From 53be975248a6d6c143cb81b03565f2c3a2ab997758740b00a194424a666be172 Mon Sep 17 00:00:00 2001 From: Martin Pluskal Date: Wed, 19 Feb 2020 08:58:35 +0000 Subject: [PATCH] Accepting request 776203 from home:kukuk:container - Use sysusers instead of shadow to create squid user and groups - Don't hard require systemd OBS-URL: https://build.opensuse.org/request/show/776203 OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=204 --- squid-user.conf | 4 ++++ squid.changes | 6 ++++++ squid.spec | 32 ++++++++++++-------------------- 3 files changed, 22 insertions(+), 20 deletions(-) create mode 100644 squid-user.conf diff --git a/squid-user.conf b/squid-user.conf new file mode 100644 index 0000000..5ad331b --- /dev/null +++ b/squid-user.conf @@ -0,0 +1,4 @@ +# Type Name ID GECOS [HOME] +u squid - "WWW-proxy squid" /var/cache/squid +g winbind - - +m squid winbind diff --git a/squid.changes b/squid.changes index a3649d6..f1b19dc 100644 --- a/squid.changes +++ b/squid.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Feb 18 15:46:02 CET 2020 - kukuk@suse.de + +- Use sysusers instead of shadow to create squid user and groups +- Don't hard require systemd + ------------------------------------------------------------------- Wed Feb 5 09:57:59 UTC 2020 - Adam Majer diff --git a/squid.spec b/squid.spec index 6baab1a..e0f764a 100644 --- a/squid.spec +++ b/squid.spec @@ -33,6 +33,7 @@ Source7: %{name}.logrotate Source9: %{name}.permissions Source10: README.kerberos Source11: %{name}.service +Source12: %{name}-user.conf # http://lists.squid-cache.org/pipermail/squid-announce/2016-October/000064.html Source13: http://www.squid-cache.org/pgp.asc#/squid.keyring Source15: cache_dir.sed @@ -55,6 +56,8 @@ BuildRequires: pam-devel BuildRequires: pkgconfig BuildRequires: samba-winbind BuildRequires: sharutils +BuildRequires: sysuser-shadow +BuildRequires: sysuser-tools BuildRequires: pkgconfig(expat) BuildRequires: pkgconfig(gssrpc) BuildRequires: pkgconfig(kdb) @@ -64,16 +67,16 @@ BuildRequires: pkgconfig(libxml-2.0) BuildRequires: pkgconfig(nettle) Requires: logrotate Requires(pre): permissions -Requires(pre): shadow Provides: http_proxy # due to package rename # Wed Aug 15 17:40:30 UTC 2012 Provides: %{name}3 = %{version} Obsoletes: %{name}3 < %{version} -%{?systemd_requires} +%{?systemd_ordering} %if 0%{?suse_version} >= 1330 BuildRequires: libnsl-devel %endif +%sysusers_requires %description Squid is a caching proxy for the Web supporting HTTP(S), FTP, and @@ -142,6 +145,7 @@ export LDFLAGS="-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro,-z,now -pie" --enable-security-cert-generators \ --enable-security-cert-validators make SAMBAPREFIX=%{_prefix} %{?_smp_mflags} +%sysusers_generate_pre %{SOURCE12} squid %install install -d -m 750 %{buildroot}%{_localstatedir}/{cache,log}/%{name} @@ -197,28 +201,15 @@ mkdir -p %{buildroot}%{_datadir}/snmp/mibs mv %{buildroot}%{_datadir}/squid/mib.txt \ %{buildroot}%{_datadir}/snmp/mibs/SQUID-MIB.txt +# Install sysusers file. +mkdir -p %{buildroot}%{_sysusersdir} +install -m 644 %{SOURCE12} %{buildroot}%{_sysusersdir}/ + %check # Fails in chroot environment make %{?_smp_mflags} check -%pre -# we need this group for /usr/sbin/pinger -getent group %{name} >/dev/null || %{_sbindir}/groupadd -g 31 -r %{name} -# we need this group for squid (ntlmauth) -# read access to /var/lib/samba/winbindd_privileged -getent group winbind >/dev/null || %{_sbindir}/groupadd -r winbind -getent passwd squid >/dev/null || \ - %{_sbindir}/useradd -c "WWW-proxy squid" -d %{_localstatedir}/cache/%{name} \ - -G winbind -g %{name} -o -u 31 -r -s /bin/false \ - %{name} -# if default group is not squid, change it -if [ "$(%{_bindir}/id -ng %{name} 2>/dev/null)" != "%{name}" ]; then - %{_sbindir}/usermod -g %{name} %{name} -fi -# if squid is not member of winbind, add him -if [ $(%{_bindir}/id -nG %{name} 2>/dev/null | grep -q winbind; echo $?) -ne 0 ]; then - %{_sbindir}/usermod -G winbind %{name} -fi +%pre -f squid.pre %service_add_pre %{name}.service # update mode? @@ -265,6 +256,7 @@ fi %dir %{squidconfdir} %dir %{_tmpfilesdir} %{_tmpfilesdir}/squid.conf +%{_sysusersdir}/squid-user.conf %config(noreplace) %{squidconfdir}/cachemgr.conf %config(noreplace) %{squidconfdir}/errorpage.css %config(noreplace) %{squidconfdir}/errors