# # spec file for package squid # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define squidlibdir %{_libdir}/squid %define squidconfdir /etc/squid Name: squid Summary: Squid Version 3.2 WWW Proxy Server License: GPL-2.0+ Group: Productivity/Networking/Web/Proxy Version: 3.2.11 Release: 0 Url: http://www.squid-cache.org/Versions/v3/3.2 Source0: http://www.squid-cache.org/Versions/v3/3.2/%{name}-%{version}.tar.bz2 Source1: %{name}-%{version}.tar.bz2.asc Source2: RELEASENOTES.html Source3: squid.init Source4: squid.sysconfig Source5: pam.squid Source6: unsquid.pl Source7: %{name}.logrotate Source9: %{name}.permissions Source10: README.kerberos Source11: %{name}.service Source13: %{name}.keyring # # the following patches are downloaded directly from the webserver # don't change the names for easier identification # # please read every file if there is interest about what the patch changes # or just visit: http://www.squid-cache.org/Versions/v3/3.2/changesets/ # # # Upstream patch # Patch0: # do not show some rpmlint warnings Source99: rpmlintrc # some useful defaults for squid Patch100: %{name}-config.patch # make build compare happy - remove build dates Patch101: %{name}-nobuilddates.patch ## File is compiled without RPM_OPT_FLAGS # squid3 no-rpm-opt-flags :./cf_gen.cc Patch102: %{name}-compiled_without_RPM_OPT_FLAGS.patch # Upstream notified of this problem by mageia guys Patch103: %{name}-fix-pod2man-check.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: %fillup_prereq PreReq: %insserv_prereq PreReq: /usr/bin/getent PreReq: permissions PreReq: pwdutils BuildRequires: db-devel # needed by bootstrap.sh BuildRequires: cyrus-sasl-devel BuildRequires: ed BuildRequires: expat BuildRequires: gcc-c++ BuildRequires: gpg-offline BuildRequires: libcap-devel BuildRequires: libexpat-devel BuildRequires: libtool BuildRequires: openldap2-devel BuildRequires: opensp-devel BuildRequires: openssl-devel BuildRequires: pam-devel BuildRequires: pkgconfig BuildRequires: sharutils # %if 0%{?sles_version} == 9 BuildRequires: heimdal-devel %else BuildRequires: krb5-devel %endif # %if 0%{?suse_version} > 1030 || 0%{?fedora_version} > 8 BuildRequires: fdupes %endif # %if 0%{?suse_version} >= 1130 BuildRequires: pkgconfig(libxml-2.0) %else BuildRequires: libxml2-devel %endif %if 0%{?suse_version} > 1140 BuildRequires: systemd %{?systemd_requires} %define has_systemd 1 %endif Requires: logrotate Requires: sed Provides: http_proxy # due to package rename # Wed Aug 15 17:40:30 UTC 2012 Provides: %{name}3 = %{version} Obsoletes: %{name}3 < %{version} %description Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. Squid 3.2 represents a new feature release above 3.1. The most important of these new features are: * CVE-2009-0801 : NAT interception vulnerability to malicious clients. * NCSA helper DES algorithm password limits * SMP scalability * Helper Multiplexer and On-Demand * Helper Name Changes * Multi-Lingual manuals * Solaris 10 pthreads Support * Surrogate/1.0 protocol extensions to HTTP * Logging Infrastructure Updated * Client Bandwidth Limits * Better eCAP support * Cache Manager access changes First STABLE release Date: 02 Aug 2010 Latest Release: 3.2.9 Latest Release Date: 12 Mar 2013 %prep %gpg_verify %{S:1} %setup -q -n %{name}-%{version} cp %{S:10} . # upstream patches after RELEASE # ##### other patches %patch100 perl -p -i -e 's|/usr/local/bin/perl|/usr/bin/perl|' `find -name "*.pl"` chmod a-x CREDITS %patch101 %patch102 %patch103 -p1 %build export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF" export CXXFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF" export LDFLAGS='-Wl,-z,relro,-z,now -pie' ./configure --prefix=/usr \ --sysconfdir=%{squidconfdir} \ --bindir=/usr/sbin \ --sbindir=/usr/sbin \ --localstatedir=/var \ --libexecdir=/usr/sbin \ --datadir=/usr/share/squid \ --mandir=%{_mandir} \ --libdir=%{_libdir} \ --sharedstatedir=/var/squid \ --with-logdir=/var/log/squid \ --with-pidfile=/var/run/squid.pid \ --with-dl \ --enable-disk-io \ --enable-storeio \ --enable-removal-policies=heap,lru \ --enable-icmp \ --enable-delay-pools \ --enable-esi \ --enable-icap-client \ --enable-useragent-log \ --enable-referer-log \ --enable-kill-parent-hack \ --enable-arp-acl \ --enable-ssl \ --enable-forw-via-db \ --enable-cache-digests \ --enable-linux-netfilter \ --with-large-files \ --enable-underscores \ --enable-auth \ --enable-auth-basic \ --enable-auth-ntlm \ --enable-auth-negotiate \ --enable-auth-digest \ --enable-external-acl-helpers=LDAP_group,eDirectory_userip,file_userip,kerberos_ldap_group,session,unix_group,wbinfo_group \ --enable-ntlm-fail-open \ --enable-stacktraces \ --enable-x-accelerator-vary \ --with-default-user=%{name} \ --disable-ident-lookups \ --enable-follow-x-forwarded-for # overwrite the number of open filedescriptors of configure to 4096 # to be backward compatible, but numbers above should not be overwritten if [ `awk '/SQUID_MAXFD/{print $3}' include/autoconf.h` -lt 4096 ]; then set +x echo "adapting SQUID_MAXFD to 4096" set -x perl -pi -e 's;(\#define SQUID_MAXFD) [0-9]+;$1 4096;' include/autoconf.h fi make SAMBAPREFIX=/usr %{?_smp_mflags} %install /usr/sbin/useradd -r -o -g nogroup -u 31 -s /bin/false -c "WWW-proxy squid" \ -d /var/cache/%{name} %{name} 2> /dev/null || : install -d %{buildroot}%{_localstatedir}/{cache,log}/%{name} chmod 750 %{buildroot}%{_localstatedir}/{cache,log}/%{name} install -d %{buildroot}%{_prefix}/sbin make install DESTDIR=%{buildroot} SAMBAPREFIX=/usr mv %{buildroot}{/etc/%{name}/,/usr/share/%{name}/}mime.conf.default ln -s /etc/%{name}/mime.conf %{buildroot}%{_datadir}/%{name} # backward compatible install -d -m 755 %{buildroot}%{_sysconfdir}/permissions.d install -m 644 %{SOURCE9} %{buildroot}%{_sysconfdir}/permissions.d/%{name} install -d -m 755 %{buildroot}%{_sysconfdir}/logrotate.d install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} install -D %{SOURCE3} %{buildroot}%{_sysconfdir}/init.d/%{name} ln -sf %{_sysconfdir}/init.d/%{name} %{buildroot}%{_sbindir}/rcsquid install -D -m644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name} install -d -m 755 doc/scripts install scripts/*.pl doc/scripts cat > doc/scripts/cachemgr.readme <<-EOT cachemgr.cgi will now be found in %{_libdir}/%{name} EOT install -d -m 755 %{buildroot}/%{_libdir}/%{name} mv %{buildroot}%{_sbindir}/cachemgr.cgi %{buildroot}/%{_libdir}/%{name} install -d -m 755 doc/contrib install %{SOURCE6} doc/contrib install -D -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pam.d/%{name} rm -rf %{buildroot}%{squidconfdir}/errors for i in errors/*; do if [ -d $i ]; then mkdir -p %{buildroot}%{_datadir}/%{name}/$i install -m 644 $i/* %{buildroot}%{_datadir}/%{name}/$i fi done ln -sf /usr/share/%{name}/errors/de %{buildroot}%{squidconfdir}/errors # fix file duplicates %if 0%{?suse_version} > 1030 %fdupes -s %{buildroot}%{_prefix} %endif %if 0%{?fedora_version} > 8 fdupes -q -n -r %{buildroot}%{_prefix} %endif %if 0%{?has_systemd} install -D -m 644 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}.service %endif %pre # we need this group for squid (ntlmauth) # read access to /var/lib/samba/winbindd_privileged if [ -z "`%{_bindir}/getent group winbind 2>/dev/null`" ]; then %{_sbindir}/groupadd -r winbind 2>/dev/null fi if [ -z "`%{_bindir}/getent passwd squid 2>/dev/null`" ]; then %{_sbindir}/useradd -c "WWW-proxy squid" -d /var/cache/%{name} \ -G winbind -g nogroup -o -u 31 -r -s /bin/false \ %{name} 2>/dev/null fi # if squid is not member of winbind, add him if [ `%{_bindir}/id -nG %{name} 2>/dev/null | grep -q winbind >/dev/null; echo $?` -ne 0 ]; then %{_sbindir}/groupmod -A %{name} winbind 2>/dev/null fi %if 0%{?has_systemd} %service_add_pre %{name}.service %endif %post %if 0%{?sles_version} == 10 sed -i -e "s,\(^%{_sbindir}/pam_auth.*\)\(2755\),\14755," /etc/permissions.secure %endif %if 0%{?suse_version} >= 1140 %set_permissions %{_localstatedir}/cache/%{name} %set_permissions %{_localstatedir}/log/%{name} %endif # update mode? if [ "$1" -gt "1" ]; then if [ -e etc/%{name}.conf -a ! -L etc/%{name}.conf -a ! -e etc/%{name}/%{name}.conf ]; then echo "moving /etc/%{name}.conf to /etc/%{name}/%{name}.conf" mv etc/%{name}.conf etc/%{name}/%{name}.conf fi fi %{fillup_and_insserv -n "squid"} %if 0%{?has_systemd} %service_add_post squid.service %endif %preun %stop_on_removal squid %if 0%{?has_systemd} %service_del_preun squid.service %endif %postun %if 0%{?has_systemd} %service_del_postun squid.service %endif %restart_on_update squid %insserv_cleanup %verifyscript %verify_permissions -e /usr/sbin/pam_auth %clean rm -rf %{buildroot} %files %defattr(-,root,root) %doc CONTRIBUTORS COPYING COPYRIGHT CREDITS ChangeLog %doc QUICKSTART README RELEASENOTES.html SPONSORS* %doc README.kerberos %doc doc/contrib doc/scripts %doc doc/debug-sections.txt src/%{name}.conf.default %doc %{_mandir}/man?/* %if 0%{?has_systemd} %{_unitdir}/%{name}.service %endif %attr(750,%{name},root) %dir %{_localstatedir}/cache/%{name}/ %attr(750,%{name},root) %dir %{_localstatedir}/log/%{name}/ %dir %{squidconfdir} %config(noreplace) %{squidconfdir}/cachemgr.conf %config(noreplace) %{squidconfdir}/errorpage.css %config(noreplace) %{squidconfdir}/errors %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %config(noreplace) %{squidconfdir}/mime.conf %config(noreplace) %{squidconfdir}/msntauth.conf %config(noreplace) %{squidconfdir}/%{name}.conf %config %{squidconfdir}/cachemgr.conf.default %config %{squidconfdir}/errorpage.css.default %config %{squidconfdir}/msntauth.conf.default %config %{squidconfdir}/%{name}.conf.default %config %{squidconfdir}/%{name}.conf.documented %config %{_sysconfdir}/pam.d/%{name} %config %{_sysconfdir}/init.d/%{name} %config %{_sysconfdir}/permissions.d/%{name} %dir %{_datadir}/%{name} %{_datadir}/%{name}/errors %{_datadir}/%{name}/icons %config %{_datadir}/%{name}/mib.txt %{_datadir}/%{name}/mime.conf %{_datadir}/%{name}/mime.conf.default %{_sbindir}/basic_db_auth %{_sbindir}/basic_fake_auth %{_sbindir}/basic_getpwnam_auth %{_sbindir}/basic_ldap_auth %{_sbindir}/basic_msnt_auth %{_sbindir}/basic_msnt_multi_domain_auth %{_sbindir}/basic_ncsa_auth %{_sbindir}/basic_nis_auth #verify(not mode) %attr(4755,root,shadow) %{_sbindir}/basic_pam_auth %{_sbindir}/basic_pam_auth %{_sbindir}/basic_pop3_auth %{_sbindir}/basic_radius_auth %{_sbindir}/basic_sasl_auth %{_sbindir}/basic_smb_auth %{_sbindir}/basic_smb_auth.sh %{_sbindir}/cert_tool %{_sbindir}/digest_edirectory_auth %{_sbindir}/digest_file_auth %{_sbindir}/digest_ldap_auth %{_sbindir}/diskd %{_sbindir}/ext_edirectory_userip_acl %{_sbindir}/ext_file_userip_acl %{_sbindir}/ext_kerberos_ldap_group_acl %{_sbindir}/ext_ldap_group_acl %{_sbindir}/ext_unix_group_acl %{_sbindir}/ext_wbinfo_group_acl %{_sbindir}/helper-mux.pl %{_sbindir}/log_file_daemon %{_sbindir}/negotiate_kerberos_auth %{_sbindir}/negotiate_kerberos_auth_test %{_sbindir}/negotiate_wrapper_auth %{_sbindir}/ntlm_fake_auth %{_sbindir}/ntlm_smb_lm_auth %{_sbindir}/pinger %{_sbindir}/purge %{_sbindir}/rc%{name} %{_sbindir}/%{name} %{_sbindir}/squidclient %{_sbindir}/unlinkd %{_sbindir}/url_fake_rewrite %{_sbindir}/url_fake_rewrite.sh %{_localstatedir}/adm/fillup-templates/sysconfig.%{name} %dir %{_libdir}/%{name} %{_libdir}/%{name}/cachemgr.cgi %changelog