Date: 2 Mar 2004 18:36:58 -0000 From: Thomas-Martin Seck <tmseck@netcologne.de> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/63652: [Maintainer] www/squid24: sync with www/squid Message-ID: <20040302183658.2202.qmail@laurel.tmseck.homedns.org> Resent-Message-ID: <200403021840.i22IeBhf015090@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 63652 >Category: ports >Synopsis: [Maintainer] www/squid24: sync with www/squid >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Tue Mar 02 10:40:10 PST 2004 >Closed-Date: >Last-Modified: >Originator: Thomas-Martin Seck >Release: FreeBSD 4.9-STABLE i386 >Organization: private site in Germany >Environment: FreeBSD ports repository as of Mar 02, 2004. >Description: Synchronize with www/squid: - create the squid user with id 100:100 and provide a migration path via 'make changeuser' - don't overdo CONFLICTS - remove support for rcNG on systems without /etc/rc.subr - add pkg-deinstall, which somehow did not make it into portversion 2.4_11 Information for committers: please 'cvs add' pkg-deinstall >How-To-Repeat: >Fix: Apply this patch: diff -ruN -x CVS squid24.orig/Makefile squid24/Makefile --- squid24.orig/Makefile Wed Feb 18 13:24:46 2004 +++ squid24/Makefile Tue Mar 2 18:07:50 2004 @@ -7,10 +7,17 @@ # Tunables not (yet) configurable via 'make config': # SQUID_{U,G}ID # Which user/group squid should run as (default: squid/squid). -# The user and group will be created if they do not already exist. +# The user and group will be created if they do not already exist with +# a uid:gid of 100:100. # NOTE: before version 2.4.7_11, these settings defaulted to # nobody/nogroup. # If you wish to keep these settings, please define SQUID_UID=nobody and +# SQUID_GID=nogroup in your make environment before you start the update. +# NOTE2: +# Before version 2.4_12 the numerical id chosen for SQUID_UID (and +# SQUID_GID respectively) was the first free id greater than or equal 3128. +# If you wish to move your squid user to id 100:100, run "make changeuser", +# please see the changeuser target's definition for further information. # # SQUID_LANGUAGE # The set of error pages to be installed. Valid values are: @@ -26,7 +33,7 @@ PORTNAME= squid PORTVERSION= 2.4 -PORTREVISION= 11 +PORTREVISION= 12 CATEGORIES= www MASTER_SITES= \ ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \ @@ -47,7 +54,7 @@ MAINTAINER= tmseck@netcologne.de COMMENT= The successful WWW proxy cache and accelerator -CONFLICTS= squid-* +CONFLICTS= squid-2.[^4] GNU_CONFIGURE= yes STRIP= # won't install scripts correctly otherwise. @@ -221,5 +228,51 @@ -cd ${PREFIX}/libexec/squid && ${STRIP_CMD} ${libexec} -cd ${PREFIX}/sbin && ${STRIP_CMD} ${sbin} @${SETENV} PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL + +changeuser: +# Recover from the problem that earlier versions of this port created the +# squid pseudo-user with an id greater than 999 which is not allowed in +# FreeBSD's ports system. The port now uses id 100:100. +# NOTE: +# This target assumes that SQUID_GID is the primary group of SQUID_UID. If you +# have a different setup, do not run this target! +.if ${SQUID_UID:L} == nobody + @${ECHO_CMD} "'nobody' is a system user, you do not need to execute"; \ + ${ECHO_CMD} "this target!" + exit 1 +.endif + @if [ `id -u` -ne 0 ]; \ + then ${ECHO_CMD} "Sorry, you must be root to use this target."; exit 1; fi; \ + current_uid=`id -u ${SQUID_UID}`; \ + current_gid=`pw groupshow ${SQUID_GID}|cut -f 3 -d :`; \ + ${ECHO_CMD} "I will remove this user:"; \ + id -P $${current_uid}; \ + ${ECHO_CMD} "and this group:"; \ + pw groupshow ${SQUID_GID}; \ + ${ECHO_CMD} "I will then re-create them with a user and group id of 100."; \ + ${ECHO_CMD} "Then all files and directories under ${PREFIX} and /var that"; \ + ${ECHO_CMD} "are owned by uid $${current_uid} will be chown(1)'ed."; \ + ${ECHO_CMD} "After that, all files and directories that were accessible"; \ + ${ECHO_CMD} "by group $${current_gid} will chgrp(1)'ed respectively."; \ + ${ECHO_CMD} "Note that this assumes group '${SQUID_GID}' to be the primary"; \ + ${ECHO_CMD} "group of user '${SQUID_UID}'. If you have a different setup"; \ + ${ECHO_CMD} "please abort this target now."; \ + read -p "Press RETURN to continue or CTRL-C to abort:" dummy ; \ + ${ECHO_CMD} "OK, here we go:"; \ + ${ECHO_CMD} "deleting user $${current_uid} and his primary group..."; \ + pw userdel -u $${current_uid}; \ + ${ECHO_CMD} "adding user ${SQUID_UID} with id 100..."; \ + pw groupadd -n ${SQUID_GID} -g 100; \ + pw useradd -n ${SQUID_UID} -u 100 -c "squid caching-proxy pseudo user" \ + -d ${PREFIX}/squid -s /sbin/nologin -h - ; \ + ${ECHO_CMD} "chown(1)'ing everything under ${PREFIX} from $${current_uid} to 100..."; \ + ${FIND} -H ${PREFIX} -user $${current_uid} -exec ${CHOWN} 100 {} \; ; \ + ${ECHO_CMD} "chgrp(1)'ing everything under ${PREFIX} from $${current_gid} to 100..."; \ + ${FIND} -H ${PREFIX} -group $${current_gid} -exec ${CHOWN} :100 {} \; ; \ + ${ECHO_CMD} "chown(1)'ing everything under /var from $${current_uid} to 100..."; \ + ${FIND} -H /var -user $${current_uid} -exec ${CHOWN} 100 {} \; ; \ + ${ECHO_CMD} "chgrp(1)'ing everything under /var from $${current_gid} to 100..."; \ + ${FIND} -H /var -group $${current_gid} -exec ${CHOWN} :100 {} \; ; \ + ${ECHO_CMD} "Finished." .include <bsd.port.post.mk> diff -ruN -x CVS squid24.orig/files/squid.sh squid24/files/squid.sh --- squid24.orig/files/squid.sh Wed Feb 18 13:24:47 2004 +++ squid24/files/squid.sh Sat Feb 28 18:27:10 2004 @@ -8,15 +8,13 @@ # KEYWORD: FreeBSD # # Note: -# If you are running an rcNG-System (i.e. FreeBSD 5 and later or after -# having installed the rc_subr-port on an earlier system) you must set +# If you are running an rcNG-System (i.e. FreeBSD 5 and later) you need to set # "squid_enable=YES" in either /etc/rc.conf, /etc/rc.conf.local or # /etc/rc.conf.d/squid to make this script actually do something. There # you can also set squid_chdir, squid_user, and squid_flags. # # Please see squid(8), rc.conf(5) and rc(8) for further details. -unset rcNG name="squid" command=%%PREFIX%%/sbin/squid extra_commands=reload @@ -28,33 +26,29 @@ default_config=%%PREFIX%%/etc/squid/squid.conf if [ -f /etc/rc.subr ]; then - . /etc/rc.subr && rcNG=yes -else - if [ -f %%PREFIX%%/etc/rc.subr ]; then - . %%PREFIX%%/etc/rc.subr && rcNG=yes - fi -fi - -if [ "${rcNG}" ]; then + # make use of rcNG features: + . /etc/rc.subr rcvar=`set_rcvar` load_rc_config ${name} - # check that squid's default configuration is present when - # squid_flags is not set. We assume that you specify at - # least the path to your non-default configuration with - # '-f /path/to/config.file' in squid_flags if you delete this file. + # squid(8) will not start if ${default_config} is not present so try + # to catch that beforehand via ${required_files} rather than make + # squid(8) crash. + # If you remove the default configuration file make sure to add + # '-f /path/to/your/squid.conf' to squid_flags if [ -z "${squid_flags}" ]; then required_files=${default_config} fi required_dirs=${squid_chdir} run_rc_command "$1" else + # implement the startup using the "old style" for non-rcNG-systems: case $1 in start) if [ -x "${command}" -a \ - \( -f "${default_config}" -o "${squid_flags}" \) ]; then + \( -f "${default_config}" -o "${squid_flags}" \) ]; then echo -n ' squid' (cd ${squid_chdir} && exec su -fm ${squid_user} -c \ - "${command} ${squid_flags}") + "${command} ${squid_flags}") fi ;; stop) @@ -66,7 +60,7 @@ done fi ;; - *) + *) echo "usage: `basename $0` {start|stop}" >&2 exit 64 ;; diff -ruN -x CVS squid24.orig/pkg-deinstall squid24/pkg-deinstall --- squid24.orig/pkg-deinstall Thu Jan 1 01:00:00 1970 +++ squid24/pkg-deinstall Wed Feb 25 01:00:17 2004 @@ -0,0 +1,36 @@ +#!/bin/sh +# +# $FreeBSD:$ +# + +PATH=/bin:/usr/bin:/usr/sbin +pkgname=$1 + +case $2 in +DEINSTALL) + cd ${PKG_PREFIX}/etc/squid || exit 1 + for f in squid.conf mime.conf ; do + cmp -s -z ${f} ${f}.default && rm ${f} + done + ;; +POST-DEINSTALL) + rmdir ${PKG_PREFIX}/etc/squid 2>/dev/null + rmdir ${PKG_PREFIX}/squid/cache 2>/dev/null + rmdir -p ${PKG_PREFIX}/squid/logs 2>/dev/null + echo "===> post-deinstallation information for ${pkgname}" + echo "" + echo " Please note that ${pkgname} was not completely removed" + echo " from this system." + echo "" + echo " The cache and log directories, squid's user account," + echo " and any modified configuration files have been preserved" + echo " in case you want to install an updated version of squid" + echo " on this system. You must remove them manually if you do" + echo " not want to use squid any longer." + echo "" + ;; +*) + exit 64 + ;; +esac +exit 0 diff -ruN -x CVS squid24.orig/pkg-install squid24/pkg-install --- squid24.orig/pkg-install Wed Feb 18 13:24:46 2004 +++ squid24/pkg-install Tue Mar 2 18:05:10 2004 @@ -9,16 +9,19 @@ squid_confdir=${PKG_PREFIX:-/usr/local}/etc/squid squid_user=${SQUID_USER:=squid} squid_group=${SQUID_GROUP:=squid} -squid_gid=3128 -squid_uid=3128 - +squid_gid=100 +squid_uid=100 +# Try to catch the case where the $squid_user might have been created with an +# id greater than or equal 3128. The valid exception is "nobody". +nobody_uid=65534 +nobody_gid=65534 +squid_oldgid=3128 +squid_olduid=3128 +unset wrong_id case $2 in PRE-INSTALL) echo "===> Pre-installation configuration for ${pkgname}" if ! pw groupshow ${squid_group} -q >/dev/null ; then - while pw groupshow -g ${squid_gid} -q >/dev/null; do - squid_gid=`expr ${squid_gid} + 1` - done echo "There is no group '${squid_group}' on this system, so I will try to create it:" if ! pw groupadd ${squid_group} -g ${squid_gid} -q ; then echo "Failed to create group \"${squid_group}\"!" >&2 @@ -29,12 +32,15 @@ fi else echo "I will use the existing group '${squid_group}':" + current_gid=`pw groupshow ${squid_group}|cut -f 3 -d :` + if [ ${current_gid} -ge ${squid_oldgid} \ + -a ${current_gid} -ne ${nobody_gid} ]; then + wrong_id=1 + fi fi pw groupshow ${squid_group} + if ! pw usershow ${squid_user} -q >/dev/null ; then - while pw usershow -u ${squid_uid} -q >/dev/null; do - squid_uid=`expr ${squid_uid} + 1` - done echo "There is no account '${squid_user}' on this system, so I will try to create it:" if ! pw useradd ${squid_user} -u ${squid_uid} -q \ -c "squid caching-proxy pseudo user" -g ${squid_group} \ @@ -47,8 +53,53 @@ fi else echo "I will use the existing user '${squid_user}':" + current_uid=`id -u ${squid_user}` + if [ ${current_uid} -ge ${squid_olduid} \ + -a ${current_uid} -ne ${nobody_uid} ]; + then + wrong_id=1 + fi fi pw usershow ${squid_user} + if [ "${wrong_id}" ]; then + echo "" + echo " * NOTICE *" + echo "" + echo "The squid pseudo-user's uid and/or gid have been found" + echo "to be greater than or equal 3128." + echo "" + echo "This is not a problem as such, but violates the FreeBSD" + echo "ports' principle that a ports must not claim a uid greater" + echo "than 999." + echo "" + echo "Since version 2.5.4_11, the squid user is thus created" + echo "with an id of ${squid_uid}:${squid_gid} while earlier versions of this" + echo "port used the first unused uid/gid greater than or" + echo "equal 3128." + echo "" + echo "If you want to change the existing squid user's id, run" + echo "'make changeuser' after the installation has completed." + echo "If you installed this port via a package, issue the" + echo "following commands as root:" + echo "" + echo "pw userdel -u ${current_uid}" + echo "pw groupadd -n ${squid_group} -g ${squid_gid}" + echo "pw useradd -n ${squid_user} -u ${squid_uid} \\" + echo " -c \"squid caching-proxy pseudo user\" \\" + echo " -g ${squid_group} -d ${squid_base} -s /sbin/nologin \\" + echo " -h -" + echo "find -H ${PKG_PREFIX} -user ${current_uid} -exec chown ${squid_user} {} \\;" + echo "find -H ${PKG_PREFIX} -group ${current_gid} -exec chgrp ${squid_group} {} \\;" + echo "" + echo "In case you have installed third party software for squid" + echo "like squidGuard, you should additionally run:" + echo "find -H /var -user ${current_uid} -exec chown ${squid_user} {} \\;" + echo "find -H /var -group ${current_gid} -exec chgrp ${squid_group} {} \\;" + echo "" + if [ -z "${PACKAGE_BUILDING}" -a -z "${BATCH}" ]; then + read -p "Press RETURN to continue..." dummy + fi + fi for dir in cache logs; do if [ ! -d ${squid_base}/${dir} ]; then echo "Creating ${squid_base}/${dir}..." >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040302183658.2202.qmail>