Accepting request 1331681 from server:http

Automatic submission by obs-autosubmit OBS-URL: https://build.opensuse.org/request/show/1331681 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=175
Accepting request 1329868 from server:http
2026-02-06 18:11:22 +00:00 · 2026-01-30 17:22:20 +00:00 · 2026-01-30 13:28:31 +00:00 · 2026-01-29 18:47:33 +00:00 · 2026-01-28 15:12:30 +00:00 · 2025-12-19 16:41:25 +00:00
12 changed files with 1302 additions and 423 deletions
--- a/README.SUSE
+++ b/README.SUSE
@@ -0,0 +1,3 @@
+Notes regarding QUIC (only available on Tumbleweed):
+
+We currently only build with OpenSSL, this requires setting "limited-quic" in the "global" configuration section (which comes with missing out on 0-RTT support).
--- a/README.SUSE.PACKAGING
+++ b/README.SUSE.PACKAGING
@@ -0,0 +1,14 @@
+Packaging notes regarding QUIC:
+
+By default we enable QUIC with OpenSSL for Tumbleweed. OpenSSL is not the perfect fit - the best recommendation by HAProxy currently seems to be AWS-LC:
+https://github.com/haproxy/wiki/wiki/SSL-Libraries-Support-Status#tldr
+
+The project configuration can be adjusted to enable QUIC with AWS-LC:
+
+```
+Macros:
+%_with_awslc 1
+# for < 1600
+%_with_quic 1
+:Macros
+```
--- a/7
+++ b/7
@@ -1,12 +1,15 @@
 <services>
  <service name="tar_scm" mode="manual">
-    <param name="url">http://git.haproxy.org/git/haproxy-3.0.git/</param>
+    <param name="url">http://git.haproxy.org/git/haproxy-3.3.git/</param>
    <param name="scm">git</param>
    <param name="filename">haproxy</param>
    <param name="versionformat">@PARENT_TAG@+git@TAG_OFFSET@.%h</param>
    <param name="versionrewrite-pattern">v(.*)</param>
    <param name="versionrewrite-replacement">\1</param>
-    <param name="revision">v3.0.4</param>
+    <!--
+    <param name="revision">v3.3.2</param>
+    -->
+    <param name="revision">master</param>
    <param name="changesgenerate">enable</param>
  </service>

--- a/8
+++ b/8
@@ -1,6 +1,10 @@
 <servicedata>
  <service name="tar_scm">
-    <param name="url">http://git.haproxy.org/git/haproxy-3.0.git/</param>
-    <param name="changesrevision">7a59afa93ba909a8219307e62f88f81abe7615ef</param>
+    <param name="url">http://git.haproxy.org/git/haproxy-3.2.git/</param>
+    <param name="changesrevision">170436929ac78cfc4d1a43b3340535e1ac4d00d8</param>
+  </service>
+  <service name="tar_scm">
+    <param name="url">http://git.haproxy.org/git/haproxy-3.3.git/</param>
+    <param name="changesrevision">bc0fb5969e500ea5702bf885dd1fea110f6b3ce6</param>
  </service>
 </servicedata>
--- a/haproxy-1.6.0-makefile_lib.patch
+++ b/haproxy-1.6.0-makefile_lib.patch
@@ -1,8 +1,8 @@
-Index: haproxy-3.0/Makefile
+Index: haproxy-3.3/Makefile
 ===================================================================
--- haproxy-3.0.orig/Makefile
-+++ haproxy-3.0/Makefile
-@@ -784,7 +784,7 @@ ifneq ($(USE_PCRE:0=)$(USE_STATIC_PCRE:0
+--- haproxy-3.3.orig/Makefile
+++ haproxy-3.3/Makefile
+@@ -799,7 +799,7 @@ ifneq ($(USE_PCRE:0=)$(USE_STATIC_PCRE:0
   PCREDIR     := $(shell $(PCRE_CONFIG) --prefix 2>/dev/null || echo /usr/local)
   ifneq ($(PCREDIR),)
     PCRE_INC := $(PCREDIR)/include
@@ -11,7 +11,7 @@ Index: haproxy-3.0/Makefile
   endif
 
   PCRE_CFLAGS := $(if $(PCRE_INC),-I$(PCRE_INC))
-@@ -802,7 +802,7 @@ ifneq ($(USE_PCRE2:0=)$(USE_STATIC_PCRE2
+@@ -817,7 +817,7 @@ ifneq ($(USE_PCRE2:0=)$(USE_STATIC_PCRE2
   PCRE2DIR     := $(shell $(PCRE2_CONFIG) --prefix 2>/dev/null || echo /usr/local)
   ifneq ($(PCRE2DIR),)
     PCRE2_INC := $(PCRE2DIR)/include
--- a/haproxy-1.6.0-sec-options.patch
+++ b/haproxy-1.6.0-sec-options.patch
@@ -4,11 +4,21 @@ Date:   Mon Jun 17 13:00:08 2019 +0000

    SUSE: Makefile sec options

-Index: haproxy-3.0/Makefile
+Index: haproxy-3.3/Makefile
 ===================================================================
--- haproxy-3.0.orig/Makefile
-+++ haproxy-3.0/Makefile
-@@ -887,6 +887,35 @@ ifneq ($(TRACE),)
+--- haproxy-3.3.orig/Makefile
+++ haproxy-3.3/Makefile
+@@ -351,7 +351,8 @@ use_opts = USE_EPOLL USE_KQUEUE USE_NETF
+            USE_MEMORY_PROFILING USE_SHM_OPEN                                  \
+            USE_STATIC_PCRE USE_STATIC_PCRE2                                   \
+            USE_PCRE USE_PCRE_JIT USE_PCRE2 USE_PCRE2_JIT                      \
+-           USE_QUIC_OPENSSL_COMPAT USE_KTLS
+           USE_QUIC_OPENSSL_COMPAT USE_KTLS \
+					 USE_PIE USE_STACKPROTECTOR USE_RELRO_NOW
+ 
+ # preset all variables for all supported build options among use_opts
+ $(reset_opts_vars)
+@@ -902,6 +903,35 @@ ifneq ($(TRACE),)
   COPTS += -finstrument-functions
 endif
 
--- a/haproxy-3.0.4+git0.7a59afa93.tar.gz
+++ b/haproxy-3.0.4+git0.7a59afa93.tar.gz
--- a/haproxy-3.3.2+git3.bc0fb5969.tar.gz
+++ b/haproxy-3.3.2+git3.bc0fb5969.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:850ed7528245613cc794508457687757706955dfc48a456a294ba5aad794fdfd
+size 5407297
--- a/haproxy.changes
+++ b/haproxy.changes
--- a/haproxy.init
+++ b/haproxy.init
@@ -1,247 +0,0 @@
-#!/bin/sh
-#
-### BEGIN INIT INFO
-# Provides:          haproxy
-# Required-Start:    $syslog $remote_fs
-# Should-Start: $time ypbind sendmail
-# Required-Stop:     $syslog $remote_fs
-# Should-Stop: $time ypbind sendmail
-# Default-Start:     3 5
-# Default-Stop:      0 1 2 6
-# Short-Description: haproxy
-# Description:       Start haproxy a reliable, high performance TCP/HTTP load balancer
-### END INIT INFO
-# 
-# Any extensions to the keywords given above should be preceeded by 
-# X-VendorTag- (X-UnitedLinux- X-SuSE- for us) according to LSB.
-# 
-# Notes on Required-Start/Should-Start:
-# * There are two different issues that are solved by Required-Start
-#    and Should-Start
-# (a) Hard dependencies: This is used by the runlevel editor to determine
-#     which services absolutely need to be started to make the start of
-#     this service make sense. Example: nfsserver should have
-#     Required-Start: $portmap
-#     Also, required services are started before the dependent ones.
-#     The runlevel editor will warn about such missing hard dependencies
-#     and suggest enabling. During system startup, you may expect an error,
-#     if the dependency is not fulfilled.
-# (b) Specifying the init script ordering, not real (hard) dependencies.
-#     This is needed by insserv to determine which service should be
-#     started first (and at a later stage what services can be started
-#     in parallel). The tag Should-Start: is used for this.
-#     It tells, that if a service is available, it should be started
-#     before. If not, never mind.
-# * When specifying hard dependencies or ordering requirements, you can 
-#   use names of services (contents of their Provides: section)
-#   or pseudo names starting with a $. The following ones are available
-#   according to LSB (1.1):
-#       $local_fs               all local file systems are mounted
-#                               (most services should need this!)
-#       $remote_fs              all remote file systems are mounted
-#                               (note that /usr may be remote, so
-#                                many services should Require this!)
-#       $syslog                 system logging facility up
-#       $network                low level networking (eth card, ...)
-#       $named                  hostname resolution available
-#       $netdaemons             all network daemons are running
-#   The $netdaemons pseudo service has been removed in LSB 1.2.
-#   For now, we still offer it for backward compatibility.
-#   These are new (LSB 1.2):
-#       $time                   the system time has been set correctly  
-#       $portmap                SunRPC portmapping service available
-#   UnitedLinux extensions:
-#       $ALL                    indicates that a script should be inserted
-#                               at the end
-# * The services specified in the stop tags 
-#   (Required-Stop/Should-Stop)
-#   specify which services need to be still running when this service
-#   is shut down. Often the entries there are just copies or a subset 
-#   from the respective start tag.
-# * Should-Start/Stop are now part of LSB as of 2.0,
-#   formerly SUSE/Unitedlinux used X-UnitedLinux-Should-Start/-Stop.
-#   insserv does support both variants.
-# * X-UnitedLinux-Default-Enabled: yes/no is used at installation time
-#   (%fillup_and_insserv macro in %post of many RPMs) to specify whether
-#   a startup script should default to be enabled after installation.
-#   It's not used by insserv.
-#
-# Note on runlevels:
-# 0 - halt/poweroff                     6 - reboot
-# 1 - single user                       2 - multiuser without network exported
-# 3 - multiuser w/ network (text mode)  5 - multiuser w/ network and X11 (xdm)
-# 
-# Note on script names:
-# http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html
-# A registry has been set up to manage the init script namespace.
-# http://www.lanana.org/
-# Please use the names already registered or register one or use a
-# vendor prefix.
-
-
-# Check for missing binaries (stale symlinks should not happen)
-# Note: Special treatment of stop for LSB conformance
-HAPROXY_BIN=/usr/sbin/haproxy
-test -x $HAPROXY_BIN || { echo "$HAPROXY_BIN not installed"; 
-        if [ "$1" = "stop" ]; then exit 0;
-        else exit 5; fi; }
-HAPROXY_PID="/var/run/haproxy.pid"
-HAPROXY_CONF="/etc/haproxy/haproxy.cfg"
-## Check for existence of needed config file and read it
-#HAPROXY_CONFIG=/etc/sysconfig/haproxy
-#test -r $HAPROXY_CONFIG || { echo "$HAPROXY_CONFIG not existing";
-#       if [ "$1" = "stop" ]; then exit 0;
-#       else exit 6; fi; }
-#
-## Read config  
-#. $HAPROXY_CONFIG
-
-# Source LSB init functions
-# providing start_daemon, killproc, pidofproc, 
-# log_success_msg, log_failure_msg and log_warning_msg.
-# This is currently not used by UnitedLinux based distributions and
-# not needed for init scripts for UnitedLinux only. If it is used,
-# the functions from rc.status should not be sourced or used.
-#. /lib/lsb/init-functions
-
-# Shell functions sourced from /etc/rc.status:
-#      rc_check         check and set local and overall rc status
-#      rc_status        check and set local and overall rc status
-#      rc_status -v     be verbose in local rc status and clear it afterwards
-#      rc_status -v -r  ditto and clear both the local and overall rc status
-#      rc_status -s     display "skipped" and exit with status 3
-#      rc_status -u     display "unused" and exit with status 3
-#      rc_failed        set local and overall rc status to failed
-#      rc_failed <num>  set local and overall rc status to <num>
-#      rc_reset         clear both the local and overall rc status
-#      rc_exit          exit appropriate to overall rc status
-#      rc_active        checks whether a service is activated by symlinks
-. /etc/rc.status
-
-# Reset status of this service
-rc_reset
-
-# Return values acc. to LSB for all commands but status:
-# 0       - success
-# 1       - generic or unspecified error
-# 2       - invalid or excess argument(s)
-# 3       - unimplemented feature (e.g. "reload")
-# 4       - user had insufficient privileges
-# 5       - program is not installed
-# 6       - program is not configured
-# 7       - program is not running
-# 8--199  - reserved (8--99 LSB, 100--149 distrib, 150--199 appl)
-# 
-# Note that starting an already running service, stopping
-# or restarting a not-running service as well as the restart
-# with force-reload (in case signaling is not supported) are
-# considered a success.
-
-function haproxy_check() {
-        HAPROXY_CONFIG_CHECK="$($HAPROXY_BIN -c -q -f $HAPROXY_CONF 2>&1)"
-        if [ $? -ne 0 ] ; then
-                echo "" >&2
-                echo "$HAPROXY_CONFIG_CHECK" >&2
-                rc_failed
-                rc_status -v
-                exit 1
-        else
-                return 0
-        fi
-}
-
-case "$1" in
-    start)
-        echo -n "Starting haproxy "
-        ## Start daemon with startproc(8). If this fails
-        ## the return value is set appropriately by startproc.
-        haproxy_check
-        /sbin/startproc $HAPROXY_BIN -D -f $HAPROXY_CONF -p $HAPROXY_PID
-        # Remember status and be verbose
-        rc_status -v
-        ;;
-    stop)
-        echo -n "Shutting down haproxy "
-        ## Stop daemon with killproc(8) and if this fails
-        ## killproc sets the return value according to LSB.
-
-        /sbin/killproc -TERM $HAPROXY_BIN
-
-        # Remember status and be verbose
-        rc_status -v
-        ;;
-    try-restart|condrestart)
-        ## Do a restart only if the service was active before.
-        ## Note: try-restart is now part of LSB (as of 1.9).
-        ## RH has a similar command named condrestart.
-        if test "$1" = "condrestart"; then
-                echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
-        fi
-        $0 status
-        if test $? = 0; then
-                # we us reload here for a graceful restart during update
-                $0 reload
-        else
-                rc_reset        # Not running is not a failure.
-        fi
-        # Remember status and be quiet
-        rc_status
-        ;;
-    restart)
-        ## Stop the service and regardless of whether it was
-        ## running or not, start it again.
-        haproxy_check
-        $0 stop
-        $0 start
-
-        # Remember status and be quiet
-        rc_status
-        ;;
-    check)
-        ## Stop the service and regardless of whether it was
-        ## running or not, start it again.
-        echo -n "Checking config of haproxy "
-        haproxy_check
-        rc_status -v
-        ;;
-    reload|force-reload)
-        ## Like force-reload, but if daemon does not support
-        ## signaling, do nothing (!)
-        haproxy_check
-        # If it supports signaling:
-        echo -n "Reload service haproxy "
-        $HAPROXY_BIN -p $HAPROXY_PID -D -f $HAPROXY_CONF -sf $(cat $HAPROXY_PID)
-        rc_status -v
-        ;;
-    status)
-        echo -n "Checking for service haproxy "
-        ## Check status with checkproc(8), if process is running
-        ## checkproc will return with exit status 0.
-
-        # Return value is slightly different for the status command:
-        # 0 - service up and running
-        # 1 - service dead, but /var/run/  pid  file exists
-        # 2 - service dead, but /var/lock/ lock file exists
-        # 3 - service not running (unused)
-        # 4 - service status unknown :-(
-        # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
-
-        # NOTE: checkproc returns LSB compliant status values.
-        /sbin/checkproc -p $HAPROXY_PID $HAPROXY_BIN
-        # NOTE: rc_status knows that we called this init script with
-        # "status" option and adapts its messages accordingly.
-        rc_status -v
-        ;;
-    probe)
-        ## Optional: Probe for the necessity of a reload, print out the
-        ## argument to this init script which is required for a reload.
-        ## Note: probe is not (yet) part of LSB (as of 1.9)
-
-        test $HAPROXY_CONF -nt $HAPROXY_PID && echo reload
-        ;;
-    *)
-        echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
-        exit 1
-        ;;
-esac
-rc_exit
--- a/haproxy.spec
+++ b/haproxy.spec
@@ -14,35 +14,29 @@

 # Please submit bugfixes or comments via https://bugs.opensuse.org/

+# => notes regarding QUIC in README.SUSE.PACKAGING
+
+%define pkg_name haproxy
+%define pkg_home %{_localstatedir}/lib/%{pkg_name}
+%{!?vim_data_dir:%global vim_data_dir %{_datadir}/vim/%(readlink %{_datadir}/vim/current)}
+
+%bcond_with awslc
+
+%if 0%{?suse_version} > 1600 || %{with awslc}
+%bcond_without quic
+%else
 %bcond_with quic
-%if 0%{?suse_version} >= 1230
-%bcond_without tcp_fast_open
-%bcond_without network_namespace
-%else
-%bcond_with tcp_fast_open
-%bcond_with network_namespace
 %endif

-%if 0%{?suse_version} > 1320
-%bcond_without lua
+%if 0%{?suse_version} > 1500
+%bcond_with    rc_symlink
 %else
-%bcond_with    lua
-%endif
-
-%if 0%{?suse_version} >= 1310
-%bcond_without systemd
-%else
-%bcond_with systemd
+%bcond_without rc_symlink
 %endif

 %bcond_without pcre2_jit

 %bcond_without  apparmor
-%if 0%{?suse_version} > 1320
-%bcond_without apparmor_reload
-%else
-%bcond_with    apparmor_reload
-%endif

 %if 0%{?suse_version} >= 1500
 %bcond_without sysusers
@@ -52,75 +46,61 @@
 %bcond_with tmpfiles
 %endif

+%bcond_with ech
+
 Name:           haproxy
-Version:        3.0.4+git0.7a59afa93
+Version:        3.3.2+git3.bc0fb5969
 Release:        0
 #
+Summary:        The Reliable, High Performance TCP/HTTP Load Balancer
+License:        GPL-3.0-or-later AND LGPL-2.1-or-later
+Group:          Productivity/Networking/Web/Proxy
 #
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-%if %{with apparmor}
-%if 0%{?suse_version} <= 1315
-BuildRequires:  apparmor-profiles
-Recommends:     apparmor-profiles
-%else
-BuildRequires:  apparmor-abstractions
-Recommends:     apparmor-abstractions
-%endif
-%if %{with apparmor_reload}
-BuildRequires:  apparmor-rpm-macros
-%endif
-%endif
-BuildRequires:  libgcrypt-devel
-%if %{with lua}
-BuildRequires:  lua-devel >= 5.3
-%endif
-BuildRequires:  pcre2-devel
-BuildRequires:  zlib-devel
-BuildRequires:  openssl-devel
-BuildRequires:  pkg-config
-%if %{with systemd}
-BuildRequires:  pkgconfig(systemd)
-BuildRequires:  pkgconfig(libsystemd)
-%if %{with sysusers}
-BuildRequires:  sysuser-shadow
-BuildRequires:  sysuser-tools
-%endif
-%endif
-BuildRequires:  vim
-%define pkg_name haproxy
-%define pkg_home /var/lib/%{pkg_name}
-#
-Url:            http://www.haproxy.org/
+URL:            https://www.haproxy.org/
 #               source URL in _service file
 Source:         haproxy-%{version}.tar.gz
-Source1:        %{pkg_name}.init
 Source2:        usr.sbin.haproxy.apparmor
 Source3:        local.usr.sbin.haproxy.apparmor
 Source4:        haproxy.cfg
 Source5:        haproxy-user.conf
 Source6:        haproxy-tmpfiles.conf
+Source7:        README.SUSE
+Source8:        README.SUSE.PACKAGING
+#
+Source98:       series
+Source99:       haproxy-rpmlintrc
 Patch1:         haproxy-1.6.0_config_haproxy_user.patch
 Patch2:         haproxy-1.6.0-makefile_lib.patch
 Patch3:         haproxy-1.6.0-sec-options.patch
 Patch4:         haproxy-service.patch
-#
-Source98:       series
-Source99:       haproxy-rpmlintrc
-#
-Summary:        The Reliable, High Performance TCP/HTTP Load Balancer
-License:        GPL-3.0+ and LGPL-2.1+
-Group:          Productivity/Networking/Web/Proxy
+BuildRequires:  libgcrypt-devel
+BuildRequires:  pcre2-devel
+BuildRequires:  pkgconfig
+BuildRequires:  vim
+BuildRequires:  zlib-devel
 Provides:       %{name}-doc = %{version}
 Obsoletes:      %{name}-doc < %{version}
 Provides:       haproxy-1.5 = %{version}
 Obsoletes:      haproxy-1.5 < %{version}
-%if %{with systemd}
+#
+#
+%if %{with apparmor}
+BuildRequires:  apparmor-abstractions
+Recommends:     apparmor-abstractions
+BuildRequires:  apparmor-rpm-macros
+%endif
+BuildRequires:  lua-devel >= 5.3
+%if %{with awslc}
+BuildRequires:  aws-lc-devel
+%else
+BuildRequires:  openssl-devel
+%endif
+BuildRequires:  pkgconfig(libsystemd)
+BuildRequires:  pkgconfig(systemd)
+BuildRequires:  sysuser-shadow
+BuildRequires:  sysuser-tools
 %{?systemd_ordering}
-%if %{with sysusers}
 %sysusers_requires
-%endif
-%endif
-%{!?vim_data_dir:%global vim_data_dir /usr/share/vim/%(readlink /usr/share/vim/current)}

 %description
 HAProxy implements an event-driven, mono-process model which enables support
@@ -135,41 +115,44 @@ the most work done from every CPU cycle.

 %prep
 %autosetup -p1
+cp %{SOURCE7} .

 %build
-make %{?_smp_mflags} \
+%make_build \
    TARGET=linux-glibc \
-    CPU="%{_target_cpu}" \
+    USE_RELRO_NOW=1 \
+    USE_STACKPROTECTOR=1 \
+    USE_PIE=1 \
+    USE_KTLS=1 \
    USE_PCRE2=1 \
    %if %{with pcre2_jit}
    USE_PCRE2_JIT=1 \
    %endif
-    %ifarch %ix86
+    %ifarch %{ix86}
    USE_REGPARM=1 \
    %endif
    USE_GETADDRINFO=1 \
+%if %{with awslc}
+    USE_OPENSSL_AWSLC=1 \
+%else
    USE_OPENSSL=1 \
-    %if %{with lua}
-    USE_LUA=1 \
-    %endif
-    USE_ZLIB=1 \
-    %if %{with tcp_fast_open}
-    USE_TFO=1 \
-    %endif
-    %if %{with network_namespace}
-    USE_NS=1 \
-    %endif
-%if %{with systemd}
-    USE_SYSTEMD=1 \
+%if %{with ech}
+    USE_QUIC_OPENSSL_COMPAT=1 \
+    USE_ECH=1 \
 %endif
-    USE_PIE=1 \
-    USE_STACKPROTECTOR=1 \
-    USE_RELRO_NOW=1 \
+%endif
+    USE_LUA=1 \
+    USE_ZLIB=1 \
+    USE_TFO=1 \
+    USE_NS=1 \
    LIB="%{_lib}" \
    PREFIX="%{_prefix}" \
    USE_PROMEX=1 \
    %if %{with quic}
    USE_QUIC=1 \
+%if %{without awslc}
+    USE_QUIC_OPENSSL_COMPAT=1 \
+%endif
    %endif
    %if %{with opentracing}
    USE_OT=1 \
@@ -177,65 +160,44 @@ make %{?_smp_mflags} \
    %if %{with memory_profiling}
    USE_MEMORY_PROFILING=1 \
    %endif
-    DEBUG_CFLAGS="%{optflags}" V=1
-%if %{with systemd}
-make -C admin/systemd  PREFIX="%{_prefix}"
-%if %{with sysusers}
+    OPT_CFLAGS="%{optflags}" V=1
+%make_build -C admin/systemd  PREFIX="%{_prefix}"
 %sysusers_generate_pre %{SOURCE5} haproxy haproxy-user.conf
-%endif
-%endif
-make admin/halog/halog DEBUG_CFLAGS="%{optflags}" V=1
+%make_build admin/halog/halog DEBUG_CFLAGS="%{optflags}"

 %install
 install -D -m 0755 %{pkg_name}         %{buildroot}%{_sbindir}/%{pkg_name}
 install -d -m 0750                     %{buildroot}%{_sysconfdir}/%{pkg_name}/
-install    -m 0640 %{S:4}              %{buildroot}%{_sysconfdir}/%{pkg_name}/%{pkg_name}.cfg
+install    -m 0640 %{SOURCE4}              %{buildroot}%{_sysconfdir}/%{pkg_name}/%{pkg_name}.cfg

 install -D -m 0755 admin/halog/halog %{buildroot}%{_sbindir}/haproxy-halog

-%if %{with systemd}
 install -D -m 0644 admin/systemd/%{pkg_name}.service  %{buildroot}%{_unitdir}/%{pkg_name}.service
+%if %{with rc_symlink}
 ln -sf /sbin/service   %{buildroot}%{_sbindir}/rc%{pkg_name}
-%if %{with sysusers}
+%endif
 install -D -m 644 %{SOURCE5} %{buildroot}%{_sysusersdir}/haproxy-user.conf
-%endif
-%if %{with tmpfiles}
 install -D -m 644 %{SOURCE6} %{buildroot}%{_tmpfilesdir}/%{name}.conf
-%endif
-%else
-install -D -m 0755 %{S:1}                      %{buildroot}%{_sysconfdir}/init.d/%{pkg_name}
-ln -fs %{_sysconfdir}/init.d/%{pkg_name} %{buildroot}%{_sbindir}/rc%{pkg_name}
-%endif
-
 install -d -m 0750                          %{buildroot}%{pkg_home}
 install -D -m 0644 admin/syntax-highlight/haproxy.vim     %{buildroot}%{vim_data_dir}/syntax/%{pkg_name}.vim
 install -D -m 0644 doc/%{pkg_name}.1        %{buildroot}%{_mandir}/man1/%{pkg_name}.1
 %if %{with apparmor}
-install -D -m 0644 %{S:2}                   %{buildroot}/etc/apparmor.d/usr.sbin.haproxy
-install -D -m 0644 %{S:3}                   %{buildroot}/etc/apparmor.d/local/haproxy
-install -D -m 0644 %{S:3}                   %{buildroot}/etc/apparmor.d/local/usr.sbin.haproxy
+install -D -m 0644 %{SOURCE2}                   %{buildroot}%{_sysconfdir}/apparmor.d/usr.sbin.haproxy
+install -D -m 0644 %{SOURCE3}                   %{buildroot}%{_sysconfdir}/apparmor.d/local/haproxy
+install -D -m 0644 %{SOURCE3}                   %{buildroot}%{_sysconfdir}/apparmor.d/local/usr.sbin.haproxy
 %endif

 rm examples/*init*


-%if %{with systemd}
-%if %{with sysusers}
 %pre -f haproxy.pre
-%else
-%pre
-%endif
 %service_add_pre %{pkg_name}.service

 %post
-%if %{with apparmor} && %{with apparmor_reload}
-%apparmor_reload /etc/apparmor.d/usr.sbin.haproxy
+%if %{with apparmor}
+%apparmor_reload %{_sysconfdir}/apparmor.d/usr.sbin.haproxy
 %endif
-%if %{with systemd}
-%if %{with tmpfiles}
 %tmpfiles_create %{_tmpfilesdir}/%{name}.conf
-%endif
-%endif
 %service_add_post %{pkg_name}.service

 %preun
@@ -244,65 +206,35 @@ rm examples/*init*
 %postun
 %service_del_postun %{pkg_name}.service

-%else
-
-%pre
-getent group %{pkg_name} >/dev/null || /usr/sbin/groupadd -r %{pkg_name}
-getent passwd %{pkg_name} >/dev/null || \
-	/usr/sbin/useradd  -g %{pkg_name} -s /bin/false -r \
-	-c "user for %{pkg_name}" -d %{pkg_home} %{pkg_name}
-
-%post
-%fillup_and_insserv %{pkg_name}
-%if %{with apparmor} && %{with apparmor_reload}
-%apparmor_reload /etc/apparmor.d/usr.sbin.haproxy
-%endif
-
-%preun
-%stop_on_removal %{pkg_name}
-
-%postun
-%restart_on_update %{pkg_name}
-%{insserv_cleanup}
-
-%endif
-
 %files
-%defattr(-,root,root,-)
 %license LICENSE
-%doc CHANGELOG README
+%doc README.SUSE CHANGELOG README.md
 %doc doc/* examples/
 %doc admin/netsnmp-perl/ admin/selinux/
-%dir               %attr(-,root,haproxy) %{_sysconfdir}/%{pkg_name}
+%dir %attr(-,root,haproxy) %{_sysconfdir}/%{pkg_name}
 %config(noreplace) %attr(-,root,haproxy) %{_sysconfdir}/%{pkg_name}/*
-%if %{with systemd}
 %{_unitdir}/%{pkg_name}.service
-%if %{with sysusers}
 %{_sysusersdir}/haproxy-user.conf
-%endif
-%if %{with tmpfiles}
 %{_tmpfilesdir}/%{name}.conf
 %dir %ghost %{_rundir}/%{name}
-%endif
-%else
-%config(noreplace) %{_sysconfdir}/init.d/%{pkg_name}
-%endif
 %{_sbindir}/haproxy
 %{_sbindir}/haproxy-halog
+%if %{with rc_symlink}
 %{_sbindir}/rchaproxy
-%dir %attr(-,root,haproxy) %{pkg_home}
-%{_mandir}/man1/%{pkg_name}.1.gz
+%endif
+%dir %ghost %{pkg_home}
+%{_mandir}/man1/%{pkg_name}.1%{?ext_man}
 %dir %{_datadir}/vim
 %dir %{vim_data_dir}
 %dir %{vim_data_dir}/syntax
 %{vim_data_dir}/syntax/%{pkg_name}.vim
 %if %{with apparmor}
 %if 0%{?suse_version} == 1110
-%dir /etc/apparmor.d/local/
+%dir %{_sysconfdir}/apparmor.d/local/
 %endif
-%config(noreplace)        /etc/apparmor.d/usr.sbin.haproxy
-%config(noreplace) %ghost /etc/apparmor.d/local/haproxy
-%config(noreplace) %ghost /etc/apparmor.d/local/usr.sbin.haproxy
+%config(noreplace) %{_sysconfdir}/apparmor.d/usr.sbin.haproxy
+%config(noreplace) %ghost %{_sysconfdir}/apparmor.d/local/haproxy
+%config(noreplace) %ghost %{_sysconfdir}/apparmor.d/local/usr.sbin.haproxy
 %endif

 %changelog
--- a/usr.sbin.haproxy.apparmor
+++ b/usr.sbin.haproxy.apparmor
@@ -1,6 +1,6 @@
 #include <tunables/global>

-profile haproxy /usr/sbin/haproxy {
+profile haproxy /usr/sbin/haproxy flags=(attach_disconnected) {
  #include <abstractions/base>
  #include <abstractions/openssl>
  #include <abstractions/ssl_certs>
@@ -24,6 +24,8 @@ profile haproxy /usr/sbin/haproxy {

  /etc/haproxy/* r, 

+  /etc/os-release r,
+
  /usr/sbin/haproxy rmix,

  /dev/shm/haproxy_startup_logs_* rwlk,
@@ -43,9 +45,22 @@ profile haproxy /usr/sbin/haproxy {
  /sys/devices/system/node/ r,
  /sys/devices/system/node/*/cpumap r,
  /sys/devices/system/cpu/online r,
+  /sys/devices/system/node/node[0-9]/cpulist r,
+  /sys/devices/system/cpu/cpu[0-9]*/cache/index[0-9]*/type r,
+  /sys/devices/system/cpu/cpu[0-9]*/cache/index[0-9]*/level r,
+  /sys/devices/system/cpu/cpu[0-9]*/cache/index[0-9]*/shared_cpu_list r,
+  /sys/devices/system/cpu/cpu[0-9]*/topology/thread_siblings_list r,
+  /sys/devices/system/cpu/cpu[0-9]*/topology/cluster_cpus_list r,
+  /sys/devices/system/cpu/cpu[0-9]*/topology/package_cpus_list r,
+  /sys/devices/system/cpu/cpu[0-9]*/topology/physical_package_id r,
+  /sys/devices/system/cpu/cpu[0-9]*/topology/core_siblings_list r,
+  /sys/devices/system/cpu/cpu[0-9]*/cpu_capacity r,
  /sys/class/dmi/id/sys_vendor r,
+  /sys/devices/virtual/dmi/id/sys_vendor r,
  /sys/class/dmi/id/product_family r,
+  /sys/devices/virtual/dmi/id/product_family r,
  /sys/class/dmi/id/product_name r,
+  /sys/devices/virtual/dmi/id/product_name r,
  /sys/class/dmi/id/board_vendor r,
  /sys/firmware/devicetree/base/model r,
  /sys/class/dmi/id/board_name r,