diff options
author | André Fabian Silva Delgado <emulatorman@parabola.nu> | 2016-03-28 03:28:23 -0300 |
---|---|---|
committer | André Fabian Silva Delgado <emulatorman@parabola.nu> | 2016-03-28 03:28:23 -0300 |
commit | 4c0ead787d0a9e1b3fde331e17f7743ede8fcb77 (patch) | |
tree | 9018770de2f1c7b48a4d958ac7af6021a7354483 /pcr | |
parent | a69e43e17d55e6bd2c2af1d7ce9e35c2e1d2b989 (diff) |
c-icap: add new package to [pcr]
Diffstat (limited to 'pcr')
-rw-r--r-- | pcr/c-icap/PKGBUILD | 54 | ||||
-rw-r--r-- | pcr/c-icap/c-icap.conf | 760 | ||||
-rw-r--r-- | pcr/c-icap/c-icap.service | 11 | ||||
-rw-r--r-- | pcr/c-icap/install | 7 | ||||
-rw-r--r-- | pcr/c-icap/logrotate | 9 | ||||
-rw-r--r-- | pcr/c-icap/tmpfiles.d | 1 |
6 files changed, 842 insertions, 0 deletions
diff --git a/pcr/c-icap/PKGBUILD b/pcr/c-icap/PKGBUILD new file mode 100644 index 000000000..67c4667f4 --- /dev/null +++ b/pcr/c-icap/PKGBUILD @@ -0,0 +1,54 @@ +# Maintainer (Arch): Amish <contact at via dot aur> +pkgname=c-icap +pkgver=0.4.2 +pkgrel=1 +pkgdesc='Implementation of an ICAP server' +arch=(i686 x86_64 armv7h) +url='http://c-icap.sourceforge.net/' +license=('GPL' 'LGPL') +source=("http://downloads.sourceforge.net/project/c-icap/c-icap/0.4.x/c_icap-${pkgver}.tar.gz" + 'c-icap.conf' + 'c-icap.service' + 'tmpfiles.d' + 'logrotate') +sha256sums=('b138c7d7d9828d54c3307bcfe7b4917911266593832ffc26a60df9a0dfd2511e' + 'a2859a3f2bab1d96ae3a6364853a65c3985a0c336dab385294b977ecca336fc3' + '313ae1b3ff52597158d3a914702d60b16248a8fb8f934e91644f63ad373e6375' + '485fa1649ad1a63f6f2ec46eb0c8100d8756be0ba99df2cf23aa2fc70f14b27d' + '07d5d98801feb0b20fe3cbbf9f7d00148cbda7b2e9e2bc07d859c1c5aa154926') +backup=('etc/c-icap/c-icap.conf' + 'etc/c-icap/c-icap.magic' + 'etc/logrotate.d/c-icap') +install=install + +build() { + cd "${srcdir}/c_icap-${pkgver}" + ./configure \ + --prefix=/usr \ + --localstatedir=/var \ + --sbindir=/usr/bin \ + --sysconfdir=/etc/c-icap \ + --enable-ipv6 \ + + make +} + +package() { + cd "${srcdir}/c_icap-${pkgver}" + make DESTDIR="${pkgdir}" install + + # fix some bad permissions + find "${pkgdir}"/etc/c-icap/ -type f -print0 | xargs -0 chmod 644 + chmod g-w "${pkgdir}"/var/log + + # remove /var/run directory which should not be packaged + rmdir "${pkgdir}"/var/run/c-icap/ "${pkgdir}"/var/run/ + + install -Dm644 ../c-icap.conf "${pkgdir}"/etc/c-icap/c-icap.conf + install -Dm644 ../c-icap.service "${pkgdir}"/usr/lib/systemd/system/c-icap.service + install -Dm644 ../tmpfiles.d "${pkgdir}"/usr/lib/tmpfiles.d/c-icap.conf + install -Dm644 ../logrotate "${pkgdir}"/etc/logrotate.d/c-icap + + install -d -m750 "${pkgdir}"/var/log/c-icap + chown 15:15 "${pkgdir}"/var/log/c-icap +} diff --git a/pcr/c-icap/c-icap.conf b/pcr/c-icap/c-icap.conf new file mode 100644 index 000000000..8a9890c9c --- /dev/null +++ b/pcr/c-icap/c-icap.conf @@ -0,0 +1,760 @@ +# +# This file contains the default settings for c-icap +# +# + + +# TAG: PidFile +# Format: PidFile pid_file +# Description: +# The file to store the pid of the main process of the c-icap server. +# Default: +# PidFile /var/run/c-icap/c-icap.pid +PidFile /var/run/c-icap/c-icap.pid + +# TAG: CommandsSocket +# Format: CommandsSocket socket_file +# Description: +# The path of file to use as control socket for c-icap +# Default: +# CommandsSocket /var/run/c-icap/c-icap.ctl +CommandsSocket /var/run/c-icap/c-icap.ctl + +# TAG: Timeout +# Format: Timeout seconds +# Description: +# The time in seconds after which a connection without activity +# can be cancelled. +# Default: +# Timeout 300 +Timeout 300 + +# TAG: MaxKeepAliveRequests +# Format: MaxKeepAliveRequests number +# Description: +# The maximum number of requests can be served by one connection +# Set it to -1 for no limit +# Default: +# MaxKeepAliveRequests 100 +MaxKeepAliveRequests 100 + +# TAG: KeepAliveTimeout +# Format: KeepAliveTimeout seconds +# Description: +# The maximum time in seconds waiting for a new requests before a +# connection will be closed. +# If the value is set to -1, there is no timeout. +# Default: +# KeepAliveTimeout 600 +KeepAliveTimeout 600 + +# TAG: StartServers +# Format: StartServers number +# Description: +# The initial number of server processes. Each server process +# generates a number of threads, which serve the requests. +# Default: +# StartServers 3 +StartServers 10 + +# TAG: MaxServers +# Format: MaxServers number +# Description: +# The maximum allowed number of server processes. +# Default: +# MaxServers 10 +MaxServers 50 + +# TAG: MinSpareThreads +# Format: MinSpareThreads number +# Description: +# If the number of the available threads is less than number, +# the c-icap server starts a new child. +# Default: +# MinSpareThreads 10 +MinSpareThreads 10 + +# TAG: MaxSpareThreads +# Format: MaxSpareThreads number +# Description: +# If the number of the available threads is more than number then +# the c-icap server kills a child. +# Default: +# MaxSpareThreads 20 +MaxSpareThreads 40 + +# TAG: ThreadsPerChild +# Format: ThreadsPerChild number +# Description: +# The number of threads per child process. +# Default: +# ThreadsPerChild 10 +ThreadsPerChild 10 + +# TAG: MaxRequestsPerChild +# Format: MaxRequestsPerChild number +# Description: +# The maximum number of requests that a child process can serve. +# After this number has been reached, process dies. The goal of this +# parameter is to minimize the risk of memory leaks and increase the +# stability of c-icap. It can be disabled by setting its value to 0. +# Default: +# MaxRequestsPerChild 0 +MaxRequestsPerChild 0 + +# TAG: InterProcessSharedMemScheme +# Format: InterProcessSharedMemScheme posix | mmap | sysv +# Description: +# The interprocess shared mem scheme to use. Available schemes: +# posix Use posix shared memory (shm_open interface) +# mmap Use anonymous mmaped files as shared memory +# sysv use the sysv ipc shared memory +# Default: +# InterProcessSharedMemScheme posix + +# TAG: InterProcessLockingScheme +# Format: InterProcessSharedMemScheme file | sysv | posix +# Description: +# The interprocess locking scheme to use. Available schemes: +# file Use lock file +# sysv Use the sysv ipc semaphores +# posix Use posix semaphores: Use it with caution you may experienced +# locking problems if one or more processes crashed. +# Default: +# InterProcessLockingScheme file + +# TAG: Port +# Format: Port port +# Description: +# The port number that the c-icap server uses to listen to requests. +# Default: +# Port 1344 +Port 1344 + +# TAG: User +# Format: User username +# Description: +# The user owning c-icap's processes. By default, the owner is the +# user who runs the program. +# Default: +# No value +# Example: +# User wwwrun + +# TAG: Group +# Format: Group groupname +# Description: +# The group of users owning c-icap's processes, which, by default +# is the group of the current user. +# Default: +# No value +# Example: +# Group nogroup + +# TAG: ServerAdmin +# Format: ServerAdmin admin_mail +# Description: +# The Administrator of this server. Used when displaying information +# about this server (logs, info service, etc) +# Default: +# No value +ServerAdmin root@localhost + +# TAG: ServerName +# Format: ServerName aServerName +# Description: +# A name for this server. Used when displaying information about this +# server (logs, info service, etc) +# Default: +# No value +ServerName localhost + +# TAG: TmpDir +# Format: TmpDir dir +# Description: +# dir is the location of temporary files. +# Default: +# TmpDir /var/tmp +TmpDir /var/tmp + +# TAG: MaxMemObject +# Format: MaxMemObject bytes +# Description: +# The maximum memory size in bytes taken by an object which +# is processed by c-icap . If the size of an object's body is +# larger than the maximum size a temporary file is used. +# Default: +# MaxMemObject 131072 +MaxMemObject 131072 + +# TAG: DebugLevel +# Format: DebugLevel level +# Description: +# The level of debugging information to be logged. +# The acceptable range of levels is between 0 and 10. +# Default: +# DebugLevel 1 +DebugLevel 0 + +# TAG: Pipelining +# Format: Pipelining on|off +# Description: +# Enable or disable ICAP requests pipelining +# Default: +# Pipelining on +Pipelining on + +# TAG: SupportBuggyClients +# FORMAT: SupportBuggyClients on|off +# Description: +# Try to handle requests from buggy clients, for example ICAP requests +# missing "\r\n" sequences +# Default: +# SupportBuggyClients off +SupportBuggyClients off + +# TAG: Allow204As200okZeroEncaps +# Format: Allow204As200okZeroEncaps +# Description: +# When used the c-icap instead of allow 204 return "200 OK" responses +# with zero encapsulated entities. +# Default: +# No set + +# TAG: ModulesDir +# Format: ModulesDir dir +# Description: +# The location of modules +# Default: +# ModulesDir /usr/lib/c_icap +ModulesDir /usr/lib/c_icap + +# TAG: ServicesDir +# Format: ServicesDir dir +# Description: +# The location of services +# Default: +# ServicesDir /usr/lib/c_icap +ServicesDir /usr/lib/c_icap + +# TAG: TemplateDir +# Format: TemplateDir dir +# Description: +# The location of the text templates used by c-icap and its services, +# categorized by language and services/modules +# Default: +# No value +# Example: +TemplateDir /usr/share/c_icap/templates/ + +# TAG: TemplateDefaultLanguage +# Format: TemplateDefaultLanguage lang +# Description: +# Sets the default language to use for text templates +# Default: +# TemplateDefaultLanguage en +TemplateDefaultLanguage en + +#TemplateReloadTime 360 +#TemplateCacheSize 20 +#TemplateMemBufSize 8192 + +# TAG: LoadMagicFile +# Format: LoadMagicFile path +# Description: +# Load a c-icap magic file. A magic file contains various +# data type definitions. Look inside default c-icap.magic file +# for more informations. +# It can be used more than once to use multiple magic files. +# Default: +# LoadMagicFile /etc/c-icap/c-icap.magic +LoadMagicFile /etc/c-icap/c-icap.magic + +# TAG: RemoteProxyUsers +# Format: RemoteProxyUsers onoff +# Description: +# Set it to on if you want to use username provided by the proxy server. +# This is the recomended way to use users in c-icap. +# If the RemoteProxyUsers is off and c-icap configured to use users or +# groups the internal authentication mechanism will be used. +# Default: +# RemoteProxyUsers off +RemoteProxyUsers off + +# TAG: RemoteProxyUserHeader +# Format: RemoteProxyUserHeader Header +# Description: +# Used to specify the icap header used by the proxy server to send +# the authenticated client username to c-icap server +# Default: +# RemoteProxyUserHeader X-Authenticated-User +RemoteProxyUserHeader X-Authenticated-User + +# TAG: RemoteProxyUserHeaderEncoded +# Format: RemoteProxyUserHeaderEncoded onoff +# Description: +# Set it to off if the RemoteProxyUserHeader is not base64 encoded +# Default: +# RemoteProxyUserHeaderEncoded on +RemoteProxyUserHeaderEncoded on + +# TAG: AuthMethod +# Format: AuthMethod Method Authenticator +# Description: +# Used to define the internal authentication mechanism to use. This +# feature is not well tested and may cause problems. It is better to use +# RemoteProxyUser configuration. +# Method is the authentication method to use (basic, digest, etc). +# Currently only basic authentication method is implemented as build in +# module +# Authenticator currently can only be "basic_simple_db" +# It can be considered as a user/password store and can be +# implemented as external module. The basic_simple_db is implemented as +# build it module +# Default: +# No set +# Example: +# AuthMethod basic basic_simple_db + +# TAG: basic.Realm +# Format: basic.Realm ARealm +# Description: +# Specify the basic method realm +# Default: +# basic.Realm "Basic authentication" +# Example: +# basic.Realm "c-icap server authentication" + +# TAG: basic_simple_db.UsersDB +# Format: basic_simple_db.UsersDB LookupTable +# Description: +# Specify the lookup table where the usernames/passwords pairs +# are stored. The paswords must be unencrypted +# For more information about c-icap lookup tables read c-icap server +# manual page +# Default: +# No value +# Example: +# basic_simple_db.UsersDB hash:/etc/c-icap/c-icap-users.txt + +# TAG: GroupSourceByGroup +# Format: GroupSourceByGroup LookupTable +# Description: +# Defines a lookup table where the groups of users are stored indexed +# by group. It can be used more than once. +# For more information about c-icap lookup tables read c-icap server +# manual page +# Default: +# No set +# Example: +# GroupSourceByGroup hash:/etc/c-icap/c-icap-groups.txt + +# TAG: GroupSourceByUser +# Format: GroupSourceByUser LookupTable +# Description: +# Defines a lookup table where the groups of users are stored indexed +# by user. It can be used more than once. +# For more information about c-icap lookup tables read c-icap server +# manual page +# Default: +# No set +# Example: +# GroupSourceByUser hash:/etc/c-icap/c-icap-user-groups.txt + +# TAG: acl +# Format: acl name type[{param}] value1 [value2] [...] +# Description: +# Supported acl types are: +# acl aclname service service1 ... +# The servicename +# acl aclname type OPTIONS|RESPMOD|REQMOD ... +# The icap method +# acl aclname port port1 ... +# The icap server port +# acl aclname src ip1/netmask1 ... +# The client ip address +# acl aclname srvip ip1/netmask1 ... +# The c-icap server ip address +# acl aclname icap_header{HeaderName} value1 ... +# Matches the icap header HeaderName with value1 ... +# The values are in regex form: /avalue/flags +# acl aclname icap_resp_header{HeaderName} value1 ... +# The icap response header +# The values are in regex form: /avalue/flags +# acl aclname http_req_header{HeaderName} value1 ... +# The http request header +# The values are in regex form: /avalue/flags +# acl aclname http_resp_header{HeaderName} value1 ... +# The http response header +# The values are in regex form: /avalue/flags +# acl aclname data_type type1 ... +# The data type as recognized by the internal data type +# recognizer. The types are defined in c-icap.magic file +# acl aclname auth username|* ... +# The authenticated users. Using * instead of username means +# all users. +# acl aclname group group1 ... +# if the user of request belongs to given groups +# acl content_length{>|<|=} value1 ... +# The content length of body data if the related information +# included in http headers. +# The parameter can take the value <, > or = to specify that +# the acl will match if content length is less, greater or +# equal to acl values. +# acl time value1 .... +# It checks agains current time. The values format is: +# [DAY[,DAY,[..]]][/][HH:MM-HH:MM] +# The DAY can be one of the following: +# S - Sunday +# M - Monday +# T - Tuesday +# W - Wednesday +# H - Thursday +# F - Friday +# A - Saturday +# acl http_client_ip ip1[/netmask1] ... +# The HTTP client ip address, if it is available. +# Default: +# None set +# Examples: +# acl OPTIONS type OPTIONS +# acl RESPMOD type RESPMOD +# acl REQMOD type REQMOD +# acl ALLREQUESTS type OPTIONS RESPMOD REQMOD +# acl XHEAD icap_header{X-Test} /value/ +# acl ECHO service echo +# acl localnet src 192.168.1.0/255.255.255.0 +# acl localhost src 127.0.0.1/255.255.255.255 +# acl all src 0.0.0.0/0.0.0.0 +# acl BigObjects content_length{>} 5000000 +# acl WorkingHours time M,T,W,H,F/8:00-18:00 +# acl FreeHour time Sunday,Saturday/8:00-23:59 M,T,W,H,F/18:01-23:59 M,T,W,H,F/0:00-7.59 + +# TAG: icap_access +# Format: icap_access allow|deny [!]acl1 ... +# Description: +# Allowing or denying ICAP access based on defined access lists +# Default: +# None set +# Example: +# icap_access deny XHEAD +# #Allow OPTIONS method for all: +# icap_access allow localnet OPTIONS +# #Require authentication for all users from local network: +# icap_access allow AUTH localnet +# icap_access deny all + +# TAG: client_access +# Format: client_access allow|deny acl1 [acl2] [...] +# Description: +# Allowing or denying connections on c-icap based on +# defined access lists. Only the acl types src, srvip and port +# can be used. +# Default: +# None set +# Example: +# client_access allow all + +# TAG: LogFormat +# Format: LogFormat Name Format +# Description: +# Name is a name for this log format. +# Format is a string with embedded % format codes. % format codes +# has the following form: +# % [-] [width] [{argument}] formatcode +# if - is specified then the output is left aligned +# if width specified then the field is exactly width size +# some formatcodes support arguments given as {argument} +# +# Format codes: +# %a: Remote IP-Address +# %la: Local IP Address +# %lp: Local port +# %>a: Http Client IP Address. Only supported if the proxy +# client supports the "X-Client-IP" header +# %<A: Http Server IP Address. Only supported if the proxy +# client supports the "X-Server-IP" header +# %ts: Seconds since epoch +# %tl: Local time. Supports optional strftime format argument +# %tg: GMT time. Supports optional strftime format argument +# %>ho: Modified Http request header. Supports header name +# as argument. If no argument given the first line returned +# %huo: Modified Http request url +# %<ho: Modified Http reply header. Supports header name +# as argument. If no argument given the first line returned +# %iu: Icap request url +# %im: Icap method +# %is: Icap status code +# %>ih: Icap request header. Supports header name +# as argument. If no argument given the first line returned +# %<ih: Icap response header. Supports header name +# as argument. If no argument given the first line returned +# %Ih: Http bytes received +# %Oh: Http bytes sent +# %Ib: Http body bytes received +# %Ob: Http body bytes sent +# %I: Bytes received +# %O: Bytes sent +# %bph: The first 5 bytes of the body preview data. Non +# printable characters printed in hex form. +# Supports the number of bytes to output as argument. +# %un: Username +# %Sl: Service log string +# %Sa: Attribute value set by service. The attribute name must +# given as argument. +# Default: +# None set +# Example: +# LogFormat myFormat "%tl, %a %im %iu %is %I %O %Ib %Ob %{10}bph" + +# TAG: ServerLog +# Format: ServerLog LogFile +# Description: +# the file used by the build-in logger file_logger to +# store debugging information, errors and other +# information about the c-icap server. +# Default: +# ServerLog /var/log/c-icap/server.log +ServerLog /var/log/c-icap/server.log + +# TAG: AccessLog +# Format: AccessLog LogFile [LogFormat] [[!]acl1] [[!]acl2] [...] +# Description: +# LogFile is a file where to log access information. +# LogFormat is the log format to use. If ommited c-icap uses: +# "%tl, %la %a %im %iu %is" +# Also acls can be used to select certain requests to be logged. +# This directive can be used more than once to specify more than +# one access log files +# Default: +# AccessLog /var/log/c-icap/access.log +# Example: +# AccessLog /var/log/c-icap/access.log MyFormat all +AccessLog /var/log/c-icap/access.log + +# TAG: Logger +# Format: Logger LoggerName +# Description: +# Specify wich logger to use. By default uses the build in "file_logger" which +# uses files for access and server logging. +# Default: +# Logger file_logger +# Example: +# Logger sys_logger + +# TAG: Module +# Format: Module Type ModuleFile +# Description: +# Load an external module/plugin to c-icap. +# ModuleFile is the filename of the module. If no full path given then c-icap +# searche in path defined by the ModulesDir configuration parameter. +# Type is the type of the external module and can be one of the following: +# - "logger" for modules implement a logger +# - "common" for general purpose modules +# Default: +# +# Example: +# Module logger sys_logger.so + +# TAG: Service +# Format: Service aName ServiceFile +# Description: +# It loads the service ServiceFile. The argument aName used +# as alias name for the service +# Default: +# +# Example: +# Service echo_service srv_echo.so + +# TAG: ServiceAlias +# Format: ServiceAlias AliasName ServiceName[?param1=value1¶m2=value2...] +# Description: +# Used to define an alias name for a service. +# Default: +# +# Example: +# ServiceAlias avscan srv_clamav?allow204=on&sizelimit=off&mode=simple + + +# +# TAG: General configuration parameters for all services +# Description: +# PreviewSize: The preview data size to advertise to the icap client +# MaxConnections: The client should not use more than MaxConnections +# for this service. +# TransferPreview: The list of file extensions, seperated by commas, +# for which the client should send preview data. +# TransferIgnore: The list of file extensions that should not be sent +# to the icap server +# TransferComplete: The list of file extensions that should be sent +# in their entirety, without preview, to the icap server +# OptionsTTL: The options ttl for the service. The "sec[s]", "min" or +# "hour[s]" can be used to secify that the time is in seconds +# minutes or hours respectively. If no time-units given +# seconds are assumed. +# Allow206 on|off: Enable/disable advertise of 206 responses. +# +# Example: +# echo.PreviewSize 512 +# echo.TransferIgnore gif, jpeg +# echo.OptionsTTL 3 min + + +###################################################### +# External modules comming with core c-icap server +# +# Module: echo +# Description: +# Simple test service +# Example: +# Service echo srv_echo.so +Service echo srv_echo.so + +# Module: sys_logger +# Description: +# Add support for logging access and server events to syslog server +# Use "Module" configuration parameter to load this module and "Logger" +# to make it default logger for the c-icap. +# Example: +# Module logger sys_logger.so +# Logger sys_logger + + +# TAG: sys_logger.Prefix +# Format: sys_logger.Prefix string +# Description: +# string is be presented in every syslog message. +# Default: +# sys_logger.Prefix "C-ICAP:" + +# TAG: sys_logger.Facility +# Format: sys_logger.Facility daemon|user|local1|local2|local3|local4|local5|local6|local7 +# Description: +# specifies the facility type of syslog. +# Default: +# sys_logger.Facility daemon + +# TAG: sys_logger.access_priority +# Format: sys_logger.access_priority alert|crit|debug|emerg|err|info|notice|warning +# Description: +# determines the importance of the access log message +# Default: +# sys_logger.access_priority info + +# TAG: sys_logger.server_priority +# Format: sys_logger.server_priority alert|crit|debug|emerg|err|info|notice|warning +# Description: +# determines the importance of the server log message +# Default: +# sys_logger.server_priority crit + +# TAG: sys_logger.LogFormat +# Format: sys_logger.LogFormat LOGFORMAT +# Description: +# The log format to use. If no log format defined then +# the following will be used: +# "%la %a %im %iu %is" +# Default: +# None set +# Example: +# Logformat BasicFormat "%la %a %im %iu %is" +# sys_logger.LogFormat BasicFormat + +# TAG: sys_logger.access +# Format: sys_logger.access [!]acl1 ... +# Description: +# Allow selecting ICAP requests to be logged using acls. +# By default all requests will be logged. +# Default: +# None set +# Example: +# sys_logger.access all + +# End module: sys_logger + +# Module: bdb_tables +# Description: +# Add support for Berkeley DB based lookup tables. The format for +# bdb path of the lookup table is: +# bdb:/path/to/bdb +# Use the c-icap-mkbdb utility to build Berkeley DB c-icap lookup tables +# Example: +# Module common bdb_tables.so + +# End module: bdb_tables + +# Module: dnsbl_tables +# Description: +# Add support for dns lookup tables. Can be used to access +# dns block lists. The dnsbl lookup table path definition is: +# dnsbl:domainname[{param1=val, ...}] +# dnsbl table parameters can be one or more of the followings: +# cache=no|cache_type +# The cache type to use or 'no' for no cache. +# cache-size=Size[K|M] +# The cache size in RAM +# cache-ttl=ttl +# The cache ttl to use +# +# For example the lookup table for accessing the black.uribl.com +# dns black list is: +# dnsbl:black.uribl.com +# Example: +# Module common dnsbl_tables.so + +# End module: dnsbl_tables + +# Module: ldap_module +# Description: +# Add LDAP support to c-icap. The user can use LDAP based lookup tables +# using the following lookup table path: +# ldap://[username:password@]ldapserver?base?attr1,attr2?filter[{[param=value, ...]}] +# The filter can contain the "%s" formating code which will be replaced by +# the search key. +# ldap table parameters can be one or more of the followings: +# name=aName +# A unique name to use for this table +# cache=no|cache_type +# The cache type to use or no for no cache. +# cache-size=Size[K|M] +# The cache size in RAM +# cache-ttl=ttl +# The cache ttl to use +# cache-item-size=ItemSize[K|M] +# The maximum item size +# +# Examples of supported ldap urls: +# ldap://ldap.chtsanti.net?o=chtsanti?cn,uid?uid=%s{cache=memcached} +# ldap://cn=Directory Manager:Apassword@ldap.chtsanti.net?o=chtsanti?mermberUid?(&(objectClass=posixGroup)(cn=%s)) +# +# WARNING: is not enough tested it may contain bugs! +# Example: +# Module common ldap_module.so + +# End module: ldap_module + +# Module: memcached +# Description: +# Add support for memcached c-icap cache. +# Example: +# Module common memcached.so + +# TAG: memcached.servers +# Format: memcached.servers hostname1 hostname2 ... +# Description: +# Set the memcached servers to use +# Default: +# memcached.servers 127.0.0.1 + +# TAG: memcached.use_md5_keys +# Format: memcached.use_md5_keys on|off +# Description: +# Whether to use or not md5 hash as key when the key exceeds the +# MEMCACHED_MAX_KEY (normaly 251 bytes) +# Default: +# memcached.use_md5_keys on + +# End module: memcached + +#Include virus_scan.conf +#Service squidclamav squidclamav.so diff --git a/pcr/c-icap/c-icap.service b/pcr/c-icap/c-icap.service new file mode 100644 index 000000000..419892d59 --- /dev/null +++ b/pcr/c-icap/c-icap.service @@ -0,0 +1,11 @@ +[Unit] +Description=ICAP server implementation + +[Service] +User=proxy +Type=forking +PIDFile=/run/c-icap/c-icap.pid +ExecStart=/usr/bin/c-icap + +[Install] +WantedBy=multi-user.target diff --git a/pcr/c-icap/install b/pcr/c-icap/install new file mode 100644 index 000000000..04997856e --- /dev/null +++ b/pcr/c-icap/install @@ -0,0 +1,7 @@ +post_upgrade() { + systemd-tmpfiles --create c-icap.conf +} + +post_install() { + post_upgrade +} diff --git a/pcr/c-icap/logrotate b/pcr/c-icap/logrotate new file mode 100644 index 000000000..e84f475c7 --- /dev/null +++ b/pcr/c-icap/logrotate @@ -0,0 +1,9 @@ +/var/log/c-icap/*.log { + create 600 proxy proxy + sharedscripts + missingok + notifempty + postrotate + /bin/kill -HUP `cat /run/c-icap/c-icap.pid 2>/dev/null` 2> /dev/null || true + endscript +} diff --git a/pcr/c-icap/tmpfiles.d b/pcr/c-icap/tmpfiles.d new file mode 100644 index 000000000..20ccc11f0 --- /dev/null +++ b/pcr/c-icap/tmpfiles.d @@ -0,0 +1 @@ +d /run/c-icap 0755 proxy proxy - |