diff options
| -rw-r--r-- | www/squid24/Makefile | 59 | ||||
| -rw-r--r-- | www/squid24/files/squid.sh | 32 | ||||
| -rw-r--r-- | www/squid24/pkg-deinstall | 36 | ||||
| -rw-r--r-- | www/squid24/pkg-install | 71 |
4 files changed, 166 insertions, 32 deletions
diff --git a/www/squid24/Makefile b/www/squid24/Makefile index fa699c22b3d1..6a87ef1c87ea 100644 --- a/www/squid24/Makefile +++ b/www/squid24/Makefile @@ -7,10 +7,17 @@ # Tunables not (yet) configurable via 'make config': # SQUID_{U,G}ID # Which user/group squid should run as (default: squid/squid). -# The user and group will be created if they do not already exist. +# The user and group will be created if they do not already exist with +# a uid:gid of 100:100. # NOTE: before version 2.4.7_11, these settings defaulted to # nobody/nogroup. # If you wish to keep these settings, please define SQUID_UID=nobody and +# SQUID_GID=nogroup in your make environment before you start the update. +# NOTE2: +# Before version 2.4_12 the numerical id chosen for SQUID_UID (and +# SQUID_GID respectively) was the first free id greater than or equal 3128. +# If you wish to move your squid user to id 100:100, run "make changeuser", +# please see the changeuser target's definition for further information. # # SQUID_LANGUAGE # The set of error pages to be installed. Valid values are: @@ -26,7 +33,7 @@ PORTNAME= squid PORTVERSION= 2.4 -PORTREVISION= 11 +PORTREVISION= 12 CATEGORIES= www MASTER_SITES= \ ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \ @@ -47,7 +54,7 @@ PATCH_DIST_STRIP= -p1 MAINTAINER= tmseck@netcologne.de COMMENT= The successful WWW proxy cache and accelerator -CONFLICTS= squid-* +CONFLICTS= squid-2.[^4] GNU_CONFIGURE= yes STRIP= # won't install scripts correctly otherwise. @@ -222,4 +229,50 @@ post-install: -cd ${PREFIX}/sbin && ${STRIP_CMD} ${sbin} @${SETENV} PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL +changeuser: +# Recover from the problem that earlier versions of this port created the +# squid pseudo-user with an id greater than 999 which is not allowed in +# FreeBSD's ports system. The port now uses id 100:100. +# NOTE: +# This target assumes that SQUID_GID is the primary group of SQUID_UID. If you +# have a different setup, do not run this target! +.if ${SQUID_UID:L} == nobody + @${ECHO_CMD} "'nobody' is a system user, you do not need to execute"; \ + ${ECHO_CMD} "this target!" + exit 1 +.endif + @if [ `id -u` -ne 0 ]; \ + then ${ECHO_CMD} "Sorry, you must be root to use this target."; exit 1; fi; \ + current_uid=`id -u ${SQUID_UID}`; \ + current_gid=`pw groupshow ${SQUID_GID}|cut -f 3 -d :`; \ + ${ECHO_CMD} "I will remove this user:"; \ + id -P $${current_uid}; \ + ${ECHO_CMD} "and this group:"; \ + pw groupshow ${SQUID_GID}; \ + ${ECHO_CMD} "I will then re-create them with a user and group id of 100."; \ + ${ECHO_CMD} "Then all files and directories under ${PREFIX} and /var that"; \ + ${ECHO_CMD} "are owned by uid $${current_uid} will be chown(1)'ed."; \ + ${ECHO_CMD} "After that, all files and directories that were accessible"; \ + ${ECHO_CMD} "by group $${current_gid} will chgrp(1)'ed respectively."; \ + ${ECHO_CMD} "Note that this assumes group '${SQUID_GID}' to be the primary"; \ + ${ECHO_CMD} "group of user '${SQUID_UID}'. If you have a different setup"; \ + ${ECHO_CMD} "please abort this target now."; \ + read -p "Press RETURN to continue or CTRL-C to abort:" dummy ; \ + ${ECHO_CMD} "OK, here we go:"; \ + ${ECHO_CMD} "deleting user $${current_uid} and his primary group..."; \ + pw userdel -u $${current_uid}; \ + ${ECHO_CMD} "adding user ${SQUID_UID} with id 100..."; \ + pw groupadd -n ${SQUID_GID} -g 100; \ + pw useradd -n ${SQUID_UID} -u 100 -c "squid caching-proxy pseudo user" \ + -d ${PREFIX}/squid -s /sbin/nologin -h - ; \ + ${ECHO_CMD} "chown(1)'ing everything under ${PREFIX} from $${current_uid} to 100..."; \ + ${FIND} -H ${PREFIX} -user $${current_uid} -exec ${CHOWN} 100 {} \; ; \ + ${ECHO_CMD} "chgrp(1)'ing everything under ${PREFIX} from $${current_gid} to 100..."; \ + ${FIND} -H ${PREFIX} -group $${current_gid} -exec ${CHOWN} :100 {} \; ; \ + ${ECHO_CMD} "chown(1)'ing everything under /var from $${current_uid} to 100..."; \ + ${FIND} -H /var -user $${current_uid} -exec ${CHOWN} 100 {} \; ; \ + ${ECHO_CMD} "chgrp(1)'ing everything under /var from $${current_gid} to 100..."; \ + ${FIND} -H /var -group $${current_gid} -exec ${CHOWN} :100 {} \; ; \ + ${ECHO_CMD} "Finished." + .include <bsd.port.post.mk> diff --git a/www/squid24/files/squid.sh b/www/squid24/files/squid.sh index 688111d7fc4e..2844dba237f6 100644 --- a/www/squid24/files/squid.sh +++ b/www/squid24/files/squid.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# $FreeBSD: /tmp/pcvs/ports/www/squid24/files/Attic/squid.sh,v 1.4 2004-02-18 12:25:09 sergei Exp $ +# $FreeBSD: /tmp/pcvs/ports/www/squid24/files/Attic/squid.sh,v 1.5 2004-03-23 17:12:47 sada Exp $ # # PROVIDE: squid # REQUIRE: NETWORKING SERVERS @@ -8,15 +8,13 @@ # KEYWORD: FreeBSD # # Note: -# If you are running an rcNG-System (i.e. FreeBSD 5 and later or after -# having installed the rc_subr-port on an earlier system) you must set +# If you are running an rcNG-System (i.e. FreeBSD 5 and later) you need to set # "squid_enable=YES" in either /etc/rc.conf, /etc/rc.conf.local or # /etc/rc.conf.d/squid to make this script actually do something. There # you can also set squid_chdir, squid_user, and squid_flags. # # Please see squid(8), rc.conf(5) and rc(8) for further details. -unset rcNG name="squid" command=%%PREFIX%%/sbin/squid extra_commands=reload @@ -28,33 +26,29 @@ stop_cmd="${command} -k shutdown" default_config=%%PREFIX%%/etc/squid/squid.conf if [ -f /etc/rc.subr ]; then - . /etc/rc.subr && rcNG=yes -else - if [ -f %%PREFIX%%/etc/rc.subr ]; then - . %%PREFIX%%/etc/rc.subr && rcNG=yes - fi -fi - -if [ "${rcNG}" ]; then + # make use of rcNG features: + . /etc/rc.subr rcvar=`set_rcvar` load_rc_config ${name} - # check that squid's default configuration is present when - # squid_flags is not set. We assume that you specify at - # least the path to your non-default configuration with - # '-f /path/to/config.file' in squid_flags if you delete this file. + # squid(8) will not start if ${default_config} is not present so try + # to catch that beforehand via ${required_files} rather than make + # squid(8) crash. + # If you remove the default configuration file make sure to add + # '-f /path/to/your/squid.conf' to squid_flags if [ -z "${squid_flags}" ]; then required_files=${default_config} fi required_dirs=${squid_chdir} run_rc_command "$1" else + # implement the startup using the "old style" for non-rcNG-systems: case $1 in start) if [ -x "${command}" -a \ - \( -f "${default_config}" -o "${squid_flags}" \) ]; then + \( -f "${default_config}" -o "${squid_flags}" \) ]; then echo -n ' squid' (cd ${squid_chdir} && exec su -fm ${squid_user} -c \ - "${command} ${squid_flags}") + "${command} ${squid_flags}") fi ;; stop) @@ -66,7 +60,7 @@ else done fi ;; - *) + *) echo "usage: `basename $0` {start|stop}" >&2 exit 64 ;; diff --git a/www/squid24/pkg-deinstall b/www/squid24/pkg-deinstall new file mode 100644 index 000000000000..51cf5f29698a --- /dev/null +++ b/www/squid24/pkg-deinstall @@ -0,0 +1,36 @@ +#!/bin/sh +# +# $FreeBSD: /tmp/pcvs/ports/www/squid24/Attic/pkg-deinstall,v 1.1 2004-03-23 17:12:47 sada Exp $ +# + +PATH=/bin:/usr/bin:/usr/sbin +pkgname=$1 + +case $2 in +DEINSTALL) + cd ${PKG_PREFIX}/etc/squid || exit 1 + for f in squid.conf mime.conf ; do + cmp -s -z ${f} ${f}.default && rm ${f} + done + ;; +POST-DEINSTALL) + rmdir ${PKG_PREFIX}/etc/squid 2>/dev/null + rmdir ${PKG_PREFIX}/squid/cache 2>/dev/null + rmdir -p ${PKG_PREFIX}/squid/logs 2>/dev/null + echo "===> post-deinstallation information for ${pkgname}" + echo "" + echo " Please note that ${pkgname} was not completely removed" + echo " from this system." + echo "" + echo " The cache and log directories, squid's user account," + echo " and any modified configuration files have been preserved" + echo " in case you want to install an updated version of squid" + echo " on this system. You must remove them manually if you do" + echo " not want to use squid any longer." + echo "" + ;; +*) + exit 64 + ;; +esac +exit 0 diff --git a/www/squid24/pkg-install b/www/squid24/pkg-install index 4020924da3f4..13fe7847e491 100644 --- a/www/squid24/pkg-install +++ b/www/squid24/pkg-install @@ -1,6 +1,6 @@ #!/bin/sh # -# $FreeBSD: /tmp/pcvs/ports/www/squid24/Attic/pkg-install,v 1.8 2004-02-18 12:25:08 sergei Exp $ +# $FreeBSD: /tmp/pcvs/ports/www/squid24/Attic/pkg-install,v 1.9 2004-03-23 17:12:47 sada Exp $ # PATH=/bin:/usr/bin:/usr/sbin @@ -9,16 +9,19 @@ squid_base=${PKG_PREFIX:-/usr/local}/squid squid_confdir=${PKG_PREFIX:-/usr/local}/etc/squid squid_user=${SQUID_USER:=squid} squid_group=${SQUID_GROUP:=squid} -squid_gid=3128 -squid_uid=3128 - +squid_gid=100 +squid_uid=100 +# Try to catch the case where the $squid_user might have been created with an +# id greater than or equal 3128. The valid exception is "nobody". +nobody_uid=65534 +nobody_gid=65534 +squid_oldgid=3128 +squid_olduid=3128 +unset wrong_id case $2 in PRE-INSTALL) echo "===> Pre-installation configuration for ${pkgname}" if ! pw groupshow ${squid_group} -q >/dev/null ; then - while pw groupshow -g ${squid_gid} -q >/dev/null; do - squid_gid=`expr ${squid_gid} + 1` - done echo "There is no group '${squid_group}' on this system, so I will try to create it:" if ! pw groupadd ${squid_group} -g ${squid_gid} -q ; then echo "Failed to create group \"${squid_group}\"!" >&2 @@ -29,12 +32,15 @@ PRE-INSTALL) fi else echo "I will use the existing group '${squid_group}':" + current_gid=`pw groupshow ${squid_group}|cut -f 3 -d :` + if [ ${current_gid} -ge ${squid_oldgid} \ + -a ${current_gid} -ne ${nobody_gid} ]; then + wrong_id=1 + fi fi pw groupshow ${squid_group} + if ! pw usershow ${squid_user} -q >/dev/null ; then - while pw usershow -u ${squid_uid} -q >/dev/null; do - squid_uid=`expr ${squid_uid} + 1` - done echo "There is no account '${squid_user}' on this system, so I will try to create it:" if ! pw useradd ${squid_user} -u ${squid_uid} -q \ -c "squid caching-proxy pseudo user" -g ${squid_group} \ @@ -47,8 +53,53 @@ PRE-INSTALL) fi else echo "I will use the existing user '${squid_user}':" + current_uid=`id -u ${squid_user}` + if [ ${current_uid} -ge ${squid_olduid} \ + -a ${current_uid} -ne ${nobody_uid} ]; + then + wrong_id=1 + fi fi pw usershow ${squid_user} + if [ "${wrong_id}" ]; then + echo "" + echo " * NOTICE *" + echo "" + echo "The squid pseudo-user's uid and/or gid have been found" + echo "to be greater than or equal 3128." + echo "" + echo "This is not a problem as such, but violates the FreeBSD" + echo "ports' principle that a ports must not claim a uid greater" + echo "than 999." + echo "" + echo "Since version 2.5.4_11, the squid user is thus created" + echo "with an id of ${squid_uid}:${squid_gid} while earlier versions of this" + echo "port used the first unused uid/gid greater than or" + echo "equal 3128." + echo "" + echo "If you want to change the existing squid user's id, run" + echo "'make changeuser' after the installation has completed." + echo "If you installed this port via a package, issue the" + echo "following commands as root:" + echo "" + echo "pw userdel -u ${current_uid}" + echo "pw groupadd -n ${squid_group} -g ${squid_gid}" + echo "pw useradd -n ${squid_user} -u ${squid_uid} \\" + echo " -c \"squid caching-proxy pseudo user\" \\" + echo " -g ${squid_group} -d ${squid_base} -s /sbin/nologin \\" + echo " -h -" + echo "find -H ${PKG_PREFIX} -user ${current_uid} -exec chown ${squid_user} {} \\;" + echo "find -H ${PKG_PREFIX} -group ${current_gid} -exec chgrp ${squid_group} {} \\;" + echo "" + echo "In case you have installed third party software for squid" + echo "like squidGuard, you should additionally run:" + echo "find -H /var -user ${current_uid} -exec chown ${squid_user} {} \\;" + echo "find -H /var -group ${current_gid} -exec chgrp ${squid_group} {} \\;" + echo "" + if [ -z "${PACKAGE_BUILDING}" -a -z "${BATCH}" ]; then + sleep 30 + fi + fi for dir in cache logs; do if [ ! -d ${squid_base}/${dir} ]; then echo "Creating ${squid_base}/${dir}..." |