Accepting request 776203 from home:kukuk:container

- Use sysusers instead of shadow to create squid user and groups
- Don't hard require systemd

OBS-URL: https://build.opensuse.org/request/show/776203
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=204
This commit is contained in:
Martin Pluskal 2020-02-19 08:58:35 +00:00 committed by Git OBS Bridge
parent 4575171bf0
commit 53be975248
3 changed files with 22 additions and 20 deletions

4
squid-user.conf Normal file
View File

@ -0,0 +1,4 @@
# Type Name ID GECOS [HOME]
u squid - "WWW-proxy squid" /var/cache/squid
g winbind - -
m squid winbind

View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Tue Feb 18 15:46:02 CET 2020 - kukuk@suse.de
- Use sysusers instead of shadow to create squid user and groups
- Don't hard require systemd
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Feb 5 09:57:59 UTC 2020 - Adam Majer <adam.majer@suse.de> Wed Feb 5 09:57:59 UTC 2020 - Adam Majer <adam.majer@suse.de>

View File

@ -33,6 +33,7 @@ Source7: %{name}.logrotate
Source9: %{name}.permissions Source9: %{name}.permissions
Source10: README.kerberos Source10: README.kerberos
Source11: %{name}.service Source11: %{name}.service
Source12: %{name}-user.conf
# http://lists.squid-cache.org/pipermail/squid-announce/2016-October/000064.html # http://lists.squid-cache.org/pipermail/squid-announce/2016-October/000064.html
Source13: http://www.squid-cache.org/pgp.asc#/squid.keyring Source13: http://www.squid-cache.org/pgp.asc#/squid.keyring
Source15: cache_dir.sed Source15: cache_dir.sed
@ -55,6 +56,8 @@ BuildRequires: pam-devel
BuildRequires: pkgconfig BuildRequires: pkgconfig
BuildRequires: samba-winbind BuildRequires: samba-winbind
BuildRequires: sharutils BuildRequires: sharutils
BuildRequires: sysuser-shadow
BuildRequires: sysuser-tools
BuildRequires: pkgconfig(expat) BuildRequires: pkgconfig(expat)
BuildRequires: pkgconfig(gssrpc) BuildRequires: pkgconfig(gssrpc)
BuildRequires: pkgconfig(kdb) BuildRequires: pkgconfig(kdb)
@ -64,16 +67,16 @@ BuildRequires: pkgconfig(libxml-2.0)
BuildRequires: pkgconfig(nettle) BuildRequires: pkgconfig(nettle)
Requires: logrotate Requires: logrotate
Requires(pre): permissions Requires(pre): permissions
Requires(pre): shadow
Provides: http_proxy Provides: http_proxy
# due to package rename # due to package rename
# Wed Aug 15 17:40:30 UTC 2012 # Wed Aug 15 17:40:30 UTC 2012
Provides: %{name}3 = %{version} Provides: %{name}3 = %{version}
Obsoletes: %{name}3 < %{version} Obsoletes: %{name}3 < %{version}
%{?systemd_requires} %{?systemd_ordering}
%if 0%{?suse_version} >= 1330 %if 0%{?suse_version} >= 1330
BuildRequires: libnsl-devel BuildRequires: libnsl-devel
%endif %endif
%sysusers_requires
%description %description
Squid is a caching proxy for the Web supporting HTTP(S), FTP, and Squid is a caching proxy for the Web supporting HTTP(S), FTP, and
@ -142,6 +145,7 @@ export LDFLAGS="-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro,-z,now -pie"
--enable-security-cert-generators \ --enable-security-cert-generators \
--enable-security-cert-validators --enable-security-cert-validators
make SAMBAPREFIX=%{_prefix} %{?_smp_mflags} make SAMBAPREFIX=%{_prefix} %{?_smp_mflags}
%sysusers_generate_pre %{SOURCE12} squid
%install %install
install -d -m 750 %{buildroot}%{_localstatedir}/{cache,log}/%{name} install -d -m 750 %{buildroot}%{_localstatedir}/{cache,log}/%{name}
@ -197,28 +201,15 @@ mkdir -p %{buildroot}%{_datadir}/snmp/mibs
mv %{buildroot}%{_datadir}/squid/mib.txt \ mv %{buildroot}%{_datadir}/squid/mib.txt \
%{buildroot}%{_datadir}/snmp/mibs/SQUID-MIB.txt %{buildroot}%{_datadir}/snmp/mibs/SQUID-MIB.txt
# Install sysusers file.
mkdir -p %{buildroot}%{_sysusersdir}
install -m 644 %{SOURCE12} %{buildroot}%{_sysusersdir}/
%check %check
# Fails in chroot environment # Fails in chroot environment
make %{?_smp_mflags} check make %{?_smp_mflags} check
%pre %pre -f squid.pre
# we need this group for /usr/sbin/pinger
getent group %{name} >/dev/null || %{_sbindir}/groupadd -g 31 -r %{name}
# we need this group for squid (ntlmauth)
# read access to /var/lib/samba/winbindd_privileged
getent group winbind >/dev/null || %{_sbindir}/groupadd -r winbind
getent passwd squid >/dev/null || \
%{_sbindir}/useradd -c "WWW-proxy squid" -d %{_localstatedir}/cache/%{name} \
-G winbind -g %{name} -o -u 31 -r -s /bin/false \
%{name}
# if default group is not squid, change it
if [ "$(%{_bindir}/id -ng %{name} 2>/dev/null)" != "%{name}" ]; then
%{_sbindir}/usermod -g %{name} %{name}
fi
# if squid is not member of winbind, add him
if [ $(%{_bindir}/id -nG %{name} 2>/dev/null | grep -q winbind; echo $?) -ne 0 ]; then
%{_sbindir}/usermod -G winbind %{name}
fi
%service_add_pre %{name}.service %service_add_pre %{name}.service
# update mode? # update mode?
@ -265,6 +256,7 @@ fi
%dir %{squidconfdir} %dir %{squidconfdir}
%dir %{_tmpfilesdir} %dir %{_tmpfilesdir}
%{_tmpfilesdir}/squid.conf %{_tmpfilesdir}/squid.conf
%{_sysusersdir}/squid-user.conf
%config(noreplace) %{squidconfdir}/cachemgr.conf %config(noreplace) %{squidconfdir}/cachemgr.conf
%config(noreplace) %{squidconfdir}/errorpage.css %config(noreplace) %{squidconfdir}/errorpage.css
%config(noreplace) %{squidconfdir}/errors %config(noreplace) %{squidconfdir}/errors