[pkgsrc/trunk]: pkgsrc/net/haproxy haproxy: updated to 2.2.0

[adam <adam%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/274e8f1b7dbd
branches:  trunk
changeset: 435786:274e8f1b7dbd
user:      adam <adam%pkgsrc.org@localhost>
date:      Wed Jul 15 09:20:44 2020 +0000

description:
haproxy: updated to 2.2.0

HAProxy 2.2.0 was released on 2020/07/07. It added 24 new commits
after version 2.2-dev12.

There were very few last-minute changes since dev12, just as I hoped,
that's pretty fine.

We're late by about 1 month compared to the initial planning, which is
not terrible and should be seen instead as an investment on the debugging
cycle since almost only bug fixes were merged during that period. In the
end you get a better version later.

While I was initially worried that this version didn't seem to contain
any outstanding changes, looking back in the mirror tells be it's another
awesome one instead:

  - dynamic content emission:
     - "http-request return" directive to build dynamic responses ;
     - rewrite of headers (including our own) after the response ;
     - dynamic error files (errorfiles can be used as templates to
       deliver personalized pages)

  - further improvements to TLS runtime certificates management:
     - insertion of new certificates
     - split of key and cert
     - manipulation and creation of crt-lists
     - even directories can be handled

    And by the way now TLSv1.2 is set as the default minimum version.

  - significant reduction of server-side resources by sharing idle
    connection pools between all threads ; till 2.1 if you had 64 threads,
    each of them had its own connections, so the reuse rate was lower, and
    the idle connection count was very high. This is not the case anymore.

  - health-checks were rewritten to all rely on tcp-check rules behind the
    curtains. This allowed to get rid of all the dirt we had accumulate over
    18 years and to write extensible checks. New ones are much easier to add.
    In addition we now have http-checks which support header and body
    addition, and which pass through muxes (HTTP/1 and HTTP/2).

  - ring buffer creation with ability to forward any event to any log server
    including over TCP. This means that it's now possible to log over a TCP
    syslog server, and that adding new protocols should be fairly easy.

  - further refined and improved debugging (symbols in panic dumps, malloc
    debugging, more activity counters)

  - the default security was improved. For example fork() is forbidden by
    default, which will block against any potential code execution (and
    will also block external checks by default unless explicitly unblocked).

  - new performance improvements in the scheduler and I/O layers, reducing
    the cost of I/O processing and overall latency. I've known from private
    discussions that some noticed tremendous gains there.

I'm pretty sure there are many other things but I don't remember, I'm
looking at my notes. I'm aware that HaproxyTech will soon post an in-depth
review on the haproxy.com blog so just have a look there for all the details.
(edit: it's already there: https://www.haproxy.com/blog/announcing-haproxy-2-2/
).

There are three things I noted during the development of this version.

The first one is that with the myriad of new tools we're using to help
users and improve our code quality (discourse, travis, cirrus, oss-fuzz,
mailing-list etc), some people really found their role in the project and
are becoming more autonomous. This definitely scales much better and helps
me spend less time on things that are not directly connected to my code
activities, so thank you very much for this (Lukas, Tim, Ilya, Cyril).

The second one is that this is the first version that has been tortured
in production long before the release. And when I'm saying "tortured", I
really mean it, because several of us were suffering as well. But it
allowed to address very serious issues that would have been a nightmare
to debug and fix post-release. For this I really want to publicly thank
William Dauchy for all his work and involvement on this, and for all the
very detailed reports he's sent us. For me this is the proof that running
code early on very limited traffic is enough to catch unacceptable bugs
that will not hit you later. And this pays off because he will be able to
deploy 2.2 soon without sweating. Others might face bugs that were not in
the perimeter he tested, hehe :-) I really encourage anyone who can to do
this. I know it's not easy and can be risky, but with some organization
and good prod automation it's possible and is great. What's nice with
reporting bugs during development is that you have a safe version to roll
back to and it can take the time it takes to fix the bug, it's not a
problem! Please think about it and what it would imply for you to adopt
such a model, it's a real time saver and risk saver for your production.

The last one is that we started to use the -next branch to queue some
pending work (that was already merged) and that the principle of finishing
one version while we're starting to queue some work for the next one is
well accepted and will help really us. I'd like this to continue and grow
in importance.

Enough talking, now's time to download and update, and for me to leave to
have dinner :-)

diffstat:

 net/haproxy/Makefile |   4 ++--
 net/haproxy/distinfo |  10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diffs (30 lines):

diff -r e336a3ebb3e0 -r 274e8f1b7dbd net/haproxy/Makefile
--- a/net/haproxy/Makefile      Wed Jul 15 09:19:05 2020 +0000
+++ b/net/haproxy/Makefile      Wed Jul 15 09:20:44 2020 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.63 2020/06/20 08:33:32 adam Exp $
+# $NetBSD: Makefile,v 1.64 2020/07/15 09:20:44 adam Exp $
 
-DISTNAME=      haproxy-2.1.7
+DISTNAME=      haproxy-2.2.0
 CATEGORIES=    net www
 MASTER_SITES=  https://www.haproxy.org/download/${PKGVERSION_NOREV:R}/src/
 
diff -r e336a3ebb3e0 -r 274e8f1b7dbd net/haproxy/distinfo
--- a/net/haproxy/distinfo      Wed Jul 15 09:19:05 2020 +0000
+++ b/net/haproxy/distinfo      Wed Jul 15 09:20:44 2020 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.56 2020/06/20 08:33:32 adam Exp $
+$NetBSD: distinfo,v 1.57 2020/07/15 09:20:44 adam Exp $
 
-SHA1 (haproxy-2.1.7.tar.gz) = 74cb468a2cb61f730c7dff64d4e49fe80861d640
-RMD160 (haproxy-2.1.7.tar.gz) = faadb9bbdf91dca41a709e559edbe8a5262025d3
-SHA512 (haproxy-2.1.7.tar.gz) = d3338f128042f40e2969094a614eb840b1bf7409efa4f85aed7f45411af8532d2f2371436902e7b987b661580f9c21439fc027a65bb2d352cb86711a26545adb
-Size (haproxy-2.1.7.tar.gz) = 2709999 bytes
+SHA1 (haproxy-2.2.0.tar.gz) = 0039631bd1be2bd72bf5ea5591f17b4c1ba831a1
+RMD160 (haproxy-2.2.0.tar.gz) = cd55276331acce149a717374be672b9fabb4a877
+SHA512 (haproxy-2.2.0.tar.gz) = 25cff09acba29ba36f045d45f894d26a13eea3e71c3e1f868446e739eed1fcfee8fc4af8da2914eef7ecbfe266a498f931cc6ec6c3e73b8874c140618269f480
+Size (haproxy-2.2.0.tar.gz) = 2866916 bytes
 SHA1 (patch-Makefile) = 790242ebde13ac1a9d95a16cba29e30a9bccd57c
 SHA1 (patch-src_cli.c) = 4bc5cf0116df121ac4c3c38b8f962c3a62d536e5
 SHA1 (patch-src_haproxy.c) = badb172013541087d84f03726ea928c6f5634dc3