From 4c0ead787d0a9e1b3fde331e17f7743ede8fcb77 Mon Sep 17 00:00:00 2001
From: André Fabian Silva Delgado <emulatorman@parabola.nu>
Date: Mon, 28 Mar 2016 03:28:23 -0300
Subject: c-icap: add new package to [pcr]

---
 pcr/c-icap/PKGBUILD       |  54 ++++
 pcr/c-icap/c-icap.conf    | 760 ++++++++++++++++++++++++++++++++++++++++++++++
 pcr/c-icap/c-icap.service |  11 +
 pcr/c-icap/install        |   7 +
 pcr/c-icap/logrotate      |   9 +
 pcr/c-icap/tmpfiles.d     |   1 +
 6 files changed, 842 insertions(+)
 create mode 100644 pcr/c-icap/PKGBUILD
 create mode 100644 pcr/c-icap/c-icap.conf
 create mode 100644 pcr/c-icap/c-icap.service
 create mode 100644 pcr/c-icap/install
 create mode 100644 pcr/c-icap/logrotate
 create mode 100644 pcr/c-icap/tmpfiles.d

(limited to 'pcr/c-icap')

diff --git a/pcr/c-icap/PKGBUILD b/pcr/c-icap/PKGBUILD
new file mode 100644
index 000000000..67c4667f4
--- /dev/null
+++ b/pcr/c-icap/PKGBUILD
@@ -0,0 +1,54 @@
+# Maintainer (Arch): Amish <contact at via dot aur>
+pkgname=c-icap
+pkgver=0.4.2
+pkgrel=1
+pkgdesc='Implementation of an ICAP server'
+arch=(i686 x86_64 armv7h)
+url='http://c-icap.sourceforge.net/'
+license=('GPL' 'LGPL')
+source=("http://downloads.sourceforge.net/project/c-icap/c-icap/0.4.x/c_icap-${pkgver}.tar.gz"
+        'c-icap.conf'
+        'c-icap.service'
+        'tmpfiles.d'
+        'logrotate')
+sha256sums=('b138c7d7d9828d54c3307bcfe7b4917911266593832ffc26a60df9a0dfd2511e'
+            'a2859a3f2bab1d96ae3a6364853a65c3985a0c336dab385294b977ecca336fc3'
+            '313ae1b3ff52597158d3a914702d60b16248a8fb8f934e91644f63ad373e6375'
+            '485fa1649ad1a63f6f2ec46eb0c8100d8756be0ba99df2cf23aa2fc70f14b27d'
+            '07d5d98801feb0b20fe3cbbf9f7d00148cbda7b2e9e2bc07d859c1c5aa154926')
+backup=('etc/c-icap/c-icap.conf'
+        'etc/c-icap/c-icap.magic'
+        'etc/logrotate.d/c-icap')
+install=install
+
+build() {
+  cd "${srcdir}/c_icap-${pkgver}"
+  ./configure \
+      --prefix=/usr \
+      --localstatedir=/var \
+      --sbindir=/usr/bin \
+      --sysconfdir=/etc/c-icap \
+      --enable-ipv6 \
+
+  make
+}
+
+package() {
+  cd "${srcdir}/c_icap-${pkgver}"
+  make DESTDIR="${pkgdir}" install
+
+  # fix some bad permissions
+  find "${pkgdir}"/etc/c-icap/ -type f -print0 | xargs -0 chmod 644
+  chmod g-w "${pkgdir}"/var/log
+
+  # remove /var/run directory which should not be packaged
+  rmdir "${pkgdir}"/var/run/c-icap/ "${pkgdir}"/var/run/
+
+  install -Dm644 ../c-icap.conf "${pkgdir}"/etc/c-icap/c-icap.conf
+  install -Dm644 ../c-icap.service "${pkgdir}"/usr/lib/systemd/system/c-icap.service
+  install -Dm644 ../tmpfiles.d "${pkgdir}"/usr/lib/tmpfiles.d/c-icap.conf
+  install -Dm644 ../logrotate "${pkgdir}"/etc/logrotate.d/c-icap
+
+  install -d -m750 "${pkgdir}"/var/log/c-icap
+  chown 15:15 "${pkgdir}"/var/log/c-icap
+}
diff --git a/pcr/c-icap/c-icap.conf b/pcr/c-icap/c-icap.conf
new file mode 100644
index 000000000..8a9890c9c
--- /dev/null
+++ b/pcr/c-icap/c-icap.conf
@@ -0,0 +1,760 @@
+#
+# This file contains the default settings for c-icap
+# 
+# 
+
+
+# TAG: PidFile
+# Format: PidFile pid_file
+# Description:
+#	The file to store the pid of the main process of the c-icap server.
+# Default:
+#	PidFile /var/run/c-icap/c-icap.pid
+PidFile /var/run/c-icap/c-icap.pid
+
+# TAG: CommandsSocket
+# Format: CommandsSocket socket_file
+# Description:
+#	The path of file to use as control socket for c-icap
+# Default:
+#	CommandsSocket /var/run/c-icap/c-icap.ctl
+CommandsSocket /var/run/c-icap/c-icap.ctl
+
+# TAG: Timeout
+# Format: Timeout seconds
+# Description:
+#	The time in seconds after which a connection without activity
+#	can be cancelled.
+# Default:
+#	Timeout 300
+Timeout 300
+
+# TAG: MaxKeepAliveRequests
+# Format: MaxKeepAliveRequests number
+# Description:
+#	The maximum number of requests can be served by one connection
+#	Set it to -1 for no limit
+# Default:
+#	MaxKeepAliveRequests 100
+MaxKeepAliveRequests 100
+
+# TAG: KeepAliveTimeout
+# Format: KeepAliveTimeout seconds
+# Description:
+#	The maximum time in seconds waiting for a new requests before a 
+#	connection will be closed.
+#	If the value is set to -1, there is no timeout.
+# Default:
+#	KeepAliveTimeout 600
+KeepAliveTimeout 600  
+
+# TAG: StartServers
+# Format: StartServers number
+# Description:
+#	The initial number of server processes. Each server process
+#	generates a number of threads, which serve the requests.
+# Default:
+#	StartServers 3
+StartServers 10
+
+# TAG: MaxServers
+# Format: MaxServers number
+# Description:
+#	The maximum allowed number of server processes.
+# Default:
+#	MaxServers 10
+MaxServers 50
+
+# TAG: MinSpareThreads
+# Format: MinSpareThreads number
+# Description:
+#	If the number of the available threads is less than number,
+#	the c-icap server starts a new child.
+# Default:
+#	MinSpareThreads     10
+MinSpareThreads     10
+
+# TAG: MaxSpareThreads
+# Format: MaxSpareThreads number
+# Description:
+#	If the number of the available threads is more than number then 
+#	the c-icap server kills a child.
+# Default:
+#	MaxSpareThreads     20
+MaxSpareThreads     40
+
+# TAG: ThreadsPerChild
+# Format:  ThreadsPerChild number
+# Description:
+#	The number of threads per child process.
+# Default:
+#	ThreadsPerChild     10
+ThreadsPerChild     10
+
+# TAG: MaxRequestsPerChild
+# Format: MaxRequestsPerChild number
+# Description:
+#	The maximum number of requests that a child process can serve.
+#	After this number has been reached, process dies. The goal of this
+#	parameter is to minimize the risk of memory leaks and increase the
+#	stability of c-icap. It can be disabled by setting its value to 0.
+# Default:
+#	MaxRequestsPerChild  0
+MaxRequestsPerChild  0
+
+# TAG: InterProcessSharedMemScheme
+# Format: InterProcessSharedMemScheme posix | mmap | sysv
+# Description:
+#	The interprocess shared mem scheme to use. Available schemes:
+#	posix Use posix shared memory (shm_open interface)
+#	mmap  Use anonymous mmaped files as shared memory
+#	sysv  use the sysv ipc shared memory
+# Default:
+#	InterProcessSharedMemScheme posix
+
+# TAG: InterProcessLockingScheme
+# Format: InterProcessSharedMemScheme file | sysv | posix
+# Description:
+#	The interprocess locking scheme to use. Available schemes:
+#       file  Use lock file
+#       sysv  Use the sysv ipc semaphores
+#	posix Use posix semaphores: Use it with caution you may experienced
+#             locking problems if one or more processes crashed.
+# Default:
+#	InterProcessLockingScheme file
+
+# TAG: Port
+# Format: Port port
+# Description:
+#	The port number that the c-icap server uses to listen to requests.
+# Default:
+#	Port 1344
+Port 1344 
+
+# TAG: User
+# Format: User username
+# Description:
+#	The user owning c-icap's processes. By default, the owner is the
+#	user who runs the program.
+# Default:
+#	No value
+# Example:
+#	User wwwrun
+
+# TAG: Group
+# Format: Group groupname
+# Description:
+#	The group of users owning c-icap's processes, which, by default
+#	is the group of the current user.
+# Default:
+#	No value
+# Example:
+#	Group nogroup
+
+# TAG: ServerAdmin
+# Format: ServerAdmin admin_mail
+# Description:
+#	The Administrator of this server. Used when displaying information
+#	about this server (logs, info service, etc)
+# Default:
+#	No value
+ServerAdmin root@localhost
+
+# TAG: ServerName
+# Format: ServerName aServerName
+# Description:
+#	A name for this server. Used when displaying information about this
+#	server (logs, info service, etc)
+# Default:
+#	No value
+ServerName localhost
+
+# TAG: TmpDir
+# Format: TmpDir dir
+# Description:
+#	dir is the location of temporary files.
+# Default:
+#	TmpDir /var/tmp
+TmpDir /var/tmp
+
+# TAG: MaxMemObject
+# Format: MaxMemObject bytes
+# Description:
+#	The maximum memory size in bytes taken by an object which
+#	is processed by c-icap . If the size of an object's body is
+#	larger than the maximum size a temporary file is used.
+# Default:
+#	MaxMemObject 131072
+MaxMemObject 131072
+
+# TAG: DebugLevel
+# Format: DebugLevel level
+# Description:
+#	The level of debugging information to be logged.
+#	The acceptable range of levels is between 0 and 10.
+# Default:
+#	DebugLevel 1
+DebugLevel 0
+
+# TAG: Pipelining
+# Format: Pipelining on|off
+# Description:
+#	Enable or disable ICAP requests pipelining
+# Default:
+#	Pipelining on
+Pipelining on
+
+# TAG: SupportBuggyClients
+# FORMAT: SupportBuggyClients on|off
+# Description:
+#	Try to handle requests from buggy clients, for example ICAP requests
+#	missing "\r\n" sequences
+# Default:
+# SupportBuggyClients off
+SupportBuggyClients off
+
+# TAG: Allow204As200okZeroEncaps
+# Format: Allow204As200okZeroEncaps
+# Description:
+#	When used the c-icap instead of allow 204 return "200 OK" responses
+#	with zero encapsulated entities.
+# Default:
+#	No set
+
+# TAG: ModulesDir
+# Format: ModulesDir dir
+# Description:
+#	The location of modules
+# Default:
+#	ModulesDir /usr/lib/c_icap
+ModulesDir /usr/lib/c_icap
+
+# TAG: ServicesDir
+# Format: ServicesDir dir
+# Description:
+#	The location of services
+# Default:
+#	ServicesDir /usr/lib/c_icap
+ServicesDir /usr/lib/c_icap
+
+# TAG: TemplateDir
+# Format: TemplateDir dir
+# Description:
+#	The location of the text templates used by c-icap and its services,
+#	categorized by language and services/modules
+# Default:
+#	No value
+# Example:
+TemplateDir /usr/share/c_icap/templates/
+
+# TAG: TemplateDefaultLanguage
+# Format: TemplateDefaultLanguage lang
+# Description:
+#	Sets the default language to use for text templates
+# Default:
+#	TemplateDefaultLanguage en
+TemplateDefaultLanguage en
+
+#TemplateReloadTime 360
+#TemplateCacheSize 20
+#TemplateMemBufSize 8192
+
+# TAG: LoadMagicFile
+# Format: LoadMagicFile path
+# Description:
+#	Load a c-icap magic file. A magic file contains various 
+#	data type definitions. Look inside default c-icap.magic file
+#	for more informations.
+#	It can be used more than once to use multiple magic files.
+# Default:
+#	LoadMagicFile /etc/c-icap/c-icap.magic
+LoadMagicFile /etc/c-icap/c-icap.magic
+
+# TAG: RemoteProxyUsers
+# Format: RemoteProxyUsers onoff
+# Description:
+#	Set it to on if you want to use username provided by the proxy server.
+#	This is the recomended way to use users in c-icap.
+#	If the RemoteProxyUsers is off and c-icap configured to use users or
+#	groups the internal authentication mechanism will be used.
+# Default:
+#	RemoteProxyUsers off
+RemoteProxyUsers off
+
+# TAG: RemoteProxyUserHeader
+# Format: RemoteProxyUserHeader Header
+# Description:
+#	Used to specify the icap header used by the proxy server to send
+#	the authenticated client username to c-icap server 
+# Default:
+#	RemoteProxyUserHeader X-Authenticated-User
+RemoteProxyUserHeader X-Authenticated-User
+
+# TAG: RemoteProxyUserHeaderEncoded
+# Format: RemoteProxyUserHeaderEncoded onoff
+# Description:
+#	Set it to off if the RemoteProxyUserHeader is not base64 encoded
+# Default:
+#	RemoteProxyUserHeaderEncoded on
+RemoteProxyUserHeaderEncoded on
+
+# TAG: AuthMethod
+# Format: AuthMethod Method Authenticator
+# Description:
+#	Used to define the internal authentication mechanism to use. This
+#	feature is not well tested and may cause problems. It is better to use
+#	RemoteProxyUser configuration.
+#	Method is the authentication method to use (basic, digest, etc).
+#	Currently only basic authentication method is implemented as build in
+#	module
+#	Authenticator currently can only be "basic_simple_db"
+#	It can be considered as a user/password store and can be
+#	implemented as external module. The basic_simple_db is implemented as
+#	build it module
+# Default:
+#	No set
+# Example:
+#	AuthMethod basic basic_simple_db
+
+# TAG: basic.Realm
+# Format: basic.Realm ARealm
+# Description:
+#	Specify the basic method realm
+# Default:
+#	basic.Realm "Basic authentication"
+# Example:
+#	basic.Realm "c-icap server authentication"
+
+# TAG: basic_simple_db.UsersDB
+# Format: basic_simple_db.UsersDB LookupTable
+# Description:
+#	Specify the lookup table where the usernames/passwords pairs 
+#	are stored. The paswords must be unencrypted
+#	For more information about c-icap lookup tables read c-icap server
+#	manual page
+# Default:
+#	No value
+# Example:
+#	basic_simple_db.UsersDB hash:/etc/c-icap/c-icap-users.txt
+
+# TAG: GroupSourceByGroup
+# Format: GroupSourceByGroup LookupTable
+# Description:
+#	Defines a lookup table where the groups of users are stored indexed
+#	by group. It can be used more than once.
+#	For more information about c-icap lookup tables read c-icap server
+#	manual page
+# Default:
+#	No set
+# Example:
+#	GroupSourceByGroup hash:/etc/c-icap/c-icap-groups.txt
+
+# TAG: GroupSourceByUser
+# Format: GroupSourceByUser LookupTable
+# Description:
+#	Defines a lookup table where the groups of users are stored indexed 
+#	by user. It can be used more than once.
+#	For more information about c-icap lookup tables read c-icap server
+#	manual page
+# Default:
+#	No set
+# Example:
+#	GroupSourceByUser hash:/etc/c-icap/c-icap-user-groups.txt
+
+# TAG: acl
+# Format: acl name type[{param}] value1 [value2] [...]
+# Description:
+#	Supported acl types are:
+#		acl aclname service service1 ...
+#		     The servicename
+#		acl aclname type OPTIONS|RESPMOD|REQMOD ...
+#		     The icap method
+#		acl aclname port port1 ...
+#		     The icap server port
+#		acl aclname src ip1/netmask1 ...
+#		     The client ip address
+#		acl aclname srvip ip1/netmask1 ...
+#		     The c-icap server ip address
+#		acl aclname icap_header{HeaderName} value1 ...
+#		     Matches the icap header HeaderName with value1 ...
+#		     The values are in regex form: /avalue/flags
+#		acl aclname icap_resp_header{HeaderName} value1 ...
+#		     The icap response header
+#		     The values are in regex form: /avalue/flags
+#		acl aclname http_req_header{HeaderName} value1 ...
+#		     The http request header
+#		     The values are in regex form: /avalue/flags
+#		acl aclname http_resp_header{HeaderName} value1 ...
+#		     The http response header
+#		     The values are in regex form: /avalue/flags
+#		acl aclname data_type type1 ...
+#		     The data type as recognized by the internal data type
+#		     recognizer. The types are defined in c-icap.magic file
+#		acl aclname auth username|* ...
+#		     The authenticated users. Using * instead of username means
+#		     all users.
+#		acl aclname group group1 ...
+#		     if the user of request belongs to given groups
+#		acl content_length{>|<|=} value1 ...
+#		     The content length of body data if the related information
+#		     included in http headers.
+#		     The parameter can take the value <, > or = to specify that
+#		     the acl will match if content length is less, greater or
+#		     equal to acl values.
+#		acl time value1 ....
+#		     It checks agains current time. The values format is:
+#		     [DAY[,DAY,[..]]][/][HH:MM-HH:MM]
+#		     The DAY can be one of the following:
+#			S - Sunday
+#			M - Monday
+#			T - Tuesday
+#			W - Wednesday
+#			H - Thursday
+#			F - Friday
+#			A - Saturday
+#		acl http_client_ip ip1[/netmask1] ...
+#		     The HTTP client ip address, if it is available.
+# Default:
+#	None set
+# Examples:
+#	acl OPTIONS type OPTIONS
+#	acl RESPMOD type RESPMOD
+#	acl REQMOD  type REQMOD
+#	acl ALLREQUESTS type OPTIONS RESPMOD REQMOD
+#	acl XHEAD icap_header{X-Test}  /value/
+#	acl ECHO service echo
+#	acl localnet src 192.168.1.0/255.255.255.0
+#	acl localhost src 127.0.0.1/255.255.255.255
+#	acl all src 0.0.0.0/0.0.0.0
+#	acl BigObjects content_length{>} 5000000
+#	acl WorkingHours time M,T,W,H,F/8:00-18:00
+#	acl FreeHour time Sunday,Saturday/8:00-23:59 M,T,W,H,F/18:01-23:59 M,T,W,H,F/0:00-7.59
+
+# TAG: icap_access
+# Format: icap_access allow|deny [!]acl1 ...
+# Description:
+#	Allowing or denying ICAP access based on defined access lists
+# Default:
+#	None set
+# Example:
+#	icap_access deny XHEAD
+#	#Allow OPTIONS method for all:
+#	icap_access allow localnet OPTIONS
+#	#Require authentication for all users from local network:
+#	icap_access allow AUTH localnet
+#	icap_access deny all
+
+# TAG: client_access
+# Format: client_access allow|deny acl1 [acl2] [...]
+# Description:
+#	Allowing or denying connections on c-icap based on
+#	defined access lists. Only the acl types src, srvip and port
+#	can be used.
+# Default:
+#	None set
+# Example:
+#	client_access allow all
+
+# TAG: LogFormat 
+# Format: LogFormat Name Format
+# Description:
+#	Name is a name for this log format.
+#	Format is a string with embedded % format codes. % format codes 
+#	has the following form:
+#	    % [-] [width] [{argument}] formatcode
+#	    if - is specified then the output is left aligned
+#	    if width specified then the field is exactly width size
+#	    some formatcodes support arguments given as {argument}
+#	
+#	Format codes:
+#	       %a:  Remote IP-Address
+#	       %la: Local IP Address
+#	       %lp: Local port
+#	       %>a: Http Client IP Address. Only supported if the proxy 
+#	       	    client supports the "X-Client-IP" header
+#	       %<A: Http Server IP Address. Only supported if the proxy
+#	       	    client supports the "X-Server-IP" header
+#	       %ts: Seconds since epoch
+#	       %tl: Local time. Supports optional strftime format argument
+#	       %tg: GMT time. Supports optional strftime format argument
+#	       %>ho: Modified Http request header. Supports header name
+#	       	     as argument. If no argument given the first line returned
+#	       %huo: Modified Http request url
+#	       %<ho: Modified Http reply header. Supports header name
+#	       	     as argument. If no argument given the first line returned
+#	       %iu: Icap request url
+#	       %im: Icap method
+#	       %is: Icap status code
+#	       %>ih: Icap request header. Supports header name
+#	       	     as argument. If no argument given the first line returned
+#	       %<ih: Icap response header. Supports header name
+#	       	     as argument. If no argument given the first line returned
+#	       %Ih: Http bytes received
+#	       %Oh: Http bytes sent
+#	       %Ib: Http body bytes received
+#	       %Ob: Http body bytes sent
+#	       %I: Bytes received
+#	       %O: Bytes sent
+#	       %bph: The first 5 bytes of the body preview data. Non 
+#	       	     printable characters printed in hex form.
+#	       	     Supports the number of bytes to output as argument.
+#	       %un: Username
+#	       %Sl: Service log string
+#              %Sa: Attribute value set by service. The attribute name must 
+#                   given as argument.
+# Default:
+#	None set
+# Example:
+#	LogFormat myFormat "%tl, %a %im %iu %is %I %O %Ib %Ob %{10}bph" 
+
+# TAG: ServerLog
+# Format: ServerLog LogFile
+# Description:
+#	the file used by the build-in logger file_logger to 
+#	store debugging information, errors and other
+#	information about the c-icap server.
+# Default:
+#	ServerLog /var/log/c-icap/server.log
+ServerLog /var/log/c-icap/server.log
+
+# TAG: AccessLog
+# Format: AccessLog LogFile [LogFormat] [[!]acl1] [[!]acl2] [...]
+# Description:
+#	LogFile is a file where to log access information.
+#	LogFormat is the log format to use. If ommited c-icap uses:
+#	 	"%tl, %la %a %im %iu %is"
+#	Also acls can be used to select certain requests to be logged.
+#	This directive can be used more than once to specify more than
+#	one access log files
+# Default:
+#	AccessLog /var/log/c-icap/access.log
+# Example:
+#	AccessLog /var/log/c-icap/access.log MyFormat all
+AccessLog /var/log/c-icap/access.log
+
+# TAG: Logger
+# Format: Logger LoggerName
+# Description:
+#	Specify wich logger to use. By default uses the build in "file_logger" which
+#	uses files for access and server logging.
+# Default:
+#	Logger file_logger
+# Example:
+#	Logger sys_logger
+
+# TAG: Module
+# Format: Module Type ModuleFile
+# Description:
+#	Load an external module/plugin to c-icap.
+#	ModuleFile is the filename of the module. If no full path given then c-icap
+#	searche in path defined by the ModulesDir configuration parameter.
+#	Type is the type of the external module and can be one of the following:
+#	- "logger" for modules implement a logger
+#	- "common" for general purpose modules
+# Default:
+#	
+# Example:
+#	Module logger sys_logger.so
+
+# TAG: Service
+# Format: Service aName ServiceFile
+# Description:
+#	It loads the service ServiceFile. The argument aName used 
+#	as alias name for the service
+# Default:
+#	
+# Example:
+#	Service echo_service srv_echo.so
+
+# TAG: ServiceAlias
+# Format: ServiceAlias AliasName ServiceName[?param1=value1&param2=value2...]
+# Description:
+#	Used to define an alias name for a service.
+# Default:
+#	
+# Example:
+#	ServiceAlias avscan srv_clamav?allow204=on&sizelimit=off&mode=simple
+
+
+#
+# TAG: General configuration parameters for all services
+# Description:
+#	PreviewSize: The preview data size to advertise to the icap client
+#	MaxConnections: The client should not use more than MaxConnections
+#		for this service.
+#	TransferPreview: The list of file extensions, seperated by commas,
+#		for which the client should send preview data.
+#	TransferIgnore: The list of file extensions that should not be sent
+#		to the icap server
+#	TransferComplete: The list of file extensions that should be sent
+#		in their entirety, without preview, to the icap server
+#	OptionsTTL: The options ttl for the service. The "sec[s]", "min" or 
+#		"hour[s]" can be used to secify that the time is in seconds
+#		minutes or hours respectively. If no time-units given
+#		seconds are assumed.
+#	Allow206 on|off: Enable/disable advertise of 206 responses.
+#
+# Example:
+#	echo.PreviewSize 512
+#	echo.TransferIgnore gif, jpeg
+#	echo.OptionsTTL 3 min
+
+
+######################################################
+# External modules comming with core c-icap server
+#
+# Module: echo
+# Description:
+#	Simple test service
+# Example:
+#	Service echo srv_echo.so
+Service echo srv_echo.so
+
+# Module: sys_logger
+# Description:
+#	Add support for logging access and server events to syslog server
+#	Use "Module" configuration parameter to load this module and "Logger"
+#	to make it default logger for the c-icap.
+# Example:
+#	Module logger sys_logger.so
+#	Logger sys_logger
+
+
+# TAG: sys_logger.Prefix
+# Format: sys_logger.Prefix string
+# Description:
+#	 string is be presented in every syslog message.
+# Default:
+#	sys_logger.Prefix "C-ICAP:"
+
+# TAG: sys_logger.Facility
+# Format: sys_logger.Facility daemon|user|local1|local2|local3|local4|local5|local6|local7
+# Description:
+#	specifies the facility type of syslog. 
+# Default:
+#	sys_logger.Facility daemon
+
+# TAG: sys_logger.access_priority
+# Format: sys_logger.access_priority alert|crit|debug|emerg|err|info|notice|warning
+# Description:
+#	determines  the  importance  of the access log message
+# Default:
+#	sys_logger.access_priority info
+
+# TAG: sys_logger.server_priority
+# Format: sys_logger.server_priority alert|crit|debug|emerg|err|info|notice|warning
+# Description:
+#	determines  the  importance  of the server log message
+# Default:
+#	sys_logger.server_priority crit
+
+# TAG: sys_logger.LogFormat
+# Format: sys_logger.LogFormat LOGFORMAT
+# Description:
+#	The log format to use. If no log format defined then 
+#	the following will be used:
+#	    "%la %a %im %iu %is"
+# Default:
+#	None set 
+# Example:
+#	Logformat BasicFormat "%la %a %im %iu %is"
+#	sys_logger.LogFormat BasicFormat
+
+# TAG: sys_logger.access
+# Format: sys_logger.access [!]acl1 ...
+# Description:
+#	Allow selecting ICAP requests to be logged using acls.
+#	By default all requests will be logged.
+# Default:
+#	None set
+# Example:
+#	sys_logger.access all
+
+# End module: sys_logger
+
+# Module: bdb_tables
+# Description:
+#	Add support for Berkeley DB based lookup tables. The format for 
+#	bdb path of the lookup table is:
+#		bdb:/path/to/bdb
+#	Use the c-icap-mkbdb utility to build Berkeley DB c-icap lookup tables
+# Example:
+#	Module common bdb_tables.so
+
+# End module: bdb_tables
+
+# Module: dnsbl_tables
+# Description:
+#	Add support for dns lookup tables. Can be used to access
+#	dns block lists. The dnsbl lookup table path definition is:
+#	    dnsbl:domainname[{param1=val, ...}]
+#       dnsbl table parameters can be one or more of the followings:
+#            cache=no|cache_type
+#               The cache type to use or 'no' for no cache.
+#            cache-size=Size[K|M]
+#               The cache size in RAM
+#            cache-ttl=ttl
+#               The cache ttl to use
+#	
+#	For example the lookup table  for accessing the black.uribl.com
+#	dns black list is: 
+#	    dnsbl:black.uribl.com
+# Example:
+#	Module common dnsbl_tables.so
+
+# End module: dnsbl_tables
+
+# Module: ldap_module
+# Description:
+#	Add LDAP support to c-icap. The user can use LDAP based lookup tables
+#	using the following lookup table path:
+#	      ldap://[username:password@]ldapserver?base?attr1,attr2?filter[{[param=value, ...]}]
+#	The filter can contain the "%s" formating code which will be replaced by
+#	the search key.
+#	ldap table parameters can be one or more of the followings:
+#	     name=aName
+#		A unique name to use for this table
+#	     cache=no|cache_type
+#		The cache type to use or no for no cache.
+#	     cache-size=Size[K|M]
+#		The cache size in RAM
+#	     cache-ttl=ttl
+#		The cache ttl to use
+#	     cache-item-size=ItemSize[K|M]
+#		The maximum item size
+#	
+#	Examples of supported ldap urls:
+#	     ldap://ldap.chtsanti.net?o=chtsanti?cn,uid?uid=%s{cache=memcached}
+#	     ldap://cn=Directory Manager:Apassword@ldap.chtsanti.net?o=chtsanti?mermberUid?(&(objectClass=posixGroup)(cn=%s))
+#	
+#	WARNING: is not enough tested it may contain bugs!
+# Example:
+#	Module common ldap_module.so
+
+# End module: ldap_module
+
+# Module: memcached
+# Description:
+#       Add support for memcached c-icap cache.
+# Example:
+#       Module common memcached.so
+
+# TAG: memcached.servers
+# Format: memcached.servers hostname1 hostname2 ...
+# Description:
+#	Set the memcached servers to use
+# Default:
+#	memcached.servers 127.0.0.1
+
+# TAG: memcached.use_md5_keys
+# Format: memcached.use_md5_keys on|off
+# Description:
+#	Whether to use or not md5 hash as key when the key exceeds the
+#	MEMCACHED_MAX_KEY (normaly 251 bytes)
+# Default:
+#	memcached.use_md5_keys on
+
+# End module: memcached
+
+#Include virus_scan.conf
+#Service squidclamav squidclamav.so
diff --git a/pcr/c-icap/c-icap.service b/pcr/c-icap/c-icap.service
new file mode 100644
index 000000000..419892d59
--- /dev/null
+++ b/pcr/c-icap/c-icap.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=ICAP server implementation
+
+[Service]
+User=proxy
+Type=forking
+PIDFile=/run/c-icap/c-icap.pid
+ExecStart=/usr/bin/c-icap
+
+[Install]
+WantedBy=multi-user.target
diff --git a/pcr/c-icap/install b/pcr/c-icap/install
new file mode 100644
index 000000000..04997856e
--- /dev/null
+++ b/pcr/c-icap/install
@@ -0,0 +1,7 @@
+post_upgrade() {
+	systemd-tmpfiles --create c-icap.conf
+}
+
+post_install() {
+	post_upgrade
+}
diff --git a/pcr/c-icap/logrotate b/pcr/c-icap/logrotate
new file mode 100644
index 000000000..e84f475c7
--- /dev/null
+++ b/pcr/c-icap/logrotate
@@ -0,0 +1,9 @@
+/var/log/c-icap/*.log {
+	create 600 proxy proxy
+	sharedscripts
+	missingok
+	notifempty
+	postrotate
+			/bin/kill -HUP `cat /run/c-icap/c-icap.pid 2>/dev/null` 2> /dev/null || true
+	endscript
+}
diff --git a/pcr/c-icap/tmpfiles.d b/pcr/c-icap/tmpfiles.d
new file mode 100644
index 000000000..20ccc11f0
--- /dev/null
+++ b/pcr/c-icap/tmpfiles.d
@@ -0,0 +1 @@
+d /run/c-icap 0755 proxy proxy -
-- 
cgit v1.2.3