URL filtering solution for squid
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

397 lines
14KB

  1. # ufdbGuard.spec.CentOS7
  2. %global _hardened_build 1
  3. %global version 1.34.3
  4. # no stripping of the binaries
  5. %global __os_install_post %{nil}
  6. %define debug_package %{nil}
  7. %define __strip /bin/true
  8. ### %__global_cflags -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches %{_hardened_cflags} %{_performance_cflags}
  9. %define __global_cflags -O2 -g -pipe -Wall -grecord-gcc-switches %{_hardened_cflags} %{_performance_cflags}
  10. Name: ufdbGuard
  11. Version: 1.34.3
  12. Release: 1%{?dist}
  13. Summary: ufdbGuard is a URL filter for Squid
  14. License: GNU General Public License v2.0 only
  15. Group: Internet/Proxy
  16. # FHS says no package may have files under /usr/local nor /opt
  17. # Prefix: /usr/local/ufdbguard
  18. Prefix: /usr
  19. Provides: ufdbguardd
  20. Provides: ufdbgclient
  21. Provides: ufdbhttpd
  22. Provides: ufdbsignal
  23. Provides: ufdb-pstack
  24. Provides: ufdbpeek
  25. Provides: ufdbGenTable, ufdbConvertDB
  26. Provides: ufdbUpdate
  27. Provides: ufdbDLstatus
  28. Provides: ufdbAnalyse
  29. Provides: ufdb_analyse_urls, ufdb_analyse_users, ufdb_top_urls, ufdb_top_users
  30. URL: http://www.urlfilterdb.com/
  31. # The sources for many versions of ufdbGuard are on sourceforge.net (Source0)
  32. # The latest version can also be downloaded from URLfilterDB (Source1)
  33. Source: https://www.urlfilterdb.com/files/downloads/%{name}-%{version}.tar.gz
  34. # Source0: http://sourceforge.net/projects/ufdbguard/
  35. # Source1: http://www.urlfilterdb.com/en/downloads/software_doc.html
  36. # Buildroot: /local/src/ufdbGuard-%{version}
  37. # Buildroot: .
  38. BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot-%(%{__id_u} -n)
  39. # required packages for ufdbguardd
  40. Requires: glibc >= 2.17
  41. Requires: openssl >= 1.0.2k
  42. Requires: bzip2-libs >= 1.0.6
  43. Requires: zlib >= 1.2.7
  44. # required packages for ufdbUpdate
  45. Requires: wget >= 1.14
  46. Requires: tar, gzip
  47. # require packages for ufdb-pstack
  48. Requires: gdb >= 7.6.1
  49. # Requires: yum-utils >= 1.1.31
  50. # required packages for installation
  51. # Requires: at
  52. # required packages for analysis scripts
  53. Requires: perl
  54. %global __requires_exclude %{?__requires_exclude}|perl\\(CGI::|perl\\(FCGI::
  55. # squid is required but may be installed from source and not using an RPM,
  56. # or ufdbguard is used on a system where squid is not installed.
  57. # Requires: squid
  58. Buildrequires: openssl-devel >= 1.0.2k
  59. Buildrequires: bzip2-devel >= 1.0.6
  60. Buildrequires: zlib-devel >= 1.2.7
  61. Buildrequires: make, gcc, bison, flex
  62. Buildrequires: bind-utils
  63. # TODO: %_initddir is macro for /etc/rc.d/init.d
  64. Requires(post): chkconfig
  65. Requires(preun): chkconfig
  66. Requires(preun): initscripts
  67. Requires(pre): shadow-utils
  68. %description
  69. ufdbGuard is a free URL filter for Squid with additional features like
  70. SafeSearch enforcement for a large number of search engines, safer HTTPS
  71. visits and dynamic detection of proxies (URL filter circumventors).
  72. ufdbGuard supports free and commercial URL databases that can be
  73. downloaded from various sites and vendors.
  74. You can also make your own URL database for ufdbGuard.
  75. %post
  76. echo >&2
  77. echo "ufdbGuard is installed." >&2
  78. echo "See the Reference Manual for further instructions and configuration." >&2
  79. echo "Seek help at https://www.urlfilterdb.com in case you have a question or an issue." >&2
  80. echo >&2
  81. job=`grep ufdbUpdate /var/spool/cron/* 2>/dev/null | grep -v "^#" `
  82. if [ "$job" = "" ]
  83. then
  84. echo "There is not yet a cron job for ufdbUpdate *****" >&2
  85. echo >&2
  86. fi
  87. # This adds the proper /etc/rc*.d links for the script
  88. /sbin/chkconfig --add ufdb
  89. #
  90. # echo "#!/bin/sh" > /tmp/ufdb.postinstall
  91. # echo "echo Updating debuginfo ..." >> /tmp/ufdb.postinstall
  92. # echo "debuginfo-install -y -q glibc >/dev/null 2>&1" >> /tmp/ufdb.postinstall
  93. # echo "debuginfo-install -y -q zlib >/dev/null 2>&1" >> /tmp/ufdb.postinstall
  94. # echo "debuginfo-install -y -q bzip2 >/dev/null 2>&1" >> /tmp/ufdb.postinstall
  95. # echo "debuginfo-install -y -q openssl >/dev/null 2>&1" >> /tmp/ufdb.postinstall
  96. # chmod +x /tmp/ufdb.postinstall
  97. # #
  98. # echo "The installation of the ufdbGuard package is almost finished." >&2
  99. # echo "Execute /tmp/ufdb.postinstall to update debuginfo for glibc, zlib, bzip2 and openssl. *****" >&2
  100. # echo >&2
  101. /usr/bin/sh >/tmp/ufdbguardd.postinstall.log 2>&1 <<EOF &
  102. sleep 180
  103. debuginfo-install -y -q glibc >/dev/null 2>&1
  104. debuginfo-install -y -q zlib >/dev/null 2>&1
  105. debuginfo-install -y -q bzip2 >/dev/null 2>&1
  106. debuginfo-install -y -q openssl >/dev/null 2>&1
  107. EOF
  108. #
  109. # TODO: run check_dns
  110. %preun
  111. if [ $1 = 0 ] ; then
  112. /sbin/service ufdb stop >/dev/null 2>&1
  113. /sbin/chkconfig --del ufdb
  114. fi
  115. # for pre-F13:
  116. %clean
  117. [ %{buildroot} != "/" ] && echo rm -rf %{buildroot}
  118. # ufdbGuard is installed with user ufdb and group ufdb
  119. %pre
  120. # set -x
  121. getent group ufdb >/dev/null || groupadd -r ufdb
  122. getent passwd ufdb >/dev/null || \
  123. useradd -r -g ufdb -d /var/ufdbguard -M -s /usr/bin/sh \
  124. -c "ufdbGuard URL filter" ufdb
  125. exit 0
  126. %prep
  127. # echo prep in %{buildroot}
  128. # set -x
  129. # TODO %setup -q
  130. %setup -q
  131. %build
  132. echo build in `pwd`
  133. %configure \
  134. --with-ufdb-user=ufdb \
  135. --prefix=/usr \
  136. --with-ufdb-bindir=/usr/sbin \
  137. --with-ufdb-piddir=/var/run/ufdbguard \
  138. --with-ufdb-mandir=/usr/share/man \
  139. --with-ufdb-images_dir=/var/ufdbguard/images \
  140. --with-ufdb-logdir=/var/ufdbguard/logs \
  141. --with-ufdb-samplesdir=/var/ufdbguard/samples \
  142. --with-ufdb-config=/etc/ufdbguard \
  143. --with-ufdb-dbhome=/var/ufdbguard/blacklists
  144. %{__make} %{?_smp_mflags}
  145. %install
  146. # echo install
  147. # env
  148. [ %{buildroot} != "/" ] && rm -rf %{buildroot}
  149. %{__make} DESTDIR=%{buildroot} mkdirsredhatcentos install
  150. # the install makes a backup of the conf file that we do not want in the package
  151. rm -f %{buildroot}/etc/ufdbguard/ufdbGuard.conf.pre-v1.*
  152. # echo
  153. # echo "The configuration file of ufdbGuard is /etc/ufdbguard/ufdbGuard.conf"
  154. # echo "The system configuration file for the ufdbGuard Software Suite is /etc/sysconfig/ufdbguard"
  155. # ufdbsignal is suid-root since it must be able to send a signal to ufdbguardd.
  156. # ufdbsignal is a very simple program which checks the uid to see if the user is permitted to send a signal.
  157. # ufdbsignal reads the pid from /var/run/ufdbguardd/ufdbguardd.pid.
  158. %verifyscript
  159. if [ ! -f /etc/sysconfig/ufdbguard ]
  160. then
  161. echo "/etc/sysconfig/ufdbguard does not exist." >&2
  162. else
  163. eval `grep "^DOWNLOAD_USER=" /etc/sysconfig/ufdbguard`
  164. if [ "$DOWNLOAD_USER" = "" ]
  165. then
  166. echo "The username for periodical downloads of the URL database is not set." >&2
  167. echo "Edit /etc/sysconfig/ufdbguard and set DOWNLOAD_USER and DOWNLOAD_PASSWORD." >&2
  168. else
  169. echo "DOWNLOAD_USER is set to $DOWNLOAD_USER in /etc/sysconfig/ufdbguard"
  170. fi
  171. fi
  172. if [ ! -f /etc/ufdbguard/ufdbGuard.conf ]
  173. then
  174. echo "/etc/ufdbguard/ufdbGuard.conf does not exist."
  175. else
  176. set -- `grep ^dbhome /etc/ufdbguard/ufdbGuard.conf`
  177. # must get rid of quotes or else "if [ ! -d $DBDIR ]" fails :-(
  178. DBDIR=`echo ${2:-notset} | sed -e 's,",,g' `
  179. if [ $DBDIR = notset ]
  180. then
  181. DBDIR=/var/ufdbguard/blacklists
  182. echo "/etc/ufdbguard/ufdbGuard.conf: dbhome is not set" >&2
  183. echo "Using default value for dbhome: $DBDIR" >&2
  184. fi
  185. if [ ! -d $DBDIR ]
  186. then
  187. echo "/etc/ufdbguard/ufdbGuard.conf: dbhome $DBDIR: directory does not exist" >&2
  188. else
  189. if [ ! -d $DBDIR/adult -o ! -d $DBDIR/checked ]
  190. then
  191. echo "/etc/ufdbguard/ufdbGuard.conf: dbhome $DBDIR:" >&2
  192. echo "The directory for the URL database does not contain subdirectories for adult and/or checked." >&2
  193. echo "This means that the URL database of URLfilterDB is not used." >&2
  194. echo "If you intend to use the URL database of URLfilterDB, make sure that " >&2
  195. echo "\"ufdbUpdate [-v]\" runs without errors to download the URL database." >&2
  196. echo "See the Reference Manual for more information." >&2
  197. fi
  198. fi
  199. fi
  200. exit 0
  201. %postun
  202. job=`grep ufdbUpdate /var/spool/cron/* 2>/dev/null | grep -v "^#" `
  203. if [ "$job" != "" ]
  204. then
  205. echo "Note: there is still a cron job for ufdbUpdate." >&2
  206. fi
  207. exit 0
  208. # %config
  209. # /etc/sysconfig/ufdbguard
  210. # /etc/ufdbguard/ufdbGuard.conf
  211. %files
  212. %defattr(-,root,root,-)
  213. /etc/init.d/ufdb
  214. %config(noreplace) %attr(-,ufdb,ufdb) /etc/sysconfig/ufdbguard
  215. %config(noreplace) %attr(-,ufdb,ufdb) /etc/ufdbguard/ufdbGuard.conf
  216. /var/ufdbguard/images/default.flv
  217. /var/ufdbguard/images/default.mp3
  218. /var/ufdbguard/images/default.mpeg
  219. /var/ufdbguard/images/default.wmv
  220. /var/ufdbguard/images/forbidden-normal-de.png
  221. /var/ufdbguard/images/forbidden-normal-en.png
  222. /var/ufdbguard/images/forbidden-normal-es.png
  223. /var/ufdbguard/images/forbidden-normal-fr.png
  224. /var/ufdbguard/images/forbidden-normal-it.png
  225. /var/ufdbguard/images/forbidden-normal-nl.png
  226. /var/ufdbguard/images/forbidden-normal-pl.png
  227. /var/ufdbguard/images/forbidden-normal-pt.png
  228. /var/ufdbguard/images/forbidden-normal-sv.png
  229. /var/ufdbguard/images/forbidden-normal-tr.png
  230. /var/ufdbguard/images/no-ads.png
  231. /var/ufdbguard/images/smallcross.png
  232. /var/ufdbguard/images/square.png
  233. /var/ufdbguard/images/transparent.png
  234. /var/ufdbguard/samples/execdomainlist.sh
  235. /var/ufdbguard/samples/execuserlist.sh
  236. /var/ufdbguard/samples/URLblocked.cgi
  237. /usr/sbin/ufdb-pstack
  238. /usr/sbin/ufdbAnalyse
  239. /usr/sbin/ufdbConvertDB
  240. /usr/sbin/ufdbGenTable
  241. /usr/sbin/ufdbUpdate
  242. /usr/sbin/ufdbDLstatus
  243. /usr/sbin/ufdb_analyse_urls
  244. /usr/sbin/ufdb_analyse_users
  245. /usr/sbin/ufdb_top_urls
  246. /usr/sbin/ufdb_top_users
  247. /usr/sbin/ufdbgclient
  248. /usr/sbin/ufdbguardd
  249. /usr/sbin/ufdbhttpd
  250. %attr(4755,root,root) /usr/sbin/ufdbsignal
  251. /usr/share/man/man1/ufdb_analyse_urls.1
  252. /usr/share/man/man1/ufdb_analyse_users.1
  253. /usr/share/man/man1/ufdb_top_urls.1
  254. /usr/share/man/man1/ufdb_top_users.1
  255. /usr/share/man/man1/ufdbAnalyse.1
  256. /usr/share/man/man8/ufdbgclient.8
  257. /usr/share/man/man8/ufdbguardd.8
  258. /usr/share/man/man8/ufdbhttpd.8
  259. /usr/share/man/man8/ufdbupdate.8
  260. %dir %attr(-,ufdb,ufdb) /var/ufdbguard/blacklists
  261. %dir %attr(-,ufdb,ufdb) /var/ufdbguard/blacklists/security
  262. # The cacerts get updated by ufdbUpdate:
  263. %verify(not md5 size mtime) %attr(644,ufdb,ufdb) /var/ufdbguard/blacklists/security/cacerts
  264. # log files go to /var/ufdbguard/logs
  265. %dir %attr(-,ufdb,ufdb) /var/ufdbguard/logs
  266. # pid files go to /var/run/ufdbguard
  267. %dir %attr(755,ufdb,ufdb) /var/run/ufdbguard
  268. %doc README CHANGELOG
  269. # TODO
  270. %changelog
  271. * Wed May 15 2019 Daniel Berteaud <daniel@firewall-services.com> 1.34.3-1
  272. - Update to 1.34.3 (daniel@firewall-services.com)
  273. * Wed Mar 06 2019 Daniel Berteaud <daniel@firewall-services.com> 1.34.2-1
  274. - Update to 1.34.2 (daniel@firewall-services.com)
  275. * Mon Feb 11 2019 Daniel Berteaud <daniel@firewall-services.com> 1.34.1-1
  276. - Update to 1.34.1 (daniel@firewall-services.com)
  277. * Tue Nov 27 2018 Daniel Berteaud <daniel@firewall-services.com> 1.33.8-2
  278. - Update to 1.33.8 (daniel@firewall-services.com)
  279. - Update tito config to use GitLfsBuilder (daniel@firewall-services.com)
  280. - Track sources with git lfs (daniel@firewall-services.com)
  281. * Tue Aug 21 2018 Daniel Berteaud <daniel@firewall-services.com> 1.33.7-1
  282. - Update to 1.33.7
  283. * Mon Jul 23 2018 Daniel Berteaud <daniel@firewall-services.com> 1.33.6-1
  284. - git-annex in
  285. dani@germaine.lapiole.org:~/big/e-smith/files/users/dani/src/ufdbGuard
  286. (daniel@firewall-services.com)
  287. * Mon Jul 23 2018 Daniel Berteaud <daniel@firewall-services.com> 1.33.6-1
  288. - Update to 1.33.6
  289. * Fri May 25 2018 Daniel Berteaud <daniel@firewall-services.com> 1.33.6rc2-0.beta1
  290. - Update to 1.33.6rc2
  291. * Thu May 24 2018 Daniel Berteaud <daniel@firewall-services.com> 1.33.6rc1-0.beta1
  292. - update to 1.33.6rc1
  293. * Wed May 09 2018 Daniel Berteaud <daniel@firewall-services.com> 1.33.5-1
  294. - git-annex in
  295. dani@germaine.lapiole.org:~/big/e-smith/files/users/dani/src/ufdbGuard
  296. (daniel@firewall-services.com)
  297. * Thu Apr 19 2018 Marcus Kool <marcus-dot-kool@urlfilterdb.com> - 1.33.5
  298. Fix: ufdbguardd may crash during a database refresh
  299. Fix: empty pass statements in acls may cause a crash.
  300. Fix: SSH tunnels were detected but access was not blocked
  301. Fix: sometimes the SSL/TLS certificate was not checked to be signed by a CA
  302. Fix: skip acls with "pass any" if the source has the continue flag set
  303. * Thu Sep 21 2017 Marcus Kool <marcus-dot-kool@urlfilterdb.com> - 1.33.4
  304. Fix: URLs with very long domainnames may cause a crash if the URL is not in the URL database
  305. Fix: ufdbguardd did not obey 'continue' inside a source
  306. Fix: the logfile did not not contain "PASS URL" for all allowed URLs
  307. Fix: suppress another warning by ufdbGenTable if the -q option is used
  308. Fix: execuserlist with large arguments cannot be cached
  309. Fix: ufdbguardd sometimes does not use the correct source for its decision
  310. Fix: in-addr also matched URLs without an IP address
  311. Configuration: the option squid-uses-active-bumping was missing in the default configuration file
  312. * Tue Jun 6 2017 Marcus Kool <marcus-dot-kool@urlfilterdb.com> - 1.33.3
  313. Fix: ufdbgclient truncates Squid request lines to 8K which means that very long URLs cannot be filtered
  314. Fix: ufdbGenTable erroneously warned about URLs inside a comment
  315. Fix: make ufdbGuard compile on FreeBSD
  316. Fix: when evaluate-and IPv4/6 is used in a source definition, the source may not matched
  317. Fix: ufdbguardd did not accept the IPv6 address '::'
  318. Enhancement: several warnings for IPv4 and IPv6 addresses inside a source were implemented
  319. * Tue May 23 2017 Marcus Kool <marcus-dot-kool@urlfilterdb.com> - 1.33.2
  320. Fix: ufdbguardd may incorrectly abort with a fatal error cannot-get-rwlock-for-database-refresh-after-many-attempts
  321. Fix: safesearch did not work in 2 out of 3 cases
  322. Fix: ufdbguard did not compile on FreeBSD.
  323. Fix: crash due to stack overwrite in uploadStatistics/logStatistics
  324. Documentation: added use-ipv6-on-wan option to Reference Manual
  325. * Wed Mar 15 2017 Marcus Kool <marcus-dot-kool@urlfilterdb.com> - 1.33.1
  326. Enhancement: IPv6 support for sources with new keywords ipv6 and ipv6list
  327. Enhancement: detect certificates of ucweb.com and uc.cn of the ucweb browser that circumvents URL filters
  328. Enhancement: ufdbgclient has new -m parameter to use multithreading and improve performance
  329. Enhancement: make ufdbguardd.pid world-readable
  330. Enhancement: allow UTF8 characters in URLs
  331. Enhancement: new keyword ufdb-log-url-details controls if URLs in the log file have parameters or not
  332. Fix: on the ARM platform generated URL tables were corrupt
  333. Fix: implicitly allowed URLs were logged with category "any" instead of the correct category ID
  334. Fix: prevent false positives with Tor proxy detection on port 443
  335. Fix: failed probes for <IP>:443 were not properly cached and resulted in too many probes for IP
  336. Fix: when reverse IP lookups are used, the URL category was not logged correctly (was logged as "any")
  337. Fix: ufdbGenTable uses less memory
  338. Fix: the feature "block-bumped-connect on" never blocked a CONNECT request