From: Marcos Mello <marcosfrm@gmail.com>
Date: Fri, 18 Mar 2016 09:38:10 +0000 (+1300)
Subject: Bug 4459: move ssl_db into /var/cache/squid/
X-Git-Tag: SQUID_4_0_8~28
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=778bed98456c8880e5f209f88dcb43f8677524bd;p=thirdparty%2Fsquid.git

Bug 4459: move ssl_db into /var/cache/squid/

* auto-generates the man(8) page for this helper.

* moves the shared Makefile variables to Common.am

* updates the heper documentation to use the builds actual
  installed paths instead of hard-coding standard paths
---

diff --git a/doc/manuals/Substitute.am b/doc/manuals/Substitute.am
index f1e8c6b671..9dc7d4a09b 100644
--- a/doc/manuals/Substitute.am
+++ b/doc/manuals/Substitute.am
@@ -11,6 +11,8 @@
 SUBSTITUTE=sed "\
 	s%@DEFAULT_ERROR_DIR@%$(DEFAULT_ERROR_DIR)%g;\
 	s%@DEFAULT_MIME_TABLE@%$(DEFAULT_MIME_TABLE)%g;\
+	s%@DEFAULT_SSL_CRTD@%$(DEFAULT_SSL_CRTD)%g;\
+	s%@DEFAULT_SSL_DB_DIR@%$(DEFAULT_SSL_DB_DIR)%g;\
 	s%@""PACKAGE_STRING""@%$(PACKAGE_STRING)%g;\
 	s%@SYSCONFDIR@%$(sysconfdir)%g;\
 	"
diff --git a/src/Common.am b/src/Common.am
index 886bcc9fa6..47b9a02499 100644
--- a/src/Common.am
+++ b/src/Common.am
@@ -10,6 +10,27 @@
 ## This file should be included first in all src/subdir/Makefile.am
 ## so it must not contain stuff specific to or bad for some subdirectories.
 
+## Default variables
+DEFAULT_HTTP_PORT	= 3128
+DEFAULT_ICP_PORT	= 3130
+DEFAULT_PREFIX		= $(prefix)
+DEFAULT_CONFIG_DIR	= $(sysconfdir)
+DEFAULT_CONFIG_FILE	= $(DEFAULT_CONFIG_DIR)/squid.conf
+DEFAULT_MIME_TABLE	= $(DEFAULT_CONFIG_DIR)/mime.conf
+DEFAULT_SSL_CRTD	= $(libexecdir)/`echo security_file_certgen | sed '$(transform);s/$$/$(EXEEXT)/'`
+DEFAULT_LOG_PREFIX	= $(DEFAULT_LOG_DIR)
+DEFAULT_CACHE_LOG	= $(DEFAULT_LOG_PREFIX)/cache.log
+DEFAULT_ACCESS_LOG	= $(DEFAULT_LOG_PREFIX)/access.log
+DEFAULT_STORE_LOG	= $(DEFAULT_LOG_PREFIX)/store.log
+DEFAULT_NETDB_FILE	= $(DEFAULT_SWAP_DIR)/netdb.state
+DEFAULT_SSL_DB_DIR	= $(DEFAULT_SWAP_DIR)/ssl_db
+DEFAULT_PINGER		= $(libexecdir)/`echo pinger | sed '$(transform);s/$$/$(EXEEXT)/'`
+DEFAULT_UNLINKD		= $(libexecdir)/`echo unlinkd | sed '$(transform);s/$$/$(EXEEXT)/'`
+DEFAULT_LOGFILED	= $(libexecdir)/`echo log_file_daemon | sed '$(transform);s/$$/$(EXEEXT)/'`
+DEFAULT_DISKD		= $(libexecdir)/`echo diskd | sed '$(transform);s/$$/$(EXEEXT)/'`
+DEFAULT_ICON_DIR	= $(datadir)/icons
+DEFAULT_ERROR_DIR	= $(datadir)/errors
+
 ## TODO: make this set by configure?
 AM_CFLAGS = $(SQUID_CFLAGS)
 AM_CXXFLAGS = $(SQUID_CXXFLAGS)
diff --git a/src/Makefile.am b/src/Makefile.am
index 735d7886a5..0e83cceccf 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -725,26 +725,6 @@ EXTRA_DIST = \
 	mib.txt \
 	mime.conf.default
 
-DEFAULT_HTTP_PORT	= 3128
-DEFAULT_ICP_PORT	= 3130
-DEFAULT_PREFIX		= $(prefix)
-DEFAULT_CONFIG_DIR	= $(sysconfdir)
-DEFAULT_CONFIG_FILE	= $(DEFAULT_CONFIG_DIR)/squid.conf
-DEFAULT_MIME_TABLE	= $(DEFAULT_CONFIG_DIR)/mime.conf
-DEFAULT_SSL_CRTD	= $(libexecdir)/`echo security_file_certgen | sed '$(transform);s/$$/$(EXEEXT)/'`
-DEFAULT_LOG_PREFIX	= $(DEFAULT_LOG_DIR)
-DEFAULT_CACHE_LOG	= $(DEFAULT_LOG_PREFIX)/cache.log
-DEFAULT_ACCESS_LOG	= $(DEFAULT_LOG_PREFIX)/access.log
-DEFAULT_STORE_LOG	= $(DEFAULT_LOG_PREFIX)/store.log
-DEFAULT_NETDB_FILE	= $(DEFAULT_SWAP_DIR)/netdb.state
-DEFAULT_SSL_DB_DIR	= $(localstatedir)/lib/ssl_db
-DEFAULT_PINGER		= $(libexecdir)/`echo pinger | sed '$(transform);s/$$/$(EXEEXT)/'`
-DEFAULT_UNLINKD		= $(libexecdir)/`echo unlinkd | sed '$(transform);s/$$/$(EXEEXT)/'`
-DEFAULT_LOGFILED	= $(libexecdir)/`echo log_file_daemon | sed '$(transform);s/$$/$(EXEEXT)/'`
-DEFAULT_DISKD		= $(libexecdir)/`echo diskd | sed '$(transform);s/$$/$(EXEEXT)/'`
-DEFAULT_ICON_DIR	= $(datadir)/icons
-DEFAULT_ERROR_DIR	= $(datadir)/errors
-
 # Make location configure settings available to the code
 DEFS += -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\" -DDEFAULT_SQUID_DATA_DIR=\"$(datadir)\" -DDEFAULT_SQUID_CONFIG_DIR=\"$(sysconfdir)\"
 
diff --git a/src/security/cert_generators/file/Makefile.am b/src/security/cert_generators/file/Makefile.am
index eea3cee69f..a1da0f7a0b 100644
--- a/src/security/cert_generators/file/Makefile.am
+++ b/src/security/cert_generators/file/Makefile.am
@@ -7,18 +7,24 @@
 
 include $(top_srcdir)/src/Common.am
 include $(top_srcdir)/src/TestHeaders.am
+include $(top_srcdir)/doc/manuals/Substitute.am
+
+security_file_certgen.8: $(srcdir)/security_file_certgen.8.in Makefile
+	$(SUBSTITUTE) < $(srcdir)/security_file_certgen.8.in > $@
 
 man_MANS = security_file_certgen.8
+CLEANFILES += security_file_certgen.8
+EXTRA_DIST = security_file_certgen.8.in
+
 libexec_PROGRAMS = security_file_certgen
 
 security_file_certgen_SOURCES = \
 	certificate_db.cc \
 	certificate_db.h \
 	security_file_certgen.cc
+
 security_file_certgen_LDADD = \
 	$(top_builddir)/src/ssl/libsslutil.la \
 	$(SSLLIB) \
 	$(COMPAT_LIB)
 
-EXTRA_DIST = security_file_certgen.8
-
diff --git a/src/security/cert_generators/file/security_file_certgen.8 b/src/security/cert_generators/file/security_file_certgen.8.in
similarity index 93%
rename from src/security/cert_generators/file/security_file_certgen.8
rename to src/security/cert_generators/file/security_file_certgen.8.in
index f95065114d..49439dec16 100644
--- a/src/security/cert_generators/file/security_file_certgen.8
+++ b/src/security/cert_generators/file/security_file_certgen.8.in
@@ -8,20 +8,21 @@ Version 1.0
 .SH SYNOPSIS
 .if !'po4a'hide' .B security_file_certgen
 .if !'po4a'hide' .B [\-dhv]
-.
+.br
 .if !'po4a'hide' .B security_file_certgen
-.if !'po4a'hide' .B "[\-d] -s "
+.if !'po4a'hide' .B "[\-d] \-s "
 directory
 .if !'po4a'hide' .B "[\-M "
 size
 .if !'po4a'hide' .B ]
-.
+.br
 .if !'po4a'hide' .B security_file_certgen
 .if !'po4a'hide' .B "[\-d] \-c \-s "
 directory
-.if !'po4a'hide' .B [\-n]
+.if !'po4a'hide' .B "[\-n "
 serial number
-.
+.if !'po4a'hide' .B ]
+.br
 .if !'po4a'hide' .B security_file_certgen
 .if !'po4a'hide' .B "[\-d] \-g \-s "
 directory
@@ -113,7 +114,7 @@ parameters.
 .PP
 For example:
 .if !'po4a'hide' .RS
-.if !'po4a'hide' .B security_file_certgen -c -s /var/lib/ssl_db
+.if !'po4a'hide' .B security_file_certgen -c -s @DEFAULT_SSL_DB_DIR@
 .if !'po4a'hide' .RE
 .
 .PP
@@ -125,7 +126,7 @@ For simple configuration the helper defaults can be used.
 Only HTTP listening port options are required to enable generation and set the signign CA certificate.
 For Example:
 .if !'po4a'hide' .RS
-.if !'po4a'hide' .B http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/www.sample.com.pem
+.if !'po4a'hide' .B http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=@SYSCONFDIR@/ssl_cert/www.sample.com.pem
 .if !'po4a'hide' .RE
 .
 .PP
@@ -134,8 +135,8 @@ For more customized configuration the helper certificate storage directory locat
 configuration directive.
 For example:
 .if !'po4a'hide' .RS
-.if !'po4a'hide' .B sslcrtd_program /usr/local/squid/libexec/security_file_certgen -s /usr/local/squid/var/lib/ssl_db -M 4MB
-.if !'po4a'hide' .
+.if !'po4a'hide' .B sslcrtd_program @DEFAULT_SSL_CRTD@ -s @DEFAULT_SSL_DB_DIR@ -M 4MB
+.if !'po4a'hide' .br
 .if !'po4a'hide' .B sslcrtd_children 5
 .if !'po4a'hide' .RE
 .