forked from pool/squid
08d4caed07
Use URLs to paths that the source validator actually understands and make this acceptable for Tumbleweed. The source validatory uses perl -I/usr/lib/build -MBuild -e Build::show /usr/lib/build/configs/sl13.2.conf squid.spec sources to find the sources; and this seems to not like the %() parts to expand. Would be nice to have this fixed in Tumbleweed - after failing for 19 days OBS-URL: https://build.opensuse.org/request/show/264508 OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=62
486 lines
15 KiB
RPMSpec
486 lines
15 KiB
RPMSpec
#
|
|
# spec file for package squid
|
|
#
|
|
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
|
#
|
|
|
|
|
|
%define squidlibdir %{_libdir}/squid
|
|
%define squidconfdir /etc/squid
|
|
#define snap -20131225-r13064
|
|
|
|
Name: squid
|
|
Summary: A fully featured HTTP/1.0 proxy
|
|
License: GPL-2.0+
|
|
Group: Productivity/Networking/Web/Proxy
|
|
Version: 3.4.9
|
|
Release: 0
|
|
Url: http://www.squid-cache.org/Versions/v3/3.4
|
|
Source0: http://www.squid-cache.org/Versions/v3/3.4/%{name}-%{version}.tar.bz2
|
|
Source1: http://www.squid-cache.org/Versions/v3/3.4/%{name}-%{version}.tar.bz2.asc
|
|
Source2: RELEASENOTES.html
|
|
Source3: squid.init
|
|
Source4: squid.sysconfig
|
|
Source5: pam.squid
|
|
Source6: unsquid.pl
|
|
Source7: %{name}.logrotate
|
|
Source9: %{name}.permissions.easy
|
|
Source10: README.kerberos
|
|
Source11: %{name}.service
|
|
Source13: %{name}.keyring
|
|
Source14: squid.init.rh
|
|
Source15: %{name}.permissions.paranoid
|
|
|
|
#
|
|
# the following patches are downloaded directly from the webserver
|
|
# don't change the names for easier identification
|
|
#
|
|
# please read every file if there is interest about what the patch changes
|
|
# or just visit: http://www.squid-cache.org/Versions/v3/3.2/changesets/
|
|
#
|
|
#
|
|
# Upstream patch
|
|
# Patch0:
|
|
|
|
# do not show some rpmlint warnings
|
|
Source99: squid-rpmlintrc
|
|
# some useful defaults for squid
|
|
Patch100: %{name}-config.patch
|
|
# make build compare happy - remove build dates
|
|
Patch101: %{name}-nobuilddates.patch
|
|
## File is compiled without RPM_OPT_FLAGS
|
|
# squid3 no-rpm-opt-flags <cmdline>:./cf_gen.cc
|
|
Patch102: %{name}-compiled_without_RPM_OPT_FLAGS.patch
|
|
# patch fixes kerberos principalname handling (http://bugs.squid-cache.org/show_bug.cgi?id=4042)
|
|
Patch103: squid-brokenad.patch
|
|
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
|
%if 0%{?suse_version}
|
|
PreReq: %fillup_prereq
|
|
PreReq: %insserv_prereq
|
|
PreReq: /usr/bin/getent
|
|
PreReq: permissions
|
|
PreReq: pwdutils
|
|
%else
|
|
Requires(pre): shadow-utils
|
|
Requires(post): /sbin/chkconfig
|
|
Requires(preun): /sbin/service /sbin/chkconfig
|
|
Requires(postun): /sbin/service
|
|
%endif
|
|
BuildRequires: db-devel
|
|
# needed by bootstrap.sh
|
|
BuildRequires: cyrus-sasl-devel
|
|
BuildRequires: ed
|
|
BuildRequires: expat
|
|
%if 0%{?suse_version} || 0%{?fedora_version} > 8
|
|
BuildRequires: fdupes
|
|
%endif
|
|
BuildRequires: gcc-c++
|
|
BuildRequires: krb5-devel
|
|
BuildRequires: libcap-devel
|
|
BuildRequires: libexpat-devel
|
|
%if 0%{?suse_version} <= 1140
|
|
BuildRequires: libtool
|
|
%else
|
|
BuildRequires: libtool >= 2.4
|
|
%endif
|
|
BuildRequires: openldap2-devel
|
|
BuildRequires: opensp-devel
|
|
BuildRequires: openssl-devel
|
|
BuildRequires: pam-devel
|
|
BuildRequires: pkgconfig
|
|
BuildRequires: sharutils
|
|
%if 0%{?suse_version} < 1220
|
|
BuildRequires: libxml2-devel
|
|
%else
|
|
BuildRequires: pkgconfig(libxml-2.0)
|
|
%endif
|
|
|
|
%if 0%{?suse_version} >= 1210
|
|
BuildRequires: systemd
|
|
%{?systemd_requires}
|
|
%define has_systemd 1
|
|
%endif
|
|
|
|
Requires: logrotate
|
|
Requires: sed
|
|
Provides: http_proxy
|
|
|
|
# due to package rename
|
|
# Wed Aug 15 17:40:30 UTC 2012
|
|
Provides: %{name}3 = %{version}
|
|
Obsoletes: %{name}3 < %{version}
|
|
|
|
%description
|
|
Squid is a fully-featured HTTP/1.0 proxy which is almost (but not quite - we're getting there!) a fully-featured HTTP/1.1 proxy. Squid offers a rich access control, authorization and logging environment to develop web proxy and content serving applications. Squid offers a rich set of traffic optimization options, most of which are enabled by default for simpler installation and high performance.
|
|
|
|
Squid 3.4 represents a new feature release above 3.3.
|
|
|
|
The most important of these new features are:
|
|
|
|
* Helper protocol extensions
|
|
* SSL Server Certificate Validator
|
|
* Store-ID
|
|
* TPROXY Support for OpenBSD 5.1+ and FreeBSD 9+
|
|
* Transaction Annotations
|
|
* Multicast DNS
|
|
|
|
%prep
|
|
#setup -q -n %{name}-%{version}%{snap}
|
|
%setup -q -n %{name}-%{version}
|
|
cp %{S:10} .
|
|
# upstream patches after RELEASE
|
|
#
|
|
##### other patches
|
|
%patch100
|
|
perl -p -i -e 's|/usr/local/bin/perl|/usr/bin/perl|' `find -name "*.pl"`
|
|
chmod a-x CREDITS
|
|
%patch101
|
|
%patch102
|
|
%patch103
|
|
|
|
%build
|
|
export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"
|
|
export CXXFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"
|
|
export LDFLAGS='-Wl,-z,relro,-z,now -pie'
|
|
%configure \
|
|
--disable-strict-error-checking \
|
|
--sysconfdir=%{squidconfdir} \
|
|
--libexecdir=/usr/sbin \
|
|
--datadir=/usr/share/squid \
|
|
--sharedstatedir=/var/squid \
|
|
--with-logdir=/var/log/squid \
|
|
%if 0%{?has_systemd}
|
|
--with-pidfile=/run/squid.pid \
|
|
%else
|
|
--with-pidfile=/var/run/squid.pid \
|
|
%endif
|
|
--with-dl \
|
|
%if 0%{?suse_version} <= 1140
|
|
--with-included-ltdl \
|
|
%endif
|
|
--enable-disk-io \
|
|
--enable-storeio \
|
|
--enable-removal-policies=heap,lru \
|
|
--enable-icmp \
|
|
--enable-delay-pools \
|
|
--enable-esi \
|
|
--enable-icap-client \
|
|
--enable-useragent-log \
|
|
--enable-referer-log \
|
|
--enable-kill-parent-hack \
|
|
--enable-arp-acl \
|
|
--enable-ssl \
|
|
--enable-ssl-crtd \
|
|
--enable-forw-via-db \
|
|
--enable-cache-digests \
|
|
--enable-linux-netfilter \
|
|
--with-large-files \
|
|
--enable-underscores \
|
|
--enable-auth \
|
|
--enable-auth-basic \
|
|
--enable-auth-ntlm \
|
|
--enable-auth-negotiate \
|
|
--enable-auth-digest \
|
|
--enable-external-acl-helpers=LDAP_group,eDirectory_userip,file_userip,kerberos_ldap_group,session,unix_group,wbinfo_group \
|
|
--enable-ntlm-fail-open \
|
|
--enable-stacktraces \
|
|
--enable-x-accelerator-vary \
|
|
--with-default-user=%{name} \
|
|
--disable-ident-lookups \
|
|
--enable-follow-x-forwarded-for \
|
|
--disable-arch-native
|
|
|
|
# overwrite the number of open filedescriptors of configure to 4096
|
|
# to be backward compatible, but numbers above should not be overwritten
|
|
if [ `awk '/SQUID_MAXFD/{print $3}' include/autoconf.h` -lt 4096 ]; then
|
|
set +x
|
|
echo "adapting SQUID_MAXFD to 4096"
|
|
set -x
|
|
perl -pi -e 's;(\#define SQUID_MAXFD) [0-9]+;$1 4096;' include/autoconf.h
|
|
fi
|
|
make SAMBAPREFIX=/usr %{?_smp_mflags}
|
|
|
|
%install
|
|
%{_sbindir}/groupadd -g 31 -r %{name} 2>/dev/null || :
|
|
%{_sbindir}/useradd -c "WWW-proxy squid" -d /var/cache/%{name} \
|
|
-g %{name} -o -u 31 -r -s /bin/false 2> /dev/null || :
|
|
|
|
install -d -m 750 %{buildroot}%{_localstatedir}/{cache,log}/%{name}
|
|
install -d %{buildroot}%{_prefix}/sbin
|
|
|
|
# make_install
|
|
make install DESTDIR=%{buildroot} SAMBAPREFIX=/usr
|
|
|
|
mv %{buildroot}{/etc/%{name}/,/usr/share/%{name}/}mime.conf.default
|
|
ln -s /etc/%{name}/mime.conf %{buildroot}%{_datadir}/%{name} # backward compatible
|
|
|
|
# install permissions files
|
|
cp -a %{SOURCE9} %{name}.easy
|
|
cp -a %{SOURCE9} %{name}.secure
|
|
cp -a %{SOURCE15} %{name}.paranoid
|
|
%if !0%{?has_systemd}
|
|
sed -i -re '/capabilities/d;s@^(/usr/sbin/pinger.*)750@\12750@g' %{name}.easy
|
|
sed -i -re '/capabilities/d;s@^(/usr/sbin/pinger.*)750@\12750@g' %{name}.secure
|
|
sed -i -re '/capabilities/d;s@^(/usr/sbin/pinger.*)750@\1750@g' %{name}.paranoid
|
|
%endif
|
|
|
|
install -D -m 644 %{name}.easy %{buildroot}%{_sysconfdir}/permissions.d/%{name}.easy
|
|
# pinger should be secure "enough" anyway paranoid will strip everything :)
|
|
install -m 644 %{name}.secure %{buildroot}%{_sysconfdir}/permissions.d/%{name}.secure
|
|
install -m 644 %{name}.paranoid %{buildroot}%{_sysconfdir}/permissions.d/%{name}.paranoid
|
|
|
|
# install logrotate file
|
|
install -D -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
|
|
|
|
install -d -m 755 doc/scripts
|
|
install scripts/*.pl doc/scripts
|
|
cat > doc/scripts/cachemgr.readme <<-EOT
|
|
cachemgr.cgi will now be found in %{_libdir}/%{name}
|
|
EOT
|
|
install -d -m 755 %{buildroot}/%{_libdir}/%{name}
|
|
mv %{buildroot}%{_sbindir}/cachemgr.cgi %{buildroot}/%{_libdir}/%{name}
|
|
|
|
install -d -m 755 doc/contrib
|
|
install %{SOURCE6} doc/contrib
|
|
install -D -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pam.d/%{name}
|
|
install -D -m 644 ./helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 %{buildroot}%{_mandir}/man8/ext_kerberos_ldap_group_acl.8
|
|
|
|
rm -rf %{buildroot}%{squidconfdir}/errors
|
|
for i in errors/*; do
|
|
if [ -d $i ]; then
|
|
mkdir -p %{buildroot}%{_datadir}/%{name}/$i
|
|
install -m 644 $i/* %{buildroot}%{_datadir}/%{name}/$i
|
|
fi
|
|
done
|
|
ln -sf /usr/share/%{name}/errors/de %{buildroot}%{squidconfdir}/errors
|
|
|
|
# fix file duplicates
|
|
%if 0%{?suse_version} > 1030
|
|
%fdupes -s %{buildroot}%{_prefix}
|
|
%endif
|
|
%if 0%{?fedora_version} > 8
|
|
fdupes -q -n -r %{buildroot}%{_prefix}
|
|
%endif
|
|
|
|
%if 0%{?has_systemd}
|
|
install -D -m 644 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}.service
|
|
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
|
|
%else # SysVinit
|
|
# fix postrotate script for SysVinit
|
|
sed -i -re 's@/usr/bin/systemctl.*@/etc/init.d/squid reload@g' %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
|
|
%if 0%{?suse_version}
|
|
install -D %{SOURCE3} %{buildroot}%{_sysconfdir}/init.d/%{name}
|
|
ln -sf %{_sysconfdir}/init.d/%{name} %{buildroot}%{_sbindir}/rc%{name}
|
|
%else # lets just assume other are rh based ones...
|
|
install -D %{SOURCE14} %{buildroot}%{_sysconfdir}/init.d/%{name}
|
|
%endif
|
|
%endif
|
|
%if 0%{?suse_version}
|
|
install -D -m644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
|
|
%else
|
|
install -D -m644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/%{name}
|
|
%endif
|
|
|
|
%pre
|
|
# we need this group for /usr/sbin/pinger
|
|
if [ -z "`%{_bindir}/getent group %{name} 2>/dev/null`" ]; then
|
|
%{_sbindir}/groupadd -g 31 -r %{name} 2>/dev/null
|
|
fi
|
|
# we need this group for squid (ntlmauth)
|
|
# read access to /var/lib/samba/winbindd_privileged
|
|
if [ -z "`%{_bindir}/getent group winbind 2>/dev/null`" ]; then
|
|
%{_sbindir}/groupadd -r winbind 2>/dev/null
|
|
fi
|
|
if [ -z "`%{_bindir}/getent passwd squid 2>/dev/null`" ]; then
|
|
%{_sbindir}/useradd -c "WWW-proxy squid" -d /var/cache/%{name} \
|
|
-G winbind -g %{name} -o -u 31 -r -s /bin/false \
|
|
%{name} 2>/dev/null
|
|
fi
|
|
# if squid is not member of winbind, add him
|
|
if [ `%{_bindir}/id -nG %{name} 2>/dev/null | grep -q winbind >/dev/null; echo $?` -ne 0 ]; then
|
|
%{_sbindir}/usermod -G winbind %{name} 2>/dev/null
|
|
fi
|
|
|
|
%if 0%{?has_systemd}
|
|
%service_add_pre %{name}.service
|
|
%endif
|
|
|
|
%post
|
|
%if 0%{?suse_version} >= 1140
|
|
%if 0%{?set_permissions:1}
|
|
%set_permissions %{_sbindir}/pinger
|
|
%set_permissions %{_sbindir}/basic_pam_auth
|
|
%set_permissions %{_localstatedir}/cache/squid/
|
|
%set_permissions %{_localstatedir}/log/squid/
|
|
%else
|
|
%run_permissions
|
|
%endif
|
|
%endif
|
|
# update mode?
|
|
if [ "$1" -gt "1" ]; then
|
|
if [ -e etc/%{name}.conf -a ! -L etc/%{name}.conf -a ! -e etc/%{name}/%{name}.conf ]; then
|
|
echo "moving /etc/%{name}.conf to /etc/%{name}/%{name}.conf"
|
|
mv etc/%{name}.conf etc/%{name}/%{name}.conf
|
|
fi
|
|
# default group changed from nogroup to squid
|
|
%{_sbindir}/usermod -g %{name} %{name}
|
|
fi
|
|
|
|
%if 0%{?has_systemd}
|
|
%service_add_post squid.service
|
|
%else
|
|
%if 0%{?suse_version}
|
|
%{fillup_and_insserv -n "squid"}
|
|
%else
|
|
/sbin/chkconfig --add squid
|
|
%endif
|
|
%endif
|
|
|
|
%preun
|
|
%if 0%{?has_systemd}
|
|
%service_del_preun squid.service
|
|
%else
|
|
%if 0%{?suse_version}
|
|
%stop_on_removal squid
|
|
%else
|
|
if [ $1 = 0 ] ; then
|
|
service squid stop >/dev/null 2>&1
|
|
rm -f /var/log/squid/*
|
|
/sbin/chkconfig --del squid
|
|
fi
|
|
%endif
|
|
%endif
|
|
|
|
%postun
|
|
%if 0%{?suse_version}
|
|
%verifyscript
|
|
%verify_permissions -e /usr/sbin/basic_pam_auth
|
|
%verify_permissions -e /usr/sbin/pinger
|
|
%verify_permissions -e /var/cache/squid/
|
|
%verify_permissions -e /var/log/squid/
|
|
%endif
|
|
|
|
%if 0%{?has_systemd}
|
|
%service_del_postun squid.service
|
|
%else
|
|
%if 0%{?suse_version}
|
|
%restart_on_update squid
|
|
%insserv_cleanup
|
|
%else
|
|
if [ "$1" -ge "1" ] ; then
|
|
service squid condrestart >/dev/null 2>&1
|
|
fi
|
|
%endif
|
|
%endif
|
|
|
|
%files
|
|
%defattr(-,root,root)
|
|
%doc CONTRIBUTORS COPYING COPYRIGHT CREDITS ChangeLog
|
|
%doc QUICKSTART README RELEASENOTES.html SPONSORS*
|
|
%doc README.kerberos
|
|
%doc doc/contrib doc/scripts
|
|
%doc doc/debug-sections.txt src/%{name}.conf.default
|
|
%doc %{_mandir}/man?/*
|
|
%if 0%{?has_systemd}
|
|
%{_unitdir}/%{name}.service
|
|
%else
|
|
%{_sysconfdir}/init.d/%{name}
|
|
%endif
|
|
%verify(not user group mode) %attr(750,%{name},root) %dir %{_localstatedir}/cache/%{name}/
|
|
%verify(not user group mode) %attr(750,%{name},root) %dir %{_localstatedir}/log/%{name}/
|
|
%dir %{squidconfdir}
|
|
%config(noreplace) %{squidconfdir}/cachemgr.conf
|
|
%config(noreplace) %{squidconfdir}/errorpage.css
|
|
%config(noreplace) %{squidconfdir}/errors
|
|
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
|
|
%config(noreplace) %{squidconfdir}/mime.conf
|
|
%config(noreplace) %{squidconfdir}/msntauth.conf
|
|
%config(noreplace) %{squidconfdir}/%{name}.conf
|
|
%config %{squidconfdir}/cachemgr.conf.default
|
|
%config %{squidconfdir}/errorpage.css.default
|
|
%config %{squidconfdir}/msntauth.conf.default
|
|
%config %{squidconfdir}/%{name}.conf.default
|
|
%config %{squidconfdir}/%{name}.conf.documented
|
|
%config %{_sysconfdir}/pam.d/%{name}
|
|
%config %{_sysconfdir}/permissions.d/%{name}.easy
|
|
%config %{_sysconfdir}/permissions.d/%{name}.secure
|
|
%config %{_sysconfdir}/permissions.d/%{name}.paranoid
|
|
%dir %{_datadir}/%{name}
|
|
%{_datadir}/%{name}/errors
|
|
%{_datadir}/%{name}/icons
|
|
%config %{_datadir}/%{name}/mib.txt
|
|
%{_datadir}/%{name}/mime.conf
|
|
%{_datadir}/%{name}/mime.conf.default
|
|
%{_bindir}/purge
|
|
%{_bindir}/squidclient
|
|
%{_sbindir}/basic_db_auth
|
|
%{_sbindir}/basic_fake_auth
|
|
%{_sbindir}/basic_getpwnam_auth
|
|
%{_sbindir}/basic_ldap_auth
|
|
%{_sbindir}/basic_msnt_auth
|
|
%{_sbindir}/basic_msnt_multi_domain_auth
|
|
%{_sbindir}/basic_ncsa_auth
|
|
%{_sbindir}/basic_nis_auth
|
|
%verify(not user group mode) %attr(2750,root,shadow) %{_sbindir}/basic_pam_auth
|
|
#{_sbindir}/basic_pam_auth
|
|
%{_sbindir}/basic_pop3_auth
|
|
%{_sbindir}/basic_radius_auth
|
|
%{_sbindir}/basic_sasl_auth
|
|
%{_sbindir}/basic_smb_auth
|
|
%{_sbindir}/basic_smb_auth.sh
|
|
%{_sbindir}/cert_tool
|
|
%{_sbindir}/cert_valid.pl
|
|
#{_sbindir}/digest_edirectory_auth
|
|
%{_sbindir}/digest_file_auth
|
|
%{_sbindir}/digest_ldap_auth
|
|
%{_sbindir}/diskd
|
|
%{_sbindir}/ext_edirectory_userip_acl
|
|
%{_sbindir}/ext_file_userip_acl
|
|
%{_sbindir}/ext_kerberos_ldap_group_acl
|
|
%{_sbindir}/ext_ldap_group_acl
|
|
%{_sbindir}/ext_session_acl
|
|
%{_sbindir}/ext_unix_group_acl
|
|
%{_sbindir}/ext_wbinfo_group_acl
|
|
%{_sbindir}/helper-mux.pl
|
|
%{_sbindir}/log_db_daemon
|
|
%{_sbindir}/log_file_daemon
|
|
%{_sbindir}/negotiate_kerberos_auth
|
|
%{_sbindir}/negotiate_kerberos_auth_test
|
|
%{_sbindir}/negotiate_wrapper_auth
|
|
%{_sbindir}/ntlm_fake_auth
|
|
%{_sbindir}/ntlm_smb_lm_auth
|
|
# not working %%caps(cap_net_raw=ep)
|
|
%if 0%{?has_systemd}
|
|
%verify(not user group mode caps) %attr(750,root,squid) %{_sbindir}/pinger
|
|
%else
|
|
%verify(not user group mode) %attr(2750,root,squid) %{_sbindir}/pinger
|
|
%endif
|
|
%{_sbindir}/%{name}
|
|
%{_sbindir}/ssl_crtd
|
|
%{_sbindir}/storeid_file_rewrite
|
|
%{_sbindir}/unlinkd
|
|
%{_sbindir}/url_fake_rewrite
|
|
%{_sbindir}/url_fake_rewrite.sh
|
|
%if 0%{?suse_version}
|
|
%{_sbindir}/rc%{name}
|
|
%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
|
|
%else
|
|
%{_sysconfdir}/sysconfig/%{name}
|
|
%endif
|
|
%dir %{_libdir}/%{name}
|
|
%{_libdir}/%{name}/cachemgr.cgi
|
|
|
|
%changelog
|