-
Notifications
You must be signed in to change notification settings - Fork 1.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
net-proxy/squid: bump to 6.7, fix compilation w/gcc-13
Closes: https://bugs.gentoo.org/911945 Signed-off-by: Hank Leininger <hlein@korelogic.com> Closes: #35206 Signed-off-by: Joonas Niilola <juippis@gentoo.org>
- Loading branch information
Showing
2 changed files
with
393 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,5 @@ | ||
DIST squid-6.5.tar.xz 2554492 BLAKE2B 91ed91f9b0f56f440a7f15a63bbc3e19537b60bc8b31b5bf7e16884367d0da060c5490e1721dbd7c5fce7f4a4e958fb3554d6bdc5b55f568598f907722b651de SHA512 d3a40f5f390f0042a8e981ca28755a90dd520230a06b4246ba7bec0c98025ce1cdc7426797a666f769addd60238e28e1f04d2c701ea2ef2d7329dbe87b830d70 | ||
DIST squid-6.6.tar.xz 2554824 BLAKE2B 7c3c96f5cd5f819f6f020fb3e63ee8d9bb26b7fb4ff4405d7963a643c6766344e6492505bc1b33f3040ad800b3d7a3ad6a4b067b031ac4d178ddcac04c6e74dc SHA512 4ab261ed85ad674288467500aca9d8a48e3918b55f777635c0ba7a2551f248d35536848a5fbf2c946490a818004727f2aed33144f0a3ebab0be36cc4cffb020c | ||
DIST squid-6.6.tar.xz.asc 1193 BLAKE2B c37a400c51c30de35c6fe52123389c134d05670a36b1ffae4d67e7d06981bbf94788343daf2fdeafb782d464a977ee31bc601e3b1b92b45cd40ba6a6725b9a16 SHA512 08550569759c403a1a9747d08ea7055751fbf251355691074f6d09baca76a0987c5dff36e1f01b64edd446d568c7244b14124f6f8a1b19ccfc30293eed83a297 | ||
DIST squid-6.7.tar.xz 2427468 BLAKE2B 0cd892213085326d1f4cc065778d95d74c03edaaf98b839b4422397fdcd449716b022e74adcbac636ca98e9d5c45a8f7aa156c3edc9f306fb13fc5cc21125dd6 SHA512 6221437056c600119fe9ff1ceeeaa9955cf9f21df481ad29a3515f8439a41b779d51f37b820b75641d0d4d6de54554f6f924dbd347834bf4a6ad6b5b317084a0 | ||
DIST squid-6.7.tar.xz.asc 646 BLAKE2B 6d4e6075b261f54269577fc31b28e7cb74b835c851741542c322b226d29325128cdbaadd156070e9fe6c5af5c33149c78f71b01272934a62676e08f3f75f8628 SHA512 4a1f9d123ce6b5a600d9d2dd3af95a7ce98bfe28ba42d1281ab1f3d7f220f8738a4320afb85eeba1bf9d31e722ffaccd2d89cbefcd11e6b6ea31fe237ccf9a8c |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,391 @@ | ||
# Copyright 1999-2024 Gentoo Authors | ||
# Distributed under the terms of the GNU General Public License v2 | ||
|
||
EAPI=8 | ||
|
||
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/squid.gpg | ||
inherit autotools flag-o-matic linux-info pam systemd toolchain-funcs verify-sig | ||
|
||
DESCRIPTION="Full-featured web proxy cache" | ||
HOMEPAGE="http://www.squid-cache.org/" | ||
|
||
MY_PV_MAJOR=$(ver_cut 1) | ||
# Upstream patch ID for the most recent bug-fixed update to the formal release. | ||
#r=-20181117-r0022167 | ||
r= | ||
if [[ -z ${r} ]]; then | ||
SRC_URI=" | ||
http://static.squid-cache.org/Versions/v${MY_PV_MAJOR}/${P}.tar.xz | ||
verify-sig? ( http://static.squid-cache.org/Versions/v${MY_PV_MAJOR}/${P}.tar.xz.asc ) | ||
" | ||
else | ||
SRC_URI="http://static.squid-cache.org/Versions/v${MY_PV_MAJOR}/${P}${r}.tar.bz2" | ||
S="${S}${r}" | ||
fi | ||
|
||
LICENSE="GPL-2+" | ||
SLOT="0" | ||
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86" | ||
IUSE="caps gnutls pam ldap samba sasl kerberos nis radius ssl snmp selinux logrotate test ecap" | ||
IUSE+=" esi ssl-crtd mysql postgres sqlite systemd perl qos tproxy +htcp valgrind +wccp +wccpv2" | ||
RESTRICT="!test? ( test )" | ||
REQUIRED_USE="tproxy? ( caps ) qos? ( caps ) ssl-crtd? ( ssl )" | ||
|
||
DEPEND=" | ||
acct-group/squid | ||
acct-user/squid | ||
dev-libs/libltdl | ||
sys-libs/tdb | ||
virtual/libcrypt:= | ||
caps? ( >=sys-libs/libcap-2.16 ) | ||
ecap? ( net-libs/libecap:1 ) | ||
esi? ( | ||
dev-libs/expat | ||
dev-libs/libxml2 | ||
) | ||
ldap? ( net-nds/openldap:= ) | ||
gnutls? ( >=net-libs/gnutls-3.1.5:= ) | ||
logrotate? ( app-admin/logrotate ) | ||
nis? ( | ||
net-libs/libtirpc:= | ||
net-libs/libnsl:= | ||
) | ||
kerberos? ( virtual/krb5 ) | ||
pam? ( sys-libs/pam ) | ||
qos? ( net-libs/libnetfilter_conntrack ) | ||
ssl? ( | ||
dev-libs/nettle:= | ||
!gnutls? ( | ||
dev-libs/openssl:= | ||
) | ||
) | ||
sasl? ( dev-libs/cyrus-sasl ) | ||
systemd? ( sys-apps/systemd:= ) | ||
" | ||
RDEPEND=" | ||
${DEPEND} | ||
mysql? ( dev-perl/DBD-mysql ) | ||
postgres? ( dev-perl/DBD-Pg ) | ||
perl? ( dev-lang/perl ) | ||
samba? ( net-fs/samba ) | ||
selinux? ( sec-policy/selinux-squid ) | ||
sqlite? ( dev-perl/DBD-SQLite ) | ||
" | ||
DEPEND+=" valgrind? ( dev-debug/valgrind )" | ||
BDEPEND=" | ||
dev-lang/perl | ||
ecap? ( virtual/pkgconfig ) | ||
test? ( dev-util/cppunit ) | ||
verify-sig? ( sec-keys/openpgp-keys-squid ) | ||
" | ||
|
||
PATCHES=( | ||
"${FILESDIR}"/${PN}-6.2-gentoo.patch | ||
"${FILESDIR}"/${PN}-4.17-use-system-libltdl.patch | ||
"${FILESDIR}"/${PN}-6.4-gcc14-algorithm.patch | ||
) | ||
|
||
pkg_pretend() { | ||
if use tproxy; then | ||
local CONFIG_CHECK="~NF_CONNTRACK ~NETFILTER_XT_MATCH_SOCKET ~NETFILTER_XT_TARGET_TPROXY" | ||
linux-info_pkg_setup | ||
fi | ||
} | ||
|
||
src_prepare() { | ||
default | ||
|
||
# Fixup various paths | ||
sed -i -e 's:/usr/local/squid/etc:/etc/squid:' \ | ||
INSTALL QUICKSTART \ | ||
scripts/fileno-to-pathname.pl \ | ||
scripts/check_cache.pl \ | ||
tools/cachemgr.cgi.8 \ | ||
tools/purge/conffile.hh \ | ||
tools/purge/purge.1 || die | ||
sed -i -e 's:/usr/local/squid/sbin:/usr/sbin:' \ | ||
INSTALL QUICKSTART || die | ||
sed -i -e 's:/usr/local/squid/var/cache:/var/cache/squid:' \ | ||
QUICKSTART || die | ||
sed -i -e 's:/usr/local/squid/var/logs:/var/log/squid:' \ | ||
QUICKSTART \ | ||
src/log/access_log.cc || die | ||
sed -i -e 's:/usr/local/squid/logs:/var/log/squid:' \ | ||
src/log/access_log.cc || die | ||
sed -i -e 's:/usr/local/squid/libexec:/usr/libexec/squid:' \ | ||
src/acl/external/unix_group/ext_unix_group_acl.8 \ | ||
src/acl/external/session/ext_session_acl.8 || die | ||
sed -i -e 's:/usr/local/squid/cache:/var/cache/squid:' \ | ||
scripts/check_cache.pl || die | ||
# /var/run/squid to /run/squid | ||
sed -i -e 's:$(localstatedir)::' \ | ||
src/ipc/Makefile.am || die | ||
sed -i 's:/var/run/:/run/:g' tools/systemd/squid.service || die | ||
|
||
sed -i -e 's:_LTDL_SETUP:LTDL_INIT([installable]):' \ | ||
libltdl/configure.ac || die | ||
|
||
eautoreconf | ||
} | ||
|
||
src_configure() { | ||
local myeconfargs=( | ||
--cache-file="${S}"/config.cache | ||
|
||
--datadir=/usr/share/squid | ||
--libexecdir=/usr/libexec/squid | ||
--localstatedir=/var | ||
--sysconfdir=/etc/squid | ||
--with-default-user=squid | ||
--with-logdir=/var/log/squid | ||
--with-pidfile=/run/squid.pid | ||
|
||
--enable-build-info="Gentoo ${PF} (r: ${r:-NONE})" | ||
--enable-log-daemon-helpers | ||
--enable-url-rewrite-helpers | ||
--enable-cache-digests | ||
--enable-delay-pools | ||
--enable-disk-io | ||
--enable-eui | ||
--enable-icmp | ||
--enable-ipv6 | ||
--enable-follow-x-forwarded-for | ||
--enable-removal-policies="lru,heap" | ||
--disable-strict-error-checking | ||
--disable-arch-native | ||
|
||
--with-large-files | ||
--with-build-environment=default | ||
|
||
--with-tdb | ||
|
||
--without-included-ltdl | ||
--with-ltdl-include="${ESYSROOT}"/usr/include | ||
--with-ltdl-lib="${ESYSROOT}"/usr/$(get_libdir) | ||
|
||
$(use_with caps cap) | ||
$(use_enable snmp) | ||
$(use_with ssl openssl) | ||
$(use_with ssl nettle) | ||
$(use_with gnutls) | ||
$(use_with ldap) | ||
$(use_enable ssl-crtd) | ||
$(use_with systemd) | ||
$(use_with test cppunit) | ||
$(use_enable ecap) | ||
$(use_enable esi) | ||
$(use_enable esi expat) | ||
$(use_enable esi xml2) | ||
$(use_enable htcp) | ||
$(use_with valgrind valgrind-debug) | ||
$(use_enable wccp) | ||
$(use_enable wccpv2) | ||
) | ||
|
||
# Basic modules | ||
local basic_modules=( | ||
NCSA | ||
POP3 | ||
getpwnam | ||
|
||
$(usev samba 'SMB') | ||
$(usev ldap 'SMB_LM LDAP') | ||
$(usev pam 'PAM') | ||
$(usev sasl 'SASL') | ||
$(usev nis 'NIS') | ||
$(usev radius 'RADIUS') | ||
) | ||
|
||
use nis && append-cppflags "-I${ESYSROOT}/usr/include/tirpc" | ||
|
||
if use mysql || use postgres || use sqlite; then | ||
basic_modules+=( DB ) | ||
fi | ||
|
||
# Digests | ||
local digest_modules=( | ||
file | ||
|
||
$(usev ldap 'LDAP eDirectory') | ||
) | ||
|
||
# Kerberos | ||
local negotiate_modules=( none ) | ||
|
||
myeconfargs+=( --without-mit-krb5 --without-heimdal-krb5 ) | ||
|
||
if use kerberos; then | ||
# We intentionally overwrite negotiate_modules here to lose | ||
# the 'none'. | ||
negotiate_modules=( kerberos wrapper ) | ||
|
||
if has_version app-crypt/heimdal; then | ||
myeconfargs+=( | ||
--without-mit-krb5 | ||
--with-heimdal-krb5 | ||
) | ||
else | ||
myeconfargs+=( | ||
--with-mit-krb5 | ||
--without-heimdal-krb5 | ||
) | ||
fi | ||
fi | ||
|
||
# NTLM modules | ||
local ntlm_modules=( none ) | ||
|
||
if use samba ; then | ||
# We intentionally overwrite ntlm_modules here to lose | ||
# the 'none'. | ||
ntlm_modules=( SMB_LM ) | ||
fi | ||
|
||
# External helpers | ||
local ext_helpers=( | ||
file_userip | ||
session | ||
unix_group | ||
delayer | ||
time_quota | ||
|
||
$(usev samba 'wbinfo_group') | ||
$(usev ldap 'LDAP_group eDirectory_userip') | ||
) | ||
|
||
use ldap && use kerberos && ext_helpers+=( kerberos_ldap_group ) | ||
if use mysql || use postgres || use sqlite; then | ||
ext_helpers+=( SQL_session ) | ||
fi | ||
|
||
# Storage modules | ||
local storeio_modules=( | ||
aufs | ||
diskd | ||
rock | ||
ufs | ||
) | ||
|
||
# | ||
local transparent | ||
if use kernel_linux; then | ||
myeconfargs+=( | ||
--enable-linux-netfilter | ||
$(usev qos '--enable-zph-qos --with-netfilter-conntrack') | ||
) | ||
fi | ||
|
||
tc-export_build_env BUILD_CXX | ||
export BUILDCXX="${BUILD_CXX}" | ||
export BUILDCXXFLAGS="${BUILD_CXXFLAGS}" | ||
tc-export CC AR | ||
|
||
# Should be able to drop this workaround with newer versions. | ||
# https://bugs.squid-cache.org/show_bug.cgi?id=4224 | ||
tc-is-cross-compiler && export squid_cv_gnu_atomics=no | ||
|
||
# Bug #719662 | ||
append-atomic-flags | ||
|
||
print_options_without_comma() { | ||
# IFS as ',' will cut off any trailing commas | ||
( | ||
IFS=',' | ||
options=( $(printf "%s," "${@}") ) | ||
echo "${options[*]}" | ||
) | ||
} | ||
|
||
myeconfargs+=( | ||
--enable-storeio=$(print_options_without_comma "${storeio_modules[@]}") | ||
--enable-auth-basic=$(print_options_without_comma "${basic_modules[@]}") | ||
--enable-auth-digest=$(print_options_without_comma "${digest_modules[@]}") | ||
--enable-auth-ntlm=$(print_options_without_comma "${ntlm_modules[@]}") | ||
--enable-auth-negotiate=$(print_options_without_comma "${negotiate_modules[@]}") | ||
--enable-external-acl-helpers=$(print_options_without_comma "${ext_helpers[@]}") | ||
) | ||
|
||
econf "${myeconfargs[@]}" | ||
} | ||
|
||
src_install() { | ||
default | ||
|
||
systemd_dounit tools/systemd/squid.service | ||
|
||
# Need suid root for looking into /etc/shadow | ||
fowners root:squid /usr/libexec/squid/basic_ncsa_auth | ||
fperms 4750 /usr/libexec/squid/basic_ncsa_auth | ||
|
||
if use pam; then | ||
fowners root:squid /usr/libexec/squid/basic_pam_auth | ||
fperms 4750 /usr/libexec/squid/basic_pam_auth | ||
fi | ||
|
||
# Pinger needs suid as well | ||
fowners root:squid /usr/libexec/squid/pinger | ||
fperms 4750 /usr/libexec/squid/pinger | ||
|
||
# These scripts depend on perl | ||
if ! use perl; then | ||
local perl_scripts=( | ||
basic_pop3_auth ext_delayer_acl helper-mux | ||
log_db_daemon security_fake_certverify | ||
storeid_file_rewrite url_lfs_rewrite | ||
) | ||
|
||
local script | ||
for script in "${perl_scripts[@]}"; do | ||
rm "${ED}"/usr/libexec/squid/${script} || die | ||
done | ||
fi | ||
|
||
# Cleanup | ||
rm -r "${D}"/run "${D}"/var/cache || die | ||
|
||
dodoc CONTRIBUTORS CREDITS ChangeLog INSTALL QUICKSTART README SPONSORS doc/*.txt | ||
newdoc src/auth/negotiate/kerberos/README README.kerberos | ||
newdoc src/auth/basic/RADIUS/README README.RADIUS | ||
newdoc src/acl/external/kerberos_ldap_group/README README.kerberos_ldap_group | ||
dodoc RELEASENOTES.html | ||
|
||
if use pam; then | ||
newpamd "${FILESDIR}"/squid.pam squid | ||
fi | ||
|
||
newconfd "${FILESDIR}"/squid.confd-r2 squid | ||
newinitd "${FILESDIR}"/squid.initd-r6 squid | ||
|
||
if use logrotate ; then | ||
insinto /etc/logrotate.d | ||
newins "${FILESDIR}"/squid.logrotate squid | ||
else | ||
exeinto /etc/cron.weekly | ||
newexe "${FILESDIR}"/squid.cron squid.cron | ||
fi | ||
|
||
diropts -m0750 -o squid -g squid | ||
keepdir /var/log/squid /etc/ssl/squid /var/lib/squid | ||
|
||
# Hack for bug #834503 (see also bug #664940) | ||
# Please keep this for a few years until it's no longer plausible | ||
# someone is upgrading from < squid 5.7. | ||
mv "${ED}"/usr/share/squid/errors{,.new} || die | ||
} | ||
|
||
pkg_preinst() { | ||
# Remove file in EROOT that the directory collides with. | ||
rm -rf "${EROOT}"/usr/share/squid/errors || die | ||
|
||
# Following the collision protection check, reverse | ||
# src_install's rename in ED. | ||
mv "${ED}"/usr/share/squid/errors{.new,} || die | ||
} | ||
|
||
pkg_postinst() { | ||
elog "A good starting point to debug Squid issues is to use 'squidclient mgr:' commands such as 'squidclient mgr:info'." | ||
|
||
if [[ ${#r} -gt 0 ]]; then | ||
elog "You are using a release with the official ${r} patch! Make sure you mention that, or send the output of 'squidclient mgr:info' when asking for support." | ||
fi | ||
} |