1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
|
# New ports collection makefile for: squid24
# Date created: Tue Mar 27 14:56:08 CEST 2001
# Whom: Adrian Chadd <adrian@FreeBSD.org>
#
# $FreeBSD$
#
# Tunables not (yet) configurable via 'make config':
# SQUID_{U,G}ID
# Which user/group squid should run as (default: squid/squid).
# The user and group will be created if they do not already exist using
# a uid:gid of 100:100.
# NOTE: before version 2.5.4_6, these settings defaulted to
# nobody/nogroup.
# If you wish to keep these settings, please define SQUID_UID=nobody and
# SQUID_GID=nogroup in your make environment before you start the update.
# NOTE2:
# Before version 2.5.4_11 the numerical id chosen for SQUID_UID (and
# SQUID_GID respectively) was the first free id greater than or equal 3128.
# If you wish to move your squid user to id 100:100, run "make changeuser",
# please see the changeuser target's definition for further information.
# SQUID_LANGUAGES
# A list of languages for which error page files should be installed
# (default: all)
#
# E.g. use `make SQUID_LANGUAGES="English French"' if you want to
# install the files for these languages only.
# Use `make -VSQUID_LANGUAGES' or scroll down to this variable's
# definition to see which values are valid.
#
# SQUID_DEFAULT_LANG
# If you define SQUID_LANGUAGES, select which language should be the default
# one (this variable defaults to English). This setting can be overwritten
# with squid.conf's error_directory directive.
#
# SQUID_CONFIGURE_ARGS
# Additional configuration options.
#
# To enable them, use e.g
# `make SQUID_CONFIGURE_ARGS="--enable-dlmalloc --enable-truncate" install'
#
# The list below may be incomplete, please see the configure script
# in the squid source distribution for the complete list of additional
# options.
# Note that you probably do not need to worry about these options in most
# cases, they are included in case you want to experiment with them.
#
# --enable-dlmalloc
# Compile and use the malloc package from Doug Lea
# --enable-gnuregex
# Compile and use the supplied GNUregex routines instead of BSD regex.
# --enable-xmalloc-statistics
# Show malloc statistics in status page
# --enable-time-hack
# Optimize time updates to one per second rather than calling gettimeofday()
# --enable-cachemgr-hostname=some.hostname
# Set an explicit hostname in cachemgr.cgi
# --enable-truncate
# Use truncate() rather than unlink()
# --disable-unlinkd
# Do not use "unlinkd"
# --with-aufs-threads=N_THREADS
# Tune the number of worker threads for the aufs object
# --with-coss-membuf-size
# COSS membuf size (default: 1048576 bytes)
# --with-maxfd=N
# Override the maximum number of filedescriptors. Useful if you
# build as another user who is not privileged to use the amount
# of filedescriptors the resulting binary is expected to support.
# --enable-ntlm-fail-open
# Enable NTLM fail open, where a helper that fails one of the
# Authentication steps can allow squid to still authenticate the user
#
PORTNAME= squid
PORTVERSION= 2.5.12
PORTREVISION= 3
CATEGORIES= www
MASTER_SITES= \
ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
ftp://ftp.unimelb.edu.au/pub/cwis/servers/unix/squid/%SUBDIR%/ \
ftp://sunsite.auc.dk/pub/infosystems/squid/%SUBDIR%/ \
ftp://ftp.mirrorservice.org/sites/ftp.squid-cache.org/pub/%SUBDIR%/ \
${MASTER_SITE_RINGSERVER:S,%SUBDIR%,net/www/squid/&,}
MASTER_SITE_SUBDIR= squid-2/STABLE
DISTNAME= squid-2.5.STABLE12
DIST_SUBDIR= squid2.5
PATCH_SITES= http://www.squid-cache.org/Versions/v2/2.5/bugs/
PATCHFILES= squid-2.5.STABLE12-SMB_BadFetch.patch
PATCH_DIST_STRIP= -p1
MAINTAINER= tmseck@netcologne.de
COMMENT= The successful WWW proxy cache and accelerator
CONFLICTS= squid-2.[^5]*
GNU_CONFIGURE= yes
USE_BZIP2= yes
USE_PERL5= yes
USE_REINPLACE= yes
SQUID_UID?= squid
SQUID_GID?= squid
MAN8= cachemgr.cgi.8 squid.8
docs= QUICKSTART README RELEASENOTES.html doc/debug-sections.txt
PORTDOCS= ${docs:T}
OPTIONS= SQUID_LDAP_AUTH "Install LDAP authentication helpers" off \
SQUID_DELAY_POOLS "Enable delay pools" off \
SQUID_SNMP "Enable SNMP support" off \
SQUID_CARP "Enable CARP support" off \
SQUID_SSL "Enable SSL support for reverse proxies" off \
SQUID_PINGER "Install the icmp helper" off \
SQUID_DNS_HELPER "Use the old 'dnsserver' helper" off \
SQUID_HTCP "Enable HTCP support" off \
SQUID_VIA_DB "Enable forward/via database" off \
SQUID_CACHE_DIGESTS "Enable cache digests" off \
SQUID_WCCP "Enable Web Cache Coordination Protocol" on \
SQUID_UNDERSCORES "Allow underscores in hostnames" on \
SQUID_CHECK_HOSTNAME "Do hostname checking" on \
SQUID_STRICT_HTTP "Be strictly HTTP compliant" off \
SQUID_IDENT "Enable ident (RFC 931) lookups" on \
SQUID_USERAGENT_LOG "Enable User-Agent-header logging" off \
SQUID_ARP_ACL "Enable ACLs based on ethernet address" off \
SQUID_PF "Enable transparent proxying with PF" off \
SQUID_IPFILTER "Enable transp. proxying with IPFilter" off \
SQUID_FOLLOW_XFF "Follow X-Forwarded-For headers" off \
SQUID_ICAP "Enable ICAP client functionality" off \
SQUID_AUFS "Enable the aufs storage scheme" off \
SQUID_COSS "Enable the COSS storage scheme" off \
SQUID_LARGEFILE "Support log and cache files >2GB" off \
SQUID_STACKTRACES "Create backtraces on fatal errors" off \
SQUID_RCNG "Install an rcNG startup script" on
etc_files= rc.d/squid.sh squid/cachemgr.conf.default \
squid/mib.txt squid/mime.conf.default \
squid/msntauth.conf.default squid/squid.conf.default
icon_files= anthony-binhex.gif anthony-bomb.gif anthony-box.gif \
anthony-box2.gif anthony-c.gif anthony-compressed.gif \
anthony-dir.gif anthony-dirup.gif anthony-dvi.gif \
anthony-f.gif anthony-image.gif anthony-image2.gif \
anthony-layout.gif anthony-link.gif anthony-movie.gif \
anthony-pdf.gif anthony-portal.gif anthony-ps.gif \
anthony-quill.gif anthony-script.gif anthony-sound.gif \
anthony-tar.gif anthony-tex.gif anthony-text.gif \
anthony-unknown.gif anthony-xbm.gif anthony-xpm.gif
error_files= ERR_ACCESS_DENIED ERR_CACHE_ACCESS_DENIED \
ERR_CACHE_MGR_ACCESS_DENIED ERR_CANNOT_FORWARD \
ERR_CONNECT_FAIL ERR_DNS_FAIL ERR_FORWARDING_DENIED \
ERR_FTP_DISABLED ERR_FTP_FAILURE ERR_FTP_FORBIDDEN \
ERR_FTP_NOT_FOUND ERR_FTP_PUT_CREATED \
ERR_FTP_PUT_ERROR ERR_FTP_PUT_MODIFIED ERR_FTP_UNAVAILABLE \
ERR_INVALID_REQ ERR_INVALID_RESP ERR_INVALID_URL \
ERR_LIFETIME_EXP ERR_NO_RELAY ERR_ONLY_IF_CACHED_MISS \
ERR_READ_ERROR ERR_READ_TIMEOUT ERR_SHUTTING_DOWN \
ERR_SOCKET_FAILURE ERR_TOO_BIG ERR_UNSUP_REQ \
ERR_URN_RESOLVE ERR_WRITE_ERROR ERR_ZERO_SIZE_OBJECT
libexec= cachemgr.cgi digest_pw_auth diskd ip_user_check \
msnt_auth ncsa_auth ntlm_auth \
pam_auth smb_auth smb_auth.sh squid_unix_group \
wb_auth wb_group wb_ntlmauth wbinfo_group.pl
.if !defined(SQUID_CONFIGURE_ARGS) || ${SQUID_CONFIGURE_ARGS:M*--disable-unlinkd*} == ""
libexec+= unlinkd
.endif
sbin= RunAccel RunCache squidclient squid
CONFIGURE_ARGS= --bindir=${PREFIX}/sbin --sysconfdir=${PREFIX}/etc/squid \
--datadir=${PREFIX}/etc/squid \
--libexecdir=${PREFIX}/libexec/squid \
--localstatedir=${PREFIX}/squid \
--enable-removal-policies="lru heap"
.include <bsd.port.pre.mk>
# Authentication methods and modules:
basic_auth= NCSA PAM MSNT SMB winbind
external_acl= ip_user unix_group wbinfo_group winbind_group
MAN8+= pam_auth.8 squid_unix_group.8
.if defined(WITH_SQUID_LDAP_AUTH)
USE_OPENLDAP= yes
CFLAGS+= -I${LOCALBASE}/include
LDFLAGS+= -L${LOCALBASE}/lib
MAN8+= squid_ldap_auth.8 squid_ldap_group.8
basic_auth+= LDAP
external_acl+= ldap_group
libexec+= squid_ldap_auth squid_ldap_group
.endif
.if !defined(NO_NIS)
basic_auth+= YP
libexec+= yp_auth
.endif
CONFIGURE_ARGS+= --enable-auth="basic ntlm digest" \
--enable-basic-auth-helpers="${basic_auth}" \
--enable-digest-auth-helpers="password" \
--enable-external-acl-helpers="${external_acl}" \
--enable-ntlm-auth-helpers="SMB winbind"
# Selection of storage schemes:
storage_schemes= ufs diskd null
.if defined(WITH_SQUID_AUFS)
storage_schemes+= aufs
# Nil aufs threads is default, set any other value via SQUID_CONFIGURE_ARGS
CONFIGURE_ARGS+= --enable-async-io \
--with-pthreads
CFLAGS+= ${PTHREAD_CFLAGS}
.endif
.if defined(WITH_SQUID_COSS)
storage_schemes+= coss
CONFIGURE_ARGS+= --with-aio
.endif
CONFIGURE_ARGS+= --enable-storeio="${storage_schemes}"
# Other options set via 'make config':
.if defined(WITH_SQUID_DELAY_POOLS)
CONFIGURE_ARGS+= --enable-delay-pools
.endif
.if defined(WITH_SQUID_SNMP)
CONFIGURE_ARGS+= --enable-snmp
.endif
.if defined(WITH_SQUID_CARP)
CONFIGURE_ARGS+= --enable-carp
.endif
.if defined(WITH_SQUID_SSL)
# we need to .include bsd.openssl.mk manually here because USE_OPENSSL only
# works when it is defined before bsd.port{.pre}.mk is .included and this is
# not possible when using OPTIONS
.include "${PORTSDIR}/Mk/bsd.openssl.mk"
CONFIGURE_ARGS+= --enable-ssl \
--with-openssl="${OPENSSLBASE}"
CFLAGS+= -I${OPENSSLINC}
LDFLAGS+= -I${LOCALBASE}/lib
.endif
.if defined(WITH_SQUID_PINGER)
CONFIGURE_ARGS+= --enable-icmp
libexec+= pinger
.endif
.if defined(WITH_SQUID_DNS_HELPER)
CONFIGURE_ARGS+= --disable-internal-dns
libexec+= dnsserver
.endif
.if defined(WITH_SQUID_HTCP)
CONFIGURE_ARGS+= --enable-htcp
.endif
.if defined(WITH_SQUID_VIA_DB)
CONFIGURE_ARGS+= --enable-forw-via-db
.endif
.if defined(WITH_SQUID_CACHE_DIGESTS)
CONFIGURE_ARGS+= --enable-cache-digests
.endif
.if defined(WITHOUT_SQUID_WCCP)
CONFIGURE_ARGS+= --disable-wccp
.endif
.if !defined(WITHOUT_SQUID_UNDERSCORES)
CONFIGURE_ARGS+= --enable-underscores
.endif
.if defined(WITHOUT_SQUID_CHECK_HOSTNAME)
CONFIGURE_ARGS+= --disable-hostname-checks
.endif
.if defined(WITH_SQUID_STRICT_HTTP)
CONFIGURE_ARGS+= --disable-http-violations
.endif
.if defined(WITHOUT_SQUID_IDENT)
CONFIGURE_ARGS+= --disable-ident-lookups
.endif
.if defined(WITH_SQUID_USERAGENT_LOG)
CONFIGURE_ARGS+= --enable-useragent-log
.endif
.if defined(WITH_SQUID_ARP_ACL)
CONFIGURE_ARGS+= --enable-arp-acl
.endif
.if defined(WITH_SQUID_PF)
CONFIGURE_ARGS+= --enable-pf-transparent
.if ${OSVERSION} < 502106
IGNORE= pf available only in FreeBSD 5.3 and newer
.endif
.endif
# IPFilter-headers are not installed on FreeBSD 4 since 4.7-RELEASE,
# they were not installed on FreeBSD 5 from 2002-03-26 (OSVERSION > 500032) to
# 2003-06-27 (OSVERSION < 501101).
#
# Please see PR misc/44148 and the CVS log of src/include/Makefile for further
# information.
.if defined(WITH_SQUID_IPFILTER)
.if (${OSVERSION} >= 470000 && ${OSVERSION} < 500000) || (${OSVERSION} > 500032 && ${OSVERSION} < 501101)
IGNORE= IPFilter headers are not part of the base system
.else
CONFIGURE_ARGS+= --enable-ipf-transparent
.endif
.endif
.if defined(WITH_SQUID_FOLLOW_XFF)
EXTRA_PATCHES+= ${PATCHDIR}/follow_xff-2.5.patch \
${PATCHDIR}/follow_xff-configure.patch
CONFIGURE_ARGS+= --enable-follow-x-forwarded-for
.endif
.if defined(WITH_SQUID_ICAP)
EXTRA_PATCHES+= ${PATCHDIR}/icap-2.5-core.patch \
${PATCHDIR}/icap-2.5-bootstrap.patch
CONFIGURE_ARGS+= --enable-icap-support
error_files+= ERR_ICAP_FAILURE
.endif
.if defined(WITH_SQUID_LARGEFILE)
CONFIGURE_ARGS+= --with-large-files --enable-large-cache-files
.endif
.if defined(WITH_SQUID_STACKTRACES)
CONFIGURE_ARGS+= --enable-stacktraces
CFLAGS+= -g
STRIP= ""
.endif
.if !defined(WITHOUT_SQUID_RCNG)
USE_RC_SUBR= yes
rc_del= rcold
rc_state= rcng
.else
rc_del= rcng
rc_state= rcold
.endif
# Languages:
#
# If you do not define SQUID_LANGUAGES yourself, all available language files
# will be installed; the default language will be English.
SQUID_LANGUAGES?= \
Bulgarian Catalan Czech Danish Dutch English Estonian Finnish \
French German Greek Hebrew Hungarian Italian Japanese Korean Lithuanian \
Polish Portuguese Romanian Russian-1251 Russian-koi8-r Serbian \
Simplify_Chinese Slovak Spanish Swedish Traditional_Chinese Turkish
SQUID_DEFAULT_LANG?= English
CONFIGURE_ARGS+= --enable-err-languages="${SQUID_LANGUAGES}" \
--enable-default-err-language=${SQUID_DEFAULT_LANG}
# Finally, add additional user specified configuration options:
CONFIGURE_ARGS+= ${SQUID_CONFIGURE_ARGS}
CONFIGURE_ENV+= CFLAGS="${CFLAGS}" \
LDFLAGS="${LDFLAGS}"
PLIST_DIRS= etc/squid/icons libexec/squid
PLIST_FILES= ${etc_files:S,^,etc/,} ${icon_files:S,^,etc/squid/icons/,} \
${libexec:S,^,libexec/squid/,} ${sbin:S,^,sbin/,}
.for d in ${SQUID_LANGUAGES}
PLIST_DIRS+= etc/squid/errors/${d}
PLIST_FILES+= ${error_files:S,^,etc/squid/errors/${d}/,}
.endfor
PLIST_DIRS+= etc/squid/errors etc/squid squid/logs squid/cache squid
post-patch:
@${REINPLACE_CMD} -e 's|-lpthread|${PTHREAD_LIBS}|g' ${WRKSRC}/configure
@${REINPLACE_CMD} -e 's|%%SQUID_UID%%|${SQUID_UID}|g' \
-e 's|%%SQUID_GID%%|${SQUID_GID}|g' ${WRKSRC}/src/cf.data.pre
@${REINPLACE_CMD} -e 's|%%LOCALBASE%%|${LOCALBASE}|g' \
${WRKSRC}/helpers/basic_auth/SMB/Makefile.in \
${WRKSRC}/helpers/basic_auth/SMB/smb_auth.sh
pre-install:
# Prevent installation of .orig files by deleting them.
@${FIND} ${WRKSRC} -name '*.bak' -delete
@${FIND} ${WRKSRC} -name '*.orig' -delete
# create the start script:
@${SED} -e 's|%%PREFIX%%|${PREFIX}|g' \
-e 's|%%SQUID_UID%%|${SQUID_UID}|g' \
-e 's|%%RC_SUBR%%|${RC_SUBR}|g' \
-e '/--begin ${rc_del}/,/--end ${rc_del}/d' \
-e '/--.*${rc_state}/d' ${FILESDIR}/squid.sh \
>${WRKDIR}/squid.sh
pre-su-install:
@${SETENV} ${SCRIPTS_ENV} PKG_PREFIX=${PREFIX} \
squid_user=${SQUID_UID} squid_group=${SQUID_GID} \
${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
post-install:
# Create cachemgr.conf.default manually since squid's install routine
# unfortunately fails to do so:
${INSTALL_DATA} ${WRKSRC}/src/cachemgr.conf \
${PREFIX}/etc/squid/cachemgr.conf.default
.if defined(WITH_SQUID_PINGER)
${CHMOD} 4510 ${PREFIX}/libexec/squid/pinger; \
${CHGRP} ${SQUID_GID} ${PREFIX}/libexec/squid/pinger
.endif
${INSTALL_SCRIPT} ${WRKDIR}/squid.sh ${PREFIX}/etc/rc.d/
.if !defined(NOPORTDOCS)
@${MKDIR} ${DOCSDIR}
cd ${WRKSRC} && ${INSTALL_DATA} ${docs} ${DOCSDIR}
.endif
@${SETENV} PKG_PREFIX=${PREFIX} \
${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
changeuser:
# Recover from the problem that earlier versions of this port created the
# squid pseudo-user with an id greater than 999 which is not allowed in
# FreeBSD's ports system. The port now uses id 100:100.
# NOTE:
# This target assumes that SQUID_GID is the primary group of SQUID_UID. If you
# have a different setup, do not run this target!
.if ${SQUID_UID:L} == nobody
@${ECHO_CMD} "'nobody' is a system user, you do not need to execute"; \
${ECHO_CMD} "this target!"
${FALSE}
.endif
@if [ `${ID} -u` -ne 0 ]; \
then ${ECHO_CMD} "Sorry, you must be root to use this target."; ${FALSE}; fi; \
current_uid=`id -u ${SQUID_UID}`; \
current_gid=`pw groupshow ${SQUID_GID}|cut -f 3 -d :`; \
${ECHO_CMD} "I will remove this user:"; \
${ID} -P $${current_uid}; \
${ECHO_CMD} "and this group:"; \
pw groupshow ${SQUID_GID}; \
${ECHO_CMD} "I will then re-create them with a user and group id of 100."; \
${ECHO_CMD} "Then all files and directories under ${PREFIX} and /var that"; \
${ECHO_CMD} "are owned by uid $${current_uid} will be chown(1)'ed."; \
${ECHO_CMD} "After that, all files and directories that were accessible"; \
${ECHO_CMD} "by group $${current_gid} will chgrp(1)'ed respectively."; \
${ECHO_CMD} "Note that this assumes group '${SQUID_GID}' to be the primary"; \
${ECHO_CMD} "group of user '${SQUID_UID}'. If you have a different setup"; \
${ECHO_CMD} "please abort this target now."; \
read -p "Press RETURN to continue or CTRL-C to abort:" dummy ; \
${ECHO_CMD} "OK, here we go:"; \
${ECHO_CMD} "deleting user $${current_uid} and his primary group..."; \
pw userdel -u $${current_uid}; \
${ECHO_CMD} "adding user ${SQUID_UID} with id 100..."; \
pw groupadd -n ${SQUID_GID} -g 100; \
pw useradd -n ${SQUID_UID} -u 100 -c "squid caching-proxy pseudo user" \
-d ${PREFIX}/squid -s /sbin/nologin -h - ; \
${ECHO_CMD} "chown(1)'ing everything under ${PREFIX} from $${current_uid} to 100..."; \
${FIND} -H ${PREFIX} -user $${current_uid} -exec ${CHOWN} 100 {} \; ; \
${ECHO_CMD} "chgrp(1)'ing everything under ${PREFIX} from $${current_gid} to 100..."; \
${FIND} -H ${PREFIX} -group $${current_gid} -exec ${CHOWN} :100 {} \; ; \
${ECHO_CMD} "chown(1)'ing everything under /var from $${current_uid} to 100..."; \
${FIND} -H /var -user $${current_uid} -exec ${CHOWN} 100 {} \; ; \
${ECHO_CMD} "chgrp(1)'ing everything under /var from $${current_gid} to 100..."; \
${FIND} -H /var -group $${current_gid} -exec ${CHOWN} :100 {} \; ; \
${ECHO_CMD} "Finished."
.include <bsd.port.post.mk>
|