path: root/www/squid/Makefile

# $FreeBSD$

PORTNAME=   squid
PORTVERSION=    3.5.15
PORTREVISION=   2
CATEGORIES= www ipv6
MASTER_SITES=   http://www.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \
        http://www2.us.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \
        http://www1.at.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \
        http://www.eu.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \
        http://www1.jp.squid-cache.org/Versions/v3/${PORTVERSION:R}/
DIST_SUBDIR=    squid${PORTVERSION:R}

PATCH_SITES=    http://www.squid-cache.org/%SUBDIR%/ \
        http://www2.us.squid-cache.org/%SUBDIR%/ \
        http://www1.at.squid-cache.org/%SUBDIR%/ \
        http://www.eu.squid-cache.org/%SUBDIR%/ \
        http://www1.jp.squid-cache.org/%SUBDIR%/ \
        http://master.squid-cache.org/~amosjeffries/patches/:nosid
PATCH_SITE_SUBDIR=  Versions/v3/${PORTVERSION:R}/changesets
PATCHFILES= squid-3.5-13997.patch \
        squid-3.5-13998.patch \
        squid-3.5-13999.patch \
        squid-3.5-14000.patch \
        squid-3.5-14001.patch \
        squid-3.5-14002.patch \
        squid-3.5-14003.patch \
        squid-3.5-14004.patch \
        squid-3.5-14005.patch \
        squid-3.5-14006.patch \
        squid-3.5-14007.patch \
        squid-3.5-14008.patch \
        squid-3.5-14009.patch \
        squid-3.5-14010.patch \
        squid-3.5-14011.patch \
        squid-3.5-14012.patch

MAINTAINER= timp87@gmail.com
COMMENT=    HTTP Caching Proxy

LICENSE=    GPLv2
LICENSE_FILE=   ${WRKSRC}/COPYING

USES=       compiler cpe perl5 shebangfix tar:xz
CPE_VENDOR= squid-cache
SHEBANG_FILES=  scripts/*.pl contrib/*.pl src/*.pl tools/*.pl \
        helpers/ssl/cert_valid.pl
GNU_CONFIGURE=  yes
USE_RC_SUBR=    squid

USERS=      squid
GROUPS=     squid

MYDOCS=     QUICKSTART README RELEASENOTES.html doc/debug-sections.txt
PORTDOCS=   ${MYDOCS:T}
PORTEXAMPLES=   *
SUB_FILES+= pkg-install pkg-message

OPTIONS_SUB=    yes
OPTIONS_GROUP=  AUTH
OPTIONS_RADIO=  SMB
OPTIONS_GROUP_AUTH=AUTH_LDAP AUTH_NIS AUTH_SASL AUTH_SQL
OPTIONS_RADIO_SMB=AUTH_SMB3 AUTH_SMB4
OPTIONS_DEFINE= ARP_ACL CACHE_DIGESTS DEBUG DELAY_POOLS ECAP ESI \
        FOLLOW_XFF FS_AUFS FS_DISKD FS_ROCK HTCP ICAP ICMP IDENT IPV6 \
        KQUEUE LARGEFILE NETTLE SNMP SSL SSL_CRTD STACKTRACES LAX_HTTP \
        TP_IPF TP_IPFW TP_PF VIA_DB WCCP WCCPV2 DOCS EXAMPLES

OPTIONS_SINGLE= GSSAPI
OPTIONS_SINGLE_GSSAPI=  GSSAPI_NONE GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT

OPTIONS_DEFAULT=ARP_ACL AUTH_NIS CACHE_DIGESTS DELAY_POOLS DOCS EXAMPLES FOLLOW_XFF \
        FS_AUFS FS_DISKD FS_ROCK HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE \
        LAX_HTTP SNMP SSL SSL_CRTD TP_IPF TP_IPFW TP_PF VIA_DB WCCP WCCPV2 \
        GSSAPI_BASE

ARP_ACL_CONFIGURE_ENABLE=   eui
AUTH_LDAP_CFLAGS=       -I${LOCALBASE}/include
AUTH_LDAP_LDFLAGS=      -L${LOCALBASE}/lib
AUTH_LDAP_USE=          OPENLDAP=yes
AUTH_SASL_CFLAGS=       -I${LOCALBASE}/include
AUTH_SASL_CPPFLAGS=     -I${LOCALBASE}/include
AUTH_SASL_LDFLAGS=      -L${LOCALBASE}/lib
AUTH_SASL_LIB_DEPENDS=      libsasl2.so:${PORTSDIR}/security/cyrus-sasl2
AUTH_SMB3_RUN_DEPENDS=      smbclient:${PORTSDIR}/net/samba36
AUTH_SMB4_RUN_DEPENDS=      smbclient:${PORTSDIR}/net/samba42
AUTH_SQL_RUN_DEPENDS=       p5-DBI>=1.08:${PORTSDIR}/databases/p5-DBI
CACHE_DIGESTS_CONFIGURE_ENABLE= cache-digests
DELAY_POOLS_CONFIGURE_ENABLE=   delay-pools
ECAP_CFLAGS=            -I${LOCALBASE}/include
ECAP_CONFIGURE_ENABLE=      ecap
ECAP_LDFLAGS=           -L${LOCALBASE}/lib
ECAP_LIB_DEPENDS=       libecap.so:${PORTSDIR}/www/libecap
ECAP_USES=          pkgconfig:build
ESI_CFLAGS=         -I${LOCALBASE}/include -I${LOCALBASE}/include/libxml2
ESI_CONFIGURE_ENABLE=       esi
ESI_LDFLAGS=            -L${LOCALBASE}/lib
ESI_LIB_DEPENDS=        libexpat.so:${PORTSDIR}/textproc/expat2 \
                libxml2.so:${PORTSDIR}/textproc/libxml2
FOLLOW_XFF_CONFIGURE_ENABLE=    follow-x-forwarded-for
HTCP_CONFIGURE_ENABLE=      htcp
ICAP_CONFIGURE_ENABLE=      icap-client
ICMP_CONFIGURE_ENABLE=      icmp
IDENT_CONFIGURE_ENABLE=     ident-lookups
IPV6_CONFIGURE_ENABLE=      ipv6
KQUEUE_CONFIGURE_ENABLE=    kqueue
LARGEFILE_CONFIGURE_WITH=   large-files
LAX_HTTP_CONFIGURE_ENABLE=  http-violations
NETTLE_LIB_DEPENDS=     libnettle.so:${PORTSDIR}/security/nettle
NETTLE_CONFIGURE_OFF=       --without-nettle
SNMP_CONFIGURE_ENABLE=      snmp
SSL_CONFIGURE_ENABLE=       ssl
SSL_CRTD_CONFIGURE_ENABLE=  ssl-crtd
STACKTRACES_CONFIGURE_ENABLE=   stacktraces
STACKTRACES_LIB_DEPENDS=    libunwind.so:${PORTSDIR}/devel/libunwind
STACKTRACES_CONFIGURE_ON=   --disable-strict-error-checking
TP_IPFW_CONFIGURE_ENABLE=   ipfw-transparent
TP_IPF_CONFIGURE_ENABLE=    ipf-transparent
TP_PF_CONFIGURE_ENABLE=     pf-transparent
TP_PF_CONFIGURE_WITH=       nat-devpf
VIA_DB_CONFIGURE_ENABLE=    forw-via-db
WCCPV2_CONFIGURE_ENABLE=    wccpv2
WCCP_CONFIGURE_ENABLE=      wccp

GSSAPI_NONE_CONFIGURE_ON=   --without-heimdal-krb5 \
                --without-mit-krb5 \
                --without-gss

GSSAPI_BASE_USES=       gssapi
GSSAPI_BASE_CONFIGURE_ON=   --with-heimdal-krb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS}

GSSAPI_HEIMDAL_USES=        gssapi:heimdal
GSSAPI_HEIMDAL_CONFIGURE_ON=    --with-heimdal-krb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS}

GSSAPI_MIT_USES=        gssapi:mit
GSSAPI_MIT_CONFIGURE_ON=    --with-mit-krb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS}

# TODO:
# add an option for external_acl/session (requires some kind of external
# Berkeley DB support, unsure which one)
ARP_ACL_DESC=       ARP/MAC/EUI based authentification
AUTH_DESC=      Authentication helpers
GSSAPI_DESC=        Install Kerberos authentication helpers
GSSAPI_NONE_DESC=   Build without Kerberos support
GSSAPI_BASE_DESC=   Build with Kerberos support from base
GSSAPI_HEIMDAL_DESC=    Build with Kerberos support from security/heimdal
GSSAPI_MIT_DESC=    Build with Kerberos support from security/krb5
AUTH_LDAP_DESC=     Install LDAP authentication helpers
AUTH_NIS_DESC=      Install NIS/YP authentication helpers
AUTH_SASL_DESC=     Install SASL authentication helpers
AUTH_SMB3_DESC=     Install SMB3 auth. helpers (req. net/samba36)
AUTH_SMB4_DESC=     Install SMB4 auth. helpers (req. net/samba42)
AUTH_SQL_DESC=      Install SQL based auth
CACHE_DIGESTS_DESC= Use cache digests
DEBUG_DESC=     Build with extended debugging support
DELAY_POOLS_DESC=   Delay pools (bandwidth limiting)
ECAP_DESC=      Loadable content adaptation modules
ESI_DESC=       ESI support
FOLLOW_XFF_DESC=    Support for the X-Following-For header
FS_AUFS_DESC=       AUFS (threaded-io) support
FS_DISKD_DESC=      DISKD storage engine controlled by separate service
FS_ROCK_DESC=       ROCK storage engine
HTCP_DESC=      HTCP support
ICAP_DESC=      the ICAP client
ICMP_DESC=      ICMP pinging and network measurement
IDENT_DESC=     Ident lookups (RFC 931)
KQUEUE_DESC=        Kqueue(2) support
LARGEFILE_DESC=     Support large (>2GB) cache and log files
NETTLE_DESC=        Nettle MD5 algorithm support
SMB_DESC=       Samba authentication helpers
SNMP_DESC=      SNMP support
SSL_CRTD_DESC=      Use ssl_crtd to handle SSL cert requests
SSL_DESC=       SSL gatewaying support
STACKTRACES_DESC=   Enable automatic backtraces on fatal errors
LAX_HTTP_DESC=      Do not enforce strict HTTP compliance
TP_IPFW_DESC=       Transparent proxying with IPFW
TP_IPF_DESC=        Transparent proxying with IPFilter
TP_PF_DESC=     Transparent proxying with PF
VIA_DB_DESC=        Forward/Via database
WCCPV2_DESC=        Web Cache Coordination Protocol v2
WCCP_DESC=      Web Cache Coordination Protocol

change_files=   ChangeLog \
        contrib/nextstep/makepkg \
        contrib/nextstep/post_install \
        errors/Makefile.am \
        errors/Makefile.in \
        helpers/basic_auth/SMB_LM/README.html \
        src/Makefile.am \
        src/Makefile.in \
        src/cf_gen.cc \
        src/squid.8.in \
        test-suite/Makefile.in \
        tools/Makefile.am \
        tools/Makefile.in

.if !defined(SQUID_CONFIGURE_ARGS) \
    || ${SQUID_CONFIGURE_ARGS:M*--disable-unlinkd*} == ""
PLIST_SUB+= UNLINKD=""
.else
PLIST_SUB+= UNLINKD="@comment "
.endif

CONFIGURE_ARGS= --with-default-user=squid \
        --bindir=${PREFIX}/sbin \
        --sbindir=${PREFIX}/sbin \
        --datadir=${ETCDIR} \
        --libexecdir=${PREFIX}/libexec/squid \
        --localstatedir=/var \
        --sysconfdir=${ETCDIR} \
        --with-logdir=/var/log/squid \
        --with-pidfile=/var/run/squid/squid.pid \
        --with-swapdir=/var/squid/cache \
        --without-gnutls \
        --enable-auth \
        --enable-build-info \
        --enable-loadable-modules \
        --enable-removal-policies="lru heap" \
        --disable-epoll \
        --disable-linux-netfilter \
        --disable-linux-tproxy \
        --disable-translation \
        --disable-arch-native

.include <bsd.port.options.mk>

# Authentication methods and modules:

basic_auth= DB SMB_LM MSNT-multi-domain NCSA PAM POP3 RADIUS fake getpwnam
digest_auth=    file
external_acl=   file_userip time_quota unix_group
ntlm_auth=  fake smb_lm

.if ${PORT_OPTIONS:MAUTH_LDAP}
basic_auth+=    LDAP
external_acl+=  LDAP_group
.endif

.if ${PORT_OPTIONS:MAUTH_SASL}
basic_auth+=    SASL
.endif

.if ${PORT_OPTIONS:MAUTH_SMB3} || ${PORT_OPTIONS:MAUTH_SMB4}
PLIST_SUB+= AUTH_SMB=""
basic_auth+=    SMB
external_acl+=  wbinfo_group
.else
PLIST_SUB+= AUTH_SMB="@comment "
.endif

.if ${PORT_OPTIONS:MAUTH_SQL}
external_acl+=  SQL_session
.endif

# POLA: allow the old global make.conf(5) (pre src.conf(5)) defines, too:
.if ${PORT_OPTIONS:MAUTH_NIS} && !defined(NO_NIS) && !defined(WITHOUT_NIS)
basic_auth+=    NIS
.endif

# POLA: allow the old global make.conf(5) (pre src.conf(5)) defines, too:
.if ${PORT_OPTIONS:MGSSAPI_NONE} || defined(NO_KERBEROS) || defined(WITHOUT_KERBEROS)
negotiate_auth= none
PLIST_SUB+= AUTH_KERB="@comment "
.else
# The kerberos_ldap_group external helper also depends on LDAP and SASL:
. if ${PORT_OPTIONS:MAUTH_LDAP} && ${PORT_OPTIONS:MAUTH_SASL}
external_acl+=  kerberos_ldap_group
. endif
negotiate_auth= kerberos wrapper
PLIST_SUB+= AUTH_KERB=""
.endif

# Make it build on FreeBSD < 10
.if ${PORT_OPTIONS:MGSSAPI_BASE}
EXTRA_PATCHES+=     ${FILESDIR}/extra-patch-build-8-9
.endif

CONFIGURE_ARGS+=    --enable-auth-basic="${basic_auth}" \
            --enable-auth-digest="${digest_auth}" \
            --enable-external-acl-helpers="${external_acl}" \
            --enable-auth-negotiate="${negotiate_auth}" \
            --enable-auth-ntlm="${ntlm_auth}"

# Storage schemes:
storage_schemes=    ufs
diskio_modules=     AIO Blocking IpcIo Mmapped

.if ${PORT_OPTIONS:MFS_AUFS}
storage_schemes+=   aufs
diskio_modules+=    DiskThreads
# Nil aufs threads is default, set any other value via SQUID_CONFIGURE_ARGS,
# e.g. SQUID_CONFIGURE_ARGS=--with-aufs-threads=N
LDFLAGS+=       -pthread
.else
CONFIGURE_ARGS+=    --without-pthreads
.endif

.if ${PORT_OPTIONS:MFS_DISKD}
storage_schemes+=   diskd
diskio_modules+=    DiskDaemon
.endif

.if ${PORT_OPTIONS:MFS_ROCK}
storage_schemes+=   rock
.endif

CONFIGURE_ARGS+=    --enable-storeio="${storage_schemes}" \
            --enable-disk-io="${diskio_modules}"

# Log daemon helpers:
logdaemon_helpers=  file
CONFIGURE_ARGS+=    --enable-log-daemon-helpers="${logdaemon_helpers}"

# URL rewrite helpers:
url_rewrite_helpers=    fake
CONFIGURE_ARGS+=    --enable-url-rewrite-helpers="${url_rewrite_helpers}"

# Storeid rewrite helpers:
storeid_rewrite_helpers=    file
CONFIGURE_ARGS+=    --enable-storeid-rewrite-helpers="${storeid_rewrite_helpers}"

# Other options set via 'make config':

.if ${PORT_OPTIONS:MSSL}
# we need to .include bsd.openssl.mk manually here.because USE_OPENSSL only
# works when it is defined before bsd.port{.pre}.mk is .included.
# This makes it currently impossible to combine this macro with OPTIONS to
# conditionally include OpenSSL support.
# XXX: is this still true with OptionsNG as of 2015-03?
#.include "${.CURDIR}/../../Mk/bsd.openssl.mk"
.include "${PORTSDIR}/Mk/bsd.openssl.mk"
CONFIGURE_ARGS+=    --with-openssl="${OPENSSLBASE}"
CFLAGS+=        -I${OPENSSLINC}
LDFLAGS+=       -L${OPENSSLLIB}
.endif

.if ${PORT_OPTIONS:MSSL_CRTD} && !${PORT_OPTIONS:MSSL}
IGNORE=SSL_CRTD option can be used only if SSL option is enabled
.endif

.if ${PORT_OPTIONS:MSTACKTRACES}
CFLAGS+=    -g
LDFLAGS+=   -lunwind -L${LOCALBASE}/lib
STRIP=
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-gen-stacktrace
.endif

.if ${PORT_OPTIONS:MDEBUG} || defined(WITH_DEBUG)
CONFIGURE_ARGS+=    --disable-optimizations --enable-debug-cbdata
WITH_DEBUG?=        yes
.endif

# Finally, add additional user specified configuration options:
CONFIGURE_ARGS+=    ${SQUID_CONFIGURE_ARGS}

post-patch:
    @${REINPLACE_CMD} -e 's|%%PREFIX%%|${PREFIX}|g' \
        ${WRKSRC}/src/cf.data.pre
    @(cd ${WRKSRC} && ${REINPLACE_CMD} \
        -e 's|\.conf\.default|.conf.sample|' \
        -e 's|)\.default|).sample|' \
        ${change_files})
    @(cd ${WRKSRC} && ${MV} src/mime.conf.default src/mime.conf.sample)

.if !${PORT_OPTIONS:MIPV6}
    @${REINPLACE_CMD} -e's/ ::1//' -e's/ fc00::\/7//' \
        -e's/ fe80::\/10//' -e's/ 2001:DB8::2//' \
        -e's/ 2001:DB8::a:0\/64//' \
        -e'/tcp_outgoing_address 2001:db8::c001 good_service_net/d' \
        -e'/tcp_outgoing_address 2001:db8::beef normal_service_net/d' \
        -e'/tcp_outgoing_address 2001:db8::1/d' \
        ${WRKSRC}/src/cf.data.pre
.endif

post-install:
    @${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
    ${INSTALL_DATA} ${WRKSRC}/helpers/basic_auth/DB/passwd.sql \
        ${STAGEDIR}${EXAMPLESDIR}
    @${MKDIR} ${STAGEDIR}${DOCSDIR}
    (cd ${WRKSRC} && ${INSTALL_DATA} ${MYDOCS} ${STAGEDIR}${DOCSDIR})

.include <bsd.port.pre.mk>

.if ${COMPILER_TYPE} == clang
#CXXFLAGS+= -Wno-unused-private-field
.if ${COMPILER_VERSION} >= 35
CXXFLAGS+=  -Wno-undefined-bool-conversion -Wno-tautological-undefined-compare -Wno-dynamic-class-memaccess
.endif
.endif

.include <bsd.port.post.mk>