[debian-edu-commits] debian-edu/ 01/01: Rewrite squid configuration handling to work with squid3. * Rewrite squid configuration handling to work with squid3. Use our own /etc/squid3/squid-debian-edu.conf (copied from /usr/share/ on demand) instead of rewriting the file included in the squid package, to make upgrades easier and avoid a conffile question if the defaults change. * Adjust squid-update-cachedir to work with squid3.

Petter Reinholdtsen pere at moszumanska.debian.org
Fri Oct 3 12:16:08 UTC 2014 

This is an automated email from the git hooks/post-receive script.

pere pushed a commit to branch master
in repository debian-edu-config.

commit d964372bdd2a39eb548eb9395973ea3f089f93f7
Author: Petter Reinholdtsen <pere at hungry.com>
Date:   Fri Oct 3 14:16:04 2014 +0200

    Rewrite squid configuration handling to work with squid3.
    * Rewrite squid configuration handling to work with squid3.
      Use our own /etc/squid3/squid-debian-edu.conf (copied from
      /usr/share/ on demand) instead of rewriting the file included in
      the squid package, to make upgrades easier and avoid a conffile
      question if the defaults change.
    * Adjust squid-update-cachedir to work with squid3.
---
 cf/cf.squid                                        | 47 +++++-----------
 debian/changelog                                   |  9 +++
 share/debian-edu-config/squid3.conf                | 65 ++++++++++++++++++++++
 .../debian-edu-config/tools/squid-update-cachedir  | 12 ++--
 4 files changed, 95 insertions(+), 38 deletions(-)

diff --git a/cf/cf.squid b/cf/cf.squid
index ba53fbc..56d196a 100644
--- a/cf/cf.squid
+++ b/cf/cf.squid
@@ -4,42 +4,21 @@ links:
                 /etc/iceweasel/pref/debian-edu-networked.js ->
                 /usr/share/debian-edu-config/iceweacel-networked-prefs.js nofile=force
 
-# Configure squid.
-#  - Add new access control list schoolnet.
-#  - Grant access to this list.
-#  - Adjust cache size to fit size of /var/spool/squid.
-#  - Appends .intern to hostnames without any dots in them.
-
+# Configure squid, copy our setup to /etc/squid3/ (instead of
+# including it in the package as a conffile), to ensure package
+# upgrades do not trigger a conffile question from dpkg.
+directories:
+   debian.server::
+    /etc/squid3 mode=755 owner=root group=root  
+copy:
+   debian.server::
+    /usr/share/debian-edu-config/squid3.conf dest=/etc/squid3/squid-debian-edu.conf mode=0644
 editfiles:
-
    debian.server::
-
-    { /etc/squid3/squid.conf
-
-      LocateLineMatching "# INSERT YOUR OWN RULE\(S\) HERE TO ALLOW ACCESS FROM YOUR CLIENTS"
-      IncrementPointer   "2"
-      BeginGroupIfNoMatch "http_access allow localnet"
-	IncrementPointer "-1"
-	InsertLine "http_access allow localnet"
-      EndGroup
-
-      # Cache larger files to cache more debian packages
-      LocateLineMatching "# maximum_object_size 20480 KB"
-      IncrementPointer   "1"
-      BeginGroupIfNoMatch "maximum_object_size 153600 KB"
-	IncrementPointer "-1"
-	InsertLine "maximum_object_size 153600 KB"
-      EndGroup
-
-      LocateLineMatching "# append_domain .yourdomain.com"
-      IncrementPointer   "1"
-      BeginGroupIfNoMatch "append_domain .intern"
-	IncrementPointer "-1"
-	InsertLine "append_domain .intern"
-      EndGroup
-
-      # Workaround for bug #591839 in squid.
-      ReplaceAll "Package\(\.gz\)" With "Packages(.gz)"
+    { /etc/default/squid3
+      AutoCreate
+      AppendIfNoSuchLine "CONFIG=/etc/squid3/squid-debian-edu.conf"
+      AppendIfNoSuchLine "SQUID_ARGS=\"-YC -f /etc/squid3/squid-debian-edu.conf\""
     }
 
 
diff --git a/debian/changelog b/debian/changelog
index 1db9618..75ff48e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,11 +1,20 @@
 debian-edu-config (1.807) UNRELEASED; urgency=high
 
+  [ Wolfgang Schweer ]
   * Fix domain-name settings for subnet00.intern and subnet01.intern.
     The invalid names caused ltsp clients to get a wrong /etc/resolv.conf
     generated by the ltsp init script ('search bad').
   * Adjust testsuite/timezone to accept Europe/Berlin as timezone for
     Germany.
 
+  [ Petter Reinholdtsen ]
+  * Rewrite squid configuration handling to work with squid3.
+    Use our own /etc/squid3/squid-debian-edu.conf (copied from
+    /usr/share/ on demand) instead of rewriting the file included in
+    the squid package, to make upgrades easier and avoid a conffile
+    question if the defaults change.
+  * Adjust squid-update-cachedir to work with squid3.
+
  -- Wolfgang Schweer <wschweer at arcor.de>  Thu, 02 Oct 2014 21:40:29 +0200
 
 debian-edu-config (1.806) unstable; urgency=high
diff --git a/share/debian-edu-config/squid3.conf b/share/debian-edu-config/squid3.conf
new file mode 100644
index 0000000..2e074e1
--- /dev/null
+++ b/share/debian-edu-config/squid3.conf
@@ -0,0 +1,65 @@
+# Squid version 3 configuration file
+#
+# Created using the default configuration, applying the patch found in
+# bug #763867 and doing
+#   grep -v '^#' /etc/squid3/squid.conf |grep -v '^$'
+# and finally adding a apt related refresh_pattern and
+# maximum_object_size, append_domain and cache_dir settings.
+
+acl SSL_ports port 443
+
+acl Safe_ports port 80          # http
+acl Safe_ports port 21          # ftp
+acl Safe_ports port 443         # https
+acl Safe_ports port 70          # gopher
+acl Safe_ports port 210         # wais
+acl Safe_ports port 1025-65535  # unregistered ports
+acl Safe_ports port 280         # http-mgmt
+acl Safe_ports port 488         # gss-http
+acl Safe_ports port 591         # filemaker
+acl Safe_ports port 777         # multiling http
+
+acl CONNECT method CONNECT
+
+# Grant access to the local networks
+acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
+acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
+acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
+acl localnet src fc00::/7       # RFC 4193 local private network range
+acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
+
+http_access deny !Safe_ports
+http_access deny CONNECT !SSL_ports
+http_access allow localhost manager
+http_access deny manager
+http_access allow localnet
+http_access allow localhost
+http_access deny all
+htcp_access allow localnet
+htcp_access deny all
+
+http_port 3128
+
+coredump_dir /var/spool/squid3
+
+
+
+refresh_pattern ^ftp:           1440    20%     10080
+refresh_pattern ^gopher:        1440    0%      1440
+refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
+
+# See bug #591839
+refresh_pattern (Release|Packages(.gz)*)$      0       20%      2880
+
+refresh_pattern .               0       20%     4320
+
+# Cache larger files to cache more debian packages
+maximum_object_size 153600 KB
+
+#  - Appends .intern to hostnames without any dots in them.
+append_domain .intern
+
+# Adjust cache size to fit size of /var/spool/squid, the capasity is
+# dynamically updated using
+# /usr/share/debian-edu-config/tools/squid-update-cachedir
+cache_dir ufs /var/spool/squid3 100 16 256
diff --git a/share/debian-edu-config/tools/squid-update-cachedir b/share/debian-edu-config/tools/squid-update-cachedir
index 68fe379..8a678ba 100755
--- a/share/debian-edu-config/tools/squid-update-cachedir
+++ b/share/debian-edu-config/tools/squid-update-cachedir
@@ -1,14 +1,18 @@
 #!/bin/bash
-# 
+#
 # Update cache size in squid.conf to be 80% of the partition size
 
 LC_ALL=C
 export LC_ALL
 
+CONFIG=/etc/squid3/squid.conf
+
+[ ! -f /etc/default/squid3 ] || . /etc/default/squid3
+
 if [ "$1" ] ; then
     squidconf="$1"
-else	
-    squidconf=/etc/squid/squid.conf
+else
+    squidconf="$CONFIG"
 fi
 
 if [ "$2" ] ; then
@@ -17,7 +21,7 @@ else
     fillpercent=80
 fi
 
-defaultcachedir=/var/spool/squid
+defaultcachedir=/var/spool/squid3
 
 cachedir="$(grep '^cache_dir ufs ' $squidconf | awk '{print $3}')"
 if [ -z "$cachedir" ] ; then

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/debian-edu-config.git

More information about the debian-edu-commits mailing list