From 43be981b640a597a525d85add4deb23f9c164a44 Mon Sep 17 00:00:00 2001 From: Jeremy HOCDE Date: Thu, 20 Jul 2017 20:07:11 +0100 Subject: system/c-icap: Added (ICAP server). Signed-off-by: David Spencer --- system/c-icap/README | 21 + system/c-icap/c-icap.SlackBuild | 112 ++++++ system/c-icap/c-icap.conf | 864 ++++++++++++++++++++++++++++++++++++++++ system/c-icap/c-icap.info | 10 + system/c-icap/doinst.sh | 26 ++ system/c-icap/rc.c-icap | 38 ++ system/c-icap/slack-desc | 19 + 7 files changed, 1090 insertions(+) create mode 100644 system/c-icap/README create mode 100644 system/c-icap/c-icap.SlackBuild create mode 100644 system/c-icap/c-icap.conf create mode 100644 system/c-icap/c-icap.info create mode 100644 system/c-icap/doinst.sh create mode 100644 system/c-icap/rc.c-icap create mode 100644 system/c-icap/slack-desc (limited to 'system/c-icap') diff --git a/system/c-icap/README b/system/c-icap/README new file mode 100644 index 0000000000000..fd0615699fcd3 --- /dev/null +++ b/system/c-icap/README @@ -0,0 +1,21 @@ +c-icap is an implementation of an ICAP server. It can be used with HTTP +proxies that support the ICAP protocol to implement content adaptation +and filtering services. + +In order to start c-icap at boot and stop it properly at shutdown, +make sure rc.c-icap is executable and add the following lines to +the following files: + + /etc/rc.d/rc.local + ================== + # Startup c-icap + if [ -x /etc/rc.d/rc.c-icap ]; then + /etc/rc.d/rc.c-icap start + fi + + /etc/rc.d/rc.local_shutdown + =========================== + # Stop c-icap + if [ -x /etc/rc.d/rc.c-icap ]; then + /etc/rc.d/rc.c-icap stop + fi diff --git a/system/c-icap/c-icap.SlackBuild b/system/c-icap/c-icap.SlackBuild new file mode 100644 index 0000000000000..c5b0505b2c222 --- /dev/null +++ b/system/c-icap/c-icap.SlackBuild @@ -0,0 +1,112 @@ +#!/bin/sh + +# Slackware build script for c-icap + +# Copyright 2017 Jeremy HOCDE +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +PRGNAM=c-icap +SRCNAM=c_icap +VERSION=${VERSION:-0.5.2} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} + +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) ARCH=i586 ;; + arm*) ARCH=arm ;; + *) ARCH=$( uname -m ) ;; + esac +fi + +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +if [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +set -e + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $SRCNAM-$VERSION +tar xvf $CWD/$SRCNAM-$VERSION.tar.gz +cd $SRCNAM-$VERSION +chown -R root:root . +find -L . \ + \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ + -o -perm 511 \) -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ + -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; + +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/usr \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --mandir=/usr/man \ + --docdir=/usr/doc/$PRGNAM-$VERSION \ + --build=$ARCH-slackware-linux + +make +make install DESTDIR=$PKG + +find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + +find $PKG/usr/man -type f -exec gzip -9 {} \; +for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done + +mkdir -p $PKG/var/{log,run}/c-icap + +mkdir -p $PKG/etc/rc.d +cat $CWD/rc.c-icap > $PKG/etc/rc.d/rc.c-icap.new +cat $CWD/c-icap.conf > $PKG/etc/c-icap.conf.new +rm $PKG/etc/c-icap.conf +chmod 644 $PKG/etc/c-icap.* + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a \ + INSTALL README RECONF docs/ \ + $PKG/usr/doc/$PRGNAM-$VERSION +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc +cat $CWD/doinst.sh > $PKG/install/doinst.sh + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} diff --git a/system/c-icap/c-icap.conf b/system/c-icap/c-icap.conf new file mode 100644 index 0000000000000..392c598aa73a8 --- /dev/null +++ b/system/c-icap/c-icap.conf @@ -0,0 +1,864 @@ +# +# This file contains the default settings for c-icap +# +# + + +# TAG: PidFile +# Format: PidFile pid_file +# Description: +# The file to store the pid of the main process of the c-icap server. +# Default: +# PidFile /var/run/c-icap/c-icap.pid +PidFile /var/run/c-icap/c-icap.pid + +# TAG: CommandsSocket +# Format: CommandsSocket socket_file +# Description: +# The path of file to use as control socket for c-icap +# Default: +# CommandsSocket /var/run/c-icap/c-icap.ctl +CommandsSocket /var/run/c-icap/c-icap.ctl + +# TAG: Timeout +# Format: Timeout seconds +# Description: +# The time in seconds after which a connection without activity +# can be cancelled. +# Default: +# Timeout 300 +Timeout 300 + +# TAG: MaxKeepAliveRequests +# Format: MaxKeepAliveRequests number +# Description: +# The maximum number of requests can be served by one connection +# Set it to -1 for no limit +# Default: +# MaxKeepAliveRequests 100 +MaxKeepAliveRequests 100 + +# TAG: KeepAliveTimeout +# Format: KeepAliveTimeout seconds +# Description: +# The maximum time in seconds waiting for a new requests before a +# connection will be closed. +# If the value is set to -1, there is no timeout. +# Default: +# KeepAliveTimeout 600 +KeepAliveTimeout 600 + +# TAG: StartServers +# Format: StartServers number +# Description: +# The initial number of server processes. Each server process +# generates a number of threads, which serve the requests. +# Default: +# StartServers 3 +StartServers 3 + +# TAG: MaxServers +# Format: MaxServers number +# Description: +# The maximum allowed number of server processes. +# Default: +# MaxServers 10 +MaxServers 10 + +# TAG: MinSpareThreads +# Format: MinSpareThreads number +# Description: +# If the number of the available threads is less than number, +# the c-icap server starts a new child. +# Default: +# MinSpareThreads 10 +MinSpareThreads 10 + +# TAG: MaxSpareThreads +# Format: MaxSpareThreads number +# Description: +# If the number of the available threads is more than number then +# the c-icap server kills a child. +# Default: +# MaxSpareThreads 20 +MaxSpareThreads 20 + +# TAG: ThreadsPerChild +# Format: ThreadsPerChild number +# Description: +# The number of threads per child process. +# Default: +# ThreadsPerChild 10 +ThreadsPerChild 10 + +# TAG: MaxRequestsPerChild +# Format: MaxRequestsPerChild number +# Description: +# The maximum number of requests that a child process can serve. +# After this number has been reached, process dies. The goal of this +# parameter is to minimize the risk of memory leaks and increase the +# stability of c-icap. It can be disabled by setting its value to 0. +# Default: +# MaxRequestsPerChild 0 +MaxRequestsPerChild 0 + +# TAG: InterProcessSharedMemScheme +# Format: InterProcessSharedMemScheme posix | mmap | sysv +# Description: +# The interprocess shared mem scheme to use. Available schemes: +# posix Use posix shared memory (shm_open interface) +# mmap Use anonymous mmaped files as shared memory +# sysv use the sysv ipc shared memory +# Default: +# InterProcessSharedMemScheme posix + +# TAG: InterProcessLockingScheme +# Format: InterProcessSharedMemScheme file | sysv | posix +# Description: +# The interprocess locking scheme to use. Available schemes: +# file Use lock file +# sysv Use the sysv ipc semaphores +# posix Use posix semaphores: Use it with caution you may experienced +# locking problems if one or more processes crashed. +# Default: +# InterProcessLockingScheme file + +# TAG: Port +# Format: Port [address:]port +# Description: +# The port number that the c-icap server uses to listen to requests. +# Default: +# None +Port 1344 + +# TAG: TlsPort +# Format: TlsPort [address:]port [tls-method=method] [cert=path_to_pem_cert] [key=path_to_pem_key] [client_ca=path_to_pem_file] [ciphers=ciph1:ciph2...] [tls_options=[!]Opt1|[!]Opt2|...] +# Description: +# The port number that the c-icap server uses to listen for TLS/SSL +# requests. Options: +# tls-method +# Set the SSL method to use. Available methods are: +# SSLv23 TLSv1_2 TLSv1_1 TLSv1 SSLv3 SSLv2 +# cert +# Set the certificate to use by the icap server. The certificate +# should be in pem format. +# key +# The key of the configured certificate in pem format. If none +# set then the c-icap searches for the key inside cert file. +# client_ca +# File containing all CA that we accept client certs from. If it +# is set then c-icap enables client certificates verification. +# cafile +# PEM file containing CA certificates to use when verifying client +# certificates. If not configured the root.pem file will be used. +# capath +# Directory containing additional CA certificates to use when +# verifying client certificates. +# ciphers +# Collon separated lists of the ciphers to accept. Please check +# openSSL manual for supported ciphers. +# tls-options +# Sets various options: +# SSL_OP_NO_SSLv2 disable the use of SSLv2 +# SSL_OP_NO_SSLv3 disable the use of SSLv3 +# SSL_OP_NO_TLSv1 disable the use of TLSv1 +# SSL_OP_NO_TLSv1_2 disable the use of TLSv1.2 +# SSL_OP_NO_TLSv1_1 disable the use of TLSv1.1 +# SSL_OP_NO_TICKET disable the use of RFC5077 session tickets +# SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION +# When performing renegotiation as a server, always start a +# new session. +# SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION +# Allow legacy insecure renegotiation between OpenSSL and +# unpatched clients or servers. +# +# For more options please see the SSL_set_options documentation. +# +# By default the SSL_OP_ALL flag is set which enables all of the +# important bug workarrounds. To reset this flag use the +# "!SSL_OP_ALL" as first flag: +# tls-options=!SSL_OP_ALL:SSL_OP_NO_TICKET +# +# Default: +# None + +# TAG: TlsPassphrase +# Format: TlsPassphrase /path/to/script +# Description: +# Path to the script to run to get the passphrases of TLS certificates +# keys. The c-icap will pass as arguments the IP address and port number +# to the script. +# Default: +# No value +# Example: +# TlsPassphrase /use/local/c-icap/scripts/cert-passphrase.sh + +# TAG: User +# Format: User username +# Description: +# The user owning c-icap's processes. By default, the owner is the +# user who runs the program. +# Default: +# No value +# Example: +# User wwwrun + +# TAG: Group +# Format: Group groupname +# Description: +# The group of users owning c-icap's processes, which, by default +# is the group of the current user. +# Default: +# No value +# Example: +# Group nogroup + +# TAG: ServerAdmin +# Format: ServerAdmin admin_mail +# Description: +# The Administrator of this server. Used when displaying information +# about this server (logs, info service, etc) +# Default: +# No value +ServerAdmin admin@localhost + +# TAG: ServerName +# Format: ServerName aServerName +# Description: +# A name for this server. Used when displaying information about this +# server (logs, info service, etc) +# Default: +# No value +ServerName localhost + +# TAG: TmpDir +# Format: TmpDir dir +# Description: +# dir is the location of temporary files. +# Default: +# TmpDir /var/tmp +TmpDir /var/tmp + +# TAG: MaxMemObject +# Format: MaxMemObject bytes +# Description: +# The maximum memory size in bytes taken by an object which +# is processed by c-icap . If the size of an object's body is +# larger than the maximum size a temporary file is used. +# Default: +# MaxMemObject 131072 +MaxMemObject 131072 + +# TAG: DebugLevel +# Format: DebugLevel level +# Description: +# The level of debugging information to be logged. +# The acceptable range of levels is between 0 and 10. +# Default: +# DebugLevel 1 +DebugLevel 1 + +# TAG: Pipelining +# Format: Pipelining on|off +# Description: +# Enable or disable ICAP requests pipelining +# Default: +# Pipelining on +Pipelining on + +# TAG: SupportBuggyClients +# FORMAT: SupportBuggyClients on|off +# Description: +# Try to handle requests from buggy clients, for example ICAP requests +# missing "\r\n" sequences +# Default: +# SupportBuggyClients off +SupportBuggyClients off + +# TAG: Allow204As200okZeroEncaps +# Format: Allow204As200okZeroEncaps +# Description: +# When used the c-icap instead of allow 204 return "200 OK" responses +# with zero encapsulated entities. +# Default: +# No set + +# TAG: FakeAllow204 +# Format: FakeAllow204 on|off +# Description: +# Support 204 responses from services preview handler to the clients +# which does not support preview. Requires early responses support +# from clients. +# If disabled the c-icap will return 500 response in these cases +# Default: +# FakeAllow204 on + +# TAG: ModulesDir +# Format: ModulesDir dir +# Description: +# The location of modules +# Default: +# ModulesDir /usr/lib64/c_icap +ModulesDir /usr/lib64/c_icap + +# TAG: ServicesDir +# Format: ServicesDir dir +# Description: +# The location of services +# Default: +# ServicesDir /usr/lib64/c_icap +ServicesDir /usr/lib64/c_icap + +# TAG: TemplateDir +# Format: TemplateDir dir +# Description: +# The location of the text templates used by c-icap and its services, +# categorized by language and services/modules +# Default: +# No value +# Example: +TemplateDir /usr/share/c_icap/templates/ + +# TAG: TemplateDefaultLanguage +# Format: TemplateDefaultLanguage lang +# Description: +# Sets the default language to use for text templates +# Default: +# TemplateDefaultLanguage en +TemplateDefaultLanguage en + +#TemplateReloadTime 360 +#TemplateCacheSize 20 +#TemplateMemBufSize 8192 + +# TAG: LoadMagicFile +# Format: LoadMagicFile path +# Description: +# Load a c-icap magic file. A magic file contains various +# data type definitions. Look inside default c-icap.magic file +# for more informations. +# It can be used more than once to use multiple magic files. +# Default: +# LoadMagicFile /etc/c-icap.magic +LoadMagicFile /etc/c-icap.magic + +# TAG: RemoteProxyUsers +# Format: RemoteProxyUsers onoff +# Description: +# Set it to on if you want to use username provided by the proxy server. +# This is the recomended way to use users in c-icap. +# If the RemoteProxyUsers is off and c-icap configured to use users or +# groups the internal authentication mechanism will be used. +# Default: +# RemoteProxyUsers off +RemoteProxyUsers off + +# TAG: RemoteProxyUserHeader +# Format: RemoteProxyUserHeader Header +# Description: +# Used to specify the icap header used by the proxy server to send +# the authenticated client username to c-icap server +# Default: +# RemoteProxyUserHeader X-Authenticated-User +RemoteProxyUserHeader X-Authenticated-User + +# TAG: RemoteProxyUserHeaderEncoded +# Format: RemoteProxyUserHeaderEncoded onoff +# Description: +# Set it to off if the RemoteProxyUserHeader is not base64 encoded +# Default: +# RemoteProxyUserHeaderEncoded on +RemoteProxyUserHeaderEncoded on + +# TAG: AuthMethod +# Format: AuthMethod Method Authenticator +# Description: +# Used to define the internal authentication mechanism to use. This +# feature is not well tested and may cause problems. It is better to use +# RemoteProxyUser configuration. +# Method is the authentication method to use (basic, digest, etc). +# Currently only basic authentication method is implemented as build in +# module +# Authenticator currently can only be "basic_simple_db" +# It can be considered as a user/password store and can be +# implemented as external module. The basic_simple_db is implemented as +# build it module +# Default: +# No set +# Example: +# AuthMethod basic basic_simple_db + +# TAG: basic.Realm +# Format: basic.Realm ARealm +# Description: +# Specify the basic method realm +# Default: +# basic.Realm "Basic authentication" +# Example: +# basic.Realm "c-icap server authentication" + +# TAG: basic_simple_db.UsersDB +# Format: basic_simple_db.UsersDB LookupTable +# Description: +# Specify the lookup table where the usernames/passwords pairs +# are stored. The paswords must be unencrypted +# For more information about c-icap lookup tables read c-icap server +# manual page +# Default: +# No value +# Example: +# basic_simple_db.UsersDB hash:/usr/local/c-icap/etc/c-icap-users.txt + +# TAG: GroupSourceByGroup +# Format: GroupSourceByGroup LookupTable +# Description: +# Defines a lookup table where the groups of users are stored indexed +# by group. It can be used more than once. +# For more information about c-icap lookup tables read c-icap server +# manual page +# Default: +# No set +# Example: +# GroupSourceByGroup hash:/usr/local/c-icap/etc/c-icap-groups.txt + +# TAG: GroupSourceByUser +# Format: GroupSourceByUser LookupTable +# Description: +# Defines a lookup table where the groups of users are stored indexed +# by user. It can be used more than once. +# For more information about c-icap lookup tables read c-icap server +# manual page +# Default: +# No set +# Example: +# GroupSourceByUser hash:/usr/local/c-icap/etc/c-icap-user-groups.txt + +# TAG: acl +# Format: acl name type[{param}] value1 [value2] [...] +# Description: +# Supported acl types are: +# acl aclname service service1 ... +# The servicename +# acl aclname type OPTIONS|RESPMOD|REQMOD ... +# The icap method +# acl aclname port port1 ... +# The icap server port +# acl aclname src ip1/netmask1 ... +# The client ip address +# acl aclname srvip ip1/netmask1 ... +# The c-icap server ip address +# acl aclname icap_header{HeaderName} value1 ... +# Matches the icap header HeaderName with value1 ... +# The values are in regex form: /avalue/flags +# acl aclname icap_resp_header{HeaderName} value1 ... +# The icap response header +# The values are in regex form: /avalue/flags +# acl aclname http_req_header{HeaderName} value1 ... +# The http request header +# The values are in regex form: /avalue/flags +# acl aclname http_resp_header{HeaderName} value1 ... +# The http response header +# The values are in regex form: /avalue/flags +# acl aclname data_type type1 ... +# The data type as recognized by the internal data type +# recognizer. The types are defined in c-icap.magic file +# acl aclname auth username|* ... +# The authenticated users. Using * instead of username means +# all users. +# acl aclname group group1 ... +# if the user of request belongs to given groups +# acl content_length{>|<|=} value1 ... +# The content length of body data if the related information +# included in http headers. +# The parameter can take the value <, > or = to specify that +# the acl will match if content length is less, greater or +# equal to acl values. +# acl time value1 .... +# It checks agains current time. The values format is: +# [DAY[,DAY,[..]]][/][HH:MM-HH:MM] +# The DAY can be one of the following: +# S - Sunday +# M - Monday +# T - Tuesday +# W - Wednesday +# H - Thursday +# F - Friday +# A - Saturday +# acl http_client_ip ip1[/netmask1] ... +# The HTTP client ip address, if it is available. +# acl http_req_line value1 ... +# The first line of HTTP request +# The values are in regex form: /avalue/flags +# acl http_resp_line value1 ... +# The first line of HTTP response +# The values are in regex form: /avalue/flags +# acl http_req_url value1 ... +# The HTTP request url without GET request arguments +# The values are in regex form: /avalue/flags +# acl http_req_method value1 ... +# The HTTP request method + +# Default: +# None set +# Examples: +# acl OPTIONS type OPTIONS +# acl RESPMOD type RESPMOD +# acl REQMOD type REQMOD +# acl ALLREQUESTS type OPTIONS RESPMOD REQMOD +# acl XHEAD icap_header{X-Test} /value/ +# acl ECHO service echo +# acl localnet src 192.168.1.0/255.255.255.0 +# acl localhost src 127.0.0.1/255.255.255.255 +# acl all src 0.0.0.0/0.0.0.0 +# acl BigObjects content_length{>} 5000000 +# acl WorkingHours time M,T,W,H,F/8:00-18:00 +# acl FreeHour time Sunday,Saturday/8:00-23:59 M,T,W,H,F/18:01-23:59 M,T,W,H,F/0:00-7.59 + +# TAG: icap_access +# Format: icap_access allow|deny [!]acl1 ... +# Description: +# Allowing or denying ICAP access based on defined access lists +# Default: +# None set +# Example: +# icap_access deny XHEAD +# #Allow OPTIONS method for all: +# icap_access allow localnet OPTIONS +# #Require authentication for all users from local network: +# icap_access allow AUTH localnet +# icap_access deny all + +# TAG: client_access +# Format: client_access allow|deny acl1 [acl2] [...] +# Description: +# Allowing or denying connections on c-icap based on +# defined access lists. Only the acl types src, srvip and port +# can be used. +# Default: +# None set +# Example: +# client_access allow all + +# TAG: LogFormat +# Format: LogFormat Name Format +# Description: +# Name is a name for this log format. +# Format is a string with embedded % format codes. % format codes +# has the following form: +# % [-] [width] [{argument}] formatcode +# if - is specified then the output is left aligned +# if width specified then the field is exactly width size +# some formatcodes support arguments given as {argument} +# +# Format codes: +# %a: Remote IP-Address +# %la: Local IP Address +# %lp: Local port +# %>a: Http Client IP Address. Only supported if the proxy +# client supports the "X-Client-IP" header +# %ho: Modified Http request header. Supports header name +# as argument. If no argument given the first line returned +# %huo: Modified Http request url +# %ih: Icap request header. Supports header name +# as argument. If no argument given the first line returned +# % ${NEW}.incoming + mv ${NEW}.incoming $NEW + fi + config $NEW +} + +preserve_perms etc/rc.d/rc.c-icap.new +config etc/c-icap.conf.new diff --git a/system/c-icap/rc.c-icap b/system/c-icap/rc.c-icap new file mode 100644 index 0000000000000..6dc06609ba691 --- /dev/null +++ b/system/c-icap/rc.c-icap @@ -0,0 +1,38 @@ +#!/bin/sh +# Start/stop/restart c-icap. + +# Start c-icap: +icap_start() { + CMDLINE="/usr/bin/c-icap" + echo -n "Starting c-icap daemon: $CMDLINE" + $CMDLINE -f /etc/c-icap.conf + echo +} + +# Stop c-icap: +icap_stop() { + echo -n "Stopping c-icap daemon..." + for i in $(pgrep -f c-icap); do kill -15 $i; done + echo +} + +# Restart c-icap: +icap_restart() { + icap_stop + sleep 1 + icap_start +} + +case "$1" in +'start') + icap_start + ;; +'stop') + icap_stop + ;; +'restart') + icap_restart + ;; +*) + echo "usage $0 start|stop|restart" +esac diff --git a/system/c-icap/slack-desc b/system/c-icap/slack-desc new file mode 100644 index 0000000000000..97ccddccf66eb --- /dev/null +++ b/system/c-icap/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. +# Line up the first '|' above the ':' following the base package name, and +# the '|' on the right side marks the last column you can put a character in. +# You must make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':' except on otherwise blank lines. + + |-----handy-ruler------------------------------------------------------| +c-icap: c-icap (ICAP server) +c-icap: +c-icap: c-icap is an implementation of an ICAP server. It can be used with +c-icap: HTTP proxies that support the ICAP protocol to implement content +c-icap: adaptation and filtering services. +c-icap: +c-icap: http://c-icap.sourceforge.net/ +c-icap: +c-icap: +c-icap: +c-icap: -- cgit v1.2.3