From patchwork Wed Sep 8 16:01:51 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Matthias Fischer X-Patchwork-Id: 4690 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4H4Rj640C6z3x2Y for ; Wed, 8 Sep 2021 16:02:02 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4H4Rj46SRWz6XR; Wed, 8 Sep 2021 16:02:00 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4H4Rj44d4kz2xlk; Wed, 8 Sep 2021 16:02:00 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4H4Rj264t7z2xK9 for ; Wed, 8 Sep 2021 16:01:58 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4H4Rj21lYgzZF for ; Wed, 8 Sep 2021 16:01:58 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1631116918; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc; bh=X/AeRGnvDEs60NI4WRfVzMYl5vomWYnUnQZmd2TwO2I=; b=0jEs0sSfhXtwVonOg1mMUMbB0dFnb/gntrQalTzoz1MrkNbeS2kaWegkZxRFQh9gzY6NW4 NX0NRZ7VSVGnm9BQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1631116918; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc; bh=X/AeRGnvDEs60NI4WRfVzMYl5vomWYnUnQZmd2TwO2I=; b=G4Wc29mcYVNCMtgDYZvCbcvzZTntDMpo7uy+ogvxMCyVsnwCKJYF9U9k0fuxAvjbizvi9a fmkW0nr8sa4XKD7I7koP8hxUOvlFpjyZOWweQOA5+TT2qOgSXlqKC3lOpsqTUkswl4907C a+7ImSiNFcRwSFgbL2CPVP5N3wVx0O995vt7dHmJBMqxsQhUhe5hrEyL9nHU42Rlvgb5j2 ZgLPSU2s5Eij5rEdMzh4MC0XG1q1ELZ3zNQjupPrnmysbO7FnVCyBpp4Z4hJaC48Qhn3jb btpBW+hHrXP3lZQJeTUQhaayYgbG3ilDqwIyzrhzxc4DqYShmmE4o1bvVaSeTw== From: Matthias Fischer To: development@lists.ipfire.org Subject: [PATCH 1/2] squid: Update to 5.1 Date: Wed, 8 Sep 2021 18:01:51 +0200 Message-Id: <20210908160152.3223-1-matthias.fischer@ipfire.org> X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" For details see: http://www.squid-cache.org/Versions/v5/changesets/ There is still no official announcement. Nevertheless, since 31 Jul 2021, 'squid 5.1' has become "stable" and is listed under "Current versions suitable for production use". The only problem I found during testing deals with 'privoxy'. Since 'privoxy' - as parent cache_peer - sometimes replies with a '403', 'squid 5.1' handles this cache_peer connection as 'dead' which is then logged in 'cache_log'. See discussion on list. Actually this is something that got fixed from 'squid 4.16' to '5.1' - its no bug - its a feature. Everything else works as expected,'squid' and 'privoxy' developers were informed. Signed-off-by: Matthias Fischer Reviewed-by: Peter Müller --- config/rootfiles/common/squid | 50 +++++++++++++++++++++++++++++++++-- lfs/squid | 5 ++-- 2 files changed, 50 insertions(+), 5 deletions(-) diff --git a/config/rootfiles/common/squid b/config/rootfiles/common/squid index 2a407ed44..0cfe2ace9 100644 --- a/config/rootfiles/common/squid +++ b/config/rootfiles/common/squid @@ -521,15 +521,60 @@ usr/lib/squid/errors/en/error-details.txt #usr/lib/squid/errors/es #usr/lib/squid/errors/es-ar #usr/lib/squid/errors/es-bo +#usr/lib/squid/errors/es-bz #usr/lib/squid/errors/es-cl #usr/lib/squid/errors/es-co #usr/lib/squid/errors/es-cr +#usr/lib/squid/errors/es-cu #usr/lib/squid/errors/es-do #usr/lib/squid/errors/es-ec #usr/lib/squid/errors/es-es #usr/lib/squid/errors/es-gt #usr/lib/squid/errors/es-hn #usr/lib/squid/errors/es-mx +#usr/lib/squid/errors/es-mx/ERR_ACCESS_DENIED +#usr/lib/squid/errors/es-mx/ERR_ACL_TIME_QUOTA_EXCEEDED +#usr/lib/squid/errors/es-mx/ERR_AGENT_CONFIGURE +#usr/lib/squid/errors/es-mx/ERR_AGENT_WPAD +#usr/lib/squid/errors/es-mx/ERR_CACHE_ACCESS_DENIED +#usr/lib/squid/errors/es-mx/ERR_CACHE_MGR_ACCESS_DENIED +#usr/lib/squid/errors/es-mx/ERR_CANNOT_FORWARD +#usr/lib/squid/errors/es-mx/ERR_CONFLICT_HOST +#usr/lib/squid/errors/es-mx/ERR_CONNECT_FAIL +#usr/lib/squid/errors/es-mx/ERR_DIR_LISTING +#usr/lib/squid/errors/es-mx/ERR_DNS_FAIL +#usr/lib/squid/errors/es-mx/ERR_ESI +#usr/lib/squid/errors/es-mx/ERR_FORWARDING_DENIED +#usr/lib/squid/errors/es-mx/ERR_FTP_DISABLED +#usr/lib/squid/errors/es-mx/ERR_FTP_FAILURE +#usr/lib/squid/errors/es-mx/ERR_FTP_FORBIDDEN +#usr/lib/squid/errors/es-mx/ERR_FTP_NOT_FOUND +#usr/lib/squid/errors/es-mx/ERR_FTP_PUT_CREATED +#usr/lib/squid/errors/es-mx/ERR_FTP_PUT_ERROR +#usr/lib/squid/errors/es-mx/ERR_FTP_PUT_MODIFIED +#usr/lib/squid/errors/es-mx/ERR_FTP_UNAVAILABLE +#usr/lib/squid/errors/es-mx/ERR_GATEWAY_FAILURE +#usr/lib/squid/errors/es-mx/ERR_ICAP_FAILURE +#usr/lib/squid/errors/es-mx/ERR_INVALID_REQ +#usr/lib/squid/errors/es-mx/ERR_INVALID_RESP +#usr/lib/squid/errors/es-mx/ERR_INVALID_URL +#usr/lib/squid/errors/es-mx/ERR_LIFETIME_EXP +#usr/lib/squid/errors/es-mx/ERR_NO_RELAY +#usr/lib/squid/errors/es-mx/ERR_ONLY_IF_CACHED_MISS +#usr/lib/squid/errors/es-mx/ERR_PRECONDITION_FAILED +#usr/lib/squid/errors/es-mx/ERR_PROTOCOL_UNKNOWN +#usr/lib/squid/errors/es-mx/ERR_READ_ERROR +#usr/lib/squid/errors/es-mx/ERR_READ_TIMEOUT +#usr/lib/squid/errors/es-mx/ERR_SECURE_CONNECT_FAIL +#usr/lib/squid/errors/es-mx/ERR_SHUTTING_DOWN +#usr/lib/squid/errors/es-mx/ERR_SOCKET_FAILURE +#usr/lib/squid/errors/es-mx/ERR_TOO_BIG +#usr/lib/squid/errors/es-mx/ERR_UNSUP_HTTPVERSION +#usr/lib/squid/errors/es-mx/ERR_UNSUP_REQ +#usr/lib/squid/errors/es-mx/ERR_URN_RESOLVE +#usr/lib/squid/errors/es-mx/ERR_WRITE_ERROR +#usr/lib/squid/errors/es-mx/ERR_ZERO_SIZE_OBJECT +#usr/lib/squid/errors/es-mx/error-details.txt #usr/lib/squid/errors/es-ni #usr/lib/squid/errors/es-pa #usr/lib/squid/errors/es-pe @@ -1673,6 +1718,7 @@ usr/lib/squid/errors/ru/error-details.txt #usr/lib/squid/errors/sl/ERR_WRITE_ERROR #usr/lib/squid/errors/sl/ERR_ZERO_SIZE_OBJECT #usr/lib/squid/errors/sl/error-details.txt +#usr/lib/squid/errors/spq #usr/lib/squid/errors/sr #usr/lib/squid/errors/sr-cyrl #usr/lib/squid/errors/sr-cyrl-cs @@ -2185,10 +2231,10 @@ usr/lib/squid/errors/tr/error-details.txt usr/lib/squid/ext_delayer_acl usr/lib/squid/ext_edirectory_userip_acl usr/lib/squid/ext_file_userip_acl +#usr/lib/squid/ext_kerberos_sid_group_acl usr/lib/squid/ext_ldap_group_acl usr/lib/squid/ext_session_acl usr/lib/squid/ext_sql_session_acl -usr/lib/squid/ext_time_quota_acl usr/lib/squid/ext_unix_group_acl usr/lib/squid/ext_wbinfo_group_acl usr/lib/squid/helper-mux @@ -2273,10 +2319,10 @@ usr/sbin/updxlrator #usr/share/man/man8/ext_delayer_acl.8 #usr/share/man/man8/ext_edirectory_userip_acl.8 #usr/share/man/man8/ext_file_userip_acl.8 +#usr/share/man/man8/ext_kerberos_sid_group_acl.8 #usr/share/man/man8/ext_ldap_group_acl.8 #usr/share/man/man8/ext_session_acl.8 #usr/share/man/man8/ext_sql_session_acl.8 -#usr/share/man/man8/ext_time_quota_acl.8 #usr/share/man/man8/ext_unix_group_acl.8 #usr/share/man/man8/ext_wbinfo_group_acl.8 #usr/share/man/man8/helper-mux.8 diff --git a/lfs/squid b/lfs/squid index 98034651c..c56dca7de 100644 --- a/lfs/squid +++ b/lfs/squid @@ -24,7 +24,7 @@ include Config -VER = 4.15 +VER = 5.1 THISAPP = squid-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -46,7 +46,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = a593de9dc888dfeca4f1f7db2cd7d3b9 +$(DL_FILE)_MD5 = 17be9709b54fe0146452113404be7b54 install : $(TARGET) @@ -127,7 +127,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --enable-icap-client \ --enable-zph-qos \ --with-dl \ - --with-filedescriptors=$$(( 16384 * 64 )) \ --with-large-files \ --without-gnutls \ --without-netfilter-conntrack From patchwork Wed Sep 8 16:01:52 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Matthias Fischer X-Patchwork-Id: 4691 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4H4Rj76rGKz3x2Y for ; Wed, 8 Sep 2021 16:02:03 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4H4Rj50MNHz6f2; Wed, 8 Sep 2021 16:02:01 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4H4Rj45f1Pz2yyc; Wed, 8 Sep 2021 16:02:00 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4H4Rj26X3mz2xYj for ; Wed, 8 Sep 2021 16:01:58 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4H4Rj254Jxz6XR for ; Wed, 8 Sep 2021 16:01:58 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1631116918; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:in-reply-to:in-reply-to:references:references; bh=xvXM/I2Wc/482sj7/Ub5ShDC0xdrLs2/uo26b8tnFIk=; b=/guP9nYHJwHTbk2kUASQgtTnq1uHLnGsGiNOtBNTLGoSY/N6t0hHjmG6iJ8fFG7TQ6FAxI G1xYqRQhRVe0fHCA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1631116918; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:in-reply-to:in-reply-to:references:references; bh=xvXM/I2Wc/482sj7/Ub5ShDC0xdrLs2/uo26b8tnFIk=; b=rtWyZuLX26lx+B7pGnG+8GObgxieN61/vAy8mJrS6Uf+Rn0XQo9zO09c/8IYeYEYuTxEFW 4N401E3n4L6eY2a3gaOMXeohuXRyJLiU0TrnoOD7C5UlI9u7AJrlEetvqlZgecYN22Te3k f1S8FjC5clrbus3W6OPyelrsFBONiSvdurjVjriIq5mHoztwSwWK9LTKmVTMvzIosTFjNq o0ULuUFchpSVc5YcQVByKiG8H9SDvtV/CCXS3QJDoKxGt2Y0QaOpId/yYm9ITfxPcAmKlr Jooj5rmJfb/tqzHnEOivmWcBCtY1/9Gbg6tOgUzN5NvPOoaUyh7DMeWDIk/uKA== From: Matthias Fischer To: development@lists.ipfire.org Subject: [PATCH 2/2] squid 5.1: set max number of filedesriptors to 32768 Date: Wed, 8 Sep 2021 18:01:52 +0200 Message-Id: <20210908160152.3223-2-matthias.fischer@ipfire.org> In-Reply-To: <20210908160152.3223-1-matthias.fischer@ipfire.org> References: <20210908160152.3223-1-matthias.fischer@ipfire.org> X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Since the maximum number of filedescriptors which are possible for 'squid 5.1' are now 32768, I modified the initscript accordingly. Signed-off-by: Matthias Fischer Acked-by: Peter Müller Reviewed-by: Michael Tremer --- src/initscripts/system/squid | 1 + 1 file changed, 1 insertion(+) diff --git a/src/initscripts/system/squid b/src/initscripts/system/squid index 7255c0aca..09e7a0443 100644 --- a/src/initscripts/system/squid +++ b/src/initscripts/system/squid @@ -48,6 +48,7 @@ transparent() { case "$1" in start) + ulimit -n 32768 getpids "squid" if [ -n "${pidlist}" ]; then