Blob Blame History Raw
%define _default_patch_fuzz 2
# $Id: squidGuard.spec,v 1.13 2009/02/17 16:15:20 limb Exp $

%define			_dbtopdir		%{_var}/%{name}
%define			_dbhomedir		%{_var}/%{name}/blacklists
%define			_cgibin			/var/www/cgi-bin

Name:			squidGuard
Version:		1.3
Release:		1%{?dist}
Summary:		Filter, redirector and access controller plugin for squid

Group:			System Environment/Daemons
License:		GPLv2

Source1:		squidGuard.logrotate

# K12LTSP stuff
Source100:		squidGuard.conf
Source101:		update_squidguard_blacklists
Source102:		squidguard
Source103:		transparent-proxying

# SELinux (taken from K12LTSP package)
Source200:		squidGuard.te
Source201:		squidGuard.fc

#Patch0:			squidGuard-upstream.patch
#Patch1:			squidGuard-paths.patch
Patch2:			squid-getlist.html.patch
Patch3:			squidGuard-perlwarning.patch
#Patch4:			squidGuard-sed.patch
Patch5:			squidGuard-makeinstall.patch
Patch6:			squidGuard-1.3-SG-2008-06-13.patch


BuildRoot:		%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires:	db4-devel, bison, byacc, openldap-devel, flex
Requires:		squid
Requires(post):	%{_bindir}/chcon
Requires(post):	/sbin/chkconfig

squidGuard can be used to 
- limit the web access for some users to a list of accepted/well known
  web servers and/or URLs only.
- block access to some listed or blacklisted web servers and/or URLs
  for some users.
- block access to URLs matching a list of regular expressions or words
  for some users.
- enforce the use of domainnames/prohibit the use of IP address in
- redirect blocked URLs to an "intelligent" CGI based info page.
- redirect unregistered user to a registration form.
- redirect popular downloads like Netscape, MSIE etc. to local copies.
- redirect banners to an empty GIF.
- have different access rules based on time of day, day of the week,
  date etc.
- have different rules for different user groups.
- and much more.. 

Neither squidGuard nor Squid can be used to
- filter/censor/edit text inside documents 
- filter/censor/edit embeded scripting languages like JavaScript or
  VBscript inside HTML

%setup -q
%{__cp} %{SOURCE3} .
#%patch0 -p1
#%patch1 -p1 -b .paths
%patch2 -p0
%patch3 -p2
#%patch4 -p1
%patch5	-p1
%patch6 -p0

%{__cp} %{SOURCE100} ./squidGuard.conf.k12ltsp.template
%{__cp} %{SOURCE101} ./

%configure \
	--with-sg-config=%{_sysconfdir}/squid/squidGuard.conf \
	--with-sg-logdir=%{_var}/log/squid \
#%{__make} %{?_smp_mflags}

pushd contrib
%{__make} %{?_smp_mflags}

%{__rm} -rf $RPM_BUILD_ROOT

#%{__make} DESTDIR=$RPM_BUILD_ROOT install
# This broke as of 1.2.1.
%{__install} -p -D -m 0755 src/squidGuard $RPM_BUILD_ROOT%{_bindir}/squidGuard

%{__install} -p -D -m 0644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/squidGuard
%{__install} -p -D -m 0644 samples/sample.conf $RPM_BUILD_ROOT%{_sysconfdir}/squid/squidGuard.conf
%{__install} -p -D -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_dbhomedir}/blacklists.tar.gz

# Don't use SOURCE3, but use the allready patched one #165689
%{__install} -p -D -m 0755 squid-getlist.html $RPM_BUILD_ROOT%{_sysconfdir}/cron.daily/squidGuard

%{__install} -p -D %{SOURCE200} $RPM_BUILD_ROOT%{_sysconfdir}/selinux/targeted/src/policy/domains/program/squidGuard.te
%{__install} -p -D %{SOURCE201} $RPM_BUILD_ROOT%{_sysconfdir}/selinux/targeted/src/policy/file_contexts/program/squidGuard.fc

%{__install} -p -d $RPM_BUILD_ROOT%{_cgibin}
%{__install} samples/squid*cgi $RPM_BUILD_ROOT%{_cgibin}

%{__install} contrib/hostbyname/hostbyname $RPM_BUILD_ROOT%{_bindir}
%{__install} contrib/sgclean/sgclean $RPM_BUILD_ROOT%{_bindir}

%{__install} -p -D -m 0755 %{SOURCE102} $RPM_BUILD_ROOT%{_initrddir}/squidGuard
%{__install} -p -D -m 0755 %{SOURCE103} $RPM_BUILD_ROOT%{_initrddir}/transparent-proxying

pushd $RPM_BUILD_ROOT%{_dbhomedir}
tar xfz $RPM_BUILD_ROOT%{_dbhomedir}/blacklists.tar.gz

sed -i "s,dest/adult/,blacklists/porn/,g" $RPM_BUILD_ROOT%{_sysconfdir}/squid/squidGuard.conf

%{__rm} -rf $RPM_BUILD_ROOT

# fix SELinux bits
%{_bindir}/chcon -R system_u:object_r:squid_cache_t /var/squidGuard >/dev/null 2>&1
%{_bindir}/chcon -R system_u:object_r:squid_log_t /var/log/squidGuard >/dev/null 2>&1

# do we need a new config file?
if [ -s %{_sysconfdir}/squid/squidGuard.conf ]; then
    echo "/etc/squid/squidGuard.conf created as /etc/squid/squidGuard.conf.rpmnew"
cat %{_docdir}/%{name}-%{version}/squidGuard.conf.k12ltsp.template | \

/sbin/chkconfig --add squidGuard
/sbin/chkconfig --add transparent-proxying

# reload SELinux policies
echo "Loading new SELinux policy"
pushd %{_sysconfdir}/selinux/targeted/src/policy/
%{__make} load &> /dev/null

#### End of %post

if [ $1 = 0 ] ; then
    service squidGuard stop >/dev/null 2>&1
    /sbin/chkconfig --del squidGuard
	/sbin/chkconfig --del transparent-proxying

%doc samples/*.conf
%doc samples/*.cgi
%doc samples/dest/blacklists.tar.gz
%doc doc/*.txt doc/*.html doc/*.gif
%doc squidGuard.conf.k12ltsp.template
%config(noreplace) %{_sysconfdir}/squid/squidGuard.conf
%config(noreplace) %{_sysconfdir}/logrotate.d/squidGuard
%config(noreplace) %{_sysconfdir}/cron.daily/squidGuard
%attr(0755,root,root) %{_cgibin}/*.cgi

* Wed Feb 11 2009 Jon Ciesla <> - 1.3-1
- Update to 1.3.
- Dropped paths, sed patches, applied upstream.
- New SG-2008-06-13 patch.

* Wed Feb 11 2009 Jon Ciesla <> - 1.2.1-2
- Fix sg-2008-06-13, BZ 452467.

* Wed Feb 11 2009 Jon Ciesla <> - 1.2.1-1
- Update to 1.2.1,  BZ 245377.
- Dropped upstream patch.
- Updated blacklists.

* Tue Feb 19 2008 Fedora Release Engineering <> - 1.2.0-18
- Autorebuild for GCC 4.3

* Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 1.2.0-17
 - Rebuild for deps

* Fri Nov 16 2007 John Berninger <john at ncphotography dot com> 1.2.0-16
- Fix perms on cgi-bin files

* Mon Mar 26 2007 John Berninger <jwb at redhat dot com>	1.2.0-15
- Assert ownership of /var/squidGuard - bz 233915

* Tue Aug 29 2006 John Berninger <jwb at redhat dot com>	1.2.0-14
- Bump release 'cause I forgot to add a patch file that's required

* Tue Aug 29 2006 John Berninger <jwb at redhat dot com>	1.2.0-13
- general updates to confirm build on FC5/FC6
- updates to BuildRequires

* Fri Sep 09 2005 Oliver Falk <>		- 1.2.0-12
- Make it K12LTSP compatible, so a possible upgrade doesn't break
  - Add SELinux stuff
  - Move dbdir to /var/squidGuard/blacklists, instead of /var/lib/squidGuard
  - Added update script and template config from/for K12
  - Add perlwarnings and sed patch
  - Install cgis in /var/www/cgi-bin
  - Added initrd stuff
- Remove questionable -ldb from make
- Remove questionable db version check

* Tue Sep 06 2005 Oliver Falk <>		- 1.2.0-11
- More bugs from Bug #165689
  Install cron script with perm 755
  Don't use SOURCE3 in install section, we need to use the patched one
* Mon Sep 05 2005 Oliver Falk <>		- 1.2.0-10
- Include GPL in doc section

* Mon Sep 05 2005 Oliver Falk <>		- 1.2.0-9
- More 'bugs' from Bug #165689
  Make changed on squid-getlist.html a patch, as sources should
  match upstream sources, so they are wget-able...

* Mon Sep 05 2005 Oliver Falk <>		- 1.2.0-8
- Bug #165689

* Thu May 19 2005 Oliver Falk <>		- 1.2.0-7
- Update blacklists
- Cleanup specfile

* Fri Apr 08 2005 Oliver Falk <>		- 1.2.0-6
- Fix build on RH 8 with db 4.0.14, by not applying the db4 patch

* Mon Feb 21 2005 Oliver Falk <> 		- 1.2.0-5
- Specfile cleaning
- Make it build with db4 again, by adding the db4-patch

* Mon Apr 12 2002 Oliver Pitzeier <>	- 1.2.0-4
- Tweaks

* Mon Apr 08 2002 Oliver Pitzeier <> 	- 1.2.0-3
- Rebuild

* Mon Apr 08 2002 Oliver Pitzeier <> 	- 1.2.0-2
- Updated the blacklists and put it into the right place
  I also descompress them
- Added a new "forbidden" script - the other ones are too
  old and don't work.  

* Fri Apr 05 2002 Oliver Pitzeier <> 	- 1.2.0-1
- Update to version 1.2.0

* Fri Jun  1 2001 Enrico Scholz <>
- cleaned up for rhcontrib

* Fri Oct 13 2000 Enrico Scholz <>
- initial build