|
|
819a9f |
%define haproxy_user haproxy
|
|
|
819a9f |
%define haproxy_group %{haproxy_user}
|
|
|
819a9f |
%define haproxy_home %{_localstatedir}/lib/haproxy
|
|
|
819a9f |
%define haproxy_confdir %{_sysconfdir}/haproxy
|
|
|
819a9f |
%define haproxy_datadir %{_datadir}/haproxy
|
|
|
819a9f |
|
|
|
819a9f |
%global _hardened_build 1
|
|
|
819a9f |
|
|
|
819a9f |
Name: haproxy
|
|
|
7991a0 |
Version: 1.5.2
|
|
|
d58b22 |
Release: 3%{?dist}
|
|
|
819a9f |
Summary: HA-Proxy is a TCP/HTTP reverse proxy for high availability environments
|
|
|
819a9f |
|
|
|
819a9f |
Group: System Environment/Daemons
|
|
|
819a9f |
License: GPLv2+
|
|
|
819a9f |
|
|
|
819a9f |
URL: http://haproxy.1wt.eu/
|
|
|
7991a0 |
Source0: http://haproxy.1wt.eu/download/1.5/src/haproxy-%{version}.tar.gz
|
|
|
819a9f |
Source1: %{name}.service
|
|
|
819a9f |
Source2: %{name}.cfg
|
|
|
819a9f |
Source3: %{name}.logrotate
|
|
|
819a9f |
|
|
|
7991a0 |
Patch0: halog-unused-variables.patch
|
|
|
d58b22 |
Patch1: haproxy-dont-update-msg-sov.patch
|
|
|
7991a0 |
|
|
|
819a9f |
BuildRequires: pcre-devel
|
|
|
7991a0 |
BuildRequires: zlib-devel
|
|
|
7991a0 |
BuildRequires: openssl-devel
|
|
|
819a9f |
BuildRequires: systemd-units
|
|
|
819a9f |
|
|
|
819a9f |
Requires(pre): shadow-utils
|
|
|
819a9f |
Requires(post): systemd
|
|
|
819a9f |
Requires(preun): systemd
|
|
|
819a9f |
Requires(postun): systemd
|
|
|
819a9f |
|
|
|
819a9f |
%description
|
|
|
819a9f |
HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high
|
|
|
819a9f |
availability environments. Indeed, it can:
|
|
|
819a9f |
- route HTTP requests depending on statically assigned cookies
|
|
|
819a9f |
- spread the load among several servers while assuring server persistence
|
|
|
819a9f |
through the use of HTTP cookies
|
|
|
819a9f |
- switch to backup servers in the event a main one fails
|
|
|
819a9f |
- accept connections to special ports dedicated to service monitoring
|
|
|
819a9f |
- stop accepting connections without breaking existing ones
|
|
|
819a9f |
- add/modify/delete HTTP headers both ways
|
|
|
819a9f |
- block requests matching a particular pattern
|
|
|
819a9f |
|
|
|
819a9f |
|
|
|
819a9f |
%prep
|
|
|
7991a0 |
%setup -q
|
|
|
7991a0 |
%patch0 -p0
|
|
|
d58b22 |
%patch1 -p1
|
|
|
819a9f |
|
|
|
819a9f |
%build
|
|
|
819a9f |
# No configure script is present, it is all done via make flags
|
|
|
819a9f |
# Kernels of Fedora 11 and up and EL 6 and up are newer than 2.6.28,
|
|
|
819a9f |
# so using linux2628 as target.
|
|
|
819a9f |
|
|
|
819a9f |
# Recommended optimization option for x86 builds
|
|
|
819a9f |
regparm_opts=
|
|
|
819a9f |
%ifarch %ix86 x86_64
|
|
|
819a9f |
regparm_opts="USE_REGPARM=1"
|
|
|
819a9f |
%endif
|
|
|
819a9f |
|
|
|
7991a0 |
make %{?_smp_mflags} CPU="generic" TARGET="linux2628" USE_OPENSSL=1 USE_PCRE=1 USE_ZLIB=1 ${regparm_opts} ADDINC="%{optflags}" USE_LINUX_TPROXY=1 ADDLIB="%{__global_ldflags}"
|
|
|
819a9f |
|
|
|
819a9f |
# build the halog contrib program.
|
|
|
819a9f |
pushd contrib/halog
|
|
|
819a9f |
make ${halog} OPTIMIZE="%{optflags}"
|
|
|
819a9f |
popd
|
|
|
819a9f |
|
|
|
819a9f |
%install
|
|
|
819a9f |
make install-bin DESTDIR=%{buildroot} PREFIX=%{_prefix}
|
|
|
819a9f |
make install-man DESTDIR=%{buildroot} PREFIX=%{_prefix}
|
|
|
819a9f |
|
|
|
819a9f |
%{__install} -p -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service
|
|
|
819a9f |
%{__install} -p -D -m 0644 %{SOURCE2} %{buildroot}%{haproxy_confdir}/%{name}.cfg
|
|
|
819a9f |
%{__install} -p -D -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
|
|
|
819a9f |
%{__install} -d -m 0755 %{buildroot}%{haproxy_home}
|
|
|
819a9f |
%{__install} -d -m 0755 %{buildroot}%{haproxy_datadir}
|
|
|
819a9f |
%{__install} -d -m 0755 %{buildroot}%{_bindir}
|
|
|
819a9f |
%{__install} -p -m 0755 ./contrib/halog/halog %{buildroot}%{_bindir}/halog
|
|
|
819a9f |
|
|
|
819a9f |
for httpfile in $(find ./examples/errorfiles/ -type f)
|
|
|
819a9f |
do
|
|
|
819a9f |
%{__install} -p -m 0644 $httpfile %{buildroot}%{haproxy_datadir}
|
|
|
819a9f |
done
|
|
|
819a9f |
|
|
|
819a9f |
# convert all text files to utf8
|
|
|
819a9f |
for textfile in $(find ./ -type f -name '*.txt')
|
|
|
819a9f |
do
|
|
|
819a9f |
mv $textfile $textfile.old
|
|
|
819a9f |
iconv --from-code ISO8859-1 --to-code UTF-8 --output $textfile $textfile.old
|
|
|
819a9f |
rm -f $textfile.old
|
|
|
819a9f |
done
|
|
|
819a9f |
|
|
|
819a9f |
|
|
|
819a9f |
%pre
|
|
|
dc512f |
getent group %{haproxy_group} >/dev/null || groupadd \
|
|
|
dc512f |
-g 188 -r %{haproxy_group}
|
|
|
dc512f |
getent passwd %{haproxy_user} >/dev/null || useradd \
|
|
|
dc512f |
-u 188 -r -g %{haproxy_group} -d %{haproxy_home} \
|
|
|
dc512f |
-s /sbin/nologin -c "haproxy" %{haproxy_user}
|
|
|
819a9f |
exit 0
|
|
|
819a9f |
|
|
|
819a9f |
|
|
|
819a9f |
%post
|
|
|
819a9f |
%systemd_post %{name}.service
|
|
|
819a9f |
|
|
|
dc512f |
|
|
|
819a9f |
%preun
|
|
|
819a9f |
%systemd_preun %{name}.service
|
|
|
819a9f |
|
|
|
819a9f |
|
|
|
819a9f |
%postun
|
|
|
819a9f |
%systemd_postun_with_restart %{name}.service
|
|
|
819a9f |
|
|
|
819a9f |
|
|
|
819a9f |
%files
|
|
|
819a9f |
%doc doc/*
|
|
|
819a9f |
%doc examples/url-switching.cfg
|
|
|
819a9f |
%doc examples/acl-content-sw.cfg
|
|
|
819a9f |
%doc examples/content-sw-sample.cfg
|
|
|
819a9f |
%doc examples/cttproxy-src.cfg
|
|
|
819a9f |
%doc examples/haproxy.cfg
|
|
|
819a9f |
%doc examples/tarpit.cfg
|
|
|
819a9f |
%doc CHANGELOG LICENSE README
|
|
|
819a9f |
%dir %{haproxy_datadir}
|
|
|
819a9f |
%{haproxy_datadir}/*
|
|
|
819a9f |
%dir %{haproxy_confdir}
|
|
|
819a9f |
%config(noreplace) %{haproxy_confdir}/%{name}.cfg
|
|
|
819a9f |
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
|
|
|
819a9f |
%{_unitdir}/%{name}.service
|
|
|
819a9f |
%{_sbindir}/%{name}
|
|
|
dc512f |
%{_sbindir}/%{name}-systemd-wrapper
|
|
|
819a9f |
%{_bindir}/halog
|
|
|
819a9f |
%{_mandir}/man1/%{name}.1.gz
|
|
|
819a9f |
%attr(-,%{haproxy_user},%{haproxy_group}) %dir %{haproxy_home}
|
|
|
819a9f |
|
|
|
819a9f |
%changelog
|
|
|
d58b22 |
* Thu Sep 04 2014 Ryan O'Hara <rohara@redhat.com> - 1.5.2-3
|
|
|
d58b22 |
- Fix remote client denial of service vulnerability (#1138191)
|
|
|
d58b22 |
|
|
|
7991a0 |
* Thu Jul 31 2014 Ryan O'Hara <rohara@redhat.com> - 1.5.2-2
|
|
|
7991a0 |
- Bump release number (#1120228)
|
|
|
7991a0 |
|
|
|
7991a0 |
* Thu Jul 17 2014 Ryan O'Hara <rohara@redhat.com> - 1.5.2-1
|
|
|
7991a0 |
- Update to stable release 1.5.2 (#1120228)
|
|
|
7991a0 |
|
|
|
7991a0 |
* Tue Jul 17 2014 Ryan O'Hara <rohara@redhat.com> - 1.5.1-2
|
|
|
7991a0 |
- Build with openssl and zlib (#1120673)
|
|
|
7991a0 |
|
|
|
7991a0 |
* Thu Jul 17 2014 Ryan O'Hara <rohara@redhat.com> - 1.5.1-1
|
|
|
7991a0 |
- Update to stable release 1.5.1 (#1120228)
|
|
|
7991a0 |
|
|
|
dc512f |
* Fri Feb 28 2014 Ryan O'Hara <rohara@redhat.com> - 1.5-0.3.dev22
|
|
|
dc512f |
- Use haproxy-systemd-wrapper in service file (#1067060)
|
|
|
dc512f |
|
|
|
dc512f |
* Wed Feb 12 2014 Ryan O'Hara <rohara@redhat.com> - 1.5-0.2.dev22
|
|
|
dc512f |
- Specify assigned UID in useradd
|
|
|
dc512f |
|
|
|
dc512f |
* Mon Feb 10 2014 Ryan O'Hara <rohara@redhat.com> - 1.5-0.1.dev22
|
|
|
dc512f |
- Update to development release 1.5-dev22 (#1043658)
|
|
|
dc512f |
|
|
|
dc512f |
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1.4.24-3
|
|
|
dc512f |
- Mass rebuild 2014-01-24
|
|
|
dc512f |
|
|
|
dc512f |
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 1.4.24-2
|
|
|
dc512f |
- Mass rebuild 2013-12-27
|
|
|
dc512f |
|
|
|
819a9f |
* Mon Jun 17 2013 Ryan O'Hara <rohara@redhat.com> - 1.4.24-1
|
|
|
819a9f |
- Update to 1.4.24 (CVE-2013-2174, #975160)
|
|
|
819a9f |
|
|
|
819a9f |
* Tue Apr 30 2013 Ryan O'Hara <rohara@redhat.com> - 1.4.23-3
|
|
|
819a9f |
- Build with PIE flags (#955182)
|
|
|
819a9f |
|
|
|
819a9f |
* Mon Apr 22 2013 Ryan O'Hara <rohara@redhat.com> - 1.4.23-2
|
|
|
819a9f |
- Build with PIE flags (#955182)
|
|
|
819a9f |
|
|
|
819a9f |
* Tue Apr 02 2013 Ryan O'Hara <rohara@redhat.com> - 1.4.23-1
|
|
|
819a9f |
- Update to 1.4.23 (CVE-2013-1912, #947697)
|
|
|
819a9f |
- Drop supplementary groups after setuid/setgid (#894626)
|
|
|
819a9f |
|
|
|
819a9f |
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.22-2
|
|
|
819a9f |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
|
|
819a9f |
|
|
|
819a9f |
* Fri Oct 12 2012 Robin Lee <cheeselee@fedoraproject.org> - 1.4.22-1
|
|
|
819a9f |
- Update to 1.4.22 (CVE-2012-2942, #824544)
|
|
|
819a9f |
- Use linux2628 build target
|
|
|
819a9f |
- No separate x86_64 build target for halog
|
|
|
819a9f |
- halog build honors rpmbuild optflags
|
|
|
819a9f |
- Specfile cleanup
|
|
|
819a9f |
|
|
|
819a9f |
* Mon Sep 17 2012 Václav PavlÃn <vpavlin@redhat.com> - 1.4.20-3
|
|
|
819a9f |
- Scriptlets replaced with new systemd macros (#850143)
|
|
|
819a9f |
|
|
|
819a9f |
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.20-2
|
|
|
819a9f |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
|
|
819a9f |
|
|
|
819a9f |
* Tue Apr 03 2012 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.4.20-1
|
|
|
819a9f |
- Update to 1.4.20
|
|
|
819a9f |
|
|
|
819a9f |
* Sun Feb 19 2012 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.4.19-4
|
|
|
819a9f |
- fix haproxy.services file
|
|
|
819a9f |
|
|
|
819a9f |
* Sun Feb 19 2012 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.4.19-3
|
|
|
819a9f |
- Update to use systemd fixing bug #770305
|
|
|
819a9f |
|
|
|
819a9f |
* Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 1.4.19-2
|
|
|
819a9f |
- Rebuild against PCRE 8.30
|
|
|
819a9f |
|
|
|
819a9f |
* Sun Jan 29 2012 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.4.19-1
|
|
|
819a9f |
- Update to 1.4.19
|
|
|
819a9f |
|
|
|
819a9f |
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.18-2
|
|
|
819a9f |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
|
|
819a9f |
|
|
|
819a9f |
* Thu Sep 22 2011 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.4.18-1
|
|
|
819a9f |
- Update to 1.4.18
|
|
|
819a9f |
|
|
|
819a9f |
* Tue Apr 26 2011 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.4.15-1
|
|
|
819a9f |
- Update to 1.4.15
|
|
|
819a9f |
|
|
|
819a9f |
* Sun Feb 27 2011 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.4.11-1
|
|
|
819a9f |
- update to 1.4.11
|
|
|
819a9f |
|
|
|
819a9f |
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.8-2
|
|
|
819a9f |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
|
|
819a9f |
|
|
|
819a9f |
* Sun Dec 12 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.4.9-1
|
|
|
819a9f |
- update to 1.4.9
|
|
|
819a9f |
|
|
|
819a9f |
* Sun Jun 20 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.4.8-1
|
|
|
819a9f |
- update to 1.4.8
|
|
|
819a9f |
|
|
|
819a9f |
* Sun May 30 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.4.6-1
|
|
|
819a9f |
- update to 1.4.6
|
|
|
819a9f |
|
|
|
819a9f |
* Thu Feb 18 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.23-1
|
|
|
819a9f |
- update to 1.3.23
|
|
|
819a9f |
|
|
|
819a9f |
* Sat Oct 17 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.22-1
|
|
|
819a9f |
- update to 1.3.22
|
|
|
819a9f |
- added logrotate configuration
|
|
|
819a9f |
|
|
|
819a9f |
* Mon Oct 12 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.21-1
|
|
|
819a9f |
- update to 1.3.21
|
|
|
819a9f |
|
|
|
819a9f |
* Sun Oct 11 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.20-1
|
|
|
819a9f |
- update to 1.3.20
|
|
|
819a9f |
|
|
|
819a9f |
* Sun Aug 02 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.19-1
|
|
|
819a9f |
- update to 1.3.19
|
|
|
819a9f |
|
|
|
819a9f |
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.18-2
|
|
|
819a9f |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
|
|
819a9f |
|
|
|
819a9f |
* Sun May 17 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.18-1
|
|
|
819a9f |
- update to 1.3.18
|
|
|
819a9f |
|
|
|
819a9f |
* Sat Apr 11 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.17-1
|
|
|
819a9f |
- Update to 1.3.17
|
|
|
819a9f |
|
|
|
819a9f |
* Tue Feb 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.15.7-2
|
|
|
819a9f |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
|
|
|
819a9f |
|
|
|
819a9f |
* Tue Dec 30 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.15.7-1
|
|
|
819a9f |
- update to 1.3.15.7
|
|
|
819a9f |
- remove upstream patches, they are now part of source distribution
|
|
|
819a9f |
|
|
|
819a9f |
* Sat Nov 22 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.15.6-2
|
|
|
819a9f |
- apply upstream patches
|
|
|
819a9f |
|
|
|
819a9f |
* Sat Nov 15 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.15.6-1
|
|
|
819a9f |
- update to 1.3.15.6
|
|
|
819a9f |
- use new build targets from upstream
|
|
|
819a9f |
- add in recommended build options for x86 from upstream
|
|
|
819a9f |
|
|
|
819a9f |
* Sat Jun 28 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.14.6-1
|
|
|
819a9f |
- update to 1.3.14.6
|
|
|
819a9f |
- remove gcc 4.3 patch, it has been applied upstream
|
|
|
819a9f |
- remove MIT license as that code has been removed from upstream
|
|
|
819a9f |
|
|
|
819a9f |
* Mon Apr 14 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.14.4-1
|
|
|
819a9f |
- update to 1.3.14.4
|
|
|
819a9f |
|
|
|
819a9f |
* Sun Mar 16 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.14.3-1
|
|
|
819a9f |
- update to 1.3.14.3
|
|
|
819a9f |
|
|
|
819a9f |
* Sat Mar 01 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.14.2-4
|
|
|
819a9f |
- apply the gcc 4.3 patch to the build process
|
|
|
819a9f |
|
|
|
819a9f |
* Sat Mar 01 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.14.2-3
|
|
|
819a9f |
- fix gcc 4.3 bug [#434144]
|
|
|
819a9f |
- update init script to properly reload configuration
|
|
|
819a9f |
|
|
|
819a9f |
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1.3.14.2-2
|
|
|
819a9f |
- Autorebuild for GCC 4.3
|
|
|
819a9f |
|
|
|
819a9f |
* Sun Jan 20 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.14.2-1
|
|
|
819a9f |
- update to 1.3.14.2
|
|
|
819a9f |
- update make flags that changed with this upstream release
|
|
|
819a9f |
- added man page installation
|
|
|
819a9f |
|
|
|
819a9f |
* Sun Dec 16 2007 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.14-1
|
|
|
819a9f |
- update to 1.3.14
|
|
|
819a9f |
|
|
|
819a9f |
* Mon Nov 05 2007 Jeremy Hinegardner <jeremy@hinegardner.org> - 1.3.12.4-1
|
|
|
819a9f |
- update to 1.3.12.4
|
|
|
819a9f |
|
|
|
819a9f |
* Thu Nov 01 2007 Jeremy Hinegardner <jeremy@hinegardner.org> - 1.3.12.3-1
|
|
|
819a9f |
- update to 1.3.12.3
|
|
|
819a9f |
|
|
|
819a9f |
* Fri Sep 21 2007 Jeremy Hinegardner <jeremy@hinegardner.org> - 1.3.12.2-3
|
|
|
819a9f |
- fix init script 'reload' task
|
|
|
819a9f |
|
|
|
819a9f |
* Thu Sep 20 2007 Jeremy Hinegardner <jeremy@hinegardner.org> - 1.3.12.2-2
|
|
|
819a9f |
- update License field
|
|
|
819a9f |
|
|
|
819a9f |
* Thu Sep 20 2007 Jeremy Hinegardner <jeremy@hinegardner.org> - 1.3.12.2-1
|
|
|
819a9f |
- update to 1.3.12.2
|
|
|
819a9f |
- remove the upstream patch
|
|
|
819a9f |
|
|
|
819a9f |
* Tue Sep 18 2007 Jeremy Hinegardner <jeremy@hinegardner.org> - 1.3.12.1-1
|
|
|
819a9f |
- switch to 1.3.12.1 branch
|
|
|
819a9f |
- add patch from upstream with O'Reilly licensing updates.
|
|
|
819a9f |
- convert ISO-8859-1 doc files to UTF-8
|
|
|
819a9f |
|
|
|
819a9f |
* Sat Mar 24 2007 Jeremy Hinegardner <jeremy@hinegardner.org> - 1.2.17-2
|
|
|
819a9f |
- addition of haproxy user
|
|
|
819a9f |
- add license information
|
|
|
819a9f |
|
|
|
819a9f |
* Fri Mar 23 2007 Jeremy Hinegardner <jeremy@hinegardner.org> - 1.2.17-1
|
|
|
819a9f |
- initial packaging
|