From 23d89d97693e0e4c1237c249943e71206e22a693 Mon Sep 17 00:00:00 2001 From: Joerg Deckert Date: Tue, 28 Jan 2025 18:27:15 +0100 Subject: [PATCH] add fetchACLs script from OPNsense to download URL blacklists and build squid ACL --- Makefile | 12 +++++++++++- package.use | 2 ++ world | 3 +++ 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 9a81789..4d18c1d 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,6 @@ cert-renew.sh = $(CHROOT)/etc/ssl/cert-renew.sh +ca.pem = $(CHROOT)/etc/squid/ssl/ca.pem +ssl_db = $(CHROOT)/var/lib/squid/ssl_db systemd-units: appliance/cert-renew.service appliance/cert-renew.timer mkdir -p $(CHROOT)/usr/local/bin @@ -8,6 +10,14 @@ $(cert-renew.sh): appliance/cert-renew.sh mkdir -p $(CHROOT)/etc/ssl cp $< $@ +$(ca.pem): + mkdir -p $(CHROOT)/etc/squid/ssl + openssl req -new -newkey rsa:2048 -subj '/C=DE/CN=proxy.example.net' -days 3650 -nodes -x509 -keyout $@ -out $@ + +$(ssl_db): + RUN /usr/libexec/squid/security_file_certgen -c -s /var/lib/squid/ssl_db -M 20MB + RUN chown -R squid:squid /var/lib/squid/ssl_db + preinstall: -postinstall: systemd-units $(cert-renew.sh) +postinstall: systemd-units $(cert-renew.sh) $(ca.pem) $(ssl_db) diff --git a/package.use b/package.use index cb75574..ddbfd0c 100644 --- a/package.use +++ b/package.use @@ -1,6 +1,8 @@ # Squid net-proxy/squid caps pam ldap samba sasl kerberos radius ssl snmp logrotate ecap ssl-crtd perl tproxy net-proxy/squidguard ldap +net-proxy/c-icap berkdb ipv6 ldap +net-proxy/c-icap-modules berkdb clamav # Apache www-servers/apache apache2_modules_proxy apache2_modules_proxy_ajp apache2_modules_proxy_connect apache2_modules_proxy_http apache2_modules_proxy_wstunnel diff --git a/world b/world index 6987a6c..afcfb51 100644 --- a/world +++ b/world @@ -1,7 +1,10 @@ app-crypt/certbot-apache app-crypt/certbot-nginx +net-proxy/c-icap +net-proxy/c-icap-modules net-proxy/e2guardian net-proxy/squid +net-proxy/squid-opnsense-fetchacls net-proxy/squidguard net-proxy/ufdbguard www-apache/mod_wsgi