%define _default_patch_fuzz 2
# $Id: squidGuard.spec,v 1.20 2009/09/09 17:51:25 limb Exp $
%define _dbtopdir %{_var}/%{name}
%define _dbhomedir %{_var}/%{name}/blacklists
%define _cgibin /var/www/cgi-bin
Name: squidGuard
Version: 1.4
Release: 6%{?dist}
Summary: Filter, redirector and access controller plugin for squid
Group: System Environment/Daemons
License: GPLv2
Source0: http://www.squidguard.org/Downloads/squidGuard-%{version}.tar.gz
Source1: squidGuard.logrotate
Source2: http://ftp.teledanmark.no/pub/www/proxy/%{name}/contrib/blacklists.tar.gz
Source3: http://cuda.port-aransas.k12.tx.us/squid-getlist.html
# K12LTSP stuff
Source100: squidGuard.conf
Source101: update_squidguard_blacklists
Source102: squidguard
Source103: transparent-proxying
# SELinux (taken from K12LTSP package)
#Source200: squidGuard.te
#Source201: squidGuard.fc
#Patch0: squidGuard-upstream.patch
#Patch1: squidGuard-paths.patch
Patch2: squid-getlist.html.patch
Patch3: squidGuard-perlwarning.patch
#Patch4: squidGuard-sed.patch
Patch5: squidGuard-makeinstall.patch
#Patch6: squidGuard-1.3-SG-2008-06-13.patch
URL: http://www.squidguard.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: bison, byacc, openldap-devel, flex, compat-db46
#put db4-devel back and remove compat-db46 once release > 1.4
Requires: squid
#Requires(post): %{_bindir}/chcon
Requires(post): /sbin/chkconfig
%description
squidGuard can be used to
- limit the web access for some users to a list of accepted/well known
web servers and/or URLs only.
- block access to some listed or blacklisted web servers and/or URLs
for some users.
- block access to URLs matching a list of regular expressions or words
for some users.
- enforce the use of domainnames/prohibit the use of IP address in
URLs.
- redirect blocked URLs to an "intelligent" CGI based info page.
- redirect unregistered user to a registration form.
- redirect popular downloads like Netscape, MSIE etc. to local copies.
- redirect banners to an empty GIF.
- have different access rules based on time of day, day of the week,
date etc.
- have different rules for different user groups.
- and much more..
Neither squidGuard nor Squid can be used to
- filter/censor/edit text inside documents
- filter/censor/edit embeded scripting languages like JavaScript or
VBscript inside HTML
%prep
%setup -q
%{__cp} %{SOURCE3} .
#%patch0 -p1
#%patch1 -p1 -b .paths
%patch2 -p0
%patch3 -p2
#%patch4 -p1
%patch5 -p1
#%patch6 -p0
%{__cp} %{SOURCE100} ./squidGuard.conf.k12ltsp.template
%{__cp} %{SOURCE101} ./update_squidguard_blacklists.k12ltsp.sh
%build
%configure \
--with-sg-config=%{_sysconfdir}/squid/squidGuard.conf \
--with-sg-logdir=%{_var}/log/squid \
--with-sg-dbhome=%{_dbhomedir} \
--with-db-inc=%{_includedir}/db4.6.21 \
--with-db-lib=%{_libdir}/db4.6.21
#%{__make} %{?_smp_mflags}
%{__make}
pushd contrib
%{__make} %{?_smp_mflags}
popd
%install
%{__rm} -rf $RPM_BUILD_ROOT
#%{__make} DESTDIR=$RPM_BUILD_ROOT install
# This broke as of 1.2.1.
%{__install} -p -D -m 0755 src/squidGuard $RPM_BUILD_ROOT%{_bindir}/squidGuard
%{__install} -p -D -m 0644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/squidGuard
%{__install} -p -D -m 0644 samples/sample.conf $RPM_BUILD_ROOT%{_sysconfdir}/squid/squidGuard.conf
%{__install} -p -D -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_dbhomedir}/blacklists.tar.gz
# Don't use SOURCE3, but use the allready patched one #165689
%{__install} -p -D -m 0755 squid-getlist.html $RPM_BUILD_ROOT%{_sysconfdir}/cron.daily/squidGuard
#%{__install} -p -D %{SOURCE200} $RPM_BUILD_ROOT%{_sysconfdir}/selinux/targeted/src/policy/domains/program/squidGuard.te
#%{__install} -p -D %{SOURCE201} $RPM_BUILD_ROOT%{_sysconfdir}/selinux/targeted/src/policy/file_contexts/program/squidGuard.fc
%{__install} -p -d $RPM_BUILD_ROOT%{_cgibin}
%{__install} samples/squid*cgi $RPM_BUILD_ROOT%{_cgibin}
%{__install} contrib/hostbyname/hostbyname $RPM_BUILD_ROOT%{_bindir}
%{__install} contrib/sgclean/sgclean $RPM_BUILD_ROOT%{_bindir}
%{__install} -p -D -m 0755 %{SOURCE102} $RPM_BUILD_ROOT%{_initrddir}/squidGuard
%{__install} -p -D -m 0755 %{SOURCE103} $RPM_BUILD_ROOT%{_initrddir}/transparent-proxying
pushd $RPM_BUILD_ROOT%{_dbhomedir}
tar xfz $RPM_BUILD_ROOT%{_dbhomedir}/blacklists.tar.gz
popd
sed -i "s,dest/adult/,blacklists/porn/,g" $RPM_BUILD_ROOT%{_sysconfdir}/squid/squidGuard.conf
%{__install} -p -D -m 0644 samples/babel.* $RPM_BUILD_ROOT%{_cgibin}
%clean
%{__rm} -rf $RPM_BUILD_ROOT
%post
# fix SELinux bits
#%{_bindir}/chcon -R system_u:object_r:squid_cache_t /var/squidGuard >/dev/null 2>&1
#%{_bindir}/chcon -R system_u:object_r:squid_log_t /var/log/squidGuard >/dev/null 2>&1
# do we need a new config file?
if [ -s %{_sysconfdir}/squid/squidGuard.conf ]; then
CONFFILE="%{_sysconfdir}/squid/squidGuard.conf.rpmnew"
echo "/etc/squid/squidGuard.conf created as /etc/squid/squidGuard.conf.rpmnew"
else
CONFFILE="/etc/squid/squidGuard.conf"
fi
cat %{_docdir}/%{name}-%{version}/squidGuard.conf.k12ltsp.template | \
sed s/SERVERNAME/$HOSTNAME/g > $CONFFILE
/sbin/chkconfig --add squidGuard
/sbin/chkconfig --add transparent-proxying
# reload SELinux policies
#echo "Loading new SELinux policy"
#pushd %{_sysconfdir}/selinux/targeted/src/policy/
#%{__make} load &> /dev/null
#popd
#### End of %post
%preun
if [ $1 = 0 ] ; then
service squidGuard stop >/dev/null 2>&1
/sbin/chkconfig --del squidGuard
/sbin/chkconfig --del transparent-proxying
fi
%files
%defattr(-,root,root)
%doc samples/*.conf
%doc samples/*.cgi
%doc samples/dest/blacklists.tar.gz
%doc COPYING GPL
%doc doc/*.txt doc/*.html doc/*.gif
%doc squidGuard.conf.k12ltsp.template
%{_bindir}/*
%config(noreplace) %{_sysconfdir}/squid/squidGuard.conf
%config(noreplace) %{_sysconfdir}/logrotate.d/squidGuard
%config(noreplace) %{_sysconfdir}/cron.daily/squidGuard
%{_dbtopdir}/
#%{_sysconfdir}/selinux/targeted/src/policy/domains/program/squidGuard.te
#%{_sysconfdir}/selinux/targeted/src/policy/file_contexts/program/squidGuard.fc
%attr(0755,root,root) %{_cgibin}/*.cgi
%{_cgibin}/babel.*
%{_initrddir}/squidGuard
%{_initrddir}/transparent-proxying
%changelog
* Wed Sep 09 2009 Jon Ciesla <limb@jcomserv.net> - 1.4-6
- Include babel files, BZ 522038.
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Thu Mar 05 2009 Jon Ciesla <limb@jcomserv.net> - 1.4-4
- Initscript cleanup, BZ 247065.
* Tue Feb 24 2009 Jon Ciesla <limb@jcomserv.net> - 1.4-3
- Drop chcon Req.
* Mon Feb 23 2009 Jon Ciesla <limb@jcomserv.net> - 1.4-2
- Dropping selinux policy and chcon, BZ 486634.
- Fixed URL of Source0.
* Wed Feb 18 2009 Jon Ciesla <limb@jcomserv.net> - 1.4-1
- Update to 1.4, BZ 485530.
- Building against compat-db46 until next version.
* Wed Feb 11 2009 Jon Ciesla <limb@jcomserv.net> - 1.3-1
- Update to 1.3.
- Dropped paths, sed patches, applied upstream.
- New SG-2008-06-13 patch.
* Wed Feb 11 2009 Jon Ciesla <limb@jcomserv.net> - 1.2.1-2
- Fix sg-2008-06-13, BZ 452467.
* Wed Feb 11 2009 Jon Ciesla <limb@jcomserv.net> - 1.2.1-1
- Update to 1.2.1, BZ 245377.
- Dropped upstream patch.
- Updated blacklists.
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1.2.0-18
- Autorebuild for GCC 4.3
* Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 1.2.0-17
- Rebuild for deps
* Fri Nov 16 2007 John Berninger <john at ncphotography dot com> 1.2.0-16
- Fix perms on cgi-bin files
* Mon Mar 26 2007 John Berninger <jwb at redhat dot com> 1.2.0-15
- Assert ownership of /var/squidGuard - bz 233915
* Tue Aug 29 2006 John Berninger <jwb at redhat dot com> 1.2.0-14
- Bump release 'cause I forgot to add a patch file that's required
* Tue Aug 29 2006 John Berninger <jwb at redhat dot com> 1.2.0-13
- general updates to confirm build on FC5/FC6
- updates to BuildRequires
* Fri Sep 09 2005 Oliver Falk <oliver@linux-kernel.at> - 1.2.0-12
- Make it K12LTSP compatible, so a possible upgrade doesn't break
anything/much...
- Add SELinux stuff
- Move dbdir to /var/squidGuard/blacklists, instead of /var/lib/squidGuard
- Added update script and template config from/for K12
- Add perlwarnings and sed patch
- Install cgis in /var/www/cgi-bin
- Added initrd stuff
- Remove questionable -ldb from make
- Remove questionable db version check
* Tue Sep 06 2005 Oliver Falk <oliver@linux-kernel.at> - 1.2.0-11
- More bugs from Bug #165689
Install cron script with perm 755
Don't use SOURCE3 in install section, we need to use the patched one
* Mon Sep 05 2005 Oliver Falk <oliver@linux-kernel.at> - 1.2.0-10
- Include GPL in doc section
* Mon Sep 05 2005 Oliver Falk <oliver@linux-kernel.at> - 1.2.0-9
- More 'bugs' from Bug #165689
Make changed on squid-getlist.html a patch, as sources should
match upstream sources, so they are wget-able...
* Mon Sep 05 2005 Oliver Falk <oliver@linux-kernel.at> - 1.2.0-8
- Bug #165689
* Thu May 19 2005 Oliver Falk <oliver@linux-kernel.at> - 1.2.0-7
- Update blacklists
- Cleanup specfile
* Fri Apr 08 2005 Oliver Falk <oliver@linux-kernel.at> - 1.2.0-6
- Fix build on RH 8 with db 4.0.14, by not applying the db4 patch
* Mon Feb 21 2005 Oliver Falk <oliver@linux-kernel.at> - 1.2.0-5
- Specfile cleaning
- Make it build with db4 again, by adding the db4-patch
* Mon Apr 12 2002 Oliver Pitzeier <oliver@linux-kernel.at> - 1.2.0-4
- Tweaks
* Mon Apr 08 2002 Oliver Pitzeier <oliver@linux-kernel.at> - 1.2.0-3
- Rebuild
* Mon Apr 08 2002 Oliver Pitzeier <oliver@linux-kernel.at> - 1.2.0-2
- Updated the blacklists and put it into the right place
I also descompress them
- Added a new "forbidden" script - the other ones are too
old and don't work.
* Fri Apr 05 2002 Oliver Pitzeier <oliver@linux-kernel.at> - 1.2.0-1
- Update to version 1.2.0
* Fri Jun 1 2001 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
- cleaned up for rhcontrib
* Fri Oct 13 2000 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
- initial build