Accepting request 280563 from server:proxy:Test
- Cleanup with spec-cleaner - Version bump to 3.4.10: * Fix bootstrap.sh dependency on SPONSORS.list * HTTP/2: Support 421 (Misdirected Request) status code * Alternate-Protocol is a hop-by-hop header * Bug #4148: external_acl_type header format does not accept the new libformat syntax * Bug #4033: Rebuild corrupted ssl_db/size file * Bug #3902: Docs: external_acl_type cache hash key * Bug #4145: squid_endian.h compile errors with OpenBSD 5.6 * Fix segmentation fault in ACLUrlPathStrategy::match - Remove support for other distros as we build for opensuse anyway - remove permissions.easy and permissions.paranoid files from package as they are not used any more OBS-URL: https://build.opensuse.org/request/show/280563 OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=64
This commit is contained in:
parent
a26a7b04bb
commit
3ca11bdc56
@ -1,594 +0,0 @@
|
|||||||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
|
|
||||||
<HTML>
|
|
||||||
<HEAD>
|
|
||||||
<META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.69">
|
|
||||||
<TITLE>Squid 3.4.7 release notes</TITLE>
|
|
||||||
</HEAD>
|
|
||||||
<BODY>
|
|
||||||
<H1>Squid 3.4.7 release notes</H1>
|
|
||||||
|
|
||||||
<H2>Squid Developers</H2>
|
|
||||||
<HR>
|
|
||||||
<EM>This document contains the release notes for version 3.4 of Squid.
|
|
||||||
Squid is a WWW Cache application developed by the National Laboratory
|
|
||||||
for Applied Network Research and members of the Web Caching community.</EM>
|
|
||||||
<HR>
|
|
||||||
<P>
|
|
||||||
<H2><A NAME="toc1">1.</A> <A HREF="#s1">Notice</A></H2>
|
|
||||||
|
|
||||||
<UL>
|
|
||||||
<LI><A NAME="toc1.1">1.1</A> <A HREF="#ss1.1">Known issues</A>
|
|
||||||
<LI><A NAME="toc1.2">1.2</A> <A HREF="#ss1.2">Changes since earlier releases of Squid-3.4</A>
|
|
||||||
</UL>
|
|
||||||
<P>
|
|
||||||
<H2><A NAME="toc2">2.</A> <A HREF="#s2">Major new features since Squid-3.3</A></H2>
|
|
||||||
|
|
||||||
<UL>
|
|
||||||
<LI><A NAME="toc2.1">2.1</A> <A HREF="#ss2.1">Helper protocol extensions</A>
|
|
||||||
<LI><A NAME="toc2.2">2.2</A> <A HREF="#ss2.2">SSL Server Certificate Validator</A>
|
|
||||||
<LI><A NAME="toc2.3">2.3</A> <A HREF="#ss2.3">Store-ID</A>
|
|
||||||
<LI><A NAME="toc2.4">2.4</A> <A HREF="#ss2.4">TPROXY Support for OpenBSD 5.1+ and FreeBSD 9+</A>
|
|
||||||
<LI><A NAME="toc2.5">2.5</A> <A HREF="#ss2.5">Transaction Annotations</A>
|
|
||||||
<LI><A NAME="toc2.6">2.6</A> <A HREF="#ss2.6">Multicast DNS</A>
|
|
||||||
</UL>
|
|
||||||
<P>
|
|
||||||
<H2><A NAME="toc3">3.</A> <A HREF="#s3">Changes to squid.conf since Squid-3.3</A></H2>
|
|
||||||
|
|
||||||
<UL>
|
|
||||||
<LI><A NAME="toc3.1">3.1</A> <A HREF="#ss3.1">New tags</A>
|
|
||||||
<LI><A NAME="toc3.2">3.2</A> <A HREF="#ss3.2">Changes to existing tags</A>
|
|
||||||
<LI><A NAME="toc3.3">3.3</A> <A HREF="#ss3.3">Removed tags</A>
|
|
||||||
</UL>
|
|
||||||
<P>
|
|
||||||
<H2><A NAME="toc4">4.</A> <A HREF="#s4">Changes to ./configure options since Squid-3.3</A></H2>
|
|
||||||
|
|
||||||
<UL>
|
|
||||||
<LI><A NAME="toc4.1">4.1</A> <A HREF="#ss4.1">New options</A>
|
|
||||||
<LI><A NAME="toc4.2">4.2</A> <A HREF="#ss4.2">Changes to existing options</A>
|
|
||||||
<LI><A NAME="toc4.3">4.3</A> <A HREF="#ss4.3">Removed options</A>
|
|
||||||
</UL>
|
|
||||||
<P>
|
|
||||||
<H2><A NAME="toc5">5.</A> <A HREF="#s5">Regressions since Squid-2.7</A></H2>
|
|
||||||
|
|
||||||
<UL>
|
|
||||||
<LI><A NAME="toc5.1">5.1</A> <A HREF="#ss5.1">Missing squid.conf options available in Squid-2.7</A>
|
|
||||||
</UL>
|
|
||||||
|
|
||||||
<HR>
|
|
||||||
<H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
|
|
||||||
|
|
||||||
<P>The Squid Team are pleased to announce the release of Squid-3.4.7 for testing.</P>
|
|
||||||
<P>This new release is available for download from
|
|
||||||
<A HREF="http://www.squid-cache.org/Versions/v3/3.4/">http://www.squid-cache.org/Versions/v3/3.4/</A> or the
|
|
||||||
<A HREF="http://www.squid-cache.org/Mirrors/http-mirrors.html">mirrors</A>.</P>
|
|
||||||
<P>While this release is not deemed ready for production use, we believe it is ready for wider testing by the community.</P>
|
|
||||||
<P>We welcome feedback and bug reports. If you find a bug, please see
|
|
||||||
<A HREF="http://wiki.squid-cache.org/SquidFaq/BugReporting">http://wiki.squid-cache.org/SquidFaq/BugReporting</A>
|
|
||||||
for how to submit a report with a stack trace.</P>
|
|
||||||
|
|
||||||
<H2><A NAME="ss1.1">1.1</A> <A HREF="#toc1.1">Known issues</A>
|
|
||||||
</H2>
|
|
||||||
|
|
||||||
<P>Although this release is deemed good enough for use in many setups, please note the existence of
|
|
||||||
<A HREF="http://bugs.squid-cache.org/buglist.cgi?query_format=advanced&product=Squid&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&version=3.4">open bugs against Squid-3.4</A>.</P>
|
|
||||||
|
|
||||||
<H2><A NAME="ss1.2">1.2</A> <A HREF="#toc1.2">Changes since earlier releases of Squid-3.4</A>
|
|
||||||
</H2>
|
|
||||||
|
|
||||||
<P>The 3.4 change history can be
|
|
||||||
<A HREF="http://www.squid-cache.org/Versions/v3/3.4/changesets/">viewed here</A>.</P>
|
|
||||||
|
|
||||||
|
|
||||||
<H2><A NAME="s2">2.</A> <A HREF="#toc2">Major new features since Squid-3.3</A></H2>
|
|
||||||
|
|
||||||
<P>Squid 3.4 represents a new feature release above 3.3.</P>
|
|
||||||
|
|
||||||
<P>The most important of these new features are:
|
|
||||||
<UL>
|
|
||||||
<LI>Helper protocol extensions</LI>
|
|
||||||
<LI>SSL Server Certificate Validator</LI>
|
|
||||||
<LI>Store-ID</LI>
|
|
||||||
<LI>TPROXY Support for OpenBSD 5.1+ and FreeBSD 9+</LI>
|
|
||||||
<LI>Transaction Annotations</LI>
|
|
||||||
<LI>Multicast DNS</LI>
|
|
||||||
</UL>
|
|
||||||
</P>
|
|
||||||
<P>Most user-facing changes are reflected in squid.conf (see below).</P>
|
|
||||||
|
|
||||||
|
|
||||||
<H2><A NAME="ss2.1">2.1</A> <A HREF="#toc2.1">Helper protocol extensions</A>
|
|
||||||
</H2>
|
|
||||||
|
|
||||||
<P>Details at
|
|
||||||
<A HREF="http://wiki.squid-cache.org/Features/AddonHelpers">http://wiki.squid-cache.org/Features/AddonHelpers</A>.</P>
|
|
||||||
|
|
||||||
<P>The Squid helper protocol used to communicate with authenticators,
|
|
||||||
URL-rewriters, Redirectors, and External ACL helpers has been updated
|
|
||||||
and extended.</P>
|
|
||||||
|
|
||||||
<P><EM>BH</EM> status code is now accepted from all helpers to report
|
|
||||||
internal error events separate from <EM>ERR</EM> rejection code.
|
|
||||||
Permitting Squid to perform recovery operations specific to
|
|
||||||
helper failure instead of a blanket client rejection.</P>
|
|
||||||
|
|
||||||
<P>Arbitrary key-value pairs can be returned from any helper.
|
|
||||||
Allowing future helpers to be forward- and backward- compatible
|
|
||||||
with this and future versions of Squid.</P>
|
|
||||||
|
|
||||||
|
|
||||||
<H2><A NAME="ss2.2">2.2</A> <A HREF="#toc2.2">SSL Server Certificate Validator</A>
|
|
||||||
</H2>
|
|
||||||
|
|
||||||
<P>Details at
|
|
||||||
<A HREF="http://wiki.squid-cache.org/Features/SslServerCertValidator">http://wiki.squid-cache.org/Features/SslServerCertValidator</A>.</P>
|
|
||||||
|
|
||||||
<P>The helper consulted after the internal OpenSSL validation, regardless of the
|
|
||||||
validation results. The helper will receive:</P>
|
|
||||||
<P>
|
|
||||||
<UL>
|
|
||||||
<LI>the origin server certificate (chain),</LI>
|
|
||||||
<LI>the intended domain name, and</LI>
|
|
||||||
<LI>a list of OpenSSL validation errors (if any).</LI>
|
|
||||||
</UL>
|
|
||||||
</P>
|
|
||||||
|
|
||||||
<P>If the helper decides to honor an OpenSSL error or report another validation
|
|
||||||
error(s), the helper will return:</P>
|
|
||||||
<P>
|
|
||||||
<UL>
|
|
||||||
<LI>A list of certificates.</LI>
|
|
||||||
<LI>A list of items consists the the validation error name (see <EM>%err_name</EM>
|
|
||||||
error page macro and <EM>%err_details</EM> code for <EM>logformat</EM>), error reason
|
|
||||||
(<EM>%ssl_lib_error macro</EM>), and the offending certificate.</LI>
|
|
||||||
</UL>
|
|
||||||
</P>
|
|
||||||
|
|
||||||
<P>The returned information mimics what the internal OpenSSL-based validation code
|
|
||||||
collects now. Returned errors, if any, are fed to <EM>sslproxy_cert_error</EM>,
|
|
||||||
triggering the existing SSL error processing code.</P>
|
|
||||||
|
|
||||||
<P>The helper invocation controlled by the <EM>sslcrtvalidator_program</EM> and
|
|
||||||
<EM>sslcrtvalidator_children</EM> configurations options which are similar to the
|
|
||||||
<EM>ssl_crtd</EM> related options. </P>
|
|
||||||
|
|
||||||
|
|
||||||
<H2><A NAME="ss2.3">2.3</A> <A HREF="#toc2.3">Store-ID</A>
|
|
||||||
</H2>
|
|
||||||
|
|
||||||
<P>Details at
|
|
||||||
<A HREF="http://wiki.squid-cache.org/Features/StoreID">http://wiki.squid-cache.org/Features/StoreID</A>.</P>
|
|
||||||
|
|
||||||
<P>This feature is a redesigned equivalent to the Squid-2.7 feature known as StoreURL-rewrite.</P>
|
|
||||||
|
|
||||||
<P><EM>Notice</EM> that this is not a direct portage of the Squid-2.7 feature so behaviour
|
|
||||||
differences do exist. Although the new feature works in similar enough ways that the old
|
|
||||||
helper scripts used for Squid-2.7 are expected to work in this and later versions of Squid.</P>
|
|
||||||
|
|
||||||
<P>Squid traditionally uses the requested URL as an index key ID to locate objects in cache.
|
|
||||||
It is not the only key possible and the Store-ID feature exposes an API for external
|
|
||||||
helpers to provide Squid with an alternative key name for any URL.</P>
|
|
||||||
|
|
||||||
<P>When any client request is received which requires a cache lookup the URL is passed to
|
|
||||||
a helper specified with the <EM>store_id_program</EM> directive to check for an alternative
|
|
||||||
Store ID. This allows the helper to identify URLs which refer to duplicate resources and
|
|
||||||
de-duplicate the cache content. <EM>store_id_access</EM> is provided to allow ACL-based
|
|
||||||
tuning of which traffic gets sent to the helper and reduce overheads.</P>
|
|
||||||
|
|
||||||
<P>One subtle and noteworthy difference between Squid-2 and Squid-3 which is highlighted by
|
|
||||||
this feature is that <EM>refresh_pattern</EM> applies its regex argument against the Store
|
|
||||||
ID key and not the transaction URL. So using the Store-ID feature to alter the value
|
|
||||||
affects which <EM>refresh_pattern</EM> directive will be matched.</P>
|
|
||||||
|
|
||||||
<P>Store-ID helpers bundled with Squid can be built with the --enable-storeid-rewrite-helpers
|
|
||||||
option which is added in this version. Currently there is a <EM>file</EM> helper
|
|
||||||
provided.</P>
|
|
||||||
|
|
||||||
|
|
||||||
<H2><A NAME="ss2.4">2.4</A> <A HREF="#toc2.4">TPROXY Support for OpenBSD 5.1+ and FreeBSD 9+</A>
|
|
||||||
</H2>
|
|
||||||
|
|
||||||
<P>Details at
|
|
||||||
<A HREF="http://wiki.squid-cache.org/ConfigExamples/Intercept/OpenBsdPf">http://wiki.squid-cache.org/ConfigExamples/Intercept/OpenBsdPf</A>.</P>
|
|
||||||
|
|
||||||
<P>The Packet Filter (PF) firewall in OpenBSD 4.4 and later offers traffic interception
|
|
||||||
using several very simple methods. One of which is the <EM>divert-to</EM> rule type
|
|
||||||
which acts as a simple routing diversion instead of performing NAT packet alterations.</P>
|
|
||||||
|
|
||||||
<P>The IP Firewall (IPFW) on FreeBSD 9+ contains a port of the Linux Netfilter TPROXY feature.</P>
|
|
||||||
|
|
||||||
<P>This version of Squid adds support for these features through the ./configure
|
|
||||||
options --enable-pf-transparent and --enable-ipfw-transparent when Squid is built on
|
|
||||||
systems with the required support. No special extras are required to enable
|
|
||||||
<EM>http_port ... tproxy</EM> configuration to work.</P>
|
|
||||||
|
|
||||||
<P>NOTE: To resolve NAT lookup issues on recent PF firewall versions the code behind
|
|
||||||
<EM>./configure --enable-pf-transparent</EM> has been altered and is expected to
|
|
||||||
break on the version of PF firewall shipped with BSD systems such as NetBSD and FreeBSD
|
|
||||||
which do not yet support the getsockname() API.
|
|
||||||
These systems require <EM>--with-nat-devpf</EM> to enable /dev/pf support when using PF firewall.</P>
|
|
||||||
|
|
||||||
|
|
||||||
<H2><A NAME="ss2.5">2.5</A> <A HREF="#toc2.5">Transaction Annotations</A>
|
|
||||||
</H2>
|
|
||||||
|
|
||||||
<P>Previously the only annotation methods available were ICAP/eCAP HTTP header insertions
|
|
||||||
or external ACL <EM>tag=</EM> result code. Each of which had only limited possibilities
|
|
||||||
for use and little or no correlation.</P>
|
|
||||||
|
|
||||||
<P>It is now possible to add annotations to a client transaction from several sources:
|
|
||||||
<UL>
|
|
||||||
<LI> Directly from squid.conf using the <EM>note</EM> directive with
|
|
||||||
ACL-based selection of which annotation is linked to any
|
|
||||||
particular transaction.
|
|
||||||
</LI>
|
|
||||||
<LI> By configured helper processes returning a key=value pair.
|
|
||||||
The key name becomes the annotation name.</LI>
|
|
||||||
</UL>
|
|
||||||
</P>
|
|
||||||
|
|
||||||
<P>Annotations on the transaction can be passed to ICAP services or eCAP modules using the
|
|
||||||
<EM>adaptation_meta</EM> directive to send them as headers.
|
|
||||||
They can also be logged using the <EM>%note</EM> log format code in custom logs. With
|
|
||||||
the new helper response syntax changes this means all helper response key=value details
|
|
||||||
such as URL-rewrite or store-id changes, external ACL tag etc. are now able to be logged.</P>
|
|
||||||
|
|
||||||
<P>Annotations which are already assigned to a transaction can be checked using an ACL test
|
|
||||||
of the new <EM>note</EM> ACL type. This can match a particular note by name and value,
|
|
||||||
of for any notes with a given name.</P>
|
|
||||||
|
|
||||||
<P>NOTE: not all helper interfaces are yet enabled to convert key=value into annotations
|
|
||||||
and the external ACL interface does not yet send annotations to the helper.</P>
|
|
||||||
|
|
||||||
|
|
||||||
<H2><A NAME="ss2.6">2.6</A> <A HREF="#toc2.6">Multicast DNS</A>
|
|
||||||
</H2>
|
|
||||||
|
|
||||||
<P>The internal DNS component of Squid now supports multicast DNS (mDNS) resolution in
|
|
||||||
accordance with RFC 6762.</P>
|
|
||||||
|
|
||||||
<P>The <EM>dns_multicast_local</EM> directive must be set to <EM>on</EM> to enable this
|
|
||||||
feature.</P>
|
|
||||||
|
|
||||||
<P>The multicast DNS group IP addresses for IPv4 and IPv6 resolving are added to the set
|
|
||||||
of available DNS resolvers and used automatically for domain names ending in <EM>.local</EM>
|
|
||||||
and reverse-DNS lookups before attempting a secondary resolution on the configured
|
|
||||||
resolvers. Domains without <EM>.local</EM> are resolved using only the configured resolvers.</P>
|
|
||||||
|
|
||||||
<P>Statistics for multicast DNS resolution can be found on the <EM>idns</EM> cache manager
|
|
||||||
report.</P>
|
|
||||||
|
|
||||||
<P><EM>NOTE</EM> that the external DNS helper interface is now deprecated and has been
|
|
||||||
removed from future Squid versions. Any installations still using it for local hostname
|
|
||||||
resolution need to upgrade to mDNS resolution with this Squid version.</P>
|
|
||||||
|
|
||||||
|
|
||||||
<H2><A NAME="s3">3.</A> <A HREF="#toc3">Changes to squid.conf since Squid-3.3</A></H2>
|
|
||||||
|
|
||||||
<P>There have been changes to Squid's configuration file since Squid-3.3.</P>
|
|
||||||
|
|
||||||
<P>Squid supports reading configuration option parameters from external
|
|
||||||
files using the syntax <EM>parameters("/path/filename")</EM>. For example:
|
|
||||||
<PRE>
|
|
||||||
acl whitelist dstdomain parameters("/etc/squid/whitelist.txt")
|
|
||||||
</PRE>
|
|
||||||
</P>
|
|
||||||
|
|
||||||
<P>There have also been changes to individual directives in the config file.</P>
|
|
||||||
<P>This section gives a thorough account of those changes in three categories:</P>
|
|
||||||
<P>
|
|
||||||
<UL>
|
|
||||||
<LI>
|
|
||||||
<A HREF="#newtags">New tags</A></LI>
|
|
||||||
<LI>
|
|
||||||
<A HREF="#modifiedtags">Changes to existing tags</A></LI>
|
|
||||||
<LI>
|
|
||||||
<A HREF="#removedtags">Removed tags</A></LI>
|
|
||||||
</UL>
|
|
||||||
</P>
|
|
||||||
|
|
||||||
|
|
||||||
<H2><A NAME="newtags"></A> <A NAME="ss3.1">3.1</A> <A HREF="#toc3.1">New tags</A>
|
|
||||||
</H2>
|
|
||||||
|
|
||||||
<P>
|
|
||||||
<DL>
|
|
||||||
<DT><B>configuration_includes_quoted_values</B><DD>
|
|
||||||
<P>Whether Squid supports directive parameters with spaces, quotes, and other
|
|
||||||
special characters. Surround such parameters with "double quotes" and
|
|
||||||
also set this directive on/off around the relevant squid.conf line(s)
|
|
||||||
making use of such quoting.</P>
|
|
||||||
|
|
||||||
<DT><B>dns_multicast_local</B><DD>
|
|
||||||
<P>Use multicast DNS for <EM>.local</EM> domains and reverse-DNS resolution.</P>
|
|
||||||
|
|
||||||
<DT><B>note</B><DD>
|
|
||||||
<P>Use ACLs to annotate a transaction with customized annotations
|
|
||||||
which can be logged in access.log</P>
|
|
||||||
|
|
||||||
<DT><B>spoof_client_ip</B><DD>
|
|
||||||
<P>Access control to determine whether to disable the TPROXY spoofing on upstream traffic.</P>
|
|
||||||
|
|
||||||
<DT><B>sslcrtvalidator_children</B><DD>
|
|
||||||
<P>Specifies the settings for how many SSL server certificate
|
|
||||||
validator helpers are run and when they are started.</P>
|
|
||||||
|
|
||||||
<DT><B>sslcrtvalidator_program</B><DD>
|
|
||||||
<P>Specifies the location of a SSL server certificate validator helper.</P>
|
|
||||||
|
|
||||||
<DT><B>store_id_access</B><DD>
|
|
||||||
<P>Whether the URL for a given request is passed to the Store-ID helper process.
|
|
||||||
Used to improve StoreID performance by quickly eliminating helper delays using ACL tests.</P>
|
|
||||||
<P>Ported equivalent to <EM>storeurl_access</EM> from 2.7</P>
|
|
||||||
|
|
||||||
<DT><B>store_id_bypass</B><DD>
|
|
||||||
<P>Whether the StoreID helper may be bypassed when overloaded.</P>
|
|
||||||
|
|
||||||
<DT><B>store_id_children</B><DD>
|
|
||||||
<P>Controls the number of StoreID helper processes.</P>
|
|
||||||
<P>Options <EM>startup=N</EM>, <EM>idle=N</EM>, <EM>concurrency=N</EM>
|
|
||||||
<UL>
|
|
||||||
<LI>startup=N allow finer tuning of how many helpers are started initially.</LI>
|
|
||||||
<LI>idle=N allow fine tuning of how many helper to retain as buffer against sudden traffic loads.</LI>
|
|
||||||
<LI>concurrency=N was previously called url_rewrite_concurrency as a distinct directive.</LI>
|
|
||||||
</UL>
|
|
||||||
</P>
|
|
||||||
|
|
||||||
<DT><B>store_id_rewrite_program</B><DD>
|
|
||||||
<P>A helper program to provide cache storage internal key ID value for a request.</P>
|
|
||||||
<P>Ported equivalent to <EM>storeurl_rewrite_program</EM> from 2.7</P>
|
|
||||||
|
|
||||||
</DL>
|
|
||||||
</P>
|
|
||||||
|
|
||||||
<H2><A NAME="modifiedtags"></A> <A NAME="ss3.2">3.2</A> <A HREF="#toc3.2">Changes to existing tags</A>
|
|
||||||
</H2>
|
|
||||||
|
|
||||||
<P>
|
|
||||||
<DL>
|
|
||||||
<DT><B>access_log</B><DD>
|
|
||||||
<P>Configuration syntax extended to support name=value options.
|
|
||||||
<EM>New Syntax:</EM> access_log module:place [option ...] [acl ...]</P>
|
|
||||||
<P>New option <EM>logformat=</EM> to specify the logging format name.</P>
|
|
||||||
<P>New option <EM>buffer-size=</EM> to specify how large the log buffer
|
|
||||||
for this log is to be when <EM>buffered_logs</EM> is enabled.</P>
|
|
||||||
<P>New option <EM>on-error=</EM> to specify what handling is to be done
|
|
||||||
if the logging module encounters a non-recoverable error writing logs.
|
|
||||||
With the value <EM>die</EM> (the default) Squid halts operation.
|
|
||||||
With the value <EM>drop</EM> Squid drops log lines and continue running.</P>
|
|
||||||
|
|
||||||
<DT><B>acl</B><DD>
|
|
||||||
<P>New test type <EM>server_cert_fingerprint</EM> to match against
|
|
||||||
server SSL certificate fingerprint.</P>
|
|
||||||
<P>New test type <EM>note</EM> to match against transaction annotations
|
|
||||||
by name and value, or just by name.</P>
|
|
||||||
<P>New test type <EM>any-of</EM> to match if any one of a set of named ACLs.</P>
|
|
||||||
<P>New test type <EM>all-of</EM> to match against all of a set of named ACLs.</P>
|
|
||||||
|
|
||||||
<DT><B>auth_param</B><DD>
|
|
||||||
<P>New result code <EM>BH</EM> to signal helper internal errors
|
|
||||||
available in all authentication schemes.</P>
|
|
||||||
<P>New key <EM>message=</EM> for error message details in all authentication schemes.</P>
|
|
||||||
<P>New result code <EM>OK</EM> and key <EM>ha1=</EM> in Digest authentication.</P>
|
|
||||||
<P>New result codes <EM>OK</EM>, <EM>ERR</EM> replace result codes <EM>AF</EM>,
|
|
||||||
and <EM>NA</EM> in NTLM and Negotiate authentication.</P>
|
|
||||||
<P>New key <EM>token=</EM> for NTLM and Negotiate authentication <EM>OK</EM> responses.</P>
|
|
||||||
<P>Details at
|
|
||||||
<A HREF="http://wiki.squid-cache.org/Features/AddonHelpers">http://wiki.squid-cache.org/Features/AddonHelpers</A>.</P>
|
|
||||||
|
|
||||||
<DT><B>external_acl_type</B><DD>
|
|
||||||
<P>Deprecated <EM>protocol=3.0</EM> option. No longer necessary.</P>
|
|
||||||
<P>New result code <EM>BH</EM> to signal helper internal errors</P>
|
|
||||||
<P>Details at
|
|
||||||
<A HREF="http://wiki.squid-cache.org/Features/AddonHelpers">http://wiki.squid-cache.org/Features/AddonHelpers</A>.</P>
|
|
||||||
|
|
||||||
<DT><B>http_port</B><DD>
|
|
||||||
<P>Support IPv6 for <EM>intercept</EM> mode. Requires ip6tables support on Linux,
|
|
||||||
PF support on OpenBSD and IPFW support on FreeBSD. Squid will no longer complain
|
|
||||||
about misconfiguration if IPv6 support is missing, we now rely on the firewall
|
|
||||||
tools reporting misconfiguration when the NAT rules are created.</P>
|
|
||||||
<P>Support <EM>tproxy</EM> mode traffic on BSD systems with BINDANY support
|
|
||||||
(OpenBSD 5+, FreeBSD 9+ so far).</P>
|
|
||||||
<P>Changed build options behind <EM>intercept</EM> traffic mode handling on BSD.
|
|
||||||
see <EM>--enable-pf-transparent</EM> for more details.</P>
|
|
||||||
|
|
||||||
<DT><B>logformat</B><DD>
|
|
||||||
<P>New format code <EM>%note</EM> to log a transaction annotation linked to the
|
|
||||||
transaction by ICAP, eCAP, a helper, or the <EM>note</EM> squid.conf directive.</P>
|
|
||||||
<P>New format code <EM>%>qos</EM> to log client connection TOS/DSCP value set by Squid.</P>
|
|
||||||
<P>New format code <EM>%<qos</EM> to log server connection TOS/DSCP value set by Squid.</P>
|
|
||||||
<P>New format code <EM>%>nfmark</EM> to log client connection netfilter mark set by Squid.</P>
|
|
||||||
<P>New format code <EM>%<nfmark</EM> to log server connection netfilter mark set by Squid.</P>
|
|
||||||
|
|
||||||
<DT><B>pipeline_prefetch</B><DD>
|
|
||||||
<P>Updated to take a numeric count of prefetched pipeline requests instead of ON/OFF.</P>
|
|
||||||
|
|
||||||
<DT><B>refresh_pattern</B><DD>
|
|
||||||
<P><EM>NOTE:</EM> the regular expression pattern operates on the cache Store-ID value.
|
|
||||||
Which by default is identical to the requested URL, but may differ for some
|
|
||||||
objects if the Store-ID feature is in use.</P>
|
|
||||||
|
|
||||||
<DT><B>unlinkd_program</B><DD>
|
|
||||||
<P>New helper response format utilizing result codes <EM>OK</EM> and <EM>BH</EM>,
|
|
||||||
to signal helper lookup results. Also, key-value response values to return
|
|
||||||
multiple values to Squid.</P>
|
|
||||||
<P>Details at
|
|
||||||
<A HREF="http://wiki.squid-cache.org/Features/AddonHelpers">http://wiki.squid-cache.org/Features/AddonHelpers</A>.</P>
|
|
||||||
|
|
||||||
<DT><B>url_rewrite_program</B><DD>
|
|
||||||
<P>New helper response format utilizing result codes <EM>OK</EM>, <EM>ERR</EM>,
|
|
||||||
and <EM>BH</EM> to signal helper lookup results. Also, key-value response
|
|
||||||
values to return multiple values to Squid.</P>
|
|
||||||
<P>Details at
|
|
||||||
<A HREF="http://wiki.squid-cache.org/Features/AddonHelpers">http://wiki.squid-cache.org/Features/AddonHelpers</A>.</P>
|
|
||||||
|
|
||||||
</DL>
|
|
||||||
</P>
|
|
||||||
|
|
||||||
<H2><A NAME="removedtags"></A> <A NAME="ss3.3">3.3</A> <A HREF="#toc3.3">Removed tags</A>
|
|
||||||
</H2>
|
|
||||||
|
|
||||||
<P>
|
|
||||||
<DL>
|
|
||||||
<DT><B>storeurl_access</B><DD>
|
|
||||||
<P>Replaced by <EM>store_id_access</EM>.</P>
|
|
||||||
|
|
||||||
<DT><B>storeurl_rewrite_children</B><DD>
|
|
||||||
<P>Replaced by <EM>store_id_children</EM>.</P>
|
|
||||||
|
|
||||||
<DT><B>storeurl_rewrite_concurrency</B><DD>
|
|
||||||
<P>Replaced by <EM>store_id_children</EM> with <EM>concurrency=N</EM> option.</P>
|
|
||||||
|
|
||||||
<DT><B>storeurl_rewrite_program</B><DD>
|
|
||||||
<P>Replaced by <EM>store_id_program</EM>.</P>
|
|
||||||
|
|
||||||
</DL>
|
|
||||||
</P>
|
|
||||||
|
|
||||||
|
|
||||||
<H2><A NAME="s4">4.</A> <A HREF="#toc4">Changes to ./configure options since Squid-3.3</A></H2>
|
|
||||||
|
|
||||||
<P>There have been some changes to Squid's build configuration since Squid-3.3.</P>
|
|
||||||
<P>This section gives an account of those changes in three categories:</P>
|
|
||||||
<P>
|
|
||||||
<UL>
|
|
||||||
<LI>
|
|
||||||
<A HREF="#newoptions">New options</A></LI>
|
|
||||||
<LI>
|
|
||||||
<A HREF="#modifiedoptions">Changes to existing options</A></LI>
|
|
||||||
<LI>
|
|
||||||
<A HREF="#removedoptions">Removed options</A></LI>
|
|
||||||
</UL>
|
|
||||||
</P>
|
|
||||||
|
|
||||||
|
|
||||||
<H2><A NAME="newoptions"></A> <A NAME="ss4.1">4.1</A> <A HREF="#toc4.1">New options</A>
|
|
||||||
</H2>
|
|
||||||
|
|
||||||
<P>
|
|
||||||
<DL>
|
|
||||||
<DT><B>--enable-storeid-rewrite-helpers</B><DD>
|
|
||||||
<P>New option to control which Store-ID helpers are built. As with other
|
|
||||||
helper options use --disable-* to prevent any helpers building and
|
|
||||||
omit to get all helper auto-detected.</P>
|
|
||||||
<P>Currenly only a helper using <EM>file</EM> for backend is provided.</P>
|
|
||||||
|
|
||||||
<DT><B>--disable-arch-native</B><DD>
|
|
||||||
<P>New option to disable use of -march=native compiler flag.</P>
|
|
||||||
<P>The new flag auto-enables CPU-specific optimizations in GCC and is
|
|
||||||
required by Clang++ v3.2 for correct 64-bit environment detection.
|
|
||||||
It does not always work well however, so this build option is provided
|
|
||||||
to remove it when necessary.</P>
|
|
||||||
|
|
||||||
<DT><B>--with-nat-devpf</B><DD>
|
|
||||||
<P>New option to alter the behaviour of <EM>http_port ... intercept</EM> option
|
|
||||||
in squid.conf.</P>
|
|
||||||
<P>When this option is used Squid performs the /dev/pf lookups required to
|
|
||||||
support PF <EM>rdr-to</EM> rules. Otherwise Squid will perform perform the
|
|
||||||
getsockname() API calls to support PF <EM>divert-to</EM> rules.</P>
|
|
||||||
<P>NOTE: systems such as NetBSD and FreeBSD which do not yet support
|
|
||||||
the getsockname() API in recent PF versions require this option.</P>
|
|
||||||
|
|
||||||
</DL>
|
|
||||||
</P>
|
|
||||||
|
|
||||||
<H2><A NAME="modifiedoptions"></A> <A NAME="ss4.2">4.2</A> <A HREF="#toc4.2">Changes to existing options</A>
|
|
||||||
</H2>
|
|
||||||
|
|
||||||
<P>
|
|
||||||
<DL>
|
|
||||||
<DT><B>--enable-pf-transparent</B><DD>
|
|
||||||
<P>NAT table support updated to use the getsockname() API provided by the
|
|
||||||
latest PF versions <EM>divert-to</EM>. This allows <EM>http_port</EM>
|
|
||||||
in squid.conf to support both <EM>intercept</EM> and <EM>tproxy</EM> traffic
|
|
||||||
and to silence NAT lookup failure messages on recent BSD.</P>
|
|
||||||
<P>NOTE: systems such as NetBSD and FreeBSD which do not yet support
|
|
||||||
the getsockname() API in recent PF versions require <EM>--with-nat-devpf</EM>
|
|
||||||
to re-enable /dev/pf support when using PF firewall.</P>
|
|
||||||
|
|
||||||
<DT><B>--disable-translation</B><DD>
|
|
||||||
<P>Default changed to prevent translating error page templates during build.
|
|
||||||
Use --enable-translation to explicitly build and install the templates.</P>
|
|
||||||
<P>The latest pre-translated templates can be downloaded from
|
|
||||||
<A HREF="http://www.squid-cache.org/Versions/langpack/">http://www.squid-cache.org/Versions/langpack/</A></P>
|
|
||||||
|
|
||||||
</DL>
|
|
||||||
</P>
|
|
||||||
<H2><A NAME="removedoptions"></A> <A NAME="ss4.3">4.3</A> <A HREF="#toc4.3">Removed options</A>
|
|
||||||
</H2>
|
|
||||||
|
|
||||||
<P>
|
|
||||||
<DL>
|
|
||||||
<P><EM>There are no removed ./configure options in Squid-3.4.</EM></P>
|
|
||||||
|
|
||||||
</DL>
|
|
||||||
</P>
|
|
||||||
|
|
||||||
|
|
||||||
<H2><A NAME="s5">5.</A> <A HREF="#toc5">Regressions since Squid-2.7</A></H2>
|
|
||||||
|
|
||||||
<P>Some squid.conf options which were available in Squid-2.7 are not yet available in Squid-3.4</P>
|
|
||||||
|
|
||||||
<P>If you need something to do then porting one of these from Squid-2 to Squid-3 is most welcome.</P>
|
|
||||||
|
|
||||||
<H2><A NAME="ss5.1">5.1</A> <A HREF="#toc5.1">Missing squid.conf options available in Squid-2.7</A>
|
|
||||||
</H2>
|
|
||||||
|
|
||||||
<P>
|
|
||||||
<DL>
|
|
||||||
<DT><B>broken_vary_encoding</B><DD>
|
|
||||||
<P>Not yet ported from 2.6</P>
|
|
||||||
|
|
||||||
<DT><B>cache_dir</B><DD>
|
|
||||||
<P><EM>COSS</EM> storage type is lacking stability fixes from 2.6</P>
|
|
||||||
<P>COSS <EM>overwrite-percent=</EM> option not yet ported from 2.6</P>
|
|
||||||
<P>COSS <EM>max-stripe-waste=</EM> option not yet ported from 2.6</P>
|
|
||||||
<P>COSS <EM>membufs=</EM> option not yet ported from 2.6</P>
|
|
||||||
<P>COSS <EM>maxfullbufs=</EM> option not yet ported from 2.6</P>
|
|
||||||
|
|
||||||
<DT><B>cache_peer</B><DD>
|
|
||||||
<P><EM>idle=</EM> not yet ported from 2.7</P>
|
|
||||||
<P><EM>monitorinterval=</EM> not yet ported from 2.6</P>
|
|
||||||
<P><EM>monitorsize=</EM> not yet ported from 2.6</P>
|
|
||||||
<P><EM>monitortimeout=</EM> not yet ported from 2.6</P>
|
|
||||||
<P><EM>monitorurl=</EM> not yet ported from 2.6</P>
|
|
||||||
|
|
||||||
<DT><B>cache_vary</B><DD>
|
|
||||||
<P>Not yet ported from 2.6</P>
|
|
||||||
|
|
||||||
<DT><B>collapsed_forwarding</B><DD>
|
|
||||||
<P>Not yet ported from 2.6</P>
|
|
||||||
|
|
||||||
<DT><B>error_map</B><DD>
|
|
||||||
<P>Not yet ported from 2.6</P>
|
|
||||||
|
|
||||||
<DT><B>external_refresh_check</B><DD>
|
|
||||||
<P>Not yet ported from 2.7</P>
|
|
||||||
|
|
||||||
<DT><B>location_rewrite_access</B><DD>
|
|
||||||
<P>Not yet ported from 2.6</P>
|
|
||||||
|
|
||||||
<DT><B>location_rewrite_children</B><DD>
|
|
||||||
<P>Not yet ported from 2.6</P>
|
|
||||||
|
|
||||||
<DT><B>location_rewrite_concurrency</B><DD>
|
|
||||||
<P>Not yet ported from 2.6</P>
|
|
||||||
|
|
||||||
<DT><B>location_rewrite_program</B><DD>
|
|
||||||
<P>Not yet ported from 2.6</P>
|
|
||||||
|
|
||||||
<DT><B>refresh_pattern</B><DD>
|
|
||||||
<P><EM>stale-while-revalidate=</EM> not yet ported from 2.7</P>
|
|
||||||
<P><EM>ignore-stale-while-revalidate=</EM> not yet ported from 2.7</P>
|
|
||||||
<P><EM>negative-ttl=</EM> not yet ported from 2.7</P>
|
|
||||||
|
|
||||||
<DT><B>refresh_stale_hit</B><DD>
|
|
||||||
<P>Not yet ported from 2.7</P>
|
|
||||||
|
|
||||||
<DT><B>update_headers</B><DD>
|
|
||||||
<P>Not yet ported from 2.7</P>
|
|
||||||
|
|
||||||
</DL>
|
|
||||||
</P>
|
|
||||||
|
|
||||||
</BODY>
|
|
||||||
</HTML>
|
|
3
squid-3.4.10.tar.bz2
Normal file
3
squid-3.4.10.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:5a971c4f5404113bd0264d13137cd5f326b58ef20c17beae836036668aeabc97
|
||||||
|
size 3043193
|
20
squid-3.4.10.tar.bz2.asc
Normal file
20
squid-3.4.10.tar.bz2.asc
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
File: squid-3.4.10.tar.bz2
|
||||||
|
Date: Tue Dec 9 17:23:33 UTC 2014
|
||||||
|
Size: 3043193
|
||||||
|
MD5 : 326283b0c37e7dc9b2f90dc0ecd9a8a4
|
||||||
|
SHA1: a04ab50971e1a446fe82514fff830898661c6fad
|
||||||
|
Key : 0xFF5CF463 <squid3@treenet.co.nz>
|
||||||
|
fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463
|
||||||
|
keyring = http://www.squid-cache.org/pgp.asc
|
||||||
|
keyserver = subkeys.pgp.net
|
||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
Version: GnuPG v1
|
||||||
|
|
||||||
|
iQEcBAABAgAGBQJUhzBbAAoJELJo5wb/XPRjUCIH/3hfJgMi/iKRZpedeFjQhstf
|
||||||
|
twbTxrtW1x+Er6J3pswPUIbLcYARHhsTpfYHAatleE1Ccl9b16FXSMSXobHpmrab
|
||||||
|
YR1q/N/W3QwgqH3D2a2m8eUNJTWxTeZ1xYeGzHJK7sgKfaBbt/JlYfs8nh7ekdkV
|
||||||
|
GjHzHa3IDuq5VX4Pra6riCW9NjAvUo8oaesU3ZRjV9fECbZ2XMqvrxHq7V7bGOgx
|
||||||
|
sU1gsRjlgsAZeFDiEXz+Dww2RBh46/gUwJZwO/uTYmJjPzr4hFb1PLwEVL4+auv2
|
||||||
|
uS8lta6K9ZpIXPXaKj0zntG1Z+5X77SoLoTQMq06PpLlGpDjYMDzcs25mCyU1R0=
|
||||||
|
=Ooir
|
||||||
|
-----END PGP SIGNATURE-----
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:42f2ffbfed6679e1e4ba9a29088495c088ff76cc2517d22d5fb792e2b802ce66
|
|
||||||
size 3043750
|
|
@ -1,20 +0,0 @@
|
|||||||
File: squid-3.4.9.tar.bz2
|
|
||||||
Date: Fri Oct 31 10:20:30 UTC 2014
|
|
||||||
Size: 3043750
|
|
||||||
MD5 : bb8ecbee8fa9fa8659b4349a78696fe7
|
|
||||||
SHA1: a356cadc324d91c41119f96a7d1a20330866c1ac
|
|
||||||
Key : 0xFF5CF463 <squid3@treenet.co.nz>
|
|
||||||
fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463
|
|
||||||
keyring = http://www.squid-cache.org/pgp.asc
|
|
||||||
keyserver = subkeys.pgp.net
|
|
||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
Version: GnuPG v1
|
|
||||||
|
|
||||||
iQEcBAABAgAGBQJUU3UxAAoJELJo5wb/XPRjhKUH/0flnkcc6gTQzh7Vh/kusCFk
|
|
||||||
pC/sfpt0mrZeZZQxAYS/wJFIym5jo8PkiKrvC2ZgOHchpVlGC3hLn2ENqbzR6VEv
|
|
||||||
L5V7M1XGJdgC1ynjj+H9ML4PBmV1E/XfakkOgnhY+3of32DrmuCN8CFuB5iGNcdH
|
|
||||||
xHwzXGSeyJkDUjZObourtT2h64Rc12cARz/yXgsq2YKAhf0EM8+rld5Xm40kOWsX
|
|
||||||
Vci/kvw3RkXuhMMwrL9jzxv8z5/nrsDHbHmwXy3mw2k0G9AmzbKx8ykdoABG/MH5
|
|
||||||
awuHT1MNFQp5IBr6LisM++2BILjb3UNiyp3lhDtXCHbTo6RCik7jUvEih57koqI=
|
|
||||||
=BI4b
|
|
||||||
-----END PGP SIGNATURE-----
|
|
@ -1,3 +1,24 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jan 9 10:19:10 UTC 2015 - tchvatal@suse.com
|
||||||
|
|
||||||
|
- Cleanup with spec-cleaner
|
||||||
|
- Version bump to 3.4.10:
|
||||||
|
* Fix bootstrap.sh dependency on SPONSORS.list
|
||||||
|
* HTTP/2: Support 421 (Misdirected Request) status code
|
||||||
|
* Alternate-Protocol is a hop-by-hop header
|
||||||
|
* Bug #4148: external_acl_type header format does not accept the new libformat syntax
|
||||||
|
* Bug #4033: Rebuild corrupted ssl_db/size file
|
||||||
|
* Bug #3902: Docs: external_acl_type cache hash key
|
||||||
|
* Bug #4145: squid_endian.h compile errors with OpenBSD 5.6
|
||||||
|
* Fix segmentation fault in ACLUrlPathStrategy::match
|
||||||
|
- Remove support for other distros as we build for opensuse anyway
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jan 2 16:07:38 UTC 2015 - boris@steki.net
|
||||||
|
|
||||||
|
- remove permissions.easy and permissions.paranoid files from package
|
||||||
|
as they are not used any more
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Dec 9 12:42:48 UTC 2014 - boris@steki.net
|
Tue Dec 9 12:42:48 UTC 2014 - boris@steki.net
|
||||||
|
|
||||||
|
201
squid.init
201
squid.init
@ -1,201 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
# Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH
|
|
||||||
# Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH
|
|
||||||
# Copyright (c) 2002 SuSE Linux AG
|
|
||||||
#
|
|
||||||
# Author: Frank Bodammer, Peter Poeml, Klaus Singvogel <feedback@suse.de>
|
|
||||||
#
|
|
||||||
# /etc/init.d/squid
|
|
||||||
# and its symbolic link
|
|
||||||
# /(usr/)sbin/rcsquid
|
|
||||||
#
|
|
||||||
### BEGIN INIT INFO
|
|
||||||
# Provides: squid
|
|
||||||
# Required-Start: $local_fs $remote_fs $network $time
|
|
||||||
# Should-Start: apache $named winbind
|
|
||||||
# Required-Stop: $local_fs $remote_fs $network $time
|
|
||||||
# Should-Stop: apache $named winbind
|
|
||||||
# Default-Start: 3 5
|
|
||||||
# Default-Stop: 0 1 2 6
|
|
||||||
# Short-Description: Squid web cache
|
|
||||||
# Description: Start the Squid web cache, providing
|
|
||||||
# HTTP, FTP and other proxy services
|
|
||||||
### END INIT INFO
|
|
||||||
#
|
|
||||||
# Note on runlevels:
|
|
||||||
# 0 - halt/poweroff 6 - reboot
|
|
||||||
# 1 - single user 2 - multiuser without network exported
|
|
||||||
# 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm)
|
|
||||||
|
|
||||||
|
|
||||||
# Check for missing binaries (stale symlinks should not happen)
|
|
||||||
# Note: Special treatment of stop for LSB conformance
|
|
||||||
SQUID_BIN=/usr/sbin/squid
|
|
||||||
test -x $SQUID_BIN || { echo "$SQUID_BIN not installed";
|
|
||||||
if [ "$1" = "stop" ]; then exit 0;
|
|
||||||
else exit 5; fi; }
|
|
||||||
|
|
||||||
# Check for existence of needed config file and read it
|
|
||||||
SQUID_SYSCONFIG=/etc/sysconfig/squid
|
|
||||||
test -r $SQUID_SYSCONFIG || { echo "$SQUID_SYSCONFIG not existing";
|
|
||||||
if [ "$1" = "stop" ]; then exit 0;
|
|
||||||
else exit 6; fi; }
|
|
||||||
|
|
||||||
# Read config
|
|
||||||
. $SQUID_SYSCONFIG
|
|
||||||
|
|
||||||
SQUID_PID=/var/run/squid.pid
|
|
||||||
SQUID_CONF=/etc/squid/squid.conf
|
|
||||||
SQUID_S_T=${SQUID_SHUTDOWN_TIMEOUT:="60"}
|
|
||||||
SQUID_OPTS=${SQUID_START_OPTIONS:="-sY"}
|
|
||||||
SQUID_ULIMIT=${SQUID_DEFAULT_ULIMT:="4096"}
|
|
||||||
|
|
||||||
# determine which one is the cache_swap directory
|
|
||||||
SQUID_CACHE_DIR=$(perl -n -e \
|
|
||||||
'/^cache_dir\s+\S+\s+(.*)\s+\d+\s+\d+\s+\d+/ && print "$1"' $SQUID_CONF)
|
|
||||||
|
|
||||||
ulimit -n "$SQUID_ULIMIT"
|
|
||||||
|
|
||||||
#IN: $SQUID_CACHE_DIR
|
|
||||||
setup_squid_cache_dir(){
|
|
||||||
for adir in "$1" ; do
|
|
||||||
if [ ! -d $adir/00 ]; then # create missing cache directories
|
|
||||||
umask 027 # prevent users reading any cache data
|
|
||||||
echo -n " ($adir)"
|
|
||||||
$SQUID_BIN -z -F > /dev/null 2>&1
|
|
||||||
fi
|
|
||||||
if [ ! -d $adir/00 ]; then
|
|
||||||
echo " - failed while creating cache_dir ! "
|
|
||||||
rc_failed
|
|
||||||
rc_status -v
|
|
||||||
rc_exit
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
sleep 2
|
|
||||||
}
|
|
||||||
|
|
||||||
# Shell functions sourced from /etc/rc.status:
|
|
||||||
# rc_check check and set local and overall rc status
|
|
||||||
# rc_status check and set local and overall rc status
|
|
||||||
# rc_status -v be verbose in local rc status and clear it afterwards
|
|
||||||
# rc_status -v -r ditto and clear both the local and overall rc status
|
|
||||||
# rc_status -s display "skipped" and exit with status 3
|
|
||||||
# rc_status -u display "unused" and exit with status 3
|
|
||||||
# rc_failed set local and overall rc status to failed
|
|
||||||
# rc_failed <num> set local and overall rc status to <num>
|
|
||||||
# rc_reset clear both the local and overall rc status
|
|
||||||
# rc_exit exit appropriate to overall rc status
|
|
||||||
# rc_active checks whether a service is activated by symlinks
|
|
||||||
. /etc/rc.status
|
|
||||||
|
|
||||||
# Reset status of this service
|
|
||||||
rc_reset
|
|
||||||
|
|
||||||
|
|
||||||
case "$1" in
|
|
||||||
start)
|
|
||||||
echo -n "Starting WWW-proxy squid "
|
|
||||||
if /sbin/checkproc $SQUID_BIN ; then
|
|
||||||
echo -n "- Warning: squid already running ! "
|
|
||||||
rc_failed
|
|
||||||
else
|
|
||||||
[ -e $SQUID_PID ] && echo -n "- Warning: $SQUID_PID exists ! "
|
|
||||||
if [ -n "$SQUID_CACHE_DIR" -a -d "$SQUID_CACHE_DIR" ]; then
|
|
||||||
setup_squid_cache_dir "$SQUID_CACHE_DIR"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
startproc -l /var/log/squid/rcsquid.log $SQUID_BIN "$SQUID_OPTS"
|
|
||||||
|
|
||||||
# Remember status and be verbose
|
|
||||||
rc_status -v
|
|
||||||
;;
|
|
||||||
stop)
|
|
||||||
echo -n "Shutting down WWW-proxy squid "
|
|
||||||
if /sbin/checkproc $SQUID_BIN ; then
|
|
||||||
$SQUID_BIN -k shutdown
|
|
||||||
sleep 2
|
|
||||||
if [ -e $SQUID_PID ] ; then
|
|
||||||
echo -n "- wait a minute or two... "
|
|
||||||
i="$SQUID_S_T"
|
|
||||||
while [ -e $SQUID_PID ] && [ $i -gt 0 ] ; do
|
|
||||||
sleep 2
|
|
||||||
i=$[$i-1]
|
|
||||||
echo -n "."
|
|
||||||
[ $i -eq 41 ] && echo
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
if /sbin/checkproc $SQUID_BIN ; then
|
|
||||||
killproc -TERM $SQUID_BIN
|
|
||||||
echo -n " Warning: squid killed !"
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
echo -n "- Warning: squid not running ! "
|
|
||||||
rc_failed 7
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Remember status and be verbose
|
|
||||||
rc_status -v
|
|
||||||
;;
|
|
||||||
try-restart)
|
|
||||||
$0 status >/dev/null && $0 restart
|
|
||||||
|
|
||||||
# Remember status and be quiet
|
|
||||||
rc_status
|
|
||||||
;;
|
|
||||||
restart)
|
|
||||||
$0 stop
|
|
||||||
$0 start
|
|
||||||
|
|
||||||
# Remember status and be quiet
|
|
||||||
rc_status
|
|
||||||
;;
|
|
||||||
force-reload)
|
|
||||||
$0 reload
|
|
||||||
|
|
||||||
# Remember status and be quiet
|
|
||||||
rc_status
|
|
||||||
;;
|
|
||||||
reload)
|
|
||||||
echo -n "Reloading WWW-proxy squid "
|
|
||||||
if /sbin/checkproc $SQUID_BIN ; then
|
|
||||||
$SQUID_BIN -k rotate
|
|
||||||
sleep 2
|
|
||||||
$SQUID_BIN -k reconfigure
|
|
||||||
rc_status
|
|
||||||
else
|
|
||||||
echo -n "- Warning: squid not running ! "
|
|
||||||
rc_failed 7
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Remember status and be verbose
|
|
||||||
rc_status -v
|
|
||||||
;;
|
|
||||||
status)
|
|
||||||
echo -n "Checking for WWW-proxy squid "
|
|
||||||
## Check status with checkproc(8), if process is running
|
|
||||||
## checkproc will return with exit status 0.
|
|
||||||
|
|
||||||
# Return value is slightly different for the status command:
|
|
||||||
# 0 - service up and running
|
|
||||||
# 1 - service dead, but /var/run/ pid file exists
|
|
||||||
# 2 - service dead, but /var/lock/ lock file exists
|
|
||||||
# 3 - service not running (unused)
|
|
||||||
# 4 - service status unknown :-(
|
|
||||||
# 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
|
|
||||||
|
|
||||||
# NOTE: checkproc returns LSB compliant status values.
|
|
||||||
/sbin/checkproc $SQUID_BIN
|
|
||||||
|
|
||||||
# Remember status and be verbose
|
|
||||||
rc_status -v
|
|
||||||
;;
|
|
||||||
probe)
|
|
||||||
test $SQUID_CONF -nt $SQUID_PID && echo reload
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
rc_exit
|
|
||||||
|
|
187
squid.init.rh
187
squid.init.rh
@ -1,187 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
# chkconfig: - 90 25
|
|
||||||
# pidfile: /var/run/squid.pid
|
|
||||||
# config: /etc/squid/squid.conf
|
|
||||||
#
|
|
||||||
### BEGIN INIT INFO
|
|
||||||
# Provides: squid
|
|
||||||
# Short-Description: starting and stopping Squid Internet Object Cache
|
|
||||||
# Description: Squid - Internet Object Cache. Internet object caching is \
|
|
||||||
# a way to store requested Internet objects (i.e., data available \
|
|
||||||
# via the HTTP, FTP, and gopher protocols) on a system closer to the \
|
|
||||||
# requesting site than to the source. Web browsers can then use the \
|
|
||||||
# local Squid cache as a proxy HTTP server, reducing access time as \
|
|
||||||
# well as bandwidth consumption.
|
|
||||||
### END INIT INFO
|
|
||||||
|
|
||||||
|
|
||||||
PATH=/usr/bin:/sbin:/bin:/usr/sbin
|
|
||||||
export PATH
|
|
||||||
|
|
||||||
# Source function library.
|
|
||||||
. /etc/rc.d/init.d/functions
|
|
||||||
|
|
||||||
# Source networking configuration.
|
|
||||||
. /etc/sysconfig/network
|
|
||||||
|
|
||||||
if [ -f /etc/sysconfig/squid ]; then
|
|
||||||
. /etc/sysconfig/squid
|
|
||||||
fi
|
|
||||||
|
|
||||||
# don't raise an error if the config file is incomplete
|
|
||||||
# set defaults instead:
|
|
||||||
SQUID_OPTS=${SQUID_OPTS:-""}
|
|
||||||
SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20}
|
|
||||||
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}
|
|
||||||
SQUID_CONF=${SQUID_CONF:-"/etc/squid/squid.conf"}
|
|
||||||
SQUID_PIDFILE_DIR="/var/run/squid"
|
|
||||||
SQUID_USER="squid"
|
|
||||||
SQUID_DIR="squid"
|
|
||||||
|
|
||||||
# determine the name of the squid binary
|
|
||||||
[ -f /usr/sbin/squid ] && SQUID=squid
|
|
||||||
|
|
||||||
prog="$SQUID"
|
|
||||||
|
|
||||||
# determine which one is the cache_swap directory
|
|
||||||
CACHE_SWAP=`sed -e 's/#.*//g' $SQUID_CONF | \
|
|
||||||
grep cache_dir | awk '{ print $3 }'`
|
|
||||||
|
|
||||||
RETVAL=0
|
|
||||||
|
|
||||||
probe() {
|
|
||||||
# Check that networking is up.
|
|
||||||
[ ${NETWORKING} = "no" ] && exit 1
|
|
||||||
|
|
||||||
[ `id -u` -ne 0 ] && exit 4
|
|
||||||
|
|
||||||
# check if the squid conf file is present
|
|
||||||
[ -f $SQUID_CONF ] || exit 6
|
|
||||||
}
|
|
||||||
|
|
||||||
start() {
|
|
||||||
# Check if $SQUID_PIDFILE_DIR exists and if not, lets create it and give squid permissions.
|
|
||||||
if [ ! -d $SQUID_PIDFILE_DIR ] ; then mkdir $SQUID_PIDFILE_DIR ; chown -R $SQUID_USER.$SQUID_DIR $SQUID_PIDFILE_DIR; fi
|
|
||||||
probe
|
|
||||||
|
|
||||||
parse=`$SQUID -k parse -f $SQUID_CONF 2>&1`
|
|
||||||
RETVAL=$?
|
|
||||||
if [ $RETVAL -ne 0 ]; then
|
|
||||||
echo -n $"Starting $prog: "
|
|
||||||
echo_failure
|
|
||||||
echo
|
|
||||||
echo "$parse"
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
for adir in $CACHE_SWAP; do
|
|
||||||
if [ ! -d $adir/00 ]; then
|
|
||||||
echo -n "init_cache_dir $adir... "
|
|
||||||
$SQUID -z -F -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
echo -n $"Starting $prog: "
|
|
||||||
$SQUID $SQUID_OPTS -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1
|
|
||||||
RETVAL=$?
|
|
||||||
if [ $RETVAL -eq 0 ]; then
|
|
||||||
timeout=0;
|
|
||||||
while : ; do
|
|
||||||
[ ! -f /var/run/squid.pid ] || break
|
|
||||||
if [ $timeout -ge $SQUID_PIDFILE_TIMEOUT ]; then
|
|
||||||
RETVAL=1
|
|
||||||
break
|
|
||||||
fi
|
|
||||||
sleep 1 && echo -n "."
|
|
||||||
timeout=$((timeout+1))
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$SQUID
|
|
||||||
[ $RETVAL -eq 0 ] && echo_success
|
|
||||||
[ $RETVAL -ne 0 ] && echo_failure
|
|
||||||
echo
|
|
||||||
return $RETVAL
|
|
||||||
}
|
|
||||||
|
|
||||||
stop() {
|
|
||||||
echo -n $"Stopping $prog: "
|
|
||||||
$SQUID -k check -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1
|
|
||||||
RETVAL=$?
|
|
||||||
if [ $RETVAL -eq 0 ] ; then
|
|
||||||
$SQUID -k shutdown -f $SQUID_CONF &
|
|
||||||
rm -f /var/lock/subsys/$SQUID
|
|
||||||
timeout=0
|
|
||||||
while : ; do
|
|
||||||
[ -f /var/run/squid.pid ] || break
|
|
||||||
if [ $timeout -ge $SQUID_SHUTDOWN_TIMEOUT ]; then
|
|
||||||
echo
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
sleep 2 && echo -n "."
|
|
||||||
timeout=$((timeout+2))
|
|
||||||
done
|
|
||||||
echo_success
|
|
||||||
echo
|
|
||||||
else
|
|
||||||
echo_failure
|
|
||||||
if [ ! -e /var/lock/subsys/$SQUID ]; then
|
|
||||||
RETVAL=0
|
|
||||||
fi
|
|
||||||
echo
|
|
||||||
fi
|
|
||||||
rm -rf $SQUID_PIDFILE_DIR/*
|
|
||||||
return $RETVAL
|
|
||||||
}
|
|
||||||
|
|
||||||
reload() {
|
|
||||||
$SQUID $SQUID_OPTS -k reconfigure -f $SQUID_CONF
|
|
||||||
}
|
|
||||||
|
|
||||||
restart() {
|
|
||||||
stop
|
|
||||||
rm -rf $SQUID_PIDFILE_DIR/*
|
|
||||||
start
|
|
||||||
}
|
|
||||||
|
|
||||||
condrestart() {
|
|
||||||
[ -e /var/lock/subsys/squid ] && restart || :
|
|
||||||
}
|
|
||||||
|
|
||||||
rhstatus() {
|
|
||||||
status $SQUID && $SQUID -k check -f $SQUID_CONF
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
case "$1" in
|
|
||||||
start)
|
|
||||||
start
|
|
||||||
;;
|
|
||||||
|
|
||||||
stop)
|
|
||||||
stop
|
|
||||||
;;
|
|
||||||
|
|
||||||
reload|force-reload)
|
|
||||||
reload
|
|
||||||
;;
|
|
||||||
|
|
||||||
restart)
|
|
||||||
restart
|
|
||||||
;;
|
|
||||||
|
|
||||||
condrestart|try-restart)
|
|
||||||
condrestart
|
|
||||||
;;
|
|
||||||
|
|
||||||
status)
|
|
||||||
rhstatus
|
|
||||||
;;
|
|
||||||
|
|
||||||
probe)
|
|
||||||
probe
|
|
||||||
;;
|
|
||||||
|
|
||||||
*)
|
|
||||||
echo $"Usage: $0 {start|stop|status|reload|force-reload|restart|try-restart|probe}"
|
|
||||||
exit 2
|
|
||||||
esac
|
|
||||||
|
|
||||||
exit $?
|
|
@ -1,4 +1,5 @@
|
|||||||
/var/log/squid/access.log /var/log/squid/store.log /var/log/squid/cache.log {
|
/var/log/squid/access.log /var/log/squid/store.log /var/log/squid/cache.log {
|
||||||
|
su squid squid
|
||||||
compress
|
compress
|
||||||
dateext
|
dateext
|
||||||
maxage 365
|
maxage 365
|
||||||
|
@ -1,5 +0,0 @@
|
|||||||
/var/cache/squid/ squid:root 750
|
|
||||||
/var/log/squid/ squid:root 750
|
|
||||||
/usr/sbin/pinger root:squid 750
|
|
||||||
+capabilities cap_net_raw=ep
|
|
||||||
/usr/sbin/basic_pam_auth root:shadow 2750
|
|
@ -1,5 +0,0 @@
|
|||||||
/var/cache/squid/ squid:root 750
|
|
||||||
/var/log/squid/ squid:root 750
|
|
||||||
/usr/sbin/pinger root:squid 750
|
|
||||||
+capabilities cap_net_raw=ep
|
|
||||||
/usr/sbin/basic_pam_auth root:root 755
|
|
246
squid.spec
246
squid.spec
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package squid
|
# spec file for package squid
|
||||||
#
|
#
|
||||||
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -17,42 +17,23 @@
|
|||||||
|
|
||||||
|
|
||||||
%define squidlibdir %{_libdir}/squid
|
%define squidlibdir %{_libdir}/squid
|
||||||
%define squidconfdir /etc/squid
|
%define squidconfdir %{_sysconfdir}/squid
|
||||||
#define snap -20131225-r13064
|
|
||||||
|
|
||||||
Name: squid
|
Name: squid
|
||||||
|
Version: 3.4.10
|
||||||
|
Release: 0
|
||||||
Summary: A fully featured HTTP/1.0 proxy
|
Summary: A fully featured HTTP/1.0 proxy
|
||||||
License: GPL-2.0+
|
License: GPL-2.0+
|
||||||
Group: Productivity/Networking/Web/Proxy
|
Group: Productivity/Networking/Web/Proxy
|
||||||
Version: 3.4.9
|
|
||||||
Release: 0
|
|
||||||
Url: http://www.squid-cache.org/Versions/v3/3.4
|
Url: http://www.squid-cache.org/Versions/v3/3.4
|
||||||
Source0: http://www.squid-cache.org/Versions/v3/3.4/%{name}-%{version}.tar.bz2
|
Source0: http://www.squid-cache.org/Versions/v3/3.4/%{name}-%{version}.tar.bz2
|
||||||
Source1: http://www.squid-cache.org/Versions/v3/3.4/%{name}-%{version}.tar.bz2.asc
|
Source1: http://www.squid-cache.org/Versions/v3/3.4/%{name}-%{version}.tar.bz2.asc
|
||||||
Source2: RELEASENOTES.html
|
|
||||||
Source3: squid.init
|
|
||||||
Source4: squid.sysconfig
|
Source4: squid.sysconfig
|
||||||
Source5: pam.squid
|
Source5: pam.squid
|
||||||
Source6: unsquid.pl
|
Source6: unsquid.pl
|
||||||
Source7: %{name}.logrotate
|
Source7: %{name}.logrotate
|
||||||
###Source9: %%{name}.permissions.easy
|
|
||||||
Source10: README.kerberos
|
Source10: README.kerberos
|
||||||
Source11: %{name}.service
|
Source11: %{name}.service
|
||||||
Source13: %{name}.keyring
|
Source13: %{name}.keyring
|
||||||
Source14: squid.init.rh
|
|
||||||
###Source15: %%{name}.permissions.paranoid
|
|
||||||
|
|
||||||
#
|
|
||||||
# the following patches are downloaded directly from the webserver
|
|
||||||
# don't change the names for easier identification
|
|
||||||
#
|
|
||||||
# please read every file if there is interest about what the patch changes
|
|
||||||
# or just visit: http://www.squid-cache.org/Versions/v3/3.2/changesets/
|
|
||||||
#
|
|
||||||
#
|
|
||||||
# Upstream patch
|
|
||||||
# Patch0:
|
|
||||||
|
|
||||||
# do not show some rpmlint warnings
|
# do not show some rpmlint warnings
|
||||||
Source99: squid-rpmlintrc
|
Source99: squid-rpmlintrc
|
||||||
# some useful defaults for squid
|
# some useful defaults for squid
|
||||||
@ -64,87 +45,49 @@ Patch101: %{name}-nobuilddates.patch
|
|||||||
Patch102: %{name}-compiled_without_RPM_OPT_FLAGS.patch
|
Patch102: %{name}-compiled_without_RPM_OPT_FLAGS.patch
|
||||||
# patch fixes kerberos principalname handling (http://bugs.squid-cache.org/show_bug.cgi?id=4042)
|
# patch fixes kerberos principalname handling (http://bugs.squid-cache.org/show_bug.cgi?id=4042)
|
||||||
Patch103: squid-brokenad.patch
|
Patch103: squid-brokenad.patch
|
||||||
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
|
||||||
%if 0%{?suse_version}
|
|
||||||
PreReq: %fillup_prereq
|
|
||||||
PreReq: %insserv_prereq
|
|
||||||
PreReq: /usr/bin/getent
|
|
||||||
PreReq: permissions
|
|
||||||
PreReq: pwdutils
|
|
||||||
%else
|
|
||||||
Requires(pre): shadow-utils
|
|
||||||
Requires(post): /sbin/chkconfig
|
|
||||||
Requires(preun): /sbin/service /sbin/chkconfig
|
|
||||||
Requires(postun): /sbin/service
|
|
||||||
%endif
|
|
||||||
BuildRequires: db-devel
|
|
||||||
# needed by bootstrap.sh
|
|
||||||
BuildRequires: cyrus-sasl-devel
|
BuildRequires: cyrus-sasl-devel
|
||||||
|
BuildRequires: db-devel
|
||||||
BuildRequires: ed
|
BuildRequires: ed
|
||||||
BuildRequires: expat
|
BuildRequires: expat
|
||||||
%if 0%{?suse_version} || 0%{?fedora_version} > 8
|
|
||||||
BuildRequires: fdupes
|
BuildRequires: fdupes
|
||||||
%endif
|
|
||||||
BuildRequires: gcc-c++
|
BuildRequires: gcc-c++
|
||||||
BuildRequires: krb5-devel
|
BuildRequires: krb5-devel
|
||||||
BuildRequires: libcap-devel
|
BuildRequires: libcap-devel
|
||||||
BuildRequires: libexpat-devel
|
BuildRequires: libexpat-devel
|
||||||
%if 0%{?suse_version} <= 1140
|
|
||||||
BuildRequires: libtool
|
|
||||||
%else
|
|
||||||
BuildRequires: libtool >= 2.4
|
BuildRequires: libtool >= 2.4
|
||||||
%endif
|
|
||||||
BuildRequires: openldap2-devel
|
BuildRequires: openldap2-devel
|
||||||
BuildRequires: opensp-devel
|
BuildRequires: opensp-devel
|
||||||
BuildRequires: openssl-devel
|
BuildRequires: openssl-devel
|
||||||
BuildRequires: pam-devel
|
BuildRequires: pam-devel
|
||||||
BuildRequires: pkgconfig
|
BuildRequires: pkgconfig
|
||||||
BuildRequires: sharutils
|
BuildRequires: sharutils
|
||||||
%if 0%{?suse_version} < 1220
|
|
||||||
BuildRequires: libxml2-devel
|
|
||||||
%else
|
|
||||||
BuildRequires: pkgconfig(libxml-2.0)
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%if 0%{?suse_version} >= 1210
|
|
||||||
BuildRequires: systemd
|
BuildRequires: systemd
|
||||||
%{?systemd_requires}
|
BuildRequires: pkgconfig(libxml-2.0)
|
||||||
%define has_systemd 1
|
|
||||||
%endif
|
|
||||||
|
|
||||||
Requires: logrotate
|
Requires: logrotate
|
||||||
Requires: sed
|
Requires: sed
|
||||||
Provides: http_proxy
|
Requires(post): %fillup_prereq
|
||||||
|
Requires(pre): %insserv_prereq
|
||||||
# due to package rename
|
Requires(pre): %{_bindir}/getent
|
||||||
# Wed Aug 15 17:40:30 UTC 2012
|
Requires(pre): permissions
|
||||||
|
Requires(pre): pwdutils
|
||||||
Provides: %{name}3 = %{version}
|
Provides: %{name}3 = %{version}
|
||||||
|
Provides: http_proxy
|
||||||
Obsoletes: %{name}3 < %{version}
|
Obsoletes: %{name}3 < %{version}
|
||||||
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
|
%{?systemd_requires}
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Squid is a fully-featured HTTP/1.0 proxy which is almost (but not quite - we're getting there!) a fully-featured HTTP/1.1 proxy. Squid offers a rich access control, authorization and logging environment to develop web proxy and content serving applications. Squid offers a rich set of traffic optimization options, most of which are enabled by default for simpler installation and high performance.
|
Squid is a fully-featured HTTP/1.0 proxy which is almost a fully-featured
|
||||||
|
HTTP/1.1 proxy. Squid offers a rich access control, authorization and logging
|
||||||
Squid 3.4 represents a new feature release above 3.3.
|
environment to develop web proxy and content serving applications.
|
||||||
|
Squid offers a rich set of traffic optimization options, most of which are
|
||||||
The most important of these new features are:
|
enabled by default for simpler installation and high performance.
|
||||||
|
|
||||||
* Helper protocol extensions
|
|
||||||
* SSL Server Certificate Validator
|
|
||||||
* Store-ID
|
|
||||||
* TPROXY Support for OpenBSD 5.1+ and FreeBSD 9+
|
|
||||||
* Transaction Annotations
|
|
||||||
* Multicast DNS
|
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
#setup -q -n %{name}-%{version}%{snap}
|
%setup -q
|
||||||
%setup -q -n %{name}-%{version}
|
cp %{SOURCE10} .
|
||||||
cp %{S:10} .
|
|
||||||
# upstream patches after RELEASE
|
|
||||||
#
|
|
||||||
##### other patches
|
|
||||||
%patch100
|
%patch100
|
||||||
perl -p -i -e 's|/usr/local/bin/perl|/usr/bin/perl|' `find -name "*.pl"`
|
perl -p -i -e 's|%{_prefix}/local/bin/perl|%{_bindir}/perl|' `find -name "*.pl"`
|
||||||
chmod a-x CREDITS
|
chmod a-x CREDITS
|
||||||
%patch101
|
%patch101
|
||||||
%patch102
|
%patch102
|
||||||
@ -157,19 +100,12 @@ export LDFLAGS='-Wl,-z,relro,-z,now -pie'
|
|||||||
%configure \
|
%configure \
|
||||||
--disable-strict-error-checking \
|
--disable-strict-error-checking \
|
||||||
--sysconfdir=%{squidconfdir} \
|
--sysconfdir=%{squidconfdir} \
|
||||||
--libexecdir=/usr/sbin \
|
--libexecdir=%{_sbindir} \
|
||||||
--datadir=/usr/share/squid \
|
--datadir=%{_datadir}/squid \
|
||||||
--sharedstatedir=/var/squid \
|
--sharedstatedir=%{_localstatedir}/squid \
|
||||||
--with-logdir=/var/log/squid \
|
--with-logdir=%{_localstatedir}/log/squid \
|
||||||
%if 0%{?has_systemd}
|
|
||||||
--with-pidfile=/run/squid.pid \
|
--with-pidfile=/run/squid.pid \
|
||||||
%else
|
|
||||||
--with-pidfile=/var/run/squid.pid \
|
|
||||||
%endif
|
|
||||||
--with-dl \
|
--with-dl \
|
||||||
%if 0%{?suse_version} <= 1140
|
|
||||||
--with-included-ltdl \
|
|
||||||
%endif
|
|
||||||
--enable-disk-io \
|
--enable-disk-io \
|
||||||
--enable-storeio \
|
--enable-storeio \
|
||||||
--enable-removal-policies=heap,lru \
|
--enable-removal-policies=heap,lru \
|
||||||
@ -214,7 +150,7 @@ make SAMBAPREFIX=/usr %{?_smp_mflags}
|
|||||||
|
|
||||||
%install
|
%install
|
||||||
%{_sbindir}/groupadd -g 31 -r %{name} 2>/dev/null || :
|
%{_sbindir}/groupadd -g 31 -r %{name} 2>/dev/null || :
|
||||||
%{_sbindir}/useradd -c "WWW-proxy squid" -d /var/cache/%{name} \
|
%{_sbindir}/useradd -c "WWW-proxy squid" -d %{_localstatedir}/cache/%{name} \
|
||||||
-g %{name} -o -u 31 -r -s /bin/false 2> /dev/null || :
|
-g %{name} -o -u 31 -r -s /bin/false 2> /dev/null || :
|
||||||
|
|
||||||
install -d -m 750 %{buildroot}%{_localstatedir}/{cache,log}/%{name}
|
install -d -m 750 %{buildroot}%{_localstatedir}/{cache,log}/%{name}
|
||||||
@ -223,25 +159,8 @@ install -d %{buildroot}%{_prefix}/sbin
|
|||||||
# make_install
|
# make_install
|
||||||
make install DESTDIR=%{buildroot} SAMBAPREFIX=/usr
|
make install DESTDIR=%{buildroot} SAMBAPREFIX=/usr
|
||||||
|
|
||||||
mv %{buildroot}{/etc/%{name}/,/usr/share/%{name}/}mime.conf.default
|
mv %{buildroot}{%{_sysconfdir}/%{name}/,%{_datadir}/%{name}/}mime.conf.default
|
||||||
ln -s /etc/%{name}/mime.conf %{buildroot}%{_datadir}/%{name} # backward compatible
|
ln -s %{_sysconfdir}/%{name}/mime.conf %{buildroot}%{_datadir}/%{name} # backward compatible
|
||||||
|
|
||||||
#### install permissions files
|
|
||||||
###%%if 0%%{?suse_version} <= 1320
|
|
||||||
###cp -a %%{SOURCE9} %%{name}.easy
|
|
||||||
###cp -a %%{SOURCE9} %%{name}.secure
|
|
||||||
###cp -a %%{SOURCE15} %%{name}.paranoid
|
|
||||||
###%if !0%%{?has_systemd}
|
|
||||||
###sed -i -re '/capabilities/d;s@^(/usr/sbin/pinger.*)750@\12750@g' %%{name}.easy
|
|
||||||
###sed -i -re '/capabilities/d;s@^(/usr/sbin/pinger.*)750@\12750@g' %%{name}.secure
|
|
||||||
###sed -i -re '/capabilities/d;s@^(/usr/sbin/pinger.*)750@\1750@g' %%{name}.paranoid
|
|
||||||
###%%endif
|
|
||||||
|
|
||||||
###install -D -m 644 %%{name}.easy %%{buildroot}%%{_sysconfdir}/permissions.d/%%{name}.easy
|
|
||||||
#### pinger should be secure "enough" anyway paranoid will strip everything :)
|
|
||||||
###install -m 644 %%{name}.secure %%{buildroot}%%{_sysconfdir}/permissions.d/%%{name}.secure
|
|
||||||
###install -m 644 %%{name}.paranoid %%{buildroot}%%{_sysconfdir}/permissions.d/%%{name}.paranoid
|
|
||||||
###%%endif
|
|
||||||
|
|
||||||
# install logrotate file
|
# install logrotate file
|
||||||
install -D -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
|
install -D -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
|
||||||
@ -266,34 +185,15 @@ for i in errors/*; do
|
|||||||
install -m 644 $i/* %{buildroot}%{_datadir}/%{name}/$i
|
install -m 644 $i/* %{buildroot}%{_datadir}/%{name}/$i
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
ln -sf /usr/share/%{name}/errors/de %{buildroot}%{squidconfdir}/errors
|
ln -sf %{_datadir}/%{name}/errors/de %{buildroot}%{squidconfdir}/errors
|
||||||
|
|
||||||
|
# systemd service
|
||||||
|
install -D -m 644 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}.service
|
||||||
|
ln -sf service %{buildroot}%{_sbindir}/rc%{name}
|
||||||
|
install -D -m644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
|
||||||
|
|
||||||
# fix file duplicates
|
# fix file duplicates
|
||||||
%if 0%{?suse_version} > 1030
|
|
||||||
%fdupes -s %{buildroot}%{_prefix}
|
%fdupes -s %{buildroot}%{_prefix}
|
||||||
%endif
|
|
||||||
%if 0%{?fedora_version} > 8
|
|
||||||
fdupes -q -n -r %{buildroot}%{_prefix}
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%if 0%{?has_systemd}
|
|
||||||
install -D -m 644 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}.service
|
|
||||||
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
|
|
||||||
%else # SysVinit
|
|
||||||
# fix postrotate script for SysVinit
|
|
||||||
sed -i -re 's@/usr/bin/systemctl.*@/etc/init.d/squid reload@g' %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
|
|
||||||
%if 0%{?suse_version}
|
|
||||||
install -D %{SOURCE3} %{buildroot}%{_sysconfdir}/init.d/%{name}
|
|
||||||
ln -sf %{_sysconfdir}/init.d/%{name} %{buildroot}%{_sbindir}/rc%{name}
|
|
||||||
%else # lets just assume other are rh based ones...
|
|
||||||
install -D %{SOURCE14} %{buildroot}%{_sysconfdir}/init.d/%{name}
|
|
||||||
%endif
|
|
||||||
%endif
|
|
||||||
%if 0%{?suse_version}
|
|
||||||
install -D -m644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
|
|
||||||
%else
|
|
||||||
install -D -m644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/%{name}
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%pre
|
%pre
|
||||||
# we need this group for /usr/sbin/pinger
|
# we need this group for /usr/sbin/pinger
|
||||||
@ -306,7 +206,7 @@ if [ -z "`%{_bindir}/getent group winbind 2>/dev/null`" ]; then
|
|||||||
%{_sbindir}/groupadd -r winbind 2>/dev/null
|
%{_sbindir}/groupadd -r winbind 2>/dev/null
|
||||||
fi
|
fi
|
||||||
if [ -z "`%{_bindir}/getent passwd squid 2>/dev/null`" ]; then
|
if [ -z "`%{_bindir}/getent passwd squid 2>/dev/null`" ]; then
|
||||||
%{_sbindir}/useradd -c "WWW-proxy squid" -d /var/cache/%{name} \
|
%{_sbindir}/useradd -c "WWW-proxy squid" -d %{_localstatedir}/cache/%{name} \
|
||||||
-G winbind -g %{name} -o -u 31 -r -s /bin/false \
|
-G winbind -g %{name} -o -u 31 -r -s /bin/false \
|
||||||
%{name} 2>/dev/null
|
%{name} 2>/dev/null
|
||||||
fi
|
fi
|
||||||
@ -314,78 +214,36 @@ fi
|
|||||||
if [ `%{_bindir}/id -nG %{name} 2>/dev/null | grep -q winbind >/dev/null; echo $?` -ne 0 ]; then
|
if [ `%{_bindir}/id -nG %{name} 2>/dev/null | grep -q winbind >/dev/null; echo $?` -ne 0 ]; then
|
||||||
%{_sbindir}/usermod -G winbind %{name} 2>/dev/null
|
%{_sbindir}/usermod -G winbind %{name} 2>/dev/null
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%if 0%{?has_systemd}
|
|
||||||
%service_add_pre %{name}.service
|
%service_add_pre %{name}.service
|
||||||
%endif
|
|
||||||
|
|
||||||
%post
|
%post
|
||||||
%if 0%{?suse_version} >= 1140
|
|
||||||
%if 0%{?set_permissions:1}
|
|
||||||
%set_permissions %{_sbindir}/pinger
|
%set_permissions %{_sbindir}/pinger
|
||||||
%set_permissions %{_sbindir}/basic_pam_auth
|
%set_permissions %{_sbindir}/basic_pam_auth
|
||||||
%set_permissions %{_localstatedir}/cache/squid/
|
%set_permissions %{_localstatedir}/cache/squid/
|
||||||
%set_permissions %{_localstatedir}/log/squid/
|
%set_permissions %{_localstatedir}/log/squid/
|
||||||
%else
|
|
||||||
%run_permissions
|
|
||||||
%endif
|
|
||||||
%endif
|
|
||||||
# update mode?
|
# update mode?
|
||||||
if [ "$1" -gt "1" ]; then
|
if [ "$1" -gt "1" ]; then
|
||||||
if [ -e etc/%{name}.conf -a ! -L etc/%{name}.conf -a ! -e etc/%{name}/%{name}.conf ]; then
|
if [ -e etc/%{name}.conf -a ! -L etc/%{name}.conf -a ! -e etc/%{name}/%{name}.conf ]; then
|
||||||
echo "moving /etc/%{name}.conf to /etc/%{name}/%{name}.conf"
|
echo "moving %{_sysconfdir}/%{name}.conf to %{_sysconfdir}/%{name}/%{name}.conf"
|
||||||
mv etc/%{name}.conf etc/%{name}/%{name}.conf
|
mv etc/%{name}.conf etc/%{name}/%{name}.conf
|
||||||
fi
|
fi
|
||||||
# default group changed from nogroup to squid
|
# default group changed from nogroup to squid
|
||||||
%{_sbindir}/usermod -g %{name} %{name}
|
%{_sbindir}/usermod -g %{name} %{name}
|
||||||
fi
|
fi
|
||||||
|
%fillup_only
|
||||||
%if 0%{?has_systemd}
|
|
||||||
%service_add_post squid.service
|
%service_add_post squid.service
|
||||||
%else
|
|
||||||
%if 0%{?suse_version}
|
|
||||||
%{fillup_and_insserv -n "squid"}
|
|
||||||
%else
|
|
||||||
/sbin/chkconfig --add squid
|
|
||||||
%endif
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%preun
|
%preun
|
||||||
%if 0%{?has_systemd}
|
|
||||||
%service_del_preun squid.service
|
%service_del_preun squid.service
|
||||||
%else
|
|
||||||
%if 0%{?suse_version}
|
|
||||||
%stop_on_removal squid
|
|
||||||
%else
|
|
||||||
if [ $1 = 0 ] ; then
|
|
||||||
service squid stop >/dev/null 2>&1
|
|
||||||
rm -f /var/log/squid/*
|
|
||||||
/sbin/chkconfig --del squid
|
|
||||||
fi
|
|
||||||
%endif
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%if 0%{?suse_version}
|
|
||||||
%verifyscript
|
%verifyscript
|
||||||
%verify_permissions -e /usr/sbin/basic_pam_auth
|
%verify_permissions -e %{_sbindir}/basic_pam_auth
|
||||||
%verify_permissions -e /usr/sbin/pinger
|
%verify_permissions -e %{_sbindir}/pinger
|
||||||
%verify_permissions -e /var/cache/squid/
|
%verify_permissions -e %{_localstatedir}/cache/squid/
|
||||||
%verify_permissions -e /var/log/squid/
|
%verify_permissions -e %{_localstatedir}/log/squid/
|
||||||
%endif
|
|
||||||
|
|
||||||
%postun
|
%postun
|
||||||
%if 0%{?has_systemd}
|
|
||||||
%service_del_postun squid.service
|
%service_del_postun squid.service
|
||||||
%else
|
|
||||||
%if 0%{?suse_version}
|
|
||||||
%restart_on_update squid
|
|
||||||
%insserv_cleanup
|
|
||||||
%else
|
|
||||||
if [ "$1" -ge "1" ] ; then
|
|
||||||
service squid condrestart >/dev/null 2>&1
|
|
||||||
fi
|
|
||||||
%endif
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
@ -395,11 +253,7 @@ fi
|
|||||||
%doc doc/contrib doc/scripts
|
%doc doc/contrib doc/scripts
|
||||||
%doc doc/debug-sections.txt src/%{name}.conf.default
|
%doc doc/debug-sections.txt src/%{name}.conf.default
|
||||||
%doc %{_mandir}/man?/*
|
%doc %{_mandir}/man?/*
|
||||||
%if 0%{?has_systemd}
|
|
||||||
%{_unitdir}/%{name}.service
|
%{_unitdir}/%{name}.service
|
||||||
%else
|
|
||||||
%{_sysconfdir}/init.d/%{name}
|
|
||||||
%endif
|
|
||||||
%verify(not user group mode) %attr(750,%{name},root) %dir %{_localstatedir}/cache/%{name}/
|
%verify(not user group mode) %attr(750,%{name},root) %dir %{_localstatedir}/cache/%{name}/
|
||||||
%verify(not user group mode) %attr(750,%{name},root) %dir %{_localstatedir}/log/%{name}/
|
%verify(not user group mode) %attr(750,%{name},root) %dir %{_localstatedir}/log/%{name}/
|
||||||
%dir %{squidconfdir}
|
%dir %{squidconfdir}
|
||||||
@ -416,11 +270,6 @@ fi
|
|||||||
%config %{squidconfdir}/%{name}.conf.default
|
%config %{squidconfdir}/%{name}.conf.default
|
||||||
%config %{squidconfdir}/%{name}.conf.documented
|
%config %{squidconfdir}/%{name}.conf.documented
|
||||||
%config %{_sysconfdir}/pam.d/%{name}
|
%config %{_sysconfdir}/pam.d/%{name}
|
||||||
###%%if 0%%{?suse_version} <= 1320
|
|
||||||
###%%config %%{_sysconfdir}/permissions.d/%%{name}.easy
|
|
||||||
###%%config %%{_sysconfdir}/permissions.d/%%{name}.secure
|
|
||||||
###%%config %%{_sysconfdir}/permissions.d/%%{name}.paranoid
|
|
||||||
###%%endif
|
|
||||||
%dir %{_datadir}/%{name}
|
%dir %{_datadir}/%{name}
|
||||||
%{_datadir}/%{name}/errors
|
%{_datadir}/%{name}/errors
|
||||||
%{_datadir}/%{name}/icons
|
%{_datadir}/%{name}/icons
|
||||||
@ -438,7 +287,6 @@ fi
|
|||||||
%{_sbindir}/basic_ncsa_auth
|
%{_sbindir}/basic_ncsa_auth
|
||||||
%{_sbindir}/basic_nis_auth
|
%{_sbindir}/basic_nis_auth
|
||||||
%verify(not mode) %attr(2750,root,shadow) %{_sbindir}/basic_pam_auth
|
%verify(not mode) %attr(2750,root,shadow) %{_sbindir}/basic_pam_auth
|
||||||
#{_sbindir}/basic_pam_auth
|
|
||||||
%{_sbindir}/basic_pop3_auth
|
%{_sbindir}/basic_pop3_auth
|
||||||
%{_sbindir}/basic_radius_auth
|
%{_sbindir}/basic_radius_auth
|
||||||
%{_sbindir}/basic_sasl_auth
|
%{_sbindir}/basic_sasl_auth
|
||||||
@ -446,7 +294,6 @@ fi
|
|||||||
%{_sbindir}/basic_smb_auth.sh
|
%{_sbindir}/basic_smb_auth.sh
|
||||||
%{_sbindir}/cert_tool
|
%{_sbindir}/cert_tool
|
||||||
%{_sbindir}/cert_valid.pl
|
%{_sbindir}/cert_valid.pl
|
||||||
#{_sbindir}/digest_edirectory_auth
|
|
||||||
%{_sbindir}/digest_file_auth
|
%{_sbindir}/digest_file_auth
|
||||||
%{_sbindir}/digest_ldap_auth
|
%{_sbindir}/digest_ldap_auth
|
||||||
%{_sbindir}/diskd
|
%{_sbindir}/diskd
|
||||||
@ -465,24 +312,15 @@ fi
|
|||||||
%{_sbindir}/negotiate_wrapper_auth
|
%{_sbindir}/negotiate_wrapper_auth
|
||||||
%{_sbindir}/ntlm_fake_auth
|
%{_sbindir}/ntlm_fake_auth
|
||||||
%{_sbindir}/ntlm_smb_lm_auth
|
%{_sbindir}/ntlm_smb_lm_auth
|
||||||
# not working %%caps(cap_net_raw=ep)
|
|
||||||
%if 0%{?has_systemd}
|
|
||||||
%verify(not user group mode caps) %attr(750,root,squid) %{_sbindir}/pinger
|
%verify(not user group mode caps) %attr(750,root,squid) %{_sbindir}/pinger
|
||||||
%else
|
|
||||||
%verify(not user group mode) %attr(2750,root,squid) %{_sbindir}/pinger
|
|
||||||
%endif
|
|
||||||
%{_sbindir}/%{name}
|
%{_sbindir}/%{name}
|
||||||
%{_sbindir}/ssl_crtd
|
%{_sbindir}/ssl_crtd
|
||||||
%{_sbindir}/storeid_file_rewrite
|
%{_sbindir}/storeid_file_rewrite
|
||||||
%{_sbindir}/unlinkd
|
%{_sbindir}/unlinkd
|
||||||
%{_sbindir}/url_fake_rewrite
|
%{_sbindir}/url_fake_rewrite
|
||||||
%{_sbindir}/url_fake_rewrite.sh
|
%{_sbindir}/url_fake_rewrite.sh
|
||||||
%if 0%{?suse_version}
|
|
||||||
%{_sbindir}/rc%{name}
|
%{_sbindir}/rc%{name}
|
||||||
%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
|
%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
|
||||||
%else
|
|
||||||
%{_sysconfdir}/sysconfig/%{name}
|
|
||||||
%endif
|
|
||||||
%dir %{_libdir}/%{name}
|
%dir %{_libdir}/%{name}
|
||||||
%{_libdir}/%{name}/cachemgr.cgi
|
%{_libdir}/%{name}/cachemgr.cgi
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user