Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Fixing up the Squid3+Squidguard install fun

    Scheduled Pinned Locked Moved 2.1 Snapshot Feedback and Problems - RETIRED
    13 Posts 8 Posters 4.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jimpJ
      jimp Rebel Alliance Developer Netgate
      last edited by

      So I have an idea about the current packaging of Squid+Squidguard but I'm not quite sure if it's the best thing do to. Given that there is a bit of a mess now where you have to do some crazy dance of installing squid, then squidguard, then squid3, etc, to make things work is obviously not workable long-term, neither is completely switching over Squidguard to only squid3. So I was thinking of doing one of two things for 2.1 only (2.0.x wouldn't get this):

      Option 1:
      We can make a Separate "SquidGuard for Squid3" and "Lightsquid for Squid3" and "Sarg for Squid3" package, and in their build configuration, they can specify squid3 to be built before they get built, and specify a custom name so their PBIs don't conflict.

      Pros: Easier to fit into the current package lineup/scheme.
      Cons: ?

      Option 2:
      We can work on some bundled packages such as "Squid3+SquidGuard" that actually has them both in the same PBI and would have one main XML file that downloads the actual components from "real" squid and squidguard packages rather than a completely separate/redundant copy.

      Pros: Installs everything at once, no need to juggle multiple packages.
      Cons: More difficult to maintain on the backend, would still require some custom coding/redundancy in the combined package XML.

      I like the idea of option 2 better, but it's a bit more work and I'm not sure it's worth it.

      Any thoughts?

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • R
        romainp
        last edited by

        I like very much the Option 1. By this way there is no confusion about what the user will be installing on which version of PfSense. And if a link to the official doc on thr web site could be added to the package description, the user could go ther eand read why there is a different version and some check and fix howtos.

        Romain

        1 Reply Last reply Reply Quote 0
        • M
          maverick_slo
          last edited by

          Hi!

          Option 1 for sure!

          Regards,
          Greg

          1 Reply Last reply Reply Quote 0
          • T
            Tikimotel
            last edited by

            Option 1 has my vote.

            Option 2 only viable for certain use cases.
            Unless you know how many installs actively use the combination of the two packages at once.
            If that is more than 99% of all users then this package combination might be worthwhile to be served as a single package.

            1 Reply Last reply Reply Quote 0
            • T
              traxxus
              last edited by

              +1 for Option 1

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                Well I've tried a half dozen different ways to get squidGuard to build itself against Squid 3.3 but for some reason it just refuses to cooperate. No matter what I set, it's assuming Squid 2.x. I'll have to poke at it some more as time allows.

                It doesn't look like Sarg or Lightsquid have any specific dependency on squid so those won't need to be handled, it's just SquidGuard that needs special treatment it appears.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • A
                  ariyako
                  last edited by

                  Option 2!  ;D

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    Is there any disadvantage to installing Squidguard and then not enabling it for those who want Squid only? More difficult to maintain as already mentioned. It would be very interesting to know how many people use Squid without Squidguard. A poll perhaps? As I read the first post here I assumed everyone would vote option 2, shows how much I know.  ::)

                    Steve

                    1 Reply Last reply Reply Quote 0
                    • jimpJ
                      jimp Rebel Alliance Developer Netgate
                      last edited by

                      @stephenw10:

                      Is there any disadvantage to installing Squidguard and then not enabling it for those who want Squid only? More difficult to maintain as already mentioned. It would be very interesting to know how many people use Squid without Squidguard. A poll perhaps? As I read the first post here I assumed everyone would vote option 2, shows how much I know.  ::)

                      Wasted space, mostly. Also I'm not sure if there may be some compatibility issues with having that and Dansguardian and who knows what else installed. It's best to keep things simple when possible.

                      I think the "combined" packages are probably not going to be realistically feasible, I'm still trying to move forward with Option #1 above.

                      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                      Need help fast? Netgate Global Support!

                      Do not Chat/PM for help!

                      1 Reply Last reply Reply Quote 0
                      • T
                        Tikimotel
                        last edited by

                        I don't know how interwoven squid is in the squidguard package itself.
                        All I need to change to get it to work "proper" with squid v3.3 is change a few lines in the "squidguard_configurator.inc".
                        And re-save the options in the GUI.

                        Certain options are rename/changed from squid v2  to squid v3.1 and onwards. (mainly the redirectors)

                        After a firmware update, and the re-install of all packages is complete is change "squidguard_configurator.inc".

                        # ------------------------------------------------------------------------------
                        # squid config options
                        # ------------------------------------------------------------------------------
                        define('REDIRECTOR_OPTIONS_REM',   '# squidGuard options');
                        define('REDIRECTOR_PROGRAM_OPT',   'url_rewrite_program');
                        define('REDIRECT_BYPASS_OPT',      'url_rewrite_bypass');
                        define('REDIRECT_CHILDREN_OPT',    'url_rewrite_children');
                        define('REDIRECTOR_PROCESS_COUNT', '12 startup=8 idle=6 concurrency=0'); # redirector processes count will started
                        
                        

                        (number of redirectors/rewrite_children maxes out at 12, starts with 8 and idles at 6 and is an older type of redirector)

                        Basically the configurator script needs change (or version detection), why it needs squid33 or squid2 for compilation is beyond me.
                        Is it only needed for ease of installation? Why was squid2 integrated into the package install process?

                        1 Reply Last reply Reply Quote 0
                        • jimpJ
                          jimp Rebel Alliance Developer Netgate
                          last edited by

                          I found/fixed a bug in the pbi build scripts (not our script, the one from upstream) and got some binaries built late on Friday finally. I need to poke at them a little before I activate them, but they may be up yet today.

                          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                          Need help fast? Netgate Global Support!

                          Do not Chat/PM for help!

                          1 Reply Last reply Reply Quote 0
                          • jimpJ
                            jimp Rebel Alliance Developer Netgate
                            last edited by

                            The "squidguard-squid3" package should appear shortly. For those interested in trying it out, remove squid 2.x, squid 3.x, and squidguard to get back to a "clean" state, then install squid 3.x and squidguard-squid3.

                            In the future, if this works, installing squid 3.x and squidguard-squid3 should be the only steps needed.

                            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                            Need help fast? Netgate Global Support!

                            Do not Chat/PM for help!

                            1 Reply Last reply Reply Quote 0
                            • technicalT
                              technical
                              last edited by

                              option 1  8)

                              Necati Selim GÜNER
                              IT Technician

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.