205288e03c
* Fix X509 server certificate domain matching * Bug 3775: Disable HTTP/1.1 pipeline feature for pinned connections * Cleanup: Display correct error code in debugging output for IoCallback::finish * Cleanup: Fix spelling error in debug message in parseHttpRequest() * Cleanup: Add whitespace to make debug message in writeComplete() more readable * Add Kerberos support for MAC OS X 10.x * Bug 4234: comm_connect_addr uses errno incorrectly * Fix 'access_log none' to prevent following logs being used * Unexpected SQUID_X509_V_ERR_DOMAIN_MISMATCH errors while accessing sites with valid certificates * Docs: Update CONTRIBUTORS * Ensure class Lock counter remains within bounds * Portability: Add hacks to define C++11 explicit N-bit type limits * Fix SSL_get_peer_certificate memory leak * Bug 4231 pt2: comm_open_uds does not provide description for newly opened FD * Bug 4231 pt1: fd_open() not correctly handling empty descriptions * Negotiate Kerberos authentication request size exceeds output buffer size. * Do not increment an iterator invalidated by std::map::erase(). * Fix require-proxy-header preventing HTTPS proxying and ssl-bump * Fix atomics check broken by C++11 #include added in v3.5 branch r13783 * Support for resuming TLS sessions * Bug 4212: ssl_crtd crashes with corrupt database * Fix rev.13795 ServerName class * Add server_name ACL matching server name(s) obtained from various sources * Bug 4226: digest_edirectory_auth: found but cannot be built * Invalid request->clientConnectionManager object used by Ssl::PeerConnector::handleNegotiateError * Bug 4198: assertion failed: client_side.h:364: "sslServerBump == srvBump" * Fix cross-compile issues with SSL_get_certificate() * Docs: RFC 7238 obsoleted by RFC 7538 * Boilerplate: reference Translator copyrights in CREDITS * Cleanup: Place explicit size on ref-count lock counter * Cleanup: extend SBuf debugging information * digest_edirectory_auth: Fix -lnettle dependency error
217 lines
6.3 KiB
Makefile
217 lines
6.3 KiB
Makefile
# $NetBSD: options.mk,v 1.16 2015/05/04 09:13:34 adam Exp $
|
|
|
|
PKG_OPTIONS_VAR= PKG_OPTIONS.squid
|
|
PKG_SUPPORTED_OPTIONS= inet6 snmp ssl squid-backend-aufs squid-backend-diskd \
|
|
squid-backend-rock squid-backend-ufs squid-carp squid-unlinkd \
|
|
squid-kerberos-helper squid-ldap-helper squid-pam-helper
|
|
PKG_OPTIONS_LEGACY_OPTS+= diskd:squid-backend-diskd \
|
|
null:squid-backend-null ufs:squid-backend-ufs \
|
|
linux-netfilter:squid-netfilter ipf-transparent:squid-ipf \
|
|
pf-transparent:squid-pf unlinkd:squid-unlinkd \
|
|
arp-acl:squid-arp-acl pam-helper:squid-pam-helper carp:squid-carp
|
|
|
|
PLIST_VARS+= diskd snmp unlinkd
|
|
PLIST_VARS+= ba_LDAP ba_NCSA ba_PAM ba_getpwnam
|
|
PLIST_VARS+= da_file da_LDAP
|
|
PLIST_VARS+= na_sml_lm
|
|
PLIST_VARS+= ta_kerberos
|
|
PLIST_VARS+= eacl_file_userip eacl_LDAP_group eacl_unix_group
|
|
PLIST_VARS+= ssl
|
|
|
|
PKG_SUGGESTED_OPTIONS= inet6 snmp ssl squid-backend-diskd squid-carp \
|
|
squid-pam-helper squid-unlinkd
|
|
|
|
.include "../../mk/bsd.prefs.mk"
|
|
|
|
.if !empty(OPSYS:MLinux)
|
|
PKG_SUPPORTED_OPTIONS+= squid-netfilter
|
|
.endif
|
|
|
|
# some release of NetBSD lacks <ipl.h> header of IP Filter 4.x
|
|
.if ${OPSYS} != "NetBSD" || ${OS_VERSION:M[01].*} || exists(/usr/include/netinet/ipl.h)
|
|
PKG_SUPPORTED_OPTIONS+= squid-ipf
|
|
.endif
|
|
|
|
.if ${OPSYS} == "FreeBSD" || ${OPSYS} == "NetBSD" || ${OPSYS} == "OpenBSD" || \
|
|
${OPSYS} == "Darwin" || ${OPSYS} == "DragonFly"
|
|
PKG_SUPPORTED_OPTIONS+= squid-pf
|
|
.endif
|
|
|
|
.if (${OPSYS} == "FreeBSD" || ${OPSYS} == "NetBSD") && \
|
|
!empty(PKG_SUPPORTED_OPTIONS:Msquid-ipf)
|
|
PKG_SUGGESTED_OPTIONS+= squid-ipf
|
|
.endif
|
|
|
|
.if ${OPSYS} == "OpenBSD"
|
|
PKG_SUGGESTED_OPTIONS+= squid-pf
|
|
.endif
|
|
|
|
.if ${OPSYS} == "Darwin"
|
|
PKG_SUPPORTED_OPTIONS+= squid-ipfw
|
|
PKG_SUGGESTED_OPTIONS+= squid-ipfw
|
|
.endif
|
|
|
|
# limited platform support squid-arp-acl
|
|
.if !empty(OPSYS:MFreeBSD) || !empty(OPSYS:MNetBSD) || !empty(OPSYS:MOpenBSD) || !empty(OPSYS:MLinux) || !empty(OPSYS:MSunOS)
|
|
PKG_SUPPORTED_OPTIONS+= squid-arp-acl
|
|
.endif
|
|
|
|
.include "../../mk/bsd.options.mk"
|
|
|
|
SQUID_BACKENDS?= ufs
|
|
# Note: NIS helper cannot be build; it requires crypt.h header file.
|
|
SQUID_BASIC_AUTH_HELPERS?= NCSA getpwnam
|
|
SQUID_DIGEST_AUTH_HELPERS?= file
|
|
SQUID_NTLM_AUTH_HELPERS?= fake smb_lm
|
|
SQUID_EXTERNAL_ACL_HELPERS?= file_userip unix_group
|
|
|
|
# squid's code has preference as:
|
|
# squid-ipf > squid-pf > squid-netfilter
|
|
# So, options.mk introduce preference as:
|
|
# squid-netfilter > squid-pf > squid-ipf
|
|
.if !empty(PKG_OPTIONS:Msquid-netfilter)
|
|
CONFIGURE_ARGS+= --enable-linux-netfilter
|
|
.elif !empty(PKG_OPTIONS:Msquid-pf)
|
|
CONFIGURE_ARGS+= --enable-pf-transparent
|
|
.elif !empty(PKG_OPTIONS:Msquid-ipf)
|
|
CONFIGURE_ARGS+= --enable-ipf-transparent
|
|
.elif !empty(PKG_OPTIONS:Msquid-ipfw)
|
|
CONFIGURE_ARGS+= --enable-ipfw-transparent
|
|
.endif
|
|
|
|
.if !empty(PKG_OPTIONS:Msquid-arp-acl)
|
|
CONFIGURE_ARGS+= --enable-arp-acl
|
|
.endif
|
|
|
|
.if !empty(PKG_OPTIONS:Msquid-carp)
|
|
CONFIGURE_ARGS+= --enable-carp
|
|
.endif
|
|
|
|
.if !empty(PKG_SUPPORTED_OPTIONS:Minet6) && empty(PKG_OPTIONS:Minet6)
|
|
CONFIGURE_ARGS+= --disable-ipv6
|
|
.endif
|
|
|
|
.if !empty(PKG_OPTIONS:Msquid-kerberos-helper)
|
|
.include "../../mk/krb5.buildlink3.mk"
|
|
CONFIGURE_ENV+= ac_cv_path_krb5_config=${KRB5_CONFIG:Q}
|
|
SQUID_NEGOTIATE_AUTH_HELPERS+= kerberos
|
|
.else
|
|
CONFIGURE_ENV+= ac_cv_path_krb5_config=no
|
|
CONFIGURE_ARGS+= --without-mit-krb5
|
|
CONFIGURE_ARGS+= --without-heimdal-krb5
|
|
.endif
|
|
|
|
.if !empty(PKG_OPTIONS:Msquid-ldap-helper)
|
|
.include "../../databases/openldap-client/buildlink3.mk"
|
|
SQUID_BASIC_AUTH_HELPERS+= LDAP
|
|
SQUID_DIGEST_AUTH_HELPERS+= LDAP
|
|
SQUID_EXTERNAL_ACL_HELPERS+= LDAP_group
|
|
.endif
|
|
|
|
.if !empty(PKG_OPTIONS:Msquid-pam-helper)
|
|
. include "../../mk/pam.buildlink3.mk"
|
|
SQUID_BASIC_AUTH_HELPERS+= PAM
|
|
.endif
|
|
|
|
.if !empty(PKG_OPTIONS:Msnmp)
|
|
CONFIGURE_ARGS+= --enable-snmp
|
|
PLIST.snmp= yes
|
|
.else
|
|
CONFIGURE_ARGS+= --disable-snmp
|
|
.endif
|
|
|
|
.if !empty(PKG_OPTIONS:Mssl)
|
|
CONFIGURE_ARGS+= --enable-ssl --with-openssl=${SSLBASE:Q}
|
|
. include "../../security/openssl/buildlink3.mk"
|
|
PLIST.ssl= yes
|
|
.endif
|
|
|
|
.if !empty(PKG_OPTIONS:Msquid-backend-aufs)
|
|
SQUID_BACKENDS+= aufs
|
|
. include "../../mk/pthread.buildlink3.mk"
|
|
.endif
|
|
|
|
.if !empty(PKG_OPTIONS:Msquid-backend-diskd)
|
|
SQUID_BACKENDS+= diskd
|
|
PLIST.diskd= yes
|
|
.endif
|
|
|
|
.if !empty(PKG_OPTIONS:Msquid-backend-rock)
|
|
SQUID_BACKENDS+= rock
|
|
.endif
|
|
|
|
.if empty(PKG_OPTIONS:Msquid-unlinkd)
|
|
CONFIGURE_ARGS+= --disable-unlinkd
|
|
.else
|
|
PLIST.unlinkd= yes
|
|
.endif
|
|
|
|
.if empty(SQUID_BASIC_AUTH_HELPERS)
|
|
CONFIGURE_ARGS+= --disable-auth-basic
|
|
.else
|
|
CONFIGURE_ARGS+= --enable-auth-basic=${SQUID_BASIC_AUTH_HELPERS:Q}
|
|
. for i in ${SQUID_BASIC_AUTH_HELPERS}
|
|
PLIST.ba_${i}= yes
|
|
. endfor
|
|
.PHONY: squid-enable-helper-basic_auth
|
|
pre-configure: squid-enable-helper-basic_auth
|
|
squid-enable-helper-basic_auth:
|
|
. for i in ${SQUID_BASIC_AUTH_HELPERS}
|
|
${ECHO} "exit 0" > ${WRKSRC}/helpers/basic_auth/${i}/config.test
|
|
. endfor
|
|
.endif
|
|
|
|
.if empty(SQUID_DIGEST_AUTH_HELPERS)
|
|
CONFIGURE_ARGS+= --disable-auth-digest
|
|
.else
|
|
CONFIGURE_ARGS+= --enable-auth-digest=${SQUID_DIGEST_AUTH_HELPERS:Q}
|
|
. for i in ${SQUID_DIGEST_AUTH_HELPERS}
|
|
PLIST.da_${i}= yes
|
|
. endfor
|
|
pre-configure:
|
|
. for i in ${SQUID_DIGEST_AUTH_HELPERS}
|
|
${ECHO} "exit 0" > ${WRKSRC}/helpers/digest_auth/${i}/config.test
|
|
. endfor
|
|
.endif
|
|
|
|
.if empty(SQUID_NEGOTIATE_AUTH_HELPERS)
|
|
CONFIGURE_ARGS+= --disable-auth-negotiate
|
|
.else
|
|
CONFIGURE_ARGS+= --enable-auth-negotiate=${SQUID_NEGOTIATE_AUTH_HELPERS:Q}
|
|
. for i in ${SQUID_NEGOTIATE_AUTH_HELPERS}
|
|
PLIST.ta_${i}= yes
|
|
. endfor
|
|
.PHONY: squid-enable-helper-negotiate_auth
|
|
pre-configure: squid-enable-helper-negotiate_auth
|
|
squid-enable-helper-negotiate_auth:
|
|
. for i in ${SQUID_NEGOTIATE_AUTH_HELPERS}
|
|
${ECHO} "exit 0" > ${WRKSRC}/helpers/negotiate_auth/${i}/config.test
|
|
. endfor
|
|
.endif
|
|
|
|
.if empty(SQUID_NTLM_AUTH_HELPERS)
|
|
CONFIGURE_ARGS+= --disable-auth-ntlm
|
|
.else
|
|
CONFIGURE_ARGS+= --enable-auth-ntlm=${SQUID_NTLM_AUTH_HELPERS:Q}
|
|
.PHONY: squid-enable-helper-ntlm_auth
|
|
pre-configure: squid-enable-helper-ntlm_auth
|
|
squid-enable-helper-ntlm_auth:
|
|
. for i in ${SQUID_NTLM_AUTH_HELPERS}
|
|
${ECHO} "exit 0" > ${WRKSRC}/helpers/ntlm_auth/${i}/config.test
|
|
. endfor
|
|
.endif
|
|
|
|
.if empty(SQUID_EXTERNAL_ACL_HELPERS)
|
|
CONFIGURE_ARGS+= --disable-external-acl-helpers
|
|
.else
|
|
CONFIGURE_ARGS+= --enable-external-acl-helpers=${SQUID_EXTERNAL_ACL_HELPERS:Q}
|
|
. for i in ${SQUID_EXTERNAL_ACL_HELPERS}
|
|
PLIST.eacl_${i}= yes
|
|
. endfor
|
|
.PHONY: squid-enable-helper-external_acl
|
|
pre-configure: squid-enable-helper-external_acl
|
|
squid-enable-helper-external_acl:
|
|
. for i in ${SQUID_EXTERNAL_ACL_HELPERS}
|
|
${ECHO} "exit 0" > ${WRKSRC}/helpers/external_acl/${i}/config.test
|
|
. endfor
|
|
.endif
|