varnish/varnish.spec

190 lines
5.9 KiB
RPMSpec
Raw Normal View History

#
# spec file for package varnish
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define library_name libvarnishapi3
%define pkg_home %_localstatedir/lib/%name
%define pkg_logdir %_localstatedir/log/%name
%define pkg_cachedir %_localstatedir/cache/%name
#Compat macro for new _fillupdir macro introduced in Nov 2017
%if !0%{?_fillupdir:1}
%define _fillupdir %_localstatedir/adm/fillup-templates
%endif
Name: varnish
Accepting request 1130176 from home:dirkmueller:Factory - update to 7.4.2 (bsc#1216123, CVE-2023-44487): * The ``vcl_req_reset`` feature (controllable through the ``feature`` parameter, see `varnishd(1)`) has been added and enabled by default to terminate client side VCL processing early when the client is gone. *req_reset* events trigger a VCL failure and are reported to `vsl(7)` as ``Timestamp: Reset`` and accounted to ``main.req_reset`` in `vsc` as visible through ``varnishstat(1)``. In particular, this feature is used to reduce resource consumption of HTTP/2 "rapid reset" attacks (see below). Note that *req_reset* events may lead to client tasks for which no VCL is called ever. Presumably, this is thus the first time that valid `vcl(7)` client transactions may not contain any ``VCL_call`` records. * Added mitigation options and visibility for HTTP/2 "rapid reset" attacks Global rate limit controls have been added as parameters, which can be overridden per HTTP/2 session from VCL using the new vmod ``h2``: * The ``h2_rapid_reset`` parameter and ``h2.rapid_reset()`` function define a threshold duration for an ``RST_STREAM`` to be classified as "rapid": If an ``RST_STREAM`` frame is parsed sooner than this duration after a ``HEADERS`` frame, it is accounted against the rate limit described below. * The ``h2_rapid_reset_limit`` parameter and ``h2.rapid_reset_limit()`` function define how many "rapid" resets may be received during the time span defined by the ``h2_rapid_reset_period`` parameter / ``h2.rapid_reset_period()`` function before the HTTP/2 connection is forcibly closed with a ``GOAWAY`` and all ongoing VCL client tasks of the connection are aborted. OBS-URL: https://build.opensuse.org/request/show/1130176 OBS-URL: https://build.opensuse.org/package/show/server:http/varnish?expand=0&rev=125
2023-12-01 11:53:55 +01:00
Version: 7.4.2
Release: 0
Summary: Accelerator for HTTP services
License: BSD-2-Clause
Group: Productivity/Networking/Web/Proxy
URL: https://varnish-cache.org/
#Git-Web: https://github.com/varnishcache/varnish-cache
Source: https://varnish-cache.org/_downloads/%name-%version.tgz
Source3: varnish.sysconfig
Source5: varnish.logrotate
Source7: varnish.service
Source8: varnishlog.service
Source9: varnish_reload_vcl
Patch2: uninit.patch
BuildRequires: libxslt-devel
BuildRequires: ncurses-devel
BuildRequires: python3-Sphinx
BuildRequires: python3-docutils
BuildRequires: readline-devel
BuildRequires: systemd-rpm-macros
BuildRequires: xz
BuildRequires: pkgconfig(libpcre2-8)
Requires: c_compiler
Requires(pre): shadow
Recommends: logrotate
%description
Varnish is an HTTP accelerator. Often called Reverse Proxy, it is an
application that stores (caches) documents that have been requested
over the HTTP protocol.
Based on certain criteria, the next client requesting the document is either
given the cached document, or a "fresh" document requested from a backend
server. The purpose of this is to minimize the requests going to the backend
server(s) by serving the same document to potentially many users.
%package -n %library_name
Summary: Shared libraries for Varnish
Group: Productivity/Networking/Web/Proxy
%description -n %library_name
Varnish is an HTTP accelerator. Often called Reverse Proxy, it is an
application that stores (caches) documents that have been requested
over the HTTP protocol.
Based on certain criteria, the next client requesting the document is either
given the cached document, or a "fresh" document requested from a backend
server. The purpose of this is to minimize the requests going to the backend
server(s) by serving the same document to potentially many users.
This package holds the shared libraries for varnish.
%package devel
Summary: Development files for Varnish
Group: Development/Libraries/C and C++
Requires: %name = %version
%description devel
Varnish is an HTTP accelerator. Often called Reverse Proxy, it is an
application that stores (caches) documents that have been requested
over the HTTP protocol.
This package holds the development files for varnish.
%prep
%autosetup -p1
%build
%define _lto_cflags %nil
export CFLAGS="%optflags -fcommon -fstack-protector"
%ifarch %ix86
export CFLAGS="$CFLAGS -ffloat-store -fexcess-precision=standard"
%endif
%configure --disable-static --docdir="%_docdir/%name" \
--localstatedir="%_localstatedir/cache/"
%make_build V=1
%install
b="%buildroot"
%make_install
# There is no use for them to normal users
mv "$b/%_bindir"/* "$b/%_sbindir/"
#
##missing directories
install -dm 0755 "$b"/{%pkg_logdir,%pkg_home}
install -Dpm 0644 "%SOURCE5" "$b/%_sysconfdir/logrotate.d/varnish"
#
##init scripts
install -Dpm 0644 "%SOURCE3" "$b/%_fillupdir/sysconfig.%name"
install -Dpm 0644 "%SOURCE7" "$b/%_unitdir/varnish.service"
install -Dpm 0644 "%SOURCE8" "$b/%_unitdir/varnishlog.service"
mkdir -p "$b/%_sbindir"
ln -s service "$b/%_sbindir/rcvarnish"
ln -s service "$b/%_sbindir/rcvarnishlog"
install -Dpm 0755 "%SOURCE9" "$b/%_sbindir/varnish_reload_vcl"
#
##config files
mkdir -p "$b/%_sysconfdir/%name"
cp "$b/%_docdir/%name/example.vcl" "$b/%_sysconfdir/%name/vcl.conf"
find "$b" -type f -name "*.la" -delete -print
mkdir -p "$b/%pkg_logdir"
mkdir -p "$b/%_docdir/%name"
cp -a doc/changes.rst LICENSE README.rst "$b/%_docdir/%name/"
perl -i -pe 's{^#!/usr/bin/env python}{#!/usr/bin/python}g' \
"$b/%_datadir/varnish/vmodtool.py" "$b/%_datadir/varnish/vsctool.py"
%check
if ! %make_build check; then
x="$?"
cat bin/varnishtest/test-suite.log
exit "$x"
fi
%pre
%_bindir/getent group varnish >/dev/null || \
%_sbindir/groupadd -r varnish
%_bindir/getent passwd varnish >/dev/null || \
%_sbindir/useradd -g varnish -s /bin/false -r -c "user for Varnish" \
-d %pkg_home varnish
%service_add_pre varnish.service varnishlog.service
%post
%fillup_only
%service_add_post varnish.service varnishlog.service
%preun
%service_del_preun varnish.service varnishlog.service
%postun
%service_del_postun varnish.service varnishlog.service
%post -n %library_name -p /sbin/ldconfig
%postun -n %library_name -p /sbin/ldconfig
%files
%_unitdir/*.service
%config(noreplace) %_sysconfdir/logrotate.d/varnish
%dir %attr(0750,root,varnish) %_sysconfdir/%name/
%config(noreplace) %attr(0640,root,varnish) %_sysconfdir/%name/vcl.conf
%_libdir/varnish
%_sbindir/varnish*
%_sbindir/rcvarnish*
%_mandir/man*/*
%_docdir/%name/
%_datadir/%name/
%dir %attr(0750,varnish,varnish) %pkg_home
%dir %attr(0750,varnish,varnish) %pkg_cachedir
%dir %attr(0750,varnish,varnish) %pkg_logdir
%_fillupdir/sysconfig.%name
%files -n %library_name
%_libdir/libvarnishapi.so.3*
%files devel
%_includedir/varnish/
%_datadir/aclocal/
%_libdir/pkgconfig/*
%_libdir/libvarnishapi.so
%changelog