LogoopenSUSE Build Service > Projects
Sign Up | Log In

View File squid.spec of Package squid (Project server:proxy)

# spec file for package squid
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/

%define		squidlibdir %{_libdir}/squid
%define		squidconfdir /etc/squid

Name:           squid
Summary:        Squid Version 3.2 WWW Proxy Server
License:        GPL-2.0+
Group:          Productivity/Networking/Web/Proxy
Version:        3.2.9
Release:        0
Url:            http://www.squid-cache.org/Versions/v3/3.2
Source0:        http://www.squid-cache.org/Versions/v3/3.2/%{name}-%{version}.tar.bz2
Source1:        %{name}-%{version}.tar.bz2.asc
Source2:        RELEASENOTES.html
Source3:        squid.init
Source4:        squid.sysconfig
Source5:        pam.squid
Source6:        unsquid.pl
Source7:        %{name}.logrotate
Source9:        %{name}.permissions
Source10:       README.kerberos
Source11:       %{name}.service
Source13:       %{name}.keyring
# the following patches are downloaded directly from the webserver
# don't change the names for easier identification
# please read every file if there is interest about what the patch changes
# or just visit: http://www.squid-cache.org/Versions/v3/3.0/changesets/
# [request|reply]_header_* manglers fixes to handle custom headers
#Patch0:         http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11611.patch
# cache.log analysis: Add a pattern to report alive (opened and not closed) FDs.
#Patch1:         http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11612.patch
# do not show some rpmlint warnings
Source99:       rpmlintrc
# some useful defaults for squid
Patch100:       %{name}-config.patch
# make build compare happy - remove build dates
Patch101:       %{name}-nobuilddates.patch
## File is compiled without RPM_OPT_FLAGS
# squid3 no-rpm-opt-flags <cmdline>:./cf_gen.cc
Patch102:       %{name}-compiled_without_RPM_OPT_FLAGS.patch
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
PreReq:         %fillup_prereq
PreReq:         %insserv_prereq
PreReq:         /usr/bin/getent
PreReq:         permissions
PreReq:         pwdutils
BuildRequires:  db-devel
# needed by bootstrap.sh
BuildRequires:  cyrus-sasl-devel
BuildRequires:  ed
BuildRequires:  expat
BuildRequires:  gcc-c++
BuildRequires:  gpg-offline
BuildRequires:  libcap-devel
BuildRequires:  libexpat-devel
BuildRequires:  libtool
BuildRequires:  openldap2-devel
BuildRequires:  opensp-devel
BuildRequires:  openssl-devel
BuildRequires:  pam-devel
BuildRequires:  pkgconfig
BuildRequires:  sharutils
%if 0%{?sles_version} == 9
BuildRequires:  heimdal-devel
BuildRequires:  krb5-devel
%if 0%{?suse_version} > 1030 || 0%{?fedora_version} > 8
BuildRequires:  fdupes
%if 0%{?suse_version} >= 1130
BuildRequires:  pkgconfig(libxml-2.0)
BuildRequires:  libxml2-devel

%if 0%{?suse_version} > 1140
BuildRequires:  systemd
%define has_systemd 1

Requires:       logrotate
Requires:       sed
Provides:       http_proxy

# due to package rename
# Wed Aug 15 17:40:30 UTC 2012
Provides:       %{name}3 = %{version}
Obsoletes:      %{name}3 < %{version}

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator.

Squid 3.2 represents a new feature release above 3.1.

The most important of these new features are:

 * CVE-2009-0801 : NAT interception vulnerability to malicious clients.
 * NCSA helper DES algorithm password limits
 * SMP scalability
 * Helper Multiplexer and On-Demand
 * Helper Name Changes
 * Multi-Lingual manuals
 * Solaris 10 pthreads Support
 * Surrogate/1.0 protocol extensions to HTTP
 * Logging Infrastructure Updated
 * Client Bandwidth Limits
 * Better eCAP support
 * Cache Manager access changes

  First STABLE release Date: 02 Aug 2010
  Latest Release: 3.2.9
  Latest Release Date: 12 Mar 2013

%gpg_verify %{S:1}
%setup -q -n %{name}-%{version}
cp %{S:10} .
# upstream patches after RELEASE
##### other patches
perl -p -i -e 's|/usr/local/bin/perl|/usr/bin/perl|' `find -name "*.pl"`
chmod a-x CREDITS

export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"
export CXXFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"
export LDFLAGS='-Wl,-z,relro,-z,now -pie'
./configure --prefix=/usr \
	--sysconfdir=%{squidconfdir} \
	--bindir=/usr/sbin \
	--sbindir=/usr/sbin \
	--localstatedir=/var \
	--libexecdir=/usr/sbin \
	--datadir=/usr/share/squid \
	--mandir=%{_mandir} \
	--libdir=%{_libdir} \
	--sharedstatedir=/var/squid \
	--with-logdir=/var/log/squid \
	--with-pidfile=/var/run/squid.pid \
	--with-dl \
	--enable-disk-io \
	--enable-storeio \
	--enable-removal-policies=heap,lru \
	--enable-icmp \
	--enable-delay-pools \
	--enable-esi \
	--enable-icap-client \
	--enable-useragent-log \
	--enable-referer-log \
	--enable-kill-parent-hack \
	--enable-arp-acl \
	--enable-ssl \
	--enable-forw-via-db \
	--enable-cache-digests \
	--enable-linux-netfilter \
	--with-large-files \
	--enable-underscores \
	--enable-auth \
	--enable-auth-basic \
	--enable-auth-ntlm \
	--enable-auth-negotiate \
	--enable-auth-digest \
	--enable-external-acl-helpers=LDAP_group,eDirectory_userip,file_userip,kerberos_ldap_group,session,unix_group,wbinfo_group \
	--enable-ntlm-fail-open \
	--enable-stacktraces \
	--enable-x-accelerator-vary \
	--with-default-user=%{name} \
	--disable-ident-lookups \

# overwrite the number of open filedescriptors of configure to 4096
# to be backward compatible, but numbers above should not be overwritten
if [ `awk '/SQUID_MAXFD/{print $3}' include/autoconf.h` -lt 4096 ]; then
     set +x
     echo "adapting SQUID_MAXFD to 4096"
     set -x
     perl -pi -e 's;(\#define SQUID_MAXFD) [0-9]+;$1 4096;' include/autoconf.h
make SAMBAPREFIX=/usr %{?_smp_mflags}

/usr/sbin/useradd -r -o -g nogroup -u 31 -s /bin/false -c "WWW-proxy squid" \
	-d /var/cache/%{name} %{name} 2> /dev/null || :
install -d %{buildroot}%{_localstatedir}/{cache,log}/%{name}
chmod 750 %{buildroot}%{_localstatedir}/{cache,log}/%{name}
install -d %{buildroot}%{_prefix}/sbin
make install DESTDIR=%{buildroot} SAMBAPREFIX=/usr
mv %{buildroot}{/etc/%{name}/,/usr/share/%{name}/}mime.conf.default
ln -s /etc/%{name}/mime.conf %{buildroot}%{_datadir}/%{name} # backward compatible
install -d -m 755 %{buildroot}%{_sysconfdir}/permissions.d
install -m 644 %{SOURCE9} %{buildroot}%{_sysconfdir}/permissions.d/%{name}
install -d -m 755 %{buildroot}%{_sysconfdir}/logrotate.d
install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
install -D %{SOURCE3} %{buildroot}%{_sysconfdir}/init.d/%{name}
ln -sf %{_sysconfdir}/init.d/%{name} %{buildroot}%{_sbindir}/rcsquid
install -D -m644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}

install -d -m 755 doc/scripts
install scripts/*.pl doc/scripts
cat > doc/scripts/cachemgr.readme <<-EOT
	cachemgr.cgi will now be found in %{_libdir}/%{name}
install -d -m 755 %{buildroot}/%{_libdir}/%{name}
mv %{buildroot}%{_sbindir}/cachemgr.cgi %{buildroot}/%{_libdir}/%{name}

install -d -m 755 doc/contrib
install %{SOURCE6} doc/contrib
install -D -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pam.d/%{name}

rm -rf %{buildroot}%{squidconfdir}/errors
for i in errors/*; do
  if [ -d $i ]; then
    mkdir -p %{buildroot}%{_datadir}/%{name}/$i
    install -m 644 $i/* %{buildroot}%{_datadir}/%{name}/$i
ln -sf /usr/share/%{name}/errors/de %{buildroot}%{squidconfdir}/errors

# fix file duplicates
%if 0%{?suse_version} > 1030
%fdupes -s %{buildroot}%{_prefix}
%if 0%{?fedora_version} > 8
fdupes -q -n -r %{buildroot}%{_prefix}

%if 0%{?has_systemd}
install -D -m 644 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}.service

# we need this group for squid (ntlmauth)
# read access to /var/lib/samba/winbindd_privileged
if [ -z "`%{_bindir}/getent group winbind 2>/dev/null`" ]; then
  %{_sbindir}/groupadd -r winbind 2>/dev/null
if [ -z "`%{_bindir}/getent passwd squid 2>/dev/null`" ]; then
  %{_sbindir}/useradd -c "WWW-proxy squid" -d /var/cache/%{name} \
    -G winbind -g nogroup -o -u 31 -r -s /bin/false \
    %{name} 2>/dev/null
# if squid is not member of winbind, add him
if [ `%{_bindir}/id -nG %{name} 2>/dev/null | grep -q winbind >/dev/null; echo $?` -ne 0 ]; then
  %{_sbindir}/groupmod -A %{name} winbind 2>/dev/null

%if 0%{?has_systemd}
%service_add_pre %{name}.service

%if 0%{?sles_version} == 10
sed -i -e "s,\(^%{_sbindir}/pam_auth.*\)\(2755\),\14755," /etc/permissions.secure
%if 0%{?suse_version} >= 1140
%set_permissions %{_localstatedir}/cache/%{name}
%set_permissions %{_localstatedir}/log/%{name}
# update mode?
if [ "$1" -gt "1" ]; then
  if [ -e etc/%{name}.conf -a ! -L etc/%{name}.conf -a ! -e etc/%{name}/%{name}.conf ]; then
    echo "moving /etc/%{name}.conf to /etc/%{name}/%{name}.conf"
    mv etc/%{name}.conf etc/%{name}/%{name}.conf
%{fillup_and_insserv -n "squid"}

%if 0%{?has_systemd}
%service_add_post squid.service

%stop_on_removal squid

%if 0%{?has_systemd}
%service_del_preun squid.service


%if 0%{?has_systemd}
%service_del_postun squid.service

%restart_on_update squid
%verify_permissions -e /usr/sbin/pam_auth

rm -rf %{buildroot}

%doc README.kerberos
%doc doc/contrib doc/scripts
%doc doc/debug-sections.txt src/%{name}.conf.default
%doc %{_mandir}/man?/*
%if 0%{?has_systemd}
%attr(750,%{name},root) %dir %{_localstatedir}/cache/%{name}/
%attr(750,%{name},root) %dir %{_localstatedir}/log/%{name}/
%dir %{squidconfdir}
%config(noreplace) %{squidconfdir}/cachemgr.conf
%config(noreplace) %{squidconfdir}/errorpage.css
%config(noreplace) %{squidconfdir}/errors
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%config(noreplace) %{squidconfdir}/mime.conf
%config(noreplace) %{squidconfdir}/msntauth.conf
%config(noreplace) %{squidconfdir}/%{name}.conf
%config %{squidconfdir}/cachemgr.conf.default
%config %{squidconfdir}/errorpage.css.default
%config %{squidconfdir}/msntauth.conf.default
%config %{squidconfdir}/%{name}.conf.default
%config %{squidconfdir}/%{name}.conf.documented
%config %{_sysconfdir}/pam.d/%{name}
%config %{_sysconfdir}/init.d/%{name}
%config %{_sysconfdir}/permissions.d/%{name}
%dir %{_datadir}/%{name}
%config %{_datadir}/%{name}/mib.txt
#verify(not mode) %attr(4755,root,shadow) %{_sbindir}/basic_pam_auth
%dir %{_libdir}/%{name}