diff --git a/squid-3.4.10.tar.bz2 b/squid-3.4.10.tar.bz2 deleted file mode 100644 index 6a1503e..0000000 --- a/squid-3.4.10.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5a971c4f5404113bd0264d13137cd5f326b58ef20c17beae836036668aeabc97 -size 3043193 diff --git a/squid-3.4.10.tar.bz2.asc b/squid-3.4.10.tar.bz2.asc deleted file mode 100644 index 2dcf177..0000000 --- a/squid-3.4.10.tar.bz2.asc +++ /dev/null @@ -1,20 +0,0 @@ -File: squid-3.4.10.tar.bz2 -Date: Tue Dec 9 17:23:33 UTC 2014 -Size: 3043193 -MD5 : 326283b0c37e7dc9b2f90dc0ecd9a8a4 -SHA1: a04ab50971e1a446fe82514fff830898661c6fad -Key : 0xFF5CF463 - fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463 - keyring = http://www.squid-cache.org/pgp.asc - keyserver = subkeys.pgp.net ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iQEcBAABAgAGBQJUhzBbAAoJELJo5wb/XPRjUCIH/3hfJgMi/iKRZpedeFjQhstf -twbTxrtW1x+Er6J3pswPUIbLcYARHhsTpfYHAatleE1Ccl9b16FXSMSXobHpmrab -YR1q/N/W3QwgqH3D2a2m8eUNJTWxTeZ1xYeGzHJK7sgKfaBbt/JlYfs8nh7ekdkV -GjHzHa3IDuq5VX4Pra6riCW9NjAvUo8oaesU3ZRjV9fECbZ2XMqvrxHq7V7bGOgx -sU1gsRjlgsAZeFDiEXz+Dww2RBh46/gUwJZwO/uTYmJjPzr4hFb1PLwEVL4+auv2 -uS8lta6K9ZpIXPXaKj0zntG1Z+5X77SoLoTQMq06PpLlGpDjYMDzcs25mCyU1R0= -=Ooir ------END PGP SIGNATURE----- diff --git a/squid-3.4.11.tar.bz2 b/squid-3.4.11.tar.bz2 new file mode 100644 index 0000000..0c5bdfd --- /dev/null +++ b/squid-3.4.11.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:30547c4e8aa319decb4b2b4911f667f7c912f0bb7c51851063970552be5e2d5d +size 3047198 diff --git a/squid-3.4.11.tar.bz2.asc b/squid-3.4.11.tar.bz2.asc new file mode 100644 index 0000000..41f96c5 --- /dev/null +++ b/squid-3.4.11.tar.bz2.asc @@ -0,0 +1,20 @@ +File: squid-3.4.11.tar.bz2 +Date: Tue Jan 13 12:35:37 UTC 2015 +Size: 3047198 +MD5 : 9b2c457c889b026ffcada0cfe03c19ae +SHA1: c01bedfdfdf51e689f29a96de62ad301d984b26a +Key : 0xFF5CF463 + fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463 + keyring = http://www.squid-cache.org/pgp.asc + keyserver = subkeys.pgp.net +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQEcBAABAgAGBQJUtRGiAAoJELJo5wb/XPRj2PMH/RxXg8QmRzrDClMOdEUC24mP +zwT5WbaaCOtIEtAeMJoO+gSPS7t9bMLyJ3Q0VOh6Ql3M1RdxsSTp6FS40YxX/UAK +CVgR5dmF418S/Dy9zrOzucUdeUHEqMS8bFmo9GsLuvRIqbTSfj+QejEAOVQ08oNf +9MLhI4N6yFNVbKziFWIOsXGI0xIsWlYX+RnuRiG9tDGLn3oqCUqJbTjQyaLBDrQY +fW46Y9iIQzfe+W5t4paR6S+cdCSX8u2aPnVPdvdKS2cy5Y1dnZBo/pRjq2+PeY7t +PT3TNvlevapjH4lWPxqWyxtnMU3/g9dfmFmG0y6u6DYAzuS0clu77jBYuP1u8uM= +=IzkO +-----END PGP SIGNATURE----- diff --git a/squid.changes b/squid.changes index 5d99c67..bfe4432 100644 --- a/squid.changes +++ b/squid.changes @@ -1,3 +1,37 @@ +------------------------------------------------------------------- +Wed Feb 18 23:28:06 UTC 2015 - chris@computersalat.de + +- remove obsolete RELEASENOTES.html + * included in package + +------------------------------------------------------------------- +Wed Feb 11 22:35:30 UTC 2015 - mpluskal@suse.com + +- Update to 3.4.11: + * cachemgr.cgi: memory leak in request parser + * Fix typo on commStartSslClose + * Fix SQUID_CC_REQUIRE_ARGUMENT autoconf macro + * Bug #3760: squidclient ignores --disable-ipv6 + * Bug #3664: ssl_crtd fails to build on OpenSolaris/OpenIndiana/Solaris 11 + * Bug #3754: configure doesnt detect IPFilter 5.1.2 system headers + * Bug #4164: SEGFAULT when %W formating code used in errorpages + * Deleting first fs left psstate->servers pointing to uninitialized memory + * Maintenance: check release notes on packaging + * Bug #4057: Avoid on-exit crashes when adaptation is enabled. + +------------------------------------------------------------------- +Sat Jan 10 01:08:40 UTC 2015 - chris@computersalat.de + +- recover old spec + * merge in suggested changes from tchvatal +- fix permissions for SLE11 + * revert suid bit for pinger and basic_pam_auth + add them to permissions file (commented) +- readd deleted files + * RELEASENOTES + * permissions (needed for SLE11) + * init.rh + ------------------------------------------------------------------- Fri Jan 9 10:19:10 UTC 2015 - tchvatal@suse.com diff --git a/squid.init b/squid.init new file mode 100644 index 0000000..cb400db --- /dev/null +++ b/squid.init @@ -0,0 +1,201 @@ +#!/bin/sh +# Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH +# Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH +# Copyright (c) 2002 SuSE Linux AG +# +# Author: Frank Bodammer, Peter Poeml, Klaus Singvogel +# +# /etc/init.d/squid +# and its symbolic link +# /(usr/)sbin/rcsquid +# +### BEGIN INIT INFO +# Provides: squid +# Required-Start: $local_fs $remote_fs $network $time +# Should-Start: apache $named winbind +# Required-Stop: $local_fs $remote_fs $network $time +# Should-Stop: apache $named winbind +# Default-Start: 3 5 +# Default-Stop: 0 1 2 6 +# Short-Description: Squid web cache +# Description: Start the Squid web cache, providing +# HTTP, FTP and other proxy services +### END INIT INFO +# +# Note on runlevels: +# 0 - halt/poweroff 6 - reboot +# 1 - single user 2 - multiuser without network exported +# 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm) + + +# Check for missing binaries (stale symlinks should not happen) +# Note: Special treatment of stop for LSB conformance +SQUID_BIN=/usr/sbin/squid +test -x $SQUID_BIN || { echo "$SQUID_BIN not installed"; + if [ "$1" = "stop" ]; then exit 0; + else exit 5; fi; } + +# Check for existence of needed config file and read it +SQUID_SYSCONFIG=/etc/sysconfig/squid +test -r $SQUID_SYSCONFIG || { echo "$SQUID_SYSCONFIG not existing"; + if [ "$1" = "stop" ]; then exit 0; + else exit 6; fi; } + +# Read config +. $SQUID_SYSCONFIG + +SQUID_PID=/var/run/squid.pid +SQUID_CONF=/etc/squid/squid.conf +SQUID_S_T=${SQUID_SHUTDOWN_TIMEOUT:="60"} +SQUID_OPTS=${SQUID_START_OPTIONS:="-sY"} +SQUID_ULIMIT=${SQUID_DEFAULT_ULIMT:="4096"} + +# determine which one is the cache_swap directory +SQUID_CACHE_DIR=$(perl -n -e \ + '/^cache_dir\s+\S+\s+(.*)\s+\d+\s+\d+\s+\d+/ && print "$1"' $SQUID_CONF) + +ulimit -n "$SQUID_ULIMIT" + +#IN: $SQUID_CACHE_DIR +setup_squid_cache_dir(){ + for adir in "$1" ; do + if [ ! -d $adir/00 ]; then # create missing cache directories + umask 027 # prevent users reading any cache data + echo -n " ($adir)" + $SQUID_BIN -z -F > /dev/null 2>&1 + fi + if [ ! -d $adir/00 ]; then + echo " - failed while creating cache_dir ! " + rc_failed + rc_status -v + rc_exit + fi + done + sleep 2 +} + +# Shell functions sourced from /etc/rc.status: +# rc_check check and set local and overall rc status +# rc_status check and set local and overall rc status +# rc_status -v be verbose in local rc status and clear it afterwards +# rc_status -v -r ditto and clear both the local and overall rc status +# rc_status -s display "skipped" and exit with status 3 +# rc_status -u display "unused" and exit with status 3 +# rc_failed set local and overall rc status to failed +# rc_failed set local and overall rc status to +# rc_reset clear both the local and overall rc status +# rc_exit exit appropriate to overall rc status +# rc_active checks whether a service is activated by symlinks +. /etc/rc.status + +# Reset status of this service +rc_reset + + +case "$1" in + start) + echo -n "Starting WWW-proxy squid " + if /sbin/checkproc $SQUID_BIN ; then + echo -n "- Warning: squid already running ! " + rc_failed + else + [ -e $SQUID_PID ] && echo -n "- Warning: $SQUID_PID exists ! " + if [ -n "$SQUID_CACHE_DIR" -a -d "$SQUID_CACHE_DIR" ]; then + setup_squid_cache_dir "$SQUID_CACHE_DIR" + fi + fi + startproc -l /var/log/squid/rcsquid.log $SQUID_BIN "$SQUID_OPTS" + + # Remember status and be verbose + rc_status -v + ;; + stop) + echo -n "Shutting down WWW-proxy squid " + if /sbin/checkproc $SQUID_BIN ; then + $SQUID_BIN -k shutdown + sleep 2 + if [ -e $SQUID_PID ] ; then + echo -n "- wait a minute or two... " + i="$SQUID_S_T" + while [ -e $SQUID_PID ] && [ $i -gt 0 ] ; do + sleep 2 + i=$[$i-1] + echo -n "." + [ $i -eq 41 ] && echo + done + fi + if /sbin/checkproc $SQUID_BIN ; then + killproc -TERM $SQUID_BIN + echo -n " Warning: squid killed !" + fi + else + echo -n "- Warning: squid not running ! " + rc_failed 7 + fi + + # Remember status and be verbose + rc_status -v + ;; + try-restart) + $0 status >/dev/null && $0 restart + + # Remember status and be quiet + rc_status + ;; + restart) + $0 stop + $0 start + + # Remember status and be quiet + rc_status + ;; + force-reload) + $0 reload + + # Remember status and be quiet + rc_status + ;; + reload) + echo -n "Reloading WWW-proxy squid " + if /sbin/checkproc $SQUID_BIN ; then + $SQUID_BIN -k rotate + sleep 2 + $SQUID_BIN -k reconfigure + rc_status + else + echo -n "- Warning: squid not running ! " + rc_failed 7 + fi + + # Remember status and be verbose + rc_status -v + ;; + status) + echo -n "Checking for WWW-proxy squid " + ## Check status with checkproc(8), if process is running + ## checkproc will return with exit status 0. + + # Return value is slightly different for the status command: + # 0 - service up and running + # 1 - service dead, but /var/run/ pid file exists + # 2 - service dead, but /var/lock/ lock file exists + # 3 - service not running (unused) + # 4 - service status unknown :-( + # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) + + # NOTE: checkproc returns LSB compliant status values. + /sbin/checkproc $SQUID_BIN + + # Remember status and be verbose + rc_status -v + ;; + probe) + test $SQUID_CONF -nt $SQUID_PID && echo reload + ;; + *) + echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" + exit 1 + ;; +esac +rc_exit + diff --git a/squid.init.rh b/squid.init.rh new file mode 100644 index 0000000..15cb5b9 --- /dev/null +++ b/squid.init.rh @@ -0,0 +1,187 @@ +#!/bin/bash +# chkconfig: - 90 25 +# pidfile: /var/run/squid.pid +# config: /etc/squid/squid.conf +# +### BEGIN INIT INFO +# Provides: squid +# Short-Description: starting and stopping Squid Internet Object Cache +# Description: Squid - Internet Object Cache. Internet object caching is \ +# a way to store requested Internet objects (i.e., data available \ +# via the HTTP, FTP, and gopher protocols) on a system closer to the \ +# requesting site than to the source. Web browsers can then use the \ +# local Squid cache as a proxy HTTP server, reducing access time as \ +# well as bandwidth consumption. +### END INIT INFO + + +PATH=/usr/bin:/sbin:/bin:/usr/sbin +export PATH + +# Source function library. +. /etc/rc.d/init.d/functions + +# Source networking configuration. +. /etc/sysconfig/network + +if [ -f /etc/sysconfig/squid ]; then + . /etc/sysconfig/squid +fi + +# don't raise an error if the config file is incomplete +# set defaults instead: +SQUID_OPTS=${SQUID_OPTS:-""} +SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20} +SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100} +SQUID_CONF=${SQUID_CONF:-"/etc/squid/squid.conf"} +SQUID_PIDFILE_DIR="/var/run/squid" +SQUID_USER="squid" +SQUID_DIR="squid" + +# determine the name of the squid binary +[ -f /usr/sbin/squid ] && SQUID=squid + +prog="$SQUID" + +# determine which one is the cache_swap directory +CACHE_SWAP=`sed -e 's/#.*//g' $SQUID_CONF | \ + grep cache_dir | awk '{ print $3 }'` + +RETVAL=0 + +probe() { + # Check that networking is up. + [ ${NETWORKING} = "no" ] && exit 1 + + [ `id -u` -ne 0 ] && exit 4 + + # check if the squid conf file is present + [ -f $SQUID_CONF ] || exit 6 +} + +start() { + # Check if $SQUID_PIDFILE_DIR exists and if not, lets create it and give squid permissions. + if [ ! -d $SQUID_PIDFILE_DIR ] ; then mkdir $SQUID_PIDFILE_DIR ; chown -R $SQUID_USER.$SQUID_DIR $SQUID_PIDFILE_DIR; fi + probe + + parse=`$SQUID -k parse -f $SQUID_CONF 2>&1` + RETVAL=$? + if [ $RETVAL -ne 0 ]; then + echo -n $"Starting $prog: " + echo_failure + echo + echo "$parse" + return 1 + fi + for adir in $CACHE_SWAP; do + if [ ! -d $adir/00 ]; then + echo -n "init_cache_dir $adir... " + $SQUID -z -F -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1 + fi + done + echo -n $"Starting $prog: " + $SQUID $SQUID_OPTS -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1 + RETVAL=$? + if [ $RETVAL -eq 0 ]; then + timeout=0; + while : ; do + [ ! -f /var/run/squid.pid ] || break + if [ $timeout -ge $SQUID_PIDFILE_TIMEOUT ]; then + RETVAL=1 + break + fi + sleep 1 && echo -n "." + timeout=$((timeout+1)) + done + fi + [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$SQUID + [ $RETVAL -eq 0 ] && echo_success + [ $RETVAL -ne 0 ] && echo_failure + echo + return $RETVAL +} + +stop() { + echo -n $"Stopping $prog: " + $SQUID -k check -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1 + RETVAL=$? + if [ $RETVAL -eq 0 ] ; then + $SQUID -k shutdown -f $SQUID_CONF & + rm -f /var/lock/subsys/$SQUID + timeout=0 + while : ; do + [ -f /var/run/squid.pid ] || break + if [ $timeout -ge $SQUID_SHUTDOWN_TIMEOUT ]; then + echo + return 1 + fi + sleep 2 && echo -n "." + timeout=$((timeout+2)) + done + echo_success + echo + else + echo_failure + if [ ! -e /var/lock/subsys/$SQUID ]; then + RETVAL=0 + fi + echo + fi + rm -rf $SQUID_PIDFILE_DIR/* + return $RETVAL +} + +reload() { + $SQUID $SQUID_OPTS -k reconfigure -f $SQUID_CONF +} + +restart() { + stop + rm -rf $SQUID_PIDFILE_DIR/* + start +} + +condrestart() { + [ -e /var/lock/subsys/squid ] && restart || : +} + +rhstatus() { + status $SQUID && $SQUID -k check -f $SQUID_CONF +} + + +case "$1" in +start) + start + ;; + +stop) + stop + ;; + +reload|force-reload) + reload + ;; + +restart) + restart + ;; + +condrestart|try-restart) + condrestart + ;; + +status) + rhstatus + ;; + +probe) + probe + ;; + +*) + echo $"Usage: $0 {start|stop|status|reload|force-reload|restart|try-restart|probe}" + exit 2 +esac + +exit $? diff --git a/squid.permissions b/squid.permissions new file mode 100644 index 0000000..0be2caa --- /dev/null +++ b/squid.permissions @@ -0,0 +1,4 @@ +/var/cache/squid/ squid:root 750 +/var/log/squid/ squid:root 750 +#/usr/sbin/pinger root:squid 4750 +#/usr/sbin/basic_pam_auth root:shadow 2750 diff --git a/squid.spec b/squid.spec index 3238f34..e4e08fd 100644 --- a/squid.spec +++ b/squid.spec @@ -18,8 +18,9 @@ %define squidlibdir %{_libdir}/squid %define squidconfdir %{_sysconfdir}/squid + Name: squid -Version: 3.4.10 +Version: 3.4.11 Release: 0 Summary: A fully featured HTTP/1.0 proxy License: GPL-2.0+ @@ -27,13 +28,18 @@ Group: Productivity/Networking/Web/Proxy Url: http://www.squid-cache.org/Versions/v3/3.4 Source0: http://www.squid-cache.org/Versions/v3/3.4/%{name}-%{version}.tar.bz2 Source1: http://www.squid-cache.org/Versions/v3/3.4/%{name}-%{version}.tar.bz2.asc + +Source3: squid.init Source4: squid.sysconfig Source5: pam.squid Source6: unsquid.pl Source7: %{name}.logrotate +Source9: %{name}.permissions Source10: README.kerberos Source11: %{name}.service Source13: %{name}.keyring +Source14: squid.init.rh + # do not show some rpmlint warnings Source99: squid-rpmlintrc # some useful defaults for squid @@ -45,47 +51,89 @@ Patch101: %{name}-nobuilddates.patch Patch102: %{name}-compiled_without_RPM_OPT_FLAGS.patch # patch fixes kerberos principalname handling (http://bugs.squid-cache.org/show_bug.cgi?id=4042) Patch103: squid-brokenad.patch -BuildRequires: cyrus-sasl-devel + +BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: db-devel +# needed by bootstrap.sh +BuildRequires: cyrus-sasl-devel BuildRequires: ed BuildRequires: expat +# BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: krb5-devel BuildRequires: libcap-devel BuildRequires: libexpat-devel +%if 0%{?suse_version} <= 1140 +BuildRequires: libtool +%else BuildRequires: libtool >= 2.4 +%endif +%if 0%{?suse_version} < 1220 +BuildRequires: libxml2-devel +%else +BuildRequires: pkgconfig(libxml-2.0) +%endif BuildRequires: openldap2-devel BuildRequires: opensp-devel BuildRequires: openssl-devel BuildRequires: pam-devel BuildRequires: pkgconfig BuildRequires: sharutils -BuildRequires: systemd -BuildRequires: pkgconfig(libxml-2.0) -Requires: logrotate -Requires: sed + +%if 0%{?suse_version} Requires(post): %fillup_prereq -Requires(pre): %insserv_prereq Requires(pre): %{_bindir}/getent +%if 0%{?suse_version} < 1140 Requires(pre): permissions +%else +Requires(pre): permissions >= 2014.11 +%endif Requires(pre): pwdutils -Provides: %{name}3 = %{version} -Provides: http_proxy -Obsoletes: %{name}3 < %{version} -BuildRoot: %{_tmppath}/%{name}-%{version}-build +%else +Requires(pre): shadow-utils +Requires(post): /sbin/chkconfig +Requires(preun): /sbin/service /sbin/chkconfig +Requires(postun): /sbin/service +%endif + +%if 0%{?suse_version} > 1210 +BuildRequires: systemd %{?systemd_requires} +%define has_systemd 1 +%else +Requires(pre): %insserv_prereq +%endif + +Requires: logrotate +Provides: http_proxy + +# due to package rename +# Wed Aug 15 17:40:30 UTC 2012 +Provides: %{name}3 = %{version} +Obsoletes: %{name}3 < %{version} %description -Squid is a fully-featured HTTP/1.0 proxy which is almost a fully-featured -HTTP/1.1 proxy. Squid offers a rich access control, authorization and logging -environment to develop web proxy and content serving applications. -Squid offers a rich set of traffic optimization options, most of which are -enabled by default for simpler installation and high performance. +Squid is a fully-featured HTTP/1.0 proxy which is almost (but not quite - we're getting there!) a fully-featured HTTP/1.1 proxy. Squid offers a rich access control, authorization and logging environment to develop web proxy and content serving applications. Squid offers a rich set of traffic optimization options, most of which are enabled by default for simpler installation and high performance. + +Squid 3.4 represents a new feature release above 3.3. + +The most important of these new features are: + + * Helper protocol extensions + * SSL Server Certificate Validator + * Store-ID + * TPROXY Support for OpenBSD 5.1+ and FreeBSD 9+ + * Transaction Annotations + * Multicast DNS %prep +#setup -q -n %{name}-%{version}%{snap} %setup -q cp %{SOURCE10} . +# upstream patches after RELEASE +# +##### other patches %patch100 perl -p -i -e 's|%{_prefix}/local/bin/perl|%{_bindir}/perl|' `find -name "*.pl"` chmod a-x CREDITS @@ -104,8 +152,15 @@ export LDFLAGS='-Wl,-z,relro,-z,now -pie' --datadir=%{_datadir}/squid \ --sharedstatedir=%{_localstatedir}/squid \ --with-logdir=%{_localstatedir}/log/squid \ +%if 0%{?has_systemd} --with-pidfile=/run/squid.pid \ +%else + --with-pidfile=%{_localstatedir}/run/squid.pid \ +%endif --with-dl \ +%if 0%{?suse_version} <= 1140 + --with-included-ltdl \ +%endif --enable-disk-io \ --enable-storeio \ --enable-removal-policies=heap,lru \ @@ -136,7 +191,7 @@ export LDFLAGS='-Wl,-z,relro,-z,now -pie' --with-default-user=%{name} \ --disable-ident-lookups \ --enable-follow-x-forwarded-for \ - --disable-arch-native + --disable-arch-native # overwrite the number of open filedescriptors of configure to 4096 # to be backward compatible, but numbers above should not be overwritten @@ -162,6 +217,11 @@ make install DESTDIR=%{buildroot} SAMBAPREFIX=/usr mv %{buildroot}{%{_sysconfdir}/%{name}/,%{_datadir}/%{name}/}mime.conf.default ln -s %{_sysconfdir}/%{name}/mime.conf %{buildroot}%{_datadir}/%{name} # backward compatible +%if 0%{?suse_version} < 1140 +# permissions file +install -D -m 644 %{SOURCE9} %{buildroot}%{_sysconfdir}/permissions.d/%{name} +%endif + # install logrotate file install -D -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} @@ -187,40 +247,73 @@ for i in errors/*; do done ln -sf %{_datadir}/%{name}/errors/de %{buildroot}%{squidconfdir}/errors -# systemd service -install -D -m 644 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}.service -ln -sf service %{buildroot}%{_sbindir}/rc%{name} -install -D -m644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name} - # fix file duplicates +%if 0%{?suse_version} > 1030 %fdupes -s %{buildroot}%{_prefix} +%endif +%if 0%{?fedora_version} > 8 +fdupes -q -n -r %{buildroot}%{_prefix} +%endif + +# systemd vs SysVinit +%if 0%{?has_systemd} + install -D -m 644 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}.service + ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} +%else # SysVinit + # fix postrotate script for SysVinit + sed -i -re 's@/usr/bin/systemctl.*@/etc/init.d/squid reload@g' %{buildroot}%{_sysconfdir}/logrotate.d/%{name} + %if 0%{?suse_version} + install -D %{SOURCE3} %{buildroot}%{_sysconfdir}/init.d/%{name} + ln -sf %{_sysconfdir}/init.d/%{name} %{buildroot}%{_sbindir}/rc%{name} + %else # lets just assume other are rh based ones... + install -D %{SOURCE14} %{buildroot}%{_sysconfdir}/init.d/%{name} + %endif +%endif +%if 0%{?suse_version} + install -D -m644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name} +%else + install -D -m644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/%{name} +%endif %pre # we need this group for /usr/sbin/pinger -if [ -z "`%{_bindir}/getent group %{name} 2>/dev/null`" ]; then +if [[ -z $(%{_bindir}/getent group %{name} 2>/dev/null) ]]; then %{_sbindir}/groupadd -g 31 -r %{name} 2>/dev/null fi # we need this group for squid (ntlmauth) # read access to /var/lib/samba/winbindd_privileged -if [ -z "`%{_bindir}/getent group winbind 2>/dev/null`" ]; then +if [[ -z $(%{_bindir}/getent group winbind 2>/dev/null) ]]; then %{_sbindir}/groupadd -r winbind 2>/dev/null fi -if [ -z "`%{_bindir}/getent passwd squid 2>/dev/null`" ]; then +if [[ -z $(%{_bindir}/getent passwd squid 2>/dev/null) ]]; then %{_sbindir}/useradd -c "WWW-proxy squid" -d %{_localstatedir}/cache/%{name} \ -G winbind -g %{name} -o -u 31 -r -s /bin/false \ %{name} 2>/dev/null fi +# if default group is not squid, change it +if [[ "$(%{_bindir}/id -ng %{name} 2>/dev/null)" != "%{name}" ]]; then + %{_sbindir}/usermod -g %{name} %{name} 2>/dev/null +fi # if squid is not member of winbind, add him -if [ `%{_bindir}/id -nG %{name} 2>/dev/null | grep -q winbind >/dev/null; echo $?` -ne 0 ]; then +if [[ $(%{_bindir}/id -nG %{name} 2>/dev/null | grep -q winbind >/dev/null; echo $?) -ne 0 ]]; then %{_sbindir}/usermod -G winbind %{name} 2>/dev/null fi + +%if 0%{?has_systemd} %service_add_pre %{name}.service +%endif %post -%set_permissions %{_sbindir}/pinger +%if 0%{?suse_version} >= 1140 + %if 0%{?set_permissions:1} %set_permissions %{_sbindir}/basic_pam_auth +%set_permissions %{_sbindir}/pinger %set_permissions %{_localstatedir}/cache/squid/ %set_permissions %{_localstatedir}/log/squid/ + %else +%run_permissions + %endif +%endif # update mode? if [ "$1" -gt "1" ]; then if [ -e etc/%{name}.conf -a ! -L etc/%{name}.conf -a ! -e etc/%{name}/%{name}.conf ]; then @@ -230,20 +323,53 @@ if [ "$1" -gt "1" ]; then # default group changed from nogroup to squid %{_sbindir}/usermod -g %{name} %{name} fi -%fillup_only + +%if 0%{?has_systemd} %service_add_post squid.service +%else + %if 0%{?suse_version} +%{fillup_and_insserv -n "squid"} + %else + /sbin/chkconfig --add squid + %endif +%endif %preun +%if 0%{?has_systemd} %service_del_preun squid.service +%else + %if 0%{?suse_version} +%stop_on_removal squid + %else + if [ $1 = 0 ] ; then + service squid stop >/dev/null 2>&1 + rm -f /var/log/squid/* + /sbin/chkconfig --del squid + fi + %endif +%endif +%if 0%{?suse_version} %verifyscript %verify_permissions -e %{_sbindir}/basic_pam_auth %verify_permissions -e %{_sbindir}/pinger %verify_permissions -e %{_localstatedir}/cache/squid/ %verify_permissions -e %{_localstatedir}/log/squid/ +%endif %postun +%if 0%{?has_systemd} %service_del_postun squid.service +%else + %if 0%{?suse_version} +%restart_on_update squid +%insserv_cleanup + %else + if [ "$1" -ge "1" ] ; then + service squid condrestart >/dev/null 2>&1 + fi + %endif +%endif %files %defattr(-,root,root) @@ -253,7 +379,11 @@ fi %doc doc/contrib doc/scripts %doc doc/debug-sections.txt src/%{name}.conf.default %doc %{_mandir}/man?/* +%if 0%{?has_systemd} %{_unitdir}/%{name}.service +%else +%{_sysconfdir}/init.d/%{name} +%endif %verify(not user group mode) %attr(750,%{name},root) %dir %{_localstatedir}/cache/%{name}/ %verify(not user group mode) %attr(750,%{name},root) %dir %{_localstatedir}/log/%{name}/ %dir %{squidconfdir} @@ -270,6 +400,9 @@ fi %config %{squidconfdir}/%{name}.conf.default %config %{squidconfdir}/%{name}.conf.documented %config %{_sysconfdir}/pam.d/%{name} +%if 0%{?suse_version} < 1140 +%config %{_sysconfdir}/permissions.d/%{name} +%endif %dir %{_datadir}/%{name} %{_datadir}/%{name}/errors %{_datadir}/%{name}/icons @@ -286,7 +419,11 @@ fi %{_sbindir}/basic_msnt_multi_domain_auth %{_sbindir}/basic_ncsa_auth %{_sbindir}/basic_nis_auth +%if 0%{?suse_version} < 1140 +%{_sbindir}/basic_pam_auth +%else %verify(not mode) %attr(2750,root,shadow) %{_sbindir}/basic_pam_auth +%endif %{_sbindir}/basic_pop3_auth %{_sbindir}/basic_radius_auth %{_sbindir}/basic_sasl_auth @@ -294,6 +431,7 @@ fi %{_sbindir}/basic_smb_auth.sh %{_sbindir}/cert_tool %{_sbindir}/cert_valid.pl +#{_sbindir}/digest_edirectory_auth %{_sbindir}/digest_file_auth %{_sbindir}/digest_ldap_auth %{_sbindir}/diskd @@ -312,15 +450,24 @@ fi %{_sbindir}/negotiate_wrapper_auth %{_sbindir}/ntlm_fake_auth %{_sbindir}/ntlm_smb_lm_auth -%verify(not user group mode caps) %attr(750,root,squid) %{_sbindir}/pinger +# not working %%caps(cap_net_raw=ep) +%if 0%{?suse_version} < 1140 +%attr(0750,root,squid) %{_sbindir}/pinger +%else +%verify(not user group mode caps) %attr(0750,root,squid) %{_sbindir}/pinger +%endif %{_sbindir}/%{name} %{_sbindir}/ssl_crtd %{_sbindir}/storeid_file_rewrite %{_sbindir}/unlinkd %{_sbindir}/url_fake_rewrite %{_sbindir}/url_fake_rewrite.sh +%if 0%{?suse_version} %{_sbindir}/rc%{name} %{_localstatedir}/adm/fillup-templates/sysconfig.%{name} +%else +%{_sysconfdir}/sysconfig/%{name} +%endif %dir %{_libdir}/%{name} %{_libdir}/%{name}/cachemgr.cgi