Wolfgang Schweer · Wolfgang Schweer · Wolfgang Schweer · Wolfgang Schweer · Wolfgang Schweer · Wolfgang Schweer
--- a/cf3/cf.squid
+++ b/cf3/cf.squid
@@ -6,11 +6,11 @@ bundle agent squid

 files:

-  debian.server.installation::
+  debian.squidcache.installation::

-     # Use Debian Edu configuration file.
+     # Add link to additional Debian Edu configuration file.

-    "/etc/squid/squid.conf"
+    "/etc/squid/conf.d/debian-edu.conf"
      link_from => ln_s("/usr/share/debian-edu-config/squid.conf"),
      move_obstructions => "true";

@@ -24,19 +24,18 @@ files:

 commands:

-  # Reconfigure squid. This is needed if squid has already been started
-  # using the default configuration; a cache dir isn't used in this case,
-  # storage uses memory. The reconfiguration initializes the cache dir.
+  # Remove /etc/default/squid. This is needed in case of upgrades from Stretch.

-  debian.server.!squidcache.installation::
+  debian.squidcache.installation::

-    "/usr/sbin/dpkg-reconfigure squid"
+    "/bin/rm -f /etc/default/squid"
      contain => in_shell;

  # Update Squid to use all the available space (aka 80% of the partition)

-  debian.server.installation::
-    "/usr/share/debian-edu-config/tools/squid-update-cachedir /etc/squid/squid.conf"
+  debian.squidcache.installation::
+
+    "/usr/share/debian-edu-config/tools/squid-update-cachedir"
      contain => in_shell;

 }

--- a/debian/changelog
+++ b/debian/changelog
+debian-edu-config (2.10.44) UNRELEASED; urgency=medium
+
+  * Rework squid configuration now that custom configuration files can be put
+    into the /etc/squid/conf.d/ directory.
+    - share/debian-edu-config/squid.conf:
+      + Ship only Debian Edu specific options.
+    - cf3/cf.squid:
+      + Link the Debian Edu specific squid.conf file as additional
+        configuration /etc/squid/conf.d/debian-edu.conf.
+    - share/debian-edu-config/tools/squid-update-cachedir:
+      + Use Debian Edu specific add-on configuration file.
+      + Add additional logging statement.
+    - share/debian-edu-config/tools/run-at-firstboot:
+      + Adjust to use the new file location.
+  *  d/debian-edu-config.lintian-overrides:
+     - Add script-not-executable entries for etc/network/if-up.d/hostname and
+       etc/network/if-up.d/wpad-proxy-update
+
+ -- Wolfgang Schweer <wschweer@arcor.de>  Tue, 06 Nov 2018 11:51:50 +0100
+
 debian-edu-config (2.10.43) unstable; urgency=medium

  [ Wolfgang Schweer ]

--- a/debian/debian-edu-config.lintian-overrides
+++ b/debian/debian-edu-config.lintian-overrides
@@ -2,6 +2,8 @@ debian-edu-config binary: script-not-executable etc/dhcp/dhclient-exit-hooks.d/a
 debian-edu-config binary: script-not-executable etc/dhcp/dhclient-exit-hooks.d/fetch-ldap-cert
 debian-edu-config binary: script-not-executable etc/dhcp/dhclient-exit-hooks.d/hostname
 debian-edu-config binary: script-not-executable etc/dhcp/dhclient-exit-hooks.d/wpad-proxy-update
+debian-edu-config binary: script-not-executable etc/network/if-up.d/hostname
+debian-edu-config binary: script-not-executable etc/network/if-up.d/wpad-proxy-update
 debian-edu-config binary: non-standard-apache2-configuration-name debian-edu-config-doc.conf != debian-edu-config.conf
 debian-edu-config binary: debconf-is-not-a-registry usr/bin/ldap-debian-edu-install
 debian-edu-config binary: debconf-is-not-a-registry usr/share/debian-edu-config/d-i/finish-install

--- a/share/debian-edu-config/squid.conf
+++ b/share/debian-edu-config/squid.conf
-# Squid version 3 configuration file
-#
-# Created using the default configuration and doing
-#   grep -v '^#' /etc/squid/squid.conf |grep -v '^$'
-# and finally adding http and htcp allow statements for localnet,
-# an apt related refresh_pattern and maximum_object_size,
-# append_domain and cache_dir settings.
-
-acl SSL_ports port 443
-
-acl Safe_ports port 80          # http
-acl Safe_ports port 21          # ftp
-acl Safe_ports port 443         # https
-acl Safe_ports port 70          # gopher
-acl Safe_ports port 210         # wais
-acl Safe_ports port 1025-65535  # unregistered ports
-acl Safe_ports port 280         # http-mgmt
-acl Safe_ports port 488         # gss-http
-acl Safe_ports port 591         # filemaker
-acl Safe_ports port 777         # multiling http
-
-acl CONNECT method CONNECT
-
-# Grant access to the local networks
-acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
-acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
-acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
-acl localnet src fc00::/7       # RFC 4193 local private network range
-acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
-
-http_access deny !Safe_ports
-http_access deny CONNECT !SSL_ports
-http_access allow localhost manager
-http_access deny manager
 http_access allow localnet
-http_access allow localhost
-http_access deny all
-htcp_access allow localnet
-htcp_access deny all
-
-http_port 3128
-
-coredump_dir /var/spool/squid
-
-
-
-refresh_pattern ^ftp:           1440    20%     10080
-refresh_pattern ^gopher:        1440    0%      1440
-refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
-
-# See bug #591839
-refresh_pattern (Release|Packages(.gz)*)$      0       20%      2880
-
-refresh_pattern .               0       20%     4320

 # Cache larger files to cache more debian packages
 maximum_object_size 153600 KB
@@ -59,7 +6,7 @@ maximum_object_size 153600 KB
 #  - Appends .intern to hostnames without any dots in them.
 append_domain .intern

-# Adjust cache size to fit size of /var/spool/squid, the capasity is
-# dynamically updated using
+# Adjust cache size to fit size of /var/spool/squid, the initial capacity value
+# is dynamically updated using
 # /usr/share/debian-edu-config/tools/squid-update-cachedir
 cache_dir ufs /var/spool/squid 100 16 256
--- a/share/debian-edu-config/tools/run-at-firstboot
+++ b/share/debian-edu-config/tools/run-at-firstboot
@@ -56,7 +56,7 @@ fi

 # Update Squid to use all the available space (aka 80% of the partition)
 if echo "$PROFILE" | grep -q Main-Server ; then
-    /usr/share/debian-edu-config/tools/squid-update-cachedir /etc/squid/squid.conf
+    /usr/share/debian-edu-config/tools/squid-update-cachedir
 fi

 # Update PXE setup on Main-server with proxy values set in environment

--- a/share/debian-edu-config/tools/squid-update-cachedir
+++ b/share/debian-edu-config/tools/squid-update-cachedir
@@ -5,7 +5,7 @@
 LC_ALL=C
 export LC_ALL

-CONFIG=/etc/squid/squid.conf
+CONFIG=/etc/squid/conf.d/debian-edu.conf

 if [ "$1" ] ; then
    squidconf="$1"
@@ -49,6 +49,7 @@ if $newconf ; then
    else
 	systemctl reload squid.service
    fi
+    echo "info: Squid reloaded with changed configuration"
 else
    echo "info: Squid configuration not changed"
 fi