Including Squid 2.6.STABLE16 with Solaris SXDE
27 September 2007
1. Summary and motivation
1.1. Introduction
This FastTrack delivers Squid Cache 2.6.STABLE16[1] as a component in
sfw stack.
From the Squid HomePage [2], "Squid is a fully-featured HTTP/1.0 proxy
which is almost (but not quite - we're getting there!) HTTP/1.1. Squid
offers a rich access control, authorization and logging environment to
develop web proxy and content serving applications."
This FastTrack proposes the integration of the most recent stable
release of Squid 2.6 (STABLE16),
This case seeks Minor Release Binding.
2. Technical issues
2.1. Key objects
/etc/squid/squid.conf
/etc/squid/mime.conf
/etc/squid/msntauth.conf
/etc/squid/cachemgr.conf
/usr/squid/sbin/squid
/usr/squid/bin/squidclient
/usr/squid/bin/RunCache
/usr/squid/bin/cossdump
/usr/squid/libexec/diskd-daemon
/usr/squid/libexec/pinger
/usr/squid/libexec/unlinkd
/usr/squid/libexec/squid_db_auth
/usr/squid/libexec/squid_kerb_auth
/usr/squid/libexec/squid_ldap_auth
/usr/squid/libexec/ncsa_auth
/usr/squid/libexec/yp_auth
/usr/squid/libexec/pam_auth
/usr/squid/libexec/getpwname_auth
/usr/squid/libexec/msnt_auth
/usr/squid/libexec/pop3.pl
/usr/squid/libexec/sasl_auth
/usr/squid/libexec/smb_auth.pl
/usr/squid/libexec/smb_auth
/usr/squid/libexec/smb_auth.sh
/usr/squid/libexec/ntlm_auth
/usr/squid/libexec/fakeauth_auth
/usr/squid/libexec/digest_ldap_auth
/usr/squid/libexec/digest_pw_auth
/usr/squid/libexec/ip_user_check
/usr/squid/libexec/squid_unix_group
/usr/squid/libexec/squid_ldap_group
/usr/squid/libexec/wbinfo_group.pl
/usr/squid/libexec/cachemgr.cgi
/usr/squid/share/mib.txt
/usr/squid/share/icons/
/usr/squid/share/errors/
/usr/squid/man/man8/
/var/squid/logs/
/var/squid/cache/
2.2. Versioning
The Squid follows a simple development model. The development and
stable versions coexist. There are three tags used to indicate the
state of a version. STABLE, PRE and DEVEL.[3]
DEVEL is the version that undergoes active development and addition
of features. When it matures it is tagged PRE as beta after which it
is tagged STABLE when the release approaches stability.
There are two active versions in existence now. Squid 2.6.STABLE16 and
Squid-3.0.PRE6. This case deals with Squid 2.6.STABLE16 alone.
( Referred to by Squid in the rest of this document)
2.3 Modules
The modules are compiled statically into Squid, thus each release of
Squid needs to recompile the modules that it supports.
2.4 Directory Naming and Structure
The proposed directory layout for Squid is
/usr/squid/
/bin
/sbin
/libexec
/share
/man/man8
/etc/squid/
/squid.conf
/mime.conf
/msntauth.conf
/cachemgr.conf
/var/squid
/logs/
/cache/
The detailed directory and file layout for Squid is provided in
Addendum 1.
3. Core Modules
These are the (statically linked) modules enabled by initial
integration.
Asynchronous IO
CARP - Cache Array Routing Protocol
HTCP - Hyper Text Caching Protocol
Cache-Digests
WCCP Versions 1 and 2
Large cache and log file support
Delay pools
Arp Access control lists
SSL support
SNMP support
Forward via Database
Store IO with DISKD, UFS, AUFS and COSS (Different modes of Cache IO)
Authentication scheme with the following supported.
Basic with:
DB,NCSA,YP,LDAP,PAM,getpwnam,MSNT,POP3,
SASL,multi-domain-NTLM,SMB
NTLM with:
SMB,fakeauth
Digest with:
ldap, password
Negotiate with:
kerberose
Acl helpers :
ip_user,unix_group,ldap_group,wbinfo_group
We do not support Acl Helpers Session since it requires Berkeley
DB 4 to compile.
4. Squid Documentation.
Squid comes with generic documentation in man page format for squid.8
cachemgr.cgi.8, squid_db_auth.8, ncsa_auth.9, squid_ldap_auth.8,
pam_auth.8, squid_unix_group.8 and squid_ldap_group.8. These will be
placed in the /usr/squid/man/man8 directory as done by the canonical
distribution.
5. Squid Internationalization
Internationalization of error messages is provided by squid and the
localized error messages are provided in /usr/squid/share/errors
directory for each supported language.
6. Packaging and Delivery
We propose to package squid under SUNWsquidr SUNWsquidu. The
SUNWsquidr package contains installation specific details that users
modify (/etc/squid and /var/squid) and SUNWsquidu contains files that
are installation independent (/usr). Multiple versions coexisting on
the same machine is not anticipated since this is not a development
platform, and general usage pattern is to have a single instance.
7. Squid Interfaces
7.1. Interface Stability
The Squid project has not changed the configuration file format from
the time it started. It is a plain text file with space separated key
and values. However, newer configuration keys and values have been
added in the releases.
Squid does not support loadable modules. Thus binary compatibility is
not relevant for Squid.
7.2. Imported Interfaces
Squid imports interfaces from
NAME STABILITY NOTES
Netscape Portable Runtime (SUNWpr) Stable WSARC/2002/217
Network Security Services (SUNWtls) Stable WSARC/2002/366
Kerberos version 5 support (SUNWkrbu) External PSARC/2006/277
OpenSSL Libraries (SUNWopenssl-libraries) External PSARC/2003/500
7.3. Exported Interfaces
NAME STABILITY NOTES
/usr/squid/sbin/squid Uncommitted Executable location
/usr/squid/bin/squidclient Uncommitted Executable location
/usr/squid/bin/RunCache Uncommitted Squid Watchdog Script
/usr/squid/bin/RunAccel Uncommitted Squid Watchdog Script
/usr/squid/bin/cossdump Uncommitted Executable location
/usr/squid/libexec/cachemgr.cgi Project Private Executable location
/usr/squid/libexec/diskd-daemon Project Private Executable location
/usr/squid/libexec/pinger Project Private Executable location
/usr/squid/libexec/unlinkd Project Private Executable location
/usr/squid/libexec/squid_db_auth Project Private Executable location
/usr/squid/libexec/ncsa_auth Project Private Executable location
/usr/squid/libexec/yp_auth Project Private Executable location
/usr/squid/libexec/squid_ldap_auth Project Private Executable location
/usr/squid/libexec/pam_auth Project Private Executable location
/usr/squid/libexec/getpwname_auth Project Private Executable location
/usr/squid/libexec/msnt_auth Project Private Executable location
/usr/squid/libexec/pop3.pl Project Private Executable location
/usr/squid/libexec/smb_auth.pl Project Private Executable location
/usr/squid/libexec/smb_auth Project Private Executable location
/usr/squid/libexec/smb_auth.sh Project Private Executable location
/usr/squid/libexec/ntlm_auth Project Private Executable location
/usr/squid/libexec/fakeauth_auth Project Private Executable location
/usr/squid/libexec/digest_ldap_auth Project Private Executable location
/usr/squid/libexec/digest_pw_auth Project Private Executable location
/usr/squid/libexec/ip_user_check Project Private Executable location
/usr/squid/libexec/squid_unix_group Project Private Executable location
/usr/squid/libexec/squid_ldap_group Project Private Executable location
/usr/squid/libexec/wbinfo_group.pl Project Private Executable location
/usr/squid/libexec/sasl_auth Project Private Executable location
/usr/squid/libexec/no_check.pl Project Private Executable location
/usr/squid/libexec/squid_kerb_auth Project Private Executable location
/etc/squid/squid.conf Uncommitted Squid Configuration
/etc/squid/mime.conf Uncommitted Additional Configuration
/etc/squid/msntauth.conf Uncommitted Additional Configuration
/etc/squid/cachemgr.conf Uncommitted Additional Configuration
/usr/squid/man/man8/squid.8 Uncommitted Manual Page
/usr/squid/man/man8/cachemgr.cgi.8 Uncommitted Manual Page
/usr/squid/man/man8/squid_db_auth.8 Uncommitted Manual Page
/usr/squid/man/man8/ncsa_auth.8 Uncommitted Manual Page
/usr/squid/man/man8/squid_ldap_auth.8 Uncommitted Manual Page
/usr/squid/man/man8/pam_auth.8 Uncommitted Manual Page
/usr/squid/man/man8/squid_unix_group.8 Uncommitted Manual Page
/usr/squid/man/man8/squid_ldap_group.8 Uncommitted Manual Page
svc:/network/http:squid Committed FMRI
/var/svc/manifest/network/http-squid.xml Project Private SMF Manifest
8. References
[1] http://www.squid-cache.org/Versions/
[2] http://www.squid-cache.org/
[3] http://www.squid-cache.org/Versions/
[4] http://sac.sfbay/arc/LSARC/2007/299/
================================================================
Addendum 1: Squid Integration Directory and File Structure.
1. The following files are included in the Squid integration:
/usr/squid
bin
RunCache
squidclient
cossdump
libexec
diskd-daemon
pinger
unlinkd
squid_db_auth
ncsa_auth
yp_auth
squid_ldap_auth
pam_auth
getpwname_auth
msnt_auth
pop3.pl
smb_auth.pl
smb_auth
smb_auth.sh
ntlm_auth
fakeauth_auth
digest_ldap_auth
digest_pw_auth
ip_user_check
squid_unix_group
squid_ldap_group
wbinfo_group.pl
cachemgr.cgi
sasl_auth
no_check.pl
squid_kerb_auth
sbin
squid
share
mib.txt
icons
anthony-binhex.gif
anthony-bomb.gif
anthony-box.gif
anthony-box2.gif
anthony-c.gif
anthony-compressed.gif
anthony-dir.gif
anthony-dirup.gif
anthony-dvi.gif
anthony-f.gif
anthony-image.gif
anthony-image2.gif
anthony-layout.gif
anthony-link.gif
anthony-movie.gif
anthony-pdf.gif
anthony-portal.gif
anthony-ps.gif
anthony-quill.gif
anthony-script.gif
anthony-sound.gif
anthony-tar.gif
anthony-tex.gif
anthony-text.gif
anthony-unknown.gif
anthony-xbm.gif
anthony-xpm.gif
errors
Armenian
Azerbaijani
Bulgarian
Catalan
Czech
Danish
Dutch
English
Estonian
Finnish
French
German
Greek
Hebrew
Hungarian
Italian
Japanese
Korean
Lithuanian
Polish
Portuguese
Romanian
Russian-1251
Russian-koi8-r
Serbian
Simplify_Chinese
Slovak
Spanish
Swedish
Traditional_Chinese
Turkish
man
man8
squid.8
cachemgr.cgi.8
squid_db_auth.8
ncsa_auth.8
squid_ldap_auth.8
pam_auth.8
squid_unix_group.8
squid_ldap_group.8
/etc/squid
squid.conf
mime.conf
msntauth.conf
cachemgr.conf
/var/squid
logs/
cache/
Under each language directories the following files reside
ERR_ACCESS_DENIED
ERR_CACHE_ACCESS_DENIED
ERR_CACHE_MGR_ACCESS_DENIED
ERR_CANNOT_FORWARD
ERR_CONNECT_FAIL
ERR_DNS_FAIL
ERR_FORWARDING_DENIED
ERR_FTP_DISABLED
ERR_FTP_FAILURE
ERR_FTP_FORBIDDEN
ERR_FTP_NOT_FOUND
ERR_FTP_PUT_CREATED
ERR_FTP_PUT_ERROR
ERR_FTP_PUT_MODIFIED
ERR_FTP_UNAVAILABLE
ERR_INVALID_REQ
ERR_INVALID_RESP
ERR_INVALID_URL
ERR_LIFETIME_EXP
ERR_NO_RELAY
ERR_ONLY_IF_CACHED_MISS
ERR_READ_ERROR
ERR_READ_TIMEOUT
ERR_SHUTTING_DOWN
ERR_SOCKET_FAILURE
ERR_TOO_BIG
ERR_UNSUP_REQ
ERR_URN_RESOLVE
ERR_WRITE_ERROR
ERR_ZERO_SIZE_OBJECT
Comments (6)
Sep 18, 2007
vrthra says:
I have removed the session (External ACL helpers) functionality since it require...I have removed the session (External ACL helpers) functionality since it requires Berkeley DB, and the BDB that we are using can not be used to link against an external product.
Sep 19, 2007
vrthra says:
SASL for Solaris PSARC 2002/527 UnstableSASL for Solaris PSARC 2002/527 Unstable
Sep 19, 2007
vrthra says:
Kerberos V5 PSARC2006/27 ExternalKerberos V5 PSARC2006/27 External
Sep 19, 2007
vrthra says:
NSS (SUNWtls) WSARC/2002/366/NSS (SUNWtls) WSARC/2002/366/
Sep 19, 2007
vrthra says:
NSPR (SUNWpr) WSARC/2002/217/NSPR (SUNWpr) WSARC/2002/217/
Sep 19, 2007
vrthra says:
SUNWopenssl-libraries PSARC/2003/500/SUNWopenssl-libraries PSARC/2003/500/