squid: incorporated ideas from PR#5196

Incorporated @ratkaj configuration options and patches. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
7 years ago · 90f4b935bd
--- a/net/squid/Config.in
+++ b/net/squid/Config.in
@ -0,0 +1,71 @@
 if PACKAGE_squid

 	comment "Optional features"

 	config SQUID_enable-ipv6
 		bool "Enable support for IP version 6"
 		default y

 	config SQUID_enable-snmp
 		bool "Enable SNMP monitoring support"
 		default n

 	config SQUID_enable-icmp
 		bool "Enable ICMP pinging and Network Measurement"
 		default n

 	config SQUID_enable-icap-client
 		bool "Enable ICAP client support"
 		default n

 	config SQUID_enable-dlmalloc
 		bool "Compile & use the malloc package by Doug Lea"
 		default y

 	config SQUID_enable-ssl-crtd
 		bool "Enable dynamic SSL certificate generation "
 		depends on !SQUID_use-gnutls
 		default n

 	config SQUID_auth-basic
 		bool "Enable the Basic authentication scheme"
 		default n

 	config SQUID_auth-digest
 		bool "Enable the Digest authentication scheme"
 		default n

 	config SQUID_auth-negotiate
 		bool "Enable the Negotiate authentication scheme"
 		default n

 	config SQUID_auth-ntlm
 		bool "Enable the NTLM authentication scheme"
 		default n

 	comment "Optional packages"

 	config SQUID_use-gnutls
 		bool "Use GnuTLS instead of OpenSSL"
 		default n

 	config SQUID_with-libcap
 		bool "Use libcap - Linux capabilities library"
 		default n

 	config SQUID_with-nettle
 		bool "Use nettle - GNU crypto library"
 		default n

 	config SQUID_with-expat
 		bool "Use expat - XML parsing library"
 		default n

 	config SQUID_with-libxml2
 		bool "Use libxml2 - Gnome XML library"
 		default n

 	comment "Additional tools"

 endif

--- a/net/squid/Makefile
+++ b/net/squid/Makefile
@ -30,12 +30,18 @@ define Package/squid/Default
  CATEGORY:=Network
  SUBMENU:=Web Servers/Proxies
  URL:=http://www.squid-cache.org/
  MENU:=1
 endef

 define Package/squid
  $(call Package/squid/Default)
  DEPENDS:=+libopenssl +libpthread +librt +libltdl +libstdcpp +libatomic +USE_GLIBC:libbsd
  MENU:=1
  DEPENDS:=+libpthread +librt +libltdl +libstdcpp +libatomic +USE_GLIBC:libbsd
  DEPENDS+= +SQUID_use-gnutls:libgnutls +!SQUID_use-gnutls:libopenssl
  DEPENDS+= +SQUID_with-libcap:libcap
  DEPENDS+= +SQUID_with-nettle:libnettle
  DEPENDS+= +SQUID_with-expat:libexpat
  DEPENDS+= +SQUID_with-libxml2:libxml2
  USERID:=squid=137:squid=137
  TITLE:=full-featured Web proxy cache
 endef

@ -45,6 +51,14 @@ define Package/squid/description
  frequently-requested web pages.
 endef

 define Package/squid/config
  source "$(SOURCE)/Config.in"
 endef

 define Package/squid/conffiles
  /etc/squid/squid.conf
 endef

 define Package/squid-mod-cachemgr
  $(call Package/squid/Default)
  DEPENDS:=squid
@ -58,13 +72,9 @@ CONFIGURE_ARGS += \
 	--sysconfdir=/etc/squid \
 	--enable-shared \
 	--disable-static \
 	--enable-icmp \
 	--enable-delay-pools \
 	--enable-icap-client \
 	--enable-kill-parent-hack \
 	--disable-snmp \
 	--enable-ssl \
 	--enable-ssl-crtd \
 	--enable-cache-digests \
 	--enable-linux-netfilter \
 	--disable-unlinkd \
@ -73,30 +83,37 @@ CONFIGURE_ARGS += \
 	--disable-auto-locale \
 	--with-dl \
 	--with-pthreads \
 	--without-expat \
 	--without-libxml2 \
 	--without-gnutls \
 	--without-nettle \
 	--with-openssl=$(STAGING_DIR)/usr \
 	--enable-epoll \
 	--with-maxfd=4096 \
 	--with-maxfd=2048 \
 	--disable-ecap \
 	--disable-external-acl-helpers \
 	--disable-auth-negotiate \
 	--disable-auth-ntlm \
 	--disable-auth-digest \
 	--disable-auth-basic \
 	--disable-arch-native \
 	--with-krb5-config=no \
 	--without-mit-krb5 \
 	--without-libcap \
 	--without-netfilter-conntrack
 	--without-netfilter-conntrack \
 	--disable-ident-lookups \
 	$(if $(CONFIG_SQUID_auth-basic),--enable,--disable)-auth-basic \
 	$(if $(CONFIG_SQUID_auth-digest),--enable,--disable)-auth-digest \
 	$(if $(CONFIG_SQUID_auth-ntlm),--enable,--disable)-auth-ntlm \
 	$(if $(CONFIG_SQUID_auth-negotiate),--enable,--disable)-auth-negotiate \
 	$(if $(CONFIG_SQUID_enable-ipv6),--enable,--disable)-dlmalloc \
 	$(if $(CONFIG_SQUID_enable-ipv6),--enable,--disable)-ipv6 \
 	$(if $(CONFIG_SQUID_enable-ssl-crtd),--enable-ssl-crtd) \
 	$(if $(CONFIG_SQUID_use-gnutls),--with,--without)-gnutls \
 	$(if $(CONFIG_SQUID_use-gnutls),--without-openssl) \
 	$(if $(CONFIG_SQUID_use-gnutls),,--with-openssl="$(STAGING_DIR)/usr") \
 	$(if $(CONFIG_SQUID_enable-icmp),--enable,--disable)-icmp \
 	$(if $(CONFIG_SQUID_enable-icap-client),--enable,--disable)-icap-client \
 	$(if $(CONFIG_SQUID_enable-snmp),--enable,--disable)-snmp \
 	$(if $(CONFIG_SQUID_with-libcap),--with,--without)-libcap \
 	$(if $(CONFIG_SQUID_with-nettle),--with,--without)-nettle \
 	$(if $(CONFIG_SQUID_with-expat),--with,--without)-expat \
 	$(if $(CONFIG_SQUID_with-libxml2),--with,--without)-libxml2

 CONFIGURE_VARS += \
 	ac_cv_header_linux_netfilter_ipv4_h=yes \
 	ac_cv_epoll_works=yes

 EXTRA_CFLAGS += -Wno-error

 define Build/Compile
 	+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/lib all
 	+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
@ -109,13 +126,13 @@ define Package/squid/install
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/squid $(1)/usr/sbin/

 	$(INSTALL_DIR) $(1)/usr/lib/squid
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/squid/security_file_certgen $(1)/usr/lib/squid/
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/squid/* $(1)/usr/lib/squid/

 	$(INSTALL_DIR) $(1)/etc/config
 	$(INSTALL_CONF) ./files/squid.config $(1)/etc/config/squid

 	$(INSTALL_DIR) $(1)/etc/squid
 	$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/squid/mime.conf $(1)/etc/squid/
 	$(CP) $(PKG_INSTALL_DIR)/etc/squid/* $(1)/etc/squid/
 	$(INSTALL_CONF) ./files/squid.conf $(1)/etc/squid/

 	$(INSTALL_DIR) $(1)/etc/init.d/
@ -123,6 +140,7 @@ define Package/squid/install

 	$(INSTALL_DIR) $(1)/usr/share/squid/icons/
 	$(CP) $(PKG_INSTALL_DIR)/usr/share/squid/icons/* $(1)/usr/share/squid/icons/
 	$(CP) $(PKG_INSTALL_DIR)/usr/share/squid/mib.txt $(1)/usr/share/squid/

 	$(INSTALL_DIR) $(1)/usr/share/squid/errors/templates/
 	$(CP) $(PKG_INSTALL_DIR)/usr/share/squid/errors/templates/* $(1)/usr/share/squid/errors/templates/
--- a/net/squid/files/squid.conf
+++ b/net/squid/files/squid.conf
@ -1,44 +1,80 @@
 acl localnet src 10.0.0.0/8
 acl localnet src 172.16.0.0/12
 acl localnet src 192.168.0.0/16
 acl localnet src fc00::/7
 acl localnet src fe80::/10

 acl ssl_ports port 443

 acl safe_ports port 80
 acl safe_ports port 21
 acl safe_ports port 443
 acl safe_ports port 70
 acl safe_ports port 210
 acl safe_ports port 1025-65535
 acl safe_ports port 280
 acl safe_ports port 488
 acl safe_ports port 591
 acl safe_ports port 777
 acl connect method connect

 http_access deny !safe_ports
 http_access deny connect !ssl_ports
 #
 # Recommended minimum configuration:
 #

 # Example rule allowing access from your local networks.
 # Adapt to list your (internal) IP networks from where browsing
 # should be allowed
 acl localnet src 0.0.0.1-0.255.255.255	# RFC 1122 "this" network (LAN)
 acl localnet src 10.0.0.0/8		# RFC 1918 local private network (LAN)
 acl localnet src 100.64.0.0/10		# RFC 6598 shared address space (CGN)
 acl localhet src 169.254.0.0/16 	# RFC 3927 link-local (directly plugged) machines
 acl localnet src 172.16.0.0/12		# RFC 1918 local private network (LAN)
 acl localnet src 192.168.0.0/16		# RFC 1918 local private network (LAN)
 acl localnet src fc00::/7       	# RFC 4193 local private network range
 acl localnet src fe80::/10      	# RFC 4291 link-local (directly plugged) machines

 acl SSL_ports port 443
 acl Safe_ports port 80		# http
 acl Safe_ports port 21		# ftp
 acl Safe_ports port 443		# https
 acl Safe_ports port 70		# gopher
 acl Safe_ports port 210		# wais
 acl Safe_ports port 1025-65535	# unregistered ports
 acl Safe_ports port 280		# http-mgmt
 acl Safe_ports port 488		# gss-http
 acl Safe_ports port 591		# filemaker
 acl Safe_ports port 777		# multiling http
 acl CONNECT method CONNECT

 #
 # Recommended minimum Access Permission configuration:
 #
 # Deny requests to certain unsafe ports
 http_access deny !Safe_ports

 # Deny CONNECT to other than secure SSL ports
 http_access deny CONNECT !SSL_ports

 # Only allow cachemgr access from localhost
 http_access allow localhost manager
 http_access deny manager

 http_access deny to_localhost
 # We strongly recommend the following be uncommented to protect innocent
 # web applications running on the proxy server who think the only
 # one who can access services on "localhost" is a local user
 #http_access deny to_localhost

 #
 # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
 #

 # Example rule allowing access from your local networks.
 # Adapt localnet in the ACL section to list your (internal) IP networks
 # from where browsing should be allowed
 http_access allow localnet
 http_access allow localhost

 # And finally deny all other access to this proxy
 http_access deny all

 refresh_pattern ^ftp: 1440 20% 10080
 refresh_pattern ^gopher: 1440 0% 1440
 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
 refresh_pattern . 0 20% 4320
 # Uncomment and adjust the following to add a disk cache directory.
 #cache_dir ufs /usr/local/squid/var/cache/squid 100 16 256

 #
 # Add any of your own refresh_pattern entries above these.
 #
 refresh_pattern ^ftp:		1440	20%	10080
 refresh_pattern ^gopher:	1440	0%	1440
 refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
 refresh_pattern .		0	20%	4320

 # Squid user
 cache_effective_user squid

 access_log none
 cache_log /dev/null
 cache_store_log stdio:/dev/null
 logfile_rotate 0
 #
 # Logs, best to use only for debugging as they can become very large
 #

 logfile_daemon /dev/null
 access_log none  # daemon:/tmp/squid_access.log
 cache_log /dev/null  # /tmp/squid_cache.log
--- a/net/squid/files/squid.init
+++ b/net/squid/files/squid.init
@ -22,6 +22,11 @@ validate_squid_section() {
 		'mime_table:string:/etc/squid/mime.conf'
 }

 create_squid_user() {
 	user_exists squid || user_add squid $USERID
 	group_exists squid || group_add squid $USERID && group_add_user squid squid
 }

 start_service() {
 	local config_file http_port http_port_options ssldb ssldb_options coredump_dir visible_hostname pinger_enable

--- a/net/squid/patches/001-cross_compile.patch
+++ b/net/squid/patches/001-cross_compile.patch
@ -1,31 +1,24 @@
 --- a/src/Makefile.in
 +++ b/src/Makefile.in
@@ -7642,7 +7642,7 @@ cache_cf.o: cf_parser.cci
 From fac6f63a52a2f4cbb3748cd5687eca5409093904 Mon Sep 17 00:00:00 2001
 From: Marko Ratkaj <marko.ratkaj@sartura.hr>
 Date: Thu, 20 Apr 2017 15:15:50 +0200
 Subject: [PATCH] foo

 Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
 ---
 src/Makefile.in | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

 Index: squid-4.0.21/src/Makefile.in
 ===================================================================
 --- squid-4.0.21.orig/src/Makefile.in
 +++ squid-4.0.21/src/Makefile.in
@@ -7642,7 +7642,8 @@ cache_cf.o: cf_parser.cci
 
 # cf_gen builds the configuration files.
 cf_gen$(EXEEXT): $(cf_gen_SOURCES) $(cf_gen_DEPENDENCIES) cf_gen_defines.cci
 -	$(BUILDCXX) $(BUILDCXXFLAGS) -o $@ $(srcdir)/cf_gen.cc -I$(srcdir) -I$(top_builddir)/include/ -I$(top_builddir)/src
 +	g++ -o $@ $(srcdir)/cf_gen.cc -I$(srcdir) -I$(top_builddir)/include/ -I$(top_builddir)/src
 +
 
 # squid.conf.default is built by cf_gen when making cf_parser.cci
 squid.conf.default squid.conf.documented: cf_parser.cci
 --- a/configure
 +++ b/configure
@@ -30695,7 +30695,7 @@ else
     if test "$cross_compiling" = yes; then :
   { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
 -as_fn_error $? "cannot run test program while cross compiling
 +_as_fn_error $? "cannot run test program while cross compiling
 See \`config.log' for more details" "$LINENO" 5; }
 else
   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -30720,7 +30720,7 @@ else
     if test "$cross_compiling" = yes; then :
   { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
 -as_fn_error $? "cannot run test program while cross compiling
 +_as_fn_error $? "cannot run test program while cross compiling
 See \`config.log' for more details" "$LINENO" 5; }
 else
   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
--- a/net/squid/patches/002-glibc-compile.patch
+++ b/net/squid/patches/002-glibc-compile.patch
@ -0,0 +1,12 @@
 --- squid-4.0.21.orig/src/tools.cc
 +++ squid-4.0.21/src/tools.cc
@@ -581,7 +581,8 @@
     }
 #else
 
 -    setuid(0);
 +    if (setuid(0) < 0)
 +	debugs(50, 1, "no_suid: setuid (0)");
 #endif
 #if HAVE_PRCTL && defined(PR_SET_DUMPABLE)
     /* Set Linux DUMPABLE flag */