File squid.spec of Package squid.openSUSE_Leap_42.2_Update
#
# spec file for package squid
#
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
%define         squidlibdir %{_libdir}/squid
%define         squidconfdir %{_sysconfdir}/squid
Name:           squid
Version:        3.5.21
Release:        0
Summary:        A fully featured HTTP/1.0 proxy
License:        GPL-2.0+
Group:          Productivity/Networking/Web/Proxy
Url:            http://www.squid-cache.org/Versions/v3/3.5
Source0:        http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz
Source1:        http://www.squid-cache.org/Versions/v3/3.5/%{name}-%{version}.tar.xz.asc
Source3:        squid.init
Source4:        squid.sysconfig
Source5:        pam.squid
Source6:        unsquid.pl
Source7:        %{name}.logrotate
Source9:        %{name}.permissions
Source10:       README.kerberos
Source11:       %{name}.service
Source13:       %{name}.keyring
Source14:       squid.init.rh
Source15:       cache_dir.sed
Source16:       initialize_cache_if_needed.sh
Patch1:         http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_10_a.patch
Patch2:         SQUID-2016_11_port.patch
Patch3:         nonce-replay.patch
Patch4:         r14121.patch
# do not show some rpmlint warnings
Source99:       squid-rpmlintrc
# some useful defaults for squid
Patch100:       %{name}-config.patch
# patch fixes kerberos principalname handling (http://bugs.squid-cache.org/show_bug.cgi?id=4042)
Patch103:       squid-brokenad.patch
#patch fix SLE 11 target... BAD PATCH
Patch104:       squid-old-kerberos.patch
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
# BuildRequires:  autoconf
# BuildRequires:  automake
# If you want to run unit tests, these also need mounted /dev/shm and /proc
# BuildRequires:  cppunit-devel
BuildRequires:  db-devel
# needed by bootstrap.sh
BuildRequires:  cyrus-sasl-devel
BuildRequires:  ed
BuildRequires:  expat
#
BuildRequires:  fdupes
BuildRequires:  gcc-c++
BuildRequires:  krb5-devel
BuildRequires:  libcap-devel
BuildRequires:  libexpat-devel
%if 0%{?suse_version} <= 1140
BuildRequires:  libtool
%else
BuildRequires:  libtool >= 2.4
%endif
%if 0%{?suse_version} < 1220
BuildRequires:  libxml2-devel
BuildRequires:  xz
%else
BuildRequires:  pkgconfig(libxml-2.0)
%endif
BuildRequires:  openldap2-devel
BuildRequires:  opensp-devel
BuildRequires:  openssl-devel
BuildRequires:  pam-devel
BuildRequires:  pkgconfig
BuildRequires:  sharutils
%if 0%{?suse_version}
Requires(post): %fillup_prereq
Requires(pre):  %{_bindir}/getent
%if 0%{?suse_version} < 1140
Requires(pre):  permissions
%else
Requires(pre):  permissions >= 2014.11
%endif
Requires(pre):  pwdutils
%else
Requires(pre): shadow-utils
Requires(post): /sbin/chkconfig
Requires(preun): /sbin/service /sbin/chkconfig
Requires(postun): /sbin/service
%endif
%if 0%{?suse_version} > 1210
BuildRequires:  systemd
%{?systemd_requires}
%define has_systemd 1
%else
Requires(pre):  %insserv_prereq
%endif
Requires:       logrotate
Provides:       http_proxy
# due to package rename
# Wed Aug 15 17:40:30 UTC 2012
Provides:       %{name}3 = %{version}
Obsoletes:      %{name}3 < %{version}
%description
Squid is a fully-featured HTTP/1.0 proxy which is almost (but not quite - we're getting there!) a fully-featured HTTP/1.1 proxy. Squid offers a rich access control, authorization and logging environment to develop web proxy and content serving applications. Squid offers a rich set of traffic optimization options, most of which are enabled by default for simpler installation and high performance. 
Squid 3.5 represents a new feature release above 3.4.
The most important of these new features are:
  * Support libecap v1.0
  * Authentication helper query extensions
  * Support named services
  * Upgraded squidclient tool
  * Helper support for concurrency channels
  * Native FTP Relay
  * Receive PROXY protocol, Versions 1 & 2
  * Basic authentication MSNT helper changes
%prep
%setup -q
cp %{SOURCE10} .
# upstream patches after RELEASE
%patch1
%patch2 -p1
%patch3
%patch4
##### other patches
%patch100
perl -p -i -e 's|%{_prefix}/local/bin/perl|%{_bindir}/perl|' `find -name "*.pl"`
chmod a-x CREDITS
%patch103
%patch104
%build
# autoreconf -fi
export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"
export CXXFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"
export LDFLAGS="-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro,-z,now -pie"
%configure \
	--disable-strict-error-checking \
	--sysconfdir=%{squidconfdir} \
	--libexecdir=%{_sbindir} \
	--datadir=%{_datadir}/squid \
	--sharedstatedir=%{_localstatedir}/squid \
	--with-logdir=%{_localstatedir}/log/squid \
%if 0%{?has_systemd}
	--with-pidfile=/run/squid.pid \
%else
	--with-pidfile=%{_localstatedir}/run/squid.pid \
%endif
	--with-dl \
%if 0%{?suse_version} <= 1140
	--with-included-ltdl \
%endif
	--enable-disk-io \
	--enable-storeio \
	--enable-removal-policies=heap,lru \
	--enable-icmp \
	--enable-delay-pools \
	--enable-esi \
	--enable-icap-client \
	--enable-useragent-log \
	--enable-referer-log \
	--enable-kill-parent-hack \
	--enable-arp-acl \
	--enable-ssl-crtd \
	--with-openssl \
	--enable-forw-via-db \
	--enable-cache-digests \
	--enable-linux-netfilter \
	--with-large-files \
	--enable-underscores \
	--enable-auth \
	--enable-auth-basic \
	--enable-auth-ntlm \
	--enable-auth-negotiate \
	--enable-auth-digest \
	--enable-external-acl-helpers=LDAP_group,eDirectory_userip,file_userip,kerberos_ldap_group,session,unix_group,wbinfo_group \
	--enable-stacktraces \
	--enable-x-accelerator-vary \
	--with-default-user=%{name} \
	--disable-ident-lookups \
	--enable-follow-x-forwarded-for \
	--disable-arch-native
# overwrite the number of open filedescriptors of configure to 4096
# to be backward compatible, but numbers above should not be overwritten
if [ `awk '/SQUID_MAXFD/{print $3}' include/autoconf.h` -lt 4096 ]; then
     set +x
     echo "adapting SQUID_MAXFD to 4096"
     set -x
     perl -pi -e 's;(\#define SQUID_MAXFD) [0-9]+;$1 4096;' include/autoconf.h
fi
make SAMBAPREFIX=/usr %{?_smp_mflags}
%install
%{_sbindir}/groupadd -g 31 -r %{name} 2>/dev/null || :
%{_sbindir}/useradd -c "WWW-proxy squid" -d %{_localstatedir}/cache/%{name} \
  -g %{name} -o -u 31 -r -s /bin/false 2> /dev/null || :
install -d -m 750 %{buildroot}%{_localstatedir}/{cache,log}/%{name}
install -d %{buildroot}%{_prefix}/sbin
# make_install
make install DESTDIR=%{buildroot} SAMBAPREFIX=/usr
mv %{buildroot}{%{_sysconfdir}/%{name}/,%{_datadir}/%{name}/}mime.conf.default
ln -s %{_sysconfdir}/%{name}/mime.conf %{buildroot}%{_datadir}/%{name} # backward compatible
%if 0%{?suse_version} < 1140
# permissions file
install -D -m 644 %{SOURCE9} %{buildroot}%{_sysconfdir}/permissions.d/%{name}
%endif
# install logrotate file
install -D -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
install -d -m 755 doc/scripts
install scripts/*.pl doc/scripts
cat > doc/scripts/cachemgr.readme <<-EOT
	cachemgr.cgi will now be found in %{_libdir}/%{name}
EOT
install -d -m 755 %{buildroot}/%{_libdir}/%{name}
mv %{buildroot}%{_sbindir}/cachemgr.cgi %{buildroot}/%{_libdir}/%{name}
install -d -m 755 doc/contrib
install %{SOURCE6} doc/contrib
install -D -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pam.d/%{name}
install -D -m 644 ./helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 %{buildroot}%{_mandir}/man8/ext_kerberos_ldap_group_acl.8
rm -rf %{buildroot}%{squidconfdir}/errors
for i in errors/*; do
  if [ -d $i ]; then
    mkdir -p %{buildroot}%{_datadir}/%{name}/$i
    install -m 644 $i/* %{buildroot}%{_datadir}/%{name}/$i
  fi
done
ln -sf %{_datadir}/%{name}/errors/de %{buildroot}%{squidconfdir}/errors
# fix file duplicates
%if 0%{?suse_version} > 1030
%fdupes -s %{buildroot}%{_prefix}
%endif
%if 0%{?fedora_version} > 8
fdupes -q -n -r %{buildroot}%{_prefix}
%endif
# systemd vs SysVinit
%if 0%{?has_systemd}
  install -D -m 644 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}.service
  install -D -m 755 %{SOURCE15} %{buildroot}%{squidlibdir}/cache_dir.sed
  install -D -m 755 %{SOURCE16} %{buildroot}%{squidlibdir}/initialize_cache_if_needed.sh
  sed -i -e 's!%%{_libdir}!%{_libdir}!' %{buildroot}%{_unitdir}/%{name}.service
  ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
%else # SysVinit
  # fix postrotate script for SysVinit
  sed -i -re 's@/usr/bin/systemctl.*@/etc/init.d/squid reload@g' %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
 %if 0%{?suse_version}
  install -D %{SOURCE3} %{buildroot}%{_sysconfdir}/init.d/%{name}
  ln -sf %{_sysconfdir}/init.d/%{name} %{buildroot}%{_sbindir}/rc%{name}
 %else # lets just assume other are rh based ones...
  install -D %{SOURCE14} %{buildroot}%{_sysconfdir}/init.d/%{name}
 %endif
%endif
%if 0%{?suse_version}
 install -D -m644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
%else
 install -D -m644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/%{name}
%endif
# Move the MIB definition to the proper place (and name)
mkdir -p $RPM_BUILD_ROOT/usr/share/snmp/mibs
mv $RPM_BUILD_ROOT/usr/share/squid/mib.txt \
  $RPM_BUILD_ROOT/usr/share/snmp/mibs/SQUID-MIB.txt
%pre
# we need this group for /usr/sbin/pinger
if [[ -z $(%{_bindir}/getent group %{name} 2>/dev/null) ]]; then
  %{_sbindir}/groupadd -g 31 -r %{name} 2>/dev/null
fi
# we need this group for squid (ntlmauth)
# read access to /var/lib/samba/winbindd_privileged
if [[ -z $(%{_bindir}/getent group winbind 2>/dev/null) ]]; then
  %{_sbindir}/groupadd -r winbind 2>/dev/null
fi
if [[ -z $(%{_bindir}/getent passwd squid 2>/dev/null) ]]; then
  %{_sbindir}/useradd -c "WWW-proxy squid" -d %{_localstatedir}/cache/%{name} \
    -G winbind -g %{name} -o -u 31 -r -s /bin/false \
    %{name} 2>/dev/null
fi
# if default group is not squid, change it
if [[ "$(%{_bindir}/id -ng %{name} 2>/dev/null)" != "%{name}" ]]; then
  %{_sbindir}/usermod -g %{name} %{name} 2>/dev/null
fi 
# if squid is not member of winbind, add him
if [[ $(%{_bindir}/id -nG %{name} 2>/dev/null | grep -q winbind >/dev/null; echo $?) -ne 0 ]]; then
  %{_sbindir}/usermod -G winbind %{name} 2>/dev/null
fi
%if 0%{?has_systemd}
%service_add_pre %{name}.service
%endif
# update mode?
if [ "$1" -gt "1" ]; then
  if [ -e %{_sysconfdir}/%{name}.conf -a ! -L %{_sysconfdir}/%{name}.conf -a ! -e %{_sysconfdir}/%{name}/%{name}.conf ]; then
    echo "moving %{_sysconfdir}/%{name}.conf to %{_sysconfdir}/%{name}/%{name}.conf"
    mv %{_sysconfdir}/%{name}.conf %{_sysconfdir}/%{name}/%{name}.conf
  fi
fi
# emulate_httpd_log is gone with 3.2 not 3.5
### rpmlint is complaining about modifying squid.conf
#if [ -e etc/%%{name}/%%{name}.conf ]; then
#  sed -i '/emulate_httpd_log/d' /etc/%{name}/%{name}.conf
#fi
%pretrans -p <lua>
-- Directory to symlink is not working in RPM so workaround it
-- Occurs when updating from 3.4 to 3.5
error_dir="%{_datadir}/%{name}/errors/"
bad_ones={"zh-cn","zh-tw"}
print("cleaning up old directories")
for i,f in pairs(bad_ones) do
  pstat = posix.stat(error_dir..f)
  if pstat and pstat.type == "directory" then
     print ("moving away "..error_dir..f.." to "..error_dir..f .. ".rpmmoved")
     --posix.rmdir(error_dir..f)
     os.rename(error_dir..f, error_dir..f .. ".rpmmoved")
  end
end
%post
%if 0%{?suse_version} >= 1140
 %if 0%{?set_permissions:1}
%set_permissions %{_sbindir}/basic_pam_auth
%set_permissions %{_sbindir}/pinger
%set_permissions %{_localstatedir}/cache/squid/
%set_permissions %{_localstatedir}/log/squid/
 %else
%run_permissions
 %endif
%endif
%if 0%{?has_systemd}
%service_add_post squid.service
%fillup_only
%else
 %if 0%{?suse_version}
%{fillup_and_insserv -n "squid"}
 %else
   /sbin/chkconfig --add squid
 %endif
%endif
%preun
%if 0%{?has_systemd}
%service_del_preun squid.service
%else
 %if 0%{?suse_version}
%stop_on_removal squid
 %else
   if [ $1 = 0 ] ; then
     service squid stop >/dev/null 2>&1
     rm -f /var/log/squid/*
     /sbin/chkconfig --del squid
   fi
 %endif
%endif
%if 0%{?suse_version}
%verifyscript
%verify_permissions -e %{_sbindir}/basic_pam_auth
%verify_permissions -e %{_sbindir}/pinger
%verify_permissions -e %{_localstatedir}/cache/squid/
%verify_permissions -e %{_localstatedir}/log/squid/
%endif
%postun
%if 0%{?has_systemd}
%service_del_postun squid.service
%else
 %if 0%{?suse_version}
%restart_on_update squid
%insserv_cleanup
 %else
  if [ "$1" -ge "1" ] ; then
    service squid condrestart >/dev/null 2>&1
  fi
 %endif
%endif
%files
%defattr(-,root,root)
%doc ChangeLog CONTRIBUTORS COPYING CREDITS
%doc QUICKSTART README RELEASENOTES.html SPONSORS*
%doc README.kerberos
%doc doc/contrib doc/scripts
%doc doc/debug-sections.txt src/%{name}.conf.default
%doc %{_mandir}/man?/*
%if 0%{?has_systemd}
%{_unitdir}/%{name}.service
%{squidlibdir}/initialize_cache_if_needed.sh
%{squidlibdir}/cache_dir.sed
%else
%{_sysconfdir}/init.d/%{name}
%endif
%verify(not user group mode) %attr(750,%{name},root) %dir %{_localstatedir}/cache/%{name}/
%verify(not user group mode) %attr(750,%{name},root) %dir %{_localstatedir}/log/%{name}/
%dir %{squidconfdir}
%config(noreplace) %{squidconfdir}/cachemgr.conf
%config(noreplace) %{squidconfdir}/errorpage.css
%config(noreplace) %{squidconfdir}/errors
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%config(noreplace) %{squidconfdir}/mime.conf
%config(noreplace) %{squidconfdir}/%{name}.conf
%config %{squidconfdir}/cachemgr.conf.default
%config %{squidconfdir}/errorpage.css.default
%config %{squidconfdir}/%{name}.conf.default
%config %{squidconfdir}/%{name}.conf.documented
%config %{_sysconfdir}/pam.d/%{name}
%if 0%{?suse_version} < 1140
%config %{_sysconfdir}/permissions.d/%{name}
%endif
%dir %{_datadir}/%{name}
%dir %{_datadir}/snmp
%dir %{_datadir}/snmp/mibs
%{_datadir}/%{name}/errors
%{_datadir}/%{name}/icons
%{_datadir}/%{name}/mime.conf
%{_datadir}/%{name}/mime.conf.default
%{_datadir}/snmp/mibs/SQUID-MIB.txt
%{_bindir}/purge
%{_bindir}/squidclient
%{_sbindir}/basic_db_auth
%{_sbindir}/basic_fake_auth
%{_sbindir}/basic_getpwnam_auth
%{_sbindir}/basic_ldap_auth
%{_sbindir}/digest_edirectory_auth
## will get removed in 3.6 series
# http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html#toc2.8
%{_sbindir}/basic_msnt_multi_domain_auth
##
%{_sbindir}/basic_ncsa_auth
%{_sbindir}/basic_nis_auth
%if 0%{?suse_version} < 1140
%{_sbindir}/basic_pam_auth
%else
%verify(not mode) %attr(2750,root,shadow) %{_sbindir}/basic_pam_auth
%endif
%{_sbindir}/basic_pop3_auth
%{_sbindir}/basic_radius_auth
%{_sbindir}/basic_sasl_auth
%{_sbindir}/basic_smb_auth
%{_sbindir}/basic_smb_auth.sh
## basic_msnt_auth has been deprecated and renamed to
# http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html#toc2.8
%{_sbindir}/basic_smb_lm_auth
##
%{_sbindir}/cert_tool
%{_sbindir}/cert_valid.pl
%{_sbindir}/digest_file_auth
%{_sbindir}/digest_ldap_auth
%{_sbindir}/diskd
%{_sbindir}/ext_edirectory_userip_acl
%{_sbindir}/ext_file_userip_acl
%{_sbindir}/ext_kerberos_ldap_group_acl
%{_sbindir}/ext_ldap_group_acl
%{_sbindir}/ext_session_acl
%{_sbindir}/ext_unix_group_acl
%{_sbindir}/ext_wbinfo_group_acl
%{_sbindir}/helper-mux.pl
%{_sbindir}/log_db_daemon
%{_sbindir}/log_file_daemon
%{_sbindir}/negotiate_kerberos_auth
%{_sbindir}/negotiate_kerberos_auth_test
%{_sbindir}/negotiate_wrapper_auth
%{_sbindir}/ntlm_fake_auth
%{_sbindir}/ntlm_smb_lm_auth
# not working %%caps(cap_net_raw=ep)
%if 0%{?suse_version} < 1140
%attr(0750,root,squid) %{_sbindir}/pinger
%else
%verify(not user group mode caps) %attr(0750,root,squid) %{_sbindir}/pinger
%endif
%{_sbindir}/%{name}
%{_sbindir}/ssl_crtd
%{_sbindir}/storeid_file_rewrite
%{_sbindir}/unlinkd
%{_sbindir}/url_fake_rewrite
%{_sbindir}/url_fake_rewrite.sh
%if 0%{?suse_version}
%{_sbindir}/rc%{name}
%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
%else
%{_sysconfdir}/sysconfig/%{name}
%endif
%dir %{_libdir}/%{name}
%{_libdir}/%{name}/cachemgr.cgi
%changelog