# # spec file for package squid # # Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define squidlibdir %{_libdir}/squid %define squidconfdir %{_sysconfdir}/squid Name: squid Version: 3.5.26 Release: 0 Summary: A fully featured HTTP/1.0 proxy License: GPL-2.0+ Group: Productivity/Networking/Web/Proxy Url: http://www.squid-cache.org Source0: http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz Source1: http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz.asc Source3: squid.init Source4: squid.sysconfig Source5: pam.squid Source6: unsquid.pl Source7: %{name}.logrotate Source9: %{name}.permissions Source10: README.kerberos Source11: %{name}.service Source13: %{name}.keyring Source14: squid.init.rh Source15: cache_dir.sed Source16: initialize_cache_if_needed.sh # do not show some rpmlint warnings Source99: squid-rpmlintrc # some useful defaults for squid Patch100: %{name}-config.patch # patch fixes kerberos principalname handling (http://bugs.squid-cache.org/show_bug.cgi?id=4042) Patch103: squid-brokenad.patch #patch fix SLE 11 target... BAD PATCH Patch104: squid-old-kerberos.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build # BuildRequires: autoconf # BuildRequires: automake # If you want to run unit tests, these also need mounted /dev/shm and /proc # BuildRequires: cppunit-devel BuildRequires: db-devel # needed by bootstrap.sh BuildRequires: cyrus-sasl-devel BuildRequires: ed BuildRequires: expat # BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: krb5-devel BuildRequires: libcap-devel BuildRequires: libexpat-devel %if 0%{?suse_version} <= 1140 BuildRequires: libtool %else BuildRequires: libtool >= 2.4 %endif %if 0%{?suse_version} < 1220 BuildRequires: libxml2-devel BuildRequires: xz %else BuildRequires: pkgconfig(libxml-2.0) %endif BuildRequires: openldap2-devel BuildRequires: opensp-devel BuildRequires: openssl-devel BuildRequires: pam-devel BuildRequires: pkgconfig BuildRequires: sharutils %if 0%{?suse_version} Requires(post): %fillup_prereq Requires(pre): %{_bindir}/getent %if 0%{?suse_version} < 1140 Requires(pre): permissions %else Requires(pre): permissions >= 2014.11 %endif Requires(pre): pwdutils %else Requires(pre): shadow-utils Requires(post): /sbin/chkconfig Requires(preun): /sbin/service /sbin/chkconfig Requires(postun): /sbin/service %endif %if 0%{?suse_version} > 1210 BuildRequires: systemd %{?systemd_requires} %define has_systemd 1 %else Requires(pre): %insserv_prereq %endif Requires: logrotate Provides: http_proxy # due to package rename # Wed Aug 15 17:40:30 UTC 2012 Provides: %{name}3 = %{version} Obsoletes: %{name}3 < %{version} %description Squid is a fully-featured HTTP/1.0 proxy which is almost (but not quite - we're getting there!) a fully-featured HTTP/1.1 proxy. Squid offers a rich access control, authorization and logging environment to develop web proxy and content serving applications. Squid offers a rich set of traffic optimization options, most of which are enabled by default for simpler installation and high performance. %prep %setup -q cp %{SOURCE10} . # upstream patches after RELEASE ##### other patches %patch100 perl -p -i -e 's|%{_prefix}/local/bin/perl|%{_bindir}/perl|' `find -name "*.pl"` chmod a-x CREDITS %patch103 %patch104 %build # autoreconf -fi export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF" export CXXFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF" export LDFLAGS="-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro,-z,now -pie" %configure \ --disable-strict-error-checking \ --sysconfdir=%{squidconfdir} \ --libexecdir=%{_sbindir} \ --datadir=%{_datadir}/squid \ --sharedstatedir=%{_localstatedir}/squid \ --with-logdir=%{_localstatedir}/log/squid \ %if 0%{?has_systemd} --with-pidfile=/run/squid.pid \ %else --with-pidfile=%{_localstatedir}/run/squid.pid \ %endif --with-dl \ %if 0%{?suse_version} <= 1140 --with-included-ltdl \ %endif --enable-disk-io \ --enable-storeio \ --enable-removal-policies=heap,lru \ --enable-icmp \ --enable-delay-pools \ --enable-esi \ --enable-icap-client \ --enable-useragent-log \ --enable-referer-log \ --enable-kill-parent-hack \ --enable-arp-acl \ --enable-ssl-crtd \ --with-openssl \ --enable-forw-via-db \ --enable-cache-digests \ --enable-linux-netfilter \ --with-large-files \ --enable-underscores \ --enable-auth \ --enable-auth-basic \ --enable-auth-ntlm \ --enable-auth-negotiate \ --enable-auth-digest \ --enable-external-acl-helpers=LDAP_group,eDirectory_userip,file_userip,kerberos_ldap_group,session,unix_group,wbinfo_group \ --enable-stacktraces \ --enable-x-accelerator-vary \ --with-default-user=%{name} \ --disable-ident-lookups \ --enable-follow-x-forwarded-for \ --disable-arch-native # overwrite the number of open filedescriptors of configure to 4096 # to be backward compatible, but numbers above should not be overwritten if [ `awk '/SQUID_MAXFD/{print $3}' include/autoconf.h` -lt 4096 ]; then set +x echo "adapting SQUID_MAXFD to 4096" set -x perl -pi -e 's;(\#define SQUID_MAXFD) [0-9]+;$1 4096;' include/autoconf.h fi make SAMBAPREFIX=/usr %{?_smp_mflags} %install %{_sbindir}/groupadd -g 31 -r %{name} 2>/dev/null || : %{_sbindir}/useradd -c "WWW-proxy squid" -d %{_localstatedir}/cache/%{name} \ -g %{name} -o -u 31 -r -s /bin/false 2> /dev/null || : install -d -m 750 %{buildroot}%{_localstatedir}/{cache,log}/%{name} install -d %{buildroot}%{_prefix}/sbin # make_install make install DESTDIR=%{buildroot} SAMBAPREFIX=/usr mv %{buildroot}{%{_sysconfdir}/%{name}/,%{_datadir}/%{name}/}mime.conf.default ln -s %{_sysconfdir}/%{name}/mime.conf %{buildroot}%{_datadir}/%{name} # backward compatible %if 0%{?suse_version} < 1140 # permissions file install -D -m 644 %{SOURCE9} %{buildroot}%{_sysconfdir}/permissions.d/%{name} %endif # install logrotate file install -D -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} install -d -m 755 doc/scripts install scripts/*.pl doc/scripts cat > doc/scripts/cachemgr.readme <<-EOT cachemgr.cgi will now be found in %{_libdir}/%{name} EOT install -d -m 755 %{buildroot}/%{_libdir}/%{name} mv %{buildroot}%{_sbindir}/cachemgr.cgi %{buildroot}/%{_libdir}/%{name} install -d -m 755 doc/contrib install %{SOURCE6} doc/contrib install -D -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pam.d/%{name} install -D -m 644 ./helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 %{buildroot}%{_mandir}/man8/ext_kerberos_ldap_group_acl.8 rm -rf %{buildroot}%{squidconfdir}/errors for i in errors/*; do if [ -d $i ]; then mkdir -p %{buildroot}%{_datadir}/%{name}/$i install -m 644 $i/* %{buildroot}%{_datadir}/%{name}/$i fi done ln -sf %{_datadir}/%{name}/errors/de %{buildroot}%{squidconfdir}/errors # fix file duplicates %if 0%{?suse_version} > 1030 %fdupes -s %{buildroot}%{_prefix} %endif %if 0%{?fedora_version} > 8 fdupes -q -n -r %{buildroot}%{_prefix} %endif # systemd vs SysVinit %if 0%{?has_systemd} install -D -m 644 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}.service install -D -m 755 %{SOURCE15} %{buildroot}%{squidlibdir}/cache_dir.sed install -D -m 755 %{SOURCE16} %{buildroot}%{squidlibdir}/initialize_cache_if_needed.sh sed -i -e 's!%%{_libdir}!%{_libdir}!' %{buildroot}%{_unitdir}/%{name}.service ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} %else # SysVinit # fix postrotate script for SysVinit sed -i -re 's@/usr/bin/systemctl.*@/etc/init.d/squid reload@g' %{buildroot}%{_sysconfdir}/logrotate.d/%{name} %if 0%{?suse_version} install -D %{SOURCE3} %{buildroot}%{_sysconfdir}/init.d/%{name} ln -sf %{_sysconfdir}/init.d/%{name} %{buildroot}%{_sbindir}/rc%{name} %else # lets just assume other are rh based ones... install -D %{SOURCE14} %{buildroot}%{_sysconfdir}/init.d/%{name} %endif %endif %if 0%{?suse_version} install -D -m644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name} %else install -D -m644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/%{name} %endif # Move the MIB definition to the proper place (and name) mkdir -p $RPM_BUILD_ROOT/usr/share/snmp/mibs mv $RPM_BUILD_ROOT/usr/share/squid/mib.txt \ $RPM_BUILD_ROOT/usr/share/snmp/mibs/SQUID-MIB.txt %pre # we need this group for /usr/sbin/pinger if [[ -z $(%{_bindir}/getent group %{name} 2>/dev/null) ]]; then %{_sbindir}/groupadd -g 31 -r %{name} 2>/dev/null fi # we need this group for squid (ntlmauth) # read access to /var/lib/samba/winbindd_privileged if [[ -z $(%{_bindir}/getent group winbind 2>/dev/null) ]]; then %{_sbindir}/groupadd -r winbind 2>/dev/null fi if [[ -z $(%{_bindir}/getent passwd squid 2>/dev/null) ]]; then %{_sbindir}/useradd -c "WWW-proxy squid" -d %{_localstatedir}/cache/%{name} \ -G winbind -g %{name} -o -u 31 -r -s /bin/false \ %{name} 2>/dev/null fi # if default group is not squid, change it if [[ "$(%{_bindir}/id -ng %{name} 2>/dev/null)" != "%{name}" ]]; then %{_sbindir}/usermod -g %{name} %{name} 2>/dev/null fi # if squid is not member of winbind, add him if [[ $(%{_bindir}/id -nG %{name} 2>/dev/null | grep -q winbind >/dev/null; echo $?) -ne 0 ]]; then %{_sbindir}/usermod -G winbind %{name} 2>/dev/null fi %if 0%{?has_systemd} %service_add_pre %{name}.service %endif # update mode? if [ "$1" -gt "1" ]; then if [ -e %{_sysconfdir}/%{name}.conf -a ! -L %{_sysconfdir}/%{name}.conf -a ! -e %{_sysconfdir}/%{name}/%{name}.conf ]; then echo "moving %{_sysconfdir}/%{name}.conf to %{_sysconfdir}/%{name}/%{name}.conf" mv %{_sysconfdir}/%{name}.conf %{_sysconfdir}/%{name}/%{name}.conf fi fi # emulate_httpd_log is gone with 3.2 not 3.5 ### rpmlint is complaining about modifying squid.conf #if [ -e etc/%{name}/%{name}.conf ]; then # sed -i '/emulate_httpd_log/d' /etc/%{name}/%{name}.conf #fi %pretrans -p -- Directory to symlink is not working in RPM so workaround it -- Occurs when updating from 3.4 to 3.5 error_dir="%{_datadir}/%{name}/errors/" bad_ones={"zh-cn","zh-tw"} print("cleaning up old directories") for i,f in pairs(bad_ones) do pstat = posix.stat(error_dir..f) if pstat and pstat.type == "directory" then print ("moving away "..error_dir..f.." to "..error_dir..f .. ".rpmmoved") --posix.rmdir(error_dir..f) os.rename(error_dir..f, error_dir..f .. ".rpmmoved") end end %post %if 0%{?suse_version} >= 1140 %if 0%{?set_permissions:1} %set_permissions %{_sbindir}/basic_pam_auth %set_permissions %{_sbindir}/pinger %set_permissions %{_localstatedir}/cache/squid/ %set_permissions %{_localstatedir}/log/squid/ %else %run_permissions %endif %endif %if 0%{?has_systemd} %service_add_post squid.service %else %if 0%{?suse_version} %{fillup_and_insserv -n "squid"} %else /sbin/chkconfig --add squid %endif %endif %preun %if 0%{?has_systemd} %service_del_preun squid.service %else %if 0%{?suse_version} %stop_on_removal squid %else if [ $1 = 0 ] ; then service squid stop >/dev/null 2>&1 rm -f /var/log/squid/* /sbin/chkconfig --del squid fi %endif %endif %if 0%{?suse_version} %verifyscript %verify_permissions -e %{_sbindir}/basic_pam_auth %verify_permissions -e %{_sbindir}/pinger %verify_permissions -e %{_localstatedir}/cache/squid/ %verify_permissions -e %{_localstatedir}/log/squid/ %endif %postun %if 0%{?has_systemd} %service_del_postun squid.service %else %if 0%{?suse_version} %restart_on_update squid %insserv_cleanup %else if [ "$1" -ge "1" ] ; then service squid condrestart >/dev/null 2>&1 fi %endif %endif %files %defattr(-,root,root) %doc ChangeLog CONTRIBUTORS COPYING CREDITS %doc QUICKSTART README RELEASENOTES.html SPONSORS* %doc README.kerberos %doc doc/contrib doc/scripts %doc doc/debug-sections.txt src/%{name}.conf.default %doc %{_mandir}/man?/* %if 0%{?has_systemd} %{_unitdir}/%{name}.service %{squidlibdir}/initialize_cache_if_needed.sh %{squidlibdir}/cache_dir.sed %else %{_sysconfdir}/init.d/%{name} %endif %verify(not user group mode) %attr(750,%{name},root) %dir %{_localstatedir}/cache/%{name}/ %verify(not user group mode) %attr(750,%{name},root) %dir %{_localstatedir}/log/%{name}/ %dir %{squidconfdir} %config(noreplace) %{squidconfdir}/cachemgr.conf %config(noreplace) %{squidconfdir}/errorpage.css %config(noreplace) %{squidconfdir}/errors %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %config(noreplace) %{squidconfdir}/mime.conf %config(noreplace) %{squidconfdir}/%{name}.conf %config %{squidconfdir}/cachemgr.conf.default %config %{squidconfdir}/errorpage.css.default %config %{squidconfdir}/%{name}.conf.default %config %{squidconfdir}/%{name}.conf.documented %config %{_sysconfdir}/pam.d/%{name} %if 0%{?suse_version} < 1140 %config %{_sysconfdir}/permissions.d/%{name} %endif %dir %{_datadir}/%{name} %dir %{_datadir}/snmp %dir %{_datadir}/snmp/mibs %{_datadir}/%{name}/errors %{_datadir}/%{name}/icons %{_datadir}/%{name}/mime.conf %{_datadir}/%{name}/mime.conf.default %{_datadir}/snmp/mibs/SQUID-MIB.txt %{_bindir}/purge %{_bindir}/squidclient %{_sbindir}/basic_db_auth %{_sbindir}/basic_fake_auth %{_sbindir}/basic_getpwnam_auth %{_sbindir}/basic_ldap_auth %{_sbindir}/digest_edirectory_auth ## will get removed in 3.6 series # http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html#toc2.8 %{_sbindir}/basic_msnt_multi_domain_auth ## %{_sbindir}/basic_ncsa_auth %{_sbindir}/basic_nis_auth %if 0%{?suse_version} < 1140 %{_sbindir}/basic_pam_auth %else %verify(not mode) %attr(2750,root,shadow) %{_sbindir}/basic_pam_auth %endif %{_sbindir}/basic_pop3_auth %{_sbindir}/basic_radius_auth %{_sbindir}/basic_sasl_auth %{_sbindir}/basic_smb_auth %{_sbindir}/basic_smb_auth.sh ## basic_msnt_auth has been deprecated and renamed to # http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html#toc2.8 %{_sbindir}/basic_smb_lm_auth ## %{_sbindir}/cert_tool %{_sbindir}/cert_valid.pl %{_sbindir}/digest_file_auth %{_sbindir}/digest_ldap_auth %{_sbindir}/diskd %{_sbindir}/ext_edirectory_userip_acl %{_sbindir}/ext_file_userip_acl %{_sbindir}/ext_kerberos_ldap_group_acl %{_sbindir}/ext_ldap_group_acl %{_sbindir}/ext_session_acl %{_sbindir}/ext_unix_group_acl %{_sbindir}/ext_wbinfo_group_acl %{_sbindir}/helper-mux.pl %{_sbindir}/log_db_daemon %{_sbindir}/log_file_daemon %{_sbindir}/negotiate_kerberos_auth %{_sbindir}/negotiate_kerberos_auth_test %{_sbindir}/negotiate_wrapper_auth %{_sbindir}/ntlm_fake_auth %{_sbindir}/ntlm_smb_lm_auth # not working %%caps(cap_net_raw=ep) %if 0%{?suse_version} < 1140 %attr(0750,root,squid) %{_sbindir}/pinger %else %verify(not user group mode caps) %attr(0750,root,squid) %{_sbindir}/pinger %endif %{_sbindir}/%{name} %{_sbindir}/ssl_crtd %{_sbindir}/storeid_file_rewrite %{_sbindir}/unlinkd %{_sbindir}/url_fake_rewrite %{_sbindir}/url_fake_rewrite.sh %if 0%{?suse_version} %{_sbindir}/rc%{name} %{_localstatedir}/adm/fillup-templates/sysconfig.%{name} %else %{_sysconfdir}/sysconfig/%{name} %endif %dir %{_libdir}/%{name} %{_libdir}/%{name}/cachemgr.cgi %changelog