bump squid to 6.0.3

add basic_radius_auth

.github/workflows/dockerimage.yml

@@ -4,7 +4,8 @@ on:
   push:
     # Publish `master` as Docker `latest` image.
     branches:
-      - master
+      - master
+      - v6
 
     # Publish `v1.2.3` tags as releases.
     tags:
@@ -15,27 +16,30 @@ on:
     branches:
       - "master"
 
+env:
+  TEST_TAG: b4tman/squid:test
+
 jobs:
   test:
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
 
       - name: Login to DockerHub
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
         with:
           username: b4tman
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Cache Docker layers
-        uses: actions/cache@v2
+        uses: actions/cache@v3.3.1
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ github.sha }}
@@ -43,14 +47,14 @@ jobs:
             ${{ runner.os }}-buildx-
 
       - name: Build squid image
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v4
         with:
           context: .
           push: false
-          tags: b4tman/squid
+          load: true # automatically load the single-platform build result to docker images
+          tags: ${{ env.TEST_TAG }}
           cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache-new
-          outputs: type=image,name=b4tman/squid,push=false
+          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
 
       # Temp fix
       # https://github.com/docker/build-push-action/issues/252
@@ -61,36 +65,23 @@ jobs:
           mv /tmp/.buildx-cache-new /tmp/.buildx-cache
 
       - name: Test image
-        run: docker-compose -f docker-compose.test.yml up sut
+        run: docker compose -f docker-compose.test.yml up --pull never sut
 
-      - name: Build 'ssl-bump' image
-        uses: docker/build-push-action@v2
-        with:
-          context: ssl-bump
-          push: false
-          file: ssl-bump/Dockerfile
-          tags: b4tman/squid:ssl-bump
-          cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache-new
-
-      # Temp fix
-      # https://github.com/docker/build-push-action/issues/252
-      # https://github.com/moby/buildkit/issues/1896
-      - name: Move cache
+      - name: Build 'ssl-bump' image     
         run: |
-          rm -rf /tmp/.buildx-cache
-          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+          sed -i "s%FROM b4tman/squid%FROM $TEST_TAG%" ssl-bump/Dockerfile
+          docker build ssl-bump
 
   push:
     needs: test
     runs-on: ubuntu-20.04
     if: github.event_name != 'pull_request'
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v4
         with:
           images: |
             b4tman/squid
@@ -104,7 +95,7 @@ jobs:
 
       - name: Docker meta (ssl-bump)
         id: meta_ssl_bump
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v4
         with:
           images: |
             b4tman/squid
@@ -119,7 +110,7 @@ jobs:
 
       - name: Docker meta (ssl-bump ghcr)
         id: meta_ssl_bump_ghcr
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v4
         with:
           images: |
             ghcr.io/b4tman/squid-ssl-bump
@@ -131,13 +122,13 @@ jobs:
             type=semver,pattern={{major}}.{{minor}}
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
 
       - name: Cache Docker layers
-        uses: actions/cache@v2
+        uses: actions/cache@v3.3.1
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ github.sha }}
@@ -145,20 +136,20 @@ jobs:
             ${{ runner.os }}-buildx-
 
       - name: Login to DockerHub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
         with:
           username: b4tman
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Login to GHCR
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.CR_PAT }}
 
       - name: Build squid image
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v4
         with:
           context: .
           push: true
@@ -166,7 +157,7 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache-new
+          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
 
       # Temp fix
       # https://github.com/docker/build-push-action/issues/252
@@ -177,7 +168,7 @@ jobs:
           mv /tmp/.buildx-cache-new /tmp/.buildx-cache
 
       - name: Build 'ssl-bump' image
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v4
         with:
           context: ssl-bump
           push: true
@@ -197,7 +188,7 @@ jobs:
           mv /tmp/.buildx-cache-new /tmp/.buildx-cache
 
       - name: Build 'ssl-bump' image for ghcr
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v4
         with:
           context: ssl-bump
           push: true
@@ -206,7 +197,7 @@ jobs:
           tags: ${{ steps.meta_ssl_bump_ghcr.outputs.tags }}
           labels: ${{ steps.meta_ssl_bump_ghcr.outputs.labels }}
           cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache-new
+          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
 
       # Temp fix
       # https://github.com/docker/build-push-action/issues/252

.github/workflows/stale.yml

@@ -18,7 +18,7 @@ jobs:
       pull-requests: write
 
     steps:
-    - uses: actions/stale@v3
+    - uses: actions/stale@v8
       with:
         days-before-stale: 182
         days-before-close: 7

Dockerfile

@@ -1,6 +1,6 @@
-FROM alpine:3.14.2 as build
+FROM alpine:3.18.0 as build
 
-ENV SQUID_VER 5.2
+ARG SQUID_VER=6.0.3
 
 RUN set -x && \
 	apk add --no-cache  \
@@ -9,7 +9,8 @@ RUN set -x && \
 		libc-dev \
 		curl \
 		gnupg \
-		libressl-dev \
+		openssl-dev \
+		openssl-libs-static \
 		perl-dev \
 		autoconf \
 		automake \
@@ -20,32 +21,33 @@ RUN set -x && \
 		libcap-dev \
 		linux-headers
 
+WORKDIR /tmp/build
+
 RUN set -x && \
-	mkdir -p /tmp/build && \
-	cd /tmp/build && \
-    curl -SsL http://www.squid-cache.org/Versions/v${SQUID_VER%%.*}/squid-${SQUID_VER}.tar.gz -o squid-${SQUID_VER}.tar.gz && \
+	curl -SsL http://www.squid-cache.org/Versions/v${SQUID_VER%%.*}/squid-${SQUID_VER}.tar.gz -o squid-${SQUID_VER}.tar.gz && \
 	curl -SsL http://www.squid-cache.org/Versions/v${SQUID_VER%%.*}/squid-${SQUID_VER}.tar.gz.asc -o squid-${SQUID_VER}.tar.gz.asc
 
-COPY squid-keys.asc /tmp
+COPY squid-keys.asc /tmp/build
 
 RUN set -x && \
-	cd /tmp/build && \
-	export GNUPGHOME="$(mktemp -d)" && \
-	gpg --import /tmp/squid-keys.asc && \
+	GNUPGHOME="$(mktemp -d)" && \
+	export GNUPGHOME && \
+	gpg --import squid-keys.asc && \
 	gpg --batch --verify squid-${SQUID_VER}.tar.gz.asc squid-${SQUID_VER}.tar.gz && \
 	rm -rf "$GNUPGHOME"
-	
+
 RUN set -x && \
-	cd /tmp/build && \	
 	tar --strip 1 -xzf squid-${SQUID_VER}.tar.gz && \
 	\
+	MACHINE=$(uname -m) && \
+	\
 	CFLAGS="-g0 -O2" \
 	CXXFLAGS="-g0 -O2" \
 	LDFLAGS="-s" \
 	\
 	./configure \
-		--build="$(uname -m)" \
-		--host="$(uname -m)" \
+		--build="$MACHINE" \
+		--host="$MACHINE" \
 		--prefix=/usr \
 		--datadir=/usr/share/squid \
 		--sysconfdir=/etc/squid \
@@ -56,7 +58,8 @@ RUN set -x && \
 		--disable-arch-native \
 		--enable-removal-policies="lru,heap" \
 		--enable-auth-digest \
-		--enable-auth-basic="getpwnam,NCSA" \
+		--enable-auth-basic="getpwnam,NCSA,DB,RADIUS" \
+		--enable-basic-auth-helpers="DB" \
 		--enable-epoll \
 		--enable-external-acl-helpers="file_userip,unix_group,wbinfo_group" \
 		--enable-auth-ntlm="fake" \
@@ -90,22 +93,20 @@ RUN set -x && \
 		--with-openssl \
 		--with-pidfile=/var/run/squid/squid.pid
 
-# fix build
 RUN set -x && \
-    mkdir -p /tmp/build/tools/squidclient/tests && \
-    mkdir -p /tmp/build/tools/tests
-
-RUN set -x && \
-	cd /tmp/build && \
-	nproc=$(n=$(nproc) ; max_n=6 ; [ $n -le $max_n ] && echo $n || echo $max_n) && \
+	nproc=$(n=$(nproc) ; max_n=6 ; echo $(( n <= max_n ? n : max_n )) ) && \
 	make -j $nproc && \
-	make install && \
-	cd tools/squidclient && make && make install-strip
+	make install
 
-RUN sed -i '1s;^;include /etc/squid/conf.d/*.conf\n;' /etc/squid/squid.conf
-RUN echo 'include /etc/squid/conf.d.tail/*.conf' >> /etc/squid/squid.conf
+WORKDIR /tmp/build/tools/squidclient
+RUN make && make install-strip
 
-FROM alpine:3.14.2
+RUN sed -i '1s;^;include /etc/squid/conf.d/*.conf\n;' /etc/squid/squid.conf && \
+	echo 'include /etc/squid/conf.d.tail/*.conf' >> /etc/squid/squid.conf
+
+# --- --- --- --- --- --- --- --- ---
+
+FROM alpine:3.18.0
 	
 ENV SQUID_CONFIG_FILE /etc/squid/squid.conf
 ENV TZ Europe/Moscow
@@ -118,9 +119,7 @@ RUN apk add --no-cache \
 		libstdc++ \
 		heimdal-libs \
 		libcap \
-		libressl3.3-libcrypto \
-		libressl3.3-libssl \
-		libltdl	
+		libltdl
 
 COPY --from=build /etc/squid/ /etc/squid/
 COPY --from=build /usr/lib/squid/ /usr/lib/squid/
@@ -128,25 +127,23 @@ COPY --from=build /usr/share/squid/ /usr/share/squid/
 COPY --from=build /usr/sbin/squid /usr/sbin/squid
 COPY --from=build /usr/bin/squidclient /usr/bin/squidclient
 
-		
 RUN install -d -o squid -g squid \
 		/var/cache/squid \
 		/var/log/squid \
 		/var/run/squid && \
-	chmod +x /usr/lib/squid/*
-	
-RUN install -d -m 755 -o squid -g squid \
+	chmod +x /usr/lib/squid/* && \
+	install -d -m 755 -o squid -g squid \
 		/etc/squid/conf.d \
-		/etc/squid/conf.d.tail
-RUN touch /etc/squid/conf.d/placeholder.conf 
+		/etc/squid/conf.d.tail && \
+	touch /etc/squid/conf.d/placeholder.conf
 COPY squid-log.conf /etc/squid/conf.d.tail/
 
 RUN	set -x && \
-	apk add --no-cache --virtual .tz alpine-conf tzdata && \ 
+	apk add --no-cache --virtual .tz alpine-conf tzdata && \
 	/sbin/setup-timezone -z $TZ && \
-	apk del .tz 	
-	
-VOLUME ["/var/cache/squid"]	
+	apk del .tz
+
+VOLUME ["/var/cache/squid"]
 EXPOSE 3128/tcp
 
 USER squid

README.md

@@ -1,5 +1,3 @@
-[![Drone Build Status](https://cloud.drone.io/api/badges/b4tman/docker-squid/status.svg?ref=refs/heads/master)](https://cloud.drone.io/b4tman/docker-squid)
-![Docker Build Status](https://img.shields.io/docker/cloud/build/b4tman/squid)
 ![Docker Image CI Status](https://github.com/b4tman/docker-squid/workflows/Docker%20Image%20CI/badge.svg)
 
 # docker-squid

docker-compose.test.yml

@@ -1,10 +1,7 @@
 version: '2.3'
 services:
   proxy:
-    image: squidproxy
-    build:
-      context: .
-      dockerfile: Dockerfile
+    image: "${TEST_TAG}"
     healthcheck:
       test: ["CMD", "sh", "-exc", "squidclient -T 3 mgr:info 2> /dev/null | grep -qF '200 OK'"]
       interval: 5s
@@ -12,9 +9,10 @@ services:
       retries: 5
       start_period: 1s
   sut:
-    image: squidproxy
+    image: "${TEST_TAG}"
     links: 
       - proxy
     depends_on:
       - proxy
     command: sh -exc "sleep 10 && squidclient -h proxy -T 3 'https://postman-echo.com/get?squidtest=ok' 2> /dev/null | grep -qF '200 OK'"
+