rpms/squidGuard/devel squidGuard-perlwarning.patch, NONE, 1.1 squidGuard-sed.patch, NONE, 1.1 squidGuard.conf, NONE, 1.1 squidGuard.fc, NONE, 1.1 squidGuard.te, NONE, 1.1 squidguard, NONE, 1.1 transparent-proxying, NONE, 1.1 update_squidguard_blacklists, NONE, 1.1 squidGuard.spec, 1.1, 1.2
Oliver Falk (oliver)
fedora-extras-commits at redhat.com
Fri Sep 9 12:16:12 UTC 2005
Author: oliver
Update of /cvs/extras/rpms/squidGuard/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv501
Modified Files:
squidGuard.spec
Added Files:
squidGuard-perlwarning.patch squidGuard-sed.patch
squidGuard.conf squidGuard.fc squidGuard.te squidguard
transparent-proxying update_squidguard_blacklists
Log Message:
* Fri Sep 09 2005 Oliver Falk <oliver at linux-kernel.at> - 1.2.0-12
- Make it K12LTSP compatible, so a possible upgrade doesn't break
anything/much...
- Add SELinux stuff
- Move dbdir to /var/squidGuard/blacklists, instead of /var/lib/squidGuard
- Added update script and template config from/for K12
- Add perlwarnings and sed patch
- Install cgis in /var/www/cgi-bin
- Added initrd stuff
- Remove questionable -ldb from make
- Remove questionable db version check
squidGuard-perlwarning.patch:
--- NEW FILE squidGuard-perlwarning.patch ---
--- ./squidGuard-1.2.0/samples/squidGuard.cgi.in.orig 2003-04-12 14:58:38.000000000 -0700
+++ ./squidGuard-1.2.0/samples/squidGuard.cgi.in 2003-04-12 14:58:59.000000000 -0700
@@ -1,4 +1,4 @@
-#! @PERL@ -w
+#! @PERL@
#
# Explain to the user that the URL is blocked and by which rule set
#
squidGuard-sed.patch:
--- NEW FILE squidGuard-sed.patch ---
diff -Naur squidGuard-1.2.0/src/sgDiv.c squidGuard-1.2.0-patch/src/sgDiv.c
--- squidGuard-1.2.0/src/sgDiv.c Tue May 15 05:01:37 2001
+++ squidGuard-1.2.0-patch/src/sgDiv.c Tue Aug 6 14:39:55 2002
@@ -500,13 +500,13 @@
#endif
{
struct sgRegExp *re;
- regmatch_t pm;
+ regmatch_t pm[10];
static char newstring[MAX_BUF];
char *result = NULL, *p;
int substlen;
*newstring='\0';
for(re = regexp; re != NULL; re = re->next){
- if (regexec (re->compiled, pattern, 1, &pm, 0) != 0){
+ if (regexec (re->compiled, pattern, sizeof(pm) / sizeof(pm[0]), pm, 0) != 0){
result = NULL;
} else {
substlen = strlen(re->substitute);
@@ -516,14 +516,65 @@
*newstring = '\0';
p = newstring;
do {
- if((p - newstring)+ pm.rm_so >= MAX_BUF)
+ if((p - newstring)+ pm[0].rm_so >= MAX_BUF)
break;
- p = strncat(newstring,pattern,pm.rm_so);
- if((p - newstring)+ substlen >= MAX_BUF)
- break;
- p = strcat(newstring,re->substitute);
- pattern = pattern + pm.rm_eo;
- } while(regexec (re->compiled, pattern, 1, &pm, REG_NOTBOL)== 0 &&
+ p = strncat(newstring,pattern,pm[0].rm_so);
+ {
+ char *p_cur;
+ char *p_next;
+
+ for (p_next = p_cur = re->substitute;
+ p_next < (re->substitute + substlen);
+ p_next++)
+ {
+ if (*p_next == '\\')
+ {
+ if (p_cur < p_next)
+ {
+ if (((p - newstring) + (p_next - p_cur)) >= MAX_BUF)
+ goto err;
+ p = strncat(newstring, p_cur, p_next - p_cur);
+ }
+ p_next++;
+ if (p_next < (re->substitute + substlen)
+ && '0' <= *p_next && *p_next <= '9')
+ {
+ int i = *p_next - '0';
+ if ((p - newstring) + (pm[i].rm_eo - pm[i].rm_so) >= MAX_BUF)
+ goto err;
+ p = strncat(newstring, pattern + pm[i].rm_so, pm[i].rm_eo - pm[i].rm_so);
+ }
+ else
+ {
+ if ((p - newstring + 1) >= MAX_BUF)
+ goto err;
+ p = strncat(newstring, p_next, 1);
+ }
+ p_cur = p_next + 1;
+ }
+ else if (*p_next == '&')
+ {
+ if (p_cur < p_next)
+ {
+ if (((p - newstring) + (p_next - p_cur)) >= MAX_BUF)
+ goto err;
+ p = strncat(newstring, p_cur, p_next - p_cur);
+ }
+ if (((p - newstring) + (pm[0].rm_eo - pm[0].rm_so)) >= MAX_BUF)
+ goto err;
+ p = strncat(newstring, pattern + pm[0].rm_so, pm[0].rm_eo - pm[0].rm_so);
+ p_cur = p_next + 1;
+ }
+ }
+ if (p_cur < p_next)
+ {
+ if (((p - newstring) + (p_next - p_cur)) >= MAX_BUF)
+ goto err;
+ p = strncat(newstring, p_cur, p_next - p_cur);
+ }
+ }
+ pattern = pattern + pm[0].rm_eo;
+ } while(regexec (re->compiled, pattern, sizeof(pm) / sizeof(pm[0]), pm, REG_NOTBOL)== 0 &&
re->global);
if((p - newstring)+ strlen(pattern) <= MAX_BUF)
p = strcat(newstring,pattern);
@@ -531,6 +582,7 @@
break;
}
}
+err:
return result;
}
--- NEW FILE squidGuard.conf ---
#
# CONFIG FILE FOR SQUIDGUARD
#
# See http://www.squidguard.org/config/ for more examples
#
dbhome /var/squidGuard/blacklists
logdir /var/log/squidGuard
dest ads {
log ads
domainlist ads/domains
urllist ads/urls
}
dest audio-video {
log audio-video
domainlist audio-video/domains
urllist audio-video/urls
}
dest aggressive {
log aggressive
domainlist aggressive/domains
urllist aggressive/urls
}
dest drugs {
log drugs
domainlist drugs/domains
urllist drugs/urls
}
dest gambling{
log gambling
domainlist gambling/domains
urllist gambling/urls
}
dest hacking {
log hacking
domainlist hacking/domains
urllist hacking/urls
}
dest mail {
log mail
domainlist mail/domains
urllist mail/urls
}
dest porn{
log porn
domainlist porn/domains
urllist porn/urls
}
dest proxy{
log proxy
domainlist proxy/domains
urllist proxy/urls
}
dest violence{
log violence
domainlist violence/domains
urllist violence/urls
}
dest warez{
log warez
domainlist warez/domains
urllist warez/urls
}
dest local-ok{
domainlist local-ok/domains
urllist local-ok/urls
}
dest local-block{
log local-block
domainlist local-block/domains
urllist local-block/urls
}
rewrite google {
s@(google.com/search.*q=.*)@\1\&safe=active at i
s@(google.com/images.*q=.*)@\1\&safe=active at i
s@(google.com/groups.*q=.*)@\1\&safe=active at i
s@(google.com/news.*q=.*)@\1\&safe=active at i
# log google
}
acl {
default {
# for google to be in "safe mode"
rewrite google
# the default categories are conservative, please add any additional
# categories listed above or simply comment out this line and uncomment
# out the line below it.
pass local-ok !local-block !gambling !porn !warez all
# pass local-ok !local-block !aggressive !drugs !gambling !hacking !porn !proxy !violence !warez all
redirect 302:http://SERVERNAME/cgi-bin/squidGuard.cgi?clientaddr=%a&clientname=%n&clientident=%i&srcclass=%s&targetgroup=%t&url=%u
# redirect 302:http://SERVERNAME/cgi-bin/squidGuard-simple.cgi?clientaddr=%a&clientname=%n&clientident=%i&srcclass=%s&targetclass=%t&url=%u
}
}
--- NEW FILE squidGuard.fc ---
# squid
/usr/sbin/squidGuard -- system_u:object_r:squid_exec_t
/var/log/squidGuard(/.*)? system_u:object_r:squid_log_t
/var/squidGuard/blacklists(/.*)? system_u:object_r:squid_cache_t
--- NEW FILE squidGuard.te ---
allow squid_t usr_t:lnk_file read;
--- NEW FILE squidguard ---
#!/bin/bash
# squid-filtering This shell script takes care of starting and stopping
# Squid Internet Object Cache and squidGuard web filter
#
# chkconfig: - 91 25
# description: SquidGuard - web filtering system for the Squid proxy server. \
# Squid - Internet Object Cache. Internet object caching is \
# a way to store requested Internet objects (i.e., data available \
# via the HTTP, FTP, and gopher protocols) on a system closer to the \
# requesting site than to the source. Web browsers can then use the \
# local Squid cache as a proxy HTTP server, reducing access time as \
# well as bandwidth consumption.
# pidfile: /var/run/squid.pid
# config: /etc/squid/squid-squidGuard.conf
PATH=/usr/bin:/sbin:/bin:/usr/sbin
export PATH
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
# check if the squid-squidGuard.conf file is present
[ -f /etc/squid/squid-squidGuard.conf ] || exit 0
if [ -f /etc/sysconfig/squid ]; then
. /etc/sysconfig/squid
fi
# don't raise an error if the config file is incomplete
# set defaults instead:
SQUID_OPTS=${SQUID_OPTS:-"-D"}
SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20}
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}
# determine the name of the squid binary
[ -f /usr/sbin/squid ] && SQUID=squid
[ -z "$SQUID" ] && exit 0
prog="$SQUID"
# determine which one is the cache_swap directory
CACHE_SWAP=`sed -e 's/#.*//g' /etc/squid/squid-squidGuard.conf | \
grep cache_dir | awk '{ print $3 }'`
[ -z "$CACHE_SWAP" ] && CACHE_SWAP=/var/spool/squid
RETVAL=0
start() {
for adir in $CACHE_SWAP; do
if [ ! -d $adir/00 ]; then
echo -n "init_cache_dir $adir... "
$SQUID -f /etc/squid/squid-squidGuard.conf -z -F -D 2>/dev/null
fi
done
echo -n $"Starting $prog: "
$SQUID $SQUID_OPTS -f /etc/squid/squid-squidGuard.conf 2> /dev/null
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
timeout=0;
while : ; do
[ ! -f /var/run/squid.pid ] || break
if [ $timeout -ge $SQUID_PIDFILE_TIMEOUT ]; then
RETVAL=1
break
fi
sleep 1 && echo -n "."
timeout=$((timeout+1))
done
fi
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$SQUID
[ $RETVAL -eq 0 ] && echo_success
[ $RETVAL -ne 0 ] && echo_failure
echo
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
$SQUID -k check -f /etc/squid/squid-squidGuard.conf >/dev/null 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ] ; then
$SQUID -k shutdown -f /etc/squid/squid-squidGuard.conf &
rm -f /var/lock/subsys/$SQUID
timeout=0
while : ; do
[ -f /var/run/squid.pid ] || break
if [ $timeout -ge $SQUID_SHUTDOWN_TIMEOUT ]; then
echo
return 1
fi
sleep 2 && echo -n "."
timeout=$((timeout+2))
done
echo_success
echo
else
echo_failure
echo
fi
return $RETVAL
}
reload() {
$SQUID $SQUID_OPTS -k reconfigure -f /etc/squid/squid-squidGuard.conf
}
restart() {
stop
start
}
condrestart() {
[ -e /var/lock/subsys/squid ] && restart || :
}
rhstatus() {
status $SQUID
$SQUID -k check -f /etc/squid/squid-squidGuard.conf
}
probe() {
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
restart
;;
condrestart)
condrestart
;;
status)
rhstatus
;;
probe)
exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|reload|restart|condrestart}"
exit 1
esac
exit $?
--- NEW FILE transparent-proxying ---
#!/bin/bash
# transparent_proxying This shell script takes care of starting and stopping
# transparent proxying
#
# chkconfig: - 91 24
# description: transparent proxying: this will force all web traffic to be \
# redirected to the squid proxy server. It will only work if squid \
# is running
# pidfile: /var/run/squid.pid
# Source function library.
. /etc/init.d/functions
start() {
echo -n "Starting transparent proxying: "
if [ -f /var/run/squid.pid ]
then
# Turn on IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
# Turn on transparent proxy redirect
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128
echo_success
else
echo -n "Squid is not running! "
echo_failure
fi
echo
return 0
}
stop() {
echo -n "Stopping transparent proxying: "
echo 0 > /proc/sys/net/ipv4/ip_forward
# Turn off transparent proxy redirect
/sbin/iptables -t nat -D PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128
echo_success
echo
return 0
}
status() {
if [ "`/sbin/iptables -L -n -t nat | grep '80 redir ports 3128'`" ]
then
echo "Transparent proxying is active"
return 0
else
echo "Transparent proxying is inactive"
return 0
fi
}
restart() {
stop
start
}
case "$1" in
start)
start
;;
status)
status
;;
stop)
stop
;;
restart|reload)
restart
;;
*)
echo "*** Usage: {start|stop|restart}"
exit 1
esac
exit $?
--- NEW FILE update_squidguard_blacklists ---
#!/bin/sh
TARGET=/var/squidGuard/blacklists
cd $TARGET || exit
# only run if squidGuard is active!
[ "`ps auxw | grep squid[G]uard`" ] || exit
rsync -az squidguard.mesd.k12.or.us::filtering $TARGET
for DIR in `ls $TARGET`
do
if [ -f $DIR/domains.include ]
then
TMP=$RANDOM
cat $DIR/domains $DIR/domains.include | sort | uniq > $DIR/domains.$TMP
mv -f $DIR/domains.$TMP $DIR/domains
fi
if [ -f $DIR/urls.include ]
then
TMP=$RANDOM
cat $DIR/urls $DIR/urls.include | sort | uniq > $DIR/urls.$TMP
mv -f $DIR/urls.$TMP $DIR/urls
fi
done
/usr/sbin/squidGuard -c /etc/squid/squidGuard.conf -C all
# /usr/sbin/squidGuard -c /etc/squid/squidGuard.conf -u
chown -R squid.squid $TARGET
chown -R squid.squid /var/log/squidGuard/
sleep 5s
/usr/bin/killall -HUP squid
Index: squidGuard.spec
===================================================================
RCS file: /cvs/extras/rpms/squidGuard/devel/squidGuard.spec,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- squidGuard.spec 6 Sep 2005 10:50:41 -0000 1.1
+++ squidGuard.spec 9 Sep 2005 12:16:10 -0000 1.2
@@ -1,12 +1,11 @@
# $Id$
-%define _dbhomedir %{_var}/lib/%{name}
-
-%define _dbrpmver %(eval "rpm -q --queryformat \"%{VERSION}\" db4")
+%define _dbhomedir %{_var}/%{name}/blacklists
+%define _cgibin /var/www/cgi-bin
Name: squidGuard
Version: 1.2.0
-Release: 11
+Release: 12%{?dist}
Summary: Filter, redirector and access controller plugin for squid
Group: System Environment/Daemons
@@ -17,15 +16,30 @@
Source2: http://ftp.teledanmark.no/pub/www/proxy/%{name}/contrib/blacklists.tar.gz
Source3: http://cuda.port-aransas.k12.tx.us/squid-getlist.html
+# K12LTSP stuff
+Source100: squidGuard.conf
+Source101: update_squidguard_blacklists
+Source102: squidguard
+Source103: transparent-proxying
+
+# SELinux (taken from K12LTSP package)
+Source200: squidGuard.te
+Source201: squidGuard.fc
+
Patch0: squidGuard-destdir.patch
Patch1: squidGuard-paths.patch
Patch2: squidguard-1.2.0-db4.patch
Patch3: squid-getlist.html.patch
+Patch4: squidGuard-perlwarning.patch
+Patch5: squidGuard-sed.patch
+
URL: http://www.squidguard.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: db4-devel
Requires: squid
+Requires(post): %{_bindir}/chcon
+Requires(post): /sbin/chkconfig
%description
squidGuard can be used to
@@ -56,10 +70,13 @@
%{__cp} %{SOURCE3} .
%patch0 -p1 -b .destdir
%patch1 -p1 -b .paths
-%if "%{_dbrpmver}" != "4.0.14"
%patch2 -p0 -b .db4
-%endif
%patch3 -p0
+%patch4 -p2
+%patch5 -p1
+
+%{__cp} %{SOURCE100} ./squidGuard.conf.k12ltsp.template
+%{__cp} %{SOURCE101} ./update_squidguard_blacklists.k12ltsp.sh
%build
%configure \
@@ -67,7 +84,11 @@
--with-sg-logdir=%{_var}/log/squid \
--with-sg-dbhome=%{_dbhomedir}
-%{__make} %{?_smp_mflags} LIBS=-ldb
+%{__make} %{?_smp_mflags}
+
+pushd contrib
+%{__make} %{?_smp_mflags}
+popd
%install
%{__rm} -rf $RPM_BUILD_ROOT
@@ -78,9 +99,21 @@
%{__install} -p -D -m 0644 samples/sample.conf $RPM_BUILD_ROOT%{_sysconfdir}/squid/squidGuard.conf
%{__install} -p -D -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_dbhomedir}/blacklists.tar.gz
-# Don't use SOURCE3, but use the allready patched one #165689, also install it with perm 755 not 750
+# Don't use SOURCE3, but use the allready patched one #165689
%{__install} -p -D -m 0755 squid-getlist.html $RPM_BUILD_ROOT%{_sysconfdir}/cron.daily/squidGuard
+%{__install} -p -D %{SOURCE200} $RPM_BUILD_ROOT%{_sysconfdir}/selinux/targeted/src/policy/domains/program/squidGuard.te
+%{__install} -p -D %{SOURCE201} $RPM_BUILD_ROOT%{_sysconfdir}/selinux/targeted/src/policy/file_contexts/program/squidGuard.fc
+
+%{__install} -p -d $RPM_BUILD_ROOT%{_cgibin}
+%{__install} samples/squid*cgi $RPM_BUILD_ROOT%{_cgibin}
+
+%{__install} contrib/hostbyname/hostbyname $RPM_BUILD_ROOT%{_bindir}
+%{__install} contrib/sgclean/sgclean $RPM_BUILD_ROOT%{_bindir}
+
+%{__install} -p -D -m 0755 %{SOURCE102} $RPM_BUILD_ROOT%{_initrddir}/squidGuard
+%{__install} -p -D -m 0755 %{SOURCE103} $RPM_BUILD_ROOT%{_initrddir}/transparent-proxying
+
pushd $RPM_BUILD_ROOT%{_dbhomedir}
tar xfz $RPM_BUILD_ROOT%{_dbhomedir}/blacklists.tar.gz
popd
@@ -90,20 +123,71 @@
%clean
%{__rm} -rf $RPM_BUILD_ROOT
+%post
+# fix SELinux bits
+%{_bindir}/chcon -R system_u:object_r:squid_cache_t /var/squidGuard >/dev/null 2>&1
+%{_bindir}/chcon -R system_u:object_r:squid_log_t /var/log/squidGuard >/dev/null 2>&1
+
+# do we need a new config file?
+if [ -s %{_sysconfdir}/squid/squidGuard.conf ]; then
+ CONFFILE="%{_sysconfdir}/squid/squidGuard.conf.rpmnew"
+ echo "/etc/squid/squidGuard.conf created as /etc/squid/squidGuard.conf.rpmnew"
+else
+ CONFFILE="/etc/squid/squidGuard.conf"
+fi
+cat %{_docdir}/%{name}-%{version}/squidGuard.conf.k12ltsp.template | \
+ sed s/SERVERNAME/$HOSTNAME/g > $CONFFILE
+
+/sbin/chkconfig --add squidGuard
+/sbin/chkconfig --add transparent-proxying
+
+# reload SELinux policies
+echo "Loading new SELinux policy"
+pushd %{_sysconfdir}/selinux/targeted/src/policy/
+%{__make} load &> /dev/null
+popd
+
+#### End of %post
+
+%preun
+if [ $1 = 0 ] ; then
+ service squidGuard stop >/dev/null 2>&1
+ /sbin/chkconfig --del squidGuard
+ /sbin/chkconfig --del transparent-proxying
+fi
+
%files
%defattr(-,root,root)
%doc samples/*.conf
%doc samples/*.cgi
%doc samples/dest/blacklists.tar.gz
-%doc COPYING GPL
+%doc COPYING GPL
%doc doc/*.txt doc/*.html doc/*.gif
+%doc squidGuard.conf.k12ltsp.template
%{_bindir}/*
%config(noreplace) %{_sysconfdir}/squid/squidGuard.conf
%config(noreplace) %{_sysconfdir}/logrotate.d/squidGuard
%config(noreplace) %{_sysconfdir}/cron.daily/squidGuard
%{_dbhomedir}/
+%{_sysconfdir}/selinux/targeted/src/policy/domains/program/squidGuard.te
+%{_sysconfdir}/selinux/targeted/src/policy/file_contexts/program/squidGuard.fc
+%attr(07550,root,root) %{_cgibin}/*.cgi
+%{_initrddir}/squidGuard
+%{_initrddir}/transparent-proxying
%changelog
+* Fri Sep 09 2005 Oliver Falk <oliver at linux-kernel.at> - 1.2.0-12
+- Make it K12LTSP compatible, so a possible upgrade doesn't break
+ anything/much...
+ - Add SELinux stuff
+ - Move dbdir to /var/squidGuard/blacklists, instead of /var/lib/squidGuard
+ - Added update script and template config from/for K12
+ - Add perlwarnings and sed patch
+ - Install cgis in /var/www/cgi-bin
+ - Added initrd stuff
+- Remove questionable -ldb from make
+- Remove questionable db version check
+
* Tue Sep 06 2005 Oliver Falk <oliver at linux-kernel.at> - 1.2.0-11
- More bugs from Bug #165689
Install cron script with perm 755
More information about the fedora-extras-commits
mailing list