[bug#40145] [PATCH] gnu: Add squid.

[bug#40145] [PATCH] gnu: Add squid.

[Vincent Legoll]

[-- Attachment #1: Type: text/plain, Size: 899 bytes --]

The attached patch adds squid caching proxy so that we can all start
saving precious network bandwidth.

I lightly tested it with the attached squid config file, in foreground
mode, like the following:

# Create temporary test space for squid
mkdir /tmp/squid
# Create the hashed store directories
/gnu/store/szbiglrkvll6qdxcrg3ir0hz8zdc9h5f-squid-4.10/sbin/squid -N
-f ./squid.conf -z
# Run squid
/gnu/store/szbiglrkvll6qdxcrg3ir0hz8zdc9h5f-squid-4.10/sbin/squid -N
-f ./squid.conf

# In another shell
export http_proxy=localhost:3128
export https_proxy=localhost:3128
time wget google.fr
time wget google.fr
less /tmp/squid/access.log
less /tmp/squid/cache.log
ls -lah /tmp/squid/00/00

There's no shepherd ready to run service &
config definitions, as I still don't know how
to do that.

I'll try to create one, if no one beats me to
it, but it may already be useful as-is...

-- 
Vincent Legoll

[-- Attachment #2: squid.conf --]
[-- Type: application/octet-stream, Size: 2662 bytes --]

#
# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 0.0.0.1-0.255.255.255	# RFC 1122 "this" network (LAN)
acl localnet src 10.0.0.0/8		# RFC 1918 local private network (LAN)
acl localnet src 100.64.0.0/10		# RFC 6598 shared address space (CGN)
acl localnet src 169.254.0.0/16 	# RFC 3927 link-local (directly plugged) machines
acl localnet src 172.16.0.0/12		# RFC 1918 local private network (LAN)
acl localnet src 192.168.0.0/16		# RFC 1918 local private network (LAN)
acl localnet src fc00::/7       	# RFC 4193 local private network range
acl localnet src fe80::/10      	# RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 3128

# Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /tmp/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /tmp/squid

pid_filename /tmp/squid/${service_name}.pid
access_log daemon:/tmp/squid/access.log squid
cache_log /tmp/squid/cache.log

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern .		0	20%	4320

[-- Attachment #3: 0001-gnu-Add-squid.patch --]
[-- Type: text/x-patch, Size: 3012 bytes --]

From 24a81038d315a4bf757eca590c53a16eac005879 Mon Sep 17 00:00:00 2001
From: Vincent Legoll <vincent.legoll@gmail.com>
Date: Fri, 20 Mar 2020 11:45:11 +0100
Subject: [PATCH] gnu: Add squid.

* gnu/packages/networking.scm (squid): New variable.
---
 gnu/packages/networking.scm | 45 +++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)

diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index e9abac2991..6a6e836261 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -80,8 +80,10 @@
   #:use-module (gnu packages code)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages cpp)
+;  #:use-module (gnu packages cppunit)
   #:use-module (gnu packages crypto)
   #:use-module (gnu packages curl)
+  #:use-module (gnu packages cyrus-sasl)
   #:use-module (gnu packages dejagnu)
   #:use-module (gnu packages documentation)
   #:use-module (gnu packages flex)
@@ -98,6 +100,7 @@
   #:use-module (gnu packages kerberos)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages nettle)
+  #:use-module (gnu packages openldap)
   #:use-module (gnu packages password-utils)
   #:use-module (gnu packages pcre)
   #:use-module (gnu packages perl)
@@ -862,6 +865,48 @@ prints timing information for each step of the HTTP request (DNS lookup,
 TCP connection, TLS handshake and so on) in the terminal.")
     (license license:expat)))
 
+(define-public squid
+  (package
+    (name "squid")
+    (version "4.10")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://www.squid-cache.org/Versions/v4/squid-"
+                           version ".tar.xz"))
+       (sha256
+        (base32 "07sz0adv8nkhy797675bpra7lvdkwjq9isw1ddgylhlazl511w4q"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-before 'build 'fix-true-path
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "test-suite/testheaders.sh"
+               (("/bin/true")
+                (string-append (assoc-ref inputs "coreutils")
+                               "/bin/true")))
+             #t)))))
+    (inputs
+     `(("perl" ,perl)
+       ("openldap" ,openldap)
+       ("linux-pam" ,linux-pam)
+       ("libcap" ,libcap)
+       ("cyrus-sasl" ,cyrus-sasl)
+       ("expat" ,expat)
+       ("libxml2" ,libxml2)
+       ("openssl" ,openssl)))
+    (native-inputs
+     `(("cppunit" ,cppunit)
+       ("coreutils" ,coreutils) ; test suite needs /bin/true
+       ("pkg-config" ,pkg-config)))
+    (synopsis "A web caching proxy supporting HTTP, HTTPS, FTP, etc.")
+    (description "Squid is a caching proxy for the Web supporting HTTP, HTTPS,
+FTP, and more.  It reduces bandwidth and improves response times by caching and
+reusing frequently-requested web pages.")
+    (home-page "http://www.squid-cache.org/")
+    (license license:gpl2)))
+
 (define-public bwm-ng
   (package
     (name "bwm-ng")
-- 
2.25.1

bug#40145: [PATCH] gnu: Add squid.

[Marius Bakke]

[-- Attachment #1: Type: text/plain, Size: 2535 bytes --]

Vincent Legoll <vincent.legoll@gmail.com> writes:

> The attached patch adds squid caching proxy so that we can all start
> saving precious network bandwidth.

Nice, about time!  :-)

> I lightly tested it with the attached squid config file, in foreground
> mode, like the following:
>
> # Create temporary test space for squid
> mkdir /tmp/squid
> # Create the hashed store directories
> /gnu/store/szbiglrkvll6qdxcrg3ir0hz8zdc9h5f-squid-4.10/sbin/squid -N
> -f ./squid.conf -z
> # Run squid
> /gnu/store/szbiglrkvll6qdxcrg3ir0hz8zdc9h5f-squid-4.10/sbin/squid -N
> -f ./squid.conf
>
> # In another shell
> export http_proxy=localhost:3128
> export https_proxy=localhost:3128
> time wget google.fr
> time wget google.fr
> less /tmp/squid/access.log
> less /tmp/squid/cache.log
> ls -lah /tmp/squid/00/00
>
> There's no shepherd ready to run service &
> config definitions, as I still don't know how
> to do that.
>
> I'll try to create one, if no one beats me to
> it, but it may already be useful as-is...

Writing services may seem intimidating at first, but is actually easier
than it looks.  I think you'll figure it out fairly quickly.  :-)

> From 24a81038d315a4bf757eca590c53a16eac005879 Mon Sep 17 00:00:00 2001
> From: Vincent Legoll <vincent.legoll@gmail.com>
> Date: Fri, 20 Mar 2020 11:45:11 +0100
> Subject: [PATCH] gnu: Add squid.
>
> * gnu/packages/networking.scm (squid): New variable.

[...]

> +;  #:use-module (gnu packages cppunit)

I dropped this leftover from the patch.

[...]

> +    (inputs
> +     `(("perl" ,perl)
> +       ("openldap" ,openldap)
> +       ("linux-pam" ,linux-pam)
> +       ("libcap" ,libcap)
> +       ("cyrus-sasl" ,cyrus-sasl)
> +       ("expat" ,expat)
> +       ("libxml2" ,libxml2)
> +       ("openssl" ,openssl)))
> +    (native-inputs
> +     `(("cppunit" ,cppunit)
> +       ("coreutils" ,coreutils) ; test suite needs /bin/true

coreutils is already implicitly available, so I removed this input.

> +       ("pkg-config" ,pkg-config)))
> +    (synopsis "A web caching proxy supporting HTTP, HTTPS, FTP, etc.")

I changed this to just "Web caching proxy" to please 'guix lint'.

> +    (description "Squid is a caching proxy for the Web supporting HTTP, HTTPS,
> +FTP, and more.  It reduces bandwidth and improves response times by caching and
> +reusing frequently-requested web pages.")
> +    (home-page "http://www.squid-cache.org/")
> +    (license license:gpl2)))

The license is actually GPL2+ according to the source code headers.

Applied with these changes, thank you!

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

[bug#40145] [PATCH] gnu: Add squid.

[Vincent Legoll]

Hello,

On Fri, Mar 20, 2020 at 6:25 PM Marius Bakke <mbakke@fastmail.com> wrote:
>
> Vincent Legoll <vincent.legoll@gmail.com> writes:
>
> > The attached patch adds squid caching proxy so that we can
> > all start saving precious network bandwidth.
>
> Nice, about time!  :-)

Necessity is the mother of...

> > There's no shepherd ready to run service &
> > config definitions, as I still don't know how
> > to do that.
> >
> > I'll try to create one, if no one beats me to
> > it, but it may already be useful as-is...
>
> Writing services may seem intimidating at first, but is
> > actually easier
> than it looks.  I think you'll figure it out fairly quickly.  :-)

Currently reading the doc...

> > From 24a81038d315a4bf757eca590c53a16eac005879 Mon Sep 17 00:00:00 2001
> > From: Vincent Legoll <vincent.legoll@gmail.com>
> > Date: Fri, 20 Mar 2020 11:45:11 +0100
> > Subject: [PATCH] gnu: Add squid.
> >
> > * gnu/packages/networking.scm (squid): New variable.
>
> [...]
>
> > +;  #:use-module (gnu packages cppunit)
>
> I dropped this leftover from the patch.

oopsie, I let this one slip, usually I proof-read before sending,
looks like I was in a hurry...

> [...]
>
> > +    (inputs
> > +     `(("perl" ,perl)
> > +       ("openldap" ,openldap)
> > +       ("linux-pam" ,linux-pam)
> > +       ("libcap" ,libcap)
> > +       ("cyrus-sasl" ,cyrus-sasl)
> > +       ("expat" ,expat)
> > +       ("libxml2" ,libxml2)
> > +       ("openssl" ,openssl)))
> > +    (native-inputs
> > +     `(("cppunit" ,cppunit)
> > +       ("coreutils" ,coreutils) ; test suite needs /bin/true
>
> coreutils is already implicitly available, so I removed this input.

OK

> The license is actually GPL2+ according to the source code
> headers.
>
> Applied with these changes, thank you!

Thanks for the fixes !

-- 
Vincent Legoll