According to the web page (and e-mail announces), version 4.x is stable and suitable for production use.
Created attachment 551764 [details] squid-4.3.ebuild
Created attachment 551766 [details] squid-4.3.ebuild (uncommon subrelease comment out)
Created attachment 551768 [details, diff] files/squid-4.3-gentoo.patch
PS Be careful. While on test mirror looks working, but 2 issues with external helpers solved in config: 1) acl password proxy_auth REQUIRED - after it required (for me): acl _BUG_pass proxy_auth bad-bad-bad-fake-User http_access deny _BUG_pass - check concrete (but fake) user. Else no login requested. 2) url_rewrite now increase id infinite, not in range.
... external acl: user may be "-" ( was: "if($u eq '')", now: "if($u eq '' || $u eq '-')".
Created attachment 556660 [details] squid 4.4 ebuild I hope you don't mind if I but in, but I already posted squid ebuilds more than a year ago. At least this bug is in the "confirmed" status. Can you please take a look at this version of the squid 4.4 ebuild? It supports quick shutdown and multiple instances provided you also install the attached conf.d and init files.
Created attachment 556662 [details] conf.d file
Created attachment 556664 [details] squid init script
more info regarding the init script is here: https://bugs.gentoo.org/629066
I've tested the latest version 4.5 from https://github.com/gentoo/gentoo/pull/10614 and it compiles fine: net-proxy/squid-4.5::local was built with the following: USE="htcp ipv6 pam ssl wccp wccpv2 -caps -ecap -esi (-ipf-transparent) -kerberos (-kqueue) -ldap -libressl -logrotate -mysql -nis -perl (-pf-transparent) -postgres -qos -radius -samba -sasl (-selinux) -snmp -sqlite -ssl-crtd -test -tproxy" ABI_X86="(64)" The two basic scenarios i use (forward/reverse proxy) work just fine, thanks for your work on it Vieri!
* Package: net-proxy/squid-4.5 * Repository: local * Maintainer: eras@gentoo.org * USE: abi_x86_64 amd64 elibc_glibc htcp ipv6 kernel_linux pam ssl userland_GNU wccp wccpv2 * FEATURES: preserve-libs sandbox userpriv usersandbox * Applying squid-4.3-gentoo.patch ... * Running eautoreconf in '/var/tmp/portage/net-proxy/squid-4.5/work/squid-4.5/libltdl' ... * Running libtoolize --install --copy --force --ltdl --automake ... * Running aclocal -I m4 ... * Running autoconf --force ... * Running autoheader ... * Running automake --add-missing --copy --foreign --force-missing ... * Running eautoreconf in '/var/tmp/portage/net-proxy/squid-4.5/work/squid-4.5' ... * Running libtoolize --install --copy --force --automake ... * Running aclocal ... * Running autoconf --force ... * Running autoheader ... * Running automake --add-missing --copy --foreign --force-missing ... * Could not remove /var/tmp/portage/net-proxy/squid-4.5/image/usr/libexec/squid/basic_msnt_multi_domain_auth. * Could not remove /var/tmp/portage/net-proxy/squid-4.5/image/usr/libexec/squid/helper-mux.pl. * Final size of build directory: 107820 KiB (105.2 MiB) * Final size of installed tree: 18564 KiB ( 18.1 MiB) * A good starting point to debug Squid issues is to use 'squidclient mgr:' commands such as 'squidclient mgr:info'. * The ebuild is installing to one or more unexpected paths: * * /run * * Please fix the ebuild to use correct FHS/Gentoo policy paths. * QA Notice: shell script appears to use non-POSIX feature(s): * possible bashism in /etc/init.d/squid line 57 (${parm/?/pat[/str]}): * local INIT_CACHE_RESPONSE="$(/usr/sbin/squid -z -N -f /etc/squid/${RC_SVCNAME}.conf -n ${RC_SVCNAME//[^[:alnum:]]/} 2>&1)" * possible bashism in /etc/init.d/squid line 79 (${parm/?/pat[/str]}): * ebegin "Starting ${RC_SVCNAME} (service name ${RC_SVCNAME//[^[:alnum:]]/}) with KRB5_KTNAME=\"${SQUID_KEYTAB}\" /usr/sbin/squid ${SQUID_OPTS} -f /etc/squid/${RC_SVCNAME}.conf -n ${RC_SVCNAME//[^[:alnum:]]/}" * possible bashism in /etc/init.d/squid line 80 (${parm/?/pat[/str]}): * KRB5_KTNAME="${SQUID_KEYTAB}" /usr/sbin/squid ${SQUID_OPTS} -f /etc/squid/${RC_SVCNAME}.conf -n ${RC_SVCNAME//[^[:alnum:]]/} * possible bashism in /etc/init.d/squid line 80 ([^] should be [!]): * KRB5_KTNAME="${SQUID_KEYTAB}" /usr/sbin/squid ${SQUID_OPTS} -f /etc/squid/${RC_SVCNAME}.conf -n ${RC_SVCNAME//[^[:alnum:]]/} * possible bashism in /etc/init.d/squid line 85 (${parm/?/pat[/str]}): * ebegin "Stopping ${RC_SVCNAME} with /usr/sbin/squid -k shutdown -f /etc/squid/${RC_SVCNAME}.conf -n ${RC_SVCNAME//[^[:alnum:]]/}" * possible bashism in /etc/init.d/squid line 86 (${parm/?/pat[/str]}): * if /usr/sbin/squid -k shutdown -f /etc/squid/${RC_SVCNAME}.conf -n ${RC_SVCNAME//[^[:alnum:]]/} ; then * possible bashism in /etc/init.d/squid line 86 ([^] should be [!]): * if /usr/sbin/squid -k shutdown -f /etc/squid/${RC_SVCNAME}.conf -n ${RC_SVCNAME//[^[:alnum:]]/} ; then * possible bashism in /etc/init.d/squid line 101 (echo -n): * echo -n "." * possible bashism in /etc/init.d/squid line 113 (${parm/?/pat[/str]}): * ebegin "Reloading ${RC_SVCNAME} with /usr/sbin/squid -k reconfigure -f /etc/squid/${RC_SVCNAME}.conf -n ${RC_SVCNAME//[^[:alnum:]]/}" * possible bashism in /etc/init.d/squid line 114 (${parm/?/pat[/str]}): * /usr/sbin/squid -k reconfigure -f /etc/squid/${RC_SVCNAME}.conf -n ${RC_SVCNAME//[^[:alnum:]]/} * possible bashism in /etc/init.d/squid line 114 ([^] should be [!]): * /usr/sbin/squid -k reconfigure -f /etc/squid/${RC_SVCNAME}.conf -n ${RC_SVCNAME//[^[:alnum:]]/} * possible bashism in /etc/init.d/squid line 120 (${parm/?/pat[/str]}): * ebegin "Rotating ${RC_SVCNAME} logs with /usr/sbin/squid -k rotate -f /etc/squid/${RC_SVCNAME}.conf -n ${RC_SVCNAME//[^[:alnum:]]/}" * possible bashism in /etc/init.d/squid line 121 (${parm/?/pat[/str]}): * /usr/sbin/squid -k rotate -f /etc/squid/${RC_SVCNAME}.conf -n ${RC_SVCNAME//[^[:alnum:]]/} * possible bashism in /etc/init.d/squid line 121 ([^] should be [!]): * /usr/sbin/squid -k rotate -f /etc/squid/${RC_SVCNAME}.conf -n ${RC_SVCNAME//[^[:alnum:]]/} * One or more empty directories installed to /var: * * /var/cache * * If those directories need to be preserved, please make sure to create * or mark them for keeping using 'keepdir'. Future versions of Portage * will strip empty directories from installation image. * >>> SetUID: [chmod go-r] /usr/libexec/squid/basic_pam_auth ... * >>> SetUID: [chmod go-r] /usr/libexec/squid/basic_ncsa_auth ... * >>> SetUID: [chmod go-r] /usr/libexec/squid/pinger ... >>> Auto-cleaning packages... >>> No outdated packages were found on your system. * GNU info directory index is up-to-date.
(In reply to Tomáš Mózes from comment #11) > * The ebuild is installing to one or more unexpected paths: > * > * /run > * > * Please fix the ebuild to use correct FHS/Gentoo policy paths. This has always been there so I guess it's non-critical, right? (In reply to Tomáš Mózes from comment #11) > * QA Notice: shell script appears to use non-POSIX feature(s): > * possible bashism in /etc/init.d/squid line 57 (${parm/?/pat[/str]}): How can I reproduce this QA warning? I tried something like PORTAGE_ELOG_CLASSES="log warn error qa" USE=gentoo-dev FEATURES=test emerge squid However I'm not getting the QA messages. There's a simple fix to remove the bashism, but I'd like to reproduce the QA check warning. Thanks
Do you use something like dev-util/checkbashisms?
(In reply to Vieri from comment #12) > (In reply to Tomáš Mózes from comment #11) > > * The ebuild is installing to one or more unexpected paths: > > * > > * /run > > * > > * Please fix the ebuild to use correct FHS/Gentoo policy paths. > > This has always been there so I guess it's non-critical, right? It's not critical, but it can be improved. > > (In reply to Tomáš Mózes from comment #11) > > * QA Notice: shell script appears to use non-POSIX feature(s): > > * possible bashism in /etc/init.d/squid line 57 (${parm/?/pat[/str]}): > > How can I reproduce this QA warning? > > I tried something like > > PORTAGE_ELOG_CLASSES="log warn error qa" USE=gentoo-dev FEATURES=test emerge > squid > > However I'm not getting the QA messages. > There's a simple fix to remove the bashism, but I'd like to reproduce the QA > check warning. > > Thanks You need to have dev-util/checkbashisms installed.
I fixed the bashism issue (not submitted to github yet), but I can't seem to fix the /run FHS part. I tried pathcing a Squid Makefile because I thought it was the culprit, but emerge still complains. Is there a way to get emerge to tell me exactly *what* is trying to access /run? Last time I run emerge with -v I didn't see anything, but I'll give it another try.
(In reply to Vieri from comment #15) > I fixed the bashism issue (not submitted to github yet), but I can't seem to > fix the /run FHS part. I tried pathcing a Squid Makefile because I thought > it was the culprit, but emerge still complains. Is there a way to get emerge > to tell me exactly *what* is trying to access /run? Last time I run emerge > with -v I didn't see anything, but I'll give it another try. Or you can delete them in src_install(). --- squid-4.4-r1.ebuild 2019-01-30 06:30:39.253592739 +0100 +++ squid-4.5.ebuild 2019-01-30 06:39:02.417628712 +0100 @@ -229,22 +229,19 @@ # these scripts depend on perl if ! use perl; then - local f - local PERL_SCRIPTS=( - "${D}"/usr/libexec/squid/basic_pop3_auth - "${D}"/usr/libexec/squid/log_db_daemon - "${D}"/usr/libexec/squid/basic_msnt_multi_domain_auth - "${D}"/usr/libexec/squid/storeid_file_rewrite - "${D}"/usr/libexec/squid/helper-mux.pl - ) - for f in "${PERL_SCRIPTS[@]}"; do - rm -v "${f}" || ewarn "Could not remove ${f}." + for f in basic_pop3_auth \ + ext_delayer_acl \ + helper-mux \ + log_db_daemon \ + security_fake_certverify \ + storeid_file_rewrite \ + url_lfs_rewrite; do + rm "${D}"/usr/libexec/squid/${f} || die done fi # cleanup - rm -f "${D}"/usr/bin/Run* - rm -rf "${D}"/run/squid "${D}"/var/cache/squid + rm -r "${D}"/run "${D}"/var/cache || die dodoc CONTRIBUTORS CREDITS ChangeLog INSTALL QUICKSTART README SPONSORS doc/*.txt newdoc src/auth/negotiate/kerberos/README README.kerberos
By the way, what about this MSNT-multi-domain module? src_configure() { local basic_modules="NCSA,POP3,getpwnam" # use perl && basic_modules+=",MSNT-multi-domain" use samba && basic_modules+=",SMB" use ldap && basic_modules+=",SMB_LM,LDAP" According to http://squid.mirror.globo.tech/archive/4/squid-4.0.4-RELEASENOTES.html#ss2.4 it was removed, so this commented line can be dropped too.
Thank you very much for your guidance. I updated the PR.
So now I take it that chances of getting the squid ebuild updated are slim, right? So all this work on Squid (and related software like c-icap, squidclamav) will have to be dropped? Are there really no Gentoo users/devs actually interested in these packages which I consider to be important for servers/firewalls/gateways? I can proxy-maintain if you like, but I cannot be the maintainer.
(In reply to Vieri from comment #19) > So now I take it that chances of getting the squid ebuild updated are slim, > right? > So all this work on Squid (and related software like c-icap, squidclamav) > will have to be dropped? > Are there really no Gentoo users/devs actually interested in these packages > which I consider to be important for servers/firewalls/gateways? > I can proxy-maintain if you like, but I cannot be the maintainer. I can help you with squid as I use it too. We can probably co-proxy-maintain it if you wish.
That would be great, thanks! I hope a Gentoo dev will step up soon so he/she can commit to the main tree. No one has showed up yet for c-icap or squidclamav. I've been worrying about this for quite a while now even though I can deal with custom ebuilds. However, if Squid ever gets dropped/erased from the official portage tree just like c-icap and squidcalmav, I'll have a big dilemma to deal with.
We'll try to commit under proxy-maint.
Added here: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ee8980c56616066c8eabc6ee4f0d9077939f8198
