- configure squid to run under a dedicated "squid" user by default; make use

  of SQUID_{UID,GID} which other squid-related ports already implemented.
  The user/group will be created on the fly if they do not already exist.
- introduce WITH_SQUID_LDAP_AUTH to pull in the necessary bits to compile and
  use the ldap_auth helper
- install some more authentication helper applications by default
- install helper applications to ${PREFIX}/libexec/squid instead of
  ${PREFIX}/libexec, add notes about it in pkg-install and pkg-descr
- cleanup the pre-installation tasks and move them from Makefile and pkg-plist
  into the pkg-install script; make 'make install' and 'pkg_add' actually do
  the same thing
- introduce a pkg-deinstall script
- make squid.sh rcNG compatible (when either /etc/rc_subr or
  ${PREFIX}/etc/rc_subr is present, the first one will be used, otherwise the
  script will work as a "rc classic" script so no additional dependency on
  the rc_subr port should be needed)
- some Makefile cleanups:
  + the squid installation procedure now correctly strips binaries, so there
    is no need to do this manually anymore
  + generate those parts of pkg-plist dynamically that may be affected by user
    set tunables (currently the localized error pages and helper applications)
  + document the available configuration options in a slightly different style
  + remove some obsolete variable declarations and comments
  + honor NOPORTDOCS
- add CONFLICTS
- add another vendor patch, see
  http://www.squid-cache.org/bugs/show_bug.cgi?id=890 for a thorough
  explanation of what has been fixed.
- since we can no longer take the presence of Lithuanian error pages for
  granted, wrap the workaround for the errorpages.patch with '.if exists()'
- bump PORTREVISION

PR:		61315
Submitted by:	maintainer

1 files changed, 176 insertions, 98 deletions

diff --git a/www/squid27/Makefile b/www/squid27/Makefile
index baf1c842a527..bed437c96f56 100644
--- a/www/squid27/Makefile
+++ b/www/squid27/Makefile
@@ -4,10 +4,31 @@
 #
 # $FreeBSD$
 #
+# Tunables:
+# WITH_SQUID_PINGER
+#   install the external icmp helper program (`pinger') for hierarchy stats and
+#   selection
+# WITH_SQUID_LDAP_AUTH
+#   install external modules for authentication against LDAP servers
+# SQUID_{U,G}ID
+#   Which user/group squid should run as (default: squid/squid).
+#   The user and group will be created if they do not already exist.
+#   NOTE: before version 2.5.4_6, these settings defaulted to
+#   nobody/nogroup.
+#   If you wish to keep these settings, please define SQUID_UID=nobody and
+#   SQUID_GID=nogroup in your make environment before you start the update.
+# SQUID_LANGUAGES
+#   A list of languages for which error page files should be installed
+#   (default: all)
+# SQUID_DEFAULT_LANG
+#   If you define SQUID_LANGUAGES, select which language should be the default
+#   (default: English)
+# SQUID_CONFIGURE_ARGS
+#   Additional configuration options, see below for a list
 
 PORTNAME=	squid
 PORTVERSION=	2.5.4
-PORTREVISION=	5
+PORTREVISION=	6
 CATEGORIES=	www
 MASTER_SITES=	\
 		ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
@@ -17,7 +38,6 @@ MASTER_SITES=	\
 		${MASTER_SITE_RINGSERVER:S,%SUBDIR%,net/www/squid/&,}
 MASTER_SITE_SUBDIR=	squid-2/STABLE
 DISTNAME=	squid-2.5.STABLE4
-EXTRACT_SUFX=	.tar.bz2
 DIST_SUBDIR=	squid2.5
 
 PATCH_SITES=	http://www.squid-cache.org/Versions/v2/2.5/bugs/
@@ -54,89 +74,131 @@ PATCHFILES=	squid-2.5.STABLE4-reconfigure_message.patch \
 		squid-2.5.STABLE4-pinger.patch \
 		squid-2.5.STABLE4-partial_reload.patch \
 		squid-2.5.STABLE4-ldap_tls.patch \
-		squid-2.5.STABLE4-ldap_group_bufsize.patch
+		squid-2.5.STABLE4-ldap_group_bufsize.patch \
+		squid-2.5.STABLE4-http_workarounds.patch
 PATCH_DIST_STRIP=	-p1
 
 MAINTAINER=	tmseck@netcologne.de
 COMMENT=	The successful WWW proxy cache and accelerator
 
+CONFLICTS=	squid-*
 GNU_CONFIGURE=	yes
 USE_BZIP2=	yes
 USE_PERL5=	yes
 USE_REINPLACE=	yes
-# Follow the apache port's lead...
+
+SQUID_UID?=	squid
+SQUID_GID?=	squid
+
+MAN8=		squid.8
+DOCS=		QUICKSTART README RELEASENOTES.html doc/debug-sections.txt
+
 CONFIGURE_ARGS=	--bindir=${PREFIX}/sbin  --sysconfdir=${PREFIX}/etc/squid \
 		--datadir=${PREFIX}/etc/squid \
+		--libexecdir=${PREFIX}/libexec/squid \
 		--localstatedir=${PREFIX}/squid \
 		--enable-storeio="ufs diskd null" \
 		--enable-removal-policies="lru heap" \
-		--enable-auth=basic --enable-basic-auth-helpers="NCSA PAM YP" \
-		--enable-external-acl-helpers="ip_user unix_group" \
-		--enable-underscores ${SQUID_CONFIGURE_ARGS}
-
-MAKEFILE=	Makefile
-MAN8=	pam_auth.8 squid_unix_group.8 squid.8
-
-# Some other configure options..
-#  - Compile and use the malloc package from Doug Lea
-#CONFIGURE_ARGS+= --enable-dlmalloc
-#  - Compile and use the supplied GNUregex routines instead of BSD regex.
-#CONFIGURE_ARGS+= --enable-gnuregex
-#  - Enable simple malloc debugging
-#CONFIGURE_ARGS+= --enable-xmalloc-debug
-#  - Detailed trace of memory allocations
-#CONFIGURE_ARGS+= --enable-xmalloc-debug-count
-#  - Show malloc statistics in cachemgr status pages
-#CONFIGURE_ARGS+= --enable-xmalloc-statistics
-#  - Enable CARP support
-#CONFIGURE_ARGS+= --enable-carp
-#  - Enable ICMP pinging for heirarchy stats and selection
-#CONFIGURE_ARGS+= --enable-icmp
-#  - Enable delay pools to limit bandwidth usage
-#CONFIGURE_ARGS+= --enable-delay-pools
-#  - Enable generic memory use tracing
-#CONFIGURE_ARGS+= --enable-mem-gen-trace
-#  - Enable logging of the User-Agent header
-#CONFIGURE_ARGS+= --enable-useragent-log
-#  - Disable Web Cache Coordination Protocol
-#CONFIGURE_ARGS+= --disable-wccp
-#  - Kill parent (eg: RunCache) on shutdown (use with great care!!)
-#CONFIGURE_ARGS+= --enable-kill-parent-hack
-#  - Turn on SNMP server support
-#CONFIGURE_ARGS+= --enable-snmp
-#  - Turn on SSL server support for reverse proxies
-#CONFIGURE_ARGS+= --enable-ssl
-#  - Optimize time updates to one per second rather than calling gettimeofday()
-#CONFIGURE_ARGS+= --enable-time-hack
-#  - Set an explicit hostname in cachemgr.cgi
-#CONFIGURE_ARGS+= --enable-cachemgr-hostname=some.hostname
-#  - Enable ACL based on ethernet address (eg: for machines with dynamic DHCP
-#    assigned IP addresses)
-#CONFIGURE_ARGS+= --enable-arp-acl
-#  - Enable HTCP protocol
-#CONFIGURE_ARGS+= --enable-htcp
-#  - Enable Forw/Via database
-#CONFIGURE_ARGS+= --enable-forw-via-db
-#  - Use Cache Digests - see http://www.squid-cache.org/Doc/FAQ/FAQ-16.html
-#CONFIGURE_ARGS+= --enable-cache-digests
-#  - Select language for Error pages (see errors dir)
-#CONFIGURE_ARGS+= --enable-err-language=lang
-#  (--enable-poll is not needed, it's detected correctly on 3.0)
-#  - Strict HTTP compliance
-#CONFIGURE_ARGS+= --disable-http-violations
-#  - Enable Transparent Proxy support for IP-Filter systems (incl 3.0)
-#CONFIGURE_ARGS+= --enable-ipf-transparent
-# (--enable-leakfinder is a developer support tool only)
-#  - Compile out code that does optional Ident (RFC931) lookups
-#CONFIGURE_ARGS+= --disable-ident-lookups
-#  - Disable squid's internal async DNS lookup code.
-#CONFIGURE_ARGS+= --disable-internal-dns
-#  - Use truncate() rather than unlink()
-#CONFIGURE_ARGS+= --enable-truncate
-#  - accept the illegal '_' character in hostnames.
-#CONFIGURE_ARGS+= --enable-underscores
-#  - Enable control of different heap replacement algorithms at runtime.
-#CONFIGURE_ARGS+= --enable-removal-policies
+		--enable-underscores
+
+.if defined(WITH_SQUID_PINGER)
+CONFIGURE_ARGS+=	--enable-icmp
+.endif
+
+# Authentication methods and modules:
+
+basic_auth=	NCSA PAM YP MSNT winbind
+external_acl=	ip_user unix_group wbinfo_group winbind_group
+MAN8+=		pam_auth.8 squid_unix_group.8
+.if defined(WITH_SQUID_LDAP_AUTH)
+USE_OPENLDAP=	yes
+CONFIGURE_ENV+=	CFLAGS="${CFLAGS} -I${LOCALBASE}/include" \
+		LDFLAGS="-L${LOCALBASE}/lib"
+MAN8+=		squid_ldap_auth.8 squid_ldap_group.8
+basic_auth+=	LDAP
+external_acl+=	ldap_group
+.endif
+CONFIGURE_ARGS+=	--enable-auth="basic ntlm digest" \
+			--enable-basic-auth-helpers="${basic_auth}" \
+			--enable-digest-auth-helpers="password" \
+			--enable-external-acl-helpers="${external_acl}" \
+			--enable-ntlm-auth-helpers="winbind"
+
+# Languages:
+#
+# If you do not define SQUID_LANGUAGES yourself, all available language files
+# will be installed; the default language will be english.
+
+SQUID_LANGUAGES?=	\
+	Bulgarian Catalan Czech Danish Dutch English Estonian Finnish      \
+	French German Hebrew Hungarian Italian Japanese Korean Lithuanian  \
+	Polish Portuguese Romanian Russian-1251 Russian-koi8-r Serbian     \
+	Simplify_Chinese Slovak Spanish Swedish Traditional_Chinese Turkish
+SQUID_DEFAULT_LANG?=	English
+CONFIGURE_ARGS+=	--enable-err-languages="${SQUID_LANGUAGES}" \
+			--enable-default-err-language=${SQUID_DEFAULT_LANG}
+
+# Other configure options you might want to set using SQUID_CONFIGURE_ARGS:
+# Please see the configure script in the squid source distribution for a
+# complete list.
+#
+# --enable-dlmalloc
+#  Compile and use the malloc package from Doug Lea
+# --enable-gnuregex
+#  Compile and use the supplied GNUregex routines instead of BSD regex.
+# --enable-xmalloc-statistics
+#  Show malloc statistics in status page
+# --enable-carp
+#  Enable CARP support
+# --enable-delay-pools
+#  Enable delay pools to limit bandwidth usage
+# --enable-useragent-log
+#  Enable logging of the User-Agent header
+# --disable-wccp
+#  Disable Web Cache Coordination Protocol
+# --enable-snmp
+#  Turn on SNMP server support
+# --enable-ssl
+#  Turn on SSL server support for reverse proxies
+# --enable-time-hack
+#  Optimize time updates to one per second rather than calling gettimeofday()
+# --enable-cachemgr-hostname=some.hostname
+#  Set an explicit hostname in cachemgr.cgi
+# --enable-arp-acl
+#  Enable ACL based on ethernet address (eg: for machines with dynamic DHCP
+#  assigned IP addresses)
+# --enable-htcp
+#  Enable HTCP protocol
+# --enable-forw-via-db
+#  Enable Forw/Via database
+# --enable-cache-digests
+#  Use Cache Digests - see http://www.squid-cache.org/Doc/FAQ/FAQ-16.html
+# --disable-http-violations
+#  Strict HTTP compliance
+# --enable-ipf-transparent
+#  Enable Transparent Proxy support for IP-Filter systems (incl 3.0)
+#  (Note: this is currently broken due to ipf headers not being installed to
+#  the base system, see PRs ports/60700 and misc/44148 for details)
+#  Note: see http://www.squid-cache.org/Doc/FAQ/FAQ-17.html for information
+#  about how to do transparent proxying with ipfw(8).
+# --disable-ident-lookups
+#  Compile out code that does optional Ident (RFC931) lookups
+# --disable-internal-dns
+#  Install the old external "dnsserver" binary
+# --enable-truncate
+#  Use truncate() rather than unlink()
+# --disable-hostname-checks
+#  Squid by default rejects any host names with odd characters in their name
+#  to conform with internet standards. If you disagree with this you may use
+#  this switch to turn off any such checks, provided that the resolver used by
+#  Squid does not reject such host names. This may be required to participate
+#  in testbeds for international domain names.
+# --disable-unlinkd
+#  Do not use "unlinkd"
+# --enable-stacktraces
+#  Enable automatic call backtrace on fatal errors
+
+CONFIGURE_ARGS+=	${SQUID_CONFIGURE_ARGS}
 
 post-patch:
 	@${REINPLACE_CMD} -e 's|-lpthread|${PTHREAD_LIBS}|g' ${WRKSRC}/configure
@@ -145,37 +207,53 @@ post-patch:
 	@${FIND} ${WRKSRC} -name '*.bak' -delete
 	@${FIND} ${WRKSRC} -name '*.orig' -delete
 
+pre-configure:
+	@${REINPLACE_CMD} -e 's|%%SQUID_UID%%|${SQUID_UID}|g' \
+	    -e 's|%%SQUID_GID%%|${SQUID_GID}|g' ${WRKSRC}/src/cf.data.pre
+
+pre-install:
+	@${SED} -e 's|%%PREFIX%%|${PREFIX}|g' \
+	    -e 's|%%SQUID_UID%%|${SQUID_UID}|g' ${FILESDIR}/squid.sh \
+	    >${WRKDIR}/squid.sh
+
+pre-su-install:
+	@${SETENV} SQUID_UID=${SQUID_UID} SQUID_GID=${SQUID_GID} \
+	    PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
+
 post-install:
-#	I don't think many people use the pinger nowadays, and if you
-#	do you'll want squid in its own group so as to restrict access
-#	to it.
-#	cd ${WRKSRC}/src; make install-pinger
-.for sbin_file in client squid
-	if [ -f ${PREFIX}/sbin/${sbin_file} ] ; then \
-		${STRIP_CMD} ${PREFIX}/sbin/${sbin_file} ; \
-	fi
-.endfor
-.for libexec_file in cachemgr.cgi dnsserver pinger unlinkd
-	if [ -f ${PREFIX}/libexec/${libexec_file} ] ; then \
-		${STRIP_CMD} ${PREFIX}/libexec/${libexec_file} ; \
-	fi
-.endfor
-	@if [ ! -d ${PREFIX}/squid/logs ]; then			\
-		${MKDIR} ${PREFIX}/squid/logs;		  	\
-		${CHOWN} nobody:nogroup ${PREFIX}/squid/logs;   \
-	fi
-	@if [ ! -d ${PREFIX}/squid/cache ]; then		\
-		${MKDIR} ${PREFIX}/squid/cache;			\
-		${CHOWN} nobody:nogroup ${PREFIX}/squid/cache;  \
-	fi
-	@if [ ! -f ${PREFIX}/etc/rc.d/squid.sh ]; then \
-		${ECHO} "Installing ${PREFIX}/etc/rc.d/squid.sh startup file."; \
-		${INSTALL_SCRIPT} -m 751 ${FILESDIR}/squid.sh ${PREFIX}/etc/rc.d/squid.sh; \
-	fi
+.if defined(WITH_SQUID_PINGER)
+	${CHMOD} 4710 ${PREFIX}/libexec/squid/pinger; \
+	${CHGRP} ${SQUID_GID} ${PREFIX}/libexec/squid/pinger
+.endif
+	${INSTALL_SCRIPT} ${WRKDIR}/squid.sh ${PREFIX}/etc/rc.d
+.if !defined(NOPORTDOCS)
+	@${MKDIR} ${DOCSDIR}
+	cd ${WRKSRC} && ${INSTALL_DATA} ${DOCS} ${DOCSDIR}
+.endif
 
+.if exists(${PREFIX}/etc/squid/errors/Lithuanian)
 # Work around the fact that the errorpages.patch creates files in
 # an "Attic" subdir:
 	@${FIND} ${WRKSRC}/errors/Lithuanian/Attic -type f \
-	-exec ${INSTALL_DATA} {} ${PREFIX}/etc/squid/errors/Lithuanian/ \;
+   	    -exec ${INSTALL_DATA} {} ${PREFIX}/etc/squid/errors/Lithuanian/ \;
+.endif
+	@${SETENV} PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
+# Generate parts of pkg-plist on the fly:
+	@cd ${PREFIX} && ${FIND} libexec/squid -type f -o -type l \
+	    >${WRKDIR}/plist.dynamic
+	@${ECHO_CMD} "@dirrm libexec/squid" >>${WRKDIR}/plist.dynamic
+# Only register what we should have installed, there may be local additions
+# present:
+.for d in ${SQUID_LANGUAGES}
+	@cd ${PREFIX} && ${FIND} etc/squid/errors/${d} -type f \
+	    >>${WRKDIR}/plist.dynamic
+	@${ECHO_CMD} "@dirrm etc/squid/errors/${d}" >>${WRKDIR}/plist.dynamic
+.endfor
+	@${ECHO_CMD} "r ${TMPPLIST}" >${WRKDIR}/ex.script
+	@${ECHO_CMD} "/Start of dynamically generated plist" >>${WRKDIR}/ex.script
+	@${ECHO_CMD} "r ${WRKDIR}/plist.dynamic" >>${WRKDIR}/ex.script
+	@${ECHO_CMD} "x!" >>${WRKDIR}/ex.script
+	@${CP} -p ${TMPPLIST} ${TMPPLIST}.orig
+	@cd ${WRKDIR} && ex <ex.script >/dev/null
 
 .include <bsd.port.mk>