[squidGuard] Migrate to systemd. Messily.
Jon Ciesla
limb at fedoraproject.org
Tue Apr 17 14:38:53 UTC 2012
commit c509dba40a6dfdbe6dc76ad08c5ae74ce7eb224a
Author: Jon Ciesla <limburgher at gmail.com>
Date: Tue Apr 17 09:38:42 2012 -0500
Migrate to systemd. Messily.
squidGuard-helper | 152 ++++++++++++++++++++++++++++++++++++++++++
squidGuard.service | 12 +++
squidGuard.spec | 95 ++++++++++++++++++++------
transparent-proxying-helper | 67 ++++++++++++++++++
transparent-proxying.service | 12 +++
5 files changed, 316 insertions(+), 22 deletions(-)
---
diff --git a/squidGuard-helper b/squidGuard-helper
new file mode 100755
index 0000000..6c9d8bb
--- /dev/null
+++ b/squidGuard-helper
@@ -0,0 +1,152 @@
+#!/bin/bash
+
+PATH=/usr/bin:/sbin:/bin:/usr/sbin
+export PATH
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+# Source networking configuration.
+. /etc/sysconfig/network
+
+# Check that networking is up.
+[ ${NETWORKING} = "no" ] && exit 0
+
+# check if the squid-squidGuard.conf file is present
+[ -f /etc/squid/squid-squidGuard.conf ] || exit 0
+
+if [ -f /etc/sysconfig/squid ]; then
+ . /etc/sysconfig/squid
+fi
+
+# don't raise an error if the config file is incomplete
+# set defaults instead:
+SQUID_OPTS=${SQUID_OPTS:-"-D"}
+SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20}
+SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}
+
+# determine the name of the squid binary
+[ -f /usr/sbin/squid ] && SQUID=squid
+[ -z "$SQUID" ] && exit 0
+
+prog="$SQUID"
+
+# determine which one is the cache_swap directory
+CACHE_SWAP=`sed -e 's/#.*//g' /etc/squid/squid-squidGuard.conf | \
+ grep cache_dir | awk '{ print $3 }'`
+[ -z "$CACHE_SWAP" ] && CACHE_SWAP=/var/spool/squid
+
+RETVAL=0
+
+start() {
+ for adir in $CACHE_SWAP; do
+ if [ ! -d $adir/00 ]; then
+ echo -n "init_cache_dir $adir... "
+ $SQUID -f /etc/squid/squid-squidGuard.conf -z -F -D 2>/dev/null
+ fi
+ done
+ echo -n $"Starting $prog: "
+ $SQUID $SQUID_OPTS -f /etc/squid/squid-squidGuard.conf 2> /dev/null
+ RETVAL=$?
+ if [ $RETVAL -eq 0 ]; then
+ timeout=0;
+ while : ; do
+ [ ! -f /var/run/squid.pid ] || break
+ if [ $timeout -ge $SQUID_PIDFILE_TIMEOUT ]; then
+ RETVAL=1
+ break
+ fi
+ sleep 1 && echo -n "."
+ timeout=$((timeout+1))
+ done
+ fi
+ [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$SQUID
+ [ $RETVAL -eq 0 ] && echo_success
+ [ $RETVAL -ne 0 ] && echo_failure
+ echo
+ return $RETVAL
+}
+
+stop() {
+ echo -n $"Stopping $prog: "
+ $SQUID -k check -f /etc/squid/squid-squidGuard.conf >/dev/null 2>&1
+ RETVAL=$?
+ if [ $RETVAL -eq 0 ] ; then
+ $SQUID -k shutdown -f /etc/squid/squid-squidGuard.conf &
+ rm -f /var/lock/subsys/$SQUID
+ timeout=0
+ while : ; do
+ [ -f /var/run/squid.pid ] || break
+ if [ $timeout -ge $SQUID_SHUTDOWN_TIMEOUT ]; then
+ echo
+ return 1
+ fi
+ sleep 2 && echo -n "."
+ timeout=$((timeout+2))
+ done
+ echo_success
+ echo
+ else
+ echo_failure
+ echo
+ fi
+ return $RETVAL
+}
+
+reload() {
+ $SQUID $SQUID_OPTS -k reconfigure -f /etc/squid/squid-squidGuard.conf
+}
+
+restart() {
+ stop
+ start
+}
+
+condrestart() {
+ [ -e /var/lock/subsys/squid ] && restart || :
+}
+
+rhstatus() {
+ status $SQUID
+ $SQUID -k check -f /etc/squid/squid-squidGuard.conf
+}
+
+probe() {
+ return 0
+}
+
+case "$1" in
+start)
+ start
+ ;;
+
+stop)
+ stop
+ ;;
+
+#reload)
+# reload
+# ;;
+#
+#restart)
+# restart
+# ;;
+#
+#condrestart)
+# condrestart
+# ;;
+#
+#status)
+# rhstatus
+# ;;
+#
+#probe)
+# exit 0
+# ;;
+
+*)
+# echo $"Usage: $0 {start|stop|status|reload|restart|condrestart}"
+ exit 1
+esac
+
+exit $?
diff --git a/squidGuard.service b/squidGuard.service
new file mode 100644
index 0000000..a269799
--- /dev/null
+++ b/squidGuard.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Squid Internet Object Cache and squidGuard web filter
+After=syslog.target squid.service
+
+[Service]
+Type=forking
+PrivateTmp=True
+ExecStart=/usr/bin/squidGuard-helper start
+ExecStop==/usr/bin/squidGuard-helper stop
+
+[Install]
+WantedBy=multi-user.target
diff --git a/squidGuard.spec b/squidGuard.spec
index 0a0d11a..22cbb37 100644
--- a/squidGuard.spec
+++ b/squidGuard.spec
@@ -8,7 +8,7 @@
Name: squidGuard
Version: 1.4
-Release: 12%{?dist}
+Release: 13%{?dist}
Summary: Filter, redirector and access controller plugin for squid
Group: System Environment/Daemons
@@ -22,8 +22,12 @@ Source3: http://cuda.port-aransas.k12.tx.us/squid-getlist.html
# K12LTSP stuff
Source100: squidGuard.conf
Source101: update_squidguard_blacklists
-Source102: squidguard
-Source103: transparent-proxying
+#Source102: squidguard
+#Source103: transparent-proxying
+Source104: squidGuard.service
+Source105: transparent-proxying.service
+Source106: squidGuard-helper
+Source107: transparent-proxying-helper
# SELinux (taken from K12LTSP package)
#Source200: squidGuard.te
@@ -45,7 +49,10 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: bison, byacc, openldap-devel, flex, libdb-devel
Requires: squid
#Requires(post): %{_bindir}/chcon
-Requires(post): /sbin/chkconfig
+#Requires(post): /sbin/chkconfig
+Requires(post): systemd-units
+Requires(preun): systemd-units
+Requires(postun): systemd-units
%description
squidGuard can be used to
@@ -125,8 +132,14 @@ popd
%{__install} contrib/hostbyname/hostbyname $RPM_BUILD_ROOT%{_bindir}
%{__install} contrib/sgclean/sgclean $RPM_BUILD_ROOT%{_bindir}
-%{__install} -p -D -m 0755 %{SOURCE102} $RPM_BUILD_ROOT%{_initrddir}/squidGuard
-%{__install} -p -D -m 0755 %{SOURCE103} $RPM_BUILD_ROOT%{_initrddir}/transparent-proxying
+#%{__install} -p -D -m 0755 %{SOURCE102} $RPM_BUILD_ROOT%{_initrddir}/squidGuard
+#%{__install} -p -D -m 0755 %{SOURCE103} $RPM_BUILD_ROOT%{_initrddir}/transparent-proxying
+
+%{__install} -p -D -m 0644 %{SOURCE104} $RPM_BUILD_ROOT%{_unitdir}/squidGuard.service
+%{__install} -p -D -m 0644 %{SOURCE105} $RPM_BUILD_ROOT%{_unitdir}/transparent-proxying.service
+
+%{__install} -p -D -m 0744 %{SOURCE106} $RPM_BUILD_ROOT%{_bindir}/squidGuard-helper
+%{__install} -p -D -m 0744 %{SOURCE107} $RPM_BUILD_ROOT%{_bindir}/transparent-proxying-helper
#pushd $RPM_BUILD_ROOT%{_dbhomedir}
tar xfz $RPM_BUILD_ROOT%{_dbtopdir}/blacklists.tar.gz
@@ -148,18 +161,23 @@ ln -s ../squidGuard/squidGuard.log $RPM_BUILD_ROOT%{_localstatedir}/log/squid/s
#%{_bindir}/chcon -R system_u:object_r:squid_cache_t /var/squidGuard >/dev/null 2>&1
#%{_bindir}/chcon -R system_u:object_r:squid_log_t /var/log/squidGuard >/dev/null 2>&1
-# do we need a new config file?
-if [ -s %{_sysconfdir}/squid/squidGuard.conf ]; then
- CONFFILE="%{_sysconfdir}/squid/squidGuard.conf.rpmnew"
- echo "/etc/squid/squidGuard.conf created as /etc/squid/squidGuard.conf.rpmnew"
-else
- CONFFILE="/etc/squid/squidGuard.conf"
+## do we need a new config file?
+#if [ -s %{_sysconfdir}/squid/squidGuard.conf ]; then
+# CONFFILE="%{_sysconfdir}/squid/squidGuard.conf.rpmnew"
+# echo "/etc/squid/squidGuard.conf created as /etc/squid/squidGuard.conf.rpmnew"
+#else
+# CONFFILE="/etc/squid/squidGuard.conf"
+#fi
+#cat %{_docdir}/%{name}-%{version}/squidGuard.conf.k12ltsp.template | \
+# sed s/SERVERNAME/$HOSTNAME/g > $CONFFILE
+
+#/sbin/chkconfig --add squidGuard
+#/sbin/chkconfig --add transparent-proxying
+if [ $1 -eq 1 ] ; then
+ # Initial installation
+ /bin/systemctl daemon-reload >/dev/null 2>&1 || :
fi
-cat %{_docdir}/%{name}-%{version}/squidGuard.conf.k12ltsp.template | \
- sed s/SERVERNAME/$HOSTNAME/g > $CONFFILE
-/sbin/chkconfig --add squidGuard
-/sbin/chkconfig --add transparent-proxying
# reload SELinux policies
#echo "Loading new SELinux policy"
@@ -170,12 +188,41 @@ cat %{_docdir}/%{name}-%{version}/squidGuard.conf.k12ltsp.template | \
#### End of %post
%preun
-if [ $1 = 0 ] ; then
- service squidGuard stop >/dev/null 2>&1
- /sbin/chkconfig --del squidGuard
- /sbin/chkconfig --del transparent-proxying
+#if [ $1 = 0 ] ; then
+# service squidGuard stop >/dev/null 2>&1
+# /sbin/chkconfig --del squidGuard
+# /sbin/chkconfig --del transparent-proxying
+#fi
+if [ $1 -eq 0 ] ; then
+ # Package removal, not upgrade
+ /bin/systemctl --no-reload disable squidGuard.service > /dev/null 2>&1 || :
+ /bin/systemctl stop squidGuard.service > /dev/null 2>&1 || :
+ /bin/systemctl --no-reload disable transparent-proxying.service > /dev/null 2>&1 || :
+ /bin/systemctl stop transparent-proxying.service > /dev/null 2>&1 || :
+fi
+
+%postun
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+if [ $1 -ge 1 ] ; then
+ # Package upgrade, not uninstall
+ /bin/systemctl try-restart squidGuard.service >/dev/null 2>&1 || :
+ /bin/systemctl try-restart transparent-proxying.service >/dev/null 2>&1 || :
fi
+%triggerun -- squidGuard < 1.4-13
+# Save the current service runlevel info
+# User must manually run systemd-sysv-convert --apply squidGuard
+# and systemd-sysv-convert --apply transparent-proxying
+# to migrate them to systemd targets
+/usr/bin/systemd-sysv-convert --save squidGuard >/dev/null 2>&1 ||:
+/usr/bin/systemd-sysv-convert --save transparent-proxying >/dev/null 2>&1 ||:
+
+# Run these because the SysV package being removed won't do them
+/sbin/chkconfig --del squidGuard >/dev/null 2>&1 || :
+/sbin/chkconfig --del transparent-proxying >/dev/null 2>&1 || :
+/bin/systemctl try-restart squidGuard.service >/dev/null 2>&1 || :
+/bin/systemctl try-restart transparent-proxying.service >/dev/null 2>&1 || :
+
%files
%defattr(-,root,root)
%doc samples/*.conf
@@ -194,12 +241,16 @@ fi
%attr(0755,root,root) %{_cgibin}/*.cgi
%config(noreplace) %{_cgibin}/squidGuard.cgi
%{_cgibin}/babel.*
-%{_initrddir}/squidGuard
-%{_initrddir}/transparent-proxying
+%{_unitdir}/squidGuard.service
+%{_unitdir}/transparent-proxying.service
%{_localstatedir}/log/squidGuard
%{_localstatedir}/log/squid/squidGuard.log
%changelog
+* Tue Apr 17 2012 Jon Ciesla <limburgher at gmail.com> - 1.4-13
+- Migrate to systemd.
+- Stop messing with config noreplace for the config file in post.
+
* Mon Apr 16 2012 Jon Ciesla <limburgher at gmail.com> - 1.4-12
- Build against libdb again.
diff --git a/transparent-proxying-helper b/transparent-proxying-helper
new file mode 100755
index 0000000..1633a25
--- /dev/null
+++ b/transparent-proxying-helper
@@ -0,0 +1,67 @@
+#!/bin/bash
+
+# Source function library.
+. /etc/init.d/functions
+
+start() {
+ echo -n "Starting transparent proxying: "
+ if [ -f /var/run/squid.pid ]
+ then
+ # Turn on IP forwarding
+ echo 1 > /proc/sys/net/ipv4/ip_forward
+
+ # Turn on transparent proxy redirect
+ /sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128
+ echo_success
+ else
+ echo -n "Squid is not running! "
+ echo_failure
+ fi
+ echo
+ return 0
+}
+stop() {
+ echo -n "Stopping transparent proxying: "
+ echo 0 > /proc/sys/net/ipv4/ip_forward
+ # Turn off transparent proxy redirect
+ /sbin/iptables -t nat -D PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128
+ echo_success
+ echo
+ return 0
+}
+status() {
+ if [ "`/sbin/iptables -L -n -t nat | grep '80 redir ports 3128'`" ]
+ then
+ echo "Transparent proxying is active"
+ return 0
+ else
+ echo "Transparent proxying is inactive"
+ return 0
+ fi
+}
+
+
+restart() {
+ stop
+ start
+}
+
+case "$1" in
+ start)
+ start
+ ;;
+# status)
+# status
+# ;;
+# stop)
+# stop
+# ;;
+# restart|reload)
+# restart
+# ;;
+ *)
+# echo "*** Usage: {start|stop|restart}"
+ exit 1
+esac
+
+exit $?
diff --git a/transparent-proxying.service b/transparent-proxying.service
new file mode 100644
index 0000000..8377ef2
--- /dev/null
+++ b/transparent-proxying.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=squid transparent proxying
+After=syslog.target squid.service
+
+[Service]
+Type=forking
+PrivateTmp=True
+ExecStart=/usr/bin/transparent-proxying-helper start
+ExecStop==/usr/bin/transparent-proxying-helper stop
+
+[Install]
+WantedBy=multi-user.target
More information about the scm-commits
mailing list