diff options
-rw-r--r-- | pcr/c-icap/PKGBUILD | 29 | ||||
-rw-r--r-- | pcr/c-icap/c-icap.conf | 125 | ||||
-rw-r--r-- | pcr/c-icap/c-icap.install (renamed from pcr/c-icap/install) | 1 | ||||
-rw-r--r-- | pcr/c-icap/c-icap.logrotate (renamed from pcr/c-icap/logrotate) | 0 | ||||
-rw-r--r-- | pcr/c-icap/c-icap.sysusers | 1 | ||||
-rw-r--r-- | pcr/c-icap/c-icap.tmpfiles (renamed from pcr/c-icap/tmpfiles.d) | 0 |
6 files changed, 135 insertions, 21 deletions
diff --git a/pcr/c-icap/PKGBUILD b/pcr/c-icap/PKGBUILD index 67c4667f4..52814f2fd 100644 --- a/pcr/c-icap/PKGBUILD +++ b/pcr/c-icap/PKGBUILD @@ -1,25 +1,31 @@ -# Maintainer (Arch): Amish <contact at via dot aur> +# Maintainer (AUR): Amish <contact at via dot aur> + +# parabola changes and rationale: +# no changes. + pkgname=c-icap -pkgver=0.4.2 -pkgrel=1 +pkgver=0.5.2 +pkgrel=3 pkgdesc='Implementation of an ICAP server' arch=(i686 x86_64 armv7h) url='http://c-icap.sourceforge.net/' license=('GPL' 'LGPL') -source=("http://downloads.sourceforge.net/project/c-icap/c-icap/0.4.x/c_icap-${pkgver}.tar.gz" +source=("http://downloads.sourceforge.net/project/c-icap/c-icap/0.5.x/c_icap-${pkgver}.tar.gz" 'c-icap.conf' 'c-icap.service' - 'tmpfiles.d' - 'logrotate') -sha256sums=('b138c7d7d9828d54c3307bcfe7b4917911266593832ffc26a60df9a0dfd2511e' - 'a2859a3f2bab1d96ae3a6364853a65c3985a0c336dab385294b977ecca336fc3' + 'c-icap.tmpfiles' + 'c-icap.sysusers' + 'c-icap.logrotate') +sha256sums=('1a9ce61622176eaf068d97d6a00baedbbfca96002c5115c8147b41c95c8164ca' + '7081377defff06af6dd8cbea9776ad45d45a3eae84a9d109681bb49c9b2f1725' '313ae1b3ff52597158d3a914702d60b16248a8fb8f934e91644f63ad373e6375' '485fa1649ad1a63f6f2ec46eb0c8100d8756be0ba99df2cf23aa2fc70f14b27d' + 'c903eb86e6968b9d3bd0a9ad3335e8ce76a718b6217251e9dd7e66d5cf1ac94a' '07d5d98801feb0b20fe3cbbf9f7d00148cbda7b2e9e2bc07d859c1c5aa154926') backup=('etc/c-icap/c-icap.conf' 'etc/c-icap/c-icap.magic' 'etc/logrotate.d/c-icap') -install=install +install=$pkgname.install build() { cd "${srcdir}/c_icap-${pkgver}" @@ -46,8 +52,9 @@ package() { install -Dm644 ../c-icap.conf "${pkgdir}"/etc/c-icap/c-icap.conf install -Dm644 ../c-icap.service "${pkgdir}"/usr/lib/systemd/system/c-icap.service - install -Dm644 ../tmpfiles.d "${pkgdir}"/usr/lib/tmpfiles.d/c-icap.conf - install -Dm644 ../logrotate "${pkgdir}"/etc/logrotate.d/c-icap + install -Dm644 ../c-icap.tmpfiles "${pkgdir}"/usr/lib/tmpfiles.d/c-icap.conf + install -Dm644 ../c-icap.sysusers "${pkgdir}"/usr/lib/sysusers.d/c-icap.conf + install -Dm644 ../c-icap.logrotate "${pkgdir}"/etc/logrotate.d/c-icap install -d -m750 "${pkgdir}"/var/log/c-icap chown 15:15 "${pkgdir}"/var/log/c-icap diff --git a/pcr/c-icap/c-icap.conf b/pcr/c-icap/c-icap.conf index 8a9890c9c..5d3e4749a 100644 --- a/pcr/c-icap/c-icap.conf +++ b/pcr/c-icap/c-icap.conf @@ -124,13 +124,75 @@ MaxRequestsPerChild 0 # InterProcessLockingScheme file # TAG: Port -# Format: Port port +# Format: Port [address:]port # Description: # The port number that the c-icap server uses to listen to requests. # Default: -# Port 1344 +# None Port 1344 +# TAG: TlsPort +# Format: TlsPort [address:]port [tls-method=method] [cert=path_to_pem_cert] [key=path_to_pem_key] [client_ca=path_to_pem_file] [ciphers=ciph1:ciph2...] [tls_options=[!]Opt1|[!]Opt2|...] +# Description: +# The port number that the c-icap server uses to listen for TLS/SSL +# requests. Options: +# tls-method +# Set the SSL method to use. Available methods are: +# SSLv23 TLSv1_2 TLSv1_1 TLSv1 SSLv3 SSLv2 +# cert +# Set the certificate to use by the icap server. The certificate +# should be in pem format. +# key +# The key of the configured certificate in pem format. If none +# set then the c-icap searches for the key inside cert file. +# client_ca +# File containing all CA that we accept client certs from. If it +# is set then c-icap enables client certificates verification. +# cafile +# PEM file containing CA certificates to use when verifying client +# certificates. If not configured the root.pem file will be used. +# capath +# Directory containing additional CA certificates to use when +# verifying client certificates. +# ciphers +# Collon separated lists of the ciphers to accept. Please check +# openSSL manual for supported ciphers. +# tls-options +# Sets various options: +# SSL_OP_NO_SSLv2 disable the use of SSLv2 +# SSL_OP_NO_SSLv3 disable the use of SSLv3 +# SSL_OP_NO_TLSv1 disable the use of TLSv1 +# SSL_OP_NO_TLSv1_2 disable the use of TLSv1.2 +# SSL_OP_NO_TLSv1_1 disable the use of TLSv1.1 +# SSL_OP_NO_TICKET disable the use of RFC5077 session tickets +# SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION +# When performing renegotiation as a server, always start a +# new session. +# SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION +# Allow legacy insecure renegotiation between OpenSSL and +# unpatched clients or servers. +# +# For more options please see the SSL_set_options documentation. +# +# By default the SSL_OP_ALL flag is set which enables all of the +# important bug workarrounds. To reset this flag use the +# "!SSL_OP_ALL" as first flag: +# tls-options=!SSL_OP_ALL:SSL_OP_NO_TICKET +# +# Default: +# None + +# TAG: TlsPassphrase +# Format: TlsPassphrase /path/to/script +# Description: +# Path to the script to run to get the passphrases of TLS certificates +# keys. The c-icap will pass as arguments the IP address and port number +# to the script. +# Default: +# No value +# Example: +# TlsPassphrase /use/local/c-icap/scripts/cert-passphrase.sh + # TAG: User # Format: User username # Description: @@ -221,6 +283,16 @@ SupportBuggyClients off # Default: # No set +# TAG: FakeAllow204 +# Format: FakeAllow204 on|off +# Description: +# Support 204 responses from services preview handler to the clients +# which does not support preview. Requires early responses support +# from clients. +# If disabled the c-icap will return 500 response in these cases +# Default: +# FakeAllow204 on + # TAG: ModulesDir # Format: ModulesDir dir # Description: @@ -414,6 +486,18 @@ RemoteProxyUserHeaderEncoded on # A - Saturday # acl http_client_ip ip1[/netmask1] ... # The HTTP client ip address, if it is available. +# acl http_req_line value1 ... +# The first line of HTTP request +# The values are in regex form: /avalue/flags +# acl http_resp_line value1 ... +# The first line of HTTP response +# The values are in regex form: /avalue/flags +# acl http_req_url value1 ... +# The HTTP request url without GET request arguments +# The values are in regex form: /avalue/flags +# acl http_req_method value1 ... +# The HTTP request method + # Default: # None set # Examples: @@ -543,24 +627,36 @@ AccessLog /var/log/c-icap/access.log # Logger sys_logger # TAG: Module -# Format: Module Type ModuleFile +# Format: Module Type ModuleFile [forceUnload=off] # Description: # Load an external module/plugin to c-icap. -# ModuleFile is the filename of the module. If no full path given then c-icap -# searche in path defined by the ModulesDir configuration parameter. +# ModuleFile is the filename of the module. If no full path given then +# the c-icap uses the path defined by the ModulesDir configuration +# parameter. # Type is the type of the external module and can be one of the following: -# - "logger" for modules implement a logger -# - "common" for general purpose modules +# "logger" for modules implement a logger +# "common" for general purpose modules +# forceUnload=off +# Forces c-icap to not unload services/modules loaded as external +# dynamic libraries on shutdown or reconfigure. +# This option may required when the services/modules are using +# c++, or they are linked with c++ libraries. # Default: # # Example: # Module logger sys_logger.so # TAG: Service -# Format: Service aName ServiceFile +# Format: Service aName ServiceFile [forceUnload=off] # Description: # It loads the service ServiceFile. The argument aName used # as alias name for the service +# forceUnload=off +# Forces c-icap to not unload services/modules loaded as external +# dynamic libraries on shutdown or reconfigure. +# This option may required when the services/modules are using +# c++, or they are linked with c++ libraries. + # Default: # # Example: @@ -676,7 +772,14 @@ Service echo srv_echo.so # Description: # Add support for Berkeley DB based lookup tables. The format for # bdb path of the lookup table is: -# bdb:/path/to/bdb +# bdb:/path/to/bdb[{param1=val, ...}] +# bdb table parameters can be one or more of the followings: +# cache-size=Size[K|M] +# The cache size to use. Default is the berkeleyDB default value. +# cache-num=num +# The number of caches to create. The cache will be split across +# num separate regions, where the region size is equal to the +# initial cache size divided by ncache. # Use the c-icap-mkbdb utility to build Berkeley DB c-icap lookup tables # Example: # Module common bdb_tables.so @@ -707,8 +810,10 @@ Service echo srv_echo.so # Module: ldap_module # Description: # Add LDAP support to c-icap. The user can use LDAP based lookup tables -# using the following lookup table path: +# using the following lookup table paths: # ldap://[username:password@]ldapserver?base?attr1,attr2?filter[{[param=value, ...]}] +# ldaps://... +# ldapi://... # The filter can contain the "%s" formating code which will be replaced by # the search key. # ldap table parameters can be one or more of the followings: diff --git a/pcr/c-icap/install b/pcr/c-icap/c-icap.install index 04997856e..5baa48a2a 100644 --- a/pcr/c-icap/install +++ b/pcr/c-icap/c-icap.install @@ -1,4 +1,5 @@ post_upgrade() { + systemd-sysusers c-icap.conf systemd-tmpfiles --create c-icap.conf } diff --git a/pcr/c-icap/logrotate b/pcr/c-icap/c-icap.logrotate index e84f475c7..e84f475c7 100644 --- a/pcr/c-icap/logrotate +++ b/pcr/c-icap/c-icap.logrotate diff --git a/pcr/c-icap/c-icap.sysusers b/pcr/c-icap/c-icap.sysusers new file mode 100644 index 000000000..95121e681 --- /dev/null +++ b/pcr/c-icap/c-icap.sysusers @@ -0,0 +1 @@ +u proxy 15 - /var/empty diff --git a/pcr/c-icap/tmpfiles.d b/pcr/c-icap/c-icap.tmpfiles index 20ccc11f0..20ccc11f0 100644 --- a/pcr/c-icap/tmpfiles.d +++ b/pcr/c-icap/c-icap.tmpfiles |