Merge #188383: ngtcp2-gnutls: init at 0.7.0 and use in knot-dns

3 files changed, 54 insertions, 0 deletions

diff --git a/pkgs/development/libraries/ngtcp2/gnutls.nix b/pkgs/development/libraries/ngtcp2/gnutls.nix
new file mode 100644
index 000000000000..c2b928e851c8
--- /dev/null
+++ b/pkgs/development/libraries/ngtcp2/gnutls.nix
@@ -0,0 +1,51 @@
+{ lib, stdenv, fetchFromGitHub
+, autoreconfHook, pkg-config
+, gnutls
+, cunit, ncurses
+}:
+
+stdenv.mkDerivation rec {
+  pname = "ngtcp2";
+  version = "0.7.0";
+
+  src = fetchFromGitHub {
+    owner = "ngtcp2";
+    repo = "ngtcp2";
+    rev = "v${version}";
+    sha256 = "sha256-REAN5TW0miWXI3HFxtW3znTKTrhsBbNqu1VfjC2w0no=";
+  };
+
+  outputs = [ "out" "dev" ];
+
+  nativeBuildInputs = [ autoreconfHook pkg-config ];
+  buildInputs = [ gnutls ];
+
+  configureFlags = [ "--with-gnutls=yes" ];
+  enableParallelBuilding = true;
+
+  doCheck = true;
+  checkInputs = [ cunit ]
+    ++ lib.optional stdenv.isDarwin ncurses;
+
+  meta = with lib; {
+    homepage = "https://github.com/ngtcp2/ngtcp2";
+    description = "an effort to implement RFC9000 QUIC protocol.";
+    license = licenses.mit;
+    platforms = platforms.unix;
+    maintainers = with maintainers; [ vcunat/* for knot-dns */ ];
+  };
+}
+
+/*
+  Why split from ./default.nix?
+
+  ngtcp2 libs contain helpers to plug into various crypto libs (gnutls, patched openssl, ...).
+  Building multiple of them while keeping closures separable would be relatively complicated.
+  Separating the builds is easier for now; the missed opportunity to share the 0.3--0.4 MB
+  library isn't such a big deal.
+
+  Moreover upstream still commonly does incompatible changes, so agreeing
+  on a single version might be hard sometimes.  That's why it seemed simpler
+  to completely separate the nix expressions, too.
+*/
+
diff --git a/pkgs/servers/dns/knot-dns/default.nix b/pkgs/servers/dns/knot-dns/default.nix
index 427bdb597aa9..fc4efcfe56a1 100644
--- a/pkgs/servers/dns/knot-dns/default.nix
+++ b/pkgs/servers/dns/knot-dns/default.nix
@@ -1,5 +1,6 @@
 { lib, stdenv, fetchurl, pkg-config, gnutls, liburcu, lmdb, libcap_ng, libidn2, libunistring
 , systemd, nettle, libedit, zlib, libiconv, libintl, libmaxminddb, libbpf, nghttp2, libmnl
+, ngtcp2-gnutls
 , autoreconfHook, nixosTests, knot-resolver
 , fetchpatch
 }:
@@ -39,6 +40,7 @@ stdenv.mkDerivation rec {
     nettle libedit
     libiconv lmdb libintl
     nghttp2 # DoH support in kdig
+    ngtcp2-gnutls  # DoQ support in kdig (and elsewhere but not much use there yet)
     libmaxminddb # optional for geoip module (it's tiny)
     # without sphinx &al. for developer documentation
     # TODO: add dnstap support?
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 6e67d7bf67b7..0106424aa8eb 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -20570,6 +20570,7 @@ with pkgs;
   nghttp3 = callPackage ../development/libraries/nghttp3 { };
 
   ngtcp2 = callPackage ../development/libraries/ngtcp2 { };
+  ngtcp2-gnutls = callPackage ../development/libraries/ngtcp2/gnutls.nix { };
 
   nix-plugins = callPackage ../development/libraries/nix-plugins { };