#! /usr/bin/make -f export DEB_BUILD_MAINT_OPTIONS = hardening=+all export DEB_CFLAGS_MAINT_APPEND = -Wno-error=deprecated-declarations export DEB_CXXFLAGS_MAINT_APPEND = -Wno-error=deprecated-declarations ifneq (,$(filter $(DEB_HOST_ARCH), armel m68k mips mipsel powerpc powerpcspe sh4)) DEB_LDFLAGS_MAINT_APPEND += -latomic endif export DEB_LDFLAGS_MAINT_APPEND export DEB_BUILD_PARALLEL = yes CXX_FOR_BUILD ?= $(CXX) INSTALLDIR := $(CURDIR)/debian/tmp datadir=/usr/share/squid DEB_DH_INSTALL_SOURCEDIR := $(INSTALLDIR) DEB_INSTALL_DOCS_squid-common := debian/copyright CONTRIBUTORS CREDITS QUICKSTART RELEASENOTES.html SPONSORS BUILDINFO := $(shell ( grep PRETTY_NAME /etc/os-release | sed -e 's/PRETTY_NAME=//' -e 's/"//g' ) 2>/dev/null ) DEB_CONFIGURE_EXTRA_FLAGS := BUILDCXXFLAGS="$(CXXFLAGS) $(CPPFLAGS) $(LDFLAGS)" \ BUILDCXX=$(CXX_FOR_BUILD) \ --with-build-environment=default \ --enable-build-info="$(BUILDINFO)" \ --datadir=/usr/share/squid \ --sysconfdir=/etc/squid \ --libexecdir=/usr/lib/squid \ --mandir=/usr/share/man \ --enable-inline \ --disable-arch-native \ --enable-async-io=8 \ --enable-storeio="ufs,aufs,diskd,rock" \ --enable-removal-policies="lru,heap" \ --enable-delay-pools \ --enable-cache-digests \ --enable-icap-client \ --enable-follow-x-forwarded-for \ --enable-auth-basic="DB,fake,getpwnam,LDAP,NCSA,PAM,POP3,RADIUS,SASL,SMB" \ --enable-auth-digest="file,LDAP" \ --enable-auth-negotiate="kerberos,wrapper" \ --enable-auth-ntlm="fake,SMB_LM" \ --enable-external-acl-helpers="file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,time_quota,unix_group,wbinfo_group" \ --enable-security-cert-validators="fake" \ --enable-storeid-rewrite-helpers="file" \ --enable-url-rewrite-helpers="fake" \ --enable-eui \ --enable-icmp \ --enable-zph-qos \ --enable-ecap \ --disable-translation \ --with-swapdir=/var/spool/squid \ --with-logdir=/var/log/squid \ --with-pidfile=/run/squid.pid \ --with-filedescriptors=65536 \ --with-large-files \ --with-default-user=proxy ## CVE-2024-45802 DEB_CONFIGURE_EXTRA_FLAGS += --disable-esi ifeq ($(DEB_HOST_ARCH_OS), kfreebsd) DEB_CONFIGURE_EXTRA_FLAGS += --enable-kqueue endif ifeq ($(DEB_HOST_ARCH_OS), linux) DEB_CONFIGURE_EXTRA_FLAGS += --enable-linux-netfilter --with-systemd endif DEB_MAKE_CLEAN_TARGET = distclean %: dh $@ override_dh_auto_configure: mkdir -p debian/build-openssl # copy the source to build-openssl tar -cf - --exclude=debian/build* --exclude=.pc . \ | tar -xf - -C debian/build-openssl # run buildconf and make sure to copy the patched ltmain.sh #for flavour in build build-gnutls build-nss; do \ # (cd debian/$$flavour && ./buildconf && cp ../../ltmain.sh .) \ #done dh_auto_configure -- ${DEB_CONFIGURE_EXTRA_FLAGS} \ --with-gnutls cd debian/build-openssl && dh_auto_configure -- ${DEB_CONFIGURE_EXTRA_FLAGS} \ --with-openssl \ --enable-ssl-crtd override_dh_auto_build: dh_auto_build cd debian/build-openssl && dh_auto_build override_dh_auto_test: -dh_auto_test -cd debian/build-openssl && dh_auto_test override_dh_auto_install: dh_auto_install dh_auto_install --destdir=$(INSTALLDIR)-openssl -- -C debian/build-openssl pkg_cachemgr_cgi_install: # squid-cgi Package install -m 755 -g root -d $(INSTALLDIR)/usr/lib/cgi-bin mv $(INSTALLDIR)/usr/lib/squid/cachemgr.cgi $(INSTALLDIR)/usr/lib/cgi-bin/cachemgr.cgi pkg_squid_purge_install: # squid-purge Package mv $(INSTALLDIR)/usr/bin/purge $(INSTALLDIR)/usr/bin/squid-purge install -m 755 -g root -d $(INSTALLDIR)/usr/share/man/man1 mv $(INSTALLDIR)/usr/share/man/man1/purge.1 $(INSTALLDIR)/usr/share/man/man1/squid-purge.1 execute_after_dh_auto_install: pkg_squid_purge_install pkg_cachemgr_cgi_install # mv $(INSTALLDIR)/usr/sbin/squid $(INSTALLDIR)/usr/sbin/squid-gnutls mv $(INSTALLDIR)-openssl/usr/sbin/squid $(INSTALLDIR)-openssl/usr/sbin/squid-openssl # # /etc/squid Details install -m 644 $(INSTALLDIR)/etc/squid/squid.conf.documented $(INSTALLDIR)/etc/squid/squid.conf install -m 755 -g root -d $(INSTALLDIR)/etc/squid/conf.d install -m 644 -g root debian/debian.conf $(INSTALLDIR)/etc/squid/conf.d/debian.conf # # FSM Paths install -m 755 -g root -d debian/squid/var/log install -m 750 -o proxy -g proxy -d debian/squid/var/log/squid install -m 755 -g root -d debian/squid/var/spool install -m 750 -o proxy -g proxy -d debian/squid/var/spool/squid # # apparmor Support install -m 755 -g root -d $(INSTALLDIR)/etc/apparmor.d install -m 755 -g root -d $(INSTALLDIR)/etc/apparmor.d/force-complain install -m 755 -g root -d $(INSTALLDIR)/etc/apparmor.d/disable install -m 644 -g root debian/usr.sbin.squid $(INSTALLDIR)/etc/apparmor.d dh_apparmor --profile-name=usr.sbin.squid -psquid # # logrotate Support install -m 755 -g root -d $(INSTALLDIR)/etc/logrotate.d install -m 644 -g root debian/squid.logrotate $(INSTALLDIR)/etc/logrotate.d/squid # # resolvconf Support install -m 755 -g root -d $(INSTALLDIR)/etc/resolvconf install -m 755 -g root -d $(INSTALLDIR)/etc/resolvconf/update-libc.d install -m 755 -g root debian/squid.resolvconf $(INSTALLDIR)/etc/resolvconf/update-libc.d/squid # # ufw Support install -m 755 -g root -d $(INSTALLDIR)/etc/ufw/applications.d install -m 644 -g root debian/squid.ufw.profile $(INSTALLDIR)/etc/ufw/applications.d/squid override_dh_install: dh_install -psquid -psquid-common -psquidclient -psquid-cgi -psquid-purge \ --sourcedir=$(INSTALLDIR) dh_install -psquid-openssl \ --sourcedir=$(INSTALLDIR)-openssl override_dh_auto_clean: $(RM) -r debian/build* debian/tmp* dh_auto_clean # Disable dh_missing override_dh_missing: debian/copyright: debian/copyright.Debian CREDITS cat $^ | sed -e "s/59 Temple Place.* Suite 330/51 Franklin St, Fifth Floor/" -e "s/MA \?02111[^, ]*/MA 02110-1301/" -e "s/675 Mass Ave/51 Franklin St, Fifth Floor/" -e "s/Cambridge, MA 02139/Boston, MA 02110-1301/" > $@