Incorporated @ratkaj configuration options and patches.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
--- /dev/null
+if PACKAGE_squid
+
+ comment "Optional features"
+
+ config SQUID_enable-ipv6
+ bool "Enable support for IP version 6"
+ default y
+
+ config SQUID_enable-snmp
+ bool "Enable SNMP monitoring support"
+ default n
+
+ config SQUID_enable-icmp
+ bool "Enable ICMP pinging and Network Measurement"
+ default n
+
+ config SQUID_enable-icap-client
+ bool "Enable ICAP client support"
+ default n
+
+ config SQUID_enable-dlmalloc
+ bool "Compile & use the malloc package by Doug Lea"
+ default y
+
+ config SQUID_enable-ssl-crtd
+ bool "Enable dynamic SSL certificate generation "
+ depends on !SQUID_use-gnutls
+ default n
+
+ config SQUID_auth-basic
+ bool "Enable the Basic authentication scheme"
+ default n
+
+ config SQUID_auth-digest
+ bool "Enable the Digest authentication scheme"
+ default n
+
+ config SQUID_auth-negotiate
+ bool "Enable the Negotiate authentication scheme"
+ default n
+
+ config SQUID_auth-ntlm
+ bool "Enable the NTLM authentication scheme"
+ default n
+
+ comment "Optional packages"
+
+ config SQUID_use-gnutls
+ bool "Use GnuTLS instead of OpenSSL"
+ default n
+
+ config SQUID_with-libcap
+ bool "Use libcap - Linux capabilities library"
+ default n
+
+ config SQUID_with-nettle
+ bool "Use nettle - GNU crypto library"
+ default n
+
+ config SQUID_with-expat
+ bool "Use expat - XML parsing library"
+ default n
+
+ config SQUID_with-libxml2
+ bool "Use libxml2 - Gnome XML library"
+ default n
+
+ comment "Additional tools"
+
+endif
+
CATEGORY:=Network
SUBMENU:=Web Servers/Proxies
URL:=http://www.squid-cache.org/
- MENU:=1
endef
define Package/squid
$(call Package/squid/Default)
- DEPENDS:=+libopenssl +libpthread +librt +libltdl +libstdcpp +libatomic +USE_GLIBC:libbsd
+ MENU:=1
+ DEPENDS:=+libpthread +librt +libltdl +libstdcpp +libatomic +USE_GLIBC:libbsd
+ DEPENDS+= +SQUID_use-gnutls:libgnutls +!SQUID_use-gnutls:libopenssl
+ DEPENDS+= +SQUID_with-libcap:libcap
+ DEPENDS+= +SQUID_with-nettle:libnettle
+ DEPENDS+= +SQUID_with-expat:libexpat
+ DEPENDS+= +SQUID_with-libxml2:libxml2
+ USERID:=squid=137:squid=137
TITLE:=full-featured Web proxy cache
endef
frequently-requested web pages.
endef
+define Package/squid/config
+ source "$(SOURCE)/Config.in"
+endef
+
+define Package/squid/conffiles
+ /etc/squid/squid.conf
+endef
+
define Package/squid-mod-cachemgr
$(call Package/squid/Default)
DEPENDS:=squid
--sysconfdir=/etc/squid \
--enable-shared \
--disable-static \
- --enable-icmp \
--enable-delay-pools \
- --enable-icap-client \
--enable-kill-parent-hack \
- --disable-snmp \
--enable-ssl \
- --enable-ssl-crtd \
--enable-cache-digests \
--enable-linux-netfilter \
--disable-unlinkd \
--disable-auto-locale \
--with-dl \
--with-pthreads \
- --without-expat \
- --without-libxml2 \
- --without-gnutls \
- --without-nettle \
- --with-openssl=$(STAGING_DIR)/usr \
--enable-epoll \
- --with-maxfd=4096 \
+ --with-maxfd=2048 \
+ --disable-ecap \
--disable-external-acl-helpers \
- --disable-auth-negotiate \
- --disable-auth-ntlm \
- --disable-auth-digest \
- --disable-auth-basic \
--disable-arch-native \
--with-krb5-config=no \
--without-mit-krb5 \
- --without-libcap \
- --without-netfilter-conntrack
+ --without-netfilter-conntrack \
+ --disable-ident-lookups \
+ $(if $(CONFIG_SQUID_auth-basic),--enable,--disable)-auth-basic \
+ $(if $(CONFIG_SQUID_auth-digest),--enable,--disable)-auth-digest \
+ $(if $(CONFIG_SQUID_auth-ntlm),--enable,--disable)-auth-ntlm \
+ $(if $(CONFIG_SQUID_auth-negotiate),--enable,--disable)-auth-negotiate \
+ $(if $(CONFIG_SQUID_enable-ipv6),--enable,--disable)-dlmalloc \
+ $(if $(CONFIG_SQUID_enable-ipv6),--enable,--disable)-ipv6 \
+ $(if $(CONFIG_SQUID_enable-ssl-crtd),--enable-ssl-crtd) \
+ $(if $(CONFIG_SQUID_use-gnutls),--with,--without)-gnutls \
+ $(if $(CONFIG_SQUID_use-gnutls),--without-openssl) \
+ $(if $(CONFIG_SQUID_use-gnutls),,--with-openssl="$(STAGING_DIR)/usr") \
+ $(if $(CONFIG_SQUID_enable-icmp),--enable,--disable)-icmp \
+ $(if $(CONFIG_SQUID_enable-icap-client),--enable,--disable)-icap-client \
+ $(if $(CONFIG_SQUID_enable-snmp),--enable,--disable)-snmp \
+ $(if $(CONFIG_SQUID_with-libcap),--with,--without)-libcap \
+ $(if $(CONFIG_SQUID_with-nettle),--with,--without)-nettle \
+ $(if $(CONFIG_SQUID_with-expat),--with,--without)-expat \
+ $(if $(CONFIG_SQUID_with-libxml2),--with,--without)-libxml2
CONFIGURE_VARS += \
ac_cv_header_linux_netfilter_ipv4_h=yes \
ac_cv_epoll_works=yes
-EXTRA_CFLAGS += -Wno-error
-
define Build/Compile
+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/lib all
+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/squid $(1)/usr/sbin/
$(INSTALL_DIR) $(1)/usr/lib/squid
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/squid/security_file_certgen $(1)/usr/lib/squid/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/squid/* $(1)/usr/lib/squid/
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_CONF) ./files/squid.config $(1)/etc/config/squid
$(INSTALL_DIR) $(1)/etc/squid
- $(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/squid/mime.conf $(1)/etc/squid/
+ $(CP) $(PKG_INSTALL_DIR)/etc/squid/* $(1)/etc/squid/
$(INSTALL_CONF) ./files/squid.conf $(1)/etc/squid/
$(INSTALL_DIR) $(1)/etc/init.d/
$(INSTALL_DIR) $(1)/usr/share/squid/icons/
$(CP) $(PKG_INSTALL_DIR)/usr/share/squid/icons/* $(1)/usr/share/squid/icons/
+ $(CP) $(PKG_INSTALL_DIR)/usr/share/squid/mib.txt $(1)/usr/share/squid/
$(INSTALL_DIR) $(1)/usr/share/squid/errors/templates/
$(CP) $(PKG_INSTALL_DIR)/usr/share/squid/errors/templates/* $(1)/usr/share/squid/errors/templates/
-acl localnet src 10.0.0.0/8
-acl localnet src 172.16.0.0/12
-acl localnet src 192.168.0.0/16
-acl localnet src fc00::/7
-acl localnet src fe80::/10
-
-acl ssl_ports port 443
-
-acl safe_ports port 80
-acl safe_ports port 21
-acl safe_ports port 443
-acl safe_ports port 70
-acl safe_ports port 210
-acl safe_ports port 1025-65535
-acl safe_ports port 280
-acl safe_ports port 488
-acl safe_ports port 591
-acl safe_ports port 777
-acl connect method connect
-
-http_access deny !safe_ports
-http_access deny connect !ssl_ports
+#
+# Recommended minimum configuration:
+#
+# Example rule allowing access from your local networks.
+# Adapt to list your (internal) IP networks from where browsing
+# should be allowed
+acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
+acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN)
+acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN)
+acl localhet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines
+acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN)
+acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN)
+acl localnet src fc00::/7 # RFC 4193 local private network range
+acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
+
+acl SSL_ports port 443
+acl Safe_ports port 80 # http
+acl Safe_ports port 21 # ftp
+acl Safe_ports port 443 # https
+acl Safe_ports port 70 # gopher
+acl Safe_ports port 210 # wais
+acl Safe_ports port 1025-65535 # unregistered ports
+acl Safe_ports port 280 # http-mgmt
+acl Safe_ports port 488 # gss-http
+acl Safe_ports port 591 # filemaker
+acl Safe_ports port 777 # multiling http
+acl CONNECT method CONNECT
+
+#
+# Recommended minimum Access Permission configuration:
+#
+# Deny requests to certain unsafe ports
+http_access deny !Safe_ports
+
+# Deny CONNECT to other than secure SSL ports
+http_access deny CONNECT !SSL_ports
+
+# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager
-http_access deny to_localhost
+# We strongly recommend the following be uncommented to protect innocent
+# web applications running on the proxy server who think the only
+# one who can access services on "localhost" is a local user
+#http_access deny to_localhost
+#
+# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
+#
+
+# Example rule allowing access from your local networks.
+# Adapt localnet in the ACL section to list your (internal) IP networks
+# from where browsing should be allowed
http_access allow localnet
http_access allow localhost
+# And finally deny all other access to this proxy
http_access deny all
-refresh_pattern ^ftp: 1440 20% 10080
-refresh_pattern ^gopher: 1440 0% 1440
-refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
-refresh_pattern . 0 20% 4320
+# Uncomment and adjust the following to add a disk cache directory.
+#cache_dir ufs /usr/local/squid/var/cache/squid 100 16 256
+
+#
+# Add any of your own refresh_pattern entries above these.
+#
+refresh_pattern ^ftp: 1440 20% 10080
+refresh_pattern ^gopher: 1440 0% 1440
+refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
+refresh_pattern . 0 20% 4320
+
+# Squid user
+cache_effective_user squid
-access_log none
-cache_log /dev/null
-cache_store_log stdio:/dev/null
-logfile_rotate 0
+#
+# Logs, best to use only for debugging as they can become very large
+#
-logfile_daemon /dev/null
+access_log none # daemon:/tmp/squid_access.log
+cache_log /dev/null # /tmp/squid_cache.log
'mime_table:string:/etc/squid/mime.conf'
}
+create_squid_user() {
+ user_exists squid || user_add squid $USERID
+ group_exists squid || group_add squid $USERID && group_add_user squid squid
+}
+
start_service() {
local config_file http_port http_port_options ssldb ssldb_options coredump_dir visible_hostname pinger_enable
---- a/src/Makefile.in
-+++ b/src/Makefile.in
-@@ -7642,7 +7642,7 @@ cache_cf.o: cf_parser.cci
+From fac6f63a52a2f4cbb3748cd5687eca5409093904 Mon Sep 17 00:00:00 2001
+From: Marko Ratkaj <marko.ratkaj@sartura.hr>
+Date: Thu, 20 Apr 2017 15:15:50 +0200
+Subject: [PATCH] foo
+
+Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
+---
+ src/Makefile.in | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+Index: squid-4.0.21/src/Makefile.in
+===================================================================
+--- squid-4.0.21.orig/src/Makefile.in
++++ squid-4.0.21/src/Makefile.in
+@@ -7642,7 +7642,8 @@ cache_cf.o: cf_parser.cci
# cf_gen builds the configuration files.
cf_gen$(EXEEXT): $(cf_gen_SOURCES) $(cf_gen_DEPENDENCIES) cf_gen_defines.cci
- $(BUILDCXX) $(BUILDCXXFLAGS) -o $@ $(srcdir)/cf_gen.cc -I$(srcdir) -I$(top_builddir)/include/ -I$(top_builddir)/src
+ g++ -o $@ $(srcdir)/cf_gen.cc -I$(srcdir) -I$(top_builddir)/include/ -I$(top_builddir)/src
++
# squid.conf.default is built by cf_gen when making cf_parser.cci
squid.conf.default squid.conf.documented: cf_parser.cci
---- a/configure
-+++ b/configure
-@@ -30695,7 +30695,7 @@ else
- if test "$cross_compiling" = yes; then :
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
- $as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
--as_fn_error $? "cannot run test program while cross compiling
-+_as_fn_error $? "cannot run test program while cross compiling
- See \`config.log' for more details" "$LINENO" 5; }
- else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-@@ -30720,7 +30720,7 @@ else
- if test "$cross_compiling" = yes; then :
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
- $as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
--as_fn_error $? "cannot run test program while cross compiling
-+_as_fn_error $? "cannot run test program while cross compiling
- See \`config.log' for more details" "$LINENO" 5; }
- else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
--- /dev/null
+--- squid-4.0.21.orig/src/tools.cc
++++ squid-4.0.21/src/tools.cc
+@@ -581,7 +581,8 @@
+ }
+ #else
+
+- setuid(0);
++ if (setuid(0) < 0)
++ debugs(50, 1, "no_suid: setuid (0)");
+ #endif
+ #if HAVE_PRCTL && defined(PR_SET_DUMPABLE)
+ /* Set Linux DUMPABLE flag */
projects / feed / packages.git / commitdiff