Accepting request 504589 from server:proxy
- Packaging cleanup - Dropped: * squid-brokenad.patch * squid-config.patch * squid.init squid.init.rh * squid-old-kerberos.patch * squid-rpmlintrc - Update description and url - Update Squid to 3.5.26 * SubjectAlternativeNames missing in some generated certificates Previous releases of Squid were not able to generate valid mimic certificates from AltName server certificate field only. * Fix ignoring http_access deny with client-first bumping mode * ssl_crtd: now returns non-zero on failure * Fix FTP directory listings display issues * OpenSSL support better compliance with license requirements This release of Squid will now include the required OpenSSL advertisement on builds -v output where features are displayed. OBS-URL: https://build.opensuse.org/request/show/504589 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=46
This commit is contained in:
commit
e8fababa76
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:28959254c32b8cd87e9599b6beb97352cf0638524e0f5ac3e1754f08462f3585
|
||||
size 2327316
|
@ -1,20 +0,0 @@
|
||||
File: squid-3.5.25.tar.xz
|
||||
Date: Sun Apr 2 20:29:16 UTC 2017
|
||||
Size: 2327316
|
||||
MD5 : 6b7dd7b42b1adacf08f3155640ea2782
|
||||
SHA1: 63ea00cb918e3106fd91b286ec907f1681e0f0e8
|
||||
Key : 0xFF5CF463 <squid3@treenet.co.nz>
|
||||
EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463
|
||||
keyring = http://www.squid-cache.org/pgp.asc
|
||||
keyserver = subkeys.pgp.net
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEzBAABCAAdFiEE6jHMXpSI5RaNLcxesmjnBv9c9GMFAljhX8EACgkQsmjnBv9c
|
||||
9GMjFgf9ED5brd68IQQ1YNx5ecX5ni5A8rggShgE2h2EtBnBicj4c8CRwX82VXwm
|
||||
0yIGHe/reWzppkDGcBaflgyAWGdmUkQR5EixlkBAmwtLAAlJauxeUBxSunxbzn96
|
||||
ysFNmV0GEmzL7ZWJHjFQj4Bd2HnnDRFUbpdK37/lUVJVt2NZ7xtZm+Tcf7cm59Pn
|
||||
OwKsjrGXui+/DoK3lktvn/U4JYsITjVRIc/OcuBW2CM2GlPYSfmTfswIAOVWfb6+
|
||||
btP4pyHSaDaxzw616CSm6HXebL0SHt2CUGrcuCENkSGWj8KiTYBzXpXYDdcblmVp
|
||||
1VFdZQcBMPkD3LVVoKA/HahRSjQgxw==
|
||||
=yE6f
|
||||
-----END PGP SIGNATURE-----
|
3
squid-3.5.26.tar.xz
Normal file
3
squid-3.5.26.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:baa1eecb7d6e18881f4455060d80ee7cb95ae7e2695fdccf7e21ccc8f879a982
|
||||
size 2328352
|
20
squid-3.5.26.tar.xz.asc
Normal file
20
squid-3.5.26.tar.xz.asc
Normal file
@ -0,0 +1,20 @@
|
||||
File: squid-3.5.26.tar.xz
|
||||
Date: Fri Jun 2 00:43:54 UTC 2017
|
||||
Size: 2328352
|
||||
MD5 : 510e2c84773879c00d0e7ced997864d9
|
||||
SHA1: 51a664217957b35de8b7fae180b9f93a759a4204
|
||||
Key : 0xFF5CF463 <squid3@treenet.co.nz>
|
||||
EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463
|
||||
keyring = http://www.squid-cache.org/pgp.asc
|
||||
keyserver = subkeys.pgp.net
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEzBAABCAAdFiEE6jHMXpSI5RaNLcxesmjnBv9c9GMFAlkwtTYACgkQsmjnBv9c
|
||||
9GPpRAf7B+2gZgh1GGwjDheRvX43odQhVg9KkXB+raufqDBSRs7cyj5E/cC9XBPC
|
||||
bmhyF2sk03p0a8wgmSbIH7gBFZ01TbQ5np2dUGh0b9sZPI8DJcSDPS8g9I2IT99v
|
||||
axAttf8IbSzeNTgOk4l/veNMA1RU5fgyY19FnD+G22rVhcmWZFMfD/GBTyw3oc1i
|
||||
7Hs/ulyCmdOHmzzTinMBEaU787mxwng2K7j2SV0O4W6wnuakAMWLdSCGsrUNBwik
|
||||
teu5nd/AuAo1Y1KhM8adjHcANwa12s02yPUgkxyIDkVKBgYmbJAGvfSwFpOqRK4q
|
||||
2uvHSqEAJr47u+n+Y2QampwAXCOEDQ==
|
||||
=XyzG
|
||||
-----END PGP SIGNATURE-----
|
@ -1,106 +0,0 @@
|
||||
Index: helpers/external_acl/kerberos_ldap_group/support_krb5.cc
|
||||
===================================================================
|
||||
--- helpers/external_acl/kerberos_ldap_group/support_krb5.cc.orig
|
||||
+++ helpers/external_acl/kerberos_ldap_group/support_krb5.cc
|
||||
@@ -81,7 +81,7 @@ k5_error(const char* msg, krb5_error_cod
|
||||
* create Kerberos memory cache
|
||||
*/
|
||||
int
|
||||
-krb5_create_cache(char *domain)
|
||||
+krb5_create_cache(struct main_args *margs, char *domain)
|
||||
{
|
||||
|
||||
krb5_keytab keytab = 0;
|
||||
@@ -178,8 +178,17 @@ krb5_create_cache(char *domain)
|
||||
if (code) {
|
||||
k5_error("Error while unparsing principal name",code);
|
||||
} else {
|
||||
- debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name);
|
||||
- found = 1;
|
||||
+ if (margs->brokenad == 1) {
|
||||
+ if (strncmp(principal_name,"HTTP/",strlen("HTTP/")) != 0){
|
||||
+ debug((char *) "%s| %s: DEBUG: Found principal without 'HTTP/' service name: %s NOT USING IT\n", LogTime(), PROGRAM, principal_name);
|
||||
+ } else {
|
||||
+ debug((char *) "%s| %s: DEBUG: Found principal with 'HTTP/' service name: %s\n", LogTime(), PROGRAM, principal_name);
|
||||
+ found = 1;
|
||||
+ }
|
||||
+ } else {
|
||||
+ debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name);
|
||||
+ found = 1;
|
||||
+ }
|
||||
}
|
||||
}
|
||||
#if USE_HEIMDAL_KRB5 || ( HAVE_KRB5_KT_FREE_ENTRY && HAVE_DECL_KRB5_KT_FREE_ENTRY )
|
||||
Index: helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc
|
||||
===================================================================
|
||||
--- helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc.orig
|
||||
+++ helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc
|
||||
@@ -61,6 +61,7 @@ init_args(struct main_args *margs)
|
||||
margs->rc_allow = 0;
|
||||
margs->AD = 0;
|
||||
margs->mdepth = 5;
|
||||
+ margs->brokenad = 0;
|
||||
margs->ddomain = NULL;
|
||||
margs->groups = NULL;
|
||||
margs->ndoms = NULL;
|
||||
@@ -179,7 +180,7 @@ main(int argc, char *const argv[])
|
||||
|
||||
init_args(&margs);
|
||||
|
||||
- while (-1 != (opt = getopt(argc, argv, "diasg:D:N:S:u:U:t:T:p:l:b:m:h"))) {
|
||||
+ while (-1 != (opt = getopt(argc, argv, "diasxg:D:N:S:u:U:t:T:p:l:b:m:h"))) {
|
||||
switch (opt) {
|
||||
case 'd':
|
||||
debug_enabled = 1;
|
||||
@@ -231,6 +232,9 @@ main(int argc, char *const argv[])
|
||||
case 'S':
|
||||
margs.llist = xstrdup(optarg);
|
||||
break;
|
||||
+ case 'x':
|
||||
+ margs.brokenad = 1;
|
||||
+ break;
|
||||
case 'h':
|
||||
fprintf(stderr, "Usage: \n");
|
||||
fprintf(stderr, "squid_kerb_ldap [-d] [-i] -g group list [-D domain] [-N netbios domain map] [-s] [-u ldap user] [-p ldap user password] [-l ldap url] [-b ldap bind path] [-a] [-m max depth] [-h]\n");
|
||||
@@ -247,6 +251,7 @@ main(int argc, char *const argv[])
|
||||
fprintf(stderr, "-l ldap url\n");
|
||||
fprintf(stderr, "-b ldap bind path\n");
|
||||
fprintf(stderr, "-s use SSL encryption with Kerberos authentication\n");
|
||||
+ fprintf(stderr, "-x force use of HTTP/ principal on MS AD 2008\n");
|
||||
fprintf(stderr, "-a allow SSL without cert verification\n");
|
||||
fprintf(stderr, "-m maximal depth for recursive searches\n");
|
||||
fprintf(stderr, "-h help\n");
|
||||
Index: helpers/external_acl/kerberos_ldap_group/support.h
|
||||
===================================================================
|
||||
--- helpers/external_acl/kerberos_ldap_group/support.h.orig
|
||||
+++ helpers/external_acl/kerberos_ldap_group/support.h
|
||||
@@ -105,6 +105,7 @@ struct main_args {
|
||||
int rc_allow;
|
||||
int AD;
|
||||
int mdepth;
|
||||
+ int brokenad;
|
||||
char *ddomain;
|
||||
struct gdstruct *groups;
|
||||
struct ndstruct *ndoms;
|
||||
@@ -164,7 +165,7 @@ int create_nd(struct main_args *margs);
|
||||
int create_ls(struct main_args *margs);
|
||||
|
||||
#ifdef HAVE_KRB5
|
||||
-int krb5_create_cache(char *domain);
|
||||
+int krb5_create_cache(struct main_args *margs, char *domain);
|
||||
void krb5_cleanup(void);
|
||||
#endif
|
||||
|
||||
Index: helpers/external_acl/kerberos_ldap_group/support_ldap.cc
|
||||
===================================================================
|
||||
--- helpers/external_acl/kerberos_ldap_group/support_ldap.cc.orig
|
||||
+++ helpers/external_acl/kerberos_ldap_group/support_ldap.cc
|
||||
@@ -898,7 +898,7 @@ get_memberof(struct main_args *margs, ch
|
||||
debug((char *) "%s| %s: DEBUG: Setup Kerberos credential cache\n", LogTime(), PROGRAM);
|
||||
|
||||
#if HAVE_KRB5
|
||||
- kc = krb5_create_cache(domain);
|
||||
+ kc = krb5_create_cache(margs,domain);
|
||||
if (kc) {
|
||||
error((char *) "%s| %s: ERROR: Error during setup of Kerberos credential cache\n", LogTime(), PROGRAM);
|
||||
}
|
@ -1,42 +0,0 @@
|
||||
Index: src/cf.data.pre
|
||||
===================================================================
|
||||
--- src/cf.data.pre.orig
|
||||
+++ src/cf.data.pre
|
||||
@@ -1464,6 +1464,8 @@ http_access deny manager
|
||||
# Adapt localnet in the ACL section to list your (internal) IP networks
|
||||
# from where browsing should be allowed
|
||||
http_access allow localnet
|
||||
+
|
||||
+# Allow localhost always proxy functionality
|
||||
http_access allow localhost
|
||||
|
||||
# And finally deny all other access to this proxy
|
||||
@@ -3769,6 +3771,10 @@ DOC_START
|
||||
Instead, if you want Squid to use the entire disk drive,
|
||||
subtract 20% and use that value.
|
||||
|
||||
+ Note on 'Mbytes': You need to consider the available RAM on the
|
||||
+ machine versus the approx. 10MB RAM per 1GB of files which the
|
||||
+ cache_dir index will consume.
|
||||
+
|
||||
'L1' is the number of first-level subdirectories which
|
||||
will be created under the 'Directory'. The default is 16.
|
||||
|
||||
@@ -3887,7 +3893,7 @@ DOC_START
|
||||
NOCOMMENT_START
|
||||
|
||||
# Uncomment and adjust the following to add a disk cache directory.
|
||||
-#cache_dir ufs @DEFAULT_SWAP_DIR@ 100 16 256
|
||||
+#cache_dir aufs @DEFAULT_SWAP_DIR@ 100 16 256
|
||||
NOCOMMENT_END
|
||||
DOC_END
|
||||
|
||||
@@ -4584,7 +4590,7 @@ DOC_END
|
||||
|
||||
NAME: logfile_rotate
|
||||
TYPE: int
|
||||
-DEFAULT: 10
|
||||
+DEFAULT: 0
|
||||
LOC: Config.Log.rotateNumber
|
||||
DOC_START
|
||||
Specifies the number of logfile rotations to make when you
|
@ -1,16 +0,0 @@
|
||||
Index: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc
|
||||
===================================================================
|
||||
--- helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc.orig
|
||||
+++ helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc
|
||||
@@ -535,7 +535,11 @@ main(int argc, char *const argv[])
|
||||
keytab_name_env = getenv("KRB5_KTNAME");
|
||||
if (!keytab_name_env) {
|
||||
ret = krb5_init_context(&context);
|
||||
+#if HAVE_PAC_SUPPORT || HAVE_KRB5_MEMORY_KEYTAB
|
||||
if (!check_k5_err(context, "krb5_init_context", ret)) {
|
||||
+#else
|
||||
+ if (0 == ret) { // no error continue...
|
||||
+#endif
|
||||
krb5_kt_default_name(context, default_keytab, MAXPATHLEN);
|
||||
}
|
||||
keytab_name = xstrdup(default_keytab);
|
@ -1,6 +0,0 @@
|
||||
addFilter("no-manual-page-for-binary")
|
||||
addFilter("zero-length")
|
||||
addFilter("incorrect-fsf-address")
|
||||
# Temporary solution untill it is moved into factory
|
||||
#setBadness('permissions-unauthorized-file', 333)
|
||||
#setBadness("permissions-file-setuid-bit", 333)
|
@ -1,3 +1,29 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Jun 19 08:20:52 UTC 2017 - mpluskal@suse.com
|
||||
|
||||
- Packaging cleanup
|
||||
- Dropped:
|
||||
* squid-brokenad.patch
|
||||
* squid-config.patch
|
||||
* squid.init squid.init.rh
|
||||
* squid-old-kerberos.patch
|
||||
* squid-rpmlintrc
|
||||
- Update description and url
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 14 08:54:53 UTC 2017 - adam.majer@suse.de
|
||||
|
||||
- Update Squid to 3.5.26
|
||||
* SubjectAlternativeNames missing in some generated certificates
|
||||
Previous releases of Squid were not able to generate valid
|
||||
mimic certificates from AltName server certificate field only.
|
||||
* Fix ignoring http_access deny with client-first bumping mode
|
||||
* ssl_crtd: now returns non-zero on failure
|
||||
* Fix FTP directory listings display issues
|
||||
* OpenSSL support better compliance with license requirements
|
||||
This release of Squid will now include the required OpenSSL
|
||||
advertisement on builds -v output where features are displayed.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Apr 10 09:50:21 UTC 2017 - adam.majer@suse.de
|
||||
|
||||
|
201
squid.init
201
squid.init
@ -1,201 +0,0 @@
|
||||
#!/bin/sh
|
||||
# Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH
|
||||
# Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH
|
||||
# Copyright (c) 2002 SuSE Linux AG
|
||||
#
|
||||
# Author: Frank Bodammer, Peter Poeml, Klaus Singvogel <feedback@suse.de>
|
||||
#
|
||||
# /etc/init.d/squid
|
||||
# and its symbolic link
|
||||
# /(usr/)sbin/rcsquid
|
||||
#
|
||||
### BEGIN INIT INFO
|
||||
# Provides: squid
|
||||
# Required-Start: $local_fs $remote_fs $network $time
|
||||
# Should-Start: apache $named winbind
|
||||
# Required-Stop: $local_fs $remote_fs $network $time
|
||||
# Should-Stop: apache $named winbind
|
||||
# Default-Start: 3 5
|
||||
# Default-Stop: 0 1 2 6
|
||||
# Short-Description: Squid web cache
|
||||
# Description: Start the Squid web cache, providing
|
||||
# HTTP, FTP and other proxy services
|
||||
### END INIT INFO
|
||||
#
|
||||
# Note on runlevels:
|
||||
# 0 - halt/poweroff 6 - reboot
|
||||
# 1 - single user 2 - multiuser without network exported
|
||||
# 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm)
|
||||
|
||||
|
||||
# Check for missing binaries (stale symlinks should not happen)
|
||||
# Note: Special treatment of stop for LSB conformance
|
||||
SQUID_BIN=/usr/sbin/squid
|
||||
test -x $SQUID_BIN || { echo "$SQUID_BIN not installed";
|
||||
if [ "$1" = "stop" ]; then exit 0;
|
||||
else exit 5; fi; }
|
||||
|
||||
# Check for existence of needed config file and read it
|
||||
SQUID_SYSCONFIG=/etc/sysconfig/squid
|
||||
test -r $SQUID_SYSCONFIG || { echo "$SQUID_SYSCONFIG not existing";
|
||||
if [ "$1" = "stop" ]; then exit 0;
|
||||
else exit 6; fi; }
|
||||
|
||||
# Read config
|
||||
. $SQUID_SYSCONFIG
|
||||
|
||||
SQUID_PID=/var/run/squid.pid
|
||||
SQUID_CONF=/etc/squid/squid.conf
|
||||
SQUID_S_T=${SQUID_SHUTDOWN_TIMEOUT:="60"}
|
||||
SQUID_OPTS=${SQUID_START_OPTIONS:="-sY"}
|
||||
SQUID_ULIMIT=${SQUID_DEFAULT_ULIMT:="4096"}
|
||||
|
||||
# determine which one is the cache_swap directory
|
||||
SQUID_CACHE_DIR=$(perl -n -e \
|
||||
'/^cache_dir\s+\S+\s+(.*)\s+\d+\s+\d+\s+\d+/ && print "$1"' $SQUID_CONF)
|
||||
|
||||
ulimit -n "$SQUID_ULIMIT"
|
||||
|
||||
#IN: $SQUID_CACHE_DIR
|
||||
setup_squid_cache_dir(){
|
||||
for adir in "$1" ; do
|
||||
if [ ! -d $adir/00 ]; then # create missing cache directories
|
||||
umask 027 # prevent users reading any cache data
|
||||
echo -n " ($adir)"
|
||||
$SQUID_BIN -z -F > /dev/null 2>&1
|
||||
fi
|
||||
if [ ! -d $adir/00 ]; then
|
||||
echo " - failed while creating cache_dir ! "
|
||||
rc_failed
|
||||
rc_status -v
|
||||
rc_exit
|
||||
fi
|
||||
done
|
||||
sleep 2
|
||||
}
|
||||
|
||||
# Shell functions sourced from /etc/rc.status:
|
||||
# rc_check check and set local and overall rc status
|
||||
# rc_status check and set local and overall rc status
|
||||
# rc_status -v be verbose in local rc status and clear it afterwards
|
||||
# rc_status -v -r ditto and clear both the local and overall rc status
|
||||
# rc_status -s display "skipped" and exit with status 3
|
||||
# rc_status -u display "unused" and exit with status 3
|
||||
# rc_failed set local and overall rc status to failed
|
||||
# rc_failed <num> set local and overall rc status to <num>
|
||||
# rc_reset clear both the local and overall rc status
|
||||
# rc_exit exit appropriate to overall rc status
|
||||
# rc_active checks whether a service is activated by symlinks
|
||||
. /etc/rc.status
|
||||
|
||||
# Reset status of this service
|
||||
rc_reset
|
||||
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
echo -n "Starting WWW-proxy squid "
|
||||
if /sbin/checkproc $SQUID_BIN ; then
|
||||
echo -n "- Warning: squid already running ! "
|
||||
rc_failed
|
||||
else
|
||||
[ -e $SQUID_PID ] && echo -n "- Warning: $SQUID_PID exists ! "
|
||||
if [ -n "$SQUID_CACHE_DIR" -a -d "$SQUID_CACHE_DIR" ]; then
|
||||
setup_squid_cache_dir "$SQUID_CACHE_DIR"
|
||||
fi
|
||||
fi
|
||||
startproc -l /var/log/squid/rcsquid.log $SQUID_BIN "$SQUID_OPTS"
|
||||
|
||||
# Remember status and be verbose
|
||||
rc_status -v
|
||||
;;
|
||||
stop)
|
||||
echo -n "Shutting down WWW-proxy squid "
|
||||
if /sbin/checkproc $SQUID_BIN ; then
|
||||
$SQUID_BIN -k shutdown
|
||||
sleep 2
|
||||
if [ -e $SQUID_PID ] ; then
|
||||
echo -n "- wait a minute or two... "
|
||||
i="$SQUID_S_T"
|
||||
while [ -e $SQUID_PID ] && [ $i -gt 0 ] ; do
|
||||
sleep 2
|
||||
i=$[$i-1]
|
||||
echo -n "."
|
||||
[ $i -eq 41 ] && echo
|
||||
done
|
||||
fi
|
||||
if /sbin/checkproc $SQUID_BIN ; then
|
||||
killproc -TERM $SQUID_BIN
|
||||
echo -n " Warning: squid killed !"
|
||||
fi
|
||||
else
|
||||
echo -n "- Warning: squid not running ! "
|
||||
rc_failed 7
|
||||
fi
|
||||
|
||||
# Remember status and be verbose
|
||||
rc_status -v
|
||||
;;
|
||||
try-restart)
|
||||
$0 status >/dev/null && $0 restart
|
||||
|
||||
# Remember status and be quiet
|
||||
rc_status
|
||||
;;
|
||||
restart)
|
||||
$0 stop
|
||||
$0 start
|
||||
|
||||
# Remember status and be quiet
|
||||
rc_status
|
||||
;;
|
||||
force-reload)
|
||||
$0 reload
|
||||
|
||||
# Remember status and be quiet
|
||||
rc_status
|
||||
;;
|
||||
reload)
|
||||
echo -n "Reloading WWW-proxy squid "
|
||||
if /sbin/checkproc $SQUID_BIN ; then
|
||||
$SQUID_BIN -k rotate
|
||||
sleep 2
|
||||
$SQUID_BIN -k reconfigure
|
||||
rc_status
|
||||
else
|
||||
echo -n "- Warning: squid not running ! "
|
||||
rc_failed 7
|
||||
fi
|
||||
|
||||
# Remember status and be verbose
|
||||
rc_status -v
|
||||
;;
|
||||
status)
|
||||
echo -n "Checking for WWW-proxy squid "
|
||||
## Check status with checkproc(8), if process is running
|
||||
## checkproc will return with exit status 0.
|
||||
|
||||
# Return value is slightly different for the status command:
|
||||
# 0 - service up and running
|
||||
# 1 - service dead, but /var/run/ pid file exists
|
||||
# 2 - service dead, but /var/lock/ lock file exists
|
||||
# 3 - service not running (unused)
|
||||
# 4 - service status unknown :-(
|
||||
# 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
|
||||
|
||||
# NOTE: checkproc returns LSB compliant status values.
|
||||
/sbin/checkproc $SQUID_BIN
|
||||
|
||||
# Remember status and be verbose
|
||||
rc_status -v
|
||||
;;
|
||||
probe)
|
||||
test $SQUID_CONF -nt $SQUID_PID && echo reload
|
||||
;;
|
||||
*)
|
||||
echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
rc_exit
|
||||
|
187
squid.init.rh
187
squid.init.rh
@ -1,187 +0,0 @@
|
||||
#!/bin/bash
|
||||
# chkconfig: - 90 25
|
||||
# pidfile: /var/run/squid.pid
|
||||
# config: /etc/squid/squid.conf
|
||||
#
|
||||
### BEGIN INIT INFO
|
||||
# Provides: squid
|
||||
# Short-Description: starting and stopping Squid Internet Object Cache
|
||||
# Description: Squid - Internet Object Cache. Internet object caching is \
|
||||
# a way to store requested Internet objects (i.e., data available \
|
||||
# via the HTTP, FTP, and gopher protocols) on a system closer to the \
|
||||
# requesting site than to the source. Web browsers can then use the \
|
||||
# local Squid cache as a proxy HTTP server, reducing access time as \
|
||||
# well as bandwidth consumption.
|
||||
### END INIT INFO
|
||||
|
||||
|
||||
PATH=/usr/bin:/sbin:/bin:/usr/sbin
|
||||
export PATH
|
||||
|
||||
# Source function library.
|
||||
. /etc/rc.d/init.d/functions
|
||||
|
||||
# Source networking configuration.
|
||||
. /etc/sysconfig/network
|
||||
|
||||
if [ -f /etc/sysconfig/squid ]; then
|
||||
. /etc/sysconfig/squid
|
||||
fi
|
||||
|
||||
# don't raise an error if the config file is incomplete
|
||||
# set defaults instead:
|
||||
SQUID_OPTS=${SQUID_OPTS:-""}
|
||||
SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20}
|
||||
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}
|
||||
SQUID_CONF=${SQUID_CONF:-"/etc/squid/squid.conf"}
|
||||
SQUID_PIDFILE_DIR="/var/run/squid"
|
||||
SQUID_USER="squid"
|
||||
SQUID_DIR="squid"
|
||||
|
||||
# determine the name of the squid binary
|
||||
[ -f /usr/sbin/squid ] && SQUID=squid
|
||||
|
||||
prog="$SQUID"
|
||||
|
||||
# determine which one is the cache_swap directory
|
||||
CACHE_SWAP=`sed -e 's/#.*//g' $SQUID_CONF | \
|
||||
grep cache_dir | awk '{ print $3 }'`
|
||||
|
||||
RETVAL=0
|
||||
|
||||
probe() {
|
||||
# Check that networking is up.
|
||||
[ ${NETWORKING} = "no" ] && exit 1
|
||||
|
||||
[ `id -u` -ne 0 ] && exit 4
|
||||
|
||||
# check if the squid conf file is present
|
||||
[ -f $SQUID_CONF ] || exit 6
|
||||
}
|
||||
|
||||
start() {
|
||||
# Check if $SQUID_PIDFILE_DIR exists and if not, lets create it and give squid permissions.
|
||||
if [ ! -d $SQUID_PIDFILE_DIR ] ; then mkdir $SQUID_PIDFILE_DIR ; chown -R $SQUID_USER.$SQUID_DIR $SQUID_PIDFILE_DIR; fi
|
||||
probe
|
||||
|
||||
parse=`$SQUID -k parse -f $SQUID_CONF 2>&1`
|
||||
RETVAL=$?
|
||||
if [ $RETVAL -ne 0 ]; then
|
||||
echo -n $"Starting $prog: "
|
||||
echo_failure
|
||||
echo
|
||||
echo "$parse"
|
||||
return 1
|
||||
fi
|
||||
for adir in $CACHE_SWAP; do
|
||||
if [ ! -d $adir/00 ]; then
|
||||
echo -n "init_cache_dir $adir... "
|
||||
$SQUID -z -F -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1
|
||||
fi
|
||||
done
|
||||
echo -n $"Starting $prog: "
|
||||
$SQUID $SQUID_OPTS -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1
|
||||
RETVAL=$?
|
||||
if [ $RETVAL -eq 0 ]; then
|
||||
timeout=0;
|
||||
while : ; do
|
||||
[ ! -f /var/run/squid.pid ] || break
|
||||
if [ $timeout -ge $SQUID_PIDFILE_TIMEOUT ]; then
|
||||
RETVAL=1
|
||||
break
|
||||
fi
|
||||
sleep 1 && echo -n "."
|
||||
timeout=$((timeout+1))
|
||||
done
|
||||
fi
|
||||
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$SQUID
|
||||
[ $RETVAL -eq 0 ] && echo_success
|
||||
[ $RETVAL -ne 0 ] && echo_failure
|
||||
echo
|
||||
return $RETVAL
|
||||
}
|
||||
|
||||
stop() {
|
||||
echo -n $"Stopping $prog: "
|
||||
$SQUID -k check -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1
|
||||
RETVAL=$?
|
||||
if [ $RETVAL -eq 0 ] ; then
|
||||
$SQUID -k shutdown -f $SQUID_CONF &
|
||||
rm -f /var/lock/subsys/$SQUID
|
||||
timeout=0
|
||||
while : ; do
|
||||
[ -f /var/run/squid.pid ] || break
|
||||
if [ $timeout -ge $SQUID_SHUTDOWN_TIMEOUT ]; then
|
||||
echo
|
||||
return 1
|
||||
fi
|
||||
sleep 2 && echo -n "."
|
||||
timeout=$((timeout+2))
|
||||
done
|
||||
echo_success
|
||||
echo
|
||||
else
|
||||
echo_failure
|
||||
if [ ! -e /var/lock/subsys/$SQUID ]; then
|
||||
RETVAL=0
|
||||
fi
|
||||
echo
|
||||
fi
|
||||
rm -rf $SQUID_PIDFILE_DIR/*
|
||||
return $RETVAL
|
||||
}
|
||||
|
||||
reload() {
|
||||
$SQUID $SQUID_OPTS -k reconfigure -f $SQUID_CONF
|
||||
}
|
||||
|
||||
restart() {
|
||||
stop
|
||||
rm -rf $SQUID_PIDFILE_DIR/*
|
||||
start
|
||||
}
|
||||
|
||||
condrestart() {
|
||||
[ -e /var/lock/subsys/squid ] && restart || :
|
||||
}
|
||||
|
||||
rhstatus() {
|
||||
status $SQUID && $SQUID -k check -f $SQUID_CONF
|
||||
}
|
||||
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
start
|
||||
;;
|
||||
|
||||
stop)
|
||||
stop
|
||||
;;
|
||||
|
||||
reload|force-reload)
|
||||
reload
|
||||
;;
|
||||
|
||||
restart)
|
||||
restart
|
||||
;;
|
||||
|
||||
condrestart|try-restart)
|
||||
condrestart
|
||||
;;
|
||||
|
||||
status)
|
||||
rhstatus
|
||||
;;
|
||||
|
||||
probe)
|
||||
probe
|
||||
;;
|
||||
|
||||
*)
|
||||
echo $"Usage: $0 {start|stop|status|reload|force-reload|restart|try-restart|probe}"
|
||||
exit 2
|
||||
esac
|
||||
|
||||
exit $?
|
246
squid.spec
246
squid.spec
@ -18,17 +18,15 @@
|
||||
|
||||
%define squidlibdir %{_libdir}/squid
|
||||
%define squidconfdir %{_sysconfdir}/squid
|
||||
|
||||
Name: squid
|
||||
Version: 3.5.25
|
||||
Version: 3.5.26
|
||||
Release: 0
|
||||
Summary: A fully featured HTTP/1.0 proxy
|
||||
License: GPL-2.0+
|
||||
Group: Productivity/Networking/Web/Proxy
|
||||
Url: http://www.squid-cache.org/Versions/v3/3.5
|
||||
Url: http://www.squid-cache.org
|
||||
Source0: http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz
|
||||
Source1: http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz.asc
|
||||
Source3: squid.init
|
||||
Source4: squid.sysconfig
|
||||
Source5: pam.squid
|
||||
Source6: unsquid.pl
|
||||
@ -37,115 +35,58 @@ Source9: %{name}.permissions
|
||||
Source10: README.kerberos
|
||||
Source11: %{name}.service
|
||||
Source13: %{name}.keyring
|
||||
Source14: squid.init.rh
|
||||
Source15: cache_dir.sed
|
||||
Source16: initialize_cache_if_needed.sh
|
||||
|
||||
# do not show some rpmlint warnings
|
||||
Source99: squid-rpmlintrc
|
||||
# some useful defaults for squid
|
||||
Patch100: %{name}-config.patch
|
||||
# patch fixes kerberos principalname handling (http://bugs.squid-cache.org/show_bug.cgi?id=4042)
|
||||
Patch103: squid-brokenad.patch
|
||||
#patch fix SLE 11 target... BAD PATCH
|
||||
Patch104: squid-old-kerberos.patch
|
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
# BuildRequires: autoconf
|
||||
# BuildRequires: automake
|
||||
# If you want to run unit tests, these also need mounted /dev/shm and /proc
|
||||
# BuildRequires: cppunit-devel
|
||||
BuildRequires: cppunit-devel
|
||||
BuildRequires: db-devel
|
||||
# needed by bootstrap.sh
|
||||
BuildRequires: cyrus-sasl-devel
|
||||
BuildRequires: ed
|
||||
BuildRequires: expat
|
||||
#
|
||||
BuildRequires: fdupes
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: krb5-devel
|
||||
BuildRequires: libcap-devel
|
||||
BuildRequires: libexpat-devel
|
||||
%if 0%{?suse_version} <= 1140
|
||||
BuildRequires: libtool
|
||||
%else
|
||||
BuildRequires: libtool >= 2.4
|
||||
%endif
|
||||
%if 0%{?suse_version} < 1220
|
||||
BuildRequires: libxml2-devel
|
||||
BuildRequires: xz
|
||||
%else
|
||||
BuildRequires: pkgconfig(libxml-2.0)
|
||||
%endif
|
||||
BuildRequires: openldap2-devel
|
||||
BuildRequires: opensp-devel
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: pam-devel
|
||||
BuildRequires: pkgconfig
|
||||
BuildRequires: samba-winbind
|
||||
BuildRequires: sharutils
|
||||
|
||||
%if 0%{?suse_version}
|
||||
Requires(post): %fillup_prereq
|
||||
Requires(pre): %{_bindir}/getent
|
||||
%if 0%{?suse_version} < 1140
|
||||
Requires(pre): permissions
|
||||
%else
|
||||
Requires(pre): permissions >= 2014.11
|
||||
%endif
|
||||
Requires(pre): pwdutils
|
||||
%else
|
||||
Requires(pre): shadow-utils
|
||||
Requires(post): /sbin/chkconfig
|
||||
Requires(preun): /sbin/service /sbin/chkconfig
|
||||
Requires(postun): /sbin/service
|
||||
%endif
|
||||
|
||||
%if 0%{?suse_version} > 1210
|
||||
BuildRequires: systemd
|
||||
%{?systemd_requires}
|
||||
%define has_systemd 1
|
||||
%else
|
||||
Requires(pre): %insserv_prereq
|
||||
%endif
|
||||
|
||||
BuildRequires: systemd-rpm-macros
|
||||
BuildRequires: pkgconfig(expat)
|
||||
BuildRequires: pkgconfig(gssrpc)
|
||||
BuildRequires: pkgconfig(kdb)
|
||||
BuildRequires: pkgconfig(krb5)
|
||||
BuildRequires: pkgconfig(libsasl2)
|
||||
BuildRequires: pkgconfig(libxml-2.0)
|
||||
Requires: logrotate
|
||||
Requires(post): %fillup_prereq
|
||||
Requires(pre): permissions
|
||||
Requires(pre): shadow
|
||||
Provides: http_proxy
|
||||
|
||||
# due to package rename
|
||||
# Wed Aug 15 17:40:30 UTC 2012
|
||||
Provides: %{name}3 = %{version}
|
||||
Obsoletes: %{name}3 < %{version}
|
||||
%{?systemd_requires}
|
||||
|
||||
%description
|
||||
Squid is a fully-featured HTTP/1.0 proxy which is almost (but not quite - we're getting there!) a fully-featured HTTP/1.1 proxy. Squid offers a rich access control, authorization and logging environment to develop web proxy and content serving applications. Squid offers a rich set of traffic optimization options, most of which are enabled by default for simpler installation and high performance.
|
||||
|
||||
Squid 3.5 represents a new feature release above 3.4.
|
||||
|
||||
The most important of these new features are:
|
||||
|
||||
* Support libecap v1.0
|
||||
* Authentication helper query extensions
|
||||
* Support named services
|
||||
* Upgraded squidclient tool
|
||||
* Helper support for concurrency channels
|
||||
* Native FTP Relay
|
||||
* Receive PROXY protocol, Versions 1 & 2
|
||||
* Basic authentication MSNT helper changes
|
||||
Squid is a fully-featured HTTP/1.0 proxy which is almost (but not quite -
|
||||
we're getting there!) a fully-featured HTTP/1.1 proxy. Squid offers a rich
|
||||
access control, authorization and logging environment to develop web proxy
|
||||
and content serving applications. Squid offers a rich set of traffic
|
||||
optimization options, most of which are enabled by default for simpler
|
||||
installation and high performance.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
cp %{SOURCE10} .
|
||||
# upstream patches after RELEASE
|
||||
|
||||
##### other patches
|
||||
%patch100
|
||||
perl -p -i -e 's|%{_prefix}/local/bin/perl|%{_bindir}/perl|' `find -name "*.pl"`
|
||||
chmod a-x CREDITS
|
||||
%patch103
|
||||
%patch104
|
||||
|
||||
%build
|
||||
# autoreconf -fi
|
||||
export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"
|
||||
export CXXFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"
|
||||
export LDFLAGS="-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro,-z,now -pie"
|
||||
@ -156,15 +97,8 @@ export LDFLAGS="-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro,-z,now -pie"
|
||||
--datadir=%{_datadir}/squid \
|
||||
--sharedstatedir=%{_localstatedir}/squid \
|
||||
--with-logdir=%{_localstatedir}/log/squid \
|
||||
%if 0%{?has_systemd}
|
||||
--with-pidfile=/run/squid.pid \
|
||||
%else
|
||||
--with-pidfile=%{_localstatedir}/run/squid.pid \
|
||||
%endif
|
||||
--with-dl \
|
||||
%if 0%{?suse_version} <= 1140
|
||||
--with-included-ltdl \
|
||||
%endif
|
||||
--enable-disk-io \
|
||||
--enable-storeio \
|
||||
--enable-removal-policies=heap,lru \
|
||||
@ -195,51 +129,34 @@ export LDFLAGS="-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro,-z,now -pie"
|
||||
--disable-ident-lookups \
|
||||
--enable-follow-x-forwarded-for \
|
||||
--disable-arch-native
|
||||
|
||||
# overwrite the number of open filedescriptors of configure to 4096
|
||||
# to be backward compatible, but numbers above should not be overwritten
|
||||
if [ `awk '/SQUID_MAXFD/{print $3}' include/autoconf.h` -lt 4096 ]; then
|
||||
set +x
|
||||
echo "adapting SQUID_MAXFD to 4096"
|
||||
set -x
|
||||
perl -pi -e 's;(\#define SQUID_MAXFD) [0-9]+;$1 4096;' include/autoconf.h
|
||||
fi
|
||||
make SAMBAPREFIX=/usr %{?_smp_mflags}
|
||||
make SAMBAPREFIX=%{_prefix} %{?_smp_mflags}
|
||||
|
||||
%install
|
||||
%{_sbindir}/groupadd -g 31 -r %{name} 2>/dev/null || :
|
||||
%{_sbindir}/useradd -c "WWW-proxy squid" -d %{_localstatedir}/cache/%{name} \
|
||||
-g %{name} -o -u 31 -r -s /bin/false 2> /dev/null || :
|
||||
|
||||
install -d -m 750 %{buildroot}%{_localstatedir}/{cache,log}/%{name}
|
||||
install -d %{buildroot}%{_prefix}/sbin
|
||||
|
||||
# make_install
|
||||
make install DESTDIR=%{buildroot} SAMBAPREFIX=/usr
|
||||
%make_install SAMBAPREFIX=%{_prefix}
|
||||
|
||||
mv %{buildroot}{%{_sysconfdir}/%{name}/,%{_datadir}/%{name}/}mime.conf.default
|
||||
ln -s %{_sysconfdir}/%{name}/mime.conf %{buildroot}%{_datadir}/%{name} # backward compatible
|
||||
|
||||
%if 0%{?suse_version} < 1140
|
||||
# permissions file
|
||||
install -D -m 644 %{SOURCE9} %{buildroot}%{_sysconfdir}/permissions.d/%{name}
|
||||
%endif
|
||||
|
||||
# install logrotate file
|
||||
install -D -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
|
||||
install -Dpm 644 %{SOURCE7} \
|
||||
%{buildroot}%{_sysconfdir}/logrotate.d/%{name}
|
||||
|
||||
install -d -m 755 doc/scripts
|
||||
install scripts/*.pl doc/scripts
|
||||
cat > doc/scripts/cachemgr.readme <<-EOT
|
||||
cachemgr.cgi will now be found in %{_libdir}/%{name}
|
||||
EOT
|
||||
install -d -m 755 %{buildroot}/%{_libdir}/%{name}
|
||||
install -dpm 755 %{buildroot}/%{_libdir}/%{name}
|
||||
mv %{buildroot}%{_sbindir}/cachemgr.cgi %{buildroot}/%{_libdir}/%{name}
|
||||
|
||||
install -d -m 755 doc/contrib
|
||||
install -dpm 755 doc/contrib
|
||||
install %{SOURCE6} doc/contrib
|
||||
install -D -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pam.d/%{name}
|
||||
install -D -m 644 ./helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 %{buildroot}%{_mandir}/man8/ext_kerberos_ldap_group_acl.8
|
||||
install -Dpm 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pam.d/%{name}
|
||||
install -Dpm 644 ./helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 %{buildroot}%{_mandir}/man8/ext_kerberos_ldap_group_acl.8
|
||||
|
||||
rm -rf %{buildroot}%{squidconfdir}/errors
|
||||
for i in errors/*; do
|
||||
@ -251,40 +168,20 @@ done
|
||||
ln -sf %{_datadir}/%{name}/errors/de %{buildroot}%{squidconfdir}/errors
|
||||
|
||||
# fix file duplicates
|
||||
%if 0%{?suse_version} > 1030
|
||||
%fdupes -s %{buildroot}%{_prefix}
|
||||
%endif
|
||||
%if 0%{?fedora_version} > 8
|
||||
fdupes -q -n -r %{buildroot}%{_prefix}
|
||||
%endif
|
||||
|
||||
# systemd vs SysVinit
|
||||
%if 0%{?has_systemd}
|
||||
# systemd
|
||||
install -D -m 644 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}.service
|
||||
install -D -m 755 %{SOURCE15} %{buildroot}%{squidlibdir}/cache_dir.sed
|
||||
install -D -m 755 %{SOURCE16} %{buildroot}%{squidlibdir}/initialize_cache_if_needed.sh
|
||||
sed -i -e 's!%%{_libdir}!%{_libdir}!' %{buildroot}%{_unitdir}/%{name}.service
|
||||
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
|
||||
%else # SysVinit
|
||||
# fix postrotate script for SysVinit
|
||||
sed -i -re 's@/usr/bin/systemctl.*@/etc/init.d/squid reload@g' %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
|
||||
%if 0%{?suse_version}
|
||||
install -D %{SOURCE3} %{buildroot}%{_sysconfdir}/init.d/%{name}
|
||||
ln -sf %{_sysconfdir}/init.d/%{name} %{buildroot}%{_sbindir}/rc%{name}
|
||||
%else # lets just assume other are rh based ones...
|
||||
install -D %{SOURCE14} %{buildroot}%{_sysconfdir}/init.d/%{name}
|
||||
%endif
|
||||
%endif
|
||||
%if 0%{?suse_version}
|
||||
install -D -m644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
|
||||
%else
|
||||
install -D -m644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/%{name}
|
||||
%endif
|
||||
install -Dpm 644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
|
||||
|
||||
# Move the MIB definition to the proper place (and name)
|
||||
mkdir -p $RPM_BUILD_ROOT/usr/share/snmp/mibs
|
||||
mv $RPM_BUILD_ROOT/usr/share/squid/mib.txt \
|
||||
$RPM_BUILD_ROOT/usr/share/snmp/mibs/SQUID-MIB.txt
|
||||
mkdir -p %{buildroot}%{_datadir}/snmp/mibs
|
||||
mv %{buildroot}%{_datadir}/squid/mib.txt \
|
||||
%{buildroot}%{_datadir}/snmp/mibs/SQUID-MIB.txt
|
||||
|
||||
%pre
|
||||
# we need this group for /usr/sbin/pinger
|
||||
@ -309,10 +206,7 @@ fi
|
||||
if [[ $(%{_bindir}/id -nG %{name} 2>/dev/null | grep -q winbind >/dev/null; echo $?) -ne 0 ]]; then
|
||||
%{_sbindir}/usermod -G winbind %{name} 2>/dev/null
|
||||
fi
|
||||
|
||||
%if 0%{?has_systemd}
|
||||
%service_add_pre %{name}.service
|
||||
%endif
|
||||
|
||||
# update mode?
|
||||
if [ "$1" -gt "1" ]; then
|
||||
@ -321,11 +215,6 @@ if [ "$1" -gt "1" ]; then
|
||||
mv %{_sysconfdir}/%{name}.conf %{_sysconfdir}/%{name}/%{name}.conf
|
||||
fi
|
||||
fi
|
||||
# emulate_httpd_log is gone with 3.2 not 3.5
|
||||
### rpmlint is complaining about modifying squid.conf
|
||||
#if [ -e etc/%{name}/%{name}.conf ]; then
|
||||
# sed -i '/emulate_httpd_log/d' /etc/%{name}/%{name}.conf
|
||||
#fi
|
||||
|
||||
%pretrans -p <lua>
|
||||
-- Directory to symlink is not working in RPM so workaround it
|
||||
@ -343,63 +232,24 @@ for i,f in pairs(bad_ones) do
|
||||
end
|
||||
|
||||
%post
|
||||
%if 0%{?suse_version} >= 1140
|
||||
%if 0%{?set_permissions:1}
|
||||
%set_permissions %{_sbindir}/basic_pam_auth
|
||||
%set_permissions %{_sbindir}/pinger
|
||||
%set_permissions %{_localstatedir}/cache/squid/
|
||||
%set_permissions %{_localstatedir}/log/squid/
|
||||
%else
|
||||
%run_permissions
|
||||
%endif
|
||||
%endif
|
||||
|
||||
%if 0%{?has_systemd}
|
||||
%service_add_post squid.service
|
||||
%else
|
||||
%if 0%{?suse_version}
|
||||
%{fillup_and_insserv -n "squid"}
|
||||
%else
|
||||
/sbin/chkconfig --add squid
|
||||
%endif
|
||||
%endif
|
||||
|
||||
%preun
|
||||
%if 0%{?has_systemd}
|
||||
%service_del_preun squid.service
|
||||
%else
|
||||
%if 0%{?suse_version}
|
||||
%stop_on_removal squid
|
||||
%else
|
||||
if [ $1 = 0 ] ; then
|
||||
service squid stop >/dev/null 2>&1
|
||||
rm -f /var/log/squid/*
|
||||
/sbin/chkconfig --del squid
|
||||
fi
|
||||
%endif
|
||||
%endif
|
||||
|
||||
%if 0%{?suse_version}
|
||||
%verifyscript
|
||||
%verify_permissions -e %{_sbindir}/basic_pam_auth
|
||||
%verify_permissions -e %{_sbindir}/pinger
|
||||
%verify_permissions -e %{_localstatedir}/cache/squid/
|
||||
%verify_permissions -e %{_localstatedir}/log/squid/
|
||||
%endif
|
||||
|
||||
%postun
|
||||
%if 0%{?has_systemd}
|
||||
%service_del_postun squid.service
|
||||
%else
|
||||
%if 0%{?suse_version}
|
||||
%restart_on_update squid
|
||||
%insserv_cleanup
|
||||
%else
|
||||
if [ "$1" -ge "1" ] ; then
|
||||
service squid condrestart >/dev/null 2>&1
|
||||
fi
|
||||
%endif
|
||||
%endif
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
@ -408,14 +258,10 @@ end
|
||||
%doc README.kerberos
|
||||
%doc doc/contrib doc/scripts
|
||||
%doc doc/debug-sections.txt src/%{name}.conf.default
|
||||
%doc %{_mandir}/man?/*
|
||||
%if 0%{?has_systemd}
|
||||
%{_mandir}/man?/*
|
||||
%{_unitdir}/%{name}.service
|
||||
%{squidlibdir}/initialize_cache_if_needed.sh
|
||||
%{squidlibdir}/cache_dir.sed
|
||||
%else
|
||||
%{_sysconfdir}/init.d/%{name}
|
||||
%endif
|
||||
%verify(not user group mode) %attr(750,%{name},root) %dir %{_localstatedir}/cache/%{name}/
|
||||
%verify(not user group mode) %attr(750,%{name},root) %dir %{_localstatedir}/log/%{name}/
|
||||
%dir %{squidconfdir}
|
||||
@ -430,9 +276,6 @@ end
|
||||
%config %{squidconfdir}/%{name}.conf.default
|
||||
%config %{squidconfdir}/%{name}.conf.documented
|
||||
%config %{_sysconfdir}/pam.d/%{name}
|
||||
%if 0%{?suse_version} < 1140
|
||||
%config %{_sysconfdir}/permissions.d/%{name}
|
||||
%endif
|
||||
%dir %{_datadir}/%{name}
|
||||
%dir %{_datadir}/snmp
|
||||
%dir %{_datadir}/snmp/mibs
|
||||
@ -448,26 +291,16 @@ end
|
||||
%{_sbindir}/basic_getpwnam_auth
|
||||
%{_sbindir}/basic_ldap_auth
|
||||
%{_sbindir}/digest_edirectory_auth
|
||||
## will get removed in 3.6 series
|
||||
# http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html#toc2.8
|
||||
%{_sbindir}/basic_msnt_multi_domain_auth
|
||||
##
|
||||
%{_sbindir}/basic_ncsa_auth
|
||||
%{_sbindir}/basic_nis_auth
|
||||
%if 0%{?suse_version} < 1140
|
||||
%{_sbindir}/basic_pam_auth
|
||||
%else
|
||||
%verify(not mode) %attr(2750,root,shadow) %{_sbindir}/basic_pam_auth
|
||||
%endif
|
||||
%{_sbindir}/basic_pop3_auth
|
||||
%{_sbindir}/basic_radius_auth
|
||||
%{_sbindir}/basic_sasl_auth
|
||||
%{_sbindir}/basic_smb_auth
|
||||
%{_sbindir}/basic_smb_auth.sh
|
||||
## basic_msnt_auth has been deprecated and renamed to
|
||||
# http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html#toc2.8
|
||||
%{_sbindir}/basic_smb_lm_auth
|
||||
##
|
||||
%{_sbindir}/cert_tool
|
||||
%{_sbindir}/cert_valid.pl
|
||||
%{_sbindir}/digest_file_auth
|
||||
@ -488,24 +321,15 @@ end
|
||||
%{_sbindir}/negotiate_wrapper_auth
|
||||
%{_sbindir}/ntlm_fake_auth
|
||||
%{_sbindir}/ntlm_smb_lm_auth
|
||||
# not working %%caps(cap_net_raw=ep)
|
||||
%if 0%{?suse_version} < 1140
|
||||
%attr(0750,root,squid) %{_sbindir}/pinger
|
||||
%else
|
||||
%verify(not user group mode caps) %attr(0750,root,squid) %{_sbindir}/pinger
|
||||
%endif
|
||||
%{_sbindir}/%{name}
|
||||
%{_sbindir}/ssl_crtd
|
||||
%{_sbindir}/storeid_file_rewrite
|
||||
%{_sbindir}/unlinkd
|
||||
%{_sbindir}/url_fake_rewrite
|
||||
%{_sbindir}/url_fake_rewrite.sh
|
||||
%if 0%{?suse_version}
|
||||
%{_sbindir}/rc%{name}
|
||||
%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
|
||||
%else
|
||||
%{_sysconfdir}/sysconfig/%{name}
|
||||
%endif
|
||||
%dir %{_libdir}/%{name}
|
||||
%{_libdir}/%{name}/cachemgr.cgi
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user