Add Squid-4.4

7 files changed, 518 insertions, 0 deletions

diff --git a/net-proxy/squid/Manifest b/net-proxy/squid/Manifest
new file mode 100644
index 0000000..32a7ed6
--- /dev/null
+++ b/net-proxy/squid/Manifest
@@ -0,0 +1,7 @@
+AUX squid-4.3-gentoo.patch 2767 BLAKE2B fbf424bec42a8bd29f54431107e73db1d1acd7612c8acc4d38022419a72ccabc9d0287fb34cbd26e96df2b6e2aaceae929c1005ef2ad4f731cf28edf66ac569a SHA512 eaf076cef4b60c1f5e9985a69f5ae674082b04a6f70d5b484ad13e9e397a8c67cb1780960a11fd943dc2500ec9f0590192b276bf36451d3063537661200487bf
+AUX squid.confd-r2 714 BLAKE2B 9bdefb898904c28e7b64ff864fc81c8ca5a87e62fee96d438b41faa8e75335b06291688f38448f3fa2adca6dc715041136e889badab7ae2003cf460683e2a60b SHA512 df45ad0260ac9a5edddafc7d90f245c4f05957916dcfa23f2e0d6a34f9c96cf22c756add9b63599e0d2a0cff49ad358f7f6fff3a2ef21402a9f65b7376b6b6a9
+AUX squid.initd-r5 4396 BLAKE2B df063df095165c6aa4b625648388b76b1e7d9c927ad0e0e482b34762ed701825397828d03ed6f573a366bf603797022b9cc6c93c8ad935af422cd926595530b0 SHA512 b831cc709995bacc59211271316126e42440cb1ea81e3208e2e948abcf346d2bc147d9e4596eeddeaeea0d472fa95b218e6539ea9da8cc301d4cbcb18ccd9e29
+AUX squid.logrotate 103 BLAKE2B f6d190d1914b76b08d90a2c3b3b07ff9cd332cdb2e595f4849537d1f1d32d8be1386fcdfffb40d073bcdd715a62c1c44727f1e10b75cfaff69c0d042c2a7e904 SHA512 d75a667c3ffa32fdd938ef40df8813a467d9f10b2363107bf915cb0c99834fbe8d0eb502a18a816875b67b0db1b27806ed3caf620c38516040cb644b225f5a55
+AUX squid.pam 209 BLAKE2B 113fa119ce4fd96ddf34b95c1a1ca958b34aea405564076f89abdbb8d4c6a0248ec9fa1a0f5f1d6136643c9abc4c5f67e8ef75305414b374763e2055272950d5 SHA512 5501e3d9319aea99f0deed98748366d4dfbeccdde96d842474fe144a4584394d8f5563372cd7b2437a389378c49b61b646403cca1be4362c888750d027b2f594
+DIST squid-4.4.tar.xz 2436468 BLAKE2B 057fe8d679d8563dcbe6987b895041610f356d811d8fadd24914b6817e7ec167bd37d1be9e3a1772faecd96561cad533a287f2b212cbbe099bfbba7574aa4294 SHA512 8ed45abc65febf2955db11bafd49e940914a58230a8945afab9ea4926c4bafd538474a0836665b4131e23a23d6389d512a40bbe53368b8206ba4765fd71fb21f
+EBUILD squid-4.4-r1.ebuild 8376 BLAKE2B c9eb51b5a17ef54f956001eed55b21fb7ee38913eeea6d063d9f31f0b45001b633124caf0fc44df88d4dfb51718ad7cb0eb7d82077fea2879de7f43f060f14b9 SHA512 43131f6326ae7a4b536d6f7d4235b29094ab56356660e274018dd531dc1ac273ec656de9d752344bbe91caafbbd88e961052cb5d2b07027fbbc3cd916bc3d058
diff --git a/net-proxy/squid/files/squid-4.3-gentoo.patch b/net-proxy/squid/files/squid-4.3-gentoo.patch
new file mode 100644
index 0000000..f5152b8
--- /dev/null
+++ b/net-proxy/squid/files/squid-4.3-gentoo.patch
@@ -0,0 +1,79 @@
+--- a/configure.ac	2018-10-14 17:22:35.000000000 +0300
++++ b/configure.ac	2018-10-17 21:27:24.806986467 +0300
+@@ -32,9 +32,9 @@ PRESET_CXXFLAGS="$CXXFLAGS"
+ PRESET_LDFLAGS="$LDFLAGS"
+ 
+ dnl Set default LDFLAGS
+-if test "x$LDFLAGS" = "x" ; then
+-  LDFLAGS="-g"
+-fi
++dnl if test "x$LDFLAGS" = "x" ; then
++dnl   LDFLAGS="-g"
++dnl fi
+ 
+ # Check for GNU cc
+ AC_PROG_CC
+--- a/src/cf.data.pre	2018-10-14 08:25:34.000000000 +0300
++++ b/src/cf.data.pre	2018-10-17 21:27:24.809986705 +0300
+@@ -1520,6 +1520,7 @@ acl Safe_ports port 280		# http-mgmt
+ acl Safe_ports port 488		# gss-http
+ acl Safe_ports port 591		# filemaker
+ acl Safe_ports port 777		# multiling http
++acl Safe_ports port 901		# SWAT
+ acl CONNECT method CONNECT
+ NOCOMMENT_END
+ DOC_END
+@@ -6819,11 +6820,11 @@ COMMENT_END
+ 
+ NAME: cache_mgr
+ TYPE: string
+-DEFAULT: webmaster
++DEFAULT: root
+ LOC: Config.adminEmail
+ DOC_START
+ 	Email-address of local cache manager who will receive
+-	mail if the cache dies.  The default is "webmaster".
++	mail if the cache dies.  The default is "root".
+ DOC_END
+ 
+ NAME: mail_from
+--- a/src/debug.cc	2018-10-14 08:25:34.000000000 +0300
++++ b/src/debug.cc	2018-10-17 21:27:24.807986546 +0300
+@@ -490,7 +490,7 @@ _db_init(const char *logfile, const char
+ #if HAVE_SYSLOG && defined(LOG_LOCAL4)
+ 
+     if (Debug::log_syslog)
+-        openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY | LOG_CONS, syslog_facility);
++        openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY, syslog_facility);
+ 
+ #endif /* HAVE_SYSLOG */
+ 
+--- a/src/main.cc	2018-10-14 08:25:34.000000000 +0300
++++ b/src/main.cc	2018-10-17 21:28:28.632044541 +0300
+@@ -1912,7 +1912,7 @@ watch_child(const CommandLine &masterCom
+ 
+     enter_suid();
+ 
+-    openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4);
++    openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY, LOG_LOCAL4);
+ 
+     if (!opt_foreground)
+         GoIntoBackground();
+@@ -2012,7 +2012,7 @@ watch_child(const CommandLine &masterCom
+ 
+             if ((pid = fork()) == 0) {
+                 /* child */
+-                openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4);
++                openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY, LOG_LOCAL4);
+                 (void)execvp(masterCommand.arg0(), kidCommand.argv());
+                 int xerrno = errno;
+                 syslog(LOG_ALERT, "execvp failed: %s", xstrerr(xerrno));
+@@ -2024,7 +2024,7 @@ watch_child(const CommandLine &masterCom
+         }
+ 
+         /* parent */
+-        openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4);
++        openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY, LOG_LOCAL4);
+ 
+         // If Squid received a signal while checking for dying kids (below) or
+         // starting new kids (above), then do a fast check for a new dying kid
diff --git a/net-proxy/squid/files/squid.confd-r2 b/net-proxy/squid/files/squid.confd-r2
new file mode 100644
index 0000000..7088d7f
--- /dev/null
+++ b/net-proxy/squid/files/squid.confd-r2
@@ -0,0 +1,19 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+# Config file for /etc/init.d/squid
+
+SQUID_OPTS="-YC"
+
+# Kerberos keytab file to use. This is required if you enable kerberos authentication.
+SQUID_KEYTAB=""
+
+# Use max_filedescriptors setting in squid.conf to determine the maximum number
+# of filedescriptors squid can open.
+
+# Set whether Squid should receive two shutdown signals instead of one. If set to "yes",
+# Squid will skip the graceful shutdown step, and will try to immediately close all open
+# file descriptors and helpers. This is useful if you experience very long delays when
+# shutting down the caching proxy.
+SQUID_FAST_SHUTDOWN="no"
diff --git a/net-proxy/squid/files/squid.initd-r5 b/net-proxy/squid/files/squid.initd-r5
new file mode 100644
index 0000000..2e5fe8d
--- /dev/null
+++ b/net-proxy/squid/files/squid.initd-r5
@@ -0,0 +1,123 @@
+#!/sbin/openrc-run
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+extra_started_commands="reload rotate"
+
+depend() {
+	use dns net
+}
+
+checkconfig() {
+	local CONFFILES="/etc/squid/${RC_SVCNAME}.conf /etc/squid/${RC_SVCNAME}.include /etc/squid/${RC_SVCNAME}.include.*"
+	if [ ! -f /etc/squid/${RC_SVCNAME}.conf ]; then
+		eerror "You need to create /etc/squid/${RC_SVCNAME}.conf first."
+		eerror "The main configuration file and all included file names should have the following format:"
+		eerror "${CONFFILES}"
+		eerror "An example can be found in /etc/squid/squid.conf.default"
+		return 1
+	fi
+
+	local PIDFILE=$(cat ${CONFFILES} 2>/dev/null 3>/dev/null | awk '/^[ \t]*pid_filename[ \t]+/ { print $2 }')
+	[ -z ${PIDFILE} ] && PIDFILE=/run/squid.pid
+	if [ /run/${RC_SVCNAME}.pid != ${PIDFILE} ]; then
+		eerror "/etc/squid/${RC_SVCNAME}.conf must set pid_filename to"
+		eerror "   /run/${RC_SVCNAME}.pid"
+		eerror "CAUTION: http_port, cache_dir and *_log parameters must be different than"
+		eerror "         in any other instance of squid."
+		eerror "Make sure the main configuration file and all included file names have the following format:"
+		eerror "${CONFFILES}"
+		return 1
+	fi
+
+	# Maximum file descriptors squid can open is determined by:
+	# a basic default of N=1024
+	#  ... altered by ./configure --with-filedescriptors=N
+	#  ... overridden on production by squid.conf max_filedescriptors (if,
+	#  and only if, setrlimit() RLIMIT_NOFILE is able to be built+used).
+	# Since we do not configure hard coded # of filedescriptors anymore,
+	# there is no need for ulimit calls in the init script.
+	# Use max_filedescriptors in squid.conf instead.
+
+	local CACHE_SWAP=$(cat ${CONFFILES} 2>/dev/null 3>/dev/null | awk '/^[ \t]*cache_dir[ \t]+/ { if ( $2 == "rock" ) printf "%s/rock ", $3; else if ( $2 == "coss" ) printf "%s/stripe ", $3; else printf "%s/00 ", $3; }')
+	[ -z "$CACHE_SWAP" ] && CACHE_SWAP="/var/cache/squid/00"
+	
+	local x
+	for x in $CACHE_SWAP ; do
+		if [ ! -e $x ] ; then
+			ebegin "Initializing cache directory ${x%/*}"
+			local ORIG_UMASK=$(umask)
+			umask 027
+
+			if ! (mkdir -p ${x%/*} && chown squid ${x%/*}) ; then
+				eend 1
+				return 1
+			fi
+
+			local INIT_CACHE_RESPONSE="$(/usr/sbin/squid -z -N -f /etc/squid/${RC_SVCNAME}.conf -n ${RC_SVCNAME//[^[:alnum:]]/} 2>&1)"
+			if [ $? != 0 ] || echo "$INIT_CACHE_RESPONSE" | grep -q "erminated abnormally" ; then
+				umask $ORIG_UMASK
+				eend 1
+				echo "$INIT_CACHE_RESPONSE"
+				return 1
+			fi
+
+			umask $ORIG_UMASK
+			eend 0
+			break
+		fi
+	done
+	
+	return 0
+}
+
+start() {
+	checkconfig || return 1
+	checkpath -d -q -m 0750 -o squid:squid /run/${RC_SVCNAME}
+
+	# see https://wiki.squid-cache.org/MultipleInstances
+	ebegin "Starting ${RC_SVCNAME} (service name ${RC_SVCNAME//[^[:alnum:]]/}) with KRB5_KTNAME=\"${SQUID_KEYTAB}\" /usr/sbin/squid ${SQUID_OPTS} -f /etc/squid/${RC_SVCNAME}.conf -n ${RC_SVCNAME//[^[:alnum:]]/}"
+	KRB5_KTNAME="${SQUID_KEYTAB}" /usr/sbin/squid ${SQUID_OPTS} -f /etc/squid/${RC_SVCNAME}.conf -n ${RC_SVCNAME//[^[:alnum:]]/}
+	eend $? && sleep 1
+}
+
+stop() {
+	ebegin "Stopping ${RC_SVCNAME} with /usr/sbin/squid -k shutdown -f /etc/squid/${RC_SVCNAME}.conf -n ${RC_SVCNAME//[^[:alnum:]]/}"
+	if /usr/sbin/squid -k shutdown -f /etc/squid/${RC_SVCNAME}.conf -n ${RC_SVCNAME//[^[:alnum:]]/} ; then
+		# Now we have to wait until squid has _really_ stopped.
+		sleep 1
+		if [ -f /run/${RC_SVCNAME}.pid ] ; then
+			einfon "Waiting for squid to shutdown ."
+			cnt=0
+			while [ -f /run/${RC_SVCNAME}.pid ] ; do
+				cnt=$(expr $cnt + 1)
+				if [ $cnt -gt 60 ] ; then
+					# Waited 120 seconds now. Fail.
+					echo
+					eend 1 "Failed."
+					break
+				fi
+				sleep 2
+				echo -n "."
+			done
+			echo
+		fi
+	else
+		eerror "Squid shutdown failed, probably service is already down."
+	fi
+	eend 0
+}
+
+reload() {
+	checkconfig || return 1
+	ebegin "Reloading ${RC_SVCNAME} with /usr/sbin/squid -k reconfigure -f /etc/squid/${RC_SVCNAME}.conf -n ${RC_SVCNAME//[^[:alnum:]]/}"
+	/usr/sbin/squid -k reconfigure -f /etc/squid/${RC_SVCNAME}.conf -n ${RC_SVCNAME//[^[:alnum:]]/}
+	eend $?
+}
+
+rotate() {
+	service_started ${RC_SVCNAME} || return 1
+	ebegin "Rotating ${RC_SVCNAME} logs with /usr/sbin/squid -k rotate -f /etc/squid/${RC_SVCNAME}.conf -n ${RC_SVCNAME//[^[:alnum:]]/}"
+	/usr/sbin/squid -k rotate -f /etc/squid/${RC_SVCNAME}.conf -n ${RC_SVCNAME//[^[:alnum:]]/}
+	eend $?
+}
diff --git a/net-proxy/squid/files/squid.logrotate b/net-proxy/squid/files/squid.logrotate
new file mode 100644
index 0000000..5bf2896
--- /dev/null
+++ b/net-proxy/squid/files/squid.logrotate
@@ -0,0 +1,8 @@
+/var/log/squid/*.log {
+    copytruncate
+    compress
+    notifempty
+    missingok
+    sharedscripts
+}
+
diff --git a/net-proxy/squid/files/squid.pam b/net-proxy/squid/files/squid.pam
new file mode 100644
index 0000000..75eeaa9
--- /dev/null
+++ b/net-proxy/squid/files/squid.pam
@@ -0,0 +1,7 @@
+#%PAM-1.0
+auth       required		pam_nologin.so
+auth       include		system-auth
+account    include		system-auth
+password   include		system-auth
+session    optional		pam_limits.so
+session    include		system-auth
diff --git a/net-proxy/squid/squid-4.4-r1.ebuild b/net-proxy/squid/squid-4.4-r1.ebuild
new file mode 100644
index 0000000..6e564cd
--- /dev/null
+++ b/net-proxy/squid/squid-4.4-r1.ebuild
@@ -0,0 +1,275 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+inherit autotools linux-info pam toolchain-funcs user
+
+DESCRIPTION="A full-featured web proxy cache"
+HOMEPAGE="http://www.squid-cache.org/"
+
+# Upstream patch ID for the most recent bug-fixed update to the formal release.
+r=
+#r=-20181117-r0022167
+if [ -z "$r" ]; then
+	SRC_URI="http://www.squid-cache.org/Versions/v4/${P}.tar.xz"
+else
+	SRC_URI="http://www.squid-cache.org/Versions/v4/${P}${r}.tar.bz2"
+	S="${S}${r}"
+fi
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE="caps ipv6 pam ldap libressl samba sasl kerberos nis radius ssl snmp selinux logrotate test \
+	ecap esi ssl-crtd \
+	mysql postgres sqlite \
+	perl qos tproxy \
+	+htcp +wccp +wccpv2 \
+	pf-transparent ipf-transparent kqueue \
+	elibc_uclibc kernel_linux"
+
+COMMON_DEPEND="caps? ( >=sys-libs/libcap-2.16 )
+	pam? ( virtual/pam )
+	ldap? ( net-nds/openldap )
+	kerberos? ( virtual/krb5 )
+	qos? ( net-libs/libnetfilter_conntrack )
+	ssl? (
+		libressl? ( dev-libs/libressl:0 )
+		!libressl? ( dev-libs/openssl:0 )
+		dev-libs/nettle >=net-libs/gnutls-3.1.5 )
+	sasl? ( dev-libs/cyrus-sasl )
+	ecap? ( net-libs/libecap:1 )
+	esi? ( dev-libs/expat dev-libs/libxml2 )
+	!x86-fbsd? ( logrotate? ( app-admin/logrotate ) )
+	>=sys-libs/db-4:*
+	dev-libs/libltdl:0"
+DEPEND="${COMMON_DEPEND}
+	dev-lang/perl
+	ecap? ( virtual/pkgconfig )
+	test? ( dev-util/cppunit )"
+RDEPEND="${COMMON_DEPEND}
+	samba? ( net-fs/samba )
+	perl? ( dev-lang/perl )
+	mysql? ( dev-perl/DBD-mysql )
+	postgres? ( dev-perl/DBD-Pg )
+	selinux? ( sec-policy/selinux-squid )
+	sqlite? ( dev-perl/DBD-SQLite )
+	!<=sci-biology/meme-4.8.1-r1"
+
+REQUIRED_USE="tproxy? ( caps )
+			qos? ( caps )"
+
+pkg_pretend() {
+	if use tproxy; then
+		local CONFIG_CHECK="~NF_CONNTRACK ~NETFILTER_XT_MATCH_SOCKET ~NETFILTER_XT_TARGET_TPROXY"
+		linux-info_pkg_setup
+	fi
+}
+
+pkg_setup() {
+	enewgroup squid
+	enewuser squid -1 -1 /var/cache/squid squid
+}
+
+src_prepare() {
+	eapply "${FILESDIR}/${PN}-4.3-gentoo.patch"
+	sed -i -e 's:/usr/local/squid/etc:/etc/squid:' \
+		INSTALL QUICKSTART \
+		scripts/fileno-to-pathname.pl \
+		scripts/check_cache.pl \
+		tools/cachemgr.cgi.8 \
+		tools/purge/conffile.hh \
+		tools/purge/purge.1  || die
+	sed -i -e 's:/usr/local/squid/sbin:/usr/sbin:' \
+		INSTALL QUICKSTART || die
+	sed -i -e 's:/usr/local/squid/var/cache:/var/cache/squid:' \
+		QUICKSTART || die
+	sed -i -e 's:/usr/local/squid/var/logs:/var/log/squid:' \
+		QUICKSTART \
+		src/log/access_log.cc || die
+	sed -i -e 's:/usr/local/squid/logs:/var/log/squid:' \
+		src/log/access_log.cc || die
+	sed -i -e 's:/usr/local/squid/libexec:/usr/libexec/squid:' \
+		src/acl/external/unix_group/ext_unix_group_acl.8 \
+		src/acl/external/session/ext_session_acl.8 || die
+	sed -i -e 's:/usr/local/squid/cache:/var/cache/squid:' \
+		scripts/check_cache.pl || die
+	# /var/run/squid to /run/squid
+	sed -i -e 's:$(localstatedir)::' \
+		src/ipc/Makefile.am || die
+	sed -i -e 's:_LTDL_SETUP:LTDL_INIT([installable]):' \
+		libltdl/configure.ac || die
+
+	eapply_user
+	eautoreconf
+}
+
+src_configure() {
+	local basic_modules="NCSA,POP3,getpwnam"
+	# use perl && basic_modules+=",MSNT-multi-domain"
+	use samba && basic_modules+=",SMB"
+	use ldap && basic_modules+=",SMB_LM,LDAP"
+	use pam && basic_modules+=",PAM"
+	use sasl && basic_modules+=",SASL"
+	use nis && ! use elibc_uclibc && basic_modules+=",NIS"
+	use radius && basic_modules+=",RADIUS"
+	if use mysql || use postgres || use sqlite ; then
+		basic_modules+=",DB"
+	fi
+
+	local digest_modules="file"
+	use ldap && digest_modules+=",LDAP,eDirectory"
+
+	local negotiate_modules="none"
+	local myconf="--without-mit-krb5 --without-heimdal-krb5"
+	if use kerberos ; then
+		negotiate_modules="kerberos,wrapper"
+		if has_version app-crypt/heimdal ; then
+			myconf="--without-mit-krb5 --with-heimdal-krb5"
+		else
+			myconf="--with-mit-krb5 --without-heimdal-krb5"
+		fi
+	fi
+
+	local ntlm_modules="none"
+	use samba && ntlm_modules="SMB_LM"
+
+	local ext_helpers="file_userip,session,unix_group,delayer,time_quota"
+	use samba && ext_helpers+=",wbinfo_group"
+	use ldap && ext_helpers+=",LDAP_group,eDirectory_userip"
+	use ldap && use kerberos && ext_helpers+=",kerberos_ldap_group"
+	if use mysql || use postgres || use sqlite ; then
+	    ext_helpers+=",SQL_session"
+	fi
+
+	local storeio_modules="aufs,diskd,rock,ufs"
+
+	local transparent
+	if use kernel_linux ; then
+		transparent+=" --enable-linux-netfilter"
+		use qos && transparent+=" --enable-zph-qos --with-netfilter-conntrack"
+	fi
+
+	if use kernel_FreeBSD || use kernel_OpenBSD || use kernel_NetBSD ; then
+		transparent+=" $(use_enable kqueue)"
+		if use pf-transparent; then
+			transparent+=" --enable-pf-transparent"
+		elif use ipf-transparent; then
+			transparent+=" --enable-ipf-transparent"
+		fi
+	fi
+
+	tc-export_build_env BUILD_CXX
+	export BUILDCXX=${BUILD_CXX}
+	export BUILDCXXFLAGS=${BUILD_CXXFLAGS}
+	tc-export CC AR
+
+	# Should be able to drop this workaround with newer versions.
+	# https://bugs.squid-cache.org/show_bug.cgi?id=4224
+	tc-is-cross-compiler && export squid_cv_gnu_atomics=no
+
+	econf \
+		--sysconfdir=/etc/squid \
+		--libexecdir=/usr/libexec/squid \
+		--localstatedir=/var \
+		--with-pidfile=/run/squid.pid \
+		--datadir=/usr/share/squid \
+		--with-logdir=/var/log/squid \
+		--with-default-user=squid \
+		--enable-removal-policies="lru,heap" \
+		--enable-storeio="${storeio_modules}" \
+		--enable-disk-io \
+		--enable-auth-basic="${basic_modules}" \
+		--enable-auth-digest="${digest_modules}" \
+		--enable-auth-ntlm="${ntlm_modules}" \
+		--enable-auth-negotiate="${negotiate_modules}" \
+		--enable-external-acl-helpers="${ext_helpers}" \
+		--enable-log-daemon-helpers \
+		--enable-url-rewrite-helpers \
+		--enable-cache-digests \
+		--enable-delay-pools \
+		--enable-eui \
+		--enable-icmp \
+		--enable-follow-x-forwarded-for \
+		--with-large-files \
+		--with-build-environment=default \
+		--disable-strict-error-checking \
+		--disable-arch-native \
+		--with-included-ltdl=/usr/include \
+		--with-ltdl-libdir=/usr/$(get_libdir) \
+		$(use_with caps libcap) \
+		$(use_enable ipv6) \
+		$(use_enable snmp) \
+		$(use_with ssl openssl) \
+		$(use_with ssl nettle) \
+		$(use_with ssl gnutls) \
+		$(use_enable ssl-crtd) \
+		$(use_enable ecap) \
+		$(use_enable esi) \
+		$(use_enable htcp) \
+		$(use_enable wccp) \
+		$(use_enable wccpv2) \
+		${transparent} \
+		${myconf}
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	# need suid root for looking into /etc/shadow
+	fowners root:squid /usr/libexec/squid/basic_ncsa_auth
+	fperms 4750 /usr/libexec/squid/basic_ncsa_auth
+	if use pam; then
+		fowners root:squid /usr/libexec/squid/basic_pam_auth
+		fperms 4750 /usr/libexec/squid/basic_pam_auth
+	fi
+	# pinger needs suid as well
+	fowners root:squid /usr/libexec/squid/pinger
+	fperms 4750 /usr/libexec/squid/pinger
+
+	# these scripts depend on perl
+	if ! use perl; then
+		local f
+		local PERL_SCRIPTS=(
+		    "${D}"/usr/libexec/squid/basic_pop3_auth
+		    "${D}"/usr/libexec/squid/log_db_daemon
+		    "${D}"/usr/libexec/squid/basic_msnt_multi_domain_auth
+		    "${D}"/usr/libexec/squid/storeid_file_rewrite
+		    "${D}"/usr/libexec/squid/helper-mux.pl
+		)
+		for f in "${PERL_SCRIPTS[@]}"; do
+			rm -v "${f}" || ewarn "Could not remove ${f}."
+		done
+	fi
+
+	# cleanup
+	rm -f "${D}"/usr/bin/Run*
+	rm -rf "${D}"/run/squid "${D}"/var/cache/squid
+
+	dodoc CONTRIBUTORS CREDITS ChangeLog INSTALL QUICKSTART README SPONSORS doc/*.txt
+	newdoc src/auth/negotiate/kerberos/README README.kerberos
+	newdoc src/auth/basic/RADIUS/README README.RADIUS
+	newdoc src/acl/external/kerberos_ldap_group/README README.kerberos_ldap_group
+	dodoc RELEASENOTES.html
+
+	newpamd "${FILESDIR}/squid.pam" squid
+	newconfd "${FILESDIR}/squid.confd-r2" squid
+	newinitd "${FILESDIR}/squid.initd-r5" squid
+	if use logrotate; then
+		insinto /etc/logrotate.d
+		newins "${FILESDIR}/squid.logrotate" squid
+	else
+		exeinto /etc/cron.weekly
+		newexe "${FILESDIR}/squid.cron" squid.cron
+	fi
+
+	diropts -m0750 -o squid -g squid
+	keepdir /var/log/squid /etc/ssl/squid /var/lib/squid
+}
+
+pkg_postinst() {
+	elog "A good starting point to debug Squid issues is to use 'squidclient mgr:' commands such as 'squidclient mgr:info'."
+	if [ ${#r} -gt 0 ]; then
+		elog "You are using a release with the official ${r} patch! Make sure you mention that, or send the output of 'squidclient mgr:info' when asking for support."
+	fi
+}