New port: www/ufdbguard: squidGuard fork compatible with newer squid versions

ufdbGuard is a URL filter for the Squid web proxy. Besides blocking access from PCs and smartphones to undesired websites, ufdbGuard has safety features to make browsing safer and to block remote access. ufdbGuard supports configuration of groups with different web access policies, SafeSearch enforcement, SSH tunnel detection, safer HTTPS traffic, time-based access rules and much more. WWW: https://www.urlfilterdb.com/ PR: 212044 Submitted by: Pavel Timofeev <timp87@gmail.com>
author: pi <pi@FreeBSD.org> 2016-08-24 12:09:45 +0800
committer: pi <pi@FreeBSD.org> 2016-08-24 12:09:45 +0800
commit: 131c08482ac15862db2007f5e8005d64b3d279f3 (patch)
tree: bbbe77a26c24d90b94548136f59d2782a48bd61e
parent: 3271d2a166072b52322524c18af08fbf42e8313b (diff)
download: freebsd-ports-gnome-131c08482ac15862db2007f5e8005d64b3d279f3.tar.gz
freebsd-ports-gnome-131c08482ac15862db2007f5e8005d64b3d279f3.tar.zst
freebsd-ports-gnome-131c08482ac15862db2007f5e8005d64b3d279f3.zip
13 files changed, 363 insertions, 2 deletions
diff --git a/GIDs b/GIDs
index e64fd97f5888..a65ad0df8688 100644
--- a/GIDs
+++ b/GIDs
@@ -839,7 +839,7 @@ graylog:*:848:
 # free: 895
 # free: 896
 # free: 897
-# free: 898
+ufdb:*:898:
 guacamole:*:899:
 seafile:*:900:
 fossy:*:901:www
diff --git a/UIDs b/UIDs
index db2e945036ca..7ed27d14d332 100644
--- a/UIDs
+++ b/UIDs
@@ -844,7 +844,7 @@ graylog:*:848:848::0:0:Graylog user:/nonexistent:/usr/sbin/nologin
 # free: 895
 # free: 896
 # free: 897
-# free: 898
+ufdb:*:898:898::0:0:ufdb user:/nonexistent:/usr/sbin/nologin
 guacamole:*:899:899::0:0:Guacamole user:/nonexistent:/usr/sbin/nologin
 seafile:*:900:900::0:0:Seafile user:/nonexistent:/usr/bin/nologin
 fossy:*:901:901::0:0:FOSSology user:/usr/local/share/fossology:/usr/local/bin/bash
diff --git a/www/Makefile b/www/Makefile
index b234ff930917..4a476cf50792 100644
--- a/www/Makefile
+++ b/www/Makefile
@@ -2245,6 +2245,7 @@
     SUBDIR += typo3-lts
     SUBDIR += uchiwa
     SUBDIR += udmsearch
+    SUBDIR += ufdbguard
     SUBDIR += uglifyjs
     SUBDIR += usermanager
     SUBDIR += uwsgi
diff --git a/www/ufdbguard/Makefile b/www/ufdbguard/Makefile
new file mode 100644
index 000000000000..b59251e6171d
--- /dev/null
+++ b/www/ufdbguard/Makefile
@@ -0,0 +1,76 @@
+# Created by: Pavel Timofeev <timp87@gmail.com>
+# $FreeBSD$
+
+PORTNAME=	ufdbGuard
+PORTVERSION=	1.31
+DISTVERSIONSUFFIX=	-16
+CATEGORIES=	www
+MASTER_SITES=	SF/ufdbguard/${PORTVERSION}
+
+MAINTAINER=	timp87@gmail.com
+COMMENT=	URL filter for the Squid web proxy
+
+LICENSE=	GPLv2
+LICENSE_FILE=	${WRKSRC}/COPYING
+
+WRKSRC=		${WRKDIR}/${PORTNAME}-${PORTVERSION}
+
+USES=		perl5 shebangfix ssl
+SHEBANG_FILES=	samples/URLblocked.cgi src/ufdb_analyse_urls.pl \
+		src/ufdb_top_urls.pl src/ufdb_analyse_users.pl \
+		src/ufdb_top_users.pl
+GNU_CONFIGURE=	yes
+USE_RC_SUBR=	ufdbguardd
+
+USERS=		ufdb
+GROUPS=		${USERS}
+
+RUNDIR=		/var/run/${PORTNAME}
+DBDIR=		/var/db/${PORTNAME}
+LOGDIR=		/var/log/${PORTNAME}
+
+PLIST_SUB=	USERS=${USERS} \
+		GROUPS=${GROUPS} \
+		RUNDIR=${RUNDIR} \
+		DBDIR=${DBDIR} \
+		LOGDIR=${LOGDIR}
+
+SUB_LIST=	PORTNAME=${PORTNAME} \
+		USERS=${USERS} \
+		RUNDIR=${RUNDIR} \
+		DBDIR=${DBDIR}
+
+SUB_FILES=	pkg-message
+
+CONFIGURE_ARGS=	--with-ssl=${OPENSSLBASE} \
+		--with-ssl-lib=${OPENSSLLIB} \
+		--with-ssl-inc=${OPENSSLINC} \
+		--with-bz2=/usr \
+		--with-bz2-lib=/usr/lib \
+		--with-bz2-inc=/usr/include \
+		--with-ufdb-user=root \
+		--with-ufdb-mandir=${MANPREFIX}/man \
+		--with-ufdb-logdir=${LOGDIR} \
+		--with-ufdb-piddir=${RUNDIR} \
+		--with-ufdb-samplesdir=${EXAMPLESDIR} \
+		--with-ufdb-config=${ETCDIR} \
+		--with-ufdb-dbhome=${DBDIR} \
+		--with-ufdb-images_dir=${EXAMPLESDIR}/images
+
+OPTIONS_DEFINE=	UNIXSOCKETS
+OPTIONS_DEFAULT=	UNIXSOCKETS
+
+UNIXSOCKETS_CONFIGURE_ON=	--with-unix-sockets
+UNIXSOCKETS_CONFIGURE_OFF=	--without-unix-sockets
+
+UNIXSOCKETS_DESC=	Unix sockets support
+
+post-install:
+	${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/ufdbguardd \
+		${STAGEDIR}${PREFIX}/bin/ufdbgclient \
+		${STAGEDIR}${PREFIX}/bin/ufdbsignal \
+		${STAGEDIR}${PREFIX}/bin/ufdbGenTable \
+		${STAGEDIR}${PREFIX}/bin/ufdbAnalyse \
+		${STAGEDIR}${PREFIX}/bin/ufdbhttpd
+
+.include <bsd.port.mk>
diff --git a/www/ufdbguard/distinfo b/www/ufdbguard/distinfo
new file mode 100644
index 000000000000..7c1200942392
--- /dev/null
+++ b/www/ufdbguard/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1472011754
+SHA256 (ufdbGuard-1.31-16.tar.gz) = 98f491a19a806760374bf2e8441a1cd6a5fb38d168d7ffd576faa81c86db2c83
+SIZE (ufdbGuard-1.31-16.tar.gz) = 1916237
diff --git a/www/ufdbguard/files/patch-src_Makefile.in b/www/ufdbguard/files/patch-src_Makefile.in
new file mode 100644
index 000000000000..ed8cf24b26a8
--- /dev/null
+++ b/www/ufdbguard/files/patch-src_Makefile.in
@@ -0,0 +1,24 @@
+--- src/Makefile.in.orig	2016-02-18 17:47:07 UTC
++++ src/Makefile.in
+@@ -210,7 +210,7 @@ install.bin: ufdbGenTable ufdbAnalyse uf
+ 	$(INSTALL_PROGRAM) ufdb_top_urls.pl $(DESTDIR)$(bindir)/ufdb_top_urls
+ 	$(INSTALL_PROGRAM) ufdb_top_users.pl $(DESTDIR)$(bindir)/ufdb_top_users
+ 	@if [ -f ufdbpeek ] ; then $(INSTALL_PROGRAM) ufdbpeek $(DESTDIR)$(bindir)/ufdbpeek ; fi
+-	@if [ -f $(DESTDIR)$(cfgdir)/ufdbGuard.conf ] ; then echo "$(DESTDIR)$(cfgdir)/ufdbGuard.conf already exists." ; else $(INSTALL_DATA) ufdbGuard.conf $(DESTDIR)$(cfgdir)/ufdbGuard.conf ; fi
++	@if [ -f $(DESTDIR)$(cfgdir)/ufdbGuard.conf ] ; then echo "$(DESTDIR)$(cfgdir)/ufdbGuard.conf already exists." ; else $(INSTALL_DATA) ufdbGuard.conf $(DESTDIR)$(cfgdir)/ufdbGuard.conf.sample ; fi
+ 
+ install.pid::
+ 	if [ $(piddir) != /var/tmp ] ; then $(INSTALL) -d $(DESTDIR)$(piddir) ; fi
+@@ -221,10 +221,10 @@ install.update::
+ 
+ install.security::
+ 	echo "Installing SSL root certificates"
+-	$(INSTALL_DATA) security/cacerts  $(DESTDIR)$(dbhome)/security/cacerts
++	$(INSTALL_DATA) security/cacerts  $(DESTDIR)$(dbhome)/security/cacerts.sample
+ 
+ install.etc::
+-	sh ./install_etcfiles.sh $(DESTDIR)$(cfgdir) $(DESTDIR)$(bindir) $(DESTDIR)$(syscfgfile)
++	sh ./install_etcfiles.sh $(DESTDIR)$(cfgdir) $(DESTDIR)$(bindir)
+ 
+ install.webmin::
+ 	@echo
diff --git a/www/ufdbguard/files/patch-src_check__config__file b/www/ufdbguard/files/patch-src_check__config__file
new file mode 100644
index 000000000000..cc0736b41daf
--- /dev/null
+++ b/www/ufdbguard/files/patch-src_check__config__file
@@ -0,0 +1,27 @@
+--- src/check_config_file.orig	2015-06-09 01:03:38 UTC
++++ src/check_config_file
+@@ -32,16 +32,6 @@ then
+    exit 1
+ fi
+ 
+-if [ ! -f $CONFIG.pre-v1.31 ]
+-then
+-   cp $CONFIG $CONFIG.pre-v1.31
+-   if [ ! -f $CONFIG.pre-v1.31 ]
+-   then
+-      echo "cannot copy configuration file to $CONFIG.pre-v1.31"
+-      exit 1
+-   fi
+-fi
+-
+ if [ ! -w $CONFIG ]
+ then
+    chmod u+w $CONFIG
+@@ -301,7 +291,6 @@ then
+    echo "It is recommended to verify all ACLs for the inclusion of these URL categories *****"
+ fi
+ 
+-echo "The original configuration file is saved in $CONFIG.pre-v1.31"
+ echo
+ 
+ exit 0
diff --git a/www/ufdbguard/files/patch-src_install__etcfiles.sh.in b/www/ufdbguard/files/patch-src_install__etcfiles.sh.in
new file mode 100644
index 000000000000..27524ccced7e
--- /dev/null
+++ b/www/ufdbguard/files/patch-src_install__etcfiles.sh.in
@@ -0,0 +1,44 @@
+--- src/install_etcfiles.sh.in.orig	2015-06-09 01:25:36 UTC
++++ src/install_etcfiles.sh.in
+@@ -25,15 +25,6 @@ then
+    DESTDIR=${RPM_BUILD_ROOT:-}
+ fi
+ 
+-if [ "$ID" != root  -a  $PKGNAME != ufdbGuard ]
+-then
+-   echo
+-   echo "***  You must be root but you appear to be $ID. ***"
+-   echo "The ufdb startup script cannot be installed..."
+-   echo
+-   exit 1
+-fi
+-
+ CFGDIR="$1"
+ if [ ! -d "$CFGDIR" ]
+ then
+@@ -335,10 +326,8 @@ fix_piddir_permissions () {
+ 
+ 
+ case $OS in
+-   freebsd)        install_freebsd ;;
+    solaris_smf)    install_solaris_smf ;;
+    linux_systemd)  install_linux_systemd ;;
+-   *) 		   install_unix ;;
+ esac
+ 
+ 
+@@ -355,14 +344,3 @@ fi
+ # TODO: copy parameters from ufdbUpdate to $SYSCFGFILE ************************************************************ 
+ 
+ fix_piddir_permissions
+-
+-SERVICE=`grep -E -e ufdbguardd /etc/services`
+-if [ "$SERVICE" = "" ]
+-then
+-   (
+-      echo ""
+-      echo "# for URLfilterDB daemon : "
+-      echo "ufdbguardd      3977/tcp"
+-   ) >> /etc/services
+-fi
+-
diff --git a/www/ufdbguard/files/patch-src_ufdbGuard.conf.in b/www/ufdbguard/files/patch-src_ufdbGuard.conf.in
new file mode 100644
index 000000000000..5109c965c644
--- /dev/null
+++ b/www/ufdbguard/files/patch-src_ufdbGuard.conf.in
@@ -0,0 +1,11 @@
+--- src/ufdbGuard.conf.in.orig	2016-02-22 21:37:07 UTC
++++ src/ufdbGuard.conf.in
+@@ -28,7 +28,7 @@ logall off
+ # communicates with Squid using the version-dependent protocol.
+ # valid version numbers are: 2.6, 2.7, 3.0, 3.1, 3.2, 3.3, 3.4 and 3.5
+ ## EDIT THE NEXT LINE FOR LOCAL CONFIGURATION:
+-squid-version "3.3"
++squid-version "3.5"
+ 
+ # When a URL database is reloaded/updated, it is not possible to 
+ # perform URL lookups.  The next parameters defines what to respond
diff --git a/www/ufdbguard/files/pkg-message.in b/www/ufdbguard/files/pkg-message.in
new file mode 100644
index 000000000000..320b7caf9083
--- /dev/null
+++ b/www/ufdbguard/files/pkg-message.in
@@ -0,0 +1,13 @@
+Please, note the following statements about %%PORTNAME%% port:
+
+    o it's decided during compilation if ufdbguardd will work through Unix
+      or TCP socket. It's set to Unix socket by default and if you want it
+      to work via TCP socket unset UNIXSOCKETS port option and rebuild it.
+
+    o ufdbUpdate script is left in non-working state for now.
+      The only purpose of this script is to download URLfilterDB updates
+      using paid subscription and to run it by cron. The script implies on
+      sysconfig configuration file which is usuall only for linux systems.
+      To make ufdbUpdate work it should be significantly rewritten for
+      non-linux systems. It's not worth it due to the fact ufdbUpdate can
+      be replaced by much more simple script written by local administator.
diff --git a/www/ufdbguard/files/ufdbguardd.in b/www/ufdbguard/files/ufdbguardd.in
new file mode 100644
index 000000000000..210bf9915e85
--- /dev/null
+++ b/www/ufdbguard/files/ufdbguardd.in
@@ -0,0 +1,106 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# PROVIDE: ufdbguardd
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+#
+
+# You can activate this daemon and set its options in any of the following files:
+# /etc/rc.conf
+# /etc/rc.conf.local
+# /etc/rc.conf.d/ufdbguardd
+# /etc/rc.conf.d/ufdbguardd/${anyfile}
+# ${local_startup}/rc.conf.d/ufdbguardd
+# ${local_startup}/rc.conf.d/ufdbguardd/${anyfile}
+#
+# Note: ${local_startup} is usually /usr/local/etc
+#
+# Variables you can define in one of these files:
+# ufdbguardd_enable (str):	Activates the daemon.
+#				Default: NO
+# ufdbguardd_flags (str):	Additional flags passed to the daemon as cmd args.
+#				Default: none
+# ufdbguardd_conf (str):	The configuration file that ufdbguardd should use.
+#				Default: %%ETCDIR%%/ufdbGuard.conf
+# ufdbguardd_user (str):	The user that should be used to run the ufdbguardd.
+#				Default: %%USERS%%
+# ufdbguardd_dbdir (str):	The dir where ufdbguardd gets URL filter databases.
+#				Default: %%DBDIR%%
+
+. /etc/rc.subr
+
+name=ufdbguardd
+rcvar=ufdbguardd_enable
+
+command="%%PREFIX%%/bin/${name}"
+
+extra_commands="configtest monitor reload rotatelog"
+configtest_cmd=ufdbguardd_configtest
+rotatelog_cmd=ufdbguardd_rotatelog
+monitor_cmd=ufdbguardd_monitor
+reload_precmd=ufdbguardd_configtest
+restart_precmd=ufdbguardd_configtest
+start_precmd=ufdbguardd_prestart
+
+ufdbguardd_load_rc_config()
+{
+	: ${ufdbguardd_dbdir:=%%DBDIR%%}
+	: ${ufdbguardd_conf:=%%ETCDIR%%/ufdbGuard.conf}
+	: ${ufdbguardd_enable:=NO}
+	: ${ufdbguardd_user:=%%USERS%%}
+
+	ufdbguardd_unixsocket="/tmp/ufdbguardd-[0-9]*"
+
+	required_dirs="$ufdbguardd_dbdir %%RUNDIR%%"
+	required_files="$ufdbguardd_conf"
+	pidfile="%%RUNDIR%%/${name}.pid"
+	command_args="-c $ufdbguardd_conf -U $ufdbguardd_user"
+}
+
+ufdbguardd_configtest()
+{
+	echo "Performing sanity check on $name configuration."
+	if $command $command_args -C verify; then
+	echo "Configuration for $name passes."
+		return 0
+	else
+		return $?
+	fi
+}
+
+ufdbguardd_checksocket()
+{
+	echo "Checking if $name unix socket exists."
+	if test -e $ufdbguardd_unixsocket; then
+		echo "Unix socket $ufdbguardd_unixsocket exists. Probably stale file after abnormal shutdown. Removing it."
+		rm -f $ufdbguardd_unixsocket
+	fi
+}
+
+ufdbguardd_prestart()
+{
+	ufdbguardd_configtest && \
+	ufdbguardd_checksocket
+}
+
+ufdbguardd_rotatelog()
+{
+	echo "Rotating $name logfiles."
+	sig_reload=USR1
+	unset reload_precmd
+	run_rc_command "reload"
+}
+
+ufdbguardd_monitor()
+{
+	echo "Invoking monitor command for $name."
+	sig_reload=USR2
+	unset reload_precmd
+	run_rc_command "reload"
+}
+
+load_rc_config $name
+ufdbguardd_load_rc_config
+run_rc_command "$1"
diff --git a/www/ufdbguard/pkg-descr b/www/ufdbguard/pkg-descr
new file mode 100644
index 000000000000..11e6ba6fb9ea
--- /dev/null
+++ b/www/ufdbguard/pkg-descr
@@ -0,0 +1,8 @@
+ufdbGuard is a URL filter for the Squid web proxy. Besides blocking
+access from PCs and smartphones to undesired websites, ufdbGuard
+has safety features to make browsing safer and to block remote
+access. ufdbGuard supports configuration of groups with different
+web access policies, SafeSearch enforcement, SSH tunnel detection,
+safer HTTPS traffic, time-based access rules and much more.
+
+WWW: https://www.urlfilterdb.com/
diff --git a/www/ufdbguard/pkg-plist b/www/ufdbguard/pkg-plist
new file mode 100644
index 000000000000..294c2cc842a1
--- /dev/null
+++ b/www/ufdbguard/pkg-plist
@@ -0,0 +1,48 @@
+bin/ufdb-pstack
+bin/ufdbAnalyse
+bin/ufdbConvertDB
+bin/ufdbGenTable
+bin/ufdbUpdate
+bin/ufdb_analyse_urls
+bin/ufdb_analyse_users
+bin/ufdb_top_urls
+bin/ufdb_top_users
+bin/ufdbgclient
+bin/ufdbguardd
+bin/ufdbhttpd
+bin/ufdbsignal
+@sample %%ETCDIR%%/ufdbGuard.conf.sample
+man/man1/ufdb_analyse_urls.1.gz
+man/man1/ufdb_analyse_users.1.gz
+man/man1/ufdb_top_urls.1.gz
+man/man1/ufdb_top_users.1.gz
+man/man8/ufdbgclient.8.gz
+man/man8/ufdbguardd.8.gz
+man/man8/ufdbhttpd.8.gz
+man/man8/ufdbupdate.8.gz
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/URLblocked.cgi
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/execdomainlist.sh
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/execuserlist.sh
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/images/default.flv
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/images/default.mp3
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/images/default.mpeg
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/images/default.wmv
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/images/forbidden-normal-de.png
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/images/forbidden-normal-en.png
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/images/forbidden-normal-es.png
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/images/forbidden-normal-fr.png
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/images/forbidden-normal-it.png
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/images/forbidden-normal-nl.png
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/images/forbidden-normal-pl.png
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/images/forbidden-normal-pt.png
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/images/forbidden-normal-sv.png
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/images/forbidden-normal-tr.png
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/images/no-ads.png
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/images/smallcross.png
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/images/square.png
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/images/transparent.png
+@sample %%DBDIR%%/security/cacerts.sample
+@dir(%%USERS%%,%%GROUPS%%,750) %%DBDIR%%/security
+@dir(%%USERS%%,%%GROUPS%%,750) %%DBDIR%%
+@dir(%%USERS%%,%%GROUPS%%,750) %%LOGDIR%%
+@dir(%%USERS%%,%%GROUPS%%,750) %%RUNDIR%%
author	pi <pi@FreeBSD.org>	2016-08-24 12:09:45 +0800
committer	pi <pi@FreeBSD.org>	2016-08-24 12:09:45 +0800
commit	131c08482ac15862db2007f5e8005d64b3d279f3 (patch)
tree	bbbe77a26c24d90b94548136f59d2782a48bd61e
parent	3271d2a166072b52322524c18af08fbf42e8313b (diff)
download	freebsd-ports-gnome-131c08482ac15862db2007f5e8005d64b3d279f3.tar.gz freebsd-ports-gnome-131c08482ac15862db2007f5e8005d64b3d279f3.tar.zst freebsd-ports-gnome-131c08482ac15862db2007f5e8005d64b3d279f3.zip