From: Christian Schmidt Date: Fri, 28 Oct 2011 21:32:12 +0000 (+0000) Subject: squid: Fix squid permiissions and config options. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fcf279c00201ba2fe32b1346df219dfcb8da7786;p=ipfire-3.x.git squid: Fix squid permiissions and config options. --- diff --git a/squid/patches/squid-3.0.STABLE7-from_manpg.patch b/squid/patches/squid-3.0.STABLE7-from_manpg.patch deleted file mode 100644 index 368e6341f..000000000 --- a/squid/patches/squid-3.0.STABLE7-from_manpg.patch +++ /dev/null @@ -1,80 +0,0 @@ -diff -up squid-3.0.STABLE7/helpers/basic_auth/NCSA/ncsa_auth.8.from_manpg squid-3.0.STABLE7/helpers/basic_auth/NCSA/ncsa_auth.8 ---- squid-3.0.STABLE7/helpers/basic_auth/NCSA/ncsa_auth.8.from_manpg 2008-06-22 05:35:49.000000000 +0200 -+++ squid-3.0.STABLE7/helpers/basic_auth/NCSA/ncsa_auth.8 2007-06-06 18:25:30.000000000 +0200 -@@ -1,38 +1,38 @@ --.\" This file is distributed in the hope that it will be useful, --.\" but WITHOUT ANY WARRANTY; without even the implied warranty of --.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See --.\" the GNU General Public License for more details. --.\" --.\" You should have received a copy of the GNU General Public License --.\" along with this file; if not, write to the Free Software --.\" Foundation, Inc., 59 Temple Place, Suite 330, Boston, --.\" MA 02111-1307 USA --.\" --.\" HISTORY: --.\" 2006-05-16, created by Rodrigo Rubira Branco --.TH ncsa_auth 8 "May 16, 2006" "Squid NCSA Auth helper" --.SH NAME --ncsa_auth \- NCSA httpd-style password file authentication helper for Squid --\fB --.SH SYNOPSIS --.nf --.fam C --\fBncsa_auth\fP \fIpasswdfile\fP --.fam T --.fi --.SH DESCRIPTION --\fBncsa_auth\fP allows Squid to read and authenticate user and password information from an NCSA/Apache httpd-style password file when using basic HTTP authentication. --.PP --The only parameter is the password file. It must have permissions to be read by the user that Squid is running as (cache_effective_user in squid.conf). --.PP --This password file can be manipulated using htpasswd. --.SH OPTIONS --Only specify the password file name. --.SH EXAMPLE --\fBncsa_auth\fP /etc/squid/squid.pass --.SH SECURITY --\fBncsa_auth\fP must have access to the password file to be executed. --.SH SEE ALSO --\fBhtpasswd\fP(1), \fBsquid\fP(8) --.SH AUTHOR --Manpage written by Rodrigo Rubira Branco -+.\" This file is distributed in the hope that it will be useful, -+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of -+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See -+.\" the GNU General Public License for more details. -+.\" -+.\" You should have received a copy of the GNU General Public License -+.\" along with this file; if not, write to the Free Software -+.\" Foundation, Inc., 59 Temple Place, Suite 330, Boston, -+.\" MA 02111-1307 USA -+.\" -+.\" HISTORY: -+.\" 2006-05-16, created by Rodrigo Rubira Branco -+.TH ncsa_auth 8 "May 16, 2006" "User Manuals" "User Manuals" -+.SH NAME -+ncsa_auth \- NCSA httpd-style password file authentication helper for Squid -+\fB -+.SH SYNOPSIS -+.nf -+.fam C -+\fBncsa_auth\fP \fIpasswdfile\fP -+.fam T -+.fi -+.SH DESCRIPTION -+\fBncsa_auth\fP allows Squid to read and authenticate user and password information from an NCSA httpd-style password file when using basic HTTP authentication. -+.PP -+The only parameter is the password file. It must have permissions to be read by the user that Squid is running as. By default this user is proxy. This can be changed using the cache_effective_user directive in the squid.conf file. -+.PP -+This password file can be manipulated using htpasswd. -+.SH OPTIONS -+Only specify the password file name. -+.SH EXAMPLE -+\fBncsa_auth\fP /etc/squid/squid.pass -+.SH SECURITY -+\fBncsa_auth\fP must have access to the password file to be executed. -+.SH SEE ALSO -+\fBhtpasswd\fP(1), \fBsquid\fP(8) -+.SH AUTHOR -+Manpage written by Rodrigo Rubira Branco diff --git a/squid/squid.nm b/squid/squid.nm index 9bb3e6c5e..59a8d9780 100644 --- a/squid/squid.nm +++ b/squid/squid.nm @@ -5,7 +5,7 @@ name = squid major_ver = 3.1 -version = %{major_ver}.12 +version = %{major_ver}.16 release = 2 maintainer = Christian Schmidt @@ -36,6 +36,7 @@ build pam-devel libcap-devel /usr/bin/smbclient + shadow-utils end CFLAGS += -Wno-error @@ -45,6 +46,7 @@ build --libexecdir=/usr/lib/squid \ --localstatedir=/var \ --sysconfdir=/etc/squid \ + --with-logdir=/var/log/squid \ --enable-storeio="aufs,diskd,ufs" \ --enable-removal-policies="heap,lru" \ --enable-icmp \ @@ -82,24 +84,41 @@ build --with-dl \ --with-large-files + prepare_cmds + %{create_user} + end + install_cmds rm -vf %{BUILDROOT}/etc/squid/errors - rmdir %{BUILDROOT}/var/logs mkdir -pv %{BUILDROOT}/var/log/cache %{BUILDROOT}/var/log/squid touch %{BUILDROOT}/var/log/squid/access.log + touch %{BUILDROOT}/var/log/squid/cache.log mkdir -pv %{BUILDROOT}/var/cache/squid - # What is this????? - #groupadd -r squid && useradd -r -g squid -d %{BUILDROOT}/var/cache/squid -s /bin/false -p '*' squid - #chown -Rv squid:squid %{BUILDROOT}/var/log/squid %{BUILDROOT}/var/log/cache %{BUILDROOT}/var/cache/squid - #chmod 600 %{BUILDROOT}/var/cache/squid - #chown squid:squid %{BUILDROOT}/var/log/squid + echo "visible_hostname %{DISTRO_NAME}" >> %{BUILDROOT}/etc/squid/squid.conf + echo "cache_effective_user squid" >> %{BUILDROOT}/etc/squid/squid.conf + echo "cache_effective_group squid" >> %{BUILDROOT}/etc/squid/squid.conf + + chown -Rv squid:squid %{BUILDROOT}/var/log/squid %{BUILDROOT}/var/log/cache %{BUILDROOT}/var/cache/squid + chmod 600 %{BUILDROOT}/var/cache/squid end end +create_user + getent group squid >/dev/null || /usr/sbin/groupadd -r squid + getent passwd squid >/dev/null || /usr/sbin/useradd -r -g squid \ + -d /var/cache/squid -s /sbin/nologin squid +end + packages package %{name} + prerequires = shadow-utils + + script prein + %{create_user} + end + requires = /usr/bin/smbclient filter_requires = perl\(Authen::Smb\)