2 Version: @PACKAGE_VERSION@
4 Summary: Open source system for attribute-based Web SSO
5 Group: Productivity/Networking/Security
8 URL: http://shibboleth.internet2.edu/
9 Source: %{name}-sp-%{version}.tar.gz
10 BuildRoot: %{_tmppath}/%{name}-%{version}-root
12 PreReq: xmltooling-schemas, opensaml-schemas
13 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
14 PreReq: %{insserv_prereq} %{fillup_prereq}
15 BuildRequires: libXerces-c-devel >= 2.8.0
17 BuildRequires: libxerces-c-devel >= 2.8.0
19 BuildRequires: libxml-security-c-devel >= 1.4.0
20 BuildRequires: libxmltooling-devel >= 1.5
21 BuildRequires: libsaml-devel >= 2.5
22 %{?_with_log4cpp:BuildRequires: liblog4cpp-devel >= 1.0}
23 %{!?_with_log4cpp:BuildRequires: liblog4shib-devel}
24 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
25 Requires: libcurl-openssl >= 7.21.7
26 BuildRequires: chrpath
28 BuildRequires: gcc-c++, zlib-devel, boost-devel >= 1.32.0
29 %{!?_without_doxygen:BuildRequires: doxygen}
30 %{!?_without_odbc:BuildRequires:unixODBC-devel}
31 %{?_with_fastcgi:BuildRequires: fcgi-devel}
32 %if 0%{?centos_version} >= 600
33 BuildRequires: libmemcached-devel
35 %{?_with_memcached:BuildRequires: libmemcached-devel}
36 %if "%{_vendor}" == "redhat"
37 %{!?_without_builtinapache:BuildRequires: httpd-devel}
38 BuildRequires: redhat-rpm-config
39 Requires(pre): shadow-utils
40 Requires(post): chkconfig
41 Requires(preun): chkconfig, initscripts
43 %if "%{_vendor}" == "suse"
44 Requires(pre): pwdutils
45 %{!?_without_builtinapache:BuildRequires: apache2-devel}
49 %if "%{_vendor}" == "suse"
50 %define pkgdocdir %{_docdir}/%{name}
52 %define pkgdocdir %{_docdir}/%{name}-%{version}
56 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
57 that supports multiple protocols, federated identity, and the extensible
58 exchange of rich attributes subject to privacy controls.
60 This package contains the Shibboleth Service Provider runtime libraries,
61 daemon, default plugins, and Apache module(s).
64 Summary: Shibboleth Development Headers
65 Group: Development/Libraries/C and C++
66 Requires: %{name} = %{version}-%{release}
67 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
68 Requires: libXerces-c-devel >= 2.8.0
70 Requires: libxerces-c-devel >= 2.8.0
72 Requires: libxml-security-c-devel >= 1.4.0
73 Requires: libxmltooling-devel >= 1.5
74 Requires: libsaml-devel >= 2.5
75 %{?_with_log4cpp:Requires: liblog4cpp-devel >= 1.0}
76 %{!?_with_log4cpp:Requires: liblog4shib-devel}
79 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
80 that supports multiple protocols, federated identity, and the extensible
81 exchange of rich attributes subject to privacy controls.
83 This package includes files needed for development with Shibboleth.
89 %if 0%{?centos_version} >= 600
90 %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{!?_without_memcached:--with-memcached} %{?shib_options}
92 %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{?_with_memcached} %{?shib_options}
94 %{__make} pkgdocdir=%{pkgdocdir}
97 %{__make} install NOKEYGEN=1 DESTDIR=$RPM_BUILD_ROOT pkgdocdir=%{pkgdocdir}
99 %if "%{_vendor}" == "suse"
100 %{__sed} -i "s/\/var\/log\/httpd/\/var\/log\/apache2/g" \
101 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/native.logger
104 # Plug the SP into the built-in Apache on a recognized system.
107 if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_13.so ] ; then
108 APACHE_CONFIG="apache.config"
110 if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_20.so ] ; then
111 APACHE_CONFIG="apache2.config"
113 if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_22.so ] ; then
114 APACHE_CONFIG="apache22.config"
116 if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_24.so ] ; then
117 APACHE_CONFIG="apache24.config"
119 %{?_without_builtinapache:APACHE_CONFIG="no"}
120 if [ "$APACHE_CONFIG" != "no" ] ; then
122 if [ -d %{_sysconfdir}/httpd/conf.d ] ; then
123 APACHE_CONFD="%{_sysconfdir}/httpd/conf.d"
125 if [ -d %{_sysconfdir}/apache2/conf.d ] ; then
126 APACHE_CONFD="%{_sysconfdir}/apache2/conf.d"
128 if [ "$APACHE_CONFD" != "no" ] ; then
129 %{__mkdir} -p $RPM_BUILD_ROOT$APACHE_CONFD
130 %{__cp} -p $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/$APACHE_CONFIG $RPM_BUILD_ROOT$APACHE_CONFD/shib.conf
131 echo "%config(noreplace) $APACHE_CONFD/shib.conf" >> rpm.filelist
135 # Establish location of sysconfig file, if any.
137 %if "%{_vendor}" == "redhat"
138 %{__mkdir} -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
139 echo "%config(noreplace) %{_sysconfdir}/sysconfig/shibd" >> rpm.filelist
140 SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/shibd"
142 %if "%{_vendor}" == "suse"
143 %{__mkdir} -p $RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates
144 echo "%{_localstatedir}/adm/fillup-templates/sysconfig.shibd" >> rpm.filelist
145 SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates/sysconfig.shibd"
147 if [ "$SYSCONFIG_SHIBD" != "no" ] ; then
148 # Populate the sysconfig file.
149 cat > $SYSCONFIG_SHIBD <<EOF
150 # Shibboleth SP init script customization
152 # User account for shibd
153 SHIBD_USER=%{runuser}
155 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
156 cat >> $SYSCONFIG_SHIBD <<EOF
158 # Override OS-supplied libcurl
159 export LD_LIBRARY_PATH=/opt/shibboleth/%{_lib}
161 # Strip existing rpath to libcurl.
162 chrpath -d $RPM_BUILD_ROOT%{_sbindir}/shibd
163 chrpath -d $RPM_BUILD_ROOT%{_bindir}/mdquery
164 chrpath -d $RPM_BUILD_ROOT%{_bindir}/resolvertest
168 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
169 # %{_initddir} not yet in RHEL5, use deprecated %{_initrddir}
170 install -d -m 0755 $RPM_BUILD_ROOT%{_initrddir}
171 install -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/shibd-%{_vendor} $RPM_BUILD_ROOT%{_initrddir}/shibd
172 %if "%{_vendor}" == "suse"
173 install -d -m 0755 $RPM_BUILD_ROOT/%{_sbindir}
174 %{__ln_s} -f %{_initrddir}/shibd $RPM_BUILD_ROOT%{_sbindir}/rcshibd
182 [ "$RPM_BUILD_ROOT" != "/" ] && %{__rm} -rf $RPM_BUILD_ROOT
185 getent group %{runuser} >/dev/null || groupadd -r %{runuser}
186 getent passwd %{runuser} >/dev/null || useradd -r -g %{runuser} \
187 -d %{_localstatedir}/run/%{name} -s /sbin/nologin -c "Shibboleth SP daemon" %{runuser}
191 %ifnos solaris2.8 solaris2.9 solaris2.10
195 # Key generation or ownership fix
196 cd %{_sysconfdir}/%{name}
197 if [ -f sp-key.pem ] ; then
198 %{__chown} %{runuser}:%{runuser} sp-key.pem sp-cert.pem 2>/dev/null || :
200 sh ./keygen.sh -b -u %{runuser} -g %{runuser}
203 # Fix ownership of log files (even on new installs, if they're left from an older one).
204 %{__chown} %{runuser}:%{runuser} %{_localstatedir}/log/%{name}/* 2>/dev/null || :
206 %if "%{_vendor}" == "redhat"
207 if [ "$1" -gt "1" ] ; then
208 # On Red Hat with shib.conf installed, clean up old Alias commands
209 # by pointing them at new version-independent /usr/share/share tree.
210 # Any Aliases we didn't create we assume are custom files.
211 # This is to accomodate making shib.conf a noreplace config file.
212 # We can't do this for SUSE, because they disallow changes to
213 # packaged files in scriplets.
215 if [ -f %{_sysconfdir}/httpd/conf.d/shib.conf ] ; then
216 APACHE_CONF="%{_sysconfdir}/httpd/conf.d/shib.conf"
218 if [ "$APACHE_CONF" != "no" ] ; then
219 %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/main\.css/\/usr\/share\/shibboleth\/main.css/g" \
221 %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/logo\.jpg/\/usr\/share\/shibboleth\/logo.jpg/g" \
226 # This adds the proper /etc/rc*.d links for the script
227 /sbin/chkconfig --add shibd
229 # On upgrade, restart components if they're already running.
230 # This gets repeated now down in %postun, and the next release
231 # should remove this copy. If we yank it now, we'll break upgrades.
232 if [ "$1" -gt "1" ] ; then
233 /etc/init.d/shibd status 1>/dev/null && /etc/init.d/shibd restart 1>/dev/null
234 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
238 %if "%{_vendor}" == "suse"
239 # This adds the proper /etc/rc*.d links for the script
240 # and populates the sysconfig/shibd file.
242 %{fillup_only -n shibd}
243 %insserv_force_if_yast shibd
247 # On final removal, stop shibd and remove service, restart Apache if running.
248 %if "%{_vendor}" == "redhat"
249 if [ "$1" -eq 0 ] ; then
250 /sbin/service shibd stop >/dev/null 2>&1
251 /sbin/chkconfig --del shibd
252 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
255 %if "%{_vendor}" == "suse"
256 %stop_on_removal shibd
257 if [ "$1" -eq 0 ] ; then
258 %{!?_without_builtinapache:/etc/init.d/apache2 status 1>/dev/null && /etc/init.d/apache2 restart 1>/dev/null}
264 %ifnos solaris2.8 solaris2.9 solaris2.10
267 %if "%{_vendor}" == "redhat"
268 # On upgrade, restart components if they're already running.
269 if [ "$1" -ge "1" ] ; then
270 /etc/init.d/shibd status 1>/dev/null && /etc/init.d/shibd restart 1>/dev/null
271 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
275 %if "%{_vendor}" == "suse"
277 %restart_on_update shibd
278 %{!?_without_builtinapache:%restart_on_update apache2}
283 # ugly hack if init script got removed during %postun by upgraded (buggy/2.1) package
284 %if "%{_vendor}" == "redhat"
285 if [ ! -f %{_initrddir}/shibd ] ; then
286 if [ -f %{_sysconfdir}/%{name}/shibd-%{_vendor} ] ; then
287 %{__cp} -p %{_sysconfdir}/%{name}/shibd-%{_vendor} %{_initrddir}/shibd
288 %{__chmod} 755 %{_initrddir}/shibd
289 /sbin/chkconfig --add shibd
294 %files -f rpm.filelist
295 %defattr(-,root,root,-)
298 %{_bindir}/resolvertest
299 %{_libdir}/libshibsp.so.*
300 %{_libdir}/libshibsp-lite.so.*
301 %dir %{_libdir}/%{name}
303 %exclude %{_libdir}/%{name}/*.la
304 %attr(0750,%{runuser},%{runuser}) %dir %{_localstatedir}/log/%{name}
305 %attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/run/%{name}
306 %attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/cache/%{name}
307 %dir %{_datadir}/xml/%{name}
308 %{_datadir}/xml/%{name}/*
309 %dir %{_datadir}/%{name}
310 %{_datadir}/%{name}/*
311 %dir %{_sysconfdir}/%{name}
312 %config(noreplace) %{_sysconfdir}/%{name}/*.xml
313 %config(noreplace) %{_sysconfdir}/%{name}/*.html
314 %config(noreplace) %{_sysconfdir}/%{name}/*.logger
315 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
316 %config %{_initrddir}/shibd
318 %if "%{_vendor}" == "suse"
321 %{_sysconfdir}/%{name}/*.dist
322 %{_sysconfdir}/%{name}/apache*.config
323 %{_sysconfdir}/%{name}/shibd-*
324 %attr(0755,root,root) %{_sysconfdir}/%{name}/keygen.sh
325 %attr(0755,root,root) %{_sysconfdir}/%{name}/metagen.sh
326 %{_sysconfdir}/%{name}/*.xsl
328 %exclude %{pkgdocdir}/api
331 %defattr(-,root,root,-)
333 %{_libdir}/libshibsp.so
334 %{_libdir}/libshibsp-lite.so
335 %doc %{pkgdocdir}/api
338 * Thu Mar 1 2012 Scott Cantor <cantor.2@osu.edu> - 2.5-1
339 - Move logo and stylesheet to version-independent tree
340 - Make shib.conf noreplace
341 - Post-fixup of Alias commands in older shib.conf
342 - Changes to run shibd as non-root shibboleth user
343 - Move init customizations to /etc/sysconfig/shibd
344 - Copy shibd restart for Red Hat to postun
345 - Add boost-devel dependency
346 - Build memcache plugin on RH6
347 - Add cachedir to install
348 - Add Apache 2.4 to install
350 * Sun Jun 26 2011 Scott Cantor <cantor.2@osu.edu> - 2.4.3-1
351 - Log files shouldn't be world readable.
352 - Explicit requirement for libcurl-openssl on RHEL6
353 - Uncomment LD_LIBRARY_PATH in init script for RHEL6
354 - Remove rpath from binaries for RHEL6
356 * Fri Dec 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.4-1
357 - Update dependencies.
359 * Mon Nov 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.3.1-1
360 - Reset revision for 2.3.1 release
362 * Wed Aug 19 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-2
363 - SuSE init script changes
364 - Restart Apache on removal, not just upgrade
365 - Fix scriptlet exit values when Apache is stopped
367 * Mon Aug 10 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
368 - Doc handling changes
371 * Tue Aug 4 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
372 - Initial version for 2.2.1, with shibd/httpd restart on upgrade
374 * Thu Jun 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-3
375 - Add additional cleanup to posttrans fix
377 * Tue Jun 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-2
378 - Reverse without_builtinapache macro test
379 - Fix init script handling on Red Hat to handle upgrades
381 * Wed Dec 3 2008 Scott Cantor <cantor.2@osu.edu> - 2.2-1
382 - Bump minor version.
383 - Make keygen.sh executable.
384 - Fixing SUSE Xerces dependency name.
385 - Optionally package shib.conf.
387 * Tue Jun 10 2008 Scott Cantor <cantor.2@osu.edu> - 2.1-1
388 - Change shib.conf handling to treat as config file.
390 * Mon Mar 17 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-6
393 * Fri Jan 18 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-5
394 - Release candidate 1.
396 * Sun Oct 21 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-4
397 - libexec -> lib/shibboleth changes
398 - Added doc subpackage
400 * Thu Aug 16 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-3
403 * Fri Jul 13 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-2
404 - Second alpha release.
406 * Sun Jun 10 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-1
407 - First alpha release.
409 * Mon Oct 2 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-11
410 - Applied fix for secadv 20061002
411 - Fix for metadata loader loop
413 * Wed Jun 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-10
414 - Applied fix for sec 20060615
416 * Fri Apr 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-9
417 - Misc. patches, SuSE, Apache 2.2, gcc 4.1, and 64-bit support
419 * Mon Jan 9 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-8
420 - Applied new fix for secadv 20060109
422 * Tue Nov 8 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-7
423 - Applied new fix for secadv 20050901 plus rollup
425 * Fri Sep 23 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-6
426 - Minor patches and default config changes
428 - Fix shib.conf creation
429 - Integrated init.d script
430 - Prevent replacement of config files
432 * Thu Sep 1 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-5
433 - Applied fix for secadv 20050901 plus rollup of NSAPI fixes
435 * Sun Apr 24 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-1
436 - Updated test programs and location of schemas.
437 - move siterefresh to to sbindir
439 * Fri Apr 1 2005 Derek Atkins <derek@ihtfp.com> - 1.3-1
440 - Add selinux-targeted-policy package
441 - move shar to sbindir
443 * Tue Oct 19 2004 Derek Atkins <derek@ihtfp.com> - 1.2-1
444 - Create SPEC file based on various versions in existence.