Created by command: /usr/bin/tito tagtags/ufdbGuard-1.33.4-CentOS7^0 ufdbGuard-1.33.4-CentOS7
Daniel Berteaud
7 years ago
parent
c96e9effcc
commit
2c2796164e
2 changed files with 357 additions and 0 deletions
@ -0,0 +1 @@ |
||||
1.33.4-CentOS7 ./ |
||||
@ -0,0 +1,356 @@ |
||||
# ufdbGuard.spec.CentOS7 |
||||
|
||||
%global _hardened_build 1 |
||||
%global version 1.33.4 |
||||
|
||||
# no stripping of the binaries |
||||
%global __os_install_post %{nil} |
||||
%define debug_package %{nil} |
||||
%define __strip /bin/true |
||||
|
||||
### %__global_cflags -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches %{_hardened_cflags} %{_performance_cflags} |
||||
%define __global_cflags -O2 -g -pipe -Wall -grecord-gcc-switches %{_hardened_cflags} %{_performance_cflags} |
||||
|
||||
Name: ufdbGuard |
||||
Version: %{version} |
||||
Release: CentOS7 |
||||
Summary: ufdbGuard is a URL filter for Squid |
||||
License: GNU General Public License v2.0 only |
||||
Group: Internet/Proxy |
||||
|
||||
# FHS says no package may have files under /usr/local nor /opt |
||||
# Prefix: /usr/local/ufdbguard |
||||
Prefix: /usr |
||||
|
||||
Provides: ufdbguardd |
||||
Provides: ufdbgclient |
||||
Provides: ufdbhttpd |
||||
Provides: ufdbsignal |
||||
Provides: ufdb-pstack |
||||
Provides: ufdbpeek |
||||
Provides: ufdbGenTable, ufdbConvertDB |
||||
Provides: ufdbUpdate |
||||
Provides: ufdbAnalyse |
||||
Provides: ufdb_analyse_urls, ufdb_analyse_users, ufdb_top_urls, ufdb_top_users |
||||
|
||||
URL: http://www.urlfilterdb.com/ |
||||
|
||||
# The sources for many versions of ufdbGuard are on sourceforge.net (Source0) |
||||
# The latest version can also be downloaded from URLfilterDB (Source1) |
||||
Source: https://www.urlfilterdb.com/files/downloads/%{name}-%{version}.tar.gz |
||||
# Source0: http://sourceforge.net/projects/ufdbguard/ |
||||
# Source1: http://www.urlfilterdb.com/en/downloads/software_doc.html |
||||
|
||||
# Buildroot: /local/src/ufdbGuard-%{version} |
||||
# Buildroot: . |
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot-%(%{__id_u} -n) |
||||
|
||||
# required packages for ufdbguardd |
||||
Requires: glibc >= 2.17 |
||||
Requires: openssl >= 1.0.1e |
||||
Requires: bzip2-libs >= 1.0.6 |
||||
Requires: zlib >= 1.2.7 |
||||
# required packages for ufdbUpdate |
||||
Requires: wget >= 1.14 |
||||
Requires: tar, gzip |
||||
# require packages for ufdb-pstack |
||||
Requires: gdb >= 7.6.1 |
||||
Requires: yum-utils >= 1.1.31 |
||||
# required packages for installation |
||||
Requires: at |
||||
# required packages for analysis scripts |
||||
Requires: perl |
||||
%global __requires_exclude %{?__requires_exclude}|perl\\(CGI::|perl\\(FCGI:: |
||||
# squid is required but may be installed from source and not using an RPM, |
||||
# or ufdbguard is used on a system where squid is not installed. |
||||
# Requires: squid |
||||
# gdb is highly recommended but not a requirement |
||||
# Requires: gdb |
||||
|
||||
Buildrequires: openssl-devel >= 1.0.1e |
||||
Buildrequires: bzip2-devel >= 1.0.6 |
||||
Buildrequires: zlib-devel >= 1.2.7 |
||||
Buildrequires: make, gcc, bison, flex |
||||
Buildrequires: bind-utils |
||||
|
||||
# TODO: %_initddir is macro for /etc/rc.d/init.d |
||||
Requires(post): chkconfig |
||||
Requires(preun): chkconfig |
||||
Requires(preun): initscripts |
||||
Requires(pre): shadow-utils |
||||
|
||||
%description |
||||
ufdbGuard is a free URL filter for Squid with additional features like |
||||
SafeSearch enforcement for a large number of search engines, safer HTTPS |
||||
visits and dynamic detection of proxies (URL filter circumventors). |
||||
|
||||
ufdbGuard supports free and commercial URL databases that can be |
||||
downloaded from various sites and vendors. |
||||
You can also make your own URL database for ufdbGuard. |
||||
|
||||
|
||||
%post |
||||
|
||||
echo >&2 |
||||
echo "ufdbGuard is installed." >&2 |
||||
echo "See the Reference Manual for further instructions and configuration." >&2 |
||||
echo "Seek help at https://www.urlfilterdb.com in case you have a question or an issue." >&2 |
||||
echo >&2 |
||||
|
||||
job=`grep ufdbUpdate /var/spool/cron/* 2>/dev/null | grep -v "^#" ` |
||||
if [ "$job" = "" ] |
||||
then |
||||
echo "There is not yet a cron job for ufdbUpdate *****" >&2 |
||||
echo >&2 |
||||
fi |
||||
|
||||
# This adds the proper /etc/rc*.d links for the script |
||||
/sbin/chkconfig --add ufdb |
||||
# |
||||
# echo "#!/bin/sh" > /tmp/ufdb.postinstall |
||||
# echo "echo Updating debuginfo ..." >> /tmp/ufdb.postinstall |
||||
# echo "debuginfo-install -y -q glibc >/dev/null 2>&1" >> /tmp/ufdb.postinstall |
||||
# echo "debuginfo-install -y -q zlib >/dev/null 2>&1" >> /tmp/ufdb.postinstall |
||||
# echo "debuginfo-install -y -q bzip2 >/dev/null 2>&1" >> /tmp/ufdb.postinstall |
||||
# echo "debuginfo-install -y -q openssl >/dev/null 2>&1" >> /tmp/ufdb.postinstall |
||||
# chmod +x /tmp/ufdb.postinstall |
||||
# # |
||||
# echo "The installation of the ufdbGuard package is almost finished." >&2 |
||||
# echo "Execute /tmp/ufdb.postinstall to update debuginfo for glibc, zlib, bzip2 and openssl. *****" >&2 |
||||
# echo >&2 |
||||
|
||||
at now + 3min <<EOF |
||||
debuginfo-install -y -q glibc >/dev/null 2>&1 |
||||
debuginfo-install -y -q zlib >/dev/null 2>&1 |
||||
debuginfo-install -y -q bzip2 >/dev/null 2>&1 |
||||
debuginfo-install -y -q openssl >/dev/null 2>&1 |
||||
EOF |
||||
|
||||
# |
||||
# TODO: run check_dns |
||||
|
||||
%preun |
||||
if [ $1 = 0 ] ; then |
||||
/sbin/service ufdb stop >/dev/null 2>&1 |
||||
/sbin/chkconfig --del ufdb |
||||
fi |
||||
|
||||
|
||||
# for pre-F13: |
||||
%clean |
||||
[ %{buildroot} != "/" ] && echo rm -rf %{buildroot} |
||||
|
||||
# ufdbGuard is installed with user ufdb and group ufdb |
||||
%pre |
||||
# set -x |
||||
getent group ufdb >/dev/null || groupadd -r ufdb |
||||
getent passwd ufdb >/dev/null || \ |
||||
useradd -r -g ufdb -d /var/ufdbguard -M -s /usr/bin/sh \ |
||||
-c "ufdbGuard URL filter" ufdb |
||||
exit 0 |
||||
|
||||
%prep |
||||
# echo prep in %{buildroot} |
||||
# set -x |
||||
# TODO %setup -q |
||||
%setup -q |
||||
|
||||
%build |
||||
echo build in `pwd` |
||||
%configure \ |
||||
--with-ufdb-user=ufdb \ |
||||
--prefix=/usr \ |
||||
--with-ufdb-bindir=/usr/sbin \ |
||||
--with-ufdb-piddir=/var/run/ufdbguard \ |
||||
--with-ufdb-mandir=/usr/share/man \ |
||||
--with-ufdb-images_dir=/var/ufdbguard/images \ |
||||
--with-ufdb-logdir=/var/ufdbguard/logs \ |
||||
--with-ufdb-samplesdir=/var/ufdbguard/samples \ |
||||
--with-ufdb-config=/etc/ufdbguard \ |
||||
--with-ufdb-dbhome=/var/ufdbguard/blacklists |
||||
|
||||
%{__make} %{?_smp_mflags} |
||||
|
||||
%install |
||||
# echo install |
||||
# env |
||||
[ %{buildroot} != "/" ] && rm -rf %{buildroot} |
||||
%{__make} DESTDIR=%{buildroot} mkdirsredhatcentos install |
||||
# the install makes a backup of the conf file that we do not want in the package |
||||
rm -f %{buildroot}/etc/ufdbguard/ufdbGuard.conf.pre-v1.* |
||||
|
||||
# echo |
||||
# echo "The configuration file of ufdbGuard is /etc/ufdbguard/ufdbGuard.conf" |
||||
# echo "The system configuration file for the ufdbGuard Software Suite is /etc/sysconfig/ufdbguard" |
||||
|
||||
# ufdbsignal is suid-root since it must be able to send a signal to ufdbguardd. |
||||
# ufdbsignal is a very simple program which checks the uid to see if the user is permitted to send a signal. |
||||
# ufdbsignal reads the pid from /var/run/ufdbguardd/ufdbguardd.pid. |
||||
|
||||
%verifyscript |
||||
|
||||
if [ ! -f /etc/sysconfig/ufdbguard ] |
||||
then |
||||
echo "/etc/sysconfig/ufdbguard does not exist." >&2 |
||||
else |
||||
eval `grep "^DOWNLOAD_USER=" /etc/sysconfig/ufdbguard` |
||||
if [ "$DOWNLOAD_USER" = "" ] |
||||
then |
||||
echo "The username for periodical downloads of the URL database is not set." >&2 |
||||
echo "Edit /etc/sysconfig/ufdbguard and set DOWNLOAD_USER and DOWNLOAD_PASSWORD." >&2 |
||||
else |
||||
echo "DOWNLOAD_USER is set to $DOWNLOAD_USER in /etc/sysconfig/ufdbguard" |
||||
fi |
||||
fi |
||||
|
||||
if [ ! -f /etc/ufdbguard/ufdbGuard.conf ] |
||||
then |
||||
echo "/etc/ufdbguard/ufdbGuard.conf does not exist." |
||||
else |
||||
set -- `grep ^dbhome /etc/ufdbguard/ufdbGuard.conf` |
||||
# must get rid of quotes or else "if [ ! -d $DBDIR ]" fails :-( |
||||
DBDIR=`echo ${2:-notset} | sed -e 's,",,g' ` |
||||
if [ $DBDIR = notset ] |
||||
then |
||||
DBDIR=/var/ufdbguard/blacklists |
||||
echo "/etc/ufdbguard/ufdbGuard.conf: dbhome is not set" >&2 |
||||
echo "Using default value for dbhome: $DBDIR" >&2 |
||||
fi |
||||
if [ ! -d $DBDIR ] |
||||
then |
||||
echo "/etc/ufdbguard/ufdbGuard.conf: dbhome $DBDIR: directory does not exist" >&2 |
||||
else |
||||
if [ ! -d $DBDIR/adult -o ! -d $DBDIR/checked ] |
||||
then |
||||
echo "/etc/ufdbguard/ufdbGuard.conf: dbhome $DBDIR:" >&2 |
||||
echo "The directory for the URL database does not contain subdirectories for adult and/or checked." >&2 |
||||
echo "This means that the URL database of URLfilterDB is not used." >&2 |
||||
echo "If you intend to use the URL database of URLfilterDB, make sure that " >&2 |
||||
echo "\"ufdbUpdate [-v]\" runs without errors to download the URL database." >&2 |
||||
echo "See the Reference Manual for more information." >&2 |
||||
fi |
||||
fi |
||||
fi |
||||
|
||||
exit 0 |
||||
|
||||
|
||||
%postun |
||||
|
||||
job=`grep ufdbUpdate /var/spool/cron/* 2>/dev/null | grep -v "^#" ` |
||||
if [ "$job" != "" ] |
||||
then |
||||
echo "Note: there is still a cron job for ufdbUpdate." >&2 |
||||
fi |
||||
|
||||
exit 0 |
||||
|
||||
|
||||
# %config |
||||
# /etc/sysconfig/ufdbguard |
||||
# /etc/ufdbguard/ufdbGuard.conf |
||||
|
||||
%files |
||||
%defattr(-,root,root,-) |
||||
/etc/init.d/ufdb |
||||
%config(noreplace) %attr(-,ufdb,ufdb) /etc/sysconfig/ufdbguard |
||||
%config(noreplace) %attr(-,ufdb,ufdb) /etc/ufdbguard/ufdbGuard.conf |
||||
/var/ufdbguard/images/default.flv |
||||
/var/ufdbguard/images/default.mp3 |
||||
/var/ufdbguard/images/default.mpeg |
||||
/var/ufdbguard/images/default.wmv |
||||
/var/ufdbguard/images/forbidden-normal-de.png |
||||
/var/ufdbguard/images/forbidden-normal-en.png |
||||
/var/ufdbguard/images/forbidden-normal-es.png |
||||
/var/ufdbguard/images/forbidden-normal-fr.png |
||||
/var/ufdbguard/images/forbidden-normal-it.png |
||||
/var/ufdbguard/images/forbidden-normal-nl.png |
||||
/var/ufdbguard/images/forbidden-normal-pl.png |
||||
/var/ufdbguard/images/forbidden-normal-pt.png |
||||
/var/ufdbguard/images/forbidden-normal-sv.png |
||||
/var/ufdbguard/images/forbidden-normal-tr.png |
||||
/var/ufdbguard/images/no-ads.png |
||||
/var/ufdbguard/images/smallcross.png |
||||
/var/ufdbguard/images/square.png |
||||
/var/ufdbguard/images/transparent.png |
||||
/var/ufdbguard/samples/execdomainlist.sh |
||||
/var/ufdbguard/samples/execuserlist.sh |
||||
/var/ufdbguard/samples/URLblocked.cgi |
||||
/usr/sbin/ufdb-pstack |
||||
/usr/sbin/ufdbAnalyse |
||||
/usr/sbin/ufdbConvertDB |
||||
/usr/sbin/ufdbGenTable |
||||
/usr/sbin/ufdbUpdate |
||||
/usr/sbin/ufdb_analyse_urls |
||||
/usr/sbin/ufdb_analyse_users |
||||
/usr/sbin/ufdb_top_urls |
||||
/usr/sbin/ufdb_top_users |
||||
/usr/sbin/ufdbgclient |
||||
/usr/sbin/ufdbguardd |
||||
/usr/sbin/ufdbhttpd |
||||
%attr(4755,root,root) /usr/sbin/ufdbsignal |
||||
/usr/share/man/man1/ufdb_analyse_urls.1 |
||||
/usr/share/man/man1/ufdb_analyse_users.1 |
||||
/usr/share/man/man1/ufdb_top_urls.1 |
||||
/usr/share/man/man1/ufdb_top_users.1 |
||||
/usr/share/man/man1/ufdbAnalyse.1 |
||||
/usr/share/man/man8/ufdbgclient.8 |
||||
/usr/share/man/man8/ufdbguardd.8 |
||||
/usr/share/man/man8/ufdbhttpd.8 |
||||
/usr/share/man/man8/ufdbupdate.8 |
||||
%dir %attr(-,ufdb,ufdb) /var/ufdbguard/blacklists |
||||
%dir %attr(-,ufdb,ufdb) /var/ufdbguard/blacklists/security |
||||
# The cacerts get updated by ufdbUpdate: |
||||
%verify(not md5 size mtime) %attr(644,ufdb,ufdb) /var/ufdbguard/blacklists/security/cacerts |
||||
# log files go to /var/ufdbguard/logs |
||||
%dir %attr(-,ufdb,ufdb) /var/ufdbguard/logs |
||||
# pid files go to /var/run/ufdbguard |
||||
%dir %attr(755,ufdb,ufdb) /var/run/ufdbguard |
||||
|
||||
%doc README CHANGELOG |
||||
# TODO |
||||
|
||||
%changelog |
||||
* Tue Feb 20 2018 Daniel Berteaud <daniel@firewall-services.com> 1.33.4-CentOS7 |
||||
- new package built with tito |
||||
|
||||
* Thu Sep 21 2017 Marcus Kool <marcus-dot-kool@urlfilterdb.com> - 1.33.4 |
||||
Fix: URLs with very long domainnames may cause a crash if the URL is not in the URL database |
||||
Fix: ufdbguardd did not obey 'continue' inside a source |
||||
Fix: the logfile did not not contain "PASS URL" for all allowed URLs |
||||
Fix: suppress another warning by ufdbGenTable if the -q option is used |
||||
Fix: execuserlist with large arguments cannot be cached |
||||
Fix: ufdbguardd sometimes does not use the correct source for its decision |
||||
Fix: in-addr also matched URLs without an IP address |
||||
Configuration: the option squid-uses-active-bumping was missing in the default configuration file |
||||
|
||||
* Tue Jun 6 2017 Marcus Kool <marcus-dot-kool@urlfilterdb.com> - 1.33.3 |
||||
Fix: ufdbgclient truncates Squid request lines to 8K which means that very long URLs cannot be filtered |
||||
Fix: ufdbGenTable erroneously warned about URLs inside a comment |
||||
Fix: make ufdbGuard compile on FreeBSD |
||||
Fix: when evaluate-and IPv4/6 is used in a source definition, the source may not matched |
||||
Fix: ufdbguardd did not accept the IPv6 address '::' |
||||
Enhancement: several warnings for IPv4 and IPv6 addresses inside a source were implemented |
||||
|
||||
* Wed May 23 2017 Marcus Kool <marcus-dot-kool@urlfilterdb.com> - 1.33.2 |
||||
Fix: ufdbguardd may incorrectly abort with a fatal error cannot-get-rwlock-for-database-refresh-after-many-attempts |
||||
Fix: safesearch did not work in 2 out of 3 cases |
||||
Fix: ufdbguard did not compile on FreeBSD. |
||||
Fix: crash due to stack overwrite in uploadStatistics/logStatistics |
||||
Documentation: added use-ipv6-on-wan option to Reference Manual |
||||
|
||||
* Wed Mar 15 2017 Marcus Kool <marcus-dot-kool@urlfilterdb.com> - 1.33.1 |
||||
Enhancement: IPv6 support for sources with new keywords ipv6 and ipv6list |
||||
Enhancement: detect certificates of ucweb.com and uc.cn of the ucweb browser that circumvents URL filters |
||||
Enhancement: ufdbgclient has new -m parameter to use multithreading and improve performance |
||||
Enhancement: make ufdbguardd.pid world-readable |
||||
Enhancement: allow UTF8 characters in URLs |
||||
Enhancement: new keyword ufdb-log-url-details controls if URLs in the log file have parameters or not |
||||
Fix: on the ARM platform generated URL tables were corrupt |
||||
Fix: implicitly allowed URLs were logged with category "any" instead of the correct category ID |
||||
Fix: prevent false positives with Tor proxy detection on port 443 |
||||
Fix: failed probes for <IP>:443 were not properly cached and resulted in too many probes for IP |
||||
Fix: when reverse IP lookups are used, the URL category was not logged correctly (was logged as "any") |
||||
Fix: ufdbGenTable uses less memory |
||||
Fix: the feature "block-bumped-connect on" never blocked a CONNECT request |
||||
|
||||
Loading…
Reference in new issue