From 3ca11bdc56b759963e748af52603bf295695264a61a86876f24dc9ee14ab825a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?=
Date: Fri, 9 Jan 2015 10:36:46 +0000
Subject: [PATCH] Accepting request 280563 from server:proxy:Test
- Cleanup with spec-cleaner
- Version bump to 3.4.10:
* Fix bootstrap.sh dependency on SPONSORS.list
* HTTP/2: Support 421 (Misdirected Request) status code
* Alternate-Protocol is a hop-by-hop header
* Bug #4148: external_acl_type header format does not accept the new libformat syntax
* Bug #4033: Rebuild corrupted ssl_db/size file
* Bug #3902: Docs: external_acl_type cache hash key
* Bug #4145: squid_endian.h compile errors with OpenBSD 5.6
* Fix segmentation fault in ACLUrlPathStrategy::match
- Remove support for other distros as we build for opensuse anyway
- remove permissions.easy and permissions.paranoid files from package
as they are not used any more
OBS-URL: https://build.opensuse.org/request/show/280563
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=64
---
RELEASENOTES.html | 594 -------------------------------------
squid-3.4.10.tar.bz2 | 3 +
squid-3.4.10.tar.bz2.asc | 20 ++
squid-3.4.9.tar.bz2 | 3 -
squid-3.4.9.tar.bz2.asc | 20 --
squid.changes | 21 ++
squid.init | 201 -------------
squid.init.rh | 187 ------------
squid.logrotate | 1 +
squid.permissions.easy | 5 -
squid.permissions.paranoid | 5 -
squid.spec | 246 +++------------
12 files changed, 87 insertions(+), 1219 deletions(-)
delete mode 100644 RELEASENOTES.html
create mode 100644 squid-3.4.10.tar.bz2
create mode 100644 squid-3.4.10.tar.bz2.asc
delete mode 100644 squid-3.4.9.tar.bz2
delete mode 100644 squid-3.4.9.tar.bz2.asc
delete mode 100644 squid.init
delete mode 100644 squid.init.rh
delete mode 100644 squid.permissions.easy
delete mode 100644 squid.permissions.paranoid
diff --git a/RELEASENOTES.html b/RELEASENOTES.html
deleted file mode 100644
index a751215..0000000
--- a/RELEASENOTES.html
+++ /dev/null
@@ -1,594 +0,0 @@
-
-
-
-
- Squid 3.4.7 release notes
-
-
-Squid 3.4.7 release notes
-
-Squid Developers
-
-This document contains the release notes for version 3.4 of Squid.
-Squid is a WWW Cache application developed by the National Laboratory
-for Applied Network Research and members of the Web Caching community.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-The Squid Team are pleased to announce the release of Squid-3.4.7 for testing.
-This new release is available for download from
-http://www.squid-cache.org/Versions/v3/3.4/ or the
-mirrors.
-While this release is not deemed ready for production use, we believe it is ready for wider testing by the community.
-We welcome feedback and bug reports. If you find a bug, please see
-http://wiki.squid-cache.org/SquidFaq/BugReporting
-for how to submit a report with a stack trace.
-
-
-
-Although this release is deemed good enough for use in many setups, please note the existence of
-open bugs against Squid-3.4.
-
-
-
-The 3.4 change history can be
-viewed here.
-
-
-
-
-Squid 3.4 represents a new feature release above 3.3.
-
-The most important of these new features are:
-
-- Helper protocol extensions
-- SSL Server Certificate Validator
-- Store-ID
-- TPROXY Support for OpenBSD 5.1+ and FreeBSD 9+
-- Transaction Annotations
-- Multicast DNS
-
-
-Most user-facing changes are reflected in squid.conf (see below).
-
-
-
-
-Details at
-http://wiki.squid-cache.org/Features/AddonHelpers.
-
-The Squid helper protocol used to communicate with authenticators,
-URL-rewriters, Redirectors, and External ACL helpers has been updated
-and extended.
-
-BH status code is now accepted from all helpers to report
-internal error events separate from ERR rejection code.
-Permitting Squid to perform recovery operations specific to
-helper failure instead of a blanket client rejection.
-
-Arbitrary key-value pairs can be returned from any helper.
-Allowing future helpers to be forward- and backward- compatible
-with this and future versions of Squid.
-
-
-
-
-Details at
-http://wiki.squid-cache.org/Features/SslServerCertValidator.
-
-The helper consulted after the internal OpenSSL validation, regardless of the
-validation results. The helper will receive:
-
-
-- the origin server certificate (chain),
-- the intended domain name, and
-- a list of OpenSSL validation errors (if any).
-
-
-
-If the helper decides to honor an OpenSSL error or report another validation
-error(s), the helper will return:
-
-
-- A list of certificates.
-- A list of items consists the the validation error name (see %err_name
-error page macro and %err_details code for logformat), error reason
-(%ssl_lib_error macro), and the offending certificate.
-
-
-
-The returned information mimics what the internal OpenSSL-based validation code
-collects now. Returned errors, if any, are fed to sslproxy_cert_error,
-triggering the existing SSL error processing code.
-
-The helper invocation controlled by the sslcrtvalidator_program and
-sslcrtvalidator_children configurations options which are similar to the
-ssl_crtd related options.
-
-
-
-
-Details at
-http://wiki.squid-cache.org/Features/StoreID.
-
-This feature is a redesigned equivalent to the Squid-2.7 feature known as StoreURL-rewrite.
-
-Notice that this is not a direct portage of the Squid-2.7 feature so behaviour
-differences do exist. Although the new feature works in similar enough ways that the old
-helper scripts used for Squid-2.7 are expected to work in this and later versions of Squid.
-
-Squid traditionally uses the requested URL as an index key ID to locate objects in cache.
-It is not the only key possible and the Store-ID feature exposes an API for external
-helpers to provide Squid with an alternative key name for any URL.
-
-When any client request is received which requires a cache lookup the URL is passed to
-a helper specified with the store_id_program directive to check for an alternative
-Store ID. This allows the helper to identify URLs which refer to duplicate resources and
-de-duplicate the cache content. store_id_access is provided to allow ACL-based
-tuning of which traffic gets sent to the helper and reduce overheads.
-
-One subtle and noteworthy difference between Squid-2 and Squid-3 which is highlighted by
-this feature is that refresh_pattern applies its regex argument against the Store
-ID key and not the transaction URL. So using the Store-ID feature to alter the value
-affects which refresh_pattern directive will be matched.
-
-Store-ID helpers bundled with Squid can be built with the --enable-storeid-rewrite-helpers
-option which is added in this version. Currently there is a file helper
-provided.
-
-
-
-
-Details at
-http://wiki.squid-cache.org/ConfigExamples/Intercept/OpenBsdPf.
-
-The Packet Filter (PF) firewall in OpenBSD 4.4 and later offers traffic interception
-using several very simple methods. One of which is the divert-to rule type
-which acts as a simple routing diversion instead of performing NAT packet alterations.
-
-The IP Firewall (IPFW) on FreeBSD 9+ contains a port of the Linux Netfilter TPROXY feature.
-
-This version of Squid adds support for these features through the ./configure
-options --enable-pf-transparent and --enable-ipfw-transparent when Squid is built on
-systems with the required support. No special extras are required to enable
-http_port ... tproxy configuration to work.
-
-NOTE: To resolve NAT lookup issues on recent PF firewall versions the code behind
-./configure --enable-pf-transparent has been altered and is expected to
-break on the version of PF firewall shipped with BSD systems such as NetBSD and FreeBSD
-which do not yet support the getsockname() API.
-These systems require --with-nat-devpf to enable /dev/pf support when using PF firewall.
-
-
-
-
-Previously the only annotation methods available were ICAP/eCAP HTTP header insertions
-or external ACL tag= result code. Each of which had only limited possibilities
-for use and little or no correlation.
-
-It is now possible to add annotations to a client transaction from several sources:
-
-- Directly from squid.conf using the note directive with
-ACL-based selection of which annotation is linked to any
-particular transaction.
-
-- By configured helper processes returning a key=value pair.
-The key name becomes the annotation name.
-
-
-
-Annotations on the transaction can be passed to ICAP services or eCAP modules using the
-adaptation_meta directive to send them as headers.
-They can also be logged using the %note log format code in custom logs. With
-the new helper response syntax changes this means all helper response key=value details
-such as URL-rewrite or store-id changes, external ACL tag etc. are now able to be logged.
-
-Annotations which are already assigned to a transaction can be checked using an ACL test
-of the new note ACL type. This can match a particular note by name and value,
-of for any notes with a given name.
-
-NOTE: not all helper interfaces are yet enabled to convert key=value into annotations
-and the external ACL interface does not yet send annotations to the helper.
-
-
-
-
-The internal DNS component of Squid now supports multicast DNS (mDNS) resolution in
-accordance with RFC 6762.
-
-The dns_multicast_local directive must be set to on to enable this
-feature.
-
-The multicast DNS group IP addresses for IPv4 and IPv6 resolving are added to the set
-of available DNS resolvers and used automatically for domain names ending in .local
-and reverse-DNS lookups before attempting a secondary resolution on the configured
-resolvers. Domains without .local are resolved using only the configured resolvers.
-
-Statistics for multicast DNS resolution can be found on the idns cache manager
-report.
-
-NOTE that the external DNS helper interface is now deprecated and has been
-removed from future Squid versions. Any installations still using it for local hostname
-resolution need to upgrade to mDNS resolution with this Squid version.
-
-
-
-
-There have been changes to Squid's configuration file since Squid-3.3.
-
-Squid supports reading configuration option parameters from external
-files using the syntax parameters("/path/filename"). For example:
-
- acl whitelist dstdomain parameters("/etc/squid/whitelist.txt")
-
-
-
-There have also been changes to individual directives in the config file.
-This section gives a thorough account of those changes in three categories:
-
-
-
-
-
-
-
-
-
-- configuration_includes_quoted_values
-
-
Whether Squid supports directive parameters with spaces, quotes, and other
-special characters. Surround such parameters with "double quotes" and
-also set this directive on/off around the relevant squid.conf line(s)
-making use of such quoting.
-
- - dns_multicast_local
-
-
Use multicast DNS for .local domains and reverse-DNS resolution.
-
- - note
-
-
Use ACLs to annotate a transaction with customized annotations
-which can be logged in access.log
-
- - spoof_client_ip
-
-
Access control to determine whether to disable the TPROXY spoofing on upstream traffic.
-
- - sslcrtvalidator_children
-
-
Specifies the settings for how many SSL server certificate
-validator helpers are run and when they are started.
-
- - sslcrtvalidator_program
-
-
Specifies the location of a SSL server certificate validator helper.
-
- - store_id_access
-
-
Whether the URL for a given request is passed to the Store-ID helper process.
-Used to improve StoreID performance by quickly eliminating helper delays using ACL tests.
-Ported equivalent to storeurl_access from 2.7
-
- - store_id_bypass
-
-
Whether the StoreID helper may be bypassed when overloaded.
-
- - store_id_children
-
-
Controls the number of StoreID helper processes.
-Options startup=N, idle=N, concurrency=N
-
-- startup=N allow finer tuning of how many helpers are started initially.
-- idle=N allow fine tuning of how many helper to retain as buffer against sudden traffic loads.
-- concurrency=N was previously called url_rewrite_concurrency as a distinct directive.
-
-
-
- - store_id_rewrite_program
-
-
A helper program to provide cache storage internal key ID value for a request.
-Ported equivalent to storeurl_rewrite_program from 2.7
-
-
-
-
-
-
-
-
-- access_log
-
-
Configuration syntax extended to support name=value options.
-New Syntax: access_log module:place [option ...] [acl ...]
-New option logformat= to specify the logging format name.
-New option buffer-size= to specify how large the log buffer
-for this log is to be when buffered_logs is enabled.
-New option on-error= to specify what handling is to be done
-if the logging module encounters a non-recoverable error writing logs.
-With the value die (the default) Squid halts operation.
-With the value drop Squid drops log lines and continue running.
-
- - acl
-
-
New test type server_cert_fingerprint to match against
-server SSL certificate fingerprint.
-New test type note to match against transaction annotations
-by name and value, or just by name.
-New test type any-of to match if any one of a set of named ACLs.
-New test type all-of to match against all of a set of named ACLs.
-
- - auth_param
-
-
New result code BH to signal helper internal errors
-available in all authentication schemes.
-New key message= for error message details in all authentication schemes.
-New result code OK and key ha1= in Digest authentication.
-New result codes OK, ERR replace result codes AF,
-and NA in NTLM and Negotiate authentication.
-New key token= for NTLM and Negotiate authentication OK responses.
-Details at
-http://wiki.squid-cache.org/Features/AddonHelpers.
-
- - external_acl_type
-
-
Deprecated protocol=3.0 option. No longer necessary.
-New result code BH to signal helper internal errors
-Details at
-http://wiki.squid-cache.org/Features/AddonHelpers.
-
- - http_port
-
-
Support IPv6 for intercept mode. Requires ip6tables support on Linux,
-PF support on OpenBSD and IPFW support on FreeBSD. Squid will no longer complain
-about misconfiguration if IPv6 support is missing, we now rely on the firewall
-tools reporting misconfiguration when the NAT rules are created.
-Support tproxy mode traffic on BSD systems with BINDANY support
-(OpenBSD 5+, FreeBSD 9+ so far).
-Changed build options behind intercept traffic mode handling on BSD.
-see --enable-pf-transparent for more details.
-
- - logformat
-
-
New format code %note to log a transaction annotation linked to the
-transaction by ICAP, eCAP, a helper, or the note squid.conf directive.
-New format code %>qos to log client connection TOS/DSCP value set by Squid.
-New format code %<qos to log server connection TOS/DSCP value set by Squid.
-New format code %>nfmark to log client connection netfilter mark set by Squid.
-New format code %<nfmark to log server connection netfilter mark set by Squid.
-
- - pipeline_prefetch
-
-
Updated to take a numeric count of prefetched pipeline requests instead of ON/OFF.
-
- - refresh_pattern
-
-
NOTE: the regular expression pattern operates on the cache Store-ID value.
-Which by default is identical to the requested URL, but may differ for some
-objects if the Store-ID feature is in use.
-
- - unlinkd_program
-
-
New helper response format utilizing result codes OK and BH,
-to signal helper lookup results. Also, key-value response values to return
-multiple values to Squid.
-Details at
-http://wiki.squid-cache.org/Features/AddonHelpers.
-
- - url_rewrite_program
-
-
New helper response format utilizing result codes OK, ERR,
-and BH to signal helper lookup results. Also, key-value response
-values to return multiple values to Squid.
-Details at
-http://wiki.squid-cache.org/Features/AddonHelpers.
-
-
-
-
-
-
-
-
-- storeurl_access
-
-
Replaced by store_id_access.
-
- - storeurl_rewrite_children
-
-
Replaced by store_id_children.
-
- - storeurl_rewrite_concurrency
-
-
Replaced by store_id_children with concurrency=N option.
-
- - storeurl_rewrite_program
-
-
Replaced by store_id_program.
-
-
-
-
-
-
-
-There have been some changes to Squid's build configuration since Squid-3.3.
-This section gives an account of those changes in three categories:
-
-
-
-
-
-
-
-
-
-- --enable-storeid-rewrite-helpers
-
-
New option to control which Store-ID helpers are built. As with other
-helper options use --disable-* to prevent any helpers building and
-omit to get all helper auto-detected.
-Currenly only a helper using file for backend is provided.
-
- - --disable-arch-native
-
-
New option to disable use of -march=native compiler flag.
-The new flag auto-enables CPU-specific optimizations in GCC and is
-required by Clang++ v3.2 for correct 64-bit environment detection.
-It does not always work well however, so this build option is provided
-to remove it when necessary.
-
- - --with-nat-devpf
-
-
New option to alter the behaviour of http_port ... intercept option
-in squid.conf.
-When this option is used Squid performs the /dev/pf lookups required to
-support PF rdr-to rules. Otherwise Squid will perform perform the
-getsockname() API calls to support PF divert-to rules.
-NOTE: systems such as NetBSD and FreeBSD which do not yet support
-the getsockname() API in recent PF versions require this option.
-
-
-
-
-
-
-
-
-- --enable-pf-transparent
-
-
NAT table support updated to use the getsockname() API provided by the
-latest PF versions divert-to. This allows http_port
-in squid.conf to support both intercept and tproxy traffic
-and to silence NAT lookup failure messages on recent BSD.
-NOTE: systems such as NetBSD and FreeBSD which do not yet support
-the getsockname() API in recent PF versions require --with-nat-devpf
-to re-enable /dev/pf support when using PF firewall.
-
- - --disable-translation
-
-
Default changed to prevent translating error page templates during build.
-Use --enable-translation to explicitly build and install the templates.
-The latest pre-translated templates can be downloaded from
-http://www.squid-cache.org/Versions/langpack/
-
-
-
-
-
-
-
-There are no removed ./configure options in Squid-3.4.
-
-
-
-
-
-
-
-Some squid.conf options which were available in Squid-2.7 are not yet available in Squid-3.4
-
-If you need something to do then porting one of these from Squid-2 to Squid-3 is most welcome.
-
-
-
-
-
-- broken_vary_encoding
-
-
Not yet ported from 2.6
-
- - cache_dir
-
-
COSS storage type is lacking stability fixes from 2.6
-COSS overwrite-percent= option not yet ported from 2.6
-COSS max-stripe-waste= option not yet ported from 2.6
-COSS membufs= option not yet ported from 2.6
-COSS maxfullbufs= option not yet ported from 2.6
-
- - cache_peer
-
-
idle= not yet ported from 2.7
-monitorinterval= not yet ported from 2.6
-monitorsize= not yet ported from 2.6
-monitortimeout= not yet ported from 2.6
-monitorurl= not yet ported from 2.6
-
- - cache_vary
-
-
Not yet ported from 2.6
-
- - collapsed_forwarding
-
-
Not yet ported from 2.6
-
- - error_map
-
-
Not yet ported from 2.6
-
- - external_refresh_check
-
-
Not yet ported from 2.7
-
- - location_rewrite_access
-
-
Not yet ported from 2.6
-
- - location_rewrite_children
-
-
Not yet ported from 2.6
-
- - location_rewrite_concurrency
-
-
Not yet ported from 2.6
-
- - location_rewrite_program
-
-
Not yet ported from 2.6
-
- - refresh_pattern
-
-
stale-while-revalidate= not yet ported from 2.7
-ignore-stale-while-revalidate= not yet ported from 2.7
-negative-ttl= not yet ported from 2.7
-
- - refresh_stale_hit
-
-
Not yet ported from 2.7
-
- - update_headers
-
-
Not yet ported from 2.7
-
-
-
-
-
-
diff --git a/squid-3.4.10.tar.bz2 b/squid-3.4.10.tar.bz2
new file mode 100644
index 0000000..6a1503e
--- /dev/null
+++ b/squid-3.4.10.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5a971c4f5404113bd0264d13137cd5f326b58ef20c17beae836036668aeabc97
+size 3043193
diff --git a/squid-3.4.10.tar.bz2.asc b/squid-3.4.10.tar.bz2.asc
new file mode 100644
index 0000000..2dcf177
--- /dev/null
+++ b/squid-3.4.10.tar.bz2.asc
@@ -0,0 +1,20 @@
+File: squid-3.4.10.tar.bz2
+Date: Tue Dec 9 17:23:33 UTC 2014
+Size: 3043193
+MD5 : 326283b0c37e7dc9b2f90dc0ecd9a8a4
+SHA1: a04ab50971e1a446fe82514fff830898661c6fad
+Key : 0xFF5CF463
+ fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463
+ keyring = http://www.squid-cache.org/pgp.asc
+ keyserver = subkeys.pgp.net
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQEcBAABAgAGBQJUhzBbAAoJELJo5wb/XPRjUCIH/3hfJgMi/iKRZpedeFjQhstf
+twbTxrtW1x+Er6J3pswPUIbLcYARHhsTpfYHAatleE1Ccl9b16FXSMSXobHpmrab
+YR1q/N/W3QwgqH3D2a2m8eUNJTWxTeZ1xYeGzHJK7sgKfaBbt/JlYfs8nh7ekdkV
+GjHzHa3IDuq5VX4Pra6riCW9NjAvUo8oaesU3ZRjV9fECbZ2XMqvrxHq7V7bGOgx
+sU1gsRjlgsAZeFDiEXz+Dww2RBh46/gUwJZwO/uTYmJjPzr4hFb1PLwEVL4+auv2
+uS8lta6K9ZpIXPXaKj0zntG1Z+5X77SoLoTQMq06PpLlGpDjYMDzcs25mCyU1R0=
+=Ooir
+-----END PGP SIGNATURE-----
diff --git a/squid-3.4.9.tar.bz2 b/squid-3.4.9.tar.bz2
deleted file mode 100644
index 8d8525b..0000000
--- a/squid-3.4.9.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:42f2ffbfed6679e1e4ba9a29088495c088ff76cc2517d22d5fb792e2b802ce66
-size 3043750
diff --git a/squid-3.4.9.tar.bz2.asc b/squid-3.4.9.tar.bz2.asc
deleted file mode 100644
index b65df61..0000000
--- a/squid-3.4.9.tar.bz2.asc
+++ /dev/null
@@ -1,20 +0,0 @@
-File: squid-3.4.9.tar.bz2
-Date: Fri Oct 31 10:20:30 UTC 2014
-Size: 3043750
-MD5 : bb8ecbee8fa9fa8659b4349a78696fe7
-SHA1: a356cadc324d91c41119f96a7d1a20330866c1ac
-Key : 0xFF5CF463
- fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463
- keyring = http://www.squid-cache.org/pgp.asc
- keyserver = subkeys.pgp.net
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQEcBAABAgAGBQJUU3UxAAoJELJo5wb/XPRjhKUH/0flnkcc6gTQzh7Vh/kusCFk
-pC/sfpt0mrZeZZQxAYS/wJFIym5jo8PkiKrvC2ZgOHchpVlGC3hLn2ENqbzR6VEv
-L5V7M1XGJdgC1ynjj+H9ML4PBmV1E/XfakkOgnhY+3of32DrmuCN8CFuB5iGNcdH
-xHwzXGSeyJkDUjZObourtT2h64Rc12cARz/yXgsq2YKAhf0EM8+rld5Xm40kOWsX
-Vci/kvw3RkXuhMMwrL9jzxv8z5/nrsDHbHmwXy3mw2k0G9AmzbKx8ykdoABG/MH5
-awuHT1MNFQp5IBr6LisM++2BILjb3UNiyp3lhDtXCHbTo6RCik7jUvEih57koqI=
-=BI4b
------END PGP SIGNATURE-----
diff --git a/squid.changes b/squid.changes
index 8096b78..5d99c67 100644
--- a/squid.changes
+++ b/squid.changes
@@ -1,3 +1,24 @@
+-------------------------------------------------------------------
+Fri Jan 9 10:19:10 UTC 2015 - tchvatal@suse.com
+
+- Cleanup with spec-cleaner
+- Version bump to 3.4.10:
+ * Fix bootstrap.sh dependency on SPONSORS.list
+ * HTTP/2: Support 421 (Misdirected Request) status code
+ * Alternate-Protocol is a hop-by-hop header
+ * Bug #4148: external_acl_type header format does not accept the new libformat syntax
+ * Bug #4033: Rebuild corrupted ssl_db/size file
+ * Bug #3902: Docs: external_acl_type cache hash key
+ * Bug #4145: squid_endian.h compile errors with OpenBSD 5.6
+ * Fix segmentation fault in ACLUrlPathStrategy::match
+- Remove support for other distros as we build for opensuse anyway
+
+-------------------------------------------------------------------
+Fri Jan 2 16:07:38 UTC 2015 - boris@steki.net
+
+- remove permissions.easy and permissions.paranoid files from package
+ as they are not used any more
+
-------------------------------------------------------------------
Tue Dec 9 12:42:48 UTC 2014 - boris@steki.net
diff --git a/squid.init b/squid.init
deleted file mode 100644
index cb400db..0000000
--- a/squid.init
+++ /dev/null
@@ -1,201 +0,0 @@
-#!/bin/sh
-# Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH
-# Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH
-# Copyright (c) 2002 SuSE Linux AG
-#
-# Author: Frank Bodammer, Peter Poeml, Klaus Singvogel
-#
-# /etc/init.d/squid
-# and its symbolic link
-# /(usr/)sbin/rcsquid
-#
-### BEGIN INIT INFO
-# Provides: squid
-# Required-Start: $local_fs $remote_fs $network $time
-# Should-Start: apache $named winbind
-# Required-Stop: $local_fs $remote_fs $network $time
-# Should-Stop: apache $named winbind
-# Default-Start: 3 5
-# Default-Stop: 0 1 2 6
-# Short-Description: Squid web cache
-# Description: Start the Squid web cache, providing
-# HTTP, FTP and other proxy services
-### END INIT INFO
-#
-# Note on runlevels:
-# 0 - halt/poweroff 6 - reboot
-# 1 - single user 2 - multiuser without network exported
-# 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm)
-
-
-# Check for missing binaries (stale symlinks should not happen)
-# Note: Special treatment of stop for LSB conformance
-SQUID_BIN=/usr/sbin/squid
-test -x $SQUID_BIN || { echo "$SQUID_BIN not installed";
- if [ "$1" = "stop" ]; then exit 0;
- else exit 5; fi; }
-
-# Check for existence of needed config file and read it
-SQUID_SYSCONFIG=/etc/sysconfig/squid
-test -r $SQUID_SYSCONFIG || { echo "$SQUID_SYSCONFIG not existing";
- if [ "$1" = "stop" ]; then exit 0;
- else exit 6; fi; }
-
-# Read config
-. $SQUID_SYSCONFIG
-
-SQUID_PID=/var/run/squid.pid
-SQUID_CONF=/etc/squid/squid.conf
-SQUID_S_T=${SQUID_SHUTDOWN_TIMEOUT:="60"}
-SQUID_OPTS=${SQUID_START_OPTIONS:="-sY"}
-SQUID_ULIMIT=${SQUID_DEFAULT_ULIMT:="4096"}
-
-# determine which one is the cache_swap directory
-SQUID_CACHE_DIR=$(perl -n -e \
- '/^cache_dir\s+\S+\s+(.*)\s+\d+\s+\d+\s+\d+/ && print "$1"' $SQUID_CONF)
-
-ulimit -n "$SQUID_ULIMIT"
-
-#IN: $SQUID_CACHE_DIR
-setup_squid_cache_dir(){
- for adir in "$1" ; do
- if [ ! -d $adir/00 ]; then # create missing cache directories
- umask 027 # prevent users reading any cache data
- echo -n " ($adir)"
- $SQUID_BIN -z -F > /dev/null 2>&1
- fi
- if [ ! -d $adir/00 ]; then
- echo " - failed while creating cache_dir ! "
- rc_failed
- rc_status -v
- rc_exit
- fi
- done
- sleep 2
-}
-
-# Shell functions sourced from /etc/rc.status:
-# rc_check check and set local and overall rc status
-# rc_status check and set local and overall rc status
-# rc_status -v be verbose in local rc status and clear it afterwards
-# rc_status -v -r ditto and clear both the local and overall rc status
-# rc_status -s display "skipped" and exit with status 3
-# rc_status -u display "unused" and exit with status 3
-# rc_failed set local and overall rc status to failed
-# rc_failed set local and overall rc status to
-# rc_reset clear both the local and overall rc status
-# rc_exit exit appropriate to overall rc status
-# rc_active checks whether a service is activated by symlinks
-. /etc/rc.status
-
-# Reset status of this service
-rc_reset
-
-
-case "$1" in
- start)
- echo -n "Starting WWW-proxy squid "
- if /sbin/checkproc $SQUID_BIN ; then
- echo -n "- Warning: squid already running ! "
- rc_failed
- else
- [ -e $SQUID_PID ] && echo -n "- Warning: $SQUID_PID exists ! "
- if [ -n "$SQUID_CACHE_DIR" -a -d "$SQUID_CACHE_DIR" ]; then
- setup_squid_cache_dir "$SQUID_CACHE_DIR"
- fi
- fi
- startproc -l /var/log/squid/rcsquid.log $SQUID_BIN "$SQUID_OPTS"
-
- # Remember status and be verbose
- rc_status -v
- ;;
- stop)
- echo -n "Shutting down WWW-proxy squid "
- if /sbin/checkproc $SQUID_BIN ; then
- $SQUID_BIN -k shutdown
- sleep 2
- if [ -e $SQUID_PID ] ; then
- echo -n "- wait a minute or two... "
- i="$SQUID_S_T"
- while [ -e $SQUID_PID ] && [ $i -gt 0 ] ; do
- sleep 2
- i=$[$i-1]
- echo -n "."
- [ $i -eq 41 ] && echo
- done
- fi
- if /sbin/checkproc $SQUID_BIN ; then
- killproc -TERM $SQUID_BIN
- echo -n " Warning: squid killed !"
- fi
- else
- echo -n "- Warning: squid not running ! "
- rc_failed 7
- fi
-
- # Remember status and be verbose
- rc_status -v
- ;;
- try-restart)
- $0 status >/dev/null && $0 restart
-
- # Remember status and be quiet
- rc_status
- ;;
- restart)
- $0 stop
- $0 start
-
- # Remember status and be quiet
- rc_status
- ;;
- force-reload)
- $0 reload
-
- # Remember status and be quiet
- rc_status
- ;;
- reload)
- echo -n "Reloading WWW-proxy squid "
- if /sbin/checkproc $SQUID_BIN ; then
- $SQUID_BIN -k rotate
- sleep 2
- $SQUID_BIN -k reconfigure
- rc_status
- else
- echo -n "- Warning: squid not running ! "
- rc_failed 7
- fi
-
- # Remember status and be verbose
- rc_status -v
- ;;
- status)
- echo -n "Checking for WWW-proxy squid "
- ## Check status with checkproc(8), if process is running
- ## checkproc will return with exit status 0.
-
- # Return value is slightly different for the status command:
- # 0 - service up and running
- # 1 - service dead, but /var/run/ pid file exists
- # 2 - service dead, but /var/lock/ lock file exists
- # 3 - service not running (unused)
- # 4 - service status unknown :-(
- # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
-
- # NOTE: checkproc returns LSB compliant status values.
- /sbin/checkproc $SQUID_BIN
-
- # Remember status and be verbose
- rc_status -v
- ;;
- probe)
- test $SQUID_CONF -nt $SQUID_PID && echo reload
- ;;
- *)
- echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
- exit 1
- ;;
-esac
-rc_exit
-
diff --git a/squid.init.rh b/squid.init.rh
deleted file mode 100644
index 15cb5b9..0000000
--- a/squid.init.rh
+++ /dev/null
@@ -1,187 +0,0 @@
-#!/bin/bash
-# chkconfig: - 90 25
-# pidfile: /var/run/squid.pid
-# config: /etc/squid/squid.conf
-#
-### BEGIN INIT INFO
-# Provides: squid
-# Short-Description: starting and stopping Squid Internet Object Cache
-# Description: Squid - Internet Object Cache. Internet object caching is \
-# a way to store requested Internet objects (i.e., data available \
-# via the HTTP, FTP, and gopher protocols) on a system closer to the \
-# requesting site than to the source. Web browsers can then use the \
-# local Squid cache as a proxy HTTP server, reducing access time as \
-# well as bandwidth consumption.
-### END INIT INFO
-
-
-PATH=/usr/bin:/sbin:/bin:/usr/sbin
-export PATH
-
-# Source function library.
-. /etc/rc.d/init.d/functions
-
-# Source networking configuration.
-. /etc/sysconfig/network
-
-if [ -f /etc/sysconfig/squid ]; then
- . /etc/sysconfig/squid
-fi
-
-# don't raise an error if the config file is incomplete
-# set defaults instead:
-SQUID_OPTS=${SQUID_OPTS:-""}
-SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20}
-SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}
-SQUID_CONF=${SQUID_CONF:-"/etc/squid/squid.conf"}
-SQUID_PIDFILE_DIR="/var/run/squid"
-SQUID_USER="squid"
-SQUID_DIR="squid"
-
-# determine the name of the squid binary
-[ -f /usr/sbin/squid ] && SQUID=squid
-
-prog="$SQUID"
-
-# determine which one is the cache_swap directory
-CACHE_SWAP=`sed -e 's/#.*//g' $SQUID_CONF | \
- grep cache_dir | awk '{ print $3 }'`
-
-RETVAL=0
-
-probe() {
- # Check that networking is up.
- [ ${NETWORKING} = "no" ] && exit 1
-
- [ `id -u` -ne 0 ] && exit 4
-
- # check if the squid conf file is present
- [ -f $SQUID_CONF ] || exit 6
-}
-
-start() {
- # Check if $SQUID_PIDFILE_DIR exists and if not, lets create it and give squid permissions.
- if [ ! -d $SQUID_PIDFILE_DIR ] ; then mkdir $SQUID_PIDFILE_DIR ; chown -R $SQUID_USER.$SQUID_DIR $SQUID_PIDFILE_DIR; fi
- probe
-
- parse=`$SQUID -k parse -f $SQUID_CONF 2>&1`
- RETVAL=$?
- if [ $RETVAL -ne 0 ]; then
- echo -n $"Starting $prog: "
- echo_failure
- echo
- echo "$parse"
- return 1
- fi
- for adir in $CACHE_SWAP; do
- if [ ! -d $adir/00 ]; then
- echo -n "init_cache_dir $adir... "
- $SQUID -z -F -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1
- fi
- done
- echo -n $"Starting $prog: "
- $SQUID $SQUID_OPTS -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1
- RETVAL=$?
- if [ $RETVAL -eq 0 ]; then
- timeout=0;
- while : ; do
- [ ! -f /var/run/squid.pid ] || break
- if [ $timeout -ge $SQUID_PIDFILE_TIMEOUT ]; then
- RETVAL=1
- break
- fi
- sleep 1 && echo -n "."
- timeout=$((timeout+1))
- done
- fi
- [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$SQUID
- [ $RETVAL -eq 0 ] && echo_success
- [ $RETVAL -ne 0 ] && echo_failure
- echo
- return $RETVAL
-}
-
-stop() {
- echo -n $"Stopping $prog: "
- $SQUID -k check -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1
- RETVAL=$?
- if [ $RETVAL -eq 0 ] ; then
- $SQUID -k shutdown -f $SQUID_CONF &
- rm -f /var/lock/subsys/$SQUID
- timeout=0
- while : ; do
- [ -f /var/run/squid.pid ] || break
- if [ $timeout -ge $SQUID_SHUTDOWN_TIMEOUT ]; then
- echo
- return 1
- fi
- sleep 2 && echo -n "."
- timeout=$((timeout+2))
- done
- echo_success
- echo
- else
- echo_failure
- if [ ! -e /var/lock/subsys/$SQUID ]; then
- RETVAL=0
- fi
- echo
- fi
- rm -rf $SQUID_PIDFILE_DIR/*
- return $RETVAL
-}
-
-reload() {
- $SQUID $SQUID_OPTS -k reconfigure -f $SQUID_CONF
-}
-
-restart() {
- stop
- rm -rf $SQUID_PIDFILE_DIR/*
- start
-}
-
-condrestart() {
- [ -e /var/lock/subsys/squid ] && restart || :
-}
-
-rhstatus() {
- status $SQUID && $SQUID -k check -f $SQUID_CONF
-}
-
-
-case "$1" in
-start)
- start
- ;;
-
-stop)
- stop
- ;;
-
-reload|force-reload)
- reload
- ;;
-
-restart)
- restart
- ;;
-
-condrestart|try-restart)
- condrestart
- ;;
-
-status)
- rhstatus
- ;;
-
-probe)
- probe
- ;;
-
-*)
- echo $"Usage: $0 {start|stop|status|reload|force-reload|restart|try-restart|probe}"
- exit 2
-esac
-
-exit $?
diff --git a/squid.logrotate b/squid.logrotate
index 45fa5f6..d432dc1 100644
--- a/squid.logrotate
+++ b/squid.logrotate
@@ -1,4 +1,5 @@
/var/log/squid/access.log /var/log/squid/store.log /var/log/squid/cache.log {
+ su squid squid
compress
dateext
maxage 365
diff --git a/squid.permissions.easy b/squid.permissions.easy
deleted file mode 100644
index 275897d..0000000
--- a/squid.permissions.easy
+++ /dev/null
@@ -1,5 +0,0 @@
-/var/cache/squid/ squid:root 750
-/var/log/squid/ squid:root 750
-/usr/sbin/pinger root:squid 750
- +capabilities cap_net_raw=ep
-/usr/sbin/basic_pam_auth root:shadow 2750
diff --git a/squid.permissions.paranoid b/squid.permissions.paranoid
deleted file mode 100644
index bf26c3c..0000000
--- a/squid.permissions.paranoid
+++ /dev/null
@@ -1,5 +0,0 @@
-/var/cache/squid/ squid:root 750
-/var/log/squid/ squid:root 750
-/usr/sbin/pinger root:squid 750
- +capabilities cap_net_raw=ep
-/usr/sbin/basic_pam_auth root:root 755
diff --git a/squid.spec b/squid.spec
index 70c1fc6..3238f34 100644
--- a/squid.spec
+++ b/squid.spec
@@ -1,7 +1,7 @@
#
# spec file for package squid
#
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,42 +17,23 @@
%define squidlibdir %{_libdir}/squid
-%define squidconfdir /etc/squid
-#define snap -20131225-r13064
-
+%define squidconfdir %{_sysconfdir}/squid
Name: squid
+Version: 3.4.10
+Release: 0
Summary: A fully featured HTTP/1.0 proxy
License: GPL-2.0+
Group: Productivity/Networking/Web/Proxy
-Version: 3.4.9
-Release: 0
Url: http://www.squid-cache.org/Versions/v3/3.4
Source0: http://www.squid-cache.org/Versions/v3/3.4/%{name}-%{version}.tar.bz2
Source1: http://www.squid-cache.org/Versions/v3/3.4/%{name}-%{version}.tar.bz2.asc
-Source2: RELEASENOTES.html
-Source3: squid.init
Source4: squid.sysconfig
Source5: pam.squid
Source6: unsquid.pl
Source7: %{name}.logrotate
-###Source9: %%{name}.permissions.easy
Source10: README.kerberos
Source11: %{name}.service
Source13: %{name}.keyring
-Source14: squid.init.rh
-###Source15: %%{name}.permissions.paranoid
-
-#
-# the following patches are downloaded directly from the webserver
-# don't change the names for easier identification
-#
-# please read every file if there is interest about what the patch changes
-# or just visit: http://www.squid-cache.org/Versions/v3/3.2/changesets/
-#
-#
-# Upstream patch
-# Patch0:
-
# do not show some rpmlint warnings
Source99: squid-rpmlintrc
# some useful defaults for squid
@@ -64,87 +45,49 @@ Patch101: %{name}-nobuilddates.patch
Patch102: %{name}-compiled_without_RPM_OPT_FLAGS.patch
# patch fixes kerberos principalname handling (http://bugs.squid-cache.org/show_bug.cgi?id=4042)
Patch103: squid-brokenad.patch
-
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
-%if 0%{?suse_version}
-PreReq: %fillup_prereq
-PreReq: %insserv_prereq
-PreReq: /usr/bin/getent
-PreReq: permissions
-PreReq: pwdutils
-%else
-Requires(pre): shadow-utils
-Requires(post): /sbin/chkconfig
-Requires(preun): /sbin/service /sbin/chkconfig
-Requires(postun): /sbin/service
-%endif
-BuildRequires: db-devel
-# needed by bootstrap.sh
BuildRequires: cyrus-sasl-devel
+BuildRequires: db-devel
BuildRequires: ed
BuildRequires: expat
-%if 0%{?suse_version} || 0%{?fedora_version} > 8
BuildRequires: fdupes
-%endif
BuildRequires: gcc-c++
BuildRequires: krb5-devel
BuildRequires: libcap-devel
BuildRequires: libexpat-devel
-%if 0%{?suse_version} <= 1140
-BuildRequires: libtool
-%else
BuildRequires: libtool >= 2.4
-%endif
BuildRequires: openldap2-devel
BuildRequires: opensp-devel
BuildRequires: openssl-devel
BuildRequires: pam-devel
BuildRequires: pkgconfig
BuildRequires: sharutils
-%if 0%{?suse_version} < 1220
-BuildRequires: libxml2-devel
-%else
-BuildRequires: pkgconfig(libxml-2.0)
-%endif
-
-%if 0%{?suse_version} >= 1210
BuildRequires: systemd
-%{?systemd_requires}
-%define has_systemd 1
-%endif
-
+BuildRequires: pkgconfig(libxml-2.0)
Requires: logrotate
Requires: sed
-Provides: http_proxy
-
-# due to package rename
-# Wed Aug 15 17:40:30 UTC 2012
+Requires(post): %fillup_prereq
+Requires(pre): %insserv_prereq
+Requires(pre): %{_bindir}/getent
+Requires(pre): permissions
+Requires(pre): pwdutils
Provides: %{name}3 = %{version}
+Provides: http_proxy
Obsoletes: %{name}3 < %{version}
+BuildRoot: %{_tmppath}/%{name}-%{version}-build
+%{?systemd_requires}
%description
-Squid is a fully-featured HTTP/1.0 proxy which is almost (but not quite - we're getting there!) a fully-featured HTTP/1.1 proxy. Squid offers a rich access control, authorization and logging environment to develop web proxy and content serving applications. Squid offers a rich set of traffic optimization options, most of which are enabled by default for simpler installation and high performance.
-
-Squid 3.4 represents a new feature release above 3.3.
-
-The most important of these new features are:
-
- * Helper protocol extensions
- * SSL Server Certificate Validator
- * Store-ID
- * TPROXY Support for OpenBSD 5.1+ and FreeBSD 9+
- * Transaction Annotations
- * Multicast DNS
+Squid is a fully-featured HTTP/1.0 proxy which is almost a fully-featured
+HTTP/1.1 proxy. Squid offers a rich access control, authorization and logging
+environment to develop web proxy and content serving applications.
+Squid offers a rich set of traffic optimization options, most of which are
+enabled by default for simpler installation and high performance.
%prep
-#setup -q -n %{name}-%{version}%{snap}
-%setup -q -n %{name}-%{version}
-cp %{S:10} .
-# upstream patches after RELEASE
-#
-##### other patches
+%setup -q
+cp %{SOURCE10} .
%patch100
-perl -p -i -e 's|/usr/local/bin/perl|/usr/bin/perl|' `find -name "*.pl"`
+perl -p -i -e 's|%{_prefix}/local/bin/perl|%{_bindir}/perl|' `find -name "*.pl"`
chmod a-x CREDITS
%patch101
%patch102
@@ -157,19 +100,12 @@ export LDFLAGS='-Wl,-z,relro,-z,now -pie'
%configure \
--disable-strict-error-checking \
--sysconfdir=%{squidconfdir} \
- --libexecdir=/usr/sbin \
- --datadir=/usr/share/squid \
- --sharedstatedir=/var/squid \
- --with-logdir=/var/log/squid \
-%if 0%{?has_systemd}
+ --libexecdir=%{_sbindir} \
+ --datadir=%{_datadir}/squid \
+ --sharedstatedir=%{_localstatedir}/squid \
+ --with-logdir=%{_localstatedir}/log/squid \
--with-pidfile=/run/squid.pid \
-%else
- --with-pidfile=/var/run/squid.pid \
-%endif
--with-dl \
-%if 0%{?suse_version} <= 1140
- --with-included-ltdl \
-%endif
--enable-disk-io \
--enable-storeio \
--enable-removal-policies=heap,lru \
@@ -214,7 +150,7 @@ make SAMBAPREFIX=/usr %{?_smp_mflags}
%install
%{_sbindir}/groupadd -g 31 -r %{name} 2>/dev/null || :
-%{_sbindir}/useradd -c "WWW-proxy squid" -d /var/cache/%{name} \
+%{_sbindir}/useradd -c "WWW-proxy squid" -d %{_localstatedir}/cache/%{name} \
-g %{name} -o -u 31 -r -s /bin/false 2> /dev/null || :
install -d -m 750 %{buildroot}%{_localstatedir}/{cache,log}/%{name}
@@ -223,25 +159,8 @@ install -d %{buildroot}%{_prefix}/sbin
# make_install
make install DESTDIR=%{buildroot} SAMBAPREFIX=/usr
-mv %{buildroot}{/etc/%{name}/,/usr/share/%{name}/}mime.conf.default
-ln -s /etc/%{name}/mime.conf %{buildroot}%{_datadir}/%{name} # backward compatible
-
-#### install permissions files
-###%%if 0%%{?suse_version} <= 1320
-###cp -a %%{SOURCE9} %%{name}.easy
-###cp -a %%{SOURCE9} %%{name}.secure
-###cp -a %%{SOURCE15} %%{name}.paranoid
-###%if !0%%{?has_systemd}
-###sed -i -re '/capabilities/d;s@^(/usr/sbin/pinger.*)750@\12750@g' %%{name}.easy
-###sed -i -re '/capabilities/d;s@^(/usr/sbin/pinger.*)750@\12750@g' %%{name}.secure
-###sed -i -re '/capabilities/d;s@^(/usr/sbin/pinger.*)750@\1750@g' %%{name}.paranoid
-###%%endif
-
-###install -D -m 644 %%{name}.easy %%{buildroot}%%{_sysconfdir}/permissions.d/%%{name}.easy
-#### pinger should be secure "enough" anyway paranoid will strip everything :)
-###install -m 644 %%{name}.secure %%{buildroot}%%{_sysconfdir}/permissions.d/%%{name}.secure
-###install -m 644 %%{name}.paranoid %%{buildroot}%%{_sysconfdir}/permissions.d/%%{name}.paranoid
-###%%endif
+mv %{buildroot}{%{_sysconfdir}/%{name}/,%{_datadir}/%{name}/}mime.conf.default
+ln -s %{_sysconfdir}/%{name}/mime.conf %{buildroot}%{_datadir}/%{name} # backward compatible
# install logrotate file
install -D -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
@@ -266,34 +185,15 @@ for i in errors/*; do
install -m 644 $i/* %{buildroot}%{_datadir}/%{name}/$i
fi
done
-ln -sf /usr/share/%{name}/errors/de %{buildroot}%{squidconfdir}/errors
+ln -sf %{_datadir}/%{name}/errors/de %{buildroot}%{squidconfdir}/errors
+
+# systemd service
+install -D -m 644 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}.service
+ln -sf service %{buildroot}%{_sbindir}/rc%{name}
+install -D -m644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
# fix file duplicates
-%if 0%{?suse_version} > 1030
%fdupes -s %{buildroot}%{_prefix}
-%endif
-%if 0%{?fedora_version} > 8
-fdupes -q -n -r %{buildroot}%{_prefix}
-%endif
-
-%if 0%{?has_systemd}
- install -D -m 644 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}.service
- ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
-%else # SysVinit
- # fix postrotate script for SysVinit
- sed -i -re 's@/usr/bin/systemctl.*@/etc/init.d/squid reload@g' %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
- %if 0%{?suse_version}
- install -D %{SOURCE3} %{buildroot}%{_sysconfdir}/init.d/%{name}
- ln -sf %{_sysconfdir}/init.d/%{name} %{buildroot}%{_sbindir}/rc%{name}
- %else # lets just assume other are rh based ones...
- install -D %{SOURCE14} %{buildroot}%{_sysconfdir}/init.d/%{name}
- %endif
-%endif
-%if 0%{?suse_version}
- install -D -m644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
-%else
- install -D -m644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/%{name}
-%endif
%pre
# we need this group for /usr/sbin/pinger
@@ -306,7 +206,7 @@ if [ -z "`%{_bindir}/getent group winbind 2>/dev/null`" ]; then
%{_sbindir}/groupadd -r winbind 2>/dev/null
fi
if [ -z "`%{_bindir}/getent passwd squid 2>/dev/null`" ]; then
- %{_sbindir}/useradd -c "WWW-proxy squid" -d /var/cache/%{name} \
+ %{_sbindir}/useradd -c "WWW-proxy squid" -d %{_localstatedir}/cache/%{name} \
-G winbind -g %{name} -o -u 31 -r -s /bin/false \
%{name} 2>/dev/null
fi
@@ -314,78 +214,36 @@ fi
if [ `%{_bindir}/id -nG %{name} 2>/dev/null | grep -q winbind >/dev/null; echo $?` -ne 0 ]; then
%{_sbindir}/usermod -G winbind %{name} 2>/dev/null
fi
-
-%if 0%{?has_systemd}
%service_add_pre %{name}.service
-%endif
%post
-%if 0%{?suse_version} >= 1140
- %if 0%{?set_permissions:1}
%set_permissions %{_sbindir}/pinger
%set_permissions %{_sbindir}/basic_pam_auth
%set_permissions %{_localstatedir}/cache/squid/
%set_permissions %{_localstatedir}/log/squid/
- %else
-%run_permissions
- %endif
-%endif
# update mode?
if [ "$1" -gt "1" ]; then
if [ -e etc/%{name}.conf -a ! -L etc/%{name}.conf -a ! -e etc/%{name}/%{name}.conf ]; then
- echo "moving /etc/%{name}.conf to /etc/%{name}/%{name}.conf"
+ echo "moving %{_sysconfdir}/%{name}.conf to %{_sysconfdir}/%{name}/%{name}.conf"
mv etc/%{name}.conf etc/%{name}/%{name}.conf
fi
# default group changed from nogroup to squid
%{_sbindir}/usermod -g %{name} %{name}
fi
-
-%if 0%{?has_systemd}
+%fillup_only
%service_add_post squid.service
-%else
- %if 0%{?suse_version}
-%{fillup_and_insserv -n "squid"}
- %else
- /sbin/chkconfig --add squid
- %endif
-%endif
%preun
-%if 0%{?has_systemd}
%service_del_preun squid.service
-%else
- %if 0%{?suse_version}
-%stop_on_removal squid
- %else
- if [ $1 = 0 ] ; then
- service squid stop >/dev/null 2>&1
- rm -f /var/log/squid/*
- /sbin/chkconfig --del squid
- fi
- %endif
-%endif
-%if 0%{?suse_version}
%verifyscript
-%verify_permissions -e /usr/sbin/basic_pam_auth
-%verify_permissions -e /usr/sbin/pinger
-%verify_permissions -e /var/cache/squid/
-%verify_permissions -e /var/log/squid/
-%endif
+%verify_permissions -e %{_sbindir}/basic_pam_auth
+%verify_permissions -e %{_sbindir}/pinger
+%verify_permissions -e %{_localstatedir}/cache/squid/
+%verify_permissions -e %{_localstatedir}/log/squid/
%postun
-%if 0%{?has_systemd}
%service_del_postun squid.service
-%else
- %if 0%{?suse_version}
-%restart_on_update squid
-%insserv_cleanup
- %else
- if [ "$1" -ge "1" ] ; then
- service squid condrestart >/dev/null 2>&1
- fi
- %endif
-%endif
%files
%defattr(-,root,root)
@@ -395,11 +253,7 @@ fi
%doc doc/contrib doc/scripts
%doc doc/debug-sections.txt src/%{name}.conf.default
%doc %{_mandir}/man?/*
-%if 0%{?has_systemd}
%{_unitdir}/%{name}.service
-%else
-%{_sysconfdir}/init.d/%{name}
-%endif
%verify(not user group mode) %attr(750,%{name},root) %dir %{_localstatedir}/cache/%{name}/
%verify(not user group mode) %attr(750,%{name},root) %dir %{_localstatedir}/log/%{name}/
%dir %{squidconfdir}
@@ -416,11 +270,6 @@ fi
%config %{squidconfdir}/%{name}.conf.default
%config %{squidconfdir}/%{name}.conf.documented
%config %{_sysconfdir}/pam.d/%{name}
-###%%if 0%%{?suse_version} <= 1320
-###%%config %%{_sysconfdir}/permissions.d/%%{name}.easy
-###%%config %%{_sysconfdir}/permissions.d/%%{name}.secure
-###%%config %%{_sysconfdir}/permissions.d/%%{name}.paranoid
-###%%endif
%dir %{_datadir}/%{name}
%{_datadir}/%{name}/errors
%{_datadir}/%{name}/icons
@@ -438,7 +287,6 @@ fi
%{_sbindir}/basic_ncsa_auth
%{_sbindir}/basic_nis_auth
%verify(not mode) %attr(2750,root,shadow) %{_sbindir}/basic_pam_auth
-#{_sbindir}/basic_pam_auth
%{_sbindir}/basic_pop3_auth
%{_sbindir}/basic_radius_auth
%{_sbindir}/basic_sasl_auth
@@ -446,7 +294,6 @@ fi
%{_sbindir}/basic_smb_auth.sh
%{_sbindir}/cert_tool
%{_sbindir}/cert_valid.pl
-#{_sbindir}/digest_edirectory_auth
%{_sbindir}/digest_file_auth
%{_sbindir}/digest_ldap_auth
%{_sbindir}/diskd
@@ -465,24 +312,15 @@ fi
%{_sbindir}/negotiate_wrapper_auth
%{_sbindir}/ntlm_fake_auth
%{_sbindir}/ntlm_smb_lm_auth
-# not working %%caps(cap_net_raw=ep)
-%if 0%{?has_systemd}
%verify(not user group mode caps) %attr(750,root,squid) %{_sbindir}/pinger
-%else
-%verify(not user group mode) %attr(2750,root,squid) %{_sbindir}/pinger
-%endif
%{_sbindir}/%{name}
%{_sbindir}/ssl_crtd
%{_sbindir}/storeid_file_rewrite
%{_sbindir}/unlinkd
%{_sbindir}/url_fake_rewrite
%{_sbindir}/url_fake_rewrite.sh
-%if 0%{?suse_version}
%{_sbindir}/rc%{name}
%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
-%else
-%{_sysconfdir}/sysconfig/%{name}
-%endif
%dir %{_libdir}/%{name}
%{_libdir}/%{name}/cachemgr.cgi