Resolves: #2095468 - [RFE] squid use systemd-sysusers
This commit is contained in:
Luboš Uhliarik
parent
15d476e3f5
commit
377018129f
26
squid.spec
26
squid.spec
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
Name: squid
|
||||
Version: 5.5
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
Summary: The Squid proxy caching server
|
||||
Epoch: 7
|
||||
# See CREDITS for breakdown of non GPLv2+ code
|
||||
|
|
@ -18,6 +18,7 @@ Source5: squid.pam
|
|||
Source6: squid.nm
|
||||
Source7: squid.service
|
||||
Source8: cache_swap.sh
|
||||
Source9: squid.sysusers
|
||||
|
||||
Source98: perl-requires-squid.sh
|
||||
|
||||
|
|
@ -52,10 +53,7 @@ Patch502: squid-5.5-CVE-2022-41318.patch
|
|||
Requires: bash gawk
|
||||
# for httpd conf file - cachemgr script alias
|
||||
Requires: httpd-filesystem
|
||||
Requires(pre): shadow-utils
|
||||
Requires(post): systemd
|
||||
Requires(preun): systemd
|
||||
Requires(postun): systemd
|
||||
|
||||
# squid_ldap_auth and other LDAP helpers require OpenLDAP
|
||||
BuildRequires: make
|
||||
BuildRequires: openldap-devel
|
||||
|
|
@ -87,6 +85,8 @@ BuildRequires: systemd-rpm-macros
|
|||
# systemd notify
|
||||
BuildRequires: systemd-devel
|
||||
|
||||
%{?systemd_requires}
|
||||
%{?sysusers_requires_compat}
|
||||
|
||||
# Old NetworkManager expects the dispatcher scripts in a different place
|
||||
Conflicts: NetworkManager < 1.20
|
||||
|
|
@ -242,6 +242,8 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/squid/squid.conf.documented
|
|||
# remove unpackaged files from the buildroot
|
||||
rm -f $RPM_BUILD_ROOT/squid.httpd.tmp
|
||||
|
||||
# sysusers.d
|
||||
install -p -D -m 0644 %{SOURCE9} %{buildroot}%{_sysusersdir}/squid.conf
|
||||
|
||||
%files
|
||||
%license COPYING
|
||||
|
|
@ -283,15 +285,10 @@ rm -f $RPM_BUILD_ROOT/squid.httpd.tmp
|
|||
%{_libdir}/squid/*
|
||||
%{_datadir}/snmp/mibs/SQUID-MIB.txt
|
||||
%{_tmpfilesdir}/squid.conf
|
||||
%{_sysusersdir}/squid.conf
|
||||
|
||||
%pre
|
||||
if ! getent group squid >/dev/null 2>&1; then
|
||||
/usr/sbin/groupadd -g 23 squid
|
||||
fi
|
||||
|
||||
if ! getent passwd squid >/dev/null 2>&1 ; then
|
||||
/usr/sbin/useradd -g 23 -u 23 -d /var/spool/squid -r -s /sbin/nologin squid >/dev/null 2>&1 || exit 1
|
||||
fi
|
||||
%sysusers_create_compat %{SOURCE9}
|
||||
|
||||
for i in /var/log/squid /var/spool/squid ; do
|
||||
if [ -d $i ] ; then
|
||||
|
|
@ -334,8 +331,6 @@ do
|
|||
end
|
||||
end
|
||||
|
||||
|
||||
|
||||
%post
|
||||
%systemd_post squid.service
|
||||
|
||||
|
|
@ -354,6 +349,9 @@ fi
|
|||
|
||||
|
||||
%changelog
|
||||
* Mon Nov 07 2022 Luboš Uhliarik <luhliari@redhat.com> - 7:5.5-4
|
||||
- Resolves: #2095468 - [RFE] squid use systemd-sysusers
|
||||
|
||||
* Mon Nov 07 2022 Luboš Uhliarik <luhliari@redhat.com> - 7:5.5-3
|
||||
- Resolves: #2130253 - CVE-2022-41318 squid: buffer-over-read in SSPI and SMB
|
||||
authentication
|
||||
|
|
|
|||
|
|
@ -0,0 +1,2 @@
|
|||
g squid 23 -
|
||||
u squid 23 "Squid proxy user" /var/spool/squid /sbin/nologin
|
||||
Loading…
Reference in New Issue