%define __perl_requires %{SOURCE98}
Name: squid
Version: 3.0.STABLE25
Release: 2%{_dist_release}
Summary: The Squid proxy caching server
Summary(ja): Squid ウェブプロキシキャッシュ
Epoch: 7
License: GPLv2+
Group: System Environment/Daemons
URL: http://www.squid-cache.org
Source: http://www.squid-cache.org/Squid/Versions/v3/3.0/squid-%{version}.tar.bz2
Source1: FAQ.sgml
Source2: squid.init
Source3: squid.logrotate
Source4: squid.sysconfig
Source5: squid.pam
Source98: perl-requires-squid.sh
# Upstream patches
#Patch001: http://www.squid-cache.org/Versions/v3/3.0/changesets/bXXXX.patch
Patch002: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9189.patch
# External patches
# Local patches
# Applying upstream patches first makes it less likely that local patches
# will break upstream ones.
Patch201: squid-3.0.STABLE1-config.patch
Patch202: squid-3.0.STABLE1-location.patch
Patch203: squid-3.0.STABLE15-build.patch
Patch204: squid-3.0.STABLE1-perlpath.patch
Patch205: squid-3.0.STABLE1-smb-path.patch
Patch208: squid-3.0.STABLE7-from_manpg.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: bash >= 2.0
Requires(pre): shadow-utils
Requires(post): /sbin/chkconfig
Requires(preun): /sbin/service /sbin/chkconfig
Requires(postun): /sbin/service
BuildRequires: openjade linuxdoc-tools
BuildRequires: openldap-devel pam-devel openssl-devel krb5-devel
BuildRequires: cyrus-sasl-devel
Obsoletes: squid-novm
# Obsoletes: squid26
%description
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and especially
hot objects cached in RAM, caches DNS lookups, supports non-blocking
DNS lookups, and implements negative caching of failed requests.
Squid consists of a main server program squid, a Domain Name System
lookup program (dnsserver), a program for retrieving FTP data
(ftpget), and some management and client tools.
%description -l ja
Squid はウェブクライアントのための高性能のプロキシキャッシュサーバで、
FTP, gopher, HTTP データオブジェクトに対応しています。これまでの
キャッシュソフトウェアと違い、 Squid は全ての要求を、単一の
ブロックしない I/O ドリブンのプロセスで処理します。 Squid はメタデータや
ホットなオブジェクトを RAM に保持し、 DNS 問い合わせをキャッシュします。
ブロック無しの DNS 問い合わせをサポートし、失敗した要求のネガティブ
キャッシングが実装されています。
Squid は、メインのサーバプログラム squid と、 Domain Name System
問い合わせプログラム (dnsserver) と、 FTP データを取得するプログラム
(ftpget) と、いくつかの管理用またはクライアントツールから成ります。
%prep
%setup -q
%patch002 -p0 -b .CVE-2010-3072
%patch201 -p1 -b .config
%patch202 -p1 -b .location
%patch203 -p1 -b .build
%patch204 -p1 -b .perlpath
%patch205 -p1 -b .smb-path
%patch208 -p1 -b .from_manpg
%build
export CXXFLAGS="-fPIE %{optflags}" ; export CFLAGS="-fPIE -Os -g -pipe -fsigned-char %{optflags}" ; export LDFLAGS="-pie" ;
%configure \
--exec_prefix=/usr \
--bindir=%{_sbindir} \
--libexecdir=%{_libdir}/squid \
--localstatedir=/var \
--datadir=%{_datadir} \
--sysconfdir=/etc/squid \
--disable-dependency-tracking \
--enable-arp-acl \
--enable-auth="basic,digest,ntlm,negotiate" \
--enable-basic-auth-helpers="LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL" \
--enable-negotiate-auth-helpers="squid_kerb_auth" \
--enable-cache-digests \
--enable-cachemgr-hostname=localhost \
--enable-delay-pools \
--enable-digest-auth-helpers="password" \
--enable-epoll \
--enable-external-acl-helpers="ip_user,ldap_group,unix_group,wbinfo_group" \
--enable-icap-client \
--enable-ident-lookups \
%ifnarch ppc64 ia64 x86_64 s390x
--with-large-files \
%endif
--enable-linux-netfilter \
--enable-ntlm-auth-helpers="SMB,fakeauth" \
--enable-referer-log \
--enable-removal-policies="heap,lru" \
--enable-snmp \
--enable-ssl \
--enable-storeio="aufs,diskd,null,ufs" \
--enable-useragent-log \
--enable-wccpv2 \
--with-aio \
--with-default-user="squid" \
--with-filedescriptors=16384 \
--with-dl \
--with-pthreads
# following options are disabled by vine
# --with-openssl=/usr/kerberos \
# following options are no longer supported
# --with-winbind-auth-challenge \
# --enable-follow-x-forwarded-for \
# --enable-fd-config \
# --with-maxfd=16384 \
# --enable-underscores \
export CXXFLAGS="-fPIE" ; export CFLAGS="-fPIE -Os -g -pipe -fsigned-char" ; export LDFLAGS="-pie" ;
make %{?_smp_mflags}
mkdir faq
cp %{SOURCE1} faq
cd faq
sgml2html FAQ.sgml
%install
rm -rf $RPM_BUILD_ROOT
%makeinstall \
sysconfdir=$RPM_BUILD_ROOT/etc/squid \
localstatedir=$RPM_BUILD_ROOT/var \
bindir=$RPM_BUILD_ROOT/%{_sbindir} \
libexecdir=$RPM_BUILD_ROOT/%{_libdir}/squid
echo "
#
# This is /etc/httpd/conf.d/squid.conf
#
ScriptAlias /Squid/cgi-bin/cachemgr.cgi %{_libdir}/squid/cachemgr.cgi
# Only allow access from localhost by default
order allow,deny
allow from localhost.localdomain
# Add additional allowed hosts as needed
# allow from .example.com
" > $RPM_BUILD_ROOT/squid.httpd.tmp
ln -s ../../%{_datadir}/squid/errors/English $RPM_BUILD_ROOT/etc/squid/errors
ln -s ../../%{_datadir}/squid/icons $RPM_BUILD_ROOT/etc/squid/icons
mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d
mkdir -p $RPM_BUILD_ROOT/etc/sysconfig
mkdir -p $RPM_BUILD_ROOT/etc/pam.d
mkdir -p $RPM_BUILD_ROOT/etc/httpd/conf.d/
install -m 755 %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/squid
install -m 644 %{SOURCE3} $RPM_BUILD_ROOT/etc/logrotate.d/squid
install -m 644 %{SOURCE4} $RPM_BUILD_ROOT/etc/sysconfig/squid
install -m 644 %{SOURCE5} $RPM_BUILD_ROOT/etc/pam.d/squid
install -m 644 $RPM_BUILD_ROOT/squid.httpd.tmp $RPM_BUILD_ROOT/etc/httpd/conf.d/squid.conf
mkdir -p $RPM_BUILD_ROOT/var/log/squid
mkdir -p $RPM_BUILD_ROOT/var/spool/squid
chmod 644 contrib/url-normalizer.pl contrib/rredir.* contrib/user-agents.pl
iconv -f ISO88591 -t UTF8 ChangeLog -o ChangeLog.tmp
mv -f ChangeLog.tmp ChangeLog
# remove unpackaged files from the buildroot
rm -f $RPM_BUILD_ROOT%{_sbindir}/{RunAccel,RunCache}
rm -f $RPM_BUILD_ROOT/squid.httpd.tmp
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root,-)
%doc faq/*\.html README ChangeLog QUICKSTART
%doc contrib/url-normalizer.pl contrib/rredir.* contrib/user-agents.pl
%attr(755,root,root) %dir /etc/squid
%attr(755,root,root) %dir %{_libdir}/squid
%attr(750,squid,squid) %dir /var/log/squid
%attr(750,squid,squid) %dir /var/spool/squid
%attr(4750,root,squid) %{_libdir}/squid/ncsa_auth
%attr(4750,root,squid) %{_libdir}/squid/pam_auth
%config(noreplace) %attr(644,root,root) /etc/httpd/conf.d/squid.conf
%config(noreplace) %attr(640,root,squid) /etc/squid/squid.conf
%config(noreplace) %attr(644,root,squid) /etc/squid/cachemgr.conf
%config(noreplace) /etc/squid/mime.conf
%config(noreplace) /etc/sysconfig/squid
%config(noreplace) /etc/squid/msntauth.conf
%config(noreplace) /etc/squid/mib.txt
# These are not noreplace because they are just sample config files
%config /etc/squid/msntauth.conf.default
%config /etc/squid/squid.conf.default
%config /etc/squid/mime.conf.default
%config /etc/squid/cachemgr.conf.default
%config(noreplace) /etc/pam.d/squid
%config(noreplace) /etc/logrotate.d/squid
%config(noreplace) /etc/squid/errors
%dir %{_datadir}/squid
%attr(-,root,root) %{_datadir}/squid/errors
%attr(-,root,root) /etc/squid/icons
%attr(755,root,root) /etc/rc.d/init.d/squid
%{_datadir}/squid/icons
%{_sbindir}/squid
%{_sbindir}/squidclient
%{_mandir}/man8/*
%{_libdir}/squid/*
%pre
if ! getent group squid >/dev/null 2>&1; then
/usr/sbin/groupadd -g 23 squid
fi
if ! getent passwd squid >/dev/null 2>&1 ; then
/usr/sbin/useradd -g 23 -u 23 -d /var/spool/squid -r -s /sbin/nologin squid >/dev/null 2>&1 || exit 1
fi
for i in /var/log/squid /var/spool/squid ; do
if [ -d $i ] ; then
for adir in `find $i -maxdepth 0 \! -user squid`; do
chown -R squid:squid $adir
done
fi
done
exit 0
%post
/sbin/chkconfig --add squid
if [ $1 = 0 ]; then
case "$LANG" in
bg*)
DIR=Bulgarian
;;
ca*)
DIR=Catalan
;;
cs*)
DIR=Czech
;;
da*)
DIR=Danish
;;
nl*)
DIR=Dutch
;;
en*)
DIR=English
;;
ea*)
DIR=Estonian
;;
fi*)
DIR=Finnish
;;
fr*)
DIR=French
;;
de*)
DIR=German
;;
he*)
DIR=Hebrew
;;
hu*)
DIR=Hungarian
;;
it*)
DIR=Italian
;;
ja*)
DIR=Japanese
;;
kr*)
DIR=Korean
;;
pl*)
DIR=Polish
;;
pt*)
DIR=Portuguese
;;
ro*)
DIR=Romanian
;;
ru*)
DIR=Russian-koi8-r
;;
sr*)
DIR=Serbian
;;
sk*)
DIR=Slovak
;;
es*)
DIR=Spanish
;;
sv*)
DIR=Swedish
;;
zh_TW*)
DIR=Traditional_Chinese
;;
zh_CN*)
DIR=Simplify_Chinese
;;
tr*)
DIR=Turkish
;;
greek)
DIR=Greek
;;
*)
DIR=English
;;
esac
ln -snf %{_datadir}/squid/errors/$DIR /etc/squid/errors
fi
%preun
if [ $1 = 0 ] ; then
service squid stop >/dev/null 2>&1
rm -f /var/log/squid/*
/sbin/chkconfig --del squid
fi
%postun
if [ "$1" -ge "1" ] ; then
# service squid condrestart >/dev/null 2>&1
service squid condrestart
fi
%triggerin -- samba-common
/usr/sbin/usermod -a -G wbpriv squid >/dev/null 2>&1 || \
chgrp squid /var/cache/samba/winbindd_privileged >/dev/null 2>&1 || :
%changelog
* Mon Sep 20 2010 Satoshi IWAMOTO
- 7:3.0.STABLE25-2
- add patch001 for fix CVE-2010-3072
* Tue Mar 16 2010 Satoshi IWAMOTO
- 7:3.0.STABLE25-1
- new upstream release
* Tue Mar 9 2010 Satoshi IWAMOTO
- 7:3.0.STABLE24-1
- new upstream release
* Wed Feb 3 2010 Satoshi IWAMOTO
- 7:3.0.STABLE23-1
- new upstream release with security fix (Handle DNS header-only packet)
* Wed Aug 5 2009 Satoshi IWAMOTO
- 7:3.0.STABLE18-1
- new upstream release
- add ja summary/discription
* Tue Jul 28 2009 Satoshi IWAMOTO
- 7:3.0.STABLE17-1
- new upstream release
- drop patch209 (is included in new release)
* Mon Jun 22 2009 Satoshi IWAMOTO
- 7:3.0.STABLE16-3
- update patch209 (from upstream)
* Tue Jun 16 2009 Satoshi IWAMOTO
- 7:3.0.STABLE16-2
- add patch209 to fix build error
* Tue Jun 16 2009 Satoshi IWAMOTO
- 7:3.0.STABLE16-1
- new upstream release
* Sat May 09 2009 Satoshi IWAMOTO
- 7:3.0.STABLE15-1
- new upstream release
- update Patch203 to fit new release
* Mon May 04 2009 Satoshi IWAMOTO
- 7:3.0.STABLE14-2
- comment out "Obsoletes: squid26"
* Mon May 04 2009 Satoshi IWAMOTO
- 7:3.0.STABLE14-1
- Initial build for VineSeed / Vine 5.x
- This package is based on Fedora 3.0.STABLE13-1