- Packaging cleanup

- Dropped:
  * squid-brokenad.patch
  * squid-config.patch
  * squid.init squid.init.rh
  * squid-old-kerberos.patch
- Update description and url

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=126
This commit is contained in:
Martin Pluskal 2017-06-19 08:28:16 +00:00 committed by Git OBS Bridge
parent 3357c26b36
commit acbbe22233
7 changed files with 18 additions and 564 deletions

View File

@ -1,106 +0,0 @@
Index: helpers/external_acl/kerberos_ldap_group/support_krb5.cc
===================================================================
--- helpers/external_acl/kerberos_ldap_group/support_krb5.cc.orig
+++ helpers/external_acl/kerberos_ldap_group/support_krb5.cc
@@ -81,7 +81,7 @@ k5_error(const char* msg, krb5_error_cod
* create Kerberos memory cache
*/
int
-krb5_create_cache(char *domain)
+krb5_create_cache(struct main_args *margs, char *domain)
{
krb5_keytab keytab = 0;
@@ -178,8 +178,17 @@ krb5_create_cache(char *domain)
if (code) {
k5_error("Error while unparsing principal name",code);
} else {
- debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name);
- found = 1;
+ if (margs->brokenad == 1) {
+ if (strncmp(principal_name,"HTTP/",strlen("HTTP/")) != 0){
+ debug((char *) "%s| %s: DEBUG: Found principal without 'HTTP/' service name: %s NOT USING IT\n", LogTime(), PROGRAM, principal_name);
+ } else {
+ debug((char *) "%s| %s: DEBUG: Found principal with 'HTTP/' service name: %s\n", LogTime(), PROGRAM, principal_name);
+ found = 1;
+ }
+ } else {
+ debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name);
+ found = 1;
+ }
}
}
#if USE_HEIMDAL_KRB5 || ( HAVE_KRB5_KT_FREE_ENTRY && HAVE_DECL_KRB5_KT_FREE_ENTRY )
Index: helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc
===================================================================
--- helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc.orig
+++ helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc
@@ -61,6 +61,7 @@ init_args(struct main_args *margs)
margs->rc_allow = 0;
margs->AD = 0;
margs->mdepth = 5;
+ margs->brokenad = 0;
margs->ddomain = NULL;
margs->groups = NULL;
margs->ndoms = NULL;
@@ -179,7 +180,7 @@ main(int argc, char *const argv[])
init_args(&margs);
- while (-1 != (opt = getopt(argc, argv, "diasg:D:N:S:u:U:t:T:p:l:b:m:h"))) {
+ while (-1 != (opt = getopt(argc, argv, "diasxg:D:N:S:u:U:t:T:p:l:b:m:h"))) {
switch (opt) {
case 'd':
debug_enabled = 1;
@@ -231,6 +232,9 @@ main(int argc, char *const argv[])
case 'S':
margs.llist = xstrdup(optarg);
break;
+ case 'x':
+ margs.brokenad = 1;
+ break;
case 'h':
fprintf(stderr, "Usage: \n");
fprintf(stderr, "squid_kerb_ldap [-d] [-i] -g group list [-D domain] [-N netbios domain map] [-s] [-u ldap user] [-p ldap user password] [-l ldap url] [-b ldap bind path] [-a] [-m max depth] [-h]\n");
@@ -247,6 +251,7 @@ main(int argc, char *const argv[])
fprintf(stderr, "-l ldap url\n");
fprintf(stderr, "-b ldap bind path\n");
fprintf(stderr, "-s use SSL encryption with Kerberos authentication\n");
+ fprintf(stderr, "-x force use of HTTP/ principal on MS AD 2008\n");
fprintf(stderr, "-a allow SSL without cert verification\n");
fprintf(stderr, "-m maximal depth for recursive searches\n");
fprintf(stderr, "-h help\n");
Index: helpers/external_acl/kerberos_ldap_group/support.h
===================================================================
--- helpers/external_acl/kerberos_ldap_group/support.h.orig
+++ helpers/external_acl/kerberos_ldap_group/support.h
@@ -105,6 +105,7 @@ struct main_args {
int rc_allow;
int AD;
int mdepth;
+ int brokenad;
char *ddomain;
struct gdstruct *groups;
struct ndstruct *ndoms;
@@ -164,7 +165,7 @@ int create_nd(struct main_args *margs);
int create_ls(struct main_args *margs);
#ifdef HAVE_KRB5
-int krb5_create_cache(char *domain);
+int krb5_create_cache(struct main_args *margs, char *domain);
void krb5_cleanup(void);
#endif
Index: helpers/external_acl/kerberos_ldap_group/support_ldap.cc
===================================================================
--- helpers/external_acl/kerberos_ldap_group/support_ldap.cc.orig
+++ helpers/external_acl/kerberos_ldap_group/support_ldap.cc
@@ -898,7 +898,7 @@ get_memberof(struct main_args *margs, ch
debug((char *) "%s| %s: DEBUG: Setup Kerberos credential cache\n", LogTime(), PROGRAM);
#if HAVE_KRB5
- kc = krb5_create_cache(domain);
+ kc = krb5_create_cache(margs,domain);
if (kc) {
error((char *) "%s| %s: ERROR: Error during setup of Kerberos credential cache\n", LogTime(), PROGRAM);
}

View File

@ -1,42 +0,0 @@
Index: src/cf.data.pre
===================================================================
--- src/cf.data.pre.orig
+++ src/cf.data.pre
@@ -1464,6 +1464,8 @@ http_access deny manager
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
+
+# Allow localhost always proxy functionality
http_access allow localhost
# And finally deny all other access to this proxy
@@ -3769,6 +3771,10 @@ DOC_START
Instead, if you want Squid to use the entire disk drive,
subtract 20% and use that value.
+ Note on 'Mbytes': You need to consider the available RAM on the
+ machine versus the approx. 10MB RAM per 1GB of files which the
+ cache_dir index will consume.
+
'L1' is the number of first-level subdirectories which
will be created under the 'Directory'. The default is 16.
@@ -3887,7 +3893,7 @@ DOC_START
NOCOMMENT_START
# Uncomment and adjust the following to add a disk cache directory.
-#cache_dir ufs @DEFAULT_SWAP_DIR@ 100 16 256
+#cache_dir aufs @DEFAULT_SWAP_DIR@ 100 16 256
NOCOMMENT_END
DOC_END
@@ -4584,7 +4590,7 @@ DOC_END
NAME: logfile_rotate
TYPE: int
-DEFAULT: 10
+DEFAULT: 0
LOC: Config.Log.rotateNumber
DOC_START
Specifies the number of logfile rotations to make when you

View File

@ -1,16 +0,0 @@
Index: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc
===================================================================
--- helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc.orig
+++ helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc
@@ -535,7 +535,11 @@ main(int argc, char *const argv[])
keytab_name_env = getenv("KRB5_KTNAME");
if (!keytab_name_env) {
ret = krb5_init_context(&context);
+#if HAVE_PAC_SUPPORT || HAVE_KRB5_MEMORY_KEYTAB
if (!check_k5_err(context, "krb5_init_context", ret)) {
+#else
+ if (0 == ret) { // no error continue...
+#endif
krb5_kt_default_name(context, default_keytab, MAXPATHLEN);
}
keytab_name = xstrdup(default_keytab);

View File

@ -1,7 +1,13 @@
-------------------------------------------------------------------
Fri Jun 16 07:06:54 UTC 2017 - mpluskal@suse.com
Mon Jun 19 08:20:52 UTC 2017 - mpluskal@suse.com
- Update description
- Packaging cleanup
- Dropped:
* squid-brokenad.patch
* squid-config.patch
* squid.init squid.init.rh
* squid-old-kerberos.patch
- Update description and url
-------------------------------------------------------------------
Wed Jun 14 08:54:53 UTC 2017 - adam.majer@suse.de

View File

@ -1,201 +0,0 @@
#!/bin/sh
# Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH
# Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH
# Copyright (c) 2002 SuSE Linux AG
#
# Author: Frank Bodammer, Peter Poeml, Klaus Singvogel <feedback@suse.de>
#
# /etc/init.d/squid
# and its symbolic link
# /(usr/)sbin/rcsquid
#
### BEGIN INIT INFO
# Provides: squid
# Required-Start: $local_fs $remote_fs $network $time
# Should-Start: apache $named winbind
# Required-Stop: $local_fs $remote_fs $network $time
# Should-Stop: apache $named winbind
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Short-Description: Squid web cache
# Description: Start the Squid web cache, providing
# HTTP, FTP and other proxy services
### END INIT INFO
#
# Note on runlevels:
# 0 - halt/poweroff 6 - reboot
# 1 - single user 2 - multiuser without network exported
# 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm)
# Check for missing binaries (stale symlinks should not happen)
# Note: Special treatment of stop for LSB conformance
SQUID_BIN=/usr/sbin/squid
test -x $SQUID_BIN || { echo "$SQUID_BIN not installed";
if [ "$1" = "stop" ]; then exit 0;
else exit 5; fi; }
# Check for existence of needed config file and read it
SQUID_SYSCONFIG=/etc/sysconfig/squid
test -r $SQUID_SYSCONFIG || { echo "$SQUID_SYSCONFIG not existing";
if [ "$1" = "stop" ]; then exit 0;
else exit 6; fi; }
# Read config
. $SQUID_SYSCONFIG
SQUID_PID=/var/run/squid.pid
SQUID_CONF=/etc/squid/squid.conf
SQUID_S_T=${SQUID_SHUTDOWN_TIMEOUT:="60"}
SQUID_OPTS=${SQUID_START_OPTIONS:="-sY"}
SQUID_ULIMIT=${SQUID_DEFAULT_ULIMT:="4096"}
# determine which one is the cache_swap directory
SQUID_CACHE_DIR=$(perl -n -e \
'/^cache_dir\s+\S+\s+(.*)\s+\d+\s+\d+\s+\d+/ && print "$1"' $SQUID_CONF)
ulimit -n "$SQUID_ULIMIT"
#IN: $SQUID_CACHE_DIR
setup_squid_cache_dir(){
for adir in "$1" ; do
if [ ! -d $adir/00 ]; then # create missing cache directories
umask 027 # prevent users reading any cache data
echo -n " ($adir)"
$SQUID_BIN -z -F > /dev/null 2>&1
fi
if [ ! -d $adir/00 ]; then
echo " - failed while creating cache_dir ! "
rc_failed
rc_status -v
rc_exit
fi
done
sleep 2
}
# Shell functions sourced from /etc/rc.status:
# rc_check check and set local and overall rc status
# rc_status check and set local and overall rc status
# rc_status -v be verbose in local rc status and clear it afterwards
# rc_status -v -r ditto and clear both the local and overall rc status
# rc_status -s display "skipped" and exit with status 3
# rc_status -u display "unused" and exit with status 3
# rc_failed set local and overall rc status to failed
# rc_failed <num> set local and overall rc status to <num>
# rc_reset clear both the local and overall rc status
# rc_exit exit appropriate to overall rc status
# rc_active checks whether a service is activated by symlinks
. /etc/rc.status
# Reset status of this service
rc_reset
case "$1" in
start)
echo -n "Starting WWW-proxy squid "
if /sbin/checkproc $SQUID_BIN ; then
echo -n "- Warning: squid already running ! "
rc_failed
else
[ -e $SQUID_PID ] && echo -n "- Warning: $SQUID_PID exists ! "
if [ -n "$SQUID_CACHE_DIR" -a -d "$SQUID_CACHE_DIR" ]; then
setup_squid_cache_dir "$SQUID_CACHE_DIR"
fi
fi
startproc -l /var/log/squid/rcsquid.log $SQUID_BIN "$SQUID_OPTS"
# Remember status and be verbose
rc_status -v
;;
stop)
echo -n "Shutting down WWW-proxy squid "
if /sbin/checkproc $SQUID_BIN ; then
$SQUID_BIN -k shutdown
sleep 2
if [ -e $SQUID_PID ] ; then
echo -n "- wait a minute or two... "
i="$SQUID_S_T"
while [ -e $SQUID_PID ] && [ $i -gt 0 ] ; do
sleep 2
i=$[$i-1]
echo -n "."
[ $i -eq 41 ] && echo
done
fi
if /sbin/checkproc $SQUID_BIN ; then
killproc -TERM $SQUID_BIN
echo -n " Warning: squid killed !"
fi
else
echo -n "- Warning: squid not running ! "
rc_failed 7
fi
# Remember status and be verbose
rc_status -v
;;
try-restart)
$0 status >/dev/null && $0 restart
# Remember status and be quiet
rc_status
;;
restart)
$0 stop
$0 start
# Remember status and be quiet
rc_status
;;
force-reload)
$0 reload
# Remember status and be quiet
rc_status
;;
reload)
echo -n "Reloading WWW-proxy squid "
if /sbin/checkproc $SQUID_BIN ; then
$SQUID_BIN -k rotate
sleep 2
$SQUID_BIN -k reconfigure
rc_status
else
echo -n "- Warning: squid not running ! "
rc_failed 7
fi
# Remember status and be verbose
rc_status -v
;;
status)
echo -n "Checking for WWW-proxy squid "
## Check status with checkproc(8), if process is running
## checkproc will return with exit status 0.
# Return value is slightly different for the status command:
# 0 - service up and running
# 1 - service dead, but /var/run/ pid file exists
# 2 - service dead, but /var/lock/ lock file exists
# 3 - service not running (unused)
# 4 - service status unknown :-(
# 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
# NOTE: checkproc returns LSB compliant status values.
/sbin/checkproc $SQUID_BIN
# Remember status and be verbose
rc_status -v
;;
probe)
test $SQUID_CONF -nt $SQUID_PID && echo reload
;;
*)
echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
exit 1
;;
esac
rc_exit

View File

@ -1,187 +0,0 @@
#!/bin/bash
# chkconfig: - 90 25
# pidfile: /var/run/squid.pid
# config: /etc/squid/squid.conf
#
### BEGIN INIT INFO
# Provides: squid
# Short-Description: starting and stopping Squid Internet Object Cache
# Description: Squid - Internet Object Cache. Internet object caching is \
# a way to store requested Internet objects (i.e., data available \
# via the HTTP, FTP, and gopher protocols) on a system closer to the \
# requesting site than to the source. Web browsers can then use the \
# local Squid cache as a proxy HTTP server, reducing access time as \
# well as bandwidth consumption.
### END INIT INFO
PATH=/usr/bin:/sbin:/bin:/usr/sbin
export PATH
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
if [ -f /etc/sysconfig/squid ]; then
. /etc/sysconfig/squid
fi
# don't raise an error if the config file is incomplete
# set defaults instead:
SQUID_OPTS=${SQUID_OPTS:-""}
SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20}
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}
SQUID_CONF=${SQUID_CONF:-"/etc/squid/squid.conf"}
SQUID_PIDFILE_DIR="/var/run/squid"
SQUID_USER="squid"
SQUID_DIR="squid"
# determine the name of the squid binary
[ -f /usr/sbin/squid ] && SQUID=squid
prog="$SQUID"
# determine which one is the cache_swap directory
CACHE_SWAP=`sed -e 's/#.*//g' $SQUID_CONF | \
grep cache_dir | awk '{ print $3 }'`
RETVAL=0
probe() {
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 1
[ `id -u` -ne 0 ] && exit 4
# check if the squid conf file is present
[ -f $SQUID_CONF ] || exit 6
}
start() {
# Check if $SQUID_PIDFILE_DIR exists and if not, lets create it and give squid permissions.
if [ ! -d $SQUID_PIDFILE_DIR ] ; then mkdir $SQUID_PIDFILE_DIR ; chown -R $SQUID_USER.$SQUID_DIR $SQUID_PIDFILE_DIR; fi
probe
parse=`$SQUID -k parse -f $SQUID_CONF 2>&1`
RETVAL=$?
if [ $RETVAL -ne 0 ]; then
echo -n $"Starting $prog: "
echo_failure
echo
echo "$parse"
return 1
fi
for adir in $CACHE_SWAP; do
if [ ! -d $adir/00 ]; then
echo -n "init_cache_dir $adir... "
$SQUID -z -F -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1
fi
done
echo -n $"Starting $prog: "
$SQUID $SQUID_OPTS -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
timeout=0;
while : ; do
[ ! -f /var/run/squid.pid ] || break
if [ $timeout -ge $SQUID_PIDFILE_TIMEOUT ]; then
RETVAL=1
break
fi
sleep 1 && echo -n "."
timeout=$((timeout+1))
done
fi
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$SQUID
[ $RETVAL -eq 0 ] && echo_success
[ $RETVAL -ne 0 ] && echo_failure
echo
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
$SQUID -k check -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ] ; then
$SQUID -k shutdown -f $SQUID_CONF &
rm -f /var/lock/subsys/$SQUID
timeout=0
while : ; do
[ -f /var/run/squid.pid ] || break
if [ $timeout -ge $SQUID_SHUTDOWN_TIMEOUT ]; then
echo
return 1
fi
sleep 2 && echo -n "."
timeout=$((timeout+2))
done
echo_success
echo
else
echo_failure
if [ ! -e /var/lock/subsys/$SQUID ]; then
RETVAL=0
fi
echo
fi
rm -rf $SQUID_PIDFILE_DIR/*
return $RETVAL
}
reload() {
$SQUID $SQUID_OPTS -k reconfigure -f $SQUID_CONF
}
restart() {
stop
rm -rf $SQUID_PIDFILE_DIR/*
start
}
condrestart() {
[ -e /var/lock/subsys/squid ] && restart || :
}
rhstatus() {
status $SQUID && $SQUID -k check -f $SQUID_CONF
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload|force-reload)
reload
;;
restart)
restart
;;
condrestart|try-restart)
condrestart
;;
status)
rhstatus
;;
probe)
probe
;;
*)
echo $"Usage: $0 {start|stop|status|reload|force-reload|restart|try-restart|probe}"
exit 2
esac
exit $?

View File

@ -27,7 +27,6 @@ Group: Productivity/Networking/Web/Proxy
Url: http://www.squid-cache.org
Source0: http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz
Source1: http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz.asc
Source3: squid.init
Source4: squid.sysconfig
Source5: pam.squid
Source6: unsquid.pl
@ -36,7 +35,6 @@ Source9: %{name}.permissions
Source10: README.kerberos
Source11: %{name}.service
Source13: %{name}.keyring
Source14: squid.init.rh
Source15: cache_dir.sed
Source16: initialize_cache_if_needed.sh
BuildRequires: cppunit-devel
@ -64,6 +62,7 @@ BuildRequires: pkgconfig(libxml-2.0)
Requires: logrotate
Requires(post): %fillup_prereq
Requires(pre): permissions
Requires(pre): shadow
Provides: http_proxy
# due to package rename
# Wed Aug 15 17:40:30 UTC 2012
@ -137,26 +136,27 @@ install -d -m 750 %{buildroot}%{_localstatedir}/{cache,log}/%{name}
install -d %{buildroot}%{_prefix}/sbin
# make_install
make install DESTDIR=%{buildroot} SAMBAPREFIX=%{_prefix}
%make_install SAMBAPREFIX=%{_prefix}
mv %{buildroot}{%{_sysconfdir}/%{name}/,%{_datadir}/%{name}/}mime.conf.default
ln -s %{_sysconfdir}/%{name}/mime.conf %{buildroot}%{_datadir}/%{name} # backward compatible
# install logrotate file
install -D -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
install -Dpm 644 %{SOURCE7} \
%{buildroot}%{_sysconfdir}/logrotate.d/%{name}
install -d -m 755 doc/scripts
install scripts/*.pl doc/scripts
cat > doc/scripts/cachemgr.readme <<-EOT
cachemgr.cgi will now be found in %{_libdir}/%{name}
EOT
install -d -m 755 %{buildroot}/%{_libdir}/%{name}
install -dpm 755 %{buildroot}/%{_libdir}/%{name}
mv %{buildroot}%{_sbindir}/cachemgr.cgi %{buildroot}/%{_libdir}/%{name}
install -d -m 755 doc/contrib
install -dpm 755 doc/contrib
install %{SOURCE6} doc/contrib
install -D -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pam.d/%{name}
install -D -m 644 ./helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 %{buildroot}%{_mandir}/man8/ext_kerberos_ldap_group_acl.8
install -Dpm 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pam.d/%{name}
install -Dpm 644 ./helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 %{buildroot}%{_mandir}/man8/ext_kerberos_ldap_group_acl.8
rm -rf %{buildroot}%{squidconfdir}/errors
for i in errors/*; do
@ -170,13 +170,13 @@ ln -sf %{_datadir}/%{name}/errors/de %{buildroot}%{squidconfdir}/errors
# fix file duplicates
%fdupes -s %{buildroot}%{_prefix}
# systemd vs SysVinit
# systemd
install -D -m 644 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}.service
install -D -m 755 %{SOURCE15} %{buildroot}%{squidlibdir}/cache_dir.sed
install -D -m 755 %{SOURCE16} %{buildroot}%{squidlibdir}/initialize_cache_if_needed.sh
sed -i -e 's!%%{_libdir}!%{_libdir}!' %{buildroot}%{_unitdir}/%{name}.service
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
install -D -m644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
install -Dpm 644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
# Move the MIB definition to the proper place (and name)
mkdir -p %{buildroot}%{_datadir}/snmp/mibs