="${BASE:-/opt}/quiche"
-[ ! -d quiche ] && git clone --recursive
https://github.com/cloudflare/quiche.git
-cd quiche
-git checkout 0.20.1
-QUICHE_BSSL_PATH=${QUICHE_BSSL_PATH} QUICHE_BSSL_LINK_KIND=dylib cargo build
-j4 --package quiche --release --features ffi,pkg-config-meta,qlog
-mkdir -p ${QUICHE_BASE}/lib/pkgconfig
-mkdir -p ${QUICHE_BASE}/include
-cp target/release/libquiche.a ${QUICHE_BASE}/lib/
-[ -f target/release/libquiche.so ] && cp target/release/libquiche.so
${QUICHE_BASE}/lib/
-cp quiche/include/quiche.h ${QUICHE_BASE}/include/
-cp target/release/quiche.pc ${QUICHE_BASE}/lib/pkgconfig
-chmod -R a+rX ${BASE}
-cd ..
-
echo "Building OpenSSL with QUIC support"
[ ! -d openssl-quic ] && git clone -b ${OPENSSL_BRANCH} --depth 1
https://github.com/quictls/openssl.git openssl-quic
cd openssl-quic
@@ -203,6 +121,27 @@ else
fi
LDFLAGS=${LDFLAGS:-"-Wl,-rpath,${OPENSSL_LIB}"}
+# Build quiche
+# Steps borrowed from:
https://github.com/apache/trafficserver-ci/blob/main/docker/rockylinux8/Dockerfile
+echo "Building quiche"
+QUICHE_BASE="${BASE:-/opt}/quiche"
+[ ! -d quiche ] && git clone https://github.com/cloudflare/quiche.git
+cd quiche
+git checkout 0.21.0
+
+PKG_CONFIG_PATH="$OPENSSL_LIB"/pkgconfig LD_LIBRARY_PATH="$OPENSSL_LIB" \
+ cargo build -j4 --package quiche --release --features
ffi,pkg-config-meta,qlog,openssl
+
+mkdir -p ${QUICHE_BASE}/lib/pkgconfig
+mkdir -p ${QUICHE_BASE}/include
+cp target/release/libquiche.a ${QUICHE_BASE}/lib/
+[ -f target/release/libquiche.so ] && cp target/release/libquiche.so
${QUICHE_BASE}/lib/
+cp quiche/include/quiche.h ${QUICHE_BASE}/include/
+cp target/release/quiche.pc ${QUICHE_BASE}/lib/pkgconfig
+chmod -R a+rX ${BASE}
+cd ..
+
+
# Then nghttp3
echo "Building nghttp3..."
[ ! -d nghttp3 ] && git clone --depth 1 -b v1.2.0
https://github.com/ngtcp2/nghttp3.git
@@ -268,7 +207,7 @@ cd ..
# Then curl
echo "Building curl ..."
-[ ! -d curl ] && git clone --depth 1 -b curl-8_5_0
https://github.com/curl/curl.git
+[ ! -d curl ] && git clone --depth 1 -b curl-8_7_1
https://github.com/curl/curl.git
cd curl
# On mac autoreconf fails on the first attempt with an issue finding ltmain.sh.
# The second runs fine.
