commit: c5e33355221588cc51b736cc575ac400e9374341 Author: Christian Schmidt <gentoo <AT> digadd <DOT> de> AuthorDate: Fri Oct 27 14:03:13 2023 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Fri Nov 17 15:07:23 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c5e33355
net-proxy/squid: add 6.4 Updated source download URL to a working one. Bug: https://bugs.gentoo.org/916334 Closes: https://bugs.gentoo.org/914255 Closes: https://github.com/gentoo/gentoo/pull/33546 Signed-off-by: Christian Schmidt <gentoo <AT> digadd.de> Signed-off-by: Sam James <sam <AT> gentoo.org> net-proxy/squid/Manifest | 1 + net-proxy/squid/squid-6.4.ebuild | 383 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 384 insertions(+) diff --git a/net-proxy/squid/Manifest b/net-proxy/squid/Manifest index c003dd6b50b7..179842a2e84e 100644 --- a/net-proxy/squid/Manifest +++ b/net-proxy/squid/Manifest @@ -2,3 +2,4 @@ DIST squid-5.7.tar.xz 2566560 BLAKE2B 4a403ca4f94034356922ea1a4feffd5f5289e2aadb DIST squid-5.8.tar.xz 2447560 BLAKE2B c9d1ae9464e68beabdf7ae1641a70d6c614bc4d4f4bae3fc5946c2bf61510634992cbd5abe63f071104edb2fa487a6c5c7fb8fbf8f06ac723a6522ec9ade8b68 SHA512 81a9a7d1dfcb58476369e08e99feb76411dd3242a3374feb175408fa0dc8161545a9a903603219c6fa2bcfb615461901e093428e97ac74cf4c596a7065d3247d DIST squid-5.9.tar.xz 2569204 BLAKE2B 898a34357f8019291379ea37c66fa312e1a6437e8f643987dd4e54d7d52728248e16129b00195c5f6e0378c0f32c9f9ade3f98ca0ec4bb952f9f443357face82 SHA512 7dc366ef6b2a397ca6adec993c05876949de5f5e72a8a4409c9c9c52c42a8a4b37f58e85a171eebd36a166951f6c764176cfebec30019b299abe34a5adc4e5ac DIST squid-6.2.tar.xz 2546172 BLAKE2B e934371e40093b1570c88c76f9427089087d2fa0b16629e7ca3afabd17f7bc5592b2b65354da54ebc43350ab6732081dd39a39e5db712f70a48246c22b8ae45d SHA512 a2f3ad666b88708ddc52958e610222778e4f64c2ac097b821867ae4022ca35dcbe225f2c5bba42a69fa56f89feebf63764d1a936444e4debce7e55e87b7366db +DIST squid-6.4.tar.xz 2553476 BLAKE2B 0f55fb8b4bcc291b9d978c8a150d86986ca32cf7c866907ac03ff3995ad6fbce333b0ebe977827e01e51a08d7104e41300a402bb811be0692a61fa81fd160304 SHA512 7bbf759841448874090a145699ee01f67696c19da147e433b1ecc80a856095cbfae611ef910bc4f2c44218101d89f2ee13796f5b7ada2e21e95638d4dae077ab diff --git a/net-proxy/squid/squid-6.4.ebuild b/net-proxy/squid/squid-6.4.ebuild new file mode 100644 index 000000000000..9b116ab8ff58 --- /dev/null +++ b/net-proxy/squid/squid-6.4.ebuild @@ -0,0 +1,383 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit autotools flag-o-matic linux-info pam systemd toolchain-funcs + +DESCRIPTION="Full-featured web proxy cache" +HOMEPAGE="http://www.squid-cache.org/"; + +MY_PV_MAJOR=$(ver_cut 1) +# Upstream patch ID for the most recent bug-fixed update to the formal release. +#r=-20181117-r0022167 +r= +if [[ -z ${r} ]]; then + SRC_URI="http://static.squid-cache.org/Versions/v${MY_PV_MAJOR}/${P}.tar.xz"; +else + SRC_URI="http://static.squid-cache.org/Versions/v${MY_PV_MAJOR}/${P}${r}.tar.bz2"; + S="${S}${r}" +fi + +LICENSE="GPL-2+" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86" +IUSE="caps gnutls pam ldap samba sasl kerberos nis radius ssl snmp selinux logrotate test ecap" +IUSE+=" esi ssl-crtd mysql postgres sqlite systemd perl qos tproxy +htcp valgrind +wccp +wccpv2" +RESTRICT="!test? ( test )" +REQUIRED_USE="tproxy? ( caps ) qos? ( caps ) ssl-crtd? ( ssl )" + +DEPEND=" + acct-group/squid + acct-user/squid + dev-libs/libltdl + sys-libs/tdb + virtual/libcrypt:= + caps? ( >=sys-libs/libcap-2.16 ) + ecap? ( net-libs/libecap:1 ) + esi? ( + dev-libs/expat + dev-libs/libxml2 + ) + ldap? ( net-nds/openldap:= ) + gnutls? ( >=net-libs/gnutls-3.1.5:= ) + logrotate? ( app-admin/logrotate ) + nis? ( + net-libs/libtirpc:= + net-libs/libnsl:= + ) + kerberos? ( virtual/krb5 ) + pam? ( sys-libs/pam ) + qos? ( net-libs/libnetfilter_conntrack ) + ssl? ( + dev-libs/nettle:= + !gnutls? ( + dev-libs/openssl:= + ) + ) + sasl? ( dev-libs/cyrus-sasl ) + systemd? ( sys-apps/systemd:= ) +" +RDEPEND=" + ${DEPEND} + mysql? ( dev-perl/DBD-mysql ) + postgres? ( dev-perl/DBD-Pg ) + perl? ( dev-lang/perl ) + samba? ( net-fs/samba ) + selinux? ( sec-policy/selinux-squid ) + sqlite? ( dev-perl/DBD-SQLite ) +" +DEPEND+=" valgrind? ( dev-util/valgrind )" +BDEPEND=" + dev-lang/perl + ecap? ( virtual/pkgconfig ) + test? ( dev-util/cppunit ) +" + +PATCHES=( + "${FILESDIR}"/${PN}-6.2-gentoo.patch + "${FILESDIR}"/${PN}-4.17-use-system-libltdl.patch +) + +pkg_pretend() { + if use tproxy; then + local CONFIG_CHECK="~NF_CONNTRACK ~NETFILTER_XT_MATCH_SOCKET ~NETFILTER_XT_TARGET_TPROXY" + linux-info_pkg_setup + fi +} + +src_prepare() { + default + + # Fixup various paths + sed -i -e 's:/usr/local/squid/etc:/etc/squid:' \ + INSTALL QUICKSTART \ + scripts/fileno-to-pathname.pl \ + scripts/check_cache.pl \ + tools/cachemgr.cgi.8 \ + tools/purge/conffile.hh \ + tools/purge/purge.1 || die + sed -i -e 's:/usr/local/squid/sbin:/usr/sbin:' \ + INSTALL QUICKSTART || die + sed -i -e 's:/usr/local/squid/var/cache:/var/cache/squid:' \ + QUICKSTART || die + sed -i -e 's:/usr/local/squid/var/logs:/var/log/squid:' \ + QUICKSTART \ + src/log/access_log.cc || die + sed -i -e 's:/usr/local/squid/logs:/var/log/squid:' \ + src/log/access_log.cc || die + sed -i -e 's:/usr/local/squid/libexec:/usr/libexec/squid:' \ + src/acl/external/unix_group/ext_unix_group_acl.8 \ + src/acl/external/session/ext_session_acl.8 || die + sed -i -e 's:/usr/local/squid/cache:/var/cache/squid:' \ + scripts/check_cache.pl || die + # /var/run/squid to /run/squid + sed -i -e 's:$(localstatedir)::' \ + src/ipc/Makefile.am || die + sed -i 's:/var/run/:/run/:g' tools/systemd/squid.service || die + + sed -i -e 's:_LTDL_SETUP:LTDL_INIT([installable]):' \ + libltdl/configure.ac || die + + eautoreconf +} + +src_configure() { + local myeconfargs=( + --datadir=/usr/share/squid + --libexecdir=/usr/libexec/squid + --localstatedir=/var + --sysconfdir=/etc/squid + --with-default-user=squid + --with-logdir=/var/log/squid + --with-pidfile=/run/squid.pid + + --enable-build-info="Gentoo ${PF} (r: ${r:-NONE})" + --enable-log-daemon-helpers + --enable-url-rewrite-helpers + --enable-cache-digests + --enable-delay-pools + --enable-disk-io + --enable-eui + --enable-icmp + --enable-ipv6 + --enable-follow-x-forwarded-for + --enable-removal-policies="lru,heap" + --disable-strict-error-checking + --disable-arch-native + + --with-large-files + --with-build-environment=default + + --with-tdb + + --without-included-ltdl + --with-ltdl-include="${ESYSROOT}"/usr/include + --with-ltdl-lib="${ESYSROOT}"/usr/$(get_libdir) + + $(use_with caps cap) + $(use_enable snmp) + $(use_with ssl openssl) + $(use_with ssl nettle) + $(use_with gnutls) + $(use_with ldap) + $(use_enable ssl-crtd) + $(use_with systemd) + $(use_with test cppunit) + $(use_enable ecap) + $(use_enable esi) + $(use_enable esi expat) + $(use_enable esi xml2) + $(use_enable htcp) + $(use_with valgrind valgrind-debug) + $(use_enable wccp) + $(use_enable wccpv2) + ) + + # Basic modules + local basic_modules=( + NCSA + POP3 + getpwnam + + $(usev samba 'SMB') + $(usev ldap 'SMB_LM LDAP') + $(usev pam 'PAM') + $(usev sasl 'SASL') + $(usev nis 'NIS') + $(usev radius 'RADIUS') + ) + + use nis && append-cppflags "-I${ESYSROOT}/usr/include/tirpc" + + if use mysql || use postgres || use sqlite; then + basic_modules+=( DB ) + fi + + # Digests + local digest_modules=( + file + + $(usev ldap 'LDAP eDirectory') + ) + + # Kerberos + local negotiate_modules=( none ) + + myeconfargs+=( --without-mit-krb5 --without-heimdal-krb5 ) + + if use kerberos; then + # We intentionally overwrite negotiate_modules here to lose + # the 'none'. + negotiate_modules=( kerberos wrapper ) + + if has_version app-crypt/heimdal; then + myeconfargs+=( + --without-mit-krb5 + --with-heimdal-krb5 + ) + else + myeconfargs+=( + --with-mit-krb5 + --without-heimdal-krb5 + ) + fi + fi + + # NTLM modules + local ntlm_modules=( none ) + + if use samba ; then + # We intentionally overwrite ntlm_modules here to lose + # the 'none'. + ntlm_modules=( SMB_LM ) + fi + + # External helpers + local ext_helpers=( + file_userip + session + unix_group + delayer + time_quota + + $(usev samba 'wbinfo_group') + $(usev ldap 'LDAP_group eDirectory_userip') + ) + + use ldap && use kerberos && ext_helpers+=( kerberos_ldap_group ) + if use mysql || use postgres || use sqlite; then + ext_helpers+=( SQL_session ) + fi + + # Storage modules + local storeio_modules=( + aufs + diskd + rock + ufs + ) + + # + local transparent + if use kernel_linux; then + myeconfargs+=( + --enable-linux-netfilter + $(usev qos '--enable-zph-qos --with-netfilter-conntrack') + ) + fi + + tc-export_build_env BUILD_CXX + export BUILDCXX="${BUILD_CXX}" + export BUILDCXXFLAGS="${BUILD_CXXFLAGS}" + tc-export CC AR + + # Should be able to drop this workaround with newer versions. + # https://bugs.squid-cache.org/show_bug.cgi?id=4224 + tc-is-cross-compiler && export squid_cv_gnu_atomics=no + + # Bug #719662 + append-atomic-flags + + print_options_without_comma() { + # IFS as ',' will cut off any trailing commas + ( + IFS=',' + options=( $(printf "%s," "${@}") ) + echo "${options[*]}" + ) + } + + myeconfargs+=( + --enable-storeio=$(print_options_without_comma "${storeio_modules[@]}") + --enable-auth-basic=$(print_options_without_comma "${basic_modules[@]}") + --enable-auth-digest=$(print_options_without_comma "${digest_modules[@]}") + --enable-auth-ntlm=$(print_options_without_comma "${ntlm_modules[@]}") + --enable-auth-negotiate=$(print_options_without_comma "${negotiate_modules[@]}") + --enable-external-acl-helpers=$(print_options_without_comma "${ext_helpers[@]}") + ) + + econf "${myeconfargs[@]}" +} + +src_install() { + default + + systemd_dounit tools/systemd/squid.service + + # Need suid root for looking into /etc/shadow + fowners root:squid /usr/libexec/squid/basic_ncsa_auth + fperms 4750 /usr/libexec/squid/basic_ncsa_auth + + if use pam; then + fowners root:squid /usr/libexec/squid/basic_pam_auth + fperms 4750 /usr/libexec/squid/basic_pam_auth + fi + + # Pinger needs suid as well + fowners root:squid /usr/libexec/squid/pinger + fperms 4750 /usr/libexec/squid/pinger + + # These scripts depend on perl + if ! use perl; then + local perl_scripts=( + basic_pop3_auth ext_delayer_acl helper-mux + log_db_daemon security_fake_certverify + storeid_file_rewrite url_lfs_rewrite + ) + + local script + for script in "${perl_scripts[@]}"; do + rm "${ED}"/usr/libexec/squid/${script} || die + done + fi + + # Cleanup + rm -r "${D}"/run "${D}"/var/cache || die + + dodoc CONTRIBUTORS CREDITS ChangeLog INSTALL QUICKSTART README SPONSORS doc/*.txt + newdoc src/auth/negotiate/kerberos/README README.kerberos + newdoc src/auth/basic/RADIUS/README README.RADIUS + newdoc src/acl/external/kerberos_ldap_group/README README.kerberos_ldap_group + dodoc RELEASENOTES.html + + if use pam; then + newpamd "${FILESDIR}"/squid.pam squid + fi + + newconfd "${FILESDIR}"/squid.confd-r2 squid + newinitd "${FILESDIR}"/squid.initd-r6 squid + + if use logrotate ; then + insinto /etc/logrotate.d + newins "${FILESDIR}"/squid.logrotate squid + else + exeinto /etc/cron.weekly + newexe "${FILESDIR}"/squid.cron squid.cron + fi + + diropts -m0750 -o squid -g squid + keepdir /var/log/squid /etc/ssl/squid /var/lib/squid + + # Hack for bug #834503 (see also bug #664940) + # Please keep this for a few years until it's no longer plausible + # someone is upgrading from < squid 5.7. + mv "${ED}"/usr/share/squid/errors{,.new} || die +} + +pkg_preinst() { + # Remove file in EROOT that the directory collides with. + rm -rf "${EROOT}"/usr/share/squid/errors || die + + # Following the collision protection check, reverse + # src_install's rename in ED. + mv "${ED}"/usr/share/squid/errors{.new,} || die +} + +pkg_postinst() { + elog "A good starting point to debug Squid issues is to use 'squidclient mgr:' commands such as 'squidclient mgr:info'." + + if [[ ${#r} -gt 0 ]]; then + elog "You are using a release with the official ${r} patch! Make sure you mention that, or send the output of 'squidclient mgr:info' when asking for support." + fi +}
