Accepting request 67020 from server:http

OBS-URL: https://build.opensuse.org/request/show/67020
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/varnish?expand=0&rev=3

upstream-config.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:56d9ed708430038d6a0192443fdba23a9005ea38f40598d498175ca8954cc498
-size 3955

varnish.changes

@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Sun Apr  3 23:38:24 UTC 2011 - jengelh@medozas.de
+
+- Fix security-problematic ownership of /etc/varnish files
+- Run spec-beautifier over it
+- Replace default shipped vcl.conf by something working
+- Run as varnish user
+- Start varnishlog together with varnishd
+- Properly use PID files in init script
+
+-------------------------------------------------------------------
+Sat Oct  9 04:31:06 UTC 2010 - jengelh@medozas.de
+
+- Create and package /var/log/varnish
+
 -------------------------------------------------------------------
 Thu Aug  5 22:11:24 UTC 2010 - jengelh@medozas.de
 

varnish.init

@@ -1,16 +1,5 @@
 #!/bin/sh
 #
-# /etc/init.d/varnish
-#   and its symbolic link
-# /(usr/)sbin/rcvarnish
-#
-# Note: This template uses functions rc_XXX defined in /etc/rc.status on
-# UnitedLinux/SUSE/Novell based Linux distributions. If you want to base your
-# script on this template and ensure that it works on non UL based LSB 
-# compliant Linux distributions, you either have to provide the rc.status
-# functions from UL or change the script to work without them.
-# See skeleton.compat for a template that works with other distros as well.
-#
 ### BEGIN INIT INFO
 # Provides:          varnish
 # Required-Start:    $syslog $remote_fs
@@ -22,73 +11,6 @@
 # Short-Description: varnish HTTP accelerator
 # Description:       varnish HTTP accelerator
 ### END INIT INFO
-# 
-# Any extensions to the keywords given above should be preceeded by 
-# X-VendorTag- (X-UnitedLinux- X-SuSE- for us) according to LSB.
-# 
-# Notes on Required-Start/Should-Start:
-# * There are two different issues that are solved by Required-Start
-#    and Should-Start
-# (a) Hard dependencies: This is used by the runlevel editor to determine
-#     which services absolutely need to be started to make the start of
-#     this service make sense. Example: nfsserver should have
-#     Required-Start: $portmap
-#     Also, required services are started before the dependent ones.
-#     The runlevel editor will warn about such missing hard dependencies
-#     and suggest enabling. During system startup, you may expect an error,
-#     if the dependency is not fulfilled.
-# (b) Specifying the init script ordering, not real (hard) dependencies.
-#     This is needed by insserv to determine which service should be
-#     started first (and at a later stage what services can be started
-#     in parallel). The tag Should-Start: is used for this.
-#     It tells, that if a service is available, it should be started
-#     before. If not, never mind.
-# * When specifying hard dependencies or ordering requirements, you can 
-#   use names of services (contents of their Provides: section)
-#   or pseudo names starting with a $. The following ones are available
-#   according to LSB (1.1):
-#	$local_fs		all local file systems are mounted
-#				(most services should need this!)
-#	$remote_fs		all remote file systems are mounted
-#				(note that /usr may be remote, so
-#				 many services should Require this!)
-#	$syslog			system logging facility up
-#	$network		low level networking (eth card, ...)
-#	$named			hostname resolution available
-#	$netdaemons		all network daemons are running
-#   The $netdaemons pseudo service has been removed in LSB 1.2.
-#   For now, we still offer it for backward compatibility.
-#   These are new (LSB 1.2):
-#	$time			the system time has been set correctly	
-#	$portmap		SunRPC portmapping service available
-#   UnitedLinux extensions:
-#	$ALL			indicates that a script should be inserted
-#				at the end
-# * The services specified in the stop tags 
-#   (Required-Stop/Should-Stop)
-#   specify which services need to be still running when this service
-#   is shut down. Often the entries there are just copies or a subset 
-#   from the respective start tag.
-# * Should-Start/Stop are now part of LSB as of 2.0,
-#   formerly SUSE/Unitedlinux used X-UnitedLinux-Should-Start/-Stop.
-#   insserv does support both variants.
-# * X-UnitedLinux-Default-Enabled: yes/no is used at installation time
-#   (%fillup_and_insserv macro in %post of many RPMs) to specify whether
-#   a startup script should default to be enabled after installation.
-#   It's not used by insserv.
-#
-# Note on runlevels:
-# 0 - halt/poweroff 			6 - reboot
-# 1 - single user			2 - multiuser without network exported
-# 3 - multiuser w/ network (text mode)  5 - multiuser w/ network and X11 (xdm)
-# 
-# Note on script names:
-# http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html
-# A registry has been set up to manage the init script namespace.
-# http://www.lanana.org/
-# Please use the names already registered or register one or use a
-# vendor prefix.
-
 
 # Check for missing binaries (stale symlinks should not happen)
 # Note: Special treatment of stop for LSB conformance
@@ -103,6 +25,11 @@ test -r $VARNISH_CONFIG || { echo "$VARNISH_CONFIG not existing";
 	if [ "$1" = "stop" ]; then exit 0;
 	else exit 6; fi; }
 
+VARNISHD_BIN="$VARNISH_BIN"
+VARNISHD_PID=/var/run/varnishd.pid
+VARNISHLOG_BIN=/usr/sbin/varnishncsa
+VARNISHLOG_PID=/var/run/varnishlog.pid
+
 # Read config	
 . $VARNISH_CONFIG
 
@@ -152,20 +79,25 @@ case "$1" in
 	echo -n "Starting varnish "
 	## Start daemon with startproc(8). If this fails
 	## the return value is set appropriately by startproc.
-	/sbin/startproc $VARNISH_BIN ${VARNISHD_PARAMS:--f /etc/varnish/vcl.conf -T127.0.0.1:6082 -s file,/var/cache/varnish}
+	/sbin/startproc "$VARNISHD_BIN" -P "$VARNISHD_PID" ${VARNISHD_PARAMS:--f /etc/varnish/vcl.conf -T:6082 -s file,/var/cache/varnish,524288 -u varnish}
 
 	# Remember status and be verbose
 	rc_status -v
+	echo -n "Starting varnishlog "
+	/sbin/startproc "$VARNISHLOG_BIN" -P "$VARNISHLOG_PID" ${VARNISHLOG_PARAMS:--a -w /var/log/varnish/varnish.log}
+	rc_status -v
 	;;
     stop)
 	echo -n "Shutting down varnish "
 	## Stop daemon with killproc(8) and if this fails
 	## killproc sets the return value according to LSB.
 
-	/sbin/killproc -TERM $VARNISH_BIN
+	/sbin/killproc -p "$VARNISHD_PID" "$VARNISHD_BIN"
 
 	# Remember status and be verbose
 	rc_status -v
+	echo -n "Shutting down varnishlog "
+	/sbin/killproc -p "$VARNISHLOG_PID" "$VARNISHLOG_BIN"
 	;;
     try-restart|condrestart)
 	## Do a restart only if the service was active before.
@@ -214,9 +146,11 @@ case "$1" in
 
 	# If it supports signaling:
 	echo -n "Reload service varnish "
-	/sbin/killproc -HUP $VARNISH_BIN
+	/sbin/killproc -p "$VARNISHD_PID" -HUP "$VARNISHD_BIN"
 	#touch /var/run/varnish.pid
 	rc_status -v
+	echo -n "Reload service varnishlog "
+	/sbin/killproc -p "$VARNISHLOG_PID" -HUP "$VARNISHLOG_BIN"
 	
 	## Otherwise if it does not support reload:
 	#rc_failed 3
@@ -236,17 +170,22 @@ case "$1" in
 	# 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
 	
 	# NOTE: checkproc returns LSB compliant status values.
-	/sbin/checkproc $VARNISH_BIN
+	/sbin/checkproc -p "$VARNISHD_PID" "$VARNISHD_BIN"
 	# NOTE: rc_status knows that we called this init script with
 	# "status" option and adapts its messages accordingly.
 	rc_status -v
+	echo -n "Checking for service varnishlog "
+	/sbin/checkproc -p "$VARNISHLOG_PID" "$VARNISHLOG_BIN"
+	rc_status -v
 	;;
     probe)
 	## Optional: Probe for the necessity of a reload, print out the
 	## argument to this init script which is required for a reload.
 	## Note: probe is not (yet) part of LSB (as of 1.9)
 
-	test /etc/sysconfig/varnish -nt /var/run/varnish.pid && test -f /etc/varnish/default.vcl.net -nt /var/run/varnish.pid && echo reload
+	test /etc/sysconfig/varnish -nt "$VARNISHD_PID" && \
+	test -f /etc/varnish/default.vcl.net -nt "$VARNISHD_PID" && \
+	echo reload
 	;;
     *)
 	echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"

varnish.logrotate

@@ -0,0 +1,9 @@
+/var/log/varnish/*.log {
+    missingok
+    notifempty
+    sharedscripts
+    delaycompress
+    postrotate
+        /etc/init.d/varnish reload
+    endscript
+}

varnish.spec

@@ -1,7 +1,7 @@
 #
-# spec file for package varnish (Version 2.1.3)
+# spec file for package varnish (Version 2.0.5)
 #
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -20,32 +20,30 @@
 
 Name:           varnish
 Version:        2.1.3
-Release:        1
+Release:        0
 #
 License:        BSD
 Group:          Productivity/Networking/Web/Proxy
 #
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-BuildRequires:  libxslt ncurses-devel pcre-devel pkg-config
-Prereq(post):	/usr/sbin/useradd /usr/sbin/groupadd
+BuildRoot:      %_tmppath/%name-%version-build
+BuildRequires:  libxslt, ncurses-devel, pcre-devel, pkg-config
+Prereq(post):	%_sbindir/useradd %_sbindir/groupadd
 %if 0%{?suse_version}
 Recommends:     logrotate
 %endif
-%define _bindir      %{_sbindir}
-%define pkg_home     %{_var}/lib/%{name}
-%define pkg_logdir   %{_var}/log/%{name}
-%define pkg_cachedir %{_var}/cache/%{name}
-%define pkg_name     %{name}
+%define pkg_home     %_localstatedir/lib/%name
+%define pkg_logdir   %_localstatedir/log/%name
+%define pkg_cachedir %_localstatedir/cache/%name
 #
-Url:            http://www.varnish-cache.org/
-Source0:        http://downloads.sourceforge.net/varnish/varnish-%{version}.tar.gz
-#         http://downloads.sourceforge.net/varnish/varnish-%{version}.tar.bz2
-Source1:        upstream-config.tar.bz2
+URL:            http://www.varnish-cache.org/
+Source0:        http://downloads.sourceforge.net/varnish/varnish-%version.tar.gz
+#         http://downloads.sourceforge.net/varnish/varnish-%version.tar.bz2
 Source2:        varnish.init
 Source3:        varnish.sysconfig
+Source4:	vcl.conf
+Source5:	varnish.logrotate
 #
 Summary:        Varnish is a high-performance HTTP accelerator
-
 %description
 Varnish is an HTTP accelerator. An HTTP accelerator (often called Reverse
 Proxy) is an application that stores (caches) documents that have been
@@ -62,14 +60,11 @@ Authors:
     Poul-Henning Kamp <phk@phk.freebsd.dk>
 
 %define library_name libvarnish1
-
-%package -n %{library_name}
-
+%package -n %library_name
 Group:          Productivity/Networking/Web/Proxy
 #
 Summary:        Shared libraries for Varnish
-
-%description -n %{library_name}
+%description -n %library_name
 Varnish is an HTTP accelerator. An HTTP accelerator (often called Reverse
 Proxy) is an application that stores (caches) documents that have been
 requested over the HTTP protocol.
@@ -89,12 +84,10 @@ Authors:
 
 
 %package devel
-License:        BSD
 Group:          Development/Libraries/C and C++
-Requires:       %{name} = %{version}
+Requires:       %name = %version
 #
 Summary:        Development files for Varnish
-
 %description devel
 Varnish is an HTTP accelerator. An HTTP accelerator (often called Reverse
 Proxy) is an application that stores (caches) documents that have been
@@ -115,91 +108,81 @@ Authors:
 
 
 %prep
-%setup -qa1
-#sed -e ' s/8080/80/g ' etc/vcl.conf > redhat/vcl.conf
+%setup -q
 
 %build
 %if 0%{?suse_version} > 1000
-export CFLAGS="%{optflags} -fstack-protector"
+export CFLAGS="%optflags -fstack-protector"
 %endif
-%configure --disable-static --localstatedir=%{_var}/cache/ \
+%configure --disable-static --localstatedir=%_localstatedir/cache/ \
            --enable-debugging-symbols \
            --enable-developer-warnings
-%{__make}
+make %{?_smp_mflags}
 
 %install
 %makeinstall
-find %{buildroot} -ls
+find %buildroot -ls
+# There is no use for them to normal users
+mv %buildroot/%_bindir/* %buildroot/%_sbindir/
 #
 # remove unneeded files
 # libvarnish.la has -lrt as dependency lib
-#%{__rm} -fv %{buildroot}%{_libdir}/*.la
+#rm -fv %buildroot%_libdir/*.la
 #
 ##missing directories
-%{__install} -d -m 0755 %{buildroot}{%{pkg_logdir},%{pkg_home}}
-%{__install} -D -m 0644 redhat/varnish.logrotate %{buildroot}/etc/logrotate.d/varnish
-%if 0%{?suse_version}
+install -d -m 0755 %buildroot{%pkg_logdir,%pkg_home}
+install -D -m 0644 %{S:5} %buildroot%_sysconfdir/logrotate.d/varnish
 #
 ##init scripts
-%{__install} -D -m 0644 %{S:3} %{buildroot}/var/adm/fillup-templates/sysconfig.%{name}
-%{__install} -D -m 0755 %{S:2} %{buildroot}%{_sysconfdir}/init.d/%{name}
-%{__ln_s} -f %{_sysconfdir}/init.d/%{name} %{buildroot}%{_sbindir}/rc%{name}
+install -D -m 0644 %{S:3} %buildroot/var/adm/fillup-templates/sysconfig.%name
+install -D -m 0755 %{S:2} %buildroot%_sysconfdir/init.d/%name
+ln -s -f %_sysconfdir/init.d/%name %buildroot%_sbindir/rc%name
 #
 ##config files
-%{__install} -D -m 0644 etc/vcl.conf %{buildroot}%{_sysconfdir}/%{name}/vcl.conf
-%{__install} -D -m 0644 etc/vcl.conf %{buildroot}%{_sysconfdir}/%{name}/vcl.conf.example
-%else
-#
-##init scripts
-%{__install} -D -m 0644 redhat/varnish.sysconfig %{buildroot}%{_sysconfdir}/sysconfig/%{name}
-%{__install} -D -m 0755 redhat/varnish.initrc    %{buildroot}%{_sysconfdir}/init.d/%{name}
-#
-##config files
-%{__install} -D -m 0644 redhat/vcl.conf %{buildroot}%{_sysconfdir}/%{name}/vcl.conf
-%{__install} -D -m 0644 redhat/vcl.conf %{buildroot}%{_sysconfdir}/%{name}/vcl.conf.example
-%endif
+install -D -m 0644 %{S:4} %buildroot%_sysconfdir/%name/vcl.conf
+install -D -m 0644 %{S:4} %buildroot%_sysconfdir/%name/vcl.conf.example
 
 find "%buildroot" -type f -name "*.la" -delete
-
-%clean
-%{__rm} -rf %{buildroot}
+mkdir -p "%buildroot/%_localstatedir/log/varnish"
 
 %pre
-/usr/sbin/groupadd -r %{pkg_name} 2>/dev/null || :
-/usr/sbin/useradd -g %{pkg_name} -s /bin/false -r -c "user for %{pkg_name}" -d %{pkg_home} %{pkg_name} 2>/dev/null || :
+%_bindir/getent group varnish >/dev/null || \
+	%_sbindir/groupadd -r varnish || :
+%_bindir/getent passwd varnish >/dev/null || \
+	%_sbindir/useradd -g varnish -s /bin/false -r -c "user for Varnish" \
+		-d %pkg_home varnish || :
 %if 0%{?suse_version}
 
 %post
-%fillup_and_insserv %{pkg_name}
+%fillup_and_insserv %name
 
 %preun
-%stop_on_removal %{pkg_name}
+%stop_on_removal %name
 
 %postun
-%restart_on_update %{pkg_name}
-%{insserv_cleanup}
+%restart_on_update %name
+%insserv_cleanup
 %else
 # how to do the same for RH/mandriva?
 %endif
 
-%post   -n %{library_name} -p /sbin/ldconfig
-
-%postun -n %{library_name} -p /sbin/ldconfig
+%post   -n %library_name -p /sbin/ldconfig
+%postun -n %library_name -p /sbin/ldconfig
 
 %files
 %defattr(-,root,root,-)
 %if 0%{?suse_version}
-%{_sbindir}/rc%{name}
-/var/adm/fillup-templates/sysconfig.%{name}
+%_sbindir/rc%name
+/var/adm/fillup-templates/sysconfig.%name
 %else
-%config(noreplace) %{_sysconfdir}/sysconfig/%{name}
+%config(noreplace) %_sysconfdir/sysconfig/%name
 %endif
-%config(noreplace) %{_sysconfdir}/init.d/%{name}
+%config(noreplace) %_sysconfdir/init.d/%name
 #
-%dir %attr(750,%{pkg_name},%{pkg_name}) %{_sysconfdir}/%{name}/
-%config(noreplace) %attr(640,%{pkg_name},%{pkg_name}) %{_sysconfdir}/%{name}/vcl.conf
-%config            %attr(640,%{pkg_name},%{pkg_name}) %{_sysconfdir}/%{name}/vcl.conf.example
-%config(noreplace) %attr(640,%{pkg_name},%{pkg_name}) %{_sysconfdir}/%{name}/default.vcl
+%dir %attr(750,root,varnish) %_sysconfdir/%name/
+%config(noreplace) %attr(640,root,varnish) %_sysconfdir/%name/vcl.conf
+%config            %attr(640,root,varnish) %_sysconfdir/%name/vcl.conf.example
+%config(noreplace) %attr(640,root,varnish) %_sysconfdir/%name/default.vcl
 #
 %_sbindir/*
 %doc %_mandir/*/*
@@ -207,18 +190,19 @@ find "%buildroot" -type f -name "*.la" -delete
 %if ! 0%{?suse_version}
 %doc redhat/README.redhat
 %endif
-%dir %attr(750,%{pkg_name},%{pkg_name}) %{pkg_home}
-%dir %attr(750,%{pkg_name},%{pkg_name}) %{pkg_cachedir}
-%config(noreplace) /etc/logrotate.d/varnish
+%dir %attr(750,varnish,varnish) %pkg_home
+%dir %attr(750,varnish,varnish) %pkg_cachedir
+%config(noreplace) %_sysconfdir/logrotate.d/varnish
+%dir %attr(750,varnish,varnish) %_localstatedir/log/varnish
 
-%files -n %{library_name}
+%files -n %library_name
 %defattr(-,root,root,-)
 %_libdir/*.so.*
 
 %files devel
 %defattr(-,root,root,-)
-%{_includedir}/varnish/
-%{_libdir}/pkgconfig/*
-%{_libdir}/*.so
+%_includedir/varnish/
+%_libdir/pkgconfig/*
+%_libdir/*.so
 
 %changelog

varnish.sysconfig

@@ -10,4 +10,16 @@
 #
 # You might want to keep "/var/cache/varnish" when using the file backend.
 #
-VARNISHD_PARAMS="-f /etc/varnish/vcl.conf -T127.0.0.1:6082 -s file,/var/cache/varnish,524288"
+VARNISHD_PARAMS="-f /etc/varnish/vcl.conf -T:6082 -s file,/var/cache/varnish,524288 -u varnish"
+
+## Path:	Network/WWW/Varnishd
+## Description:	Start parameters for varnishlog
+## Type:	string
+## Default:	"-a -w /var/log/varnish.log"
+## Config:	varnishd
+#
+# start parameters for varnishlog/varnishncsa
+#
+# see man 1 varnishlog for more
+#
+VARNISHLOG_PARAMS="-a -w /var/log/varnish/varnish.log"

vcl.conf

@@ -0,0 +1,30 @@
+#
+# This is a basic VCL configuration file for varnish.  See the vcl(7)
+# man page for details on VCL syntax and semantics.
+#
+# $Id: vcl.conf 1200 2006-10-19 09:21:42Z des $
+#
+
+backend default {
+	.host = "127.0.0.1";
+	.port = "8080";
+}
+
+sub vcl_recv {
+	# pass mode can't handle POST (yet)
+	if (req.request == "POST") {
+		return(pipe);
+	}
+
+	# don't bother caching large files
+	if(req.url ~ "\.(pdf|mp3|flv|mov|mp4|mpg|mpeg|avi|dmg)") {
+		return(pipe);
+	}
+
+	# force lookup even when cookies are present
+	if (req.request == "GET" && req.http.cookie) {
+		return(lookup);
+	}
+
+
+}