1 |
%define build_test 0 |
2 |
|
3 |
# commandline overrides: |
4 |
# rpm -ba|--rebuild --with 'xxx' |
5 |
%{?_with_test: %{expand: %%global build_test 1}} |
6 |
%{?_without_test: %{expand: %%global build_test 0}} |
7 |
|
8 |
%define defaultmaxfiles 8192 |
9 |
|
10 |
Summary: The Squid proxy caching server |
11 |
Name: squid |
12 |
Version: 5.4.1 |
13 |
Release: %mkrel 1 |
14 |
License: GPLv2 |
15 |
Group: System/Servers |
16 |
URL: http://www.squid-cache.org/ |
17 |
Source0: http://www.squid-cache.org/Versions/v5/squid-%{version}.tar.gz |
18 |
Source1: http://www.squid-cache.org/Versions/v5/squid-%{version}.tar.gz.asc |
19 |
Source4: squid.logrotate |
20 |
Source5: squid.conf.authenticate |
21 |
Source6: smb.conf |
22 |
Source7: squid.conf.transparent |
23 |
Source8: rc.firewall |
24 |
Source9: ERR_CUSTOM_ACCESS_DENIED.English |
25 |
Source10: ERR_CUSTOM_ACCESS_DENIED.French |
26 |
Source11: squid.sysconfig |
27 |
Source13: squid.pam |
28 |
Source14: squid.ifup |
29 |
Source15: squid.service |
30 |
Source16: cache_swap.sh |
31 |
|
32 |
Patch1: squid-config.diff |
33 |
Patch2: squid-user_group.diff |
34 |
Patch11: squid-shutdown_lifetime.diff |
35 |
Patch13: squid-errordir.diff |
36 |
Patch19: squid-3.4.9-configure-egrep.patch |
37 |
|
38 |
# fix openssl3 build failures |
39 |
Patch206: squid-5.2-openssl3.patch |
40 |
# fix -lto build failure |
41 |
Patch207: squid-5.2-test-store-cppsuite.patch |
42 |
|
43 |
# Change /var/run to /run |
44 |
Patch302: squid-4.7-var-run-to-run.patch |
45 |
|
46 |
|
47 |
Requires(post): rpm-helper |
48 |
Requires(preun): rpm-helper |
49 |
Requires(pre): rpm-helper |
50 |
BuildRequires: bzip2 |
51 |
BuildRequires: ed |
52 |
BuildRequires: libtool-devel |
53 |
BuildRequires: db-devel |
54 |
BuildRequires: pkgconfig(libsasl2) |
55 |
BuildRequires: openldap-devel |
56 |
BuildRequires: pkgconfig(openssl) |
57 |
BuildRequires: pam-devel |
58 |
BuildRequires: pkgconfig |
59 |
BuildRequires: libtool |
60 |
BuildRequires: krb5-devel |
61 |
BuildRequires: pkgconfig(libecap) |
62 |
BuildRequires: pkgconfig(libcap) |
63 |
BuildRequires: pkgconfig(libsystemd) |
64 |
BuildRequires: samba-winbind |
65 |
BuildRequires: chrpath |
66 |
%if %{build_test} |
67 |
BuildRequires: cppunit-devel |
68 |
%endif |
69 |
Provides: webproxy |
70 |
|
71 |
%description |
72 |
Squid is a high-performance proxy caching server for web clients, supporting |
73 |
FTP, gopher, and HTTP data objects over IPv4 or IPv6. Unlike traditional |
74 |
caching software, Squid handles all requests in a single, non-blocking, |
75 |
asynchronous process. |
76 |
|
77 |
Squid keeps meta data and especially hot objects cached in RAM, caches DNS |
78 |
lookups, supports non-blocking DNS lookups, and implements negative caching of |
79 |
failed requests. Squid supports SSL, extensive access controls, and full |
80 |
request logging. By using the lightweight Internet Cache Protocol (ICP) and |
81 |
HTTP Cache Protocol (HTCP) Squid caches can be arranged in a hierarchy or mesh |
82 |
for additional bandwidth savings. |
83 |
|
84 |
Install squid if you need a proxy caching server. |
85 |
|
86 |
This package defaults to a maximum of %{defaultmaxfiles} filedescriptors. You |
87 |
can change these values at build time by using for example: |
88 |
|
89 |
--define 'maxfiles 4096' |
90 |
|
91 |
The package was built to support a maximum of %{?!maxfiles:%{defaultmaxfiles}}%{?maxfiles:%{maxfiles}} filedescriptors. |
92 |
|
93 |
You can build %{name} with some conditional build swithes; |
94 |
|
95 |
(ie. use with rpm --rebuild): |
96 |
--with[out] test Initiate the test suite |
97 |
|
98 |
%package cachemgr |
99 |
Summary: The Squid Cache Manager |
100 |
Group: System/Servers |
101 |
Requires(pre): rpm-helper |
102 |
Requires(pre): apache >= 2.0.54 |
103 |
Requires(pre): %{name} = %{version} |
104 |
Requires: apache >= 2.0.54 |
105 |
Requires: %{name} = %{version} |
106 |
|
107 |
%description cachemgr |
108 |
This package contains the Squid Cache Manager. |
109 |
|
110 |
%prep |
111 |
%setup -q |
112 |
%patch1 -p1 -b .config |
113 |
%patch2 -p0 -b .user_group |
114 |
%patch11 -p0 -b .shutdown_lifetime |
115 |
%patch13 -p1 -b .errordir |
116 |
%patch19 -p1 -b .egrep |
117 |
%patch206 -p1 |
118 |
%patch207 -p1 |
119 |
%patch302 -p1 |
120 |
|
121 |
find . -type d -perm 0700 -exec chmod 755 {} \; |
122 |
find . -type f -perm 0555 -exec chmod 755 {} \; |
123 |
find . -type f -perm 0444 -exec chmod 644 {} \; |
124 |
|
125 |
for i in `find . -type d -name CVS` `find . -type d -name .svn` `find . -type f -name .cvs\*` `find . -type f -name .#\*`; do |
126 |
if [ -e "$i" ]; then rm -rf $i; fi >&/dev/null |
127 |
done |
128 |
|
129 |
install -p -m 0644 %{SOURCE5} squid.conf.authenticate |
130 |
install -p -m 0644 %{SOURCE6} smb.conf |
131 |
install -p -m 0644 %{SOURCE7} squid.conf.transparent |
132 |
install -p -m 0755 %{SOURCE8} rc.firewall |
133 |
|
134 |
# fix conditional pam config file |
135 |
install -p -m 0644 %{SOURCE13} squid.pam |
136 |
|
137 |
perl -p -i -e "s|^SAMBAPREFIX.*|SAMBAPREFIX = /usr|" src/auth/basic/SMB/Makefile.* |
138 |
grep -r "local/bin/perl" . |sed -e "s/:.*$//g" | xargs perl -p -i -e "s@local/bin/perl@bin/perl@g" |
139 |
|
140 |
#Fix sysctl.h deprecation |
141 |
perl -pi -e "s|<sys/sysctl.h>|<linux/sysctl.h>|g" src/eui/Eui48.cc |
142 |
|
143 |
# fix paths |
144 |
perl -pi -e "s|lib/squid|%{_lib}/squid|g" squid.conf.authenticate |
145 |
|
146 |
%build |
147 |
autoreconf -fi |
148 |
%serverbuild |
149 |
|
150 |
# NIS helper has been removed because of the following bug |
151 |
# https://bugzilla.redhat.com/show_bug.cgi?id=1531540 |
152 |
%configure \ |
153 |
--disable-strict-error-checking \ |
154 |
--libexecdir=%{_libdir}/squid \ |
155 |
--datadir=%{_datadir}/squid \ |
156 |
--sysconfdir=%{_sysconfdir}/squid \ |
157 |
--with-logdir='%{_localstatedir}/log/squid' \ |
158 |
--disable-arch-native \ |
159 |
--enable-shared=no \ |
160 |
--enable-static=no \ |
161 |
--enable-xmalloc-statistics \ |
162 |
--enable-carp \ |
163 |
--enable-async-io \ |
164 |
--enable-storeio="aufs,diskd,ufs" \ |
165 |
--enable-removal-policies="heap,lru" \ |
166 |
--enable-icmp \ |
167 |
--enable-delay-pools \ |
168 |
--disable-esi \ |
169 |
--enable-icap-client \ |
170 |
--enable-ecap \ |
171 |
--enable-useragent-log \ |
172 |
--enable-referer-log \ |
173 |
--enable-wccp \ |
174 |
--enable-wccpv2 \ |
175 |
--disable-kill-parent-hack \ |
176 |
--enable-snmp \ |
177 |
--enable-cachemgr-hostname="localhost" \ |
178 |
--enable-arp-acl \ |
179 |
--enable-htcp \ |
180 |
--enable-ssl \ |
181 |
--enable-ssl-crtd \ |
182 |
--enable-forw-via-db \ |
183 |
--enable-follow-x-forwarded-for \ |
184 |
--enable-cache-digests \ |
185 |
--disable-poll \ |
186 |
--enable-epoll \ |
187 |
--enable-linux-netfilter \ |
188 |
--disable-ident-lookups \ |
189 |
%ifnarch x86_64 aarch64 |
190 |
--with-large-files \ |
191 |
%endif |
192 |
--enable-default-hostsfile=/etc/hosts \ |
193 |
--enable-auth \ |
194 |
--enable-auth-basic="DB,fake,getpwnam,LDAP,NCSA,PAM,POP3,RADIUS,SASL,SMB,SMB_LM" \ |
195 |
--enable-auth-ntlm="fake,SMB_LM" \ |
196 |
--enable-auth-negotiate="kerberos,wrapper" \ |
197 |
--enable-auth-digest="eDirectory,file,LDAP" \ |
198 |
--enable-external-acl-helpers="eDirectory_userip,file_userip,kerberos_ldap_group,LDAP_group,session,unix_group,wbinfo_group" \ |
199 |
--enable-storeid-rewrite-helpers="file" \ |
200 |
--with-default-user=%{name} \ |
201 |
--with-pthreads \ |
202 |
--with-dl \ |
203 |
--with-openssl=%{_prefix} \ |
204 |
--with-large-files \ |
205 |
--with-swapdir=%{_localstatedir}/spool/squid \ |
206 |
--with-build-environment=default \ |
207 |
--enable-mit=`/usr/bin/krb5-config --prefix` \ |
208 |
--with-logdir=%{_logdir}/squid \ |
209 |
--enable-http-violations \ |
210 |
--enable-zph-qos \ |
211 |
--enable-systemd \ |
212 |
--with-pidfile=%{_rundir}/%{name}.pid \ |
213 |
--sysconfdir=%{_sysconfdir}/squid \ |
214 |
--with-filedescriptors=%{?!maxfiles:%{defaultmaxfiles}}%{?maxfiles} |
215 |
|
216 |
# workaround to build squid v5 |
217 |
mkdir -p src/icmp/tests |
218 |
mkdir -p tools/squidclient/tests |
219 |
mkdir -p tools/tests |
220 |
%make_build |
221 |
|
222 |
%if %{build_test} |
223 |
%check |
224 |
make check |
225 |
%endif |
226 |
|
227 |
%install |
228 |
%make_install |
229 |
|
230 |
# remove chrpath |
231 |
chrpath --delete %{buildroot}%{_libdir}/%{name}/ext_session_acl |
232 |
|
233 |
# make some directories |
234 |
install -d %{buildroot}%{_sysconfdir}/{logrotate.d,pam.d,sysconfig} |
235 |
install -d %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifup.d |
236 |
install -d %{buildroot}%{_webconfdir}/webapps.d |
237 |
install -d %{buildroot}%{_datadir}/squid/{errors,icons} |
238 |
install -d %{buildroot}%{_datadir}/squid/errors/{English,French} |
239 |
install -d %{buildroot}%{_mandir}/man8 |
240 |
install -d %{buildroot}%{_var}/www/cgi-bin |
241 |
install -d %{buildroot}%{_logdir}/squid |
242 |
install -d %{buildroot}%{_var}/spool/squid |
243 |
install -d %{buildroot}%{_datadir}/squid/snmp/mibs |
244 |
|
245 |
# fix error docs location |
246 |
rm -rf %{buildroot}%{_sysconfdir}/squid/errors |
247 |
pushd errors |
248 |
for i in *; do |
249 |
if [ -d $i ]; then |
250 |
install -d %{buildroot}%{_datadir}/squid/errors/$i |
251 |
install -p -m0644 $i/* %{buildroot}%{_datadir}/squid/errors/$i |
252 |
fi |
253 |
done |
254 |
popd |
255 |
ln -fs %{_datadir}/squid/errors/templates %{buildroot}%{_sysconfdir}/squid/errors |
256 |
|
257 |
# install config |
258 |
install -p -m0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/logrotate.d/squid |
259 |
install -p -m0644 %{SOURCE11} %{buildroot}%{_sysconfdir}/sysconfig/squid |
260 |
install -p -m0755 %{SOURCE14} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifup.d/squid |
261 |
install -p -m0755 %{SOURCE15} -D %{buildroot}%{_unitdir}/%{name}.service |
262 |
install -p -m0755 %{SOURCE16} -D %{buildroot}%{_libexecdir}/squid/cache_swap.sh |
263 |
|
264 |
# fix docs |
265 |
cp -a src/auth/basic/SASL/basic_sasl_auth.conf . |
266 |
|
267 |
cp -a src/acl/external/file_userip/example.conf ip_user_external_acl.example.conf |
268 |
cp -a src/acl/external/LDAP_group/ChangeLog ChangeLog.ldap_group_external_acl |
269 |
|
270 |
head -19 src/auth/basic/NCSA/basic_ncsa_auth.cc > README.NCSA_basic_auth |
271 |
head -56 src/auth/basic/PAM/basic_pam_auth.cc > README.PAM_basic_auth |
272 |
head -21 src/auth/basic/getpwnam/basic_getpwnam_auth.cc > README.getpwnam_basic_auth |
273 |
head -32 src/auth/digest/LDAP/digest_pw_auth.cc > README.ldap_digest_auth |
274 |
|
275 |
install -p -m 0755 src/auth/basic/SMB/basic_smb_auth.sh %{buildroot}%{_libdir}/squid |
276 |
install -p -m 0755 src/auth/basic/SASL/basic_sasl_auth %{buildroot}%{_libdir}/squid |
277 |
|
278 |
for manpage in `find -name "*.8"`; do |
279 |
install -p -m 0644 $manpage %{buildroot}%{_mandir}/man8/ |
280 |
done |
281 |
|
282 |
install -p -m 0644 %{SOURCE9} %{buildroot}%{_datadir}/squid/errors/English/ERR_CUSTOM_ACCESS_DENIED |
283 |
install -p -m 0644 %{SOURCE10} %{buildroot}%{_datadir}/squid/errors/French/ERR_CUSTOM_ACCESS_DENIED |
284 |
|
285 |
install -p -m 0644 squid.pam %{buildroot}%{_sysconfdir}/pam.d/squid |
286 |
|
287 |
# move cachemgr.cgi to a more safe location |
288 |
mv %{buildroot}%{_libdir}/squid/cachemgr.cgi %{buildroot}%{_var}/www/cgi-bin/ |
289 |
|
290 |
# provide a simple apache config |
291 |
cat > %{buildroot}%{_webconfdir}/webapps.d/squid-cachemgr.conf << EOF |
292 |
<Location /cgi-bin/cachemgr.cgi> |
293 |
Require local granted |
294 |
ErrorDocument 403 "Access denied per /etc/httpd/conf/webapps.d/squid-cachemgr.conf" |
295 |
</Location> |
296 |
EOF |
297 |
|
298 |
# some cleaning |
299 |
rm -f %{buildroot}%{_libdir}/squid/no_check.pl |
300 |
|
301 |
# nuke zero length files |
302 |
find %{buildroot}%{_datadir}/squid/errors/ -type f -size 0 -exec rm -f {} \; |
303 |
|
304 |
# install /usr/lib/tmpfiles.d/squid.conf |
305 |
mkdir -p %{buildroot}%{_tmpfilesdir} |
306 |
cat > %{buildroot}%{_tmpfilesdir}/squid.conf <<EOF |
307 |
# See tmpfiles.d(5) for details |
308 |
d /run/squid 0755 squid squid - - |
309 |
EOF |
310 |
|
311 |
# Move the MIB definition to the proper place (and name) |
312 |
mkdir -p %{buildroot}/usr/share/snmp/mibs |
313 |
mv %{buildroot}/usr/share/squid/mib.txt %{buildroot}/usr/share/snmp/mibs/SQUID-MIB.txt |
314 |
|
315 |
# remove unpackaged files from the buildroot |
316 |
rm -f %{buildroot}/squid.httpd.tmp |
317 |
|
318 |
|
319 |
%pre |
320 |
%_pre_useradd squid %{_var}/spool/squid /bin/false |
321 |
|
322 |
for i in %{_logdir}/squid %{_var}/spool/squid ; do |
323 |
if [ -d $i ] ; then |
324 |
for adir in `find $i -maxdepth 0 \! -user squid`; do |
325 |
chown -R squid:squid $adir |
326 |
done |
327 |
fi |
328 |
done |
329 |
|
330 |
%post |
331 |
%_create_ssl_certificate squid |
332 |
|
333 |
%_post_service squid |
334 |
case "$LANG" in |
335 |
az*) |
336 |
DIR=Azerbaijani |
337 |
;; |
338 |
bg*) |
339 |
DIR=Bulgarian |
340 |
;; |
341 |
ca*) |
342 |
DIR=Catalan |
343 |
;; |
344 |
cs*) |
345 |
DIR=Czech |
346 |
;; |
347 |
da*) |
348 |
DIR=Danish |
349 |
;; |
350 |
nl*) |
351 |
DIR=Dutch |
352 |
;; |
353 |
en*) |
354 |
DIR=English |
355 |
;; |
356 |
ea*) |
357 |
DIR=Estonian |
358 |
;; |
359 |
fi*) |
360 |
DIR=Finnish |
361 |
;; |
362 |
fr*) |
363 |
DIR=French |
364 |
;; |
365 |
de*) |
366 |
DIR=German |
367 |
;; |
368 |
el*) |
369 |
DIR=Greek |
370 |
;; |
371 |
he*) |
372 |
DIR=Hebrew |
373 |
;; |
374 |
hu*) |
375 |
DIR=Hungarian |
376 |
;; |
377 |
it*) |
378 |
DIR=Italian |
379 |
;; |
380 |
ja*) |
381 |
DIR=Japanese |
382 |
;; |
383 |
kr*) |
384 |
DIR=Korean |
385 |
;; |
386 |
lt*) |
387 |
DIR=Lithuanian |
388 |
;; |
389 |
pl*) |
390 |
DIR=Polish |
391 |
;; |
392 |
pt*) |
393 |
DIR=Portuguese |
394 |
;; |
395 |
ro*) |
396 |
DIR=Romanian |
397 |
;; |
398 |
ru*) |
399 |
DIR=Russian-koi8-r |
400 |
;; |
401 |
sr*) |
402 |
DIR=Serbian |
403 |
;; |
404 |
sk*) |
405 |
DIR=Slovak |
406 |
;; |
407 |
es*) |
408 |
DIR=Spanish |
409 |
;; |
410 |
sv*) |
411 |
DIR=Swedish |
412 |
;; |
413 |
zh*) |
414 |
DIR=Traditional_Chinese |
415 |
;; |
416 |
tr*) |
417 |
DIR=Turkish |
418 |
;; |
419 |
*) |
420 |
DIR=English |
421 |
;; |
422 |
esac |
423 |
|
424 |
%preun |
425 |
%_preun_service squid |
426 |
|
427 |
%pretrans -p <lua> |
428 |
-- Define the path to the symlink being replaced below. |
429 |
path = "%{_datadir}/squid/errors/es-mx" |
430 |
st = posix.stat(path) |
431 |
if st and st.type == "link" then |
432 |
os.remove(path) |
433 |
end |
434 |
|
435 |
%files |
436 |
%doc C* R* Q* rc.firewall *.conf* doc/*.txt |
437 |
%exclude %{_sysconfdir}/squid/cachemgr.conf |
438 |
%exclude %{_sysconfdir}/squid/cachemgr.conf.default |
439 |
%dir %{_sysconfdir}/squid |
440 |
%attr(755,root,root) %dir %{_libdir}/squid |
441 |
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/squid/*.conf |
442 |
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/squid/*.default |
443 |
%exclude %{_sysconfdir}/squid/cachemgr.conf |
444 |
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/squid |
445 |
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/squid |
446 |
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/logrotate.d/squid |
447 |
%attr(0755,root,squid) %config(noreplace) %{_sysconfdir}/sysconfig/network-scripts/ifup.d/squid |
448 |
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/squid/*.css |
449 |
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/squid/*.documented |
450 |
%{_sysconfdir}/squid/errors |
451 |
%{_datadir}/squid/errors |
452 |
%{_datadir}/squid/icons |
453 |
%{_libdir}/squid/* |
454 |
%{_libexecdir}/squid/ |
455 |
%{_unitdir}/%{name}.service |
456 |
|
457 |
%{_sbindir}/* |
458 |
%{_bindir}/purge |
459 |
%{_bindir}/squidclient |
460 |
%attr(0644,root,root) %{_mandir}/man1/* |
461 |
%attr(0644,root,root) %{_mandir}/man8/basic* |
462 |
%attr(0644,root,root) %{_mandir}/man8/digest_file_auth.8* |
463 |
%attr(0644,root,root) %{_mandir}/man8/ext_* |
464 |
%attr(0644,root,root) %{_mandir}/man8/helper-mux.8* |
465 |
%attr(0644,root,root) %{_mandir}/man8/log_db_daemon.8* |
466 |
%attr(0644,root,root) %{_mandir}/man8/n* |
467 |
%attr(0644,root,root) %{_mandir}/man8/s* |
468 |
%attr(0644,root,root) %{_mandir}/man8/u* |
469 |
%attr(0755,squid,squid) %dir %{_logdir}/squid |
470 |
%attr(0755,squid,squid) %dir %{_var}/spool/squid |
471 |
%{_datadir}/snmp/mibs/SQUID-MIB.txt |
472 |
%{_tmpfilesdir}/squid.conf |
473 |
|
474 |
%files cachemgr |
475 |
%attr(0644,root,root) %config(noreplace) %{_webconfdir}/webapps.d/squid-cachemgr.conf |
476 |
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/squid/cachemgr.conf |
477 |
%attr(0755,root,squid) %{_var}/www/cgi-bin/cachemgr.cgi |
478 |
%attr(0644,root,root) %{_mandir}/man8/cachemgr.cgi.8.* |