Bug 11575 - squidguard doesn't work
Summary: squidguard doesn't work
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 3
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
Whiteboard: MGA3-64-OK MGA3-32-OK
Keywords: Triaged, validated_update
Depends on:
Reported: 2013-11-01 12:00 CET by Paul Éric Despretz
Modified: 2013-11-09 20:20 CET (History)
8 users (show)

See Also:
Source RPM: squidguard
Status comment:

update the squidGuard data base (1.87 KB, application/x-shellscript)
2013-11-01 17:24 CET, Paul Éric Despretz

Description Paul Éric Despretz 2013-11-01 12:00:56 CET
The squidguard rpm provided by mageia doesn't work. (squidguard-1.4-17.mga3.x86_64.rpm)
Installation on a brand new mageia 3 machine by urpmi.
I qtest with :
# echo "http://www.example.com - GET" | squidGuard -c /etc/squid/squidGuard.conf -d
then I got this reply :

2013-11-01 11:32:47 [2117] New setting: dbhome: /usr/share/squidGuard
2013-11-01 11:32:47 [2117] syntax error in configfile /etc/squid/squidGuard.conf line 5
2013-11-01 11:32:47 [2117] Going into emergency mode

2013-11-01 11:32:47 [2117] ending emergency mode, stdin empty

The 5th line of the standard /etc/squid/squidGuard.conf is :
dbhome /usr/share/squidGuard-1.4/db
the line indicating where to find the data base.

The workaround is to put this line in double quotes this way :
dbhome "/usr/share/squidGuard-1.4/db"
and the syntax error went away.

Then a new test gives a database error :# echo "http://www.example.com - GET" | squidGuard -c /etc/squid/squidGuard.conf -d
2013-11-01 11:36:03 [2176] New setting: dbhome: /usr/share/squidGuard-1.4/db
2013-11-01 11:36:03 [2176] New setting: logdir: /var/log/squidGuard
BDB1565 DB->put: method not permitted before handle's open method
2013-11-01 11:36:03 [2176] sgDbUpdate: put: Invalid argument
2013-11-01 11:36:03 [2176] Going into emergency mode

squidguard seems to not like /usr/lib64/libdb-5.3.so...

The only way I've found to have a fonctionnal squidGuard on my mageia 3 machine was to erase the mageia rpm : 
urpme squidguard and urpme webserver-base-2.0-5.mga3.x86_64
then reinstall the fonctionning one from Mandriva 2010 :
# rpm -ivh --nodeps squidguard-1.4-6mdv2010.0.x86_64.rpm
and importing libdb-4.7.so in /usr/lib64/ from my old server.

Perhaps adding a lib64db4.7 rpm as a squidguard dependance could solve the problem ?
Manuel Hiebel 2013-11-01 16:24:59 CET

Keywords: (none) => Triaged
CC: (none) => ennael1, fundawang, luigiwalser, luis.daniel.lucio
Source RPM: (none) => squidguard

Comment 1 David Walser 2013-11-01 16:39:08 CET
Did you try just deleting your old .db files in /usr/share/squidGuard-1.4/db/* and running squidGuard -C all?

BTW we also have ufdbguard in Mageia 3 as an alternative to squidGuard.
Comment 2 Paul Éric Despretz 2013-11-01 17:24:01 CET
Created attachment 4465 [details]
update the squidGuard data base
Comment 3 Paul Éric Despretz 2013-11-01 17:30:16 CET
Ok. Tried this : 
# urpme squidguard --> to remove the mandriva rpm
# urpmi squidguard --> to install the mageia 3 rpm
# vi /etc/squid/squidGuard.conf --> to add the doubles quotes
# rm -rf /usr/share/squidGuard-1.4/db/* --> to delete the data base
# /root/maj_squidguard.sh --> to run my updating script (see attachment)

The script fails but the data base is correctly recreated.
Then test with :
# echo "http://www.example.com - GET" | squidGuard -c /etc/squid/squidGuard.conf -d
2013-11-01 17:26:26 [2554] New setting: dbhome: /usr/share/squidGuard-1.4/db
2013-11-01 17:26:26 [2554] New setting: logdir: /var/log/squidGuard
BDB1565 DB->put: method not permitted before handle's open method
2013-11-01 17:26:26 [2554] sgDbUpdate: put: Invalid argument
2013-11-01 17:26:26 [2554] Going into emergency mode

Still a no go.

I've taken a look at ufdbguard web site. This is not free software and the data base isn't costless.
Comment 4 David Walser 2013-11-01 17:34:06 CET
(In reply to Paul Ãric Despretz from comment #3)
> I've taken a look at ufdbguard web site. This is not free software and the
> data base isn't costless.

Incorrect.  It *is* free software (GPL), and you don't need their database to use it.
Comment 5 Paul Éric Despretz 2013-11-01 17:50:18 CET
(In reply to David Walser from comment #4)
> (In reply to Paul Ãric Despretz from comment #3)
> > I've taken a look at ufdbguard web site. This is not free software and the
> > data base isn't costless.
> Incorrect.  It *is* free software (GPL), and you don't need their database
> to use it.

Ok perhaps I'm wrong but from their web site (http://www.urlfilterdb.com/en/products/ufdbguard.html) you can read :

ufdbGuard is an extremely fast and free URL filter in public domain.
ufdbGuard is copyright-protected, but free for use.

So I thought that if it is copyright-protected, it is not GPL.
But on Sourceforge we can read that licence is GPL V2...

BTW, I'm happily running my server with squidGuard and would like to continue. :=)
Comment 6 David Walser 2013-11-01 17:59:44 CET
The GPL relies on copyright.  You can't place a GPL (or any other) license on your work if you don't own the copyright to it.  Copyright protection is what makes the GPL (and other licenses) enforceable.

Luckily the ufdbguard configuration file is largely compatible with squidGuard.conf, so it's not difficult to migrate over to it.  I do recommend that.

I just confirmed this bug BTW, squidguard really is broken :o(
Comment 7 David Walser 2013-11-01 18:07:53 CET
OK, you correctly identified the culprit.  It was broken when it was changed to build against db5 instead of db4.  Building it locally against db4 fixes it and it works again.  I'll build fixed packages.
Comment 8 David Walser 2013-11-01 18:18:11 CET
Fixed for Cauldron in squidguard-1.4-19.mga4.

Fixed package also uploaded for Mageia 3.

Thanks for the report Paul!  You can help get this update released more quickly by testing the rebuilt package in Mageia 3 core/updates_testing and confirming that it works for you.  Ultimately we'll need it tested on both i586 and x86_64 before issuing the update.


The squidGuard package in Mageia 3 was built against an incompatible version
of the Berkeley DB library.  It has been rebuilt against the correct version.

Updated packages in core/updates_testing:

from squidguard-1.4-17.1.mga3.src.rpm

Hardware: x86_64 => All
Assignee: bugsquad => qa-bugs

Comment 9 Paul Éric Despretz 2013-11-01 19:23:13 CET
Thanks for the quick action !
Actually testing it :
The default /etc/squid/squiGuard.conf needs to be modified. squidguard is complaining about syntax errors in the squidGuard.conf provided by the rpm.
1) Needs the double quote at line 5 --> dbhome "/usr/share/squidGuard-1.4/db"
2) Don't like the - on line 37 --> src fooclients {
3) Don't like the - on line 41 --> src barclients {
4) Don't like the /26 without a space before on line 42 --> ip /26
5) then error in the acl because it don't find foo-clients anymore on line 68 
--> fooclients within workhours {
6) idem for line 74 --> barclients {

I will now try with my real configuration file.
Comment 10 David Walser 2013-11-01 20:14:07 CET
Thanks for testing.  Granted I use a different directory for my dbhome than the default, but it does not need quotes.  I wonder what's going on there.
Comment 11 Paul Éric Despretz 2013-11-01 22:54:55 CET
No way. :=(
squidGuard is refusing the - in the config file. The parser seems to truncate everything following a -
Some can be protected by the double quotes but some are not... 
IMHO, the parser seems to be foolish :

The line 
urllist audio-video/urls is translated in :
init urllist /usr/share/squidGuard-1.4/db/audio
2013-11-01 22:43:09 [3236] /usr/share/squidGuard-1.4/db/audio: No such file or directory
2013-11-01 22:43:09 [3236] Going into emergency mode

The line 
urllist "audio_video/urls" is translated in :

init urllist /usr/share/squidGuard-1.4/db/audio_video/urlsins
2013-11-01 22:36:20 [3226] /usr/share/squidGuard-1.4/db/audio_video/urlsins: No such file or directory
2013-11-01 22:36:20 [3226] Going into emergency mode
The parser adds ins at the end of the line...
Comment 12 David Walser 2013-11-01 23:07:55 CET
Ahh, OK.  The dbhome I use doesn't have a - in it.  Does it work if you put a \ before the - (so /usr/share/squidGuard\-1.4/db)?  Just curious.

Honestly it'd probably be better to drop the version from the directory name.

But yeah now that you point out the other problems, sounds like there's some real issues with it.  There is a 1.5 beta, I wonder if it fixes these problems.  Ultimately it's probably better to use ufdbguard as it's more actively maintained upstream.

As far as building another update to deal with the "-" issue, I'm not sure that's really needed.  It's just a default configuration that isn't really very useful, as the examples in /usr/share/squidGuard-1.4/db really are just examples.  The real use case for this software is to either make your own filter lists or obtain some from the web, and then store them somewhere else in the filesystem (like /etc) and change the dbhome accordingly.
Comment 13 Paul Éric Despretz 2013-11-01 23:21:29 CET
Protecting with \ doesn't work...

Some workaround found :
1) Replacing all the - by _ in destination name and log name
example : the line 
dest audio-video
becomes the line
dest audio_video
2) When a syntax error occurs and if the double quote protection is useless then pushing the line containing urllist before the line domainlist does the trick...

Example : 
dest audio_video {
        urllist "audio-video/urls"
        domainlist "audio-video/domains"
        log /var/log/squidGuard/audio_video.log
works and gives no error

dest audio_video {
        domainlist "audio-video/domains"
        urllist "audio-video/urls"
        log /var/log/squidGuard/audio_video.log
is buggy and gives this error message :
init urllist /usr/share/squidGuard-1.4/db/audio-video/urlsins
2013-11-01 23:14:55 [3301] /usr/share/squidGuard-1.4/db/audio-video/urlsins: No such file or directory
2013-11-01 23:14:55 [3301] Going into emergency mode

I've modified my config file. It seems to work...
Comment 14 Bruno Cornec 2013-11-03 15:46:10 CET
I can confirm that the updae is working on my newly upgraded proxy server. Just wish I had found it earlier when I started yesterday my update from 2 to 3 !

Thanks a lot and I hope it will soon move to updates as the current one is broken anyway.

CC: (none) => bruno

Comment 15 David Walser 2013-11-03 15:48:22 CET
Bruno, what architecture are you running?  Paul has already confirmed it working on x86_64, so once someone confirms it working on i586, it's ready to validate and push as an update.
Comment 16 Bruno Cornec 2013-11-04 00:40:46 CET
Mine is i586 so go ;-)
Comment 17 Dave Hodgins 2013-11-04 01:34:24 CET
Advisory 11575.adv committed to svn.

Before validating the update, what about the underscore
and hyphen issue from comment 13?

CC: (none) => davidwhodgins

Comment 18 David Walser 2013-11-04 01:40:00 CET
That's a software issue, not a packaging issue.  I won't be updating this further.
Comment 19 Dave Hodgins 2013-11-04 02:12:49 CET
Validating the update.
Could someone from the sysadmin team push 11575.adv to updates.

Keywords: (none) => validated_update
Whiteboard: (none) => MGA3-64-OK MGA3-32-OK
CC: (none) => sysadmin-bugs

Comment 20 Thomas Backlund 2013-11-09 20:20:32 CET
Update pushed:

CC: (none) => tmb
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.