squid-deb-proxy

.bzr-builddeb/default.conf (+2/-0)
30autoproxy (+1/-0)
Makefile (+22/-0)
README (+19/-0)
README.autogenerated (+2/-0)
allowed-networks-src.acl (+12/-0)
apt-avahi-discover (+12/-0)
avahi/Makefile (+10/-0)
avahi/README (+2/-0)
avahi/find_squid_deb_proxy.c (+232/-0)
contrib/squid-deb-proxy.init (+185/-0)
debian/changelog (+192/-0)
debian/compat (+1/-0)
debian/control (+52/-0)
debian/copyright (+14/-0)
debian/po/POTFILES.in (+1/-0)
debian/po/templates.pot (+48/-0)
debian/postrm (+12/-0)
debian/preinst (+54/-0)
debian/rules (+8/-0)
debian/squid-deb-proxy-client-udeb.dirs (+1/-0)
debian/squid-deb-proxy-client-udeb.install (+1/-0)
debian/squid-deb-proxy-client.install (+2/-0)
debian/squid-deb-proxy.config (+11/-0)
debian/squid-deb-proxy.install (+1/-0)
debian/squid-deb-proxy.logrotate (+15/-0)
debian/squid-deb-proxy.postinst (+131/-0)
debian/squid-deb-proxy.postrm (+11/-0)
debian/squid-deb-proxy.templates (+16/-0)
debian/squid-deb-proxy.upstart (+105/-0)
mirror-dstdomain.acl (+21/-0)
squid-deb-proxy.conf (+93/-0)
tests/test_acl.sh (+36/-0)
udeb/80squid-deb-proxy-client (+9/-0)

Conflict adding file .bzr-builddeb.  Moved existing file to .bzr-builddeb.moved.
Conflict adding file 30autoproxy.  Moved existing file to 30autoproxy.moved.
Conflict adding file Makefile.  Moved existing file to Makefile.moved.
Conflict adding file README.autogenerated.  Moved existing file to README.autogenerated.moved.
Conflict adding file README.  Moved existing file to README.moved.
Conflict adding file allowed-networks-src.acl.  Moved existing file to allowed-networks-src.acl.moved.
Conflict adding file apt-avahi-discover.  Moved existing file to apt-avahi-discover.moved.
Conflict adding file avahi.  Moved existing file to avahi.moved.
Conflict adding file contrib.  Moved existing file to contrib.moved.
Conflict adding file debian.  Moved existing file to debian.moved.
Conflict adding file mirror-dstdomain.acl.  Moved existing file to mirror-dstdomain.acl.moved.
Conflict adding file squid-deb-proxy.conf.  Moved existing file to squid-deb-proxy.conf.moved.
Conflict adding file tests.  Moved existing file to tests.moved.
Conflict adding file udeb.  Moved existing file to udeb.moved.

To merge this branch:

bzr merge lp:~racb/squid-deb-proxy/apt_refresh

Undecided

In Progress

Link a bug report

Reviewer	Review Type	Date Requested	Status
Michael Vogt		2012-03-30	Approve on 2012-04-02
Review via email: mp+100116@code.launchpad.net

Description of the change

Always check to see if Release and Package files have been updated. If they have not changed, they can still be served from the cache, but this way the archive is always consulted. This should eliminate any possibility of apt errors due to the cache being in the middle. Other general apt issues (like squid accessing different mirrors which are skewed, or skew in between fetching Release and Package files, or skew in mirrors between updating Package and Release files, remain).

Revision history for this message

Michael Vogt (mvo) wrote on 2012-04-02:

Thanks, I manually merged this into trunk now (as the branches are incompatible, probably ubuntu vs upstream branch problem :-/

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Michael Vogt

Robie Basak

 === added directory '.bzr-builddeb'
 === renamed directory '.bzr-builddeb' => '.bzr-builddeb.moved'
 === added file '.bzr-builddeb/default.conf'
 --- .bzr-builddeb/default.conf	1970-01-01 00:00:00 +0000
 +++ .bzr-builddeb/default.conf	2012-03-30 12:19:23 +0000
@@ -0,0 +1,2 @@
++[BUILDDEB]
++native = True
 === added file '30autoproxy'
 --- 30autoproxy	1970-01-01 00:00:00 +0000
 +++ 30autoproxy	2012-03-30 12:19:23 +0000
@@ -0,0 +1,1 @@
++Acquire::http::ProxyAutoDetect "/usr/share/squid-deb-proxy-client/apt-avahi-discover";
 === renamed file '30autoproxy' => '30autoproxy.moved'
 === added file 'Makefile'
 --- Makefile	1970-01-01 00:00:00 +0000
 +++ Makefile	2012-03-30 12:19:23 +0000
@@ -0,0 +1,22 @@
++#!/usr/bin/make
++
++all:
++	echo "nothing to do"
++
++install:
++	# dir
++	install -d -m 755 $(DESTDIR)/etc/squid-deb-proxy
++	install -d -m 755 $(DESTDIR)/etc/squid-deb-proxy/allowed-networks-src.acl.d
++	install -d -m 755 $(DESTDIR)/etc/squid-deb-proxy/mirror-dstdomain.acl.d
++	install -d -m 755 $(DESTDIR)/etc/squid-deb-proxy/pkg-blacklist.d
++	install -d -m 755 $(DESTDIR)/etc/squid-deb-proxy/autogenerated
++	install -m 644 README.autogenerated $(DESTDIR)/etc/squid-deb-proxy/autogenerated
++	install -d -m 755 $(DESTDIR)/etc/apt/apt.conf.d
++	install -d -m 755 $(DESTDIR)/usr/share/squid-deb-proxy-client/
++	# files
++	install -m 644 squid-deb-proxy.conf $(DESTDIR)/etc/squid-deb-proxy/
++	install -m 644 allowed-networks-src.acl $(DESTDIR)/etc/squid-deb-proxy/
++	install -m 644 mirror-dstdomain.acl $(DESTDIR)/etc/squid-deb-proxy/
++	# client
++	install -m 755 apt-avahi-discover $(DESTDIR)/usr/share/squid-deb-proxy-client/
++	install -m 644 30autoproxy $(DESTDIR)/etc/apt/apt.conf.d
 === renamed file 'Makefile' => 'Makefile.moved'
 === added file 'README'
 --- README	1970-01-01 00:00:00 +0000
 +++ README	2012-03-30 12:19:23 +0000
@@ -0,0 +1,19 @@
++This package provides a squid proxy config optimized for caching
++deb packages on Ubuntu systems.
++
++It should work out of the box on port 8000 for most users.
++
++It will allow access to .archive.ubuntu.com, archive.canonical.com,
++extras.ubuntu.com and changelogs.ubuntu.com by default from any
++private (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) network. To
++customize these settings check /etc/squid-deb-proxy/*.acl
++
++To customize the general config, edit the file
++/etc/squid-deb-proxy/squid-deb-proxy.conf
++
++The default config will only allow fetching official Ubuntu packages
++or official third party packages from archive.canonical.com and
++extras.ubuntu.com. You can add more repositories either via the
++whitelist file "mirror-dstdomain.acl" or by tweaking the global
++configuration "squid-deb-proxy.conf" to allow fetching from any
++domain (see the http_access and cache options).
 === added file 'README.autogenerated'
 --- README.autogenerated	1970-01-01 00:00:00 +0000
 +++ README.autogenerated	2012-03-30 12:19:23 +0000
@@ -0,0 +1,2 @@
++This directory contains automatically generated files.
++Do not edit anything in here.
 === renamed file 'README.autogenerated' => 'README.autogenerated.moved'
 === renamed file 'README' => 'README.moved'
 === added file 'allowed-networks-src.acl'
 --- allowed-networks-src.acl	1970-01-01 00:00:00 +0000
 +++ allowed-networks-src.acl	2012-03-30 12:19:23 +0000
@@ -0,0 +1,12 @@
++# allowed-networks-src.conf
++#
++# network sources that you want to allow access to the cache
++
++# private networks
++10.0.0.0/8
++172.16.0.0/12
++192.168.0.0/16
++127.0.0.1
++
++# additional non-private networks can be added to the directory:
++#  /etc/squid-deb-proxy/allowed-networks-src.acl.d
 === renamed file 'allowed-networks-src.acl' => 'allowed-networks-src.acl.moved'
 === added file 'apt-avahi-discover'
 --- apt-avahi-discover	1970-01-01 00:00:00 +0000
 +++ apt-avahi-discover	2012-03-30 12:19:23 +0000
@@ -0,0 +1,12 @@
++#!/bin/sh
++#
++# use avahi to find a _apt_proxy._tcp provider and return
++# a http proxy string suitable for apt
++
++SERVICE="_apt_proxy._tcp"
++
++out=$(avahi-browse -kprt $SERVICE|grep '^=;.*;IPv4;.*'|head -n1)
++PORT=$(echo "$out" | cut -d ';' -f9)
++HOST=$(echo "$out" | cut -d ';' -f7)
++IP=$(avahi-resolve -n4 "$HOST" | cut -f2)
++echo "http://$IP:$PORT/"
 === renamed file 'apt-avahi-discover' => 'apt-avahi-discover.moved'
 === added directory 'avahi'
 === renamed directory 'avahi' => 'avahi.moved'
 === added file 'avahi/Makefile'
 --- avahi/Makefile	1970-01-01 00:00:00 +0000
 +++ avahi/Makefile	2012-03-30 12:19:23 +0000
@@ -0,0 +1,10 @@
++CFLAGS := $(shell pkg-config --cflags avahi-core) -g -Wall
++LDFLAGS := $(shell pkg-config --libs avahi-core)
++
++all: find_squid_deb_proxy
++
++find_squid_deb_proxy: find_squid_deb_proxy.c
++	$(CC) $(CFLAGS) find_squid_deb_proxy.c -o find_squid_deb_proxy $(LDFLAGS)
++
++clean:
++	rm -f find_squid_deb_proxy
 === added file 'avahi/README'
 --- avahi/README	1970-01-01 00:00:00 +0000
 +++ avahi/README	2012-03-30 12:19:23 +0000
@@ -0,0 +1,2 @@
++This is a pure C implementation of apt-avahi-discover. Its currently
++not used but might be in the future.
 === added file 'avahi/find_squid_deb_proxy.c'
 --- avahi/find_squid_deb_proxy.c	1970-01-01 00:00:00 +0000
 +++ avahi/find_squid_deb_proxy.c	2012-03-30 12:19:23 +0000
@@ -0,0 +1,232 @@
++/* $Id$ */
++
++/***
++  This file is based on an example that is part of avahi, which is copyright:
++  Lennart Poettering <lennart (at) poettering (dot) de>
++  Trent Lloyd <lathiat@bur.st>
++  Sebastien Estienne <sebastien.estienne@gmail.com>
++  Jakub Stachowski
++  James Willcox <snorp@snorp.net>
++  Collabora Ltd.
++  Modifications for eucalyptus-udeb are copyright 2009 Canonical Ltd.
++  Modifications for squid-deb-proxy-udeb are copyright 2011 Canonical Ltd.
++
++  avahi is free software; you can redistribute it and/or modify it
++  under the terms of the GNU Lesser General Public License as
++  published by the Free Software Foundation; either version 2.1 of the
++  License, or (at your option) any later version.
++
++  avahi is distributed in the hope that it will be useful, but WITHOUT
++  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++  or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General
++  Public License for more details.
++
++  You should have received a copy of the GNU Lesser General Public
++  License along with avahi; if not, write to the Free Software
++  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
++  USA.
++***/
++
++#ifdef HAVE_CONFIG_H
++#include <config.h>
++#endif
++
++#include <stdio.h>
++#include <assert.h>
++#include <stdlib.h>
++#include <time.h>
++#include <string.h>
++
++#include <avahi-core/core.h>
++#include <avahi-core/lookup.h>
++#include <avahi-core/log.h>
++#include <avahi-common/simple-watch.h>
++#include <avahi-common/malloc.h>
++#include <avahi-common/error.h>
++
++static AvahiSimplePoll *simple_poll = NULL;
++static AvahiServer *server = NULL;
++
++static int debug = 0;
++
++static void quiet_logger(AvahiLogLevel level, const char *txt) {
++}
++
++static void resolve_callback(
++    AvahiSServiceResolver *r,
++    AVAHI_GCC_UNUSED AvahiIfIndex interface,
++    AVAHI_GCC_UNUSED AvahiProtocol protocol,
++    AvahiResolverEvent event,
++    const char *name,
++    const char *type,
++    const char *domain,
++    const char *host_name,
++    const AvahiAddress *address,
++    uint16_t port,
++    AvahiStringList *txt,
++    AvahiLookupResultFlags flags,
++    AVAHI_GCC_UNUSED void* userdata) {
++
++    assert(r);
++
++    /* Called whenever a service has been resolved successfully or timed out */
++
++    switch (event) {
++        case AVAHI_RESOLVER_FAILURE:
++            if (debug)
++                fprintf(stderr, "(Resolver) Failed to resolve service '%s' of type '%s' in domain '%s': %s\n", name, type, domain, avahi_strerror(avahi_server_errno(server)));
++            break;
++
++        case AVAHI_RESOLVER_FOUND: {
++            char *human_address = avahi_malloc0(AVAHI_ADDRESS_STR_MAX);
++            char *key = NULL;
++            AvahiStringList *ipaddr_entry;
++            char *ipaddr_key, *ipaddr_value;
++
++            ipaddr_entry = avahi_string_list_find(txt, "ipaddr");
++            if (ipaddr_entry && avahi_string_list_get_pair(ipaddr_entry, &ipaddr_key, &ipaddr_value, NULL) == 0) {
++                key = avahi_strdup_printf("%s:%u", ipaddr_value, port);
++                avahi_free(ipaddr_value);
++                avahi_free(ipaddr_key);
++            }
++            else if (avahi_address_snprint(human_address, AVAHI_ADDRESS_STR_MAX, address)) {
++                if (address->proto == AVAHI_PROTO_INET6)
++                    key = avahi_strdup_printf("[%s]:%u", human_address, port);
++                else if (strncmp(human_address, "169.254.169.254", 15) == 0)
++                    key = avahi_strdup_printf("%s:%u", name, port);
++                else
++                    key = avahi_strdup_printf("%s:%u", human_address, port);
++            } else {
++                if (debug)
++                    fprintf(stderr, "(Resolver) failed to resolve %s to IP address/port\n", key);
++            }
++            avahi_free(human_address);
++
++            printf("http://%s/\n", key);
++        }
++    }
++
++    avahi_s_service_resolver_free(r);
++}
++
++static void browse_callback(
++    AvahiSServiceBrowser *b,
++    AvahiIfIndex interface,
++    AvahiProtocol protocol,
++    AvahiBrowserEvent event,
++    const char *name,
++    const char *type,
++    const char *domain,
++    AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,
++    void* userdata) {
++
++    AvahiServer *s = userdata;
++    assert(b);
++
++    /* Called whenever a new services becomes available on the LAN or is removed from the LAN */
++
++    switch (event) {
++
++        case AVAHI_BROWSER_FAILURE:
++            fprintf(stderr, "(Browser) %s\n", avahi_strerror(avahi_server_errno(server)));
++            avahi_simple_poll_quit(simple_poll);
++            return;
++
++        case AVAHI_BROWSER_NEW:
++            if (debug)
++                fprintf(stderr, "(Browser) NEW: service '%s' of type '%s' in domain '%s'\n", name, type, domain);
++
++            /* We ignore the returned resolver object. In the callback
++               function we free it. If the server is terminated before
++               the callback function is called the server will free
++               the resolver for us. */
++
++            if (!(avahi_s_service_resolver_new(s, interface, protocol, name, type, domain, AVAHI_PROTO_INET, 0, resolve_callback, s)))
++                fprintf(stderr, "Failed to resolve service '%s': %s\n", name, avahi_strerror(avahi_server_errno(s)));
++
++            break;
++
++        case AVAHI_BROWSER_REMOVE:
++            if (debug)
++                fprintf(stderr, "(Browser) REMOVE: service '%s' of type '%s' in domain '%s'\n", name, type, domain);
++            break;
++
++        case AVAHI_BROWSER_ALL_FOR_NOW:
++            if (debug)
++                fprintf(stderr, "(Browser) %s\n", "ALL_FOR_NOW");
++            exit(0);
++            break;
++
++        case AVAHI_BROWSER_CACHE_EXHAUSTED:
++            if (debug)
++                fprintf(stderr, "(Browser) %s\n", "CACHE_EXHAUSTED");
++            break;
++    }
++}
++
++int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {
++    AvahiServerConfig config;
++    AvahiSServiceBrowser *sb = NULL;
++    int error;
++    int ret = 1;
++
++    if (getenv("SQUID_DEB_PROXY_FIND_DEBUG"))
++        debug = 1;
++
++    /* Initialize the pseudo-RNG */
++    srand(time(NULL));
++
++    if (!debug)
++	avahi_set_log_function(quiet_logger);
++
++    /* Allocate main loop object */
++    if (!(simple_poll = avahi_simple_poll_new())) {
++        fprintf(stderr, "Failed to create simple poll object.\n");
++        goto fail;
++    }
++
++    /* Do not publish any local records */
++    avahi_server_config_init(&config);
++    config.publish_hinfo = 0;
++    config.publish_addresses = 0;
++    config.publish_workstation = 0;
++    config.publish_domain = 0;
++
++    /* Allocate a new server */
++    server = avahi_server_new(avahi_simple_poll_get(simple_poll), &config, NULL, NULL, &error);
++
++    /* Free the configuration data */
++    avahi_server_config_free(&config);
++
++    /* Check whether creating the server object succeeded */
++    if (!server) {
++        fprintf(stderr, "Failed to create server: %s\n", avahi_strerror(error));
++        goto fail;
++    }
++
++    /* Create the service browser */
++    // FIXME: use AVAHI_PROTO_UNSPEC for ipv6 at some point
++    if (!(sb = avahi_s_service_browser_new(server, AVAHI_IF_UNSPEC, AVAHI_PROTO_INET, "_apt_proxy._tcp", NULL, 0, browse_callback, server))) {
++        fprintf(stderr, "Failed to create service browser: %s\n", avahi_strerror(avahi_server_errno(server)));
++        goto fail;
++    }
++
++    /* Run the main loop */
++    avahi_simple_poll_loop(simple_poll);
++
++    ret = 0;
++
++fail:
++
++    /* Cleanup things */
++    if (sb)
++        avahi_s_service_browser_free(sb);
++
++    if (server)
++        avahi_server_free(server);
++
++    if (simple_poll)
++        avahi_simple_poll_free(simple_poll);
++
++    return ret;
++}
 === added directory 'contrib'
 === renamed directory 'contrib' => 'contrib.moved'
 === added file 'contrib/squid-deb-proxy.init'
 --- contrib/squid-deb-proxy.init	1970-01-01 00:00:00 +0000
 +++ contrib/squid-deb-proxy.init	2012-03-30 12:19:23 +0000
@@ -0,0 +1,185 @@
++#! /bin/sh
++#
++# squid-deb-proxy		Startup script for the SQUID Deb HTTP proxy-cache.
++#
++# Version:	@(#)squid-deb-proxy.rc  1.0  12-Mar-2011  andrew.simpson@corokia.co.nz
++#
++### BEGIN INIT INFO
++# Provides:          squid-deb-proxy
++# Required-Start:    $network $remote_fs $syslog
++# Required-Stop:     $network $remote_fs $syslog
++# Should-Start:      $named
++# Should-Stop:       $named
++# Default-Start:     2 3 4 5
++# Default-Stop:      0 1 6
++# Short-Description: Squid Deb Package HTTP Proxy
++### END INIT INFO
++
++NAME=squid-deb-proxy
++DESC="Squid Deb HTTP Proxy"
++DAEMON=/usr/sbin/squid3
++PIDFILE=/var/run/$NAME.pid
++CONFIG=/etc/squid-deb-proxy/squid-deb-proxy.conf
++AVAHIFILE=/etc/avahi/services/squid-deb-proxy.service
++SQUID_ARGS="-YC -f $CONFIG"
++
++[ ! -f /etc/default/squid-deb-proxy ] || . /etc/default/squid-deb-proxy
++
++. /lib/lsb/init-functions
++
++PATH=/bin:/usr/bin:/sbin:/usr/sbin
++
++[ -x $DAEMON ] || exit 0
++
++ulimit -n 65535
++
++find_cache_dir () {
++        w="     " # space tab
++        res=`sed -ne '
++                s/^'$1'['"$w"']\+[^'"$w"']\+['"$w"']\+\([^'"$w"']\+\).*$/\1/p;
++                t end;
++                d;
++                :end q' < $CONFIG`
++        [ -n "$res" ] || res=$2
++        echo "$res"
++}
++
++find_cache_port () {
++	w="   " # space tab
++	res=`sed -ne '
++		s/^'$1'['"$w"']\+\([^'"$w"']\+\).*$/\1/p;
++		t end;
++		d;
++		:end q' < $CONFIG`
++	[ -n "$res" ] || res=$2
++	echo "$res"
++}
++
++write_avahi_service () {
++	port=`find_cache_port http_port 8000`
++	cat > $AVAHIFILE << EOF
++<?xml version="1.0" standalone='no'?>
++<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
++<service-group>
++	<name replace-wildcards="yes">Squid deb proxy on %h</name>
++	<service protocol="ipv4">
++		<type>_apt_proxy._tcp</type>
++		<port>$port</port>
++	</service>
++</service-group>
++EOF
++}
++
++remove_avahi_service () {
++	if [ -f $AVAHIFILE ]
++	then
++		rm $AVAHIFILE
++	fi
++}
++
++start () {
++	cache_dir=`find_cache_dir cache_dir /var/spool/squid-deb-proxy`
++
++	#
++	# Create spool dirs if they don't exist.
++	#
++	if [ -d "$cache_dir" -a ! -d "$cache_dir/00" ]
++	then
++		log_warning_msg "Creating $DESC cache structure"
++		$DAEMON -f $CONFIG -z
++	fi
++
++	write_avahi_service
++	umask 027
++	ulimit -n 65535
++	cd $cache_dir
++	start-stop-daemon --quiet --start \
++		--pidfile $PIDFILE \
++		--exec $DAEMON -- $SQUID_ARGS < /dev/null
++	status=$?
++	if [ $status -eq 0 ]
++	then
++		write_avahi_service
++	fi
++	return $status
++}
++
++stop () {
++	remove_avahi_service
++	PID=`cat $PIDFILE 2>/dev/null`
++	start-stop-daemon --stop --quiet \
++		--pidfile $PIDFILE \
++		--exec $DAEMON -- -f $CONFIG
++	#
++	#	Now we have to wait until squid has _really_ stopped.
++	#
++	sleep 2
++	if test -n "$PID" && kill -0 $PID 2>/dev/null
++	then
++		log_action_begin_msg " Waiting"
++		cnt=0
++		while kill -0 $PID 2>/dev/null
++		do
++			cnt=`expr $cnt + 1`
++			if [ $cnt -gt 24 ]
++			then
++				log_action_end_msg 1
++				return 1
++			fi
++			sleep 5
++			log_action_cont_msg ""
++		done
++		log_action_end_msg 0
++		return 0
++	else
++		return 0
++	fi
++}
++
++case "$1" in
++	start)
++	log_daemon_msg "Starting $DESC" "$NAME"
++	if start ; then
++		log_end_msg $?
++	else
++		log_end_msg $?
++	fi
++	;;
++
++	stop)
++	log_daemon_msg "Stopping $DESC" "$NAME"
++	if stop ; then
++		log_end_msg $?
++	else
++		log_end_msg $?
++	fi
++	;;
++
++	reload|force-reload)
++	log_action_msg "Reloading $DESC configuration files"
++	remove_avahi_service
++	start-stop-daemon --stop --signal 1 --quiet \
++		--pidfile $PIDFILE \
++    --exec $DAEMON -- -f $CONFIG
++	log_action_end_msg 0
++	write_avahi_service
++	;;
++
++	restart)
++	log_daemon_msg "Restarting $DESC" "$NAME"
++	stop
++	if start ; then
++		log_end_msg $?
++	else
++		log_end_msg $?
++	fi
++	;;
++
++	*)
++	echo "Usage: /etc/init.d/$NAME {start|stop|reload|force-reload|restart}"
++	exit 3
++	;;
++esac
++
++exit 0
++
 === added directory 'debian'
 === renamed directory 'debian' => 'debian.moved'
 === added file 'debian/changelog'
 --- debian/changelog	1970-01-01 00:00:00 +0000
 +++ debian/changelog	2012-03-30 12:19:23 +0000
@@ -0,0 +1,192 @@
++squid-deb-proxy (0.6.2) precise; urgency=low
++
++  * squid-deb-proxy.conf: always refresh Packages and Release files.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Fri, 30 Mar 2012 11:15:29 +0100
++
++squid-deb-proxy (0.6.1) precise; urgency=low
++
++  [ Adam Gandelman ]
++  * debian/squid-deb-proxy.upstart: Wrap squid execution in a script section.
++    Also test for location/version of squid there, as the existing test in
++    pre-start is out of scope but needed in both places. (LP: #893313)
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 24 Nov 2011 16:26:34 +0100
++
++squid-deb-proxy (0.6) precise; urgency=low
++
++  * add (optional) support for squid3
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 03 Nov 2011 10:44:06 -0400
++
++squid-deb-proxy (0.5.2) oneiric; urgency=low
++
++  * Rework/simplify/fix the udeb based on the input from
++    Colin Watson (thanks a lot!)
++  * fix a bunch of lintian errors:
++    - add missing po-debconf as build-depends
++    - add debian/po/{POTFILES.in,templates.pot}
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 30 Jun 2011 12:09:19 +0100
++
++squid-deb-proxy (0.5.1) oneiric; urgency=low
++
++  * debian/control:
++    - fix architecture in squid-deb-proxy-client-udeb
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 28 Jun 2011 12:35:19 +0100
++
++squid-deb-proxy (0.5) oneiric; urgency=low
++
++  * merged lp:~lynxman/squid-deb-proxy/debhooks, many thanks
++    this adds debconf support to enable unrestricted network src
++    access and access to PPA destinations
++  * add support for a binary packagename blacklist
++  * add .d directories for:
++     - allowed-networks-src.acl.d
++     - mirror-dstdomain.acl.d
++     - pkg-blacklist.d
++  * add squid-deb-proxy-client udeb
++  * write debconf generated config to
++     /etc/squid-deb-proxy/allowed-networks-src.acl.d/30-debconf
++     /etc/squid-deb-proxy/mirror-dstdomain.acl.d/30-debconf
++  * debian/control:
++    - add avahi and pkg-config to the build-depends
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 09 Jun 2011 15:34:11 +0200
++
++squid-deb-proxy (0.4.2) natty; urgency=low
++
++  * mirror-dstdomain.acl:
++    - add mirrors.ubuntu.com for the mirror methods
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 24 Mar 2011 17:50:10 +0100
++
++squid-deb-proxy (0.4.1) natty; urgency=low
++
++  * remove obsolete conffile on upgrade:
++    /etc/init/squid-deb-proxy-avahi.conf
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 24 Mar 2011 08:51:41 +0100
++
++squid-deb-proxy (0.4) natty; urgency=low
++
++  * mirror-dstdomain.acl:
++    - add ddebs.ubuntu.com to default mirrors
++  * apt-avahi-discover:
++    - use avahi-resolve to workaround the issue that avahi-browse
++      sometimes hands out ipv6 even when asked for ipv4 only,
++      many thanks to Andrew Simpson (LP: #686265)
++  * contrib/squid-deb-proxy.init:
++    - add sysv init script, thanks to Andrew Simpson
++  * debian/squid-deb-proxy.upstart:
++    - write avahi services file on post-start and kill it again
++      on pre-stop (LP: #695937)
++  * debian/squid-deb-proxy.squid-deb-proxy-avahi.upstart:
++    - removed, this is part of squid-deb-proxy.upstart now
++  * Makefile:
++    - fix permission of 30autoproxy (LP: #697955)
++  * debian/squid-deb-proxy.logrotate:
++    - add logrotate file (LP: #718923), thanks to
++      Johan van Dijk and Andrew Simpson
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 23 Mar 2011 21:53:11 +0100
++
++squid-deb-proxy (0.3.4) natty; urgency=low
++
++  * Removing expect fork and passing -N to squid to prevent upstart
++    losing track of squid on reload (LP: #573853)
++
++ -- Clint Byrum <clint@ubuntu.com>  Tue, 11 Jan 2011 15:07:37 -0800
++
++squid-deb-proxy (0.3.3) natty; urgency=low
++
++  * Adjusting upstart job so restarting squid-deb-proxy does not result
++    in killing squid-deb-proxy-avahi. (LP: #677276)
++  * Also adjusting upstart job so squid-deb-proxy does not get started
++    a real network interface is up and all local filesystems are mounted
++
++ -- Clint Byrum <clint@ubuntu.com>  Thu, 18 Nov 2010 16:27:24 -0800
++
++squid-deb-proxy (0.3.2) natty; urgency=low
++
++  [ Colin Dean ]
++  * adding other ubuntu/canonical repos and some suggested
++    others (but commented) (LP: #673080)
++  * Added commented lines which allow non-specified domains to be
++    accessed and (optionally) cached
++
++  [ Jorge O. Castro ]
++  * Add some popular repositories to cache (commented out)
++
++  [ Michael Vogt ]
++  * README:
++    - updated to document the new options
++  * debian/squid-deb-proxy.squid-deb-proxy-avahi.upstart:
++    - fix upstart script so that the avahi service actually gets
++      started (LP: #655187)
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 10 Nov 2010 10:45:49 +0100
++
++squid-deb-proxy (0.3.1) lucid; urgency=low
++
++  * debian/squid-deb-proxy.squid-deb-proxy-avahi.upstart:
++    - start only once avahi-daemon is available (thanks to dholbach)
++  * debian/control:
++    - add dependency on apt for squid-deb-proxy-client
++  (thanks to dholbach)
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 18 Mar 2010 15:05:12 +0100
++
++squid-deb-proxy (0.3) lucid; urgency=low
++
++  * debian/squid-deb-proxy.squid-deb-proxy-avahi.upstart:
++    - advertise the proxy using avahi (if avahi is availalbe)
++  * debian/control:
++    - add recommends on avahi-utils to get avahi-publish
++  * apt-avahi-discover:
++    - provide a avahi based module suitable for apts
++      Acquire::http::ProxyAutoDetect option
++  * 30autoproxy:
++    - add apt configuration that automatically uses apt-avahi-discover
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 17 Feb 2010 14:04:56 +0100
++
++squid-deb-proxy (0.2.3) lucid; urgency=low
++
++  * debian/control:
++    - move Vcs to lp:~squid-deb-proxy-developers/squid-deb-proxy/trunk
++    - add homepage
++  * mirror-dstdomain.acl:
++    - add ports.ubuntu.com
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 27 Jan 2010 15:02:15 +0100
++
++squid-deb-proxy (0.2.2) lucid; urgency=low
++
++  * mirror-dstdomain.acl:
++    - add security.ubuntu.com to the allowed destdomains
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 26 Jan 2010 09:19:50 +0100
++
++squid-deb-proxy (0.2.1) lucid; urgency=low
++
++  * initial lucid upload
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 25 Jan 2010 18:13:26 +0100
++
++squid-deb-proxy (0.2) lucid; urgency=low
++
++  * README:
++    - add documentation
++  * *.acl:
++    - split the bits that the user will most likely change into
++      different files
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 25 Jan 2010 18:13:15 +0100
++
++squid-deb-proxy (0.1) lucid; urgency=low
++
++  * initial version
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 18 Jan 2010 12:11:19 +0100
 === added file 'debian/compat'
 --- debian/compat	1970-01-01 00:00:00 +0000
 +++ debian/compat	2012-03-30 12:19:23 +0000
@@ -0,0 +1,1 @@
++7
 \ No newline at end of file
 === added file 'debian/control'
 --- debian/control	1970-01-01 00:00:00 +0000
 +++ debian/control	2012-03-30 12:19:23 +0000
@@ -0,0 +1,52 @@
++Source: squid-deb-proxy
++Section: net
++Priority: extra
++Maintainer: Michael Vogt <mvo@ubuntu.com>
++Build-Depends: debhelper (>= 7.0.50),
++               gettext,
++               intltool,
++               pkg-config,
++               po-debconf
++Standards-Version: 3.8.3
++Vcs-Bzr: https://code.launchpad.net/~squid-deb-proxy-developers/squid-deb-proxy/trunk
++Homepage: https://launchpad.net/squid-deb-proxy
++
++Package: squid-deb-proxy
++Architecture: all
++Depends: ${python:Depends},
++         ${misc:Depends},
++	 squid|squid3
++Recommends: avahi-utils
++Description: Squid proxy configuration optimized for deb packages
++ This package contains a squid proxy configuration that is optimized
++ for downloading deb packages. It defaults to a different cache
++ directory and port than the regular squid cache.
++ .
++ The config default to allowing cached access from a local network
++ to *.archive.ubuntu.com.
++
++Package: squid-deb-proxy-client
++Architecture: all
++Depends: ${misc:Depends}, avahi-utils, apt (>= 0.7.25.3ubuntu1)
++Description: Automatic proxy discovery for apt based on avahi
++ This package contains a helper for the apt http method to discover
++ proxies that publish their service as _apt_proxy._tcp.
++ .
++ It was written to be installed on clients that should use
++ squid-deb-proxy automatically, but it will work with any proxy
++ that publishes the service as _apt_proxy._tcp.
++
++Package: squid-deb-proxy-client-udeb
++XC-Package-Type: udeb
++Section: debian-installer
++Architecture: all
++Depends: ${shlibs:Depends}, ${misc:Depends}, configured-network,
++Description: Automatic proxy discovery for apt based on avahi (udeb)
++ This package contains a helper for the apt http method to discover
++ proxies that publish their service as _apt_proxy._tcp.
++ .
++ It was written to be installed on clients that should use
++ squid-deb-proxy automatically, but it will work with any proxy
++ that publishes the service as _apt_proxy._tcp.
++ .
++ This package contains the udeb only
 === added file 'debian/copyright'
 --- debian/copyright	1970-01-01 00:00:00 +0000
 +++ debian/copyright	2012-03-30 12:19:23 +0000
@@ -0,0 +1,14 @@
++Format-Specification: http://svn.debian.org/wsvn/dep/web/deps/dep5.mdwn?rev=59
++
++Files: *
++Copyright: (c) 2010 Canonical
++License: GPL-3
++
++License: GPL-3
++ This package is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License as published by
++ the Free Software Foundation; version 3.
++ .
++ On Debian systems, the complete text of the GNU General
++ Public License can be found in `/usr/share/common-licenses/GPL-3'.
++
 === added directory 'debian/po'
 === added file 'debian/po/POTFILES.in'
 --- debian/po/POTFILES.in	1970-01-01 00:00:00 +0000
 +++ debian/po/POTFILES.in	2012-03-30 12:19:23 +0000
@@ -0,0 +1,1 @@
++[type: gettext/rfc822deb] squid-deb-proxy.templates
 === added file 'debian/po/templates.pot'
 --- debian/po/templates.pot	1970-01-01 00:00:00 +0000
 +++ debian/po/templates.pot	2012-03-30 12:19:23 +0000
@@ -0,0 +1,48 @@
++# SOME DESCRIPTIVE TITLE.
++# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
++# This file is distributed under the same license as the PACKAGE package.
++# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
++#
++#, fuzzy
++msgid ""
++msgstr ""
++"Project-Id-Version: PACKAGE VERSION\n"
++"Report-Msgid-Bugs-To: squid-deb-proxy@packages.debian.org\n"
++"POT-Creation-Date: 2011-06-30 12:07+0100\n"
++"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
++"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
++"Language-Team: LANGUAGE <LL@li.org>\n"
++"Language: \n"
++"MIME-Version: 1.0\n"
++"Content-Type: text/plain; charset=CHARSET\n"
++"Content-Transfer-Encoding: 8bit\n"
++
++#. Type: boolean
++#. Description
++#: ../squid-deb-proxy.templates:1001
++msgid "Allow PPA (Personal Package Archive) access?"
++msgstr ""
++
++#. Type: boolean
++#. Description
++#: ../squid-deb-proxy.templates:1001
++msgid ""
++"Squid-deb-proxy by default will not allow PPA repositories from launchpad. "
++"Selecting Y in this option will activate PPA repo access."
++msgstr ""
++
++#. Type: boolean
++#. Description
++#: ../squid-deb-proxy.templates:2001
++msgid "Allow unrestricted network access?"
++msgstr ""
++
++#. Type: boolean
++#. Description
++#: ../squid-deb-proxy.templates:2001
++msgid ""
++"Squid-deb-proxy restricts access to the cache to private networks only by "
++"default. Selecting Y in this option will allow unrestricted access of all "
++"IPs to access the cache. Selecting N will only allow private networks "
++"(10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to access the cache."
++msgstr ""
 === added file 'debian/postrm'
 --- debian/postrm	1970-01-01 00:00:00 +0000
 +++ debian/postrm	2012-03-30 12:19:23 +0000
@@ -0,0 +1,12 @@
++#!/bin/sh
++
++set -e
++
++if [ "$1" = "purge" ]; then
++   rm -rf /var/cache/squid-deb-proxy
++   rm -rf /var/log/squid-deb-proxy
++   rm -f /etc/squid-deb-proxy/squid-deb-proxy.conf
++fi
++
++#DEBHELPER#
++
 === added file 'debian/preinst'
 --- debian/preinst	1970-01-01 00:00:00 +0000
 +++ debian/preinst	2012-03-30 12:19:23 +0000
@@ -0,0 +1,54 @@
++#!/bin/sh
++# preinst script for squid-deb-proxy
++#
++
++set -e
++
++# summary of how this script can be called:
++#        * <new-preinst> `install'
++#        * <new-preinst> `install' <old-version>
++#        * <new-preinst> `upgrade' <old-version>
++#        * <old-preinst> `abort-upgrade' <new-version>
++# for details, see http://www.debian.org/doc/debian-policy/ or
++# the debian-policy package
++
++# for lucid -> P upgrades we can't use dpkg-mainthelper
++rm_conffile() {
++    local PKGNAME="$1"
++    local CONFFILE="$2"
++
++    [ -e "$CONFFILE" ] || return 0
++
++    local md5sum="$(md5sum $CONFFILE | sed -e 's/ .*//')"
++    local old_md5sum="$(dpkg-query -W -f='${Conffiles}' $PKGNAME | \
++            sed -n -e "\' $CONFFILE ' { s/ obsolete$//; s/.* //; p }")"
++    if [ "$md5sum" != "$old_md5sum" ]; then
++        echo "Obsolete conffile $CONFFILE has been modified by you."
++        echo "Saving as $CONFFILE.dpkg-bak ..."
++        mv -f "$CONFFILE" "$CONFFILE".dpkg-bak
++    else
++        echo "Removing obsolete conffile $CONFFILE ..."
++        rm -f "$CONFFILE"
++    fi
++}
++
++
++case "$1" in
++    install|upgrade)
++        if dpkg --compare-versions "$2" le "0.4.1"; then
++            rm_conffile squid-deb-proxy /etc/init/squid-deb-proxy-avahi.conf
++        fi
++    ;;
++
++    abort-upgrade)
++    ;;
++
++    *)
++        echo "preinst called with unknown argument \`$1'" >&2
++        exit 1
++    ;;
++esac
++
++#DEBHELPER#
++
++exit 0
 === added file 'debian/rules'
 --- debian/rules	1970-01-01 00:00:00 +0000
 +++ debian/rules	2012-03-30 12:19:23 +0000
@@ -0,0 +1,8 @@
++#!/usr/bin/make -f
++
++%:
++	dh $@
++
++override_dh_installinit:
++	dh_installinit $@
++	dh_installinit --name=squid-deb-proxy-avahi
 \ No newline at end of file
 === added file 'debian/squid-deb-proxy-client-udeb.dirs'
 --- debian/squid-deb-proxy-client-udeb.dirs	1970-01-01 00:00:00 +0000
 +++ debian/squid-deb-proxy-client-udeb.dirs	2012-03-30 12:19:23 +0000
@@ -0,0 +1,1 @@
++usr/lib/base-installer.d/
 \ No newline at end of file
 === added file 'debian/squid-deb-proxy-client-udeb.install'
 --- debian/squid-deb-proxy-client-udeb.install	1970-01-01 00:00:00 +0000
 +++ debian/squid-deb-proxy-client-udeb.install	2012-03-30 12:19:23 +0000
@@ -0,0 +1,1 @@
++../../udeb/80squid-deb-proxy-client ./usr/lib/base-installer.d/
 === added file 'debian/squid-deb-proxy-client.install'
 --- debian/squid-deb-proxy-client.install	1970-01-01 00:00:00 +0000
 +++ debian/squid-deb-proxy-client.install	2012-03-30 12:19:23 +0000
@@ -0,0 +1,2 @@
++usr/share/squid-deb-proxy-client/
++etc/apt/apt.conf.d
 \ No newline at end of file
 === added file 'debian/squid-deb-proxy.config'
 --- debian/squid-deb-proxy.config	1970-01-01 00:00:00 +0000
 +++ debian/squid-deb-proxy.config	2012-03-30 12:19:23 +0000
@@ -0,0 +1,11 @@
++#!/bin/sh -e
++#
++# script to configure squid-deb-proxy
++
++# Source debconf library.
++. /usr/share/debconf/confmodule
++
++# get inputs
++db_input low squid-deb-proxy/ppa-enable || true
++db_input low squid-deb-proxy/acl-disable || true
++db_go
 === added file 'debian/squid-deb-proxy.install'
 --- debian/squid-deb-proxy.install	1970-01-01 00:00:00 +0000
 +++ debian/squid-deb-proxy.install	2012-03-30 12:19:23 +0000
@@ -0,0 +1,1 @@
++etc/squid-deb-proxy
 === added file 'debian/squid-deb-proxy.logrotate'
 --- debian/squid-deb-proxy.logrotate	1970-01-01 00:00:00 +0000
 +++ debian/squid-deb-proxy.logrotate	2012-03-30 12:19:23 +0000
@@ -0,0 +1,15 @@
++#
++# Logrotate fragment for squid-deb-proxy.
++#
++/var/log/squid-deb-proxy/*.log {
++ daily
++ compress
++ delaycompress
++ rotate 2
++ missingok
++ nocreate
++ sharedscripts
++ postrotate
++  test ! -e /var/run/squid-deb-proxy.pid || /usr/sbin/squid -f /etc/squid-deb-proxy/squid-deb-proxy.conf -k rotate
++ endscript
++}
 === added file 'debian/squid-deb-proxy.postinst'
 --- debian/squid-deb-proxy.postinst	1970-01-01 00:00:00 +0000
 +++ debian/squid-deb-proxy.postinst	2012-03-30 12:19:23 +0000
@@ -0,0 +1,131 @@
++#!/bin/sh
++# postinst script for squid-deb-proxy
++#
++# see: dh_installdeb(1)
++
++set -e
++
++# summary of how this script can be called:
++#        * <postinst> `configure' <most-recently-configured-version>
++#        * <old-postinst> `abort-upgrade' <new version>
++#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
++#          <new-version>
++#        * <postinst> `abort-remove'
++#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
++#          <failed-install-package> <version> `removing'
++#          <conflicting-package> <version>
++# for details, see http://www.debian.org/doc/debian-policy/ or
++# the debian-policy package
++
++# A simplified version of debconf's own config script.
++. /usr/share/debconf/confmodule
++
++USER_NETWORKS=/etc/squid-deb-proxy/allowed-networks-src.acl.d/10-default
++USER_ALLOWED_DESTINATIONS=/etc/squid-deb-proxy/mirror-dstdomain.acl.d/10-default
++
++DEBCONF_NETWORKS=/etc/squid-deb-proxy/allowed-networks-src.acl.d/30-debconf
++DEBCONF_ALLOWED_DESTINATIONS=/etc/squid-deb-proxy/mirror-dstdomain.acl.d/30-debconf
++
++case "$1" in
++    configure)
++
++        # the users allowed networks, this is not a conffile so its created
++        # here
++        if [ ! -f "$USER_NETWORKS" ]; then
++            cat > "$USER_NETWORKS" <<EOF
++# $USER_NETWORKS
++#
++# additional network sources that you want to allow access to the cache
++
++# example net
++#136.199.8.0/24
++EOF
++        fi
++
++        # the users allowed destinations, this is not a conffile
++        if [ ! -f "$USER_ALLOWED_DESTINATIONS" ]; then
++            cat > "$USER_ALLOWED_DESTINATIONS" <<EOF
++# $USER_ALLOWED_DESTINATIONS
++#
++# network destinations that are allowed by this cache
++
++# launchpad personal package archives (disabled by default)
++#ppa.launchpad.net
++
++# add additional mirror domains here (disabled by default)
++#linux.dropbox.com
++#download.virtualbox.org
++#archive.getdeb.net
++#packages.medibuntu.org
++#dl.google.com
++EOF
++        fi
++
++        # pkg blacklist, not a conffile
++        PKG_BLACKLIST_IN=/etc/squid-deb-proxy/pkg-blacklist.d/10-default
++        cat > $PKG_BLACKLIST_IN <<EOF
++# $PKG_BLACKLIST_IN
++#
++# packages that should be not allowed for download, one binary packagename
++# per line
++#
++#skype
++EOF
++
++        # get the debconf answers
++        db_get squid-deb-proxy/ppa-enable
++        case "$RET" in
++            false)
++                rm -f "$DEBCONF_ALLOWED_DESTINATIONS"
++                ;;
++            true)
++                cat > "$DEBCONF_ALLOWED_DESTINATIONS" <<EOF
++# automatically added by debconf, please use:
++#   sudo dpkg-reconfigure -plow squid-deb-proxy
++# to change
++ppa.launchpad.net
++EOF
++                ;;
++            *)
++                echo "db_get returned unexpected result: '$RET' for squid-deb-proxy/ppa-enable"
++                exit 1
++                ;;
++        esac
++
++        db_get squid-deb-proxy/acl-disable
++        case "$RET" in
++            false)
++                rm -f "$DEBCONF_NETWORKS"
++                ;;
++            true)
++                cat > "$DEBCONF_NETWORKS" <<EOF
++# automatically added by debconf, please use:
++#   sudo dpkg-reconfigure -plow squid-deb-proxy
++# to change
++0.0.0.0/0.0.0.0
++EOF
++                ;;
++            *)
++                echo "db_get returned unexpected result: '$RET' for squid-deb-proxy/acl-disable"
++                exit 1
++                ;;
++        esac
++
++        invoke-rc.d squid-deb-proxy restart || true
++    ;;
++
++    abort-upgrade|abort-remove|abort-deconfigure|triggered)
++    ;;
++
++    *)
++        echo "postinst called with unknown argument \`$1'" >&2
++        exit 1
++    ;;
++esac
++
++# dh_installdeb will replace this with shell code automatically
++# generated by other debhelper scripts.
++
++#DEBHELPER#
++
++exit 0
 === added file 'debian/squid-deb-proxy.postrm'
 --- debian/squid-deb-proxy.postrm	1970-01-01 00:00:00 +0000
 +++ debian/squid-deb-proxy.postrm	2012-03-30 12:19:23 +0000
@@ -0,0 +1,11 @@
++#!/bin/sh
++
++set -e
++
++if [ "$1" = "purge" ]; then
++   rm -f /etc/squid-deb-proxy/autogenerated/*
++fi
++
++#DEBHELPER#
++
++exit 0
 === added file 'debian/squid-deb-proxy.templates'
 --- debian/squid-deb-proxy.templates	1970-01-01 00:00:00 +0000
 +++ debian/squid-deb-proxy.templates	2012-03-30 12:19:23 +0000
@@ -0,0 +1,16 @@
++Template: squid-deb-proxy/ppa-enable
++Type: boolean
++Default: false
++_Description: Allow PPA (Personal Package Archive) access?
++ Squid-deb-proxy by default will not allow PPA repositories from launchpad.
++ Selecting Y in this option will activate PPA repo access.
++
++Template: squid-deb-proxy/acl-disable
++Type: boolean
++Default: false
++_Description: Allow unrestricted network access?
++ Squid-deb-proxy restricts access to the cache to private networks
++ only by default.
++ Selecting Y in this option will allow unrestricted access of all IPs
++ to access the cache. Selecting N will only allow private networks
++ (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to access the cache.
 === added file 'debian/squid-deb-proxy.upstart'
 --- debian/squid-deb-proxy.upstart	1970-01-01 00:00:00 +0000
 +++ debian/squid-deb-proxy.upstart	2012-03-30 12:19:23 +0000
@@ -0,0 +1,105 @@
++# squid-deb-proxy - a proxy for deb packages
++#
++
++description "squid-deb-proxy"
++
++env AVAHIFILE=/etc/avahi/services/squid-deb-proxy.service
++
++pre-start script
++  concat_file_from_dir() {
++      # the .d directory
++      DIR="$1"
++      # the target file
++      FILE="$2"
++      # (optional) additional file append to $FILE
++      ADDITIONAL_FILE_TO_CAT="$3"
++      cat > $FILE <<EOF
++# WARNING: this file is auto-generated from the files in
++#          $DIR
++#          on squid-deb-proxy (re)start, do NOT edit here
++EOF
++      if [ -n "$ADDITIONAL_FILE_TO_CAT" ]; then
++          cat "$ADDITIONAL_FILE_TO_CAT" >> "$FILE"
++      fi
++
++      for f in "$DIR"/*; do
++          cat "$f" >> "$FILE"
++      done
++  }
++
++  if [ -x /usr/sbin/squid ]; then
++      SQUID=/usr/sbin/squid
++  elif  [ -x /usr/sbin/squid3 ]; then
++      SQUID=/usr/sbin/squid3
++  else
++      echo "No squid binary found"
++      exit 1
++  fi
++
++  # ensure all cache dirs are there
++  install -d -o proxy -g proxy -m 750 /var/cache/squid-deb-proxy/
++  install -d -o proxy -g proxy -m 750 /var/log/squid-deb-proxy/
++  if [ ! -d /var/cache/squid-deb-proxy/00 ]; then
++   $SQUID -z -f /etc/squid-deb-proxy/squid-deb-proxy.conf
++  fi
++
++  # generate pkg blacklist acl file
++  PKG_BLACKLIST_DIR=/etc/squid-deb-proxy/pkg-blacklist.d
++  PKG_BLACKLIST=/etc/squid-deb-proxy/autogenerated/pkg-blacklist-regexp.acl
++  concat_file_from_dir "$PKG_BLACKLIST_DIR" "$PKG_BLACKLIST"
++  # postprocess for regexp format
++  sed -i -r '/^#/d;/^$/d;s#(.*)#\/\1_.*\.deb$#g' $PKG_BLACKLIST
++
++  # generate mirror file
++  MIRROR_DESTDOMAIN_DIR=/etc/squid-deb-proxy/mirror-dstdomain.acl.d
++  MIRROR_DESTDOMAIN=/etc/squid-deb-proxy/autogenerated/mirror-dstdomain.acl
++  concat_file_from_dir "$MIRROR_DESTDOMAIN_DIR" "$MIRROR_DESTDOMAIN" "/etc/squid-deb-proxy/mirror-dstdomain.acl"
++
++  # generate the allowed-networks file
++  ALLOWED_NETWORKS_DIR=/etc/squid-deb-proxy/allowed-networks-src.acl.d
++  ALLOWED_NETWORKS=/etc/squid-deb-proxy/autogenerated/allowed-networks-src.acl
++  concat_file_from_dir "$ALLOWED_NETWORKS_DIR" "$ALLOWED_NETWORKS" "/etc/squid-deb-proxy/allowed-networks-src.acl"
++
++end script
++
++post-start script
++  # create avahi service
++  PORT=$(grep http_port /etc/squid-deb-proxy/squid-deb-proxy.conf|cut -d' ' -f2)
++  if [ -n "$PORT" ] && [ -d /etc/avahi/services/ ]; then
++   cat > $AVAHIFILE << EOF
++<?xml version="1.0" standalone='no'?>
++<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
++<service-group>
++	<name replace-wildcards="yes">Squid deb proxy on %h</name>
++	<service protocol="ipv4">
++		<type>_apt_proxy._tcp</type>
++		<port>$PORT</port>
++	</service>
++</service-group>
++EOF
++  fi
++end script
++
++# if this is done in pre-stop "restart squid-deb-proxy" kills the
++# file without putting a replacement in!
++post-stop script
++  if [ -f $AVAHIFILE ]
++  then
++  	rm $AVAHIFILE
++  fi
++end script
++
++start on (local-filesystems and net-device-up IFACE!=lo)
++stop on runlevel [!2345]
++
++script
++  if [ -x /usr/sbin/squid ]; then
++      SQUID=/usr/sbin/squid
++  elif  [ -x /usr/sbin/squid3 ]; then
++      SQUID=/usr/sbin/squid3
++  else
++      echo "No squid binary found"
++      exit 1
++  fi
++  exec $SQUID -N -f /etc/squid-deb-proxy/squid-deb-proxy.conf
++end script
 === added file 'mirror-dstdomain.acl'
 --- mirror-dstdomain.acl	1970-01-01 00:00:00 +0000
 +++ mirror-dstdomain.acl	2012-03-30 12:19:23 +0000
@@ -0,0 +1,21 @@
++# mirror-dstdomain.conf
++#
++# network destinations that are allowed by this cache
++
++# default ubuntu and ubuntu country archive mirrors
++.archive.ubuntu.com
++ports.ubuntu.com
++security.ubuntu.com
++ddebs.ubuntu.com
++mirrors.ubuntu.com
++
++#official third party repositories
++archive.canonical.com
++extras.ubuntu.com
++
++# default changelogs location, this includes changelogs and the meta-release
++# file that has information about new ubuntu versions
++changelogs.ubuntu.com
++
++# additional destinations can be added to the directory:
++#  /etc/squid-deb-proxy/mirror-destdomain.acl.d
 === renamed file 'mirror-dstdomain.acl' => 'mirror-dstdomain.acl.moved'
 === added file 'squid-deb-proxy.conf'
 --- squid-deb-proxy.conf	1970-01-01 00:00:00 +0000
 +++ squid-deb-proxy.conf	2012-03-30 12:19:23 +0000
@@ -0,0 +1,93 @@
++
++#       WELCOME TO SQUID DEB PROXY
++#       ------------------
++#
++#       This config file is a version of a squid proxy file optimized
++#	as a configuration for a caching proxy for Ubuntu systems.
++#
++#       More information about squid and its configuration can be found here
++#       http://www.squid-cache.org/ and in the FAQ
++
++# settings that you may want to customize
++# ---------------------------------------
++
++# this file contains private networks (10.0.0.0/8, 172.16.0.0/12,
++# 192.168.0.0/16) by default, you can add/remove additional allowed
++# source networks in it to customize it for your setup
++acl allowed_networks src "/etc/squid-deb-proxy/autogenerated/allowed-networks-src.acl"
++
++# this file contains the *archive.ubuntu.com mirrors by default,
++# if you use a different mirror, add it there
++acl to_ubuntu_mirrors dstdomain "/etc/squid-deb-proxy/autogenerated/mirror-dstdomain.acl"
++
++# this contains the package blacklist
++acl blockedpkgs urlpath_regex "/etc/squid-deb-proxy/autogenerated/pkg-blacklist-regexp.acl"
++
++# default to a different port than stock squid
++http_port 8000
++
++# -------------------------------------------------
++# settings below probably do not need customization
++
++# user visible name
++visible_hostname squid-deb-proxy
++
++# we need a big cache, some debs are huge
++maximum_object_size 512 MB
++
++# use a different dir than stock squid and default to 40G
++cache_dir ufs /var/cache/squid-deb-proxy 40000 16 256
++
++# use different logs
++cache_access_log /var/log/squid-deb-proxy/access.log
++cache_log /var/log/squid-deb-proxy/cache.log
++cache_store_log /var/log/squid-deb-proxy/store.log
++
++# tweaks to speed things up
++cache_mem 200 MB
++maximum_object_size_in_memory 10240 KB
++
++# pid
++pid_filename /var/run/squid-deb-proxy.pid
++
++# refresh pattern for debs and udebs
++refresh_pattern deb$   129600 100% 129600
++refresh_pattern udeb$   129600 100% 129600
++refresh_pattern tar.gz$  129600 100% 129600
++
++# always refresh Packages and Release files
++refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz)$ 0 0% 0
++refresh_pattern \/Release(|\.gpg)$ 0 0% 0
++
++# handle meta-release and changelogs.ubuntu.com special
++refresh_pattern changelogs.ubuntu.com/*  0  1% 1
++
++# default acl
++acl all src all
++acl localhost src 127.0.0.1/32
++
++# only allow connects to ports for http, https
++acl Safe_ports port 80
++acl Safe_ports port 443 563
++
++# only allow ports we trust
++http_access deny !Safe_ports
++
++# do not allow to download from the pkg blacklist
++http_access deny blockedpkgs
++
++# allow access only to official ubuntu mirrors
++# uncomment the third and fouth line to permit any unlisted domain
++http_access deny !to_ubuntu_mirrors
++#http_access allow !to_ubuntu_mirrors
++
++# don't cache domains not listed in the mirrors file
++# uncomment the third and fourth line to cache any unlisted domains
++cache deny !to_ubuntu_mirrors
++#cache allow !to_ubuntu_mirrors
++
++# allow access from our network and localhost
++http_access allow allowed_networks
++
++# And finally deny all other access to this proxy
++http_access deny all
 === renamed file 'squid-deb-proxy.conf' => 'squid-deb-proxy.conf.moved'
 === added directory 'tests'
 === renamed directory 'tests' => 'tests.moved'
 === added file 'tests/test_acl.sh'
 --- tests/test_acl.sh	1970-01-01 00:00:00 +0000
 +++ tests/test_acl.sh	2012-03-30 12:19:23 +0000
@@ -0,0 +1,36 @@
++#!/bin/sh
++
++CURL="curl -s -I"
++count=0
++failure=0
++
++assert_ok() {
++    if ! $CURL $1 | grep -q "HTTP/1.0 200 OK"; then
++	echo "ASSERT FAILURE for $@, assumed 200 OK"
++	failure=$(( $failure + 1 ))
++    fi
++    count=$(( $count + 1 ))
++}
++
++assert_forbidden() {
++    if ! $CURL $1 | grep -q "HTTP/1.0 403 Forbidden"; then
++	echo "ASSERT FAILURE for $@, assumed 403 Forbidden"
++	failure=$(( $failure + 1 ))
++    fi
++    count=$(( $count + 1 ))
++}
++
++
++http_proxy=http://localhost:8000/
++echo "Starting tests for $http_proxy"
++
++assert_ok "http://archive.ubuntu.com"
++assert_ok "http://de.archive.ubuntu.com/ubuntu/"
++assert_ok "http://changelogs.ubuntu.com/meta-release"
++
++assert_forbidden "http://wiki.ubuntu.com"
++assert_forbidden "http://www.ubuntu.com"
++assert_forbidden "http://example.com"
++assert_forbidden "http://example.com:21"
++
++echo "Test finished, tests failed: $failure, tests run: $count"
 \ No newline at end of file
 === added directory 'udeb'
 === renamed directory 'udeb' => 'udeb.moved'
 === added file 'udeb/80squid-deb-proxy-client'
 --- udeb/80squid-deb-proxy-client	1970-01-01 00:00:00 +0000
 +++ udeb/80squid-deb-proxy-client	2012-03-30 12:19:23 +0000
@@ -0,0 +1,9 @@
++#!/bin/sh -e
++# queue squid-deb-proxy-client for install early
++
++log () {
++        logger -t hw-detect "$@"
++}
++
++log "Queuing squid-deb-proxy-client"
++apt-install squid-deb-proxy-client

squid-deb-proxy

Merge lp:~racb/squid-deb-proxy/apt_refresh into lp:squid-deb-proxy

Commit message

Description of the change

Preview Diff

Subscribers