Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Squid bump #35206

Closed
wants to merge 2 commits into from
Closed

Squid bump #35206

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2314ca3
sec-keys/openpgp-keys-squid: corrected HOMEPAGE
hlein Feb 6, 2024
f75a864
net-proxy/squid: bump to 6.7, fix compilation w/gcc-13
hlein Feb 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 2 additions & 0 deletions net-proxy/squid/Manifest
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
DIST squid-6.5.tar.xz 2554492 BLAKE2B 91ed91f9b0f56f440a7f15a63bbc3e19537b60bc8b31b5bf7e16884367d0da060c5490e1721dbd7c5fce7f4a4e958fb3554d6bdc5b55f568598f907722b651de SHA512 d3a40f5f390f0042a8e981ca28755a90dd520230a06b4246ba7bec0c98025ce1cdc7426797a666f769addd60238e28e1f04d2c701ea2ef2d7329dbe87b830d70
DIST squid-6.6.tar.xz 2554824 BLAKE2B 7c3c96f5cd5f819f6f020fb3e63ee8d9bb26b7fb4ff4405d7963a643c6766344e6492505bc1b33f3040ad800b3d7a3ad6a4b067b031ac4d178ddcac04c6e74dc SHA512 4ab261ed85ad674288467500aca9d8a48e3918b55f777635c0ba7a2551f248d35536848a5fbf2c946490a818004727f2aed33144f0a3ebab0be36cc4cffb020c
DIST squid-6.6.tar.xz.asc 1193 BLAKE2B c37a400c51c30de35c6fe52123389c134d05670a36b1ffae4d67e7d06981bbf94788343daf2fdeafb782d464a977ee31bc601e3b1b92b45cd40ba6a6725b9a16 SHA512 08550569759c403a1a9747d08ea7055751fbf251355691074f6d09baca76a0987c5dff36e1f01b64edd446d568c7244b14124f6f8a1b19ccfc30293eed83a297
DIST squid-6.7.tar.xz 2427468 BLAKE2B 0cd892213085326d1f4cc065778d95d74c03edaaf98b839b4422397fdcd449716b022e74adcbac636ca98e9d5c45a8f7aa156c3edc9f306fb13fc5cc21125dd6 SHA512 6221437056c600119fe9ff1ceeeaa9955cf9f21df481ad29a3515f8439a41b779d51f37b820b75641d0d4d6de54554f6f924dbd347834bf4a6ad6b5b317084a0
DIST squid-6.7.tar.xz.asc 646 BLAKE2B 6d4e6075b261f54269577fc31b28e7cb74b835c851741542c322b226d29325128cdbaadd156070e9fe6c5af5c33149c78f71b01272934a62676e08f3f75f8628 SHA512 4a1f9d123ce6b5a600d9d2dd3af95a7ce98bfe28ba42d1281ab1f3d7f220f8738a4320afb85eeba1bf9d31e722ffaccd2d89cbefcd11e6b6ea31fe237ccf9a8c
391 changes: 391 additions & 0 deletions net-proxy/squid/squid-6.7.ebuild
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,391 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2

EAPI=8

VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/squid.gpg
inherit autotools flag-o-matic linux-info pam systemd toolchain-funcs verify-sig

DESCRIPTION="Full-featured web proxy cache"
HOMEPAGE="http://www.squid-cache.org/"

MY_PV_MAJOR=$(ver_cut 1)
# Upstream patch ID for the most recent bug-fixed update to the formal release.
#r=-20181117-r0022167
r=
if [[ -z ${r} ]]; then
SRC_URI="
http://static.squid-cache.org/Versions/v${MY_PV_MAJOR}/${P}.tar.xz
verify-sig? ( http://static.squid-cache.org/Versions/v${MY_PV_MAJOR}/${P}.tar.xz.asc )
"
else
SRC_URI="http://static.squid-cache.org/Versions/v${MY_PV_MAJOR}/${P}${r}.tar.bz2"
S="${S}${r}"
fi

LICENSE="GPL-2+"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
IUSE="caps gnutls pam ldap samba sasl kerberos nis radius ssl snmp selinux logrotate test ecap"
IUSE+=" esi ssl-crtd mysql postgres sqlite systemd perl qos tproxy +htcp valgrind +wccp +wccpv2"
RESTRICT="!test? ( test )"
REQUIRED_USE="tproxy? ( caps ) qos? ( caps ) ssl-crtd? ( ssl )"

DEPEND="
acct-group/squid
acct-user/squid
dev-libs/libltdl
sys-libs/tdb
virtual/libcrypt:=
caps? ( >=sys-libs/libcap-2.16 )
ecap? ( net-libs/libecap:1 )
esi? (
dev-libs/expat
dev-libs/libxml2
)
ldap? ( net-nds/openldap:= )
gnutls? ( >=net-libs/gnutls-3.1.5:= )
logrotate? ( app-admin/logrotate )
nis? (
net-libs/libtirpc:=
net-libs/libnsl:=
)
kerberos? ( virtual/krb5 )
pam? ( sys-libs/pam )
qos? ( net-libs/libnetfilter_conntrack )
ssl? (
dev-libs/nettle:=
!gnutls? (
dev-libs/openssl:=
)
)
sasl? ( dev-libs/cyrus-sasl )
systemd? ( sys-apps/systemd:= )
"
RDEPEND="
${DEPEND}
mysql? ( dev-perl/DBD-mysql )
postgres? ( dev-perl/DBD-Pg )
perl? ( dev-lang/perl )
samba? ( net-fs/samba )
selinux? ( sec-policy/selinux-squid )
sqlite? ( dev-perl/DBD-SQLite )
"
DEPEND+=" valgrind? ( dev-debug/valgrind )"
BDEPEND="
dev-lang/perl
ecap? ( virtual/pkgconfig )
test? ( dev-util/cppunit )
verify-sig? ( sec-keys/openpgp-keys-squid )
"

PATCHES=(
"${FILESDIR}"/${PN}-6.2-gentoo.patch
"${FILESDIR}"/${PN}-4.17-use-system-libltdl.patch
"${FILESDIR}"/${PN}-6.4-gcc14-algorithm.patch
)

pkg_pretend() {
if use tproxy; then
local CONFIG_CHECK="~NF_CONNTRACK ~NETFILTER_XT_MATCH_SOCKET ~NETFILTER_XT_TARGET_TPROXY"
linux-info_pkg_setup
fi
}

src_prepare() {
default

# Fixup various paths
sed -i -e 's:/usr/local/squid/etc:/etc/squid:' \
INSTALL QUICKSTART \
scripts/fileno-to-pathname.pl \
scripts/check_cache.pl \
tools/cachemgr.cgi.8 \
tools/purge/conffile.hh \
tools/purge/purge.1 || die
sed -i -e 's:/usr/local/squid/sbin:/usr/sbin:' \
INSTALL QUICKSTART || die
sed -i -e 's:/usr/local/squid/var/cache:/var/cache/squid:' \
QUICKSTART || die
sed -i -e 's:/usr/local/squid/var/logs:/var/log/squid:' \
QUICKSTART \
src/log/access_log.cc || die
sed -i -e 's:/usr/local/squid/logs:/var/log/squid:' \
src/log/access_log.cc || die
sed -i -e 's:/usr/local/squid/libexec:/usr/libexec/squid:' \
src/acl/external/unix_group/ext_unix_group_acl.8 \
src/acl/external/session/ext_session_acl.8 || die
sed -i -e 's:/usr/local/squid/cache:/var/cache/squid:' \
scripts/check_cache.pl || die
# /var/run/squid to /run/squid
sed -i -e 's:$(localstatedir)::' \
src/ipc/Makefile.am || die
sed -i 's:/var/run/:/run/:g' tools/systemd/squid.service || die

sed -i -e 's:_LTDL_SETUP:LTDL_INIT([installable]):' \
libltdl/configure.ac || die

eautoreconf
}

src_configure() {
local myeconfargs=(
--cache-file="${S}"/config.cache

--datadir=/usr/share/squid
--libexecdir=/usr/libexec/squid
--localstatedir=/var
--sysconfdir=/etc/squid
--with-default-user=squid
--with-logdir=/var/log/squid
--with-pidfile=/run/squid.pid

--enable-build-info="Gentoo ${PF} (r: ${r:-NONE})"
--enable-log-daemon-helpers
--enable-url-rewrite-helpers
--enable-cache-digests
--enable-delay-pools
--enable-disk-io
--enable-eui
--enable-icmp
--enable-ipv6
--enable-follow-x-forwarded-for
--enable-removal-policies="lru,heap"
--disable-strict-error-checking
--disable-arch-native

--with-large-files
--with-build-environment=default

--with-tdb

--without-included-ltdl
--with-ltdl-include="${ESYSROOT}"/usr/include
--with-ltdl-lib="${ESYSROOT}"/usr/$(get_libdir)

$(use_with caps cap)
$(use_enable snmp)
$(use_with ssl openssl)
$(use_with ssl nettle)
$(use_with gnutls)
$(use_with ldap)
$(use_enable ssl-crtd)
$(use_with systemd)
$(use_with test cppunit)
$(use_enable ecap)
$(use_enable esi)
$(use_enable esi expat)
$(use_enable esi xml2)
$(use_enable htcp)
$(use_with valgrind valgrind-debug)
$(use_enable wccp)
$(use_enable wccpv2)
)

# Basic modules
local basic_modules=(
NCSA
POP3
getpwnam

$(usev samba 'SMB')
$(usev ldap 'SMB_LM LDAP')
$(usev pam 'PAM')
$(usev sasl 'SASL')
$(usev nis 'NIS')
$(usev radius 'RADIUS')
)

use nis && append-cppflags "-I${ESYSROOT}/usr/include/tirpc"

if use mysql || use postgres || use sqlite; then
basic_modules+=( DB )
fi

# Digests
local digest_modules=(
file

$(usev ldap 'LDAP eDirectory')
)

# Kerberos
local negotiate_modules=( none )

myeconfargs+=( --without-mit-krb5 --without-heimdal-krb5 )

if use kerberos; then
# We intentionally overwrite negotiate_modules here to lose
# the 'none'.
negotiate_modules=( kerberos wrapper )

if has_version app-crypt/heimdal; then
myeconfargs+=(
--without-mit-krb5
--with-heimdal-krb5
)
else
myeconfargs+=(
--with-mit-krb5
--without-heimdal-krb5
)
fi
fi

# NTLM modules
local ntlm_modules=( none )

if use samba ; then
# We intentionally overwrite ntlm_modules here to lose
# the 'none'.
ntlm_modules=( SMB_LM )
fi

# External helpers
local ext_helpers=(
file_userip
session
unix_group
delayer
time_quota

$(usev samba 'wbinfo_group')
$(usev ldap 'LDAP_group eDirectory_userip')
)

use ldap && use kerberos && ext_helpers+=( kerberos_ldap_group )
if use mysql || use postgres || use sqlite; then
ext_helpers+=( SQL_session )
fi

# Storage modules
local storeio_modules=(
aufs
diskd
rock
ufs
)

#
local transparent
if use kernel_linux; then
myeconfargs+=(
--enable-linux-netfilter
$(usev qos '--enable-zph-qos --with-netfilter-conntrack')
)
fi

tc-export_build_env BUILD_CXX
export BUILDCXX="${BUILD_CXX}"
export BUILDCXXFLAGS="${BUILD_CXXFLAGS}"
tc-export CC AR

# Should be able to drop this workaround with newer versions.
# https://bugs.squid-cache.org/show_bug.cgi?id=4224
tc-is-cross-compiler && export squid_cv_gnu_atomics=no

# Bug #719662
append-atomic-flags

print_options_without_comma() {
# IFS as ',' will cut off any trailing commas
(
IFS=','
options=( $(printf "%s," "${@}") )
echo "${options[*]}"
)
}

myeconfargs+=(
--enable-storeio=$(print_options_without_comma "${storeio_modules[@]}")
--enable-auth-basic=$(print_options_without_comma "${basic_modules[@]}")
--enable-auth-digest=$(print_options_without_comma "${digest_modules[@]}")
--enable-auth-ntlm=$(print_options_without_comma "${ntlm_modules[@]}")
--enable-auth-negotiate=$(print_options_without_comma "${negotiate_modules[@]}")
--enable-external-acl-helpers=$(print_options_without_comma "${ext_helpers[@]}")
)

econf "${myeconfargs[@]}"
}

src_install() {
default

systemd_dounit tools/systemd/squid.service

# Need suid root for looking into /etc/shadow
fowners root:squid /usr/libexec/squid/basic_ncsa_auth
fperms 4750 /usr/libexec/squid/basic_ncsa_auth

if use pam; then
fowners root:squid /usr/libexec/squid/basic_pam_auth
fperms 4750 /usr/libexec/squid/basic_pam_auth
fi

# Pinger needs suid as well
fowners root:squid /usr/libexec/squid/pinger
fperms 4750 /usr/libexec/squid/pinger

# These scripts depend on perl
if ! use perl; then
local perl_scripts=(
basic_pop3_auth ext_delayer_acl helper-mux
log_db_daemon security_fake_certverify
storeid_file_rewrite url_lfs_rewrite
)

local script
for script in "${perl_scripts[@]}"; do
rm "${ED}"/usr/libexec/squid/${script} || die
done
fi

# Cleanup
rm -r "${D}"/run "${D}"/var/cache || die

dodoc CONTRIBUTORS CREDITS ChangeLog INSTALL QUICKSTART README SPONSORS doc/*.txt
newdoc src/auth/negotiate/kerberos/README README.kerberos
newdoc src/auth/basic/RADIUS/README README.RADIUS
newdoc src/acl/external/kerberos_ldap_group/README README.kerberos_ldap_group
dodoc RELEASENOTES.html

if use pam; then
newpamd "${FILESDIR}"/squid.pam squid
fi

newconfd "${FILESDIR}"/squid.confd-r2 squid
newinitd "${FILESDIR}"/squid.initd-r6 squid

if use logrotate ; then
insinto /etc/logrotate.d
newins "${FILESDIR}"/squid.logrotate squid
else
exeinto /etc/cron.weekly
newexe "${FILESDIR}"/squid.cron squid.cron
fi

diropts -m0750 -o squid -g squid
keepdir /var/log/squid /etc/ssl/squid /var/lib/squid

# Hack for bug #834503 (see also bug #664940)
# Please keep this for a few years until it's no longer plausible
# someone is upgrading from < squid 5.7.
mv "${ED}"/usr/share/squid/errors{,.new} || die
}

pkg_preinst() {
# Remove file in EROOT that the directory collides with.
rm -rf "${EROOT}"/usr/share/squid/errors || die

# Following the collision protection check, reverse
# src_install's rename in ED.
mv "${ED}"/usr/share/squid/errors{.new,} || die
}

pkg_postinst() {
elog "A good starting point to debug Squid issues is to use 'squidclient mgr:' commands such as 'squidclient mgr:info'."

if [[ ${#r} -gt 0 ]]; then
elog "You are using a release with the official ${r} patch! Make sure you mention that, or send the output of 'squidclient mgr:info' when asking for support."
fi
}