[OpenWrt-Devel,packages] new package squid3
diff mbox

Message ID 20150118105701.GB22118@hanno-All-Series
State Rejected
Headers show

Commit Message

hanno Jan. 18, 2015, 10:57 a.m. UTC
This patch provides support for squid 3.4.10. Rather than replacing
squid2 a new package squid3 has been created  to avoid any
compatibility issues.
The squid.conf file has a number of options included that allow squid3
to run on OpenWrt directory structure. In addition a squid3 init
programme is provided that takes care of iptable rules for interecpt
proxy mode. 

Signed-off-by: Hanno Schupp <hanno.schupp@gmail.com>
---

Comments

Felix Fietkau Jan. 18, 2015, 11:02 a.m. UTC | #1
On 2015-01-18 11:57, hanno wrote:
> This patch provides support for squid 3.4.10. Rather than replacing
> squid2 a new package squid3 has been created  to avoid any
> compatibility issues.
> The squid.conf file has a number of options included that allow squid3
> to run on OpenWrt directory structure. In addition a squid3 init
> programme is provided that takes care of iptable rules for interecpt
> proxy mode. 
> 
> Signed-off-by: Hanno Schupp <hanno.schupp@gmail.com>
Please submit it to the github project, along with maintainer information.

- Felix

Patch
diff mbox

diff -uprN ../trunk/feeds/packages/net/squid3/files/squid3.init ./feeds/packages/net/squid3/files/squid3.init
--- ../trunk/feeds/packages/net/squid3/files/squid3.init	1970-01-01 12:00:00.000000000 +1200
+++ ./feeds/packages/net/squid3/files/squid3.init	2015-01-18 23:20:53.795030540 +1300
@@ -0,0 +1,116 @@ 
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2008-2013 OpenWrt.org
+# 
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+
+# This script will start or stop the squid 3 service and at the same time
+# create the appropriate iptable rules for intercepting (aka.transparent)
+# proxy mode. 'acl Safe_ports' directives will be intercepted using 
+# iptables to the intercepting http_port and 'acl SSL_ports will be 
+# redirected to the intercepting https_port. all iptable rules are removed 
+# when the service is stopped.
+
+START=90
+STOP=10
+
+USE_PROCD=1
+PROG=squid
+SSLCRTD_PROG=/usr/lib/squid3/ssl_crtd
+CONFIG_FILE=/etc/squid3/squid.conf
+
+service_triggers()
+{
+	procd_add_reload_trigger "$CONFIG_FILE"
+}
+
+ipt() {
+	opt=$1; shift
+	echo "iptables -D $*" >> /var/run/squid3.sh
+	iptables $opt $*
+}
+
+intercept_ports() {
+	intercepting=$1
+	acl_word=$2
+	while read o; do
+		case "$o" in
+		"$acl_word"*)
+			intercepted=$(echo "$o" | awk '{print $4;}'| sed 's/-/:/g')
+			lanip=$(uci get network.lan.ipaddr)
+			ipt -I prerouting_rule -t nat -p tcp -i br-lan --dport $intercepted -j DNAT --to $lanip:$intercepting
+		;;
+		esac
+	done < $CONFIG_FILE
+}
+
+add_firewall_rules() {
+	while read p; do
+		case "$p" in 
+		*intercept*)
+			case "$p" in 
+	  		*https_port*)
+				intercept_ports $(echo "$p" | awk '{print $2;}') 'acl SSL_ports'
+	    		;;
+			*http_port*)
+				intercept_ports $(echo "$p" | awk '{print $2;}') 'acl Safe_ports'
+    			;;
+			esac
+   			;;
+		esac
+	done < $CONFIG_FILE
+	[ -e /var/run/squid3.sh ] && chmod 755 /var/run/squid3.sh
+}
+
+remove_firewall_rules() {
+	if [ -e /var/run/squid3.sh ]; then
+		sh /var/run/squid3.sh 2>/dev/null
+		rm -f /var/run/squid3.sh 2>/dev/null
+	fi
+}
+
+start_service() {
+
+	if [ ! -z "$CONFIG_FILE" ]; then
+		
+		remove_firewall_rules	
+		
+		cache_dir=$(cat "$CONFIG_FILE" | awk '/cache_dir/ {print $3;}')
+		[ -z "cache_dir" ] && cache_dir=$(cat "$CONFIG_FILE" | awk '/coredump_dir/ {print $2;}')
+		[ -z "cache_dir" ] && cache_dir=/var/cache
+
+		if [ ! -d "$cache_dir" ]; then
+			mkdir -p "$cache_dir"
+			chown nobody:nogroup "$cache_dir"
+			chmod -R 777 "$cache_dir"
+			"$PROG" -z
+		fi
+		[ ! -d "$cache_dir/ssl_db" ] && "$SSLCRTD_PROG" -c -s "$cache_dir"/ssl_db
+		chown nobody:nogroup "$cache_dir"/ssl_db
+		chmod -R 777 "$cache_dir"/ssl_db
+# uncomment if you want the config file parsed before startup
+#		"$PROG" -k parse
+
+		procd_open_instance
+		procd_set_param command "$PROG" -N -f "$CONFIG_FILE"
+		procd_set_param file "$CONFIG_FILE"
+		procd_close_instance
+
+		add_firewall_rules
+
+		return
+	fi
+}
+
+stop_service() {
+	"$PROG" -k shutdown
+	remove_firewall_rules	
+}
+
+reload()
+{
+	"$PROG" -k reconfigure
+	remove_firewall_rules	
+	add_firewall_rules
+}
+
diff -uprN ../trunk/feeds/packages/net/squid3/files/squid.conf ./feeds/packages/net/squid3/files/squid.conf
--- ../trunk/feeds/packages/net/squid3/files/squid.conf	1970-01-01 12:00:00.000000000 +1200
+++ ./feeds/packages/net/squid3/files/squid.conf	2015-01-18 23:14:10.867143467 +1300
@@ -0,0 +1,92 @@ 
+#
+# Recommended minimum configuration for OpenWrt
+#
+
+# Example rule allowing access from your local networks.
+# Adapt to list your (internal) IP networks from where browsing
+# should be allowed
+acl localnet src 10.0.0.0/8	# RFC1918 possible internal network
+acl localnet src 172.16.0.0/12	# RFC1918 possible internal network
+acl localnet src 192.168.0.0/16	# RFC1918 possible internal network
+acl localnet src fc00::/7       # RFC 4193 local private network range
+acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
+
+acl SSL_ports port 443
+acl Safe_ports port 80		# http
+acl Safe_ports port 21		# ftp
+acl Safe_ports port 443		# https
+acl Safe_ports port 70		# gopher
+acl Safe_ports port 210		# wais
+acl Safe_ports port 1025-65535	# unregistered ports
+acl Safe_ports port 280		# http-mgmt
+acl Safe_ports port 488		# gss-http
+acl Safe_ports port 591		# filemaker
+acl Safe_ports port 777		# multiling http
+acl CONNECT method CONNECT
+
+#
+# Recommended minimum Access Permission configuration:
+#
+# Deny requests to certain unsafe ports
+http_access deny !Safe_ports
+
+# Deny CONNECT to other than secure SSL ports
+http_access deny CONNECT !SSL_ports
+
+# Only allow cachemgr access from localhost
+http_access allow localhost manager
+http_access deny manager
+
+# We strongly recommend the following be uncommented to protect innocent
+# web applications running on the proxy server who think the only
+# one who can access services on "localhost" is a local user
+#http_access deny to_localhost
+
+#
+# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
+#
+
+# Example rule allowing access from your local networks.
+# Adapt localnet in the ACL section to list your (internal) IP networks
+# from where browsing should be allowed
+http_access allow localnet
+http_access allow localhost
+
+# And finally deny all other access to this proxy
+http_access deny all
+
+# Squid normally listens to port 3128
+http_port 3128
+
+# Uncomment and adjust the following to add a disk cache directory.
+#cache_dir ufs /var/cache/squid 100 16 256
+
+# Leave coredumps in the first cache dir
+coredump_dir /var/cache/squid
+
+#
+# Add any of your own refresh_pattern entries above these.
+#
+refresh_pattern ^ftp:		1440	20%	10080
+refresh_pattern ^gopher:	1440	0%	1440
+refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
+refresh_pattern .		0	20%	4320
+
+# Above this line is Squid 3.4.10 default configuration. The section below is
+# added to make squid work within OpenWrt's file structure.
+# Please note:
+# If you want to provide a caching service you will need more than the few
+# MB a normal consume rgrade router can provide. You will need an external
+# harddrive, which needs to be configured and mounted outside of squid. 
+# You can redirect your caching directory to your needs by chanching the 
+# coredump_dir variable below. The supplied squid init programme will
+# use this setting as well to establish the necessary file structure
+
+# Openwrt specific configuration 
+access_log /var/cache/squid/access.log squid
+cache_log /var/cache/squid/cache.log            
+cache_store_log /var/cache/squid/store.log
+pid_filename /var/run/squid.pid
+cache_effective_user nobody
+cache_effective_group nogroup
+
diff -uprN ../trunk/feeds/packages/net/squid3/Makefile ./feeds/packages/net/squid3/Makefile
--- ../trunk/feeds/packages/net/squid3/Makefile	1970-01-01 12:00:00.000000000 +1200
+++ ./feeds/packages/net/squid3/Makefile	2015-01-18 20:44:51.460082346 +1300
@@ -0,0 +1,135 @@ 
+#
+# Copyright (C) 2006-2012 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=squid
+PKG_VERSION:=3.4.10
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_SOURCE_URL:=http://www.squid-cache.org/Versions/v3/3.4/
+PKG_MD5SUM:=326283b0c37e7dc9b2f90dc0ecd9a8a4
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/squid3/Default
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=Web Servers/Proxies
+  URL:=http://www.squid-cache.org/
+endef
+
+define Package/squid3
+  $(call Package/squid3/Default)
+  MENU:=1
+  DEPENDS:=+libpthread +libopenssl +librt +libltdl +libstdcpp +libnetfilter-conntrack +libnettle
+  TITLE:=full-featured Web proxy cache
+endef
+
+define Package/squid3/description
+	Squid is a high-performance proxy caching server for web clients,
+	supporting FTP, gopher, and HTTP data objects. Unlike traditional
+	caching software, Squid handles all requests in a single,
+	non-blocking, I/O-driven process.
+	This implementation is geared specifically toward transparent
+	proxying and caching of HTTP and HTTPS traffic, including sslbump
+	and dynamic certificate generation.
+endef
+
+define Package/squid3/conffiles
+/etc/squid3/cachemgr.conf
+/etc/squid3/errorpage.css
+/etc/squid3/mime.conf
+/etc/squid3/squid.conf
+endef
+
+# --disable-arch-native  required for X86 X86_64 platforms
+CONFIGURE_ARGS += \
+	--datadir=/usr/share/squid3 \
+	--libexecdir=/usr/lib/squid3 \
+	--sysconfdir=/etc/squid3 \
+	--config-cache \
+	--enable-shared \
+	--enable-static \
+	--enable-x-accelerator-vary \
+	--with-pthreads \
+	--with-dl \
+	--enable-icmp \
+	--enable-kill-parent-hack \
+	--enable-arp-acl \
+	--enable-err-languages=English \
+	--enable-default-err-language=English \
+	--enable-linux-netfilter \
+	--enable-icmp \
+	--disable-arch-native \
+	--disable-external-acl-helpers \
+	--disable-auth-negotiate \
+	--disable-auth-ntlm \
+	--disable-auth-digest \
+	--disable-auth-basic \
+	--disable-wccp \
+	--disable-wccpv2 \
+	--disable-snmp \
+	--disable-htcp \
+	--enable-underscores \
+	--enable-cache-digests \
+	--enable-referer-log \
+	--enable-delay-pools \
+	--enable-useragent-log \
+	--enable-storeio \
+	--enable-epoll \
+	--with-maxfd=4096 \
+	--without-libcap \
+	--with-krb5-config=no \
+	--enable-ssl \
+	--enable-ssl-crtd \
+	--enable-icap-client
+
+#	--with-openssl=$(STAGING_DIR)/usr \
+CONFIGURE_VARS += \
+	ac_cv_header_linux_netfilter_ipv4_h=yes \
+	ac_cv_epoll_works=yes \
+
+define Build/Compile
+	# pass INCLUDES to compile host sources against our OpenSSL, not the host one
+	$(MAKE) -C $(PKG_BUILD_DIR)/lib \
+		all
+	$(MAKE) -C $(PKG_BUILD_DIR) \
+		DESTDIR="$(PKG_INSTALL_DIR)" \
+		install
+endef
+
+define BuildPlugin
+  define Package/$(1)/install
+	$(INSTALL_DIR) $$(1)/usr/lib/squid3
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/squid3/$(2) $$(1)/usr/lib/squid3/
+  endef
+
+  $$(eval $$(call BuildPackage,$(1)))
+endef
+
+define Package/squid3/install
+	$(INSTALL_DIR) $(1)/etc/squid3
+	$(CP) $(PKG_INSTALL_DIR)/etc/squid3/* $(1)/etc/squid3/
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/purge $(1)/usr/bin/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/squidclient $(1)/usr/bin/
+	$(INSTALL_DIR) $(1)/usr/share/squid3
+	$(CP) $(PKG_INSTALL_DIR)/usr/share/squid3/* $(1)/usr/share/squid3/
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/squid $(1)/usr/sbin/
+	$(INSTALL_DIR) $(1)/usr/lib/squid3
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/squid3/* $(1)/usr/lib/squid3/
+	/bin/chmod 4755 $(1)/usr/lib/squid3/pinger
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(CP) ./files/squid3.init $(1)/etc/init.d/squid3
+	/bin/chmod 4755 $(1)/etc/init.d/squid3
+	$(CP) ./files/squid.conf $(1)/etc/squid3/squid.conf
+endef
+
+$(eval $(call BuildPackage,squid3))
diff -uprN ../trunk/feeds/packages/net/squid3/patches/001-cross_compile.patch ./feeds/packages/net/squid3/patches/001-cross_compile.patch
--- ../trunk/feeds/packages/net/squid3/patches/001-cross_compile.patch	1970-01-01 12:00:00.000000000 +1200
+++ ./feeds/packages/net/squid3/patches/001-cross_compile.patch	2014-05-16 04:51:06.000000000 +1200
@@ -0,0 +1,11 @@ 
+--- a/src/Makefile.in
++++ b/src/Makefile.in
+@@ -7295,7 +7295,7 @@
+ 
+ # cf_gen builds the configuration files.
+ cf_gen$(EXEEXT): $(cf_gen_SOURCES) $(cf_gen_DEPENDENCIES) cf_gen_defines.cci
+-	$(HOSTCXX) -o $@ $(srcdir)/cf_gen.cc -I$(srcdir) -I$(top_builddir)/include/ -I$(top_builddir)/src
++	g++ -o $@ $(srcdir)/cf_gen.cc -I$(srcdir) -I$(top_builddir)/include/ -I$(top_builddir)/src
+ 
+ # squid.conf.default is built by cf_gen when making cf_parser.cci
+ squid.conf.default squid.conf.documented: cf_parser.cci
diff -uprN ../trunk/feeds/packages/net/squid3/patches/002-cross_compile_notest.patch ./feeds/packages/net/squid3/patches/002-cross_compile_notest.patch
--- ../trunk/feeds/packages/net/squid3/patches/002-cross_compile_notest.patch	1970-01-01 12:00:00.000000000 +1200
+++ ./feeds/packages/net/squid3/patches/002-cross_compile_notest.patch	2015-01-18 19:55:29.683839992 +1300
@@ -0,0 +1,56 @@ 
+--- squid-3.4.10/configure	
++++ squid-3.4.10/configure	
+@@ -22223,7 +22223,7 @@
+   if test "$cross_compiling" = yes; then :
+   { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+ $as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
++as_fn_error1 $? "cannot run test program while cross compiling
+ See \`config.log' for more details" "$LINENO" 5; }
+ else
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+@@ -22271,7 +22271,7 @@
+   if test "$cross_compiling" = yes; then :
+   { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+ $as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
++as_fn_error1 $? "cannot run test program while cross compiling
+ See \`config.log' for more details" "$LINENO" 5; }
+ else
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+@@ -24876,7 +24876,7 @@
+     if test "$cross_compiling" = yes; then :
+   { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+ $as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
++as_fn_error1 $? "cannot run test program while cross compiling
+ See \`config.log' for more details" "$LINENO" 5; }
+ else
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+@@ -24901,7 +24901,7 @@
+     if test "$cross_compiling" = yes; then :
+   { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+ $as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run test program while cross compiling
++as_fn_error1 $? "cannot run test program while cross compiling
+ See \`config.log' for more details" "$LINENO" 5; }
+ else
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+@@ -33985,6 +33985,17 @@
+   $as_echo "$as_me: error: $2" >&2
+   as_fn_exit $as_status
+ } # as_fn_error
++as_fn_error1 ()
++{
++  as_status=$1; test $as_status -eq 0 && as_status=1
++  if test "$4"; then
++    as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
++    $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
++  fi
++  $as_echo "$as_me: error: $2" >&2
++  #as_fn_exit $as_status
++} # as_fn_error
++
+ 
+ 
+ # as_fn_set_status STATUS