Update Squid3 package to 3.1.23 - $250
-
Squid 3.1.x no longer exists in the FreeBSD ports tree. The time would be better spent moving the package to 3.2 or 3.3 (but perhaps without some of the extra features that squid3-dev tries to activate)
Or 3.4, which has been out for quite a while and adds some features that might be useful for pfSense.
-
interesting… builtin pf transparent proxy?
-
I am working on updating both DansGuardian and Squid binaries and shared libraries.
I have a question, however:
How would I go about getting my work, assuming it is successful, back into the mainstream package, for everyone to enjoy. I am not the package maintainer for either DansGuardian or Squid3-dev. Anybody know who is, or how to touch base with them? -
As far as I know, the pfSense team has to compile the binaries from now on out. Of course anyone could use the binaries you compile but they wont upload them into the package repo.
Marcelloc is the package maintainer for squid3, squid3-dev, DansGuardian.. and a few other packages… But due to recent politics, he seems to be a ghost nowadays... Its a shame :-(
-
As far as I know, the pfSense team has to compile the binaries from now on out. Of course anyone could use the binaries you compile but they wont upload them into the package repo.
Making sure we can compile the binaries in a perfectly repeatable way is a good thing for everyone.
It makes sure that:
1. The binaries are trustworthy, so we can sign them for verification (we can't sign something we didn't build.)
2. The binaries we build can be hosted by us on our (secured) servers, so that we do not rely on someone else's web site being live for packages to work. This also saves maintainers from the extra bandwidth costs involved.
3. The process is repeatable, so upgrades such as security issues in packages are easy to do and can be handled internally by us rather than waiting on a maintainer Also in the event of data loss or new OS version, a new set of packages can be recompiled as easily as firing off a build script.
4. If the maintainer disappears, we can rebuild newer versions as needed without having to have someone else compile them or trying to figure out exactly which patches, compile options, etc were used.
5. Any needed files/patches/flags are in the repository so that others can build them as well using the same processes.
6. In ideal cases, if the program needs patches that don't exist in the FreeBSD ports tree, we can get them added into FreeBSD so that even more people benefit.It may slow down development slightly while people make sure it's done the right way, but it removes a lot of magic/mystery from the process so that everyone is better off.
It may ruffle some feathers at first but it's better for everyone's safety and security to not be running unverified binaries from third-party external servers. (See also: Lusca and our many posts about avoiding it).
Marcelloc is the package maintainer for squid3, squid3-dev, DansGuardian.. and a few other packages… But due to recent politics, he seems to be a ghost nowadays... Its a shame :-(
I'm not sure what all of the reasons were, only he can say for sure, but from what I remember he had been pretty busy and hadn't had a lot of time even before all of the recent changes. If anyone wants to step up and help or take over packages that appear to be stagnant or abandoned any input is appreciated.
-
Squid is in 3.4 on pfsense 2.2.
Dansguardian is no longer available on freebsd ports but I'm working on e2guardian port to freebsd.
-
Squid is in 3.4 on pfsense 2.2.
Dansguardian is no longer available on freebsd ports but I'm working on e2guardian port to freebsd.
looking forward to testing it :-)
-
Squid is in 3.4 on pfsense 2.2.
Dansguardian is no longer available on freebsd ports but I'm working on e2guardian port to freebsd.
looking forward to testing it :-)
I too would like to see this. Marcello, is there anything I can do to help?
-
Here are instructions to get squid 3.4 working on pfsense 2.2 util pbi builds are ok for this package
https://forum.pfsense.org/index.php?topic=84638.msg473961#msg473961
-
I'm working on e2guardian port to freebsd.
I manually compiled it and had it working at one point… Seemed to work fine. Are you saying that you won't package it until it is officially on the freebsd repositories?
-
I'm working on e2guardian port to freebsd.
I manually compiled it and had it working at one point… Seemed to work fine. Are you saying that you won't package it until it is officially on the freebsd repositories?
I'm working o e2guardian port to freebsd. Currently it is compiling, creating the package but I'ts exiting without error messages. I'm testing version 3.1.2 from github.
The pfsense package will take some time
-
Bounty paid. Well done Marcello!
-
Thanks again :)