# # spec file for package squid # # Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # %define squidlibexecdir %{_libexecdir}/squid %define squidconfdir %{_sysconfdir}/squid %if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150300 %define squidhelperdir %{squidlibexecdir} %else %define squidhelperdir %{_sbindir} %endif Name: squid Version: 5.7 Release: 0 Summary: Caching and forwarding HTTP web proxy License: GPL-2.0-or-later Group: Productivity/Networking/Web/Proxy URL: http://www.squid-cache.org Source0: http://www.squid-cache.org/Versions/v5/squid-%{version}.tar.xz Source1: http://www.squid-cache.org/Versions/v5/squid-%{version}.tar.xz.asc Source5: pam.squid Source6: unsquid.pl Source7: %{name}.logrotate Source9: %{name}.permissions Source10: README.kerberos Source11: %{name}.service Source12: %{name}-user.conf # http://lists.squid-cache.org/pipermail/squid-announce/2016-October/000064.html Source13: http://www.squid-cache.org/pgp.asc#/squid.keyring Source15: cache_dir.sed Source16: initialize_cache_if_needed.sh Source17: tmpfilesdir.squid.conf Patch1: missing_installs.patch Patch2: old_nettle_compat.patch Patch3: harden_squid.service.patch BuildRequires: cppunit-devel BuildRequires: expat BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: libcap-devel BuildRequires: libtool BuildRequires: openldap2-devel BuildRequires: openssl-devel BuildRequires: pam-devel BuildRequires: pkgconfig BuildRequires: samba-winbind BuildRequires: sharutils BuildRequires: pkgconfig(expat) BuildRequires: pkgconfig(gssrpc) BuildRequires: pkgconfig(krb5) BuildRequires: pkgconfig(libsasl2) BuildRequires: pkgconfig(libxml-2.0) BuildRequires: pkgconfig(nettle) BuildRequires: pkgconfig(tdb) Requires(pre): permissions Recommends: logrotate Provides: http_proxy %{?systemd_ordering} %if 0%{?suse_version} <= 1500 # due to package rename # Wed Aug 15 17:40:30 UTC 2012 # remove this after SLE15 Provides: %{name}3 = %{version} Obsoletes: %{name}3 < %{version} %endif %if 0%{?suse_version} >= 1500 BuildRequires: sysuser-shadow BuildRequires: sysuser-tools %sysusers_requires %else Requires(pre): shadow %endif %if 0%{?suse_version} >= 1330 BuildRequires: libnsl-devel %endif %description Squid is a caching proxy for the Web supporting HTTP(S), FTP, and some others. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and can also be used as a server accelerator. %prep %setup -q cp %{SOURCE10} . %patch3 -p1 # upstream patches after RELEASE perl -p -i -e 's|%{_prefix}/local/bin/perl|%{_bindir}/perl|' `find -name "*.pl"` %patch1 -p1 %if 0%{?suse_version} < 1500 %patch2 -p1 %endif %build %define _lto_cflags %{nil} autoreconf -fi cd libltdl; autoreconf -fi; cd .. export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF" export CXXFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF" export LDFLAGS="-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro,-z,now -pie" %configure \ --disable-strict-error-checking \ --sysconfdir=%{squidconfdir} \ --libexecdir=%{squidhelperdir} \ --datadir=%{_datadir}/squid \ --sharedstatedir=%{_localstatedir}/squid \ --with-logdir=%{_localstatedir}/log/squid \ --with-pidfile=%{_rundir}/%{name}/squid.pid \ --with-dl \ --enable-disk-io \ --enable-storeio \ --enable-removal-policies=heap,lru \ --enable-icmp \ --enable-delay-pools \ --enable-esi \ --enable-icap-client \ --enable-useragent-log \ --enable-referer-log \ --enable-kill-parent-hack \ --enable-arp-acl \ --enable-ssl-crtd \ --with-openssl \ --enable-forw-via-db \ --enable-cache-digests \ --enable-linux-netfilter \ --with-large-files \ --enable-underscores \ --enable-auth \ --enable-auth-basic="SMB_LM,DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB" \ --enable-auth-ntlm="SMB_LM,fake" \ --enable-auth-negotiate \ --enable-auth-digest \ --enable-external-acl-helpers=LDAP_group,eDirectory_userip,file_userip,kerberos_ldap_group,session,unix_group,wbinfo_group,time_quota \ --enable-stacktraces \ --enable-x-accelerator-vary \ --with-default-user=%{name} \ --disable-ident-lookups \ --enable-follow-x-forwarded-for \ --disable-arch-native \ --enable-security-cert-generators \ --enable-security-cert-validators #make -O SAMBAPREFIX=%{_prefix} %{?_smp_mflags} mkdir src/icmp/tests mkdir tools/squidclient/tests mkdir tools/sysvinit/tests tools/tests make %{?_smp_mflags} %if 0%{?suse_version} >= 1500 %sysusers_generate_pre %{SOURCE12} squid %endif %install install -d -m 750 %{buildroot}%{_localstatedir}/{cache,log}/%{name} install -d %{buildroot}%{_sbindir} # make_install %make_install SAMBAPREFIX=%{_prefix} mv %{buildroot}{%{_sysconfdir}/%{name}/,%{_datadir}/%{name}/}mime.conf.default ln -s %{_sysconfdir}/%{name}/mime.conf %{buildroot}%{_datadir}/%{name} # backward compatible # install logrotate file %if 0%{?suse_version} > 1500 mkdir -p %{buildroot}%{_distconfdir}/logrotate.d install -Dpm 644 %{SOURCE7} \ %{buildroot}%{_distconfdir}/logrotate.d/%{name} %else install -Dpm 644 %{SOURCE7} \ %{buildroot}%{_sysconfdir}/logrotate.d/%{name} %endif install -d -m 755 doc/scripts install scripts/*.pl doc/scripts cat > doc/scripts/cachemgr.readme <<-EOT %if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150300 cachemgr.cgi will now be found in %{squidhelperdir} %else cachemgr.cgi will now be found in %{_libdir}/%{name} %endif EOT %if 0%{?suse_version} <= 1500 && 0%{?sle_version} < 150300 install -dpm 755 %{buildroot}/%{_libdir}/%{name} mv %{buildroot}%{_sbindir}/cachemgr.cgi %{buildroot}/%{_libdir}/%{name} %endif install -dpm 755 doc/contrib install %{SOURCE6} doc/contrib install -Dpm 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pam.d/%{name} rm -rf %{buildroot}%{squidconfdir}/errors for i in errors/*; do if [ -d $i ]; then mkdir -p %{buildroot}%{_datadir}/%{name}/$i install -m 644 $i/* %{buildroot}%{_datadir}/%{name}/$i fi done ln -sf %{_datadir}/%{name}/errors/en %{buildroot}%{squidconfdir}/errors # systemd install -D -m 644 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}.service install -D -m 755 %{SOURCE15} %{buildroot}%{squidlibexecdir}/cache_dir.sed install -D -m 755 %{SOURCE16} %{buildroot}%{squidlibexecdir}/initialize_cache_if_needed.sh sed -i -e 's!%%{_libexecdir}!%{_libexecdir}!' %{buildroot}%{_unitdir}/%{name}.service ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} # needed for smp support (bsc#1112695, bsc#1112066) mkdir -p %{buildroot}%{_tmpfilesdir} install -D -m 644 %{SOURCE17} %{buildroot}%{_tmpfilesdir}/squid.conf # Move the MIB definition to the proper place (and name) mkdir -p %{buildroot}%{_datadir}/snmp/mibs mv %{buildroot}%{_datadir}/squid/mib.txt \ %{buildroot}%{_datadir}/snmp/mibs/SQUID-MIB.txt %if 0%{?suse_version} >= 1500 # Install sysusers file. mkdir -p %{buildroot}%{_sysusersdir} install -m 644 %{SOURCE12} %{buildroot}%{_sysusersdir}/ %endif %check # Fails in chroot environment make check %{?_smp_mflags} %pretrans -p <lua> -- Remove symlink that is has become a directory path = "%_datadir/squid/errors/es-mx" st = posix.stat(path) if st and st.type == "link" then os.remove(path) end %if 0%{?suse_version} >= 1500 %pre -f squid.pre %else %pre # we need this group for /usr/sbin/pinger getent group %{name} >/dev/null || %{_sbindir}/groupadd -g 31 -r %{name} # we need this group for squid (ntlmauth) # read access to /var/lib/samba/winbindd_privileged getent group winbind >/dev/null || %{_sbindir}/groupadd -r winbind getent passwd squid >/dev/null || \ %{_sbindir}/useradd -c "WWW-proxy squid" -d %{_localstatedir}/cache/%{name} \ -G winbind -g %{name} -o -u 31 -r -s /bin/false \ %{name} # if default group is not squid, change it if [ "$(%{_bindir}/id -ng %{name} 2>/dev/null)" != "%{name}" ]; then %{_sbindir}/usermod -g %{name} %{name} fi # if squid is not member of winbind, add him if [ $(%{_bindir}/id -nG %{name} 2>/dev/null | grep -q winbind; echo $?) -ne 0 ]; then %{_sbindir}/usermod -G winbind %{name} fi %endif %service_add_pre %{name}.service # update mode? if [ "$1" -gt "1" ]; then if [ -e %{_sysconfdir}/%{name}.conf -a ! -L %{_sysconfdir}/%{name}.conf -a ! -e %{_sysconfdir}/%{name}/%{name}.conf ]; then echo "moving %{_sysconfdir}/%{name}.conf to %{_sysconfdir}/%{name}/%{name}.conf" mv %{_sysconfdir}/%{name}.conf %{_sysconfdir}/%{name}/%{name}.conf fi fi %post %set_permissions %{squidhelperdir}/pinger %set_permissions %{_localstatedir}/cache/squid/ %set_permissions %{_localstatedir}/log/squid/ %tmpfiles_create %{_tmpfilesdir}/squid.conf %service_add_post squid.service %preun %service_del_preun squid.service %verifyscript %verify_permissions -e %{squidhelperdir}/pinger %verify_permissions -e %{_localstatedir}/cache/squid/ %verify_permissions -e %{_localstatedir}/log/squid/ %postun %service_del_postun squid.service %files %ghost %dir %{_rundir}/%{name} %license COPYING %doc ChangeLog CONTRIBUTORS CREDITS %doc QUICKSTART README RELEASENOTES.html SPONSORS* %doc README.kerberos %doc doc/contrib doc/scripts %doc doc/debug-sections.txt src/%{name}.conf.default %{_mandir}/man?/* %{_unitdir}/%{name}.service %{squidlibexecdir}/initialize_cache_if_needed.sh %{squidlibexecdir}/cache_dir.sed %verify(not user group mode) %attr(750,%{name},root) %dir %{_localstatedir}/cache/%{name}/ %verify(not user group mode) %attr(750,%{name},root) %dir %{_localstatedir}/log/%{name}/ %dir %{squidconfdir} %dir %{_tmpfilesdir} %dir %{_libexecdir}/%{name} %{_tmpfilesdir}/squid.conf %if 0%{?suse_version} >= 1500 %{_sysusersdir}/squid-user.conf %endif %config(noreplace) %{squidconfdir}/cachemgr.conf %config(noreplace) %{squidconfdir}/errorpage.css %config(noreplace) %{squidconfdir}/errors %if 0%{?suse_version} > 1500 %{_distconfdir}/logrotate.d/%{name} %else %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %endif %config(noreplace) %{squidconfdir}/mime.conf %config(noreplace) %{squidconfdir}/%{name}.conf %config %{squidconfdir}/cachemgr.conf.default %config %{squidconfdir}/errorpage.css.default %config %{squidconfdir}/%{name}.conf.default %config %{squidconfdir}/%{name}.conf.documented %config %{_sysconfdir}/pam.d/%{name} %dir %{_datadir}/%{name} %dir %{_datadir}/snmp %dir %{_datadir}/snmp/mibs %{_datadir}/%{name}/errors %{_datadir}/%{name}/icons %{_datadir}/%{name}/mime.conf %{_datadir}/%{name}/mime.conf.default %{_datadir}/snmp/mibs/SQUID-MIB.txt %{_bindir}/purge %{_bindir}/squidclient %{squidhelperdir}/basic_db_auth %{squidhelperdir}/basic_fake_auth %{squidhelperdir}/basic_getpwnam_auth %{squidhelperdir}/basic_ldap_auth %{squidhelperdir}/digest_edirectory_auth %{squidhelperdir}/basic_ncsa_auth %{squidhelperdir}/basic_nis_auth %{squidhelperdir}/basic_pam_auth %{squidhelperdir}/basic_pop3_auth %{squidhelperdir}/basic_radius_auth %{squidhelperdir}/basic_sasl_auth %{squidhelperdir}/basic_smb_auth %{squidhelperdir}/basic_smb_auth.sh %{squidhelperdir}/basic_smb_lm_auth %{squidhelperdir}/cert_tool %{squidhelperdir}/digest_file_auth %{squidhelperdir}/digest_ldap_auth %{squidhelperdir}/diskd %{squidhelperdir}/ext_edirectory_userip_acl %{squidhelperdir}/ext_file_userip_acl %{squidhelperdir}/ext_kerberos_ldap_group_acl %{squidhelperdir}/ext_ldap_group_acl %{squidhelperdir}/ext_session_acl %{squidhelperdir}/ext_unix_group_acl %{squidhelperdir}/ext_wbinfo_group_acl %{squidhelperdir}/helper-mux %{squidhelperdir}/log_db_daemon %{squidhelperdir}/log_file_daemon %{squidhelperdir}/negotiate_kerberos_auth %{squidhelperdir}/negotiate_kerberos_auth_test %{squidhelperdir}/negotiate_wrapper_auth %{squidhelperdir}/ntlm_fake_auth %{squidhelperdir}/ntlm_smb_lm_auth %{squidhelperdir}/pinger %{squidhelperdir}/security_fake_certverify %{squidhelperdir}/security_file_certgen %{squidhelperdir}/storeid_file_rewrite %{squidhelperdir}/unlinkd %{squidhelperdir}/url_fake_rewrite %{squidhelperdir}/url_fake_rewrite.sh %{squidhelperdir}/url_lfs_rewrite %{squidhelperdir}/ext_time_quota_acl %{_sbindir}/squid %{_sbindir}/rcsquid %if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150300 %dir %{squidhelperdir} %{squidhelperdir}/cachemgr.cgi %else %dir %{_libdir}/%{name} %{_libdir}/%{name}/cachemgr.cgi %endif %changelog