# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
# $Id: Portfile 89580 2012-02-03 16:19:27Z snc@macports.org $

PortSystem 1.0

name            squid3-devel
version         3.2.0.4
set branch      [join [lrange [split ${version} .] 0 1] .]
categories      net
platforms       darwin
license         GPL-2+
maintainers     snc openmaintainer
description     advanced proxy caching server for http, https, ftp, gopher
long_description    Squid is a high-performance proxy caching server for \
                web clients, supporting FTP, gopher, and HTTP data \
                objects. Unlike traditional caching software, Squid \
                handles all requests in a single, non-blocking, \
                I/O-driven process. Squid keeps meta data and \
                especially hot objects cached in RAM, caches DNS \
                lookups, supports non-blocking DNS lookups, and \
                implements negative caching of failed requests.

homepage        http://www.squid-cache.org/
master_sites    http://mirrors.24-7-solutions.net/pub/squid/ \
                http://mirror.aarnet.edu.au/pub/squid/squid/ \
                http://www.mirrorservice.org/sites/ftp.squid-cache.org/pub/squid/ \
                http://ftp.ring.gr.jp/archives/net/www/squid/ \
                ftp://ftp.is.co.za/pub/squid/ \
                ftp://ftp1.cl.squid-cache.org/pub/squid/ \
                http://www.squid-cache.org/Versions/v3/${branch}/ \
                ftp://ftp.squid-cache.org/pub/squid/

distname        squid-${version}

checksums           rmd160  a982884dc513e29d39545e0c09e7ddf4d24a47f2 \
                    sha256  54bd5f06c676862f5156b2da0cfd4d8c9d6d358227d90884fc1b54de24caf38b

use_bzip2       yes
patchfiles      patch-cf.data.pre.diff

depends_lib     port:openssl port:zlib

conflicts       squid squid3

#configure.args
#--with-pthreads \
#                --enable-shared \
#                --mandir=${prefix}/share/man \
#                --sysconfdir=${prefix}/etc/squid \
#                --datadir=${prefix}/share/squid \
#                --localstatedir=${prefix}/var/squid \
#                --with-openssl=${prefix} \
#                --enable-delay-pools \
#                --enable-removal-policies \
#                --enable-storeio=ufs,aufs,diskd \
#                --enable-disk-io=AIO,Blocking,DiskDaemon,DiskThreads \
#                --enable-icap-client \
#                --with-default-user=squid \
#                --disable-ipv6
#post-configure {
#    if {[variant_isset universal]} {
#        system "cd ${worksrcpath} && ed - ${worksrcpath}/include/autoconf.h < ${filespath}/include_autoconf.h.ed && touch include/stamp-h1"
#    }
#}

build.args      DEFAULT_PID_FILE=${prefix}/var/run/squid/squid.pid
use_parallel_build  yes

startupitem.create      yes
startupitem.name        Squid
set start_extra ""
set stop_extra ""
# this will insert firewall rules to force a specific user to use squid for their connections
# this implementation will only impact rule numbers 100 and 101.
# A user may be matched by name or identification number.
# you will not want to force squid to use itself (infinite loop)
if {[variant_isset ipfw_transparent] || [variant_isset https]} {
	append start_extra "ipfw add 99 allow tcp from me to any dst-port 80 uid squid out\n"
	append stop_extra "ipfw delete 99\n"
}
if {[variant_isset ipfw_transparent]} {
    append start_extra "ipfw add 100 fwd 127.0.0.1,3128 tcp from me to any dst-port 80 out\n"
    append stop_extra "ipfw delete 100\n"
}
if {[variant_isset https]} {
    append start_extra "ipfw add 101 fwd 127.0.0.1,3129 tcp from me to any dst-port 443 out\n"
    append stop_extra "ipfw delete 101\n"
}
startupitem.start \
    "cd ${prefix}/var/squid" \
    "if \[ ! -d \"${prefix}/var/squid/cache/00\" \]; then" \
    "\tsu -fm root -c \"exec ${prefix}/sbin/squid -s -z\"" \
    "fi" \
    $start_extra \
    "su -fm root -c \"exec ${prefix}/sbin/squid -s\""
startupitem.stop \
    "cd ${prefix}/var/squid" \
    $stop_extra \
    "su -fm root -c \"exec ${prefix}/sbin/squid -k shutdown\""

pre-destroot {
    add_users squid group=squid realname=Squid\ Proxy home=${prefix}/var/squid
}
post-destroot   {
    reinplace "s|/etc/squid|${prefix}/etc/squid|g" \
        ${destroot}${prefix}/share/man/man8/squid.8
    xinstall -o squid -g squid -m 755 -d \
        ${destroot}${prefix}/var/run/squid ${destroot}${prefix}/var/squid \
        ${destroot}${prefix}/var/squid/cache ${destroot}${prefix}/var/squid/logs
    reinplace "s|http_port 3128|http_port 127.0.0.1:3128 intercept|" \
        ${destroot}${prefix}/etc/squid/squid.conf.default
    set config [open ${destroot}${prefix}/etc/squid/squid.conf.default a]
    if {[variant_isset https]} {
        puts $config "https_port 127.0.0.1:3129 intercept sslBump"
        puts $config "sslproxy_cafile ${prefix}/share/curl/curl-ca-bundle.crt"
        puts $config "# Bumped requests have relative URLs so Squid has to use"
        puts $config "# reverse proxy or accelerator code. By default, that"
        puts $config "# code denies direct forwarding. The need for this option"
        puts $config "# may disappear in the future."
        puts $config "always_direct allow all"
        puts $config ""
        puts $config "# if a site uses a self-signed certificate it will"
        puts $config "# produce errors"
        puts $config "#acl TrustedName dstdomain .domain.org"
        puts $config "#sslproxy_cert_error allow TrustedName"
        puts $config "#sslproxy_cert_error deny all"
    }
    puts $config "visible_hostname localhost"
    puts $config "shutdown_lifetime 1 second"
    close $config
    file delete -force ${destroot}${prefix}/etc/squid/squid.conf \
                       ${destroot}${prefix}/etc/squid/mime.conf \
                       ${destroot}${prefix}/etc/squid/cachemgr.conf
}
destroot.keepdirs   ${destroot}${prefix}/var/run/squid \
                ${destroot}${prefix}/var/squid/cache \
                ${destroot}${prefix}/var/squid/logs

post-activate {
    # Make sure initial conf files are present and setup correctly
    foreach f { squid.conf mime.conf cachemgr.conf } {
        if {![file exists ${prefix}/etc/squid/${f}]} {
            file copy ${prefix}/etc/squid/${f}.default \
                ${prefix}/etc/squid/${f}
        }
    }
}

variant kqueue description "Enable kqueue() support (experimental)" {
    configure.args-append   --enable-kqueue
}

variant ipfw_transparent description "Enable transparent proxy support using IPFW" {
    configure.args-append   --enable-ipfw-transparent
}

variant https requires ipfw_transparent description "Enable https client requests" {
    configure.args-append   --enable-ssl
    depends_run-append  port:curl-ca-bundle
}

startupitem.netchange   yes

livecheck.type  regex
livecheck.url   http://www.squid-cache.org/Versions/v3/${branch}/
livecheck.regex >squid-(${branch}\[.0-9\]+)<
