diff options
-rw-r--r-- | net-proxy/squid/Manifest | 2 | ||||
-rw-r--r-- | net-proxy/squid/squid-6.11.ebuild | 411 |
2 files changed, 413 insertions, 0 deletions
diff --git a/net-proxy/squid/Manifest b/net-proxy/squid/Manifest index 35715b142af2..3778c3efc57c 100644 --- a/net-proxy/squid/Manifest +++ b/net-proxy/squid/Manifest @@ -1,5 +1,7 @@ DIST squid-6.10.tar.xz 2558208 BLAKE2B 608b49c25549e73bc58ee4ec82a4d582f6f28b6dd324261806931eb2e37f0b5d63f6c2f6373a3db43823e805f5d6df56b2a4b5a8324cd6e623c4302d2c4b9421 SHA512 c0b75c3d383b1cd234b30dd02e84e1c5655fc53f63b75704bf4bac9ee0b86ba27e4656116893aff8b95dea19ff1befabcbb9dab3875da52fcb65f1d30f0fe5a9 DIST squid-6.10.tar.xz.asc 647 BLAKE2B 22c41fae76b5e2efb5adc7d34beac0dce8218af0a4e77268989078acb91b6822a41f9a44cb60796548bb392040ad35317b5cfde9fdc51a37ffae616bbe9faede SHA512 5e9d053db90549760f7a675d9f4703ecde460906cb09dff489f9db5d0f7826fb30487c9b009cc4577f3f061f3c7b3a667418af298f55f882f696884dc536bf53 +DIST squid-6.11.tar.xz 2547824 BLAKE2B 8143257e33dc23d3e22ae778990a1cc086740284cd356b3069f3c268c5648d08ddec7346028649c855dcd5c71fa4da555e81f9aac77e1bad8e06e9bd52655749 SHA512 669f658b0a58514f98c2b33df874706d40b9ed0837e1f32e08e274c79617063e06e706932011a34b115dcc96d43125f9cea30fba459cd31a88e3afd9b6076d7a +DIST squid-6.11.tar.xz.asc 647 BLAKE2B b440ecb5f3d9c05fc8fd48bde0385deea39a2b0628dd0a3dc9c7f7d1bb55466cf43a5504f452d1ec532954c46a8d84741641e1fce9e0c7cae9f80aa93f29ad45 SHA512 e4bf8a77fe431eb6ba7ff9c10511d987692438d66c4aa72739b4fedf73aa6e6704e4da756ffcfeb82b9d76be9a3e4bb963dd523132cda732077898785cc6bbb9 DIST squid-6.6.tar.xz 2554824 BLAKE2B 7c3c96f5cd5f819f6f020fb3e63ee8d9bb26b7fb4ff4405d7963a643c6766344e6492505bc1b33f3040ad800b3d7a3ad6a4b067b031ac4d178ddcac04c6e74dc SHA512 4ab261ed85ad674288467500aca9d8a48e3918b55f777635c0ba7a2551f248d35536848a5fbf2c946490a818004727f2aed33144f0a3ebab0be36cc4cffb020c DIST squid-6.6.tar.xz.asc 1193 BLAKE2B c37a400c51c30de35c6fe52123389c134d05670a36b1ffae4d67e7d06981bbf94788343daf2fdeafb782d464a977ee31bc601e3b1b92b45cd40ba6a6725b9a16 SHA512 08550569759c403a1a9747d08ea7055751fbf251355691074f6d09baca76a0987c5dff36e1f01b64edd446d568c7244b14124f6f8a1b19ccfc30293eed83a297 DIST squid-6.7.tar.xz 2427468 BLAKE2B 0cd892213085326d1f4cc065778d95d74c03edaaf98b839b4422397fdcd449716b022e74adcbac636ca98e9d5c45a8f7aa156c3edc9f306fb13fc5cc21125dd6 SHA512 6221437056c600119fe9ff1ceeeaa9955cf9f21df481ad29a3515f8439a41b779d51f37b820b75641d0d4d6de54554f6f924dbd347834bf4a6ad6b5b317084a0 diff --git a/net-proxy/squid/squid-6.11.ebuild b/net-proxy/squid/squid-6.11.ebuild new file mode 100644 index 000000000000..4ca27d5a50d0 --- /dev/null +++ b/net-proxy/squid/squid-6.11.ebuild @@ -0,0 +1,411 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/squid.gpg +inherit autotools flag-o-matic linux-info pam systemd toolchain-funcs verify-sig + +DESCRIPTION="Full-featured web proxy cache" +HOMEPAGE="https://www.squid-cache.org/" + +MY_PV_MAJOR=$(ver_cut 1) +# Upstream patch ID for the most recent bug-fixed update to the formal release. +#r=-20181117-r0022167 +r= +if [[ -z ${r} ]]; then + SRC_URI=" + http://static.squid-cache.org/Versions/v${MY_PV_MAJOR}/${P}.tar.xz + https://dev.gentoo.org/~juippis/distfiles/squid-6.9-memleak_fix.patch + verify-sig? ( http://static.squid-cache.org/Versions/v${MY_PV_MAJOR}/${P}.tar.xz.asc ) + " +else + SRC_URI="http://static.squid-cache.org/Versions/v${MY_PV_MAJOR}/${P}${r}.tar.bz2 + https://dev.gentoo.org/~juippis/distfiles/squid-6.9-memleak_fix.patch" + S="${S}${r}" +fi + +LICENSE="GPL-2+" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86" +IUSE="caps gnutls pam ldap samba sasl kerberos nis radius ssl snmp selinux logrotate test ecap" +IUSE+=" esi ssl-crtd mysql postgres sqlite systemd perl qos tproxy +htcp valgrind +wccp +wccpv2" +RESTRICT="!test? ( test )" +REQUIRED_USE="tproxy? ( caps ) qos? ( caps ) ssl-crtd? ( ssl )" + +DEPEND=" + acct-group/squid + acct-user/squid + dev-libs/libltdl + sys-libs/tdb + virtual/libcrypt:= + caps? ( >=sys-libs/libcap-2.16 ) + ecap? ( net-libs/libecap:1 ) + esi? ( + dev-libs/expat + dev-libs/libxml2 + ) + ldap? ( net-nds/openldap:= ) + gnutls? ( >=net-libs/gnutls-3.1.5:= ) + logrotate? ( app-admin/logrotate ) + nis? ( + net-libs/libtirpc:= + net-libs/libnsl:= + ) + kerberos? ( virtual/krb5 ) + pam? ( sys-libs/pam ) + qos? ( net-libs/libnetfilter_conntrack ) + ssl? ( + dev-libs/nettle:= + !gnutls? ( + dev-libs/openssl:= + ) + ) + sasl? ( dev-libs/cyrus-sasl ) + systemd? ( sys-apps/systemd:= ) +" +RDEPEND=" + ${DEPEND} + mysql? ( dev-perl/DBD-mysql ) + postgres? ( dev-perl/DBD-Pg ) + perl? ( dev-lang/perl ) + samba? ( net-fs/samba ) + selinux? ( sec-policy/selinux-squid ) + sqlite? ( dev-perl/DBD-SQLite ) +" +DEPEND+=" valgrind? ( dev-debug/valgrind )" +BDEPEND=" + dev-lang/perl + ecap? ( virtual/pkgconfig ) + test? ( dev-util/cppunit ) + verify-sig? ( sec-keys/openpgp-keys-squid ) +" + +PATCHES=( + "${FILESDIR}"/${PN}-6.2-gentoo.patch + "${FILESDIR}"/${PN}-4.17-use-system-libltdl.patch + "${DISTDIR}"/${PN}-6.9-memleak_fix.patch +) + +pkg_pretend() { + if use tproxy; then + local CONFIG_CHECK="~NF_CONNTRACK ~NETFILTER_XT_MATCH_SOCKET ~NETFILTER_XT_TARGET_TPROXY" + linux-info_pkg_setup + fi +} + +src_unpack() { + if use verify-sig ; then + # Needed for downloaded patch (which is unsigned, which is fine) + verify-sig_verify_detached "${DISTDIR}"/${P}.tar.xz{,.asc} + fi + + default +} + +src_prepare() { + default + + # Fixup various paths + sed -i -e 's:/usr/local/squid/etc:/etc/squid:' \ + INSTALL QUICKSTART \ + scripts/fileno-to-pathname.pl \ + scripts/check_cache.pl \ + tools/cachemgr.cgi.8 \ + tools/purge/conffile.hh \ + tools/purge/purge.1 || die + sed -i -e 's:/usr/local/squid/sbin:/usr/sbin:' \ + INSTALL QUICKSTART || die + sed -i -e 's:/usr/local/squid/var/cache:/var/cache/squid:' \ + QUICKSTART || die + sed -i -e 's:/usr/local/squid/var/logs:/var/log/squid:' \ + QUICKSTART \ + src/log/access_log.cc || die + sed -i -e 's:/usr/local/squid/logs:/var/log/squid:' \ + src/log/access_log.cc || die + sed -i -e 's:/usr/local/squid/libexec:/usr/libexec/squid:' \ + src/acl/external/unix_group/ext_unix_group_acl.8 \ + src/acl/external/session/ext_session_acl.8 || die + sed -i -e 's:/usr/local/squid/cache:/var/cache/squid:' \ + scripts/check_cache.pl || die + # /var/run/squid to /run/squid + sed -i -e 's:$(localstatedir)::' \ + src/ipc/Makefile.am || die + sed -i 's:/var/run/:/run/:g' tools/systemd/squid.service || die + + sed -i -e 's:_LTDL_SETUP:LTDL_INIT([installable]):' \ + libltdl/configure.ac || die + + eautoreconf +} + +src_configure() { + local myeconfargs=( + --cache-file="${S}"/config.cache + + --datadir=/usr/share/squid + --libexecdir=/usr/libexec/squid + --localstatedir=/var + --sysconfdir=/etc/squid + --with-default-user=squid + --with-logdir=/var/log/squid + --with-pidfile=/run/squid.pid + + --enable-build-info="Gentoo ${PF} (r: ${r:-NONE})" + --enable-log-daemon-helpers + --enable-url-rewrite-helpers + --enable-cache-digests + --enable-delay-pools + --enable-disk-io + --enable-eui + --enable-icmp + --enable-ipv6 + --enable-follow-x-forwarded-for + --enable-removal-policies="lru,heap" + --disable-strict-error-checking + --disable-arch-native + + --with-large-files + --with-build-environment=default + + --with-tdb + + --without-included-ltdl + --with-ltdl-include="${ESYSROOT}"/usr/include + --with-ltdl-lib="${ESYSROOT}"/usr/$(get_libdir) + + $(use_with caps cap) + $(use_enable snmp) + $(use_with ssl openssl) + $(use_with ssl nettle) + $(use_with gnutls) + $(use_with ldap) + $(use_enable ssl-crtd) + $(use_with systemd) + $(use_with test cppunit) + $(use_enable ecap) + $(use_enable esi) + $(use_enable esi expat) + $(use_enable esi xml2) + $(use_enable htcp) + $(use_with valgrind valgrind-debug) + $(use_enable wccp) + $(use_enable wccpv2) + ) + + # Basic modules + local basic_modules=( + NCSA + POP3 + getpwnam + + $(usev samba 'SMB') + $(usev ldap 'SMB_LM LDAP') + $(usev pam 'PAM') + $(usev sasl 'SASL') + $(usev nis 'NIS') + $(usev radius 'RADIUS') + ) + + use nis && append-cppflags "-I${ESYSROOT}/usr/include/tirpc" + + if use mysql || use postgres || use sqlite; then + basic_modules+=( DB ) + fi + + # Digests + local digest_modules=( + file + + $(usev ldap 'LDAP eDirectory') + ) + + # Kerberos + local negotiate_modules=( none ) + + myeconfargs+=( --without-mit-krb5 --without-heimdal-krb5 ) + + if use kerberos; then + # We intentionally overwrite negotiate_modules here to lose + # the 'none'. + negotiate_modules=( kerberos wrapper ) + + if has_version app-crypt/heimdal; then + myeconfargs+=( + --without-mit-krb5 + --with-heimdal-krb5 + ) + else + myeconfargs+=( + --with-mit-krb5 + --without-heimdal-krb5 + ) + fi + fi + + # NTLM modules + local ntlm_modules=( none ) + + if use samba ; then + # We intentionally overwrite ntlm_modules here to lose + # the 'none'. + ntlm_modules=( SMB_LM ) + fi + + # External helpers + local ext_helpers=( + file_userip + session + unix_group + delayer + time_quota + + $(usev samba 'wbinfo_group') + $(usev ldap 'LDAP_group eDirectory_userip') + ) + + use ldap && use kerberos && ext_helpers+=( kerberos_ldap_group ) + if use mysql || use postgres || use sqlite; then + ext_helpers+=( SQL_session ) + fi + + # Storage modules + local storeio_modules=( + aufs + diskd + rock + ufs + ) + + # + local transparent + if use kernel_linux; then + myeconfargs+=( + --enable-linux-netfilter + $(usev qos '--enable-zph-qos --with-netfilter-conntrack') + ) + fi + + tc-export_build_env BUILD_CXX + export BUILDCXX="${BUILD_CXX}" + export BUILDCXXFLAGS="${BUILD_CXXFLAGS}" + tc-export CC AR + + # Should be able to drop this workaround with newer versions. + # https://bugs.squid-cache.org/show_bug.cgi?id=4224 + tc-is-cross-compiler && export squid_cv_gnu_atomics=no + + # Bug #719662 + append-atomic-flags + + print_options_without_comma() { + # IFS as ',' will cut off any trailing commas + ( + IFS=',' + options=( $(printf "%s," "${@}") ) + echo "${options[*]}" + ) + } + + myeconfargs+=( + --enable-storeio=$(print_options_without_comma "${storeio_modules[@]}") + --enable-auth-basic=$(print_options_without_comma "${basic_modules[@]}") + --enable-auth-digest=$(print_options_without_comma "${digest_modules[@]}") + --enable-auth-ntlm=$(print_options_without_comma "${ntlm_modules[@]}") + --enable-auth-negotiate=$(print_options_without_comma "${negotiate_modules[@]}") + --enable-external-acl-helpers=$(print_options_without_comma "${ext_helpers[@]}") + ) + + econf "${myeconfargs[@]}" +} + +src_test() { + default + + # Suppress QA warning (bug #877729) for no tests executed + # for some subsuites. The layout is odd and there's a bunch + # of useless/stub directories which confuses it. + find "${S}" -iname test-suite.log -delete || die +} + +src_install() { + default + + systemd_dounit tools/systemd/squid.service + + # Need suid root for looking into /etc/shadow + fowners root:squid /usr/libexec/squid/basic_ncsa_auth + fperms 4750 /usr/libexec/squid/basic_ncsa_auth + + if use pam; then + fowners root:squid /usr/libexec/squid/basic_pam_auth + fperms 4750 /usr/libexec/squid/basic_pam_auth + fi + + # Pinger needs suid as well + fowners root:squid /usr/libexec/squid/pinger + fperms 4750 /usr/libexec/squid/pinger + + # These scripts depend on perl + if ! use perl; then + local perl_scripts=( + basic_pop3_auth ext_delayer_acl helper-mux + log_db_daemon security_fake_certverify + storeid_file_rewrite url_lfs_rewrite + ) + + local script + for script in "${perl_scripts[@]}"; do + rm "${ED}"/usr/libexec/squid/${script} || die + done + fi + + # Cleanup + rm -r "${D}"/run "${D}"/var/cache || die + + dodoc CONTRIBUTORS CREDITS ChangeLog INSTALL QUICKSTART README SPONSORS doc/*.txt + newdoc src/auth/negotiate/kerberos/README README.kerberos + newdoc src/auth/basic/RADIUS/README README.RADIUS + newdoc src/acl/external/kerberos_ldap_group/README README.kerberos_ldap_group + dodoc RELEASENOTES.html + + if use pam; then + newpamd "${FILESDIR}"/squid.pam squid + fi + + newconfd "${FILESDIR}"/squid.confd-r2 squid + newinitd "${FILESDIR}"/squid.initd-r7 squid + + if use logrotate ; then + insinto /etc/logrotate.d + newins "${FILESDIR}"/squid.logrotate-r1 squid + else + exeinto /etc/cron.weekly + newexe "${FILESDIR}"/squid.cron-r1 squid.cron + fi + + diropts -m0750 -o squid -g squid + keepdir /var/log/squid /etc/ssl/squid /var/lib/squid + + # Hack for bug #834503 (see also bug #664940) + # Please keep this for a few years until it's no longer plausible + # someone is upgrading from < squid 5.7. + mv "${ED}"/usr/share/squid/errors{,.new} || die +} + +pkg_preinst() { + # Remove file in EROOT that the directory collides with. + rm -rf "${EROOT}"/usr/share/squid/errors || die + + # Following the collision protection check, reverse + # src_install's rename in ED. + mv "${ED}"/usr/share/squid/errors{.new,} || die +} + +pkg_postinst() { + elog "A good starting point to debug Squid issues is to use 'squidclient mgr:' commands such as 'squidclient mgr:info'." + + if [[ ${#r} -gt 0 ]]; then + elog "You are using a release with the official ${r} patch! Make sure you mention that, or send the output of 'squidclient mgr:info' when asking for support." + fi +} |