summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--pcr/c-icap/PKGBUILD29
-rw-r--r--pcr/c-icap/c-icap.conf125
-rw-r--r--pcr/c-icap/c-icap.install (renamed from pcr/c-icap/install)1
-rw-r--r--pcr/c-icap/c-icap.logrotate (renamed from pcr/c-icap/logrotate)0
-rw-r--r--pcr/c-icap/c-icap.sysusers1
-rw-r--r--pcr/c-icap/c-icap.tmpfiles (renamed from pcr/c-icap/tmpfiles.d)0
6 files changed, 135 insertions, 21 deletions
diff --git a/pcr/c-icap/PKGBUILD b/pcr/c-icap/PKGBUILD
index 67c4667f4..52814f2fd 100644
--- a/pcr/c-icap/PKGBUILD
+++ b/pcr/c-icap/PKGBUILD
@@ -1,25 +1,31 @@
-# Maintainer (Arch): Amish <contact at via dot aur>
+# Maintainer (AUR): Amish <contact at via dot aur>
+
+# parabola changes and rationale:
+# no changes.
+
pkgname=c-icap
-pkgver=0.4.2
-pkgrel=1
+pkgver=0.5.2
+pkgrel=3
pkgdesc='Implementation of an ICAP server'
arch=(i686 x86_64 armv7h)
url='http://c-icap.sourceforge.net/'
license=('GPL' 'LGPL')
-source=("http://downloads.sourceforge.net/project/c-icap/c-icap/0.4.x/c_icap-${pkgver}.tar.gz"
+source=("http://downloads.sourceforge.net/project/c-icap/c-icap/0.5.x/c_icap-${pkgver}.tar.gz"
'c-icap.conf'
'c-icap.service'
- 'tmpfiles.d'
- 'logrotate')
-sha256sums=('b138c7d7d9828d54c3307bcfe7b4917911266593832ffc26a60df9a0dfd2511e'
- 'a2859a3f2bab1d96ae3a6364853a65c3985a0c336dab385294b977ecca336fc3'
+ 'c-icap.tmpfiles'
+ 'c-icap.sysusers'
+ 'c-icap.logrotate')
+sha256sums=('1a9ce61622176eaf068d97d6a00baedbbfca96002c5115c8147b41c95c8164ca'
+ '7081377defff06af6dd8cbea9776ad45d45a3eae84a9d109681bb49c9b2f1725'
'313ae1b3ff52597158d3a914702d60b16248a8fb8f934e91644f63ad373e6375'
'485fa1649ad1a63f6f2ec46eb0c8100d8756be0ba99df2cf23aa2fc70f14b27d'
+ 'c903eb86e6968b9d3bd0a9ad3335e8ce76a718b6217251e9dd7e66d5cf1ac94a'
'07d5d98801feb0b20fe3cbbf9f7d00148cbda7b2e9e2bc07d859c1c5aa154926')
backup=('etc/c-icap/c-icap.conf'
'etc/c-icap/c-icap.magic'
'etc/logrotate.d/c-icap')
-install=install
+install=$pkgname.install
build() {
cd "${srcdir}/c_icap-${pkgver}"
@@ -46,8 +52,9 @@ package() {
install -Dm644 ../c-icap.conf "${pkgdir}"/etc/c-icap/c-icap.conf
install -Dm644 ../c-icap.service "${pkgdir}"/usr/lib/systemd/system/c-icap.service
- install -Dm644 ../tmpfiles.d "${pkgdir}"/usr/lib/tmpfiles.d/c-icap.conf
- install -Dm644 ../logrotate "${pkgdir}"/etc/logrotate.d/c-icap
+ install -Dm644 ../c-icap.tmpfiles "${pkgdir}"/usr/lib/tmpfiles.d/c-icap.conf
+ install -Dm644 ../c-icap.sysusers "${pkgdir}"/usr/lib/sysusers.d/c-icap.conf
+ install -Dm644 ../c-icap.logrotate "${pkgdir}"/etc/logrotate.d/c-icap
install -d -m750 "${pkgdir}"/var/log/c-icap
chown 15:15 "${pkgdir}"/var/log/c-icap
diff --git a/pcr/c-icap/c-icap.conf b/pcr/c-icap/c-icap.conf
index 8a9890c9c..5d3e4749a 100644
--- a/pcr/c-icap/c-icap.conf
+++ b/pcr/c-icap/c-icap.conf
@@ -124,13 +124,75 @@ MaxRequestsPerChild 0
# InterProcessLockingScheme file
# TAG: Port
-# Format: Port port
+# Format: Port [address:]port
# Description:
# The port number that the c-icap server uses to listen to requests.
# Default:
-# Port 1344
+# None
Port 1344
+# TAG: TlsPort
+# Format: TlsPort [address:]port [tls-method=method] [cert=path_to_pem_cert] [key=path_to_pem_key] [client_ca=path_to_pem_file] [ciphers=ciph1:ciph2...] [tls_options=[!]Opt1|[!]Opt2|...]
+# Description:
+# The port number that the c-icap server uses to listen for TLS/SSL
+# requests. Options:
+# tls-method
+# Set the SSL method to use. Available methods are:
+# SSLv23 TLSv1_2 TLSv1_1 TLSv1 SSLv3 SSLv2
+# cert
+# Set the certificate to use by the icap server. The certificate
+# should be in pem format.
+# key
+# The key of the configured certificate in pem format. If none
+# set then the c-icap searches for the key inside cert file.
+# client_ca
+# File containing all CA that we accept client certs from. If it
+# is set then c-icap enables client certificates verification.
+# cafile
+# PEM file containing CA certificates to use when verifying client
+# certificates. If not configured the root.pem file will be used.
+# capath
+# Directory containing additional CA certificates to use when
+# verifying client certificates.
+# ciphers
+# Collon separated lists of the ciphers to accept. Please check
+# openSSL manual for supported ciphers.
+# tls-options
+# Sets various options:
+# SSL_OP_NO_SSLv2 disable the use of SSLv2
+# SSL_OP_NO_SSLv3 disable the use of SSLv3
+# SSL_OP_NO_TLSv1 disable the use of TLSv1
+# SSL_OP_NO_TLSv1_2 disable the use of TLSv1.2
+# SSL_OP_NO_TLSv1_1 disable the use of TLSv1.1
+# SSL_OP_NO_TICKET disable the use of RFC5077 session tickets
+# SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+# When performing renegotiation as a server, always start a
+# new session.
+# SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
+# Allow legacy insecure renegotiation between OpenSSL and
+# unpatched clients or servers.
+#
+# For more options please see the SSL_set_options documentation.
+#
+# By default the SSL_OP_ALL flag is set which enables all of the
+# important bug workarrounds. To reset this flag use the
+# "!SSL_OP_ALL" as first flag:
+# tls-options=!SSL_OP_ALL:SSL_OP_NO_TICKET
+#
+# Default:
+# None
+
+# TAG: TlsPassphrase
+# Format: TlsPassphrase /path/to/script
+# Description:
+# Path to the script to run to get the passphrases of TLS certificates
+# keys. The c-icap will pass as arguments the IP address and port number
+# to the script.
+# Default:
+# No value
+# Example:
+# TlsPassphrase /use/local/c-icap/scripts/cert-passphrase.sh
+
# TAG: User
# Format: User username
# Description:
@@ -221,6 +283,16 @@ SupportBuggyClients off
# Default:
# No set
+# TAG: FakeAllow204
+# Format: FakeAllow204 on|off
+# Description:
+# Support 204 responses from services preview handler to the clients
+# which does not support preview. Requires early responses support
+# from clients.
+# If disabled the c-icap will return 500 response in these cases
+# Default:
+# FakeAllow204 on
+
# TAG: ModulesDir
# Format: ModulesDir dir
# Description:
@@ -414,6 +486,18 @@ RemoteProxyUserHeaderEncoded on
# A - Saturday
# acl http_client_ip ip1[/netmask1] ...
# The HTTP client ip address, if it is available.
+# acl http_req_line value1 ...
+# The first line of HTTP request
+# The values are in regex form: /avalue/flags
+# acl http_resp_line value1 ...
+# The first line of HTTP response
+# The values are in regex form: /avalue/flags
+# acl http_req_url value1 ...
+# The HTTP request url without GET request arguments
+# The values are in regex form: /avalue/flags
+# acl http_req_method value1 ...
+# The HTTP request method
+
# Default:
# None set
# Examples:
@@ -543,24 +627,36 @@ AccessLog /var/log/c-icap/access.log
# Logger sys_logger
# TAG: Module
-# Format: Module Type ModuleFile
+# Format: Module Type ModuleFile [forceUnload=off]
# Description:
# Load an external module/plugin to c-icap.
-# ModuleFile is the filename of the module. If no full path given then c-icap
-# searche in path defined by the ModulesDir configuration parameter.
+# ModuleFile is the filename of the module. If no full path given then
+# the c-icap uses the path defined by the ModulesDir configuration
+# parameter.
# Type is the type of the external module and can be one of the following:
-# - "logger" for modules implement a logger
-# - "common" for general purpose modules
+# "logger" for modules implement a logger
+# "common" for general purpose modules
+# forceUnload=off
+# Forces c-icap to not unload services/modules loaded as external
+# dynamic libraries on shutdown or reconfigure.
+# This option may required when the services/modules are using
+# c++, or they are linked with c++ libraries.
# Default:
#
# Example:
# Module logger sys_logger.so
# TAG: Service
-# Format: Service aName ServiceFile
+# Format: Service aName ServiceFile [forceUnload=off]
# Description:
# It loads the service ServiceFile. The argument aName used
# as alias name for the service
+# forceUnload=off
+# Forces c-icap to not unload services/modules loaded as external
+# dynamic libraries on shutdown or reconfigure.
+# This option may required when the services/modules are using
+# c++, or they are linked with c++ libraries.
+
# Default:
#
# Example:
@@ -676,7 +772,14 @@ Service echo srv_echo.so
# Description:
# Add support for Berkeley DB based lookup tables. The format for
# bdb path of the lookup table is:
-# bdb:/path/to/bdb
+# bdb:/path/to/bdb[{param1=val, ...}]
+# bdb table parameters can be one or more of the followings:
+# cache-size=Size[K|M]
+# The cache size to use. Default is the berkeleyDB default value.
+# cache-num=num
+# The number of caches to create. The cache will be split across
+# num separate regions, where the region size is equal to the
+# initial cache size divided by ncache.
# Use the c-icap-mkbdb utility to build Berkeley DB c-icap lookup tables
# Example:
# Module common bdb_tables.so
@@ -707,8 +810,10 @@ Service echo srv_echo.so
# Module: ldap_module
# Description:
# Add LDAP support to c-icap. The user can use LDAP based lookup tables
-# using the following lookup table path:
+# using the following lookup table paths:
# ldap://[username:password@]ldapserver?base?attr1,attr2?filter[{[param=value, ...]}]
+# ldaps://...
+# ldapi://...
# The filter can contain the "%s" formating code which will be replaced by
# the search key.
# ldap table parameters can be one or more of the followings:
diff --git a/pcr/c-icap/install b/pcr/c-icap/c-icap.install
index 04997856e..5baa48a2a 100644
--- a/pcr/c-icap/install
+++ b/pcr/c-icap/c-icap.install
@@ -1,4 +1,5 @@
post_upgrade() {
+ systemd-sysusers c-icap.conf
systemd-tmpfiles --create c-icap.conf
}
diff --git a/pcr/c-icap/logrotate b/pcr/c-icap/c-icap.logrotate
index e84f475c7..e84f475c7 100644
--- a/pcr/c-icap/logrotate
+++ b/pcr/c-icap/c-icap.logrotate
diff --git a/pcr/c-icap/c-icap.sysusers b/pcr/c-icap/c-icap.sysusers
new file mode 100644
index 000000000..95121e681
--- /dev/null
+++ b/pcr/c-icap/c-icap.sysusers
@@ -0,0 +1 @@
+u proxy 15 - /var/empty
diff --git a/pcr/c-icap/tmpfiles.d b/pcr/c-icap/c-icap.tmpfiles
index 20ccc11f0..20ccc11f0 100644
--- a/pcr/c-icap/tmpfiles.d
+++ b/pcr/c-icap/c-icap.tmpfiles