empty ACL warning during cron.daily/logrotate

Thanks for your report - this seems to be an undying issue.
See
https://bugs.launchpad.net/ubuntu/+source/squid-deb-proxy/+bug/1005257
https://bugs.launchpad.net/ubuntu/+source/squid-deb-proxy/+bug/1053682
https://bugs.launchpad.net/ubuntu/+source/squid-deb-proxy/+bug/1166667
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775545

@racb - I know you are on the squid merge - have you (or could you) have a look at the packaging/generating of this file on the current version you prepare?

squid-deb-proxy is a separate source package. I can look at it, but I think I can do that after upload of squid3 itself, right?

As stated in some of the other bug reports, making any blacklist entry lets the daily warning email go away. I created a file /etc/squid-deb-proxy/pkg-blacklist.d/01-dummy with the single line:
dummy.package

This works around the issue.

I write this for the case that somebody stumbles about this bug report in search for a fix.

Status changed to 'Confirmed' because the bug affects multiple users.

Steps to reproduce:

apt install squid-deb-proxy
logrotate -f /etc/logrotate.d/squid-deb-proxy

Confirmed on 14.04 and on Zesty.

@Amos,

Could I have your advice on this please?

It seems that:

squid-deb-proxy has a static configuration in /etc/squid-deb-proxy/squid-deb-proxy.conf containing:
    acl blockedpkgs urlpath_regex "/etc/squid-deb-proxy/autogenerated/pkg-blacklist-regexp.acl"

Files in /etc/squid-deb-proxy/autogenerated are automatically generated, and in packaging we'd prefer not to have to alter /etc/squid-deb-proxy/squid-deb-proxy.conf dynamically.

This causes an emailed logrotation warning when logrotate calls "/usr/sbin/squid -f /etc/squid-deb-proxy/squid-deb-proxy.conf -k rotate". The warning comes from src/acl/Acl.cc because the ACL is empty. But in the default case, this is intentional.

I could suppress the warning with a grep in logrotate's call to "squid -k rotate", but this seems like an ugly hack. Is there any better way to suppress the warning, and if not, could we have one please? I also would prefer not to suppress *all* warnings, as anything else might be valid. It's just that this warning in particular is not valid in this case. Any time we use external ACL files, I think "empty file" is a valid case to avoid having to make "no ACL here" a special case that needs altering of the configuration file. Perhaps we could just drop this warning upstream?

There is no way that I'm aware of in any current Squid.

The check is a generic validity check used for all ACLs. Whether it is 'harmless' depends on future events at the time of checking. So just silencing or ignoring would leave a lot of nasty misconfigurations quietly accepted.

That said; for an automated rotate 2>/dev/null seems reasonable. These types of thing should be caught and fixed on the previous startup or manual rotate attempts.

Long-term I think we are going to have to add an explicit flag to indicate whether an ACL is allowed to be empty or not.