Hello community,
here is the log from the commit of package varnish for openSUSE:Factory
checked in at Wed Jun 29 14:26:51 CEST 2011.
--------
--- varnish/varnish.changes 2010-08-17 11:31:58.000000000 +0200
+++ varnish/varnish.changes 2011-04-09 13:09:25.000000000 +0200
@@ -1,0 +2,15 @@
+Sun Apr 3 23:38:24 UTC 2011 - jeng...@medozas.de
+
+- Fix security-problematic ownership of /etc/varnish files
+- Run spec-beautifier over it
+- Replace default shipped vcl.conf by something working
+- Run as varnish user
+- Start varnishlog together with varnishd
+- Properly use PID files in init script
+
+-------------------------------------------------------------------
+Sat Oct 9 04:31:06 UTC 2010 - jeng...@medozas.de
+
+- Create and package /var/log/varnish
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
upstream-config.tar.bz2
New:
----
varnish.logrotate
vcl.conf
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ varnish.spec ++++++
--- /var/tmp/diff_new_pack.JoWJM3/_old 2011-06-29 14:23:21.000000000 +0200
+++ /var/tmp/diff_new_pack.JoWJM3/_new 2011-06-29 14:23:21.000000000 +0200
@@ -1,7 +1,7 @@
#
-# spec file for package varnish (Version 2.1.3)
+# spec file for package varnish
#
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -20,29 +20,28 @@
Name: varnish
Version: 2.1.3
-Release: 1
+Release: 5
#
License: BSD
Group: Productivity/Networking/Web/Proxy
#
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: libxslt ncurses-devel pcre-devel pkg-config
-Prereq(post): /usr/sbin/useradd /usr/sbin/groupadd
+Prereq(post): %_sbindir/useradd %_sbindir/groupadd
%if 0%{?suse_version}
Recommends: logrotate
%endif
-%define _bindir %{_sbindir}
-%define pkg_home %{_var}/lib/%{name}
-%define pkg_logdir %{_var}/log/%{name}
-%define pkg_cachedir %{_var}/cache/%{name}
-%define pkg_name %{name}
+%define pkg_home %_localstatedir/lib/%name
+%define pkg_logdir %_localstatedir/log/%name
+%define pkg_cachedir %_localstatedir/cache/%name
#
Url: http://www.varnish-cache.org/
-Source0:
http://downloads.sourceforge.net/varnish/varnish-%{version}.tar.gz
-# http://downloads.sourceforge.net/varnish/varnish-%{version}.tar.bz2
-Source1: upstream-config.tar.bz2
+Source0:
http://downloads.sourceforge.net/varnish/varnish-%version.tar.gz
+# http://downloads.sourceforge.net/varnish/varnish-%version.tar.bz2
Source2: varnish.init
Source3: varnish.sysconfig
+Source4: vcl.conf
+Source5: varnish.logrotate
#
Summary: Varnish is a high-performance HTTP accelerator
@@ -63,13 +62,14 @@
%define library_name libvarnish1
-%package -n %{library_name}
+%package -n %library_name
+
Group: Productivity/Networking/Web/Proxy
#
Summary: Shared libraries for Varnish
-%description -n %{library_name}
+%description -n %library_name
Varnish is an HTTP accelerator. An HTTP accelerator (often called Reverse
Proxy) is an application that stores (caches) documents that have been
requested over the HTTP protocol.
@@ -89,9 +89,10 @@
%package devel
-License: BSD
+
+
Group: Development/Libraries/C and C++
-Requires: %{name} = %{version}
+Requires: %name = %version
#
Summary: Development files for Varnish
@@ -115,91 +116,82 @@
%prep
-%setup -qa1
-#sed -e ' s/8080/80/g ' etc/vcl.conf > redhat/vcl.conf
+%setup -q
%build
%if 0%{?suse_version} > 1000
-export CFLAGS="%{optflags} -fstack-protector"
+export CFLAGS="%optflags -fstack-protector"
%endif
-%configure --disable-static --localstatedir=%{_var}/cache/ \
+%configure --disable-static --localstatedir=%_localstatedir/cache/ \
--enable-debugging-symbols \
--enable-developer-warnings
-%{__make}
+make %{?_smp_mflags}
%install
%makeinstall
-find %{buildroot} -ls
+find %buildroot -ls
+# There is no use for them to normal users
+mv %buildroot/%_bindir/* %buildroot/%_sbindir/
#
# remove unneeded files
# libvarnish.la has -lrt as dependency lib
-#%{__rm} -fv %{buildroot}%{_libdir}/*.la
+#rm -fv %buildroot%_libdir/*.la
#
##missing directories
-%{__install} -d -m 0755 %{buildroot}{%{pkg_logdir},%{pkg_home}}
-%{__install} -D -m 0644 redhat/varnish.logrotate
%{buildroot}/etc/logrotate.d/varnish
-%if 0%{?suse_version}
-#
-##init scripts
-%{__install} -D -m 0644 %{S:3}
%{buildroot}/var/adm/fillup-templates/sysconfig.%{name}
-%{__install} -D -m 0755 %{S:2} %{buildroot}%{_sysconfdir}/init.d/%{name}
-%{__ln_s} -f %{_sysconfdir}/init.d/%{name} %{buildroot}%{_sbindir}/rc%{name}
-#
-##config files
-%{__install} -D -m 0644 etc/vcl.conf
%{buildroot}%{_sysconfdir}/%{name}/vcl.conf
-%{__install} -D -m 0644 etc/vcl.conf
%{buildroot}%{_sysconfdir}/%{name}/vcl.conf.example
-%else
+install -d -m 0755 %buildroot{%pkg_logdir,%pkg_home}
+install -D -m 0644 %{S:5} %buildroot%_sysconfdir/logrotate.d/varnish
#
##init scripts
-%{__install} -D -m 0644 redhat/varnish.sysconfig
%{buildroot}%{_sysconfdir}/sysconfig/%{name}
-%{__install} -D -m 0755 redhat/varnish.initrc
%{buildroot}%{_sysconfdir}/init.d/%{name}
+install -D -m 0644 %{S:3} %buildroot/var/adm/fillup-templates/sysconfig.%name
+install -D -m 0755 %{S:2} %buildroot%_sysconfdir/init.d/%name
+ln -s -f %_sysconfdir/init.d/%name %buildroot%_sbindir/rc%name
#
##config files
-%{__install} -D -m 0644 redhat/vcl.conf
%{buildroot}%{_sysconfdir}/%{name}/vcl.conf
-%{__install} -D -m 0644 redhat/vcl.conf
%{buildroot}%{_sysconfdir}/%{name}/vcl.conf.example
-%endif
+install -D -m 0644 %{S:4} %buildroot%_sysconfdir/%name/vcl.conf
+install -D -m 0644 %{S:4} %buildroot%_sysconfdir/%name/vcl.conf.example
find "%buildroot" -type f -name "*.la" -delete
-
-%clean
-%{__rm} -rf %{buildroot}
+mkdir -p "%buildroot/%_localstatedir/log/varnish"
%pre
-/usr/sbin/groupadd -r %{pkg_name} 2>/dev/null || :
-/usr/sbin/useradd -g %{pkg_name} -s /bin/false -r -c "user for %{pkg_name}" -d
%{pkg_home} %{pkg_name} 2>/dev/null || :
+%_bindir/getent group varnish >/dev/null || \
+ %_sbindir/groupadd -r varnish || :
+%_bindir/getent passwd varnish >/dev/null || \
+ %_sbindir/useradd -g varnish -s /bin/false -r -c "user for Varnish" \
+ -d %pkg_home varnish || :
%if 0%{?suse_version}
%post
-%fillup_and_insserv %{pkg_name}
+%fillup_and_insserv %name
%preun
-%stop_on_removal %{pkg_name}
+%stop_on_removal %name
%postun
-%restart_on_update %{pkg_name}
-%{insserv_cleanup}
+%restart_on_update %name
+%insserv_cleanup
%else
# how to do the same for RH/mandriva?
%endif
-%post -n %{library_name} -p /sbin/ldconfig
+%post -n %library_name -p /sbin/ldconfig
-%postun -n %{library_name} -p /sbin/ldconfig
+%postun -n %library_name -p /sbin/ldconfig
%files
%defattr(-,root,root,-)
%if 0%{?suse_version}
-%{_sbindir}/rc%{name}
-/var/adm/fillup-templates/sysconfig.%{name}
+%_sbindir/rc%name
+/var/adm/fillup-templates/sysconfig.%name
%else
-%config(noreplace) %{_sysconfdir}/sysconfig/%{name}
+%config(noreplace) %_sysconfdir/sysconfig/%name
%endif
-%config(noreplace) %{_sysconfdir}/init.d/%{name}
+%config(noreplace) %_sysconfdir/init.d/%name
#
-%dir %attr(750,%{pkg_name},%{pkg_name}) %{_sysconfdir}/%{name}/
-%config(noreplace) %attr(640,%{pkg_name},%{pkg_name})
%{_sysconfdir}/%{name}/vcl.conf
-%config %attr(640,%{pkg_name},%{pkg_name})
%{_sysconfdir}/%{name}/vcl.conf.example
-%config(noreplace) %attr(640,%{pkg_name},%{pkg_name})
%{_sysconfdir}/%{name}/default.vcl
+%dir %attr(750,root,varnish) %_sysconfdir/%name/
+%config(noreplace) %attr(640,root,varnish) %_sysconfdir/%name/vcl.conf
+%config %attr(640,root,varnish) %_sysconfdir/%name/vcl.conf.example
+%config(noreplace) %attr(640,root,varnish) %_sysconfdir/%name/default.vcl
#
%_sbindir/*
%doc %_mandir/*/*
@@ -207,18 +199,19 @@
%if ! 0%{?suse_version}
%doc redhat/README.redhat
%endif
-%dir %attr(750,%{pkg_name},%{pkg_name}) %{pkg_home}
-%dir %attr(750,%{pkg_name},%{pkg_name}) %{pkg_cachedir}
-%config(noreplace) /etc/logrotate.d/varnish
+%dir %attr(750,varnish,varnish) %pkg_home
+%dir %attr(750,varnish,varnish) %pkg_cachedir
+%config(noreplace) %_sysconfdir/logrotate.d/varnish
+%dir %attr(750,varnish,varnish) %_localstatedir/log/varnish
-%files -n %{library_name}
+%files -n %library_name
%defattr(-,root,root,-)
%_libdir/*.so.*
%files devel
%defattr(-,root,root,-)
-%{_includedir}/varnish/
-%{_libdir}/pkgconfig/*
-%{_libdir}/*.so
+%_includedir/varnish/
+%_libdir/pkgconfig/*
+%_libdir/*.so
%changelog
++++++ varnish.init ++++++
--- /var/tmp/diff_new_pack.JoWJM3/_old 2011-06-29 14:23:21.000000000 +0200
+++ /var/tmp/diff_new_pack.JoWJM3/_new 2011-06-29 14:23:21.000000000 +0200
@@ -1,16 +1,5 @@
#!/bin/sh
#
-# /etc/init.d/varnish
-# and its symbolic link
-# /(usr/)sbin/rcvarnish
-#
-# Note: This template uses functions rc_XXX defined in /etc/rc.status on
-# UnitedLinux/SUSE/Novell based Linux distributions. If you want to base your
-# script on this template and ensure that it works on non UL based LSB
-# compliant Linux distributions, you either have to provide the rc.status
-# functions from UL or change the script to work without them.
-# See skeleton.compat for a template that works with other distros as well.
-#
### BEGIN INIT INFO
# Provides: varnish
# Required-Start: $syslog $remote_fs
@@ -22,73 +11,6 @@
# Short-Description: varnish HTTP accelerator
# Description: varnish HTTP accelerator
### END INIT INFO
-#
-# Any extensions to the keywords given above should be preceeded by
-# X-VendorTag- (X-UnitedLinux- X-SuSE- for us) according to LSB.
-#
-# Notes on Required-Start/Should-Start:
-# * There are two different issues that are solved by Required-Start
-# and Should-Start
-# (a) Hard dependencies: This is used by the runlevel editor to determine
-# which services absolutely need to be started to make the start of
-# this service make sense. Example: nfsserver should have
-# Required-Start: $portmap
-# Also, required services are started before the dependent ones.
-# The runlevel editor will warn about such missing hard dependencies
-# and suggest enabling. During system startup, you may expect an error,
-# if the dependency is not fulfilled.
-# (b) Specifying the init script ordering, not real (hard) dependencies.
-# This is needed by insserv to determine which service should be
-# started first (and at a later stage what services can be started
-# in parallel). The tag Should-Start: is used for this.
-# It tells, that if a service is available, it should be started
-# before. If not, never mind.
-# * When specifying hard dependencies or ordering requirements, you can
-# use names of services (contents of their Provides: section)
-# or pseudo names starting with a $. The following ones are available
-# according to LSB (1.1):
-# $local_fs all local file systems are mounted
-# (most services should need this!)
-# $remote_fs all remote file systems are mounted
-# (note that /usr may be remote, so
-# many services should Require this!)
-# $syslog system logging facility up
-# $network low level networking (eth card, ...)
-# $named hostname resolution available
-# $netdaemons all network daemons are running
-# The $netdaemons pseudo service has been removed in LSB 1.2.
-# For now, we still offer it for backward compatibility.
-# These are new (LSB 1.2):
-# $time the system time has been set correctly
-# $portmap SunRPC portmapping service available
-# UnitedLinux extensions:
-# $ALL indicates that a script should be inserted
-# at the end
-# * The services specified in the stop tags
-# (Required-Stop/Should-Stop)
-# specify which services need to be still running when this service
-# is shut down. Often the entries there are just copies or a subset
-# from the respective start tag.
-# * Should-Start/Stop are now part of LSB as of 2.0,
-# formerly SUSE/Unitedlinux used X-UnitedLinux-Should-Start/-Stop.
-# insserv does support both variants.
-# * X-UnitedLinux-Default-Enabled: yes/no is used at installation time
-# (%fillup_and_insserv macro in %post of many RPMs) to specify whether
-# a startup script should default to be enabled after installation.
-# It's not used by insserv.
-#
-# Note on runlevels:
-# 0 - halt/poweroff 6 - reboot
-# 1 - single user 2 - multiuser without network exported
-# 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm)
-#
-# Note on script names:
-# http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html
-# A registry has been set up to manage the init script namespace.
-# http://www.lanana.org/
-# Please use the names already registered or register one or use a
-# vendor prefix.
-
# Check for missing binaries (stale symlinks should not happen)
# Note: Special treatment of stop for LSB conformance
@@ -103,6 +25,11 @@
if [ "$1" = "stop" ]; then exit 0;
else exit 6; fi; }
+VARNISHD_BIN="$VARNISH_BIN"
+VARNISHD_PID=/var/run/varnishd.pid
+VARNISHLOG_BIN=/usr/sbin/varnishncsa
+VARNISHLOG_PID=/var/run/varnishlog.pid
+
# Read config
. $VARNISH_CONFIG
@@ -152,20 +79,25 @@
echo -n "Starting varnish "
## Start daemon with startproc(8). If this fails
## the return value is set appropriately by startproc.
- /sbin/startproc $VARNISH_BIN ${VARNISHD_PARAMS:--f
/etc/varnish/vcl.conf -T127.0.0.1:6082 -s file,/var/cache/varnish}
+ /sbin/startproc "$VARNISHD_BIN" -P "$VARNISHD_PID"
${VARNISHD_PARAMS:--f /etc/varnish/vcl.conf -T:6082 -s
file,/var/cache/varnish,524288 -u varnish}
# Remember status and be verbose
rc_status -v
+ echo -n "Starting varnishlog "
+ /sbin/startproc "$VARNISHLOG_BIN" -P "$VARNISHLOG_PID"
${VARNISHLOG_PARAMS:--a -w /var/log/varnish/varnish.log}
+ rc_status -v
;;
stop)
echo -n "Shutting down varnish "
## Stop daemon with killproc(8) and if this fails
## killproc sets the return value according to LSB.
- /sbin/killproc -TERM $VARNISH_BIN
+ /sbin/killproc -p "$VARNISHD_PID" "$VARNISHD_BIN"
# Remember status and be verbose
rc_status -v
+ echo -n "Shutting down varnishlog "
+ /sbin/killproc -p "$VARNISHLOG_PID" "$VARNISHLOG_BIN"
;;
try-restart|condrestart)
## Do a restart only if the service was active before.
@@ -214,9 +146,11 @@
# If it supports signaling:
echo -n "Reload service varnish "
- /sbin/killproc -HUP $VARNISH_BIN
+ /sbin/killproc -p "$VARNISHD_PID" -HUP "$VARNISHD_BIN"
#touch /var/run/varnish.pid
rc_status -v
+ echo -n "Reload service varnishlog "
+ /sbin/killproc -p "$VARNISHLOG_PID" -HUP "$VARNISHLOG_BIN"
## Otherwise if it does not support reload:
#rc_failed 3
@@ -236,17 +170,22 @@
# 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
# NOTE: checkproc returns LSB compliant status values.
- /sbin/checkproc $VARNISH_BIN
+ /sbin/checkproc -p "$VARNISHD_PID" "$VARNISHD_BIN"
# NOTE: rc_status knows that we called this init script with
# "status" option and adapts its messages accordingly.
rc_status -v
+ echo -n "Checking for service varnishlog "
+ /sbin/checkproc -p "$VARNISHLOG_PID" "$VARNISHLOG_BIN"
+ rc_status -v
;;
probe)
## Optional: Probe for the necessity of a reload, print out the
## argument to this init script which is required for a reload.
## Note: probe is not (yet) part of LSB (as of 1.9)
- test /etc/sysconfig/varnish -nt /var/run/varnish.pid && test -f
/etc/varnish/default.vcl.net -nt /var/run/varnish.pid && echo reload
+ test /etc/sysconfig/varnish -nt "$VARNISHD_PID" && \
+ test -f /etc/varnish/default.vcl.net -nt "$VARNISHD_PID" && \
+ echo reload
;;
*)
echo "Usage: $0
{start|stop|status|try-restart|restart|force-reload|reload|probe}"
++++++ varnish.logrotate ++++++
/var/log/varnish/*.log {
missingok
notifempty
sharedscripts
delaycompress
postrotate
/etc/init.d/varnish reload
endscript
}
++++++ varnish.sysconfig ++++++
--- /var/tmp/diff_new_pack.JoWJM3/_old 2011-06-29 14:23:21.000000000 +0200
+++ /var/tmp/diff_new_pack.JoWJM3/_new 2011-06-29 14:23:21.000000000 +0200
@@ -10,4 +10,16 @@
#
# You might want to keep "/var/cache/varnish" when using the file backend.
#
-VARNISHD_PARAMS="-f /etc/varnish/vcl.conf -T127.0.0.1:6082 -s
file,/var/cache/varnish,524288"
+VARNISHD_PARAMS="-f /etc/varnish/vcl.conf -T:6082 -s
file,/var/cache/varnish,524288 -u varnish"
+
+## Path: Network/WWW/Varnishd
+## Description: Start parameters for varnishlog
+## Type: string
+## Default: "-a -w /var/log/varnish.log"
+## Config: varnishd
+#
+# start parameters for varnishlog/varnishncsa
+#
+# see man 1 varnishlog for more
+#
+VARNISHLOG_PARAMS="-a -w /var/log/varnish/varnish.log"
++++++ vcl.conf ++++++
#
# This is a basic VCL configuration file for varnish. See the vcl(7)
# man page for details on VCL syntax and semantics.
#
# $Id: vcl.conf 1200 2006-10-19 09:21:42Z des $
#
backend default {
.host = "127.0.0.1";
.port = "8080";
}
sub vcl_recv {
# pass mode can't handle POST (yet)
if (req.request == "POST") {
return(pipe);
}
# don't bother caching large files
if(req.url ~ "\.(pdf|mp3|flv|mov|mp4|mpg|mpeg|avi|dmg)") {
return(pipe);
}
# force lookup even when cookies are present
if (req.request == "GET" && req.http.cookie) {
return(lookup);
}
}
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
