|
Bugzilla – Full Text Bug Listing |
| Summary: | Yast Squid module creates invalid squid.conf configuration file | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE 10.3 | Reporter: | Marcus Furlong <furlongm> |
| Component: | YaST2 | Assignee: | Jiri Srain <jsrain> |
| Status: | RESOLVED FIXED | QA Contact: | Jiri Srain <jsrain> |
| Severity: | Normal | ||
| Priority: | P5 - None | ||
| Version: | Final | ||
| Target Milestone: | --- | ||
| Hardware: | x86 | ||
| OS: | openSUSE 10.3 | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: |
Yast-bungled squid.conf
bzipped y2log default squid.conf |
||
Please attach y2logs. If you are in doubt follow: http://en.opensuse.org/Bugs/YaST Thanks! Created attachment 206320 [details]
bzipped y2log
y2log attached
I cannot reproduce this bug, for me, YaST appends the acl localnet line after all other acls and inserts the http_access allow localnet line prior the first access control line, which is correct and squid starts correctly. Did you somehow modify the file manually? Would it be possible to attach your configuratoin file _before_ the incorrect changes written by YaST or any correct squid.conf on which you can reproduce this bug? Created attachment 207040 [details]
default squid.conf
zypper/yast installed squid.conf
I've just reproduced it on 3 different machines running opensuse 10.3 None of the machines had squid / yast-squid installed before. To trigger the bug, the localnet Access Control needs to be moved up one place above "deny all" as follows: ┌─────────────────────────────────────────────┐ [Up] │Allow/Deny│ACL Groups │[Down] │allow │manager localhost │ │deny │manager │ │deny │!Safe_ports │ │deny │CONNECT !SSL_ports │ │allow │localhost │ │allow │localnet │ │deny │all │ This bug occurs with the ncurses frontend in case that makes any difference? (no X server on these machines) I didn't modify squid.conf in any way beforehand, so the attached one is the one that yast or zypper installs from the rpm. On the test machines, squid was installed only a few minutes before using the yast-squid module which triggered the bug, so no manual modifications were made to squid.conf Sorry, I missed the fact that you are using 10.3 and not 11.0 Alpha-anything. The code which is responsible for writing the configuration file has been rewritten after 10.3, that's why I cannot reproduce the problem. Would it be possible to check 11.0 Alpha3, whether you can reproduce the problem there? (I can create a 10.3 package for you if needed) Tried with 11.0-alpah3 but I get an error installing squid-2.6.STABLE19-6.i586.rpm from factory: error: unpacking of archive failed: cpio: Bad magic Updating rpm fixed that, and yes this bug is fixed in 11.0-alpha3 OK, marking this bug as FIXED. Since the package was not part of the official 10.3 medias, will not backport the fix to 10.3. Many thanks for testing! |
Created attachment 206140 [details] Yast-bungled squid.conf Steps to Reproduce: Install squid, yast2-squid Restart Yast Network Services -> Squid -> Access Control ACL Groups -> Add Name: localnet Type: src IP address: 192.168.1.0 Network Mask: 24 OK Access Control -> Add Allow, localnet, Add OK Select "allow localnet" and move it up on place, so that it is above "deny all" (so localnet has a higher precedence than "deny all" and actually gets used) Accept Expected Result: Start Service starts squid Actual Result: Yast gives an error "Cannot start squid service" Reason: Yast places the "acl localnet" line after the "http_access allow localnet", so localnet is not yet defined. (It seems to replace the "http_access deny all" with "http_access allow localnet), e.g. # And finally deny all other access to this proxy http_access allow localnet Will attach generated squid.conf. Output: # squid -k parse 2008/04/03 20:40:07| ACL name 'localnet' not defined! FATAL: Bungled squid.conf line 2575: http_access allow localnet Squid Cache (Version 2.6.STABLE14): Terminated abnormally.