SQUID 3 to SQUID 4 migration

[AndyX90]

Important notices
Before you add a new report, we ask you kindly to acknowledge the following:

[x] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md

[x] I have searched the existing issues and I'm convinced that mine is new.

Describe the bug
After updating from 19.1.10 to 19.7, the Squid service would not automatically start.
The Cache-Clear Button was not enough.
I noticed the following in Access log:

FATAL: certgen -s /var/squid/ssl_crtd -M 8MB helpers are crashing too rapidly, need help!

After that i had to manually do "/usr/local/libexec/squid/security_file_certgen -c -s /var/squid/ssl_crtd -M 8MB".

Initialization SSL db...
Done

Now it works.
To Reproduce
Steps to reproduce the behavior:

1. Upgrade from 19.1.10 to 19.7 with enabled Webproxy
2. press the Clear-Cache Button on the Webproxy Support Tab
3. Notice that Squid will not run.

Expected behavior
After pressing the Clear-Cache Button on the Webproxy Page, it should initialize the db by itself and start properly.

Environment
OPNsense 19.7 (amd64, OpenSSL).
Intel® Xeon™ E3-1225V5 3.3Ghz Quad Core
Network Intel® I210-AT
(DEC-4630)

[AdSchellevis]

What happens if you remove /var/squid/ssl_crtd now and restart?
The odd thing is, when it's not there the usual startup should create it

core/src/opnsense/scripts/proxy/setup.sh

Lines 28 to 36 in 75444ea

	# create ssl certificate store, in case sslbump is enabled we need this
	if [ ! -d /var/squid/ssl_crtd ]; then
	/usr/local/libexec/squid/ssl_crtd -c -s /var/squid/ssl_crtd > /dev/null 2>&1
	chown -R squid:squid /var/squid/ssl_crtd
	chmod -R 750 /var/squid/ssl_crtd
	if [ -f /usr/local/etc/squid/ca.pem.id ]; then
	cat /usr/local/etc/squid/ca.pem.id > /var/squid/ssl_crtd.id
	fi
	fi

Our reset just flushes all, and expects the setup to re-create it, which in some cases doesn't seem to work.

core/src/opnsense/service/conf/actions.d/actions_proxy.conf

Lines 29 to 39 in cdaa275

	[reset]
	command:
	/usr/bin/killall -9 squid;
	rm /var/run/squid/squid.pid;
	rm -rf /var/squid/*;
	/usr/local/opnsense/scripts/proxy/setup.sh;
	/usr/local/sbin/pluginctl webproxy start;
	/usr/local/etc/rc.d/squid start
	parameters:
	type:script
	message:reset and restart proxy

If the original setup.sh has an issue in your setup, that might explain something, otherwise it seems very difficult to reproduce this consistently.

[AndyX90]

Okay,iIf I remove the Directory and restart Squid:

Jul 18 13:34:53 | (squid-1): FATAL: Received Segment Violation...dying.
Jul 18 13:34:53 | (squid-1): FATAL: The /usr/local/libexec/squid/security_file_certgen -s /var/squid/ssl_crtd -M 8MB helpers are crashing too rapidly, need help!

After pressing the Reset-Button in Webproxy:

Cache-Log:

(security_file_certgen): Uninitialized | SSL certificate database directory: /var/squid/ssl_crtd. To initialize, run "security_file_certgen -c -s /var/squid/ssl_crtd".

Access-Log:

Jul 18 13:37:42 | (squid-1): FATAL: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time.
Jul 18 13:37:40 | (squid-1): FATAL: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time.
Jul 18 13:37:39 | (squid-1): FATAL: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time.
Jul 18 13:37:38 | (squid-1): FATAL: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time.
Jul 18 13:37:36 | (squid-1): FATAL: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time.

[AdSchellevis]

it looks like we missed a rename here 981a718

ssl_crtd vs security_file_certgen

[AndyX90]

It works, thanks!

[AdSchellevis]

@AndyX90 thanks for testing and letting us know!