rpm/squid
SHA256
1
0
Fork 0
forked from pool/squid
Code Pull Requests Activity

unlink from Factory

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=20
This commit is contained in:
Christian Wittmer 2012-10-22 19:07:11 +00:00 committed by Git OBS Bridge
commit 45833fae16
20 changed files with 3890 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

61
README.kerberos Normal file
View File

@ -0,0 +1,61 @@
This is the README.kerberos file
to have squid negotiate/authenticate via kerberos
any addons are very welcome
comments could be posted to <chris(at)computersalat.de>
1) you need to add a "USER" inside your "Domain-Computers" Container
called "squid". Yes a "USER" and not a Computer.
You may use another name, but why ?
2) After having successfully created the user, you need to create a
keytab file on your WIN box.
Example: !! This is all in one line !!
ktpass -princ HTTP/squid@DOMAIN.REALM -pType KRB5_NT_PRINCIPAL \
-mapuser squid -pass * -out HTTP.keytab
3) copy over HTTP.keytab to /etc/squid/ on your linux box
4) you have to tell your browsers to negotiate via kerberos
Have a look at:
a) Internet Explorer does not support Kerberos authentication with proxy servers
http://support.microsoft.com/?scid=kb%3Ben-us%3B321728&x=19&y=14
This limitation was removed in Windows Internet Explorer 7.
If Integrated Windows Authentication is turned on in Internet Explorer
for Windows 2000 and Windows XP, you can complete Kerberos authentication
with Web servers either directly or through a proxy server. However,
Internet Explorer cannot use Kerberos to authenticate with the proxy
server itself.
b) Unable to negotiate Kerberos authentication after upgrading to Internet Explorer 6
http://support.microsoft.com/kb/299838/EN-US/
To resolve this issue, enable Internet Explorer 6 to respond to
a negotiate challenge and perform Kerberos authentication:
1. In Internet Explorer, click Internet Options on the Tools menu.
2. Click the Advanced tab, click to select the Enable
Integrated Windows Authentication (requires restart) check box
in the Security section, and then click OK.
3. Restart Internet Explorer.
Administrators can enable Integrated Windows Authentication by
setting the EnableNegotiate DWORD value to 1 in the following registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Note Internet Explorer 6, when used with Microsoft Windows 98,
Microsoft Windows 98 Second Edition, Microsoft Windows Millennium Edition,
and Microsoft Windows NT 4.0 does not respond to a negotiate challenge and
default to NTLM (or Windows NT Challenge/Response) authentication even if
the Enable Integrated Windows Authentication (requires restart) check
box is selected because Kerberos authentication is not available on
these operating systems.

1273
RELEASENOTES.html Normal file
View File

File diff suppressed because it is too large Load Diff

6
pam.squid Normal file
View File

@ -0,0 +1,6 @@
#%PAM-1.0
auth include common-auth
account include common-account
password include common-password
session include common-session

2
rpmlintrc Normal file
View File

@ -0,0 +1,2 @@
addFilter("macro-in-comment")
addFilter("no-manual-page-for-binary")

3
squid-3.2.2.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9450a031b4dd1620b01800296530946224588142f62da4bb5407e36cdae8548e
size 2890235

20
squid-3.2.2.tar.bz2.asc Normal file
View File

@ -0,0 +1,20 @@
File: squid-3.2.2.tar.bz2
Date: Sat Oct 6 03:32:07 UTC 2012
Size: 2890235
MD5 : 39d3f9d03cc0ea9e4d55cde02db18093
SHA1: 2142f8c8e28621f115f57006bc090b895020253c
Key : 0xFF5CF463 <squid3@treenet.co.nz>
fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463
keyring = http://www.squid-cache.org/pgp.asc
keyserver = subkeys.pgp.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAABAgAGBQJQb68RAAoJELJo5wb/XPRjfokIAMR7FlDgb8YJL83YRxuZHEV/
JIShlU0hmUUeM6gKP961/n4rWzcjveaYQI3QVQJIb2oYKQ9NAC+DV/RFjtnWFPCv
EHFaqFfenk5KIAabs1e2euQpvmDa6VR9F6vo69h7STEXo7HgwavhJkI4UCzCnoUR
QiQxAW4/Vn35ATS6MXx+ahd8N3hes73sa506hieb/Mwgz+7fJHqT5YkdkJ/VRvWr
LMQJ7bu4gFytBZCAFpd2LAvoZg0I34FMbHnF0lmQtm+pRJsHzFArZWBZ17sxOiQE
9mYLuDwflJeMgXdCi8BDp6/zdUHVcBL+sAjpjFREuf01V/deWbspqv0Q25o3vIU=
=effF
-----END PGP SIGNATURE-----

26
squid-compiled_without_RPM_OPT_FLAGS.patch Normal file
View File

@ -0,0 +1,26 @@
Index: src/Makefile.am
===================================================================
--- src/Makefile.am.orig
+++ src/Makefile.am
@@ -917,7 +917,7 @@ cache_cf.o: cf_parser.cci
# cf_gen builds the configuration files.
cf_gen$(EXEEXT): $(cf_gen_SOURCES) $(cf_gen_DEPENDENCIES)
- $(HOSTCXX) -o $@ $(srcdir)/cf_gen.cc -I$(srcdir) -I$(top_builddir)/include/ -I$(top_builddir)/src
+ $(HOSTCXX) $(CXXFLAGS) -o $@ $(srcdir)/cf_gen.cc -I$(srcdir) -I$(top_builddir)/include/ -I$(top_builddir)/src
# squid.conf.default is built by cf_gen when making cf_parser.cci
squid.conf.default squid.conf.documented: cf_parser.cci
Index: src/Makefile.in
===================================================================
--- src/Makefile.in.orig
+++ src/Makefile.in
@@ -6573,7 +6573,7 @@ cache_cf.o: cf_parser.cci
# cf_gen builds the configuration files.
cf_gen$(EXEEXT): $(cf_gen_SOURCES) $(cf_gen_DEPENDENCIES)
- $(HOSTCXX) -o $@ $(srcdir)/cf_gen.cc -I$(srcdir) -I$(top_builddir)/include/ -I$(top_builddir)/src
+ $(HOSTCXX) $(CXXFLAGS) -o $@ $(srcdir)/cf_gen.cc -I$(srcdir) -I$(top_builddir)/include/ -I$(top_builddir)/src
# squid.conf.default is built by cf_gen when making cf_parser.cci
squid.conf.default squid.conf.documented: cf_parser.cci

42
squid-config.patch Normal file
View File

@ -0,0 +1,42 @@
Index: src/cf.data.pre
===================================================================
--- src/cf.data.pre.orig
+++ src/cf.data.pre
@@ -1073,6 +1073,8 @@ http_access deny CONNECT !SSL_ports
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
+
+# Allow localhost always proxy functionality
http_access allow localhost
# And finally deny all other access to this proxy
@@ -2774,6 +2776,10 @@ DOC_START
Instead, if you want Squid to use the entire disk drive,
subtract 20% and use that value.
+ Note on 'Mbytes': You need to consider the available RAM on the
+ machine versus the approx. 10MB RAM per 1GB of files which the
+ cache_dir index will consume.
+
'L1' is the number of first-level subdirectories which
will be created under the 'Directory'. The default is 16.
@@ -2888,7 +2894,7 @@ DOC_START
NOCOMMENT_START
# Uncomment and adjust the following to add a disk cache directory.
-#cache_dir ufs @DEFAULT_SWAP_DIR@ 100 16 256
+#cache_dir aufs @DEFAULT_SWAP_DIR@ 100 16 256
NOCOMMENT_END
DOC_END
@@ -3395,7 +3401,7 @@ DOC_END
NAME: logfile_rotate
TYPE: int
-DEFAULT: 10
+DEFAULT: 0
LOC: Config.Log.rotateNumber
DOC_START
Specifies the number of logfile rotations to make when you

122
squid-nobuilddates.patch Normal file
View File

@ -0,0 +1,122 @@
Index: helpers/basic_auth/fake/fake.cc
===================================================================
--- helpers/basic_auth/fake/fake.cc.orig
+++ helpers/basic_auth/fake/fake.cc
@@ -74,7 +74,7 @@ main(int argc, char *argv[])
process_options(argc, argv);
- debug("%s build " __DATE__ ", " __TIME__ " starting up...\n", program_name);
+ debug("%s starting up...\n", program_name);
while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) {
char *p;
@@ -90,6 +90,6 @@ main(int argc, char *argv[])
/* send 'OK' result back to Squid */
SEND_OK("");
}
- debug("%s build " __DATE__ ", " __TIME__ " shutting down...\n", program_name);
+ debug("%s shutting down...\n", program_name);
exit(0);
}
Index: helpers/external_acl/AD_group/ext_ad_group_acl.cc
===================================================================
--- helpers/external_acl/AD_group/ext_ad_group_acl.cc.orig
+++ helpers/external_acl/AD_group/ext_ad_group_acl.cc
@@ -815,8 +815,7 @@ main(int argc, char *argv[])
if (!DefaultDomain)
DefaultDomain = xstrdup(machinedomain);
}
- debug("External ACL win32 group helper build " __DATE__ ", " __TIME__
- " starting up...\n");
+ debug("External ACL win32 group helper build starting up...\n");
if (use_global)
debug("Domain Global group mode enabled using '%s' as default domain.\n", DefaultDomain);
if (use_case_insensitive_compare)
Index: helpers/external_acl/LM_group/ext_lm_group_acl.cc
===================================================================
--- helpers/external_acl/LM_group/ext_lm_group_acl.cc.orig
+++ helpers/external_acl/LM_group/ext_lm_group_acl.cc
@@ -545,8 +545,7 @@ main(int argc, char *argv[])
if (!DefaultDomain)
DefaultDomain = xstrdup(machinedomain);
}
- debug("External ACL win32 group helper build " __DATE__ ", " __TIME__
- " starting up...\n");
+ debug("External ACL win32 group helper build starting up...\n");
if (use_global)
debug("Domain Global group mode enabled using '%s' as default domain.\n", DefaultDomain);
if (use_case_insensitive_compare)
Index: helpers/negotiate_auth/SSPI/negotiate_sspi_auth.cc
===================================================================
--- helpers/negotiate_auth/SSPI/negotiate_sspi_auth.cc.orig
+++ helpers/negotiate_auth/SSPI/negotiate_sspi_auth.cc
@@ -272,7 +272,7 @@ main(int argc, char *argv[])
process_options(argc, argv);
- debug("%s build " __DATE__ ", " __TIME__ " starting up...\n", my_program_name);
+ debug("%s starting up...\n", my_program_name);
if (LoadSecurityDll(SSP_NTLM, NEGOTIATE_PACKAGE_NAME) == NULL) {
fprintf(stderr, "FATAL: %s: can't initialize SSPI, exiting.\n", argv[0]);
Index: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.cc
===================================================================
--- helpers/ntlm_auth/SSPI/ntlm_sspi_auth.cc.orig
+++ helpers/ntlm_auth/SSPI/ntlm_sspi_auth.cc
@@ -612,7 +612,7 @@ main(int argc, char *argv[])
process_options(argc, argv);
- debug("%s build " __DATE__ ", " __TIME__ " starting up...\n", my_program_name);
+ debug("%s starting up...\n", my_program_name);
if (LoadSecurityDll(SSP_NTLM, NTLM_PACKAGE_NAME) == NULL) {
fprintf(stderr, "FATAL, can't initialize SSPI, exiting.\n");
Index: helpers/ntlm_auth/fake/ntlm_fake_auth.cc
===================================================================
--- helpers/ntlm_auth/fake/ntlm_fake_auth.cc.orig
+++ helpers/ntlm_auth/fake/ntlm_fake_auth.cc
@@ -175,7 +175,7 @@ main(int argc, char *argv[])
process_options(argc, argv);
- debug("%s build " __DATE__ ", " __TIME__ " starting up...\n", my_program_name);
+ debug("%s starting up...\n", my_program_name);
while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) {
user[0] = '\0'; /*no user code */
Index: helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc
===================================================================
--- helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc.orig
+++ helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc
@@ -680,7 +680,7 @@ manage_request()
int
main(int argc, char *argv[])
{
- debug("ntlm_auth build " __DATE__ ", " __TIME__ " starting up...\n");
+ debug("ntlm_auth build starting up...\n");
my_program_name = argv[0];
process_options(argc, argv);
Index: helpers/url_rewrite/fake/fake.cc
===================================================================
--- helpers/url_rewrite/fake/fake.cc.orig
+++ helpers/url_rewrite/fake/fake.cc
@@ -79,7 +79,7 @@ main(int argc, char *argv[])
process_options(argc, argv);
- debug("%s build " __DATE__ ", " __TIME__ " starting up...\n", my_program_name);
+ debug("%s starting up...\n", my_program_name);
while (fgets(buf, HELPER_INPUT_BUFFER, stdin) != NULL) {
char *p;
@@ -95,6 +95,6 @@ main(int argc, char *argv[])
/* send 'no-change' result back to Squid */
fprintf(stdout,"\n");
}
- debug("%s build " __DATE__ ", " __TIME__ " shutting down...\n", my_program_name);
+ debug("%s shutting down...\n", my_program_name);
exit(0);
}

1391
squid.changes Normal file
View File

File diff suppressed because it is too large Load Diff

201
squid.init Normal file
View File

@ -0,0 +1,201 @@
#!/bin/sh
# Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH
# Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH
# Copyright (c) 2002 SuSE Linux AG
#
# Author: Frank Bodammer, Peter Poeml, Klaus Singvogel <feedback@suse.de>
#
# /etc/init.d/squid
# and its symbolic link
# /(usr/)sbin/rcsquid
#
### BEGIN INIT INFO
# Provides: squid
# Required-Start: $local_fs $remote_fs $network $time
# Should-Start: apache $named winbind
# Required-Stop: $local_fs $remote_fs $network $time
# Should-Stop: apache $named winbind
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Short-Description: Squid web cache
# Description: Start the Squid web cache, providing
# HTTP, FTP and other proxy services
### END INIT INFO
#
# Note on runlevels:
# 0 - halt/poweroff 6 - reboot
# 1 - single user 2 - multiuser without network exported
# 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm)
# Check for missing binaries (stale symlinks should not happen)
# Note: Special treatment of stop for LSB conformance
SQUID_BIN=/usr/sbin/squid
test -x $SQUID_BIN || { echo "$SQUID_BIN not installed";
if [ "$1" = "stop" ]; then exit 0;
else exit 5; fi; }
# Check for existence of needed config file and read it
SQUID_SYSCONFIG=/etc/sysconfig/squid
test -r $SQUID_SYSCONFIG || { echo "$SQUID_SYSCONFIG not existing";
if [ "$1" = "stop" ]; then exit 0;
else exit 6; fi; }
# Read config
. $SQUID_SYSCONFIG
SQUID_PID=/var/run/squid.pid
SQUID_CONF=/etc/squid/squid.conf
SQUID_S_T=${SQUID_SHUTDOWN_TIMEOUT:="60"}
SQUID_OPTS=${SQUID_START_OPTIONS:="-sY"}
SQUID_ULIMIT=${SQUID_DEFAULT_ULIMT:="4096"}
# determine which one is the cache_swap directory
SQUID_CACHE_DIR=$(perl -n -e \
'/^cache_dir\s+\S+\s+(.*)\s+\d+\s+\d+\s+\d+/ && print "$1"' $SQUID_CONF)
ulimit -n "$SQUID_ULIMIT"
#IN: $SQUID_CACHE_DIR
setup_squid_cache_dir(){
for adir in "$1" ; do
if [ ! -d $adir/00 ]; then # create missing cache directories
umask 027 # prevent users reading any cache data
echo -n " ($adir)"
$SQUID_BIN -z -F > /dev/null 2>&1
fi
if [ ! -d $adir/00 ]; then
echo " - failed while creating cache_dir ! "
rc_failed
rc_status -v
rc_exit
fi
done
sleep 2
}
# Shell functions sourced from /etc/rc.status:
# rc_check check and set local and overall rc status
# rc_status check and set local and overall rc status
# rc_status -v be verbose in local rc status and clear it afterwards
# rc_status -v -r ditto and clear both the local and overall rc status
# rc_status -s display "skipped" and exit with status 3
# rc_status -u display "unused" and exit with status 3
# rc_failed set local and overall rc status to failed
# rc_failed <num> set local and overall rc status to <num>
# rc_reset clear both the local and overall rc status
# rc_exit exit appropriate to overall rc status
# rc_active checks whether a service is activated by symlinks
. /etc/rc.status
# Reset status of this service
rc_reset
case "$1" in
start)
echo -n "Starting WWW-proxy squid "
if /sbin/checkproc $SQUID_BIN ; then
echo -n "- Warning: squid already running ! "
rc_failed
else
[ -e $SQUID_PID ] && echo -n "- Warning: $SQUID_PID exists ! "
if [ -n "$SQUID_CACHE_DIR" -a -d "$SQUID_CACHE_DIR" ]; then
setup_squid_cache_dir "$SQUID_CACHE_DIR"
fi
fi
startproc -l /var/log/squid/rcsquid.log $SQUID_BIN "$SQUID_OPTS"
# Remember status and be verbose
rc_status -v
;;
stop)
echo -n "Shutting down WWW-proxy squid "
if /sbin/checkproc $SQUID_BIN ; then
$SQUID_BIN -k shutdown
sleep 2
if [ -e $SQUID_PID ] ; then
echo -n "- wait a minute or two... "
i="$SQUID_S_T"
while [ -e $SQUID_PID ] && [ $i -gt 0 ] ; do
sleep 2
i=$[$i-1]
echo -n "."
[ $i -eq 41 ] && echo
done
fi
if /sbin/checkproc $SQUID_BIN ; then
killproc -TERM $SQUID_BIN
echo -n " Warning: squid killed !"
fi
else
echo -n "- Warning: squid not running ! "
rc_failed 7
fi
# Remember status and be verbose
rc_status -v
;;
try-restart)
$0 status >/dev/null && $0 restart
# Remember status and be quiet
rc_status
;;
restart)
$0 stop
$0 start
# Remember status and be quiet
rc_status
;;
force-reload)
$0 reload
# Remember status and be quiet
rc_status
;;
reload)
echo -n "Reloading WWW-proxy squid "
if /sbin/checkproc $SQUID_BIN ; then
$SQUID_BIN -k rotate
sleep 2
$SQUID_BIN -k reconfigure
rc_status
else
echo -n "- Warning: squid not running ! "
rc_failed 7
fi
# Remember status and be verbose
rc_status -v
;;
status)
echo -n "Checking for WWW-proxy squid "
## Check status with checkproc(8), if process is running
## checkproc will return with exit status 0.
# Return value is slightly different for the status command:
# 0 - service up and running
# 1 - service dead, but /var/run/ pid file exists
# 2 - service dead, but /var/lock/ lock file exists
# 3 - service not running (unused)
# 4 - service status unknown :-(
# 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
# NOTE: checkproc returns LSB compliant status values.
/sbin/checkproc $SQUID_BIN
# Remember status and be verbose
rc_status -v
;;
probe)
test $SQUID_CONF -nt $SQUID_PID && echo reload
;;
*)
echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
exit 1
;;
esac
rc_exit

44
squid.logrotate Normal file
View File

@ -0,0 +1,44 @@
/var/log/squid/cache.log {
compress
dateext
maxage 365
rotate 99
size=+1024k
notifempty
missingok
create 640 squid root
sharedscripts
postrotate
/etc/init.d/squid reload
endscript
}
/var/log/squid/access.log {
compress
dateext
maxage 365
rotate 99
size=+4096k
notifempty
missingok
create 640 squid root
sharedscripts
postrotate
/etc/init.d/squid reload
endscript
}
/var/log/squid/store.log {
compress
dateext
maxage 365
rotate 99
size=+4096k
notifempty
missingok
create 640 squid root
sharedscripts
postrotate
/etc/init.d/squid reload
endscript
}

2
squid.permissions Normal file
View File

@ -0,0 +1,2 @@
/var/cache/squid/ squid:root 750
/var/log/squid/ squid:root 750

13
squid.service Normal file
View File

@ -0,0 +1,13 @@
[Unit]
Description=Squid caching proxy
After=syslog.target network.target named.service
[Service]
EnvironmentFile=/etc/sysconfig/squid
ExecStartPre=/usr/sbin/squid_cache_swap.sh
ExecStart=/usr/sbin/squid -F -N $SQUID_START_OPTIONS -f /etc/squid/squid.conf
ExecReload=/usr/sbin/squid -F -N $SQUID_START_OPTIONS -k reconfigure -f /etc/squid/squid.conf
ExecStop=/usr/sbin/squid -F -N -k shutdown -f /etc/squid/squid.conf
[Install]
WantedBy=multi-user.target

404
squid.spec Normal file
View File

@ -0,0 +1,404 @@
#
# spec file for package squid
#
# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
%define squidlibdir %{_libdir}/squid
%define squidconfdir /etc/squid
Name: squid
Summary: Squid Version 3.2 WWW Proxy Server
License: GPL-2.0+
Group: Productivity/Networking/Web/Proxy
Version: 3.2.2
Release: 0
Url: http://www.squid-cache.org/Versions/v3/3.2
Source0: http://www.squid-cache.org/Versions/v3/3.2/%{name}-%{version}.tar.bz2
Source1: %{name}-%{version}.tar.bz2.asc
Source2: RELEASENOTES.html
Source3: squid.init
Source4: squid.sysconfig
Source5: pam.squid
Source6: unsquid.pl
Source7: %{name}.logrotate
Source9: %{name}.permissions
Source10: README.kerberos
Source11: %{name}.service
Source12: squid_cache_swap.sh
#
# the following patches are downloaded directly from the webserver
# don't change the names for easier identification
#
# please read every file if there is interest about what the patch changes
# or just visit: http://www.squid-cache.org/Versions/v3/3.0/changesets/
#
# [request|reply]_header_* manglers fixes to handle custom headers
#Patch0: http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11611.patch
# cache.log analysis: Add a pattern to report alive (opened and not closed) FDs.
#Patch1: http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11612.patch
#
##
# do not show some rpmlint warnings
Source99: rpmlintrc
# some useful defaults for squid
Patch100: %{name}-config.patch
# make build compare happy - remove build dates
Patch101: %{name}-nobuilddates.patch
## File is compiled without RPM_OPT_FLAGS
# squid3 no-rpm-opt-flags <cmdline>:./cf_gen.cc
Patch102: %{name}-compiled_without_RPM_OPT_FLAGS.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: %fillup_prereq
PreReq: %insserv_prereq
PreReq: /usr/bin/getent
PreReq: permissions
PreReq: pwdutils
BuildRequires: db-devel
# needed by bootstrap.sh
BuildRequires: cyrus-sasl-devel
BuildRequires: ed
BuildRequires: expat
BuildRequires: gcc-c++
BuildRequires: libcap-devel
BuildRequires: libexpat-devel
BuildRequires: libtool
BuildRequires: openldap2-devel
BuildRequires: opensp-devel
BuildRequires: openssl-devel
BuildRequires: pam-devel
BuildRequires: pkgconfig
BuildRequires: sharutils
#
%if 0%{?sles_version} == 9
BuildRequires: heimdal-devel
%else
BuildRequires: krb5-devel
%endif
#
%if 0%{?suse_version} > 1030 || 0%{?fedora_version} > 8
BuildRequires: fdupes
%endif
#
%if 0%{?suse_version} >= 1130
BuildRequires: pkgconfig(libxml-2.0)
%else
BuildRequires: libxml2-devel
%endif
%if 0%{?suse_version} > 1140
BuildRequires: systemd
%{?systemd_requires}
%define has_systemd 1
%endif
Requires: logrotate
Provides: http_proxy
# due to package rename
# Wed Aug 15 17:40:30 UTC 2012
Provides: %{name}3 = %{version}
Obsoletes: %{name}3 < %{version}
%description
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator.
Squid 3.2 represents a new feature release above 3.1.
The most important of these new features are:
* CVE-2009-0801 : NAT interception vulnerability to malicious clients.
* NCSA helper DES algorithm password limits
* SMP scalability
* Helper Multiplexer and On-Demand
* Helper Name Changes
* Multi-Lingual manuals
* Solaris 10 pthreads Support
* Surrogate/1.0 protocol extensions to HTTP
* Logging Infrastructure Updated
* Client Bandwidth Limits
* Better eCAP support
* Cache Manager access changes
First STABLE release Date: 02 Aug 2010
Latest Release: 3.2.2
Latest Release Date: 05 Oct 2012
%prep
%setup -q -n %{name}-%{version}
cp %{S:10} .
# upstream patches after RELEASE
#patch0
#patch1
##### other patches
%patch100
perl -p -i -e 's|/usr/local/bin/perl|/usr/bin/perl|' `find -name "*.pl"`
chmod a-x CREDITS
%patch101
%patch102
%build
export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"
export CXXFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"
export LDFLAGS='-Wl,-z,relro,-z,now -pie'
./configure --prefix=/usr \
--sysconfdir=%{squidconfdir} \
--bindir=/usr/sbin \
--sbindir=/usr/sbin \
--localstatedir=/var \
--libexecdir=/usr/sbin \
--datadir=/usr/share/squid \
--mandir=%{_mandir} \
--libdir=%{_libdir} \
--sharedstatedir=/var/squid \
--with-logdir=/var/log/squid \
--with-pidfile=/var/run/squid.pid \
--with-dl \
--enable-disk-io \
--enable-storeio \
--enable-removal-policies=heap,lru \
--enable-icmp \
--enable-delay-pools \
--enable-esi \
--enable-icap-client \
--enable-useragent-log \
--enable-referer-log \
--enable-kill-parent-hack \
--enable-arp-acl \
--enable-ssl \
--enable-forw-via-db \
--enable-cache-digests \
--enable-linux-netfilter \
--with-large-files \
--enable-underscores \
--enable-auth \
--enable-auth-basic \
--enable-auth-ntlm \
--enable-auth-negotiate \
--enable-auth-digest \
--enable-external-acl-helpers=LDAP_group,eDirectory_userip,file_userip,kerberos_ldap_group,session,unix_group,wbinfo_group \
--enable-ntlm-fail-open \
--enable-stacktraces \
--enable-x-accelerator-vary \
--with-default-user=%{name} \
--disable-ident-lookups \
--enable-follow-x-forwarded-for
# overwrite the number of open filedescriptors of configure to 4096
# to be backward compatible, but numbers above should not be overwritten
if [ `awk '/SQUID_MAXFD/{print $3}' include/autoconf.h` -lt 4096 ]; then
set +x
echo "adapting SQUID_MAXFD to 4096"
set -x
perl -pi -e 's;(\#define SQUID_MAXFD) [0-9]+;$1 4096;' include/autoconf.h
fi
make SAMBAPREFIX=/usr %{?_smp_mflags}
%install
/usr/sbin/useradd -r -o -g nogroup -u 31 -s /bin/false -c "WWW-proxy squid" \
-d /var/cache/%{name} %{name} 2> /dev/null || :
install -d %{buildroot}%{_localstatedir}/{cache,log}/%{name}
chmod 750 %{buildroot}%{_localstatedir}/{cache,log}/%{name}
install -d %{buildroot}%{_prefix}/sbin
make install DESTDIR=%{buildroot} SAMBAPREFIX=/usr
mv %{buildroot}{/etc/%{name}/,/usr/share/%{name}/}mime.conf.default
ln -s /etc/%{name}/mime.conf %{buildroot}%{_datadir}/%{name} # backward compatible
install -d -m 755 %{buildroot}%{_sysconfdir}/permissions.d
install -m 644 %{SOURCE9} %{buildroot}%{_sysconfdir}/permissions.d/%{name}
install -d -m 755 %{buildroot}%{_sysconfdir}/logrotate.d
install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
install -D %{SOURCE3} %{buildroot}%{_sysconfdir}/init.d/%{name}
ln -sf %{_sysconfdir}/init.d/%{name} %{buildroot}%{_sbindir}/rcsquid
install -D -m644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
install -d -m 755 doc/scripts
install scripts/*.pl doc/scripts
cat > doc/scripts/cachemgr.readme <<-EOT
cachemgr.cgi will now be found in %{_libdir}/%{name}
EOT
install -d -m 755 %{buildroot}/%{_libdir}/%{name}
mv %{buildroot}%{_sbindir}/cachemgr.cgi %{buildroot}/%{_libdir}/%{name}
install -d -m 755 doc/contrib
install %{SOURCE6} doc/contrib
install -D -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pam.d/%{name}
rm -rf %{buildroot}%{squidconfdir}/errors
for i in errors/*; do
if [ -d $i ]; then
mkdir -p %{buildroot}%{_datadir}/%{name}/$i
install -m 644 $i/* %{buildroot}%{_datadir}/%{name}/$i
fi
done
ln -sf /usr/share/%{name}/errors/de %{buildroot}%{squidconfdir}/errors
# fix file duplicates
%if 0%{?suse_version} > 1030
%fdupes -s %{buildroot}%{_prefix}
%endif
%if 0%{?fedora_version} > 8
fdupes -q -n -r %{buildroot}%{_prefix}
%endif
%if 0%{?has_systemd}
install -D -m 644 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}.service
install -D -m 755 %{SOURCE12} %{buildroot}%{_sbindir}/squid_cache_swap.sh
%endif
%pre
# we need this group for squid (ntlmauth)
# read access to /var/lib/samba/winbindd_privileged
if [ -z "`%{_bindir}/getent group winbind 2>/dev/null`" ]; then
%{_sbindir}/groupadd -r winbind 2>/dev/null
fi
if [ -z "`%{_bindir}/getent passwd squid 2>/dev/null`" ]; then
%{_sbindir}/useradd -c "WWW-proxy squid" -d /var/cache/%{name} \
-G winbind -g nogroup -o -u 31 -r -s /bin/false \
%{name} 2>/dev/null
fi
# if squid is not member of winbind, add him
if [ `%{_bindir}/id -nG %{name} 2>/dev/null | grep -q winbind >/dev/null; echo $?` -ne 0 ]; then
%{_sbindir}/groupmod -A %{name} winbind 2>/dev/null
fi
%if 0%{?has_systemd}
%service_add_pre %{name}.service
%endif
%post
%if 0%{?sles_version} == 10
sed -i -e "s,\(^%{_sbindir}/pam_auth.*\)\(2755\),\14755," /etc/permissions.secure
%endif
%if 0%{?suse_version} >= 1140
%set_permissions %{_localstatedir}/cache/%{name}
%set_permissions %{_localstatedir}/log/%{name}
%endif
# update mode?
if [ "$1" -gt "1" ]; then
if [ -e etc/%{name}.conf -a ! -L etc/%{name}.conf -a ! -e etc/%{name}/%{name}.conf ]; then
echo "moving /etc/%{name}.conf to /etc/%{name}/%{name}.conf"
mv etc/%{name}.conf etc/%{name}/%{name}.conf
fi
fi
%{fillup_and_insserv -n "squid"}
%if 0%{?has_systemd}
%service_add_post squid.service
%endif
%preun
%stop_on_removal squid
%if 0%{?has_systemd}
%service_del_preun squid.service
%endif
%postun
%if 0%{?has_systemd}
%service_del_postun squid.service
%endif
%restart_on_update squid
%insserv_cleanup
%verifyscript
%verify_permissions -e /usr/sbin/pam_auth
%clean
rm -rf %{buildroot}
%files
%defattr(-,root,root)
%doc CONTRIBUTORS COPYING COPYRIGHT CREDITS ChangeLog
%doc QUICKSTART README RELEASENOTES.html SPONSORS*
%doc README.kerberos
%doc doc/contrib doc/scripts
%doc doc/debug-sections.txt src/%{name}.conf.default
%doc %{_mandir}/man?/*
%if 0%{?has_systemd}
%{_unitdir}/%{name}.service
%{_sbindir}/squid_cache_swap.sh
%endif
%attr(750,%{name},root) %dir %{_localstatedir}/cache/%{name}/
%attr(750,%{name},root) %dir %{_localstatedir}/log/%{name}/
%dir %{squidconfdir}
%config(noreplace) %{squidconfdir}/cachemgr.conf
%config(noreplace) %{squidconfdir}/errorpage.css
%config(noreplace) %{squidconfdir}/errors
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%config(noreplace) %{squidconfdir}/mime.conf
%config(noreplace) %{squidconfdir}/msntauth.conf
%config(noreplace) %{squidconfdir}/%{name}.conf
%config %{squidconfdir}/cachemgr.conf.default
%config %{squidconfdir}/errorpage.css.default
%config %{squidconfdir}/msntauth.conf.default
%config %{squidconfdir}/%{name}.conf.default
%config %{squidconfdir}/%{name}.conf.documented
%config %{_sysconfdir}/pam.d/%{name}
%config %{_sysconfdir}/init.d/%{name}
%config %{_sysconfdir}/permissions.d/%{name}
%dir %{_datadir}/%{name}
%{_datadir}/%{name}/errors
%{_datadir}/%{name}/icons
%config %{_datadir}/%{name}/mib.txt
%{_datadir}/%{name}/mime.conf
%{_datadir}/%{name}/mime.conf.default
%{_sbindir}/basic_db_auth
%{_sbindir}/basic_fake_auth
%{_sbindir}/basic_getpwnam_auth
%{_sbindir}/basic_ldap_auth
%{_sbindir}/basic_msnt_auth
%{_sbindir}/basic_msnt_multi_domain_auth
%{_sbindir}/basic_ncsa_auth
%{_sbindir}/basic_nis_auth
#verify(not mode) %attr(4755,root,shadow) %{_sbindir}/basic_pam_auth
%{_sbindir}/basic_pam_auth
%{_sbindir}/basic_pop3_auth
%{_sbindir}/basic_radius_auth
%{_sbindir}/basic_sasl_auth
%{_sbindir}/basic_smb_auth
%{_sbindir}/basic_smb_auth.sh
%{_sbindir}/cert_tool
%{_sbindir}/digest_edirectory_auth
%{_sbindir}/digest_file_auth
%{_sbindir}/digest_ldap_auth
%{_sbindir}/diskd
%{_sbindir}/ext_edirectory_userip_acl
%{_sbindir}/ext_file_userip_acl
%{_sbindir}/ext_kerberos_ldap_group_acl
%{_sbindir}/ext_ldap_group_acl
%{_sbindir}/ext_unix_group_acl
%{_sbindir}/ext_wbinfo_group_acl
%{_sbindir}/helper-mux.pl
%{_sbindir}/log_file_daemon
%{_sbindir}/negotiate_kerberos_auth
%{_sbindir}/negotiate_kerberos_auth_test
%{_sbindir}/negotiate_wrapper_auth
%{_sbindir}/ntlm_fake_auth
%{_sbindir}/ntlm_smb_lm_auth
%{_sbindir}/pinger
%{_sbindir}/purge
%{_sbindir}/rc%{name}
%{_sbindir}/%{name}
%{_sbindir}/squidclient
%{_sbindir}/unlinkd
%{_sbindir}/url_fake_rewrite
%{_sbindir}/url_fake_rewrite.sh
%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
%dir %{_libdir}/%{name}
%{_libdir}/%{name}/cachemgr.cgi
%changelog

23
squid.sysconfig Normal file
View File

@ -0,0 +1,23 @@
## Path: Network/WWW/Proxy/squid
## Description: squid webproxy options
## Type: integer(1:)
## Default: "60"
#
# kill squid after this timeout in double-seconds with SIGTERM
#
SQUID_SHUTDOWN_TIMEOUT="60"
## Type: text
## Default: "-sY"
#
# squid daemon start options
#
SQUID_START_OPTIONS="-sY"
## Type: integer(1:)
## Default: "4096"
#
# default ulimit to set
#
SQUID_DEFAULT_ULIMT="4096"

16
squid_cache_swap.sh Normal file
View File

@ -0,0 +1,16 @@
#!/bin/bash
if [ -f /etc/sysconfig/squid ]; then
. /etc/sysconfig/squid
fi
SQUID_CONF=${SQUID_CONF:-"/etc/squid/squid.conf"}
CACHE_SWAP=`sed -e 's/#.*//g' $SQUID_CONF | \
grep cache_dir | awk '{ print $3 }'`
for adir in $CACHE_SWAP; do
if [ ! -d $adir/00 ]; then
echo -n "init_cache_dir $adir... "
squid -z -F -f $SQUID_CONF >> /var/log/squid/squid.out 2>&1
fi
done

217
unsquid.pl Normal file
View File

@ -0,0 +1,217 @@
#!/usr/bin/perl -w
#
# unsquid v0.2 -- Squid object dumper.
# Copyright (C) 2000 Avatar <avatar@deva.net>.
#
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, 51 Franklin Street, Suite 500, Boston, MA 02110-1335, USA
#
# $Id: unsquid,v 1.4 2000/03/11 17:31:06 avatar Exp $
=pod
=head1 NAME
unsquid - dump Squid objects
=head1 SYNOPSIS
B<unsquid> S<[ B<-d>I<dir> ]>
S<[ B<-t>I<type> ]>
S<[ B<-fv> ]>
S<[ B<-Vh> ]>
=head1 DESCRIPTION
unsquid dumps Squid cache files specified on the command line into
directories reflecting their original URLs, hence preserving the
original site layouts for off-line browsing.
Typically usage is
find /usr/local/squid/cache/??/ -type f -print | \
xargs unsquid -t 'image/.*' -d /tmp
The command line options are explained below.
=over
=item B<-t>I<type> S<B<--type> I<dir>>
Dump only files matching the MIME type regex I<type>.
=item B<-f> B<--force>
Overwrite existing files. For security reason, this option is disabled
when run as root.
=item B<-v> B<--verbose>
Print the URLs of dumped objects.
=item B<-d>I<dir> S<B<--dest> I<dir>>
Dump the files inside I<dir>.
=item B<-V> B<--version>
Print the version number.
=item B<-h> B<--help>
Print a summary of command line options.
=back
=head1 AUTHOR
Avatar <F<avatar@deva.net>>
=cut
use POSIX;
use Getopt::Long;
use strict;
my $help = <<EOT;
Usage: $0 [OPTION]... FILE...
Dumps Squid objects.
-t, --type TYPE only dump objects matching the regex TYPE
-v, --verbose print dumped object urls
-f, --force overwrite existing files
-d, --dest DIR use DIR as the destination directory for dumping
-V, --version print the version string
-h, --help show this help
EOT
my ($type, $size, $force, $verbose, $showver, $showhelp);
my $destdir = ".";
my $defaultindex = "index.html";
Getopt::Long::Configure("no_ignore_case");
GetOptions("dest=s" => \$destdir,
"type=s" => \$type,
"verbose|v+" => \$verbose,
"force!" => \$force,
"version|V" => \$showver,
"help" => \$showhelp);
if ($showver) {
print <<EOT;
Unsquid version 0.2
Copyright (C) 2000 Avatar <avatar\@deva.net>.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE,
to the extent permitted by law.
EOT
exit;
}
if ($#ARGV < 0 or $showhelp) {
print $help;
exit;
}
if ($force and $< == 0) {
die "$0: root is not allowed to use the force option";
}
for (@ARGV) {
my ($url, $urllen);
# read 4 bytes from offset 56 as the length of the url
open(INFILE, "<$_") or die "$0: cannot open file $_ for reading: $!";
seek(INFILE, 56, SEEK_SET) or die "$0: cannot seek 56 bytes: $!";
read(INFILE, $urllen, 4) or die "$0: cannot read 4 bytes: $!";
$urllen = ord($urllen) - 1; # kill the last NUL
# read the url
read(INFILE, $url, $urllen);
# expand index urls
$url =~ s-/$-/$defaultindex-m;
# scan the contents
my ($seenheader);
while (<INFILE>) {
if ($seenheader) {
print OUTFILE;
next;
}
# if type is specified, do matching
if (/^Content-Type: /i and defined $type) {
m-[^:]*: (\w+/\w+)-;
last if $1 !~ /$type/;
next;
}
# at this point we must have matched the type
if (/^\r$/) {
$seenheader = 1;
makedir($url);
if (! defined $force and -e "$destdir/$url") {
warn "$0: file $destdir/$url exists, skipped";
last;
}
open(OUTFILE, ">$destdir/$url")
or die "$0: cannot open file $destdir/$url for writing: $!";
print "$url\n" if $verbose;
}
}
close(INFILE);
close(OUTFILE);
}
sub makedir {
my ($basename) = @_;
my $path = $destdir;
if (! -d $destdir) {
warn "$0: destination directory $destdir does not exist, making it";
mkdir $destdir, 0777 or die "$0: cannot mkdir $destdir: $!";
}
while( $basename =~ m-^([^/]*)/- ) {
$path .= "/".$1;
if (! -d $path) {
if (! mkdir $path, 0777) {
if (-f $path) {
# move the file in
open FILE, $path
or die "$0: cannot open $path for reading: $!";
undef $/;
my $buf = <FILE>;
$/ = "\n";
close FILE;
unlink $path;
mkdir $path, 0777
or die "$0: cannot make directory $path: $!";
open FILE, ">$path-redirect"
or die "$0: cannot open $path/$defaultindex for writing: $!";
print FILE $buf;
close FILE;
} else {
die "d$0: cannot mkdir $path: $!";
}
}
}
$basename = $';
}
}