Основные возможности:
-
Позволяет собрать rpm пакет c-icap версии 060708rc3 в openSUSE 11.0-11.1
Описание файла спецификации, сборка и установка.
Spec файл
c-icap.spec разработан для сборки rpm пакета
c-icap (http://c-icap.sourceforge.net/).
Описание:
Для корректной сборки пакета используется:
-
Файл спецификации: c-icap.spec;
-
Init cкрипт: c-icap.init;
-
Файл sysconfig: c-icap.sysconfig;
-
Файл logrotate: c-icap.logrotate;
-
Патч: c_icap-060708rc1.patch;
-
Документация: c_icap-060708rc1-CONFIG.html (http://c-icap.sourceforge.net/configure.html) и c_icap-060708rc1-INSTALL.html (http://c-icap.sourceforge.net/install.html);
-
Исходный код: c_icap-060708rc3.tar.gz (http://downloads.sourceforge.net/c-icap/c_icap-060708rc3.tar.gz). Преобразовать в bz2 архив командой: bznew c_icap-060708rc3.tar.gz.
Сборка, установка и тестирование:
-
Поместить исходный код, файл спецификации, init cкрипт, файл sysconfig, файл logrotate, документацию и патч в /usr/src/packages/SOURCES
-
Поместить файл спецификации в /usr/src/packages/SPECS
-
Выполнить сборку: rpmbuild -bb /usr/src/packages/SPECS/c-icap.spec
-
Получить пакет в зависимости от архитектуры, например: /usr/src/packages/RPMS/i586/c-icap-060708rc3-1.i586.rpm
-
Установить:
host:/home/packager # rpm -ivh /usr/src/packages/RPMS/i586/c-icap-060708rc3-1.i586.rpm
Подготовка... ########################################### [100%]
1:c-icap ########################################### [100%]
Updating etc/sysconfig/c-icap...
host:/home/packager #
-
Проверить настройки /etc/c_icap.conf
-
Добавить в /etc/squid/squid.conf следующие строки:
icap_enable on
icap_preview_enable on
icap_preview_size 128
icap_send_client_ip on
icap_service service_avi_req reqmod_precache 0 icap://localhost:1344/srv_clamav
icap_service service_avi respmod_precache 1 icap://localhost:1344/srv_clamav
icap_class class_antivirus service_avi
icap_class class_antivirus_req service_avi_req
icap_access class_antivirus allow all
icap_access class_antivirus_req allow all
-
Включить службу c-icap:
host:/home/packager # chkconfig -add c-icap && rcc-icap start
c-icap 0:off 1:off 2:off 3:on 4:off 5:on 6:off
Starting c-icap Initialization of url_check module......
done
host:/home/packager #
-
Перегрузить squid и перейти к тестированию. Для проверки можно зайти http://www.eicar.org/anti_virus_test_file.htm и попытаться загрузить тестовый вирус, используя "...standard protocol http".
Должно появится сообщение типа:
VIRUS FOUND
You try to upload/download a file that contain the virus
Eicar-Test-Signature
This message generated by C-ICAP/060708rc3 srvClamAV/antivirus module
Примеры файлов для сборки rpm пакета c-icap:
(Скачать комплект файлов можно будет
здесь. ЗЫ Не тыкать! Жать правой кнопкой: сохранить ссылку как...)
Текст c-icap.spec:
%define cname c_icap
Name: c-icap
# List of additional build dependencies
BuildRequires: gcc make patch clamav zlib-devel
Version: 060708rc3
%define oversion 060708rc1
Release: 1
License: GPL v2 or later
Source: %{cname}-%{version}.tar.bz2
Source1: %{cname}-%{oversion}-CONFIG.html
Source2: %{cname}-%{oversion}-INSTALL.html
Source3: %{name}.init
Source4: %{name}.sysconfig
Source5: %{name}.logrotate
Patch: %{cname}-%{oversion}.patch
Group: Productivity/Networking/Security
Summary: Is an implementation of an ICAP server
Url: http://c-icap.sourceforge.net/
Requires: cron, logrotate, squid3, clamav
PreReq: coreutils, sed, grep, diffutils, %insserv_prereq, %fillup_prereq
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
c-icap is an implementation of an ICAP server.
The implementation of c-icap was started from scratch. An alternative approach
would be implementing a module for the ICAP protocol (e.g., as an HTTP module
or an HTTP proxy module) on top of the Apache Web server. The latter approach
would have the advantage of using server modules that are extremely stable as
well as using other useful modules implemented on top of the Apache Web server,
for example, SSL, MIME, loggers and filters. However, writing the server from
scratch would result in a simple and more autonomous ICAP server.
c-icap can be used with HTTP proxies that support the ICAP protocol. Most of the
comercial HTTP proxies must support ICAP pcotocol. The open source Squid 3.0
proxy server supports the ICAP protocol too. Also you can use the Shweby proxy
server, which operates very well with the ICAP protocol.
c-icap supports request and response modification, "preview" functionality
(preview of requests) and "204 No Content"(No modification needed) responses.
It also supports the addition of services which are responsible for content
modifications. Currently, services can be implemented only in C/C++. In the future,
I am planning to implement Perl and Java service handlers which will allow services
written in Perl or Java.
c-icap allows the addition of modules, which can extend its functionality and
services. For instance, such modules can be loggers, authenticators and
authentication methods or access controlers.
Currently, only two services exist: the echo service and an antivirus service
based on ClamAV. Looking into the code of these services can help you understand
how services are created in a c-icap server. c-icap is reasonably stable. Tests
with several thousands of requests of echo and antivirus services were successfully
passed. However, c-icap is still under development and is subject to changes. For
example, function names and configuration parameters may be modified, include files
will be merged, and several new features will be added. In other words, you should
only use it for experimentation purposes.
%debug_package
%package devel
License: GPL v2 or later
Group: Development/Libraries/Other
Summary: Development files for c-icap
Requires: %{name} = %{version}
%description devel
Static libraries and header files for c-icap.
%prep
%setup -q -n %{cname}-%{version}
%patch -p0
%build
export CFLAGS="$RPM_OPT_FLAGS"
./configure --prefix=%{_prefix} \
--bindir=%{_sbindir} \
--libexecdir=%{_prefix}/lib/%{cname} \
--sysconfdir=%{_sysconfdir}/%{cname} \
--localstatedir=%{_localstatedir} \
--libdir=%{_libdir} \
--infodir=%{_infodir} \
--mandir=%{_mandir} \
--docdir=%{_docdir}/%{cname}
make
%install
make DESTDIR=%buildroot install
%__rm -rf %buildroot%{_localstatedir}/log
%__rm -f %buildroot%{_sysconfdir}/%{cname}/*.default
%__mkdir_p -m 0755 %buildroot%{_localstatedir}/log
%__mkdir_p -m 0700 %buildroot%{_localstatedir}/log/%{cname}
%__mkdir_p -m 0755 %buildroot%{_localstatedir}/spool
%__mkdir_p -m 0700 %buildroot%{_localstatedir}/spool/%{cname}
%__mkdir_p -m 0700 %buildroot%{_localstatedir}/spool/%{cname}/tmp
%__mkdir_p -m 0700 %buildroot%{_localstatedir}/spool/%{cname}/download
%__mkdir_p -m 0755 %buildroot%{_sysconfdir}/init.d
%__mkdir_p -m 0755 %buildroot%{_sysconfdir}/logrotate.d
%__mkdir_p -m 0755 %buildroot%{_localstatedir}/adm/fillup-templates
%__mkdir_p -m 0755 %buildroot%{_docdir}/%{cname}
%__install -m 0644 %{_sourcedir}/%{cname}-%{oversion}-CONFIG.html %buildroot%{_docdir}/%{cname}/CONFIG.html
%__install -m 0644 %{_sourcedir}/%{cname}-%{oversion}-INSTALL.html %buildroot%{_docdir}/%{cname}/INSTALL.html
%__install -m 0755 %{_sourcedir}/%{name}.init %buildroot%{_sysconfdir}/init.d/%{name}
%__install -m 0644 %{_sourcedir}/%{name}.sysconfig %buildroot%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
%__install -m 0644 %{_sourcedir}/%{name}.logrotate %buildroot%{_sysconfdir}/logrotate.d/%{name}
%__ln_s -f %{_sysconfdir}/init.d/c-icap %buildroot%{_sbindir}/rc%{name}
%post
%{fillup_and_insserv c-icap}
/sbin/ldconfig
%preun
%stop_on_removal c-icap
%postun
/sbin/ldconfig
%restart_on_update c-icap
%insserv_cleanup
%clean
rm -rf %buildroot
%files
%defattr(-,root,root)
%dir %{_sysconfdir}/%{cname}
%config(noreplace) %attr(0644, root, root) %{_sysconfdir}/%{cname}/c-icap.conf
%config(noreplace) %attr(0644, root, root) %{_sysconfdir}/%{cname}/c-icap.magic
%config %{_sysconfdir}/init.d/%{name}
%config %{_sysconfdir}/logrotate.d/%{name}
/var/adm/fillup-templates/sysconfig.%{name}
%attr(0755, root, root) %{_libdir}/%{cname}/*.so
%attr(0644, root, root) %{_libdir}/%{cname}/*.la
%attr(0644, root, root) %{_libdir}/libicapapi.la
%attr(0755, root, root) %{_libdir}/libicapapi.so.0.0.1
%{_libdir}/libicapapi.so.0
%attr(0755, root, root) %{_sbindir}/c-icap
%attr(0755, root, root) %{_sbindir}/icap-*
%{_sbindir}/rc%{name}
%dir %{_libdir}/%{cname}
%dir %attr(-, vscan, root) %{_localstatedir}/log/%{cname}
%dir %attr(-, vscan, root) %{_localstatedir}/spool/%{cname}
%dir %attr(-, vscan, root) %{_localstatedir}/spool/%{cname}/tmp
%dir %attr(-, vscan, root) %{_localstatedir}/spool/%{cname}/download
%dir %{_docdir}/%{cname}
%doc %{_docdir}/%{cname}/*
%files devel
%defattr(-,root,root)
%{_libdir}/libicapapi.so
%dir %{_includedir}/%{cname}
%{_includedir}/%{cname}/*.h
%changelog
* Mon Mar 30 2009 Konstantin Nadezhdin <w.homenki.ru>
- modified for c-icap version 060708rc2
- added zlib-devel to buildrequires
* Mon Feb 09 2009 <w.homenki.ru>
- packaged c-icap version 060708rc1 using the buildservice spec file wizard
Текст c-icap.sysconfig:
## Path: Network/WWW/Proxy/c-icap
## Description: c-icap configuration
## Type: yesno
## Default: yes
## ServiceReload: c-icap
## ServiceRestart: c-icap
#
# Set USE_CICAP to yes, if you want to use the proxy virus scanning
# facility c-icap within squid3 and clamav.
#
USE_CICAP="yes"
Текст c-icap.logrotate:
# /etc/logrotate.d/c-icap
# $Id$
/var/log/c_icap/*.log {
compress
dateext
maxage 365
rotate 99
missingok
notifempty
size=+2096k
create 600 vscan root
postrotate
/etc/init.d/c-icap reload
endscript
}
Текст c-icap.init:
#!/bin/sh
#
# /etc/init.d/c-icap
# and its symbolic link
# /usr/sbin/rcc-icap
#
### BEGIN INIT INFO
# Provides: c-icap
# Required-Start: $syslog $remote_fs
# Should-Start:
# Required-Stop: $syslog $remote_fs
# Should-Stop:
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Short-Description: c-icap redirector for squid and clamav
# Description: Start c-icap to provide clamav virus
# scanner interface for Squid.
### END INIT INFO
CICAP_BIN=/usr/sbin/c-icap
test -x $CICAP_BIN || { echo "$CICAP_BIN not installed";
if [ "$1" = "stop" ]; then exit 0;
else exit 5; fi; }
CICAP_CONFIG=/etc/sysconfig/c-icap
test -r $CICAP_CONFIG || { echo "$CICAP_CONFIG not existing";
if [ "$1" = "stop" ]; then exit 0;
else exit 6; fi; }
. $CICAP_CONFIG
if [ "$USE_CICAP" == "no" ]; then
echo "c-icap disabled in $CICAP_CONFIG. To enable c-icap, set USE_CICAP=\"yes\" in $CICAP_CONFIG"
exit 6
fi
. /etc/rc.status
rc_reset
case "$1" in
start)
echo -n "Starting c-icap "
/sbin/startproc $CICAP_BIN
rc_status -v
;;
stop)
echo -n "Shutting down c-icap "
/sbin/killproc -TERM $CICAP_BIN
rc_status -v
;;
try-restart|condrestart)
if test "$1" = "condrestart"; then
echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
fi
$0 status
if test $? = 0; then
$0 restart
else
rc_reset # Not running is not a failure.
fi
rc_status
;;
restart)
$0 stop
$0 start
rc_status
;;
force-reload)
echo -n "Reload service c-icap "
/sbin/killproc -HUP $CICAP_BIN
rc_status -v
;;
reload)
echo -n "Reload service c-icap "
/sbin/killproc -HUP $CICAP_BIN
rc_status -v
;;
status)
echo -n "Checking for service c-icap "
/sbin/checkproc $CICAP_BIN
rc_status -v
;;
probe)
test /etc/c_icap/c-icap.conf -nt /var/run/c-icap.pid && echo reload
;;
*)
echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
exit 1
;;
esac
rc_exit
Текст c_icap-060708rc1.patch:
--- c-icap.conf.in 2008-07-06 23:22:32.000000000 +0400
+++ c-icap.conf.in 2009-01-27 18:11:11.000000000 +0300
@@ -3,8 +3,8 @@
#
PidFile /var/run/c-icap.pid
-CommandsSocket /var/run/c-icap/c-icap.ctl
+CommandsSocket /var/spool/c_icap/c-icap.ctl
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
@@ -19,18 +19,18 @@
Port 1344
-User wwwrun
+User vscan
Group nobody
#ServerAdmin you@your.address # Not implemented yet
#ServerName localhost:1344 # Not implemented yet
-TmpDir /var/tmp
+TmpDir /var/spool/c_icap/tmp
MaxMemObject 131072
-ServerLog @prefix@/var/log/server.log
-AccessLog @prefix@/var/log/access.log
+ServerLog /var/log/c_icap/server.log
+AccessLog /var/log/c_icap/access.log
#DebugLevel 3
ModulesDir @prefix@/lib/c_icap
@@ -56,21 +56,27 @@
## acl and icap_access are aliases for default_acl.acl and default_acl.icap_access
#acl localnet_options src 192.168.1.0/255.255.255.0 type options
#acl localnet_respmod src 192.168.1.0/255.255.255.0 type respmod
+acl localnet_respmod src 127.0.0.1 type respmod
#acl localnet src 192.168.1.0/255.255.255.0
+acl localnet src 127.0.0.1
##Use the folllowing to demand use of username ......
##acl localnet src 192.168.1.0/255.255.255.0 user *
#acl externalnet src 0.0.0.0/0.0.0.0
+acl externalnet src 0.0.0.0/0.0.0.0
#acl barbarian src 192.168.1.5
##An example to specify access to server
#icap_access deny barbarian
#icap_access allow localnet_options
#icap_access allow localnet_respmod
+icap_access allow localnet_respmod
#icap_access allow localnet
+icap_access allow localnet
## http_auth mean that the icap server must try to authenticate the request
## using the http headers ....
#icap_access http_auth localnet
#icap_access deny externalnet
+icap_access deny externalnet
#Also you can specify which hosts to log or not.
# Comment out the folowing two lines to log only the external net
@@ -122,10 +128,10 @@
# And here the viralator-like mode.
# where to save documents
-srv_clamav.VirSaveDir /srv/www/htdocs/downloads/
+#srv_clamav.VirSaveDir /srv/www/htdocs/downloads/
# from where the documents can be retrieved (you can find the get_file.pl script in contrib dir)
-srv_clamav.VirHTTPServer "http://fortune/cgi-bin/get_file.pl?usename=%f&remove=1&file="
+#srv_clamav.VirHTTPServer "http://fortune/cgi-bin/get_file.pl?usename=%f&remove=1&file="
# The refresh rate....
-srv_clamav.VirUpdateTime 15
+#srv_clamav.VirUpdateTime 15
# For which filetypes the "virelator like mode" will be used.
-srv_clamav.VirScanFileTypes ARCHIVE EXECUTABLE
+#srv_clamav.VirScanFileTypes ARCHIVE EXECUTABLE
--- Makefile.am 2008-07-07 00:31:43.000000000 +0400
+++ Makefile.am 2009-01-28 11:45:04.000000000 +0300
@@ -5,7 +5,7 @@
SERVICESDIR=$(pkglibdir)/
#CONFIGDIR=$(sysconfdir)/
LOGDIR=$(localstatedir)/log/
-SOCKDIR=/var/run/c-icap
+SOCKDIR=$(localstatedir)/spool/c_icap
SUBDIRS = . modules services
--- Makefile.in 2008-07-29 22:36:40.000000000 +0400
+++ Makefile.in 2009-02-10 09:46:13.000000000 +0300
@@ -279,7 +279,7 @@
SERVICESDIR = $(pkglibdir)/
#CONFIGDIR=$(sysconfdir)/
LOGDIR = $(localstatedir)/log/
-SOCKDIR = /var/run/c-icap
+SOCKDIR = $(localstatedir)/spool/c_icap
SUBDIRS = . modules services
lib_LTLIBRARIES = libicapapi.la
UTIL_SOURCES = net_io.c os/unix/net_io.c os/unix/proc_mutex.c os/unix/shared_mem.c os/unix/threads.c os/unix/utilfunc.c os/unix/proc_utils.c os/unix/dlib.c
@@ -1306,9 +1306,9 @@
if test ! -f $(DESTDIR)$(CONFIGDIR)/c-icap.magic; then $(INSTALL) c-icap.magic $(DESTDIR)$(CONFIGDIR)/c-icap.magic; fi
$(mkinstalldirs) $(DESTDIR)$(LOGDIR);
$(mkinstalldirs) $(DESTDIR)$(SOCKDIR);
- chgrp nobody $(DESTDIR)$(LOGDIR)
+# chgrp nobody $(DESTDIR)$(LOGDIR)
chmod 775 $(DESTDIR)$(LOGDIR)
- chgrp nobody $(DESTDIR)$(SOCKDIR)
+# chgrp nobody $(DESTDIR)$(SOCKDIR)
chmod 775 $(DESTDIR)$(SOCKDIR)
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.