2 Version: @PACKAGE_VERSION@
4 Summary: Open source system for attribute-based Web SSO
5 Group: Productivity/Networking/Security
6 Vendor: Shibboleth Consortium
8 URL: http://shibboleth.net/
9 Source: %{name}-%{version}.tar.gz
10 BuildRoot: %{_tmppath}/%{name}-%{version}-root
11 Obsoletes: @PACKAGE_NAME@ < %{version}-%{release}
13 PreReq: xmltooling-schemas, opensaml-schemas
14 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
15 PreReq: %{insserv_prereq} %{fillup_prereq}
16 BuildRequires: libXerces-c-devel >= 2.8.0
18 BuildRequires: libxerces-c-devel >= 2.8.0
20 BuildRequires: libxml-security-c-devel >= 1.4.0
21 BuildRequires: libxmltooling-devel >= 1.5
22 BuildRequires: libsaml-devel >= 2.5
23 %{?_with_log4cpp:BuildRequires: liblog4cpp-devel >= 1.0}
24 %{!?_with_log4cpp:BuildRequires: liblog4shib-devel >= 1.0.4}
25 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
26 Requires: libcurl-openssl >= 7.21.7
27 BuildRequires: chrpath
29 BuildRequires: gcc-c++, zlib-devel, boost-devel >= 1.32.0
30 %{!?_without_doxygen:BuildRequires: doxygen}
31 %{!?_without_odbc:BuildRequires:unixODBC-devel}
32 %{?_with_fastcgi:BuildRequires: fcgi-devel}
33 %if 0%{?centos_version} >= 600
34 BuildRequires: libmemcached-devel
36 %{?_with_memcached:BuildRequires: libmemcached-devel}
37 %if "%{_vendor}" == "redhat"
38 %{!?_without_builtinapache:BuildRequires: httpd-devel}
39 BuildRequires: redhat-rpm-config
40 Requires(pre): shadow-utils
41 Requires(post): chkconfig
42 Requires(preun): chkconfig, initscripts
44 %if "%{_vendor}" == "suse"
45 Requires(pre): pwdutils
46 %{!?_without_builtinapache:BuildRequires: apache2-devel}
50 %if "%{_vendor}" == "suse"
51 %define pkgdocdir %{_docdir}/shibboleth
53 %define pkgdocdir %{_docdir}/shibboleth-%{version}
57 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
58 that supports multiple protocols, federated identity, and the extensible
59 exchange of rich attributes subject to privacy controls.
61 This package contains the Shibboleth Service Provider runtime libraries,
62 daemon, default plugins, and Apache module(s).
65 Summary: Shibboleth Development Headers
66 Group: Development/Libraries/C and C++
67 Requires: %{name} = %{version}-%{release}
68 Obsoletes: shibboleth-devel < %{version}-%{release}
69 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
70 Requires: libXerces-c-devel >= 2.8.0
72 Requires: libxerces-c-devel >= 2.8.0
74 Requires: libxml-security-c-devel >= 1.4.0
75 Requires: libxmltooling-devel >= 1.5
76 Requires: libsaml-devel >= 2.5
77 %{?_with_log4cpp:Requires: liblog4cpp-devel >= 1.0}
78 %{!?_with_log4cpp:Requires: liblog4shib-devel >= 1.0.4}
81 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
82 that supports multiple protocols, federated identity, and the extensible
83 exchange of rich attributes subject to privacy controls.
85 This package includes files needed for development with Shibboleth.
91 %if 0%{?centos_version} >= 600
92 %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{!?_without_memcached:--with-memcached} %{?shib_options}
94 %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{?_with_memcached} %{?shib_options}
96 %{__make} pkgdocdir=%{pkgdocdir}
99 %{__make} install NOKEYGEN=1 DESTDIR=$RPM_BUILD_ROOT pkgdocdir=%{pkgdocdir}
101 %if "%{_vendor}" == "suse"
102 %{__sed} -i "s/\/var\/log\/httpd/\/var\/log\/apache2/g" \
103 $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/native.logger
106 # Plug the SP into the built-in Apache on a recognized system.
109 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_13.so ] ; then
110 APACHE_CONFIG="apache.config"
112 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_20.so ] ; then
113 APACHE_CONFIG="apache2.config"
115 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_22.so ] ; then
116 APACHE_CONFIG="apache22.config"
118 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_24.so ] ; then
119 APACHE_CONFIG="apache24.config"
121 %{?_without_builtinapache:APACHE_CONFIG="no"}
122 if [ "$APACHE_CONFIG" != "no" ] ; then
124 if [ -d %{_sysconfdir}/httpd/conf.d ] ; then
125 APACHE_CONFD="%{_sysconfdir}/httpd/conf.d"
127 if [ -d %{_sysconfdir}/apache2/conf.d ] ; then
128 APACHE_CONFD="%{_sysconfdir}/apache2/conf.d"
130 if [ "$APACHE_CONFD" != "no" ] ; then
131 %{__mkdir} -p $RPM_BUILD_ROOT$APACHE_CONFD
132 %{__cp} -p $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/$APACHE_CONFIG $RPM_BUILD_ROOT$APACHE_CONFD/shib.conf
133 echo "%config(noreplace) $APACHE_CONFD/shib.conf" >> rpm.filelist
137 # Establish location of sysconfig file, if any.
139 %if "%{_vendor}" == "redhat"
140 %{__mkdir} -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
141 echo "%config(noreplace) %{_sysconfdir}/sysconfig/shibd" >> rpm.filelist
142 SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/shibd"
144 %if "%{_vendor}" == "suse"
145 %{__mkdir} -p $RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates
146 echo "%{_localstatedir}/adm/fillup-templates/sysconfig.shibd" >> rpm.filelist
147 SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates/sysconfig.shibd"
149 if [ "$SYSCONFIG_SHIBD" != "no" ] ; then
150 # Populate the sysconfig file.
151 cat > $SYSCONFIG_SHIBD <<EOF
152 # Shibboleth SP init script customization
154 # User account for shibd
155 SHIBD_USER=%{runuser}
157 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
158 cat >> $SYSCONFIG_SHIBD <<EOF
160 # Override OS-supplied libcurl
161 export LD_LIBRARY_PATH=/opt/shibboleth/%{_lib}
163 # Strip existing rpath to libcurl.
164 chrpath -d $RPM_BUILD_ROOT%{_sbindir}/shibd
165 chrpath -d $RPM_BUILD_ROOT%{_bindir}/mdquery
166 chrpath -d $RPM_BUILD_ROOT%{_bindir}/resolvertest
170 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
171 # %{_initddir} not yet in RHEL5, use deprecated %{_initrddir}
172 install -d -m 0755 $RPM_BUILD_ROOT%{_initrddir}
173 install -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/shibd-%{_vendor} $RPM_BUILD_ROOT%{_initrddir}/shibd
174 %if "%{_vendor}" == "suse"
175 install -d -m 0755 $RPM_BUILD_ROOT/%{_sbindir}
176 %{__ln_s} -f %{_initrddir}/shibd $RPM_BUILD_ROOT%{_sbindir}/rcshibd
184 [ "$RPM_BUILD_ROOT" != "/" ] && %{__rm} -rf $RPM_BUILD_ROOT
187 getent group %{runuser} >/dev/null || groupadd -r %{runuser}
188 getent passwd %{runuser} >/dev/null || useradd -r -g %{runuser} \
189 -d %{_localstatedir}/run/shibboleth -s /sbin/nologin -c "Shibboleth SP daemon" %{runuser}
193 %ifnos solaris2.8 solaris2.9 solaris2.10
197 # Key generation or ownership fix
198 cd %{_sysconfdir}/shibboleth
199 if [ -f sp-key.pem ] ; then
200 %{__chown} %{runuser}:%{runuser} sp-key.pem sp-cert.pem 2>/dev/null || :
202 sh ./keygen.sh -b -u %{runuser} -g %{runuser}
205 # Fix ownership of log files (even on new installs, if they're left from an older one).
206 %{__chown} %{runuser}:%{runuser} %{_localstatedir}/log/shibboleth/* 2>/dev/null || :
208 %if "%{_vendor}" == "redhat"
209 if [ "$1" -gt "1" ] ; then
210 # On Red Hat with shib.conf installed, clean up old Alias commands
211 # by pointing them at new version-independent /usr/share/share tree.
212 # Any Aliases we didn't create we assume are custom files.
213 # This is to accomodate making shib.conf a noreplace config file.
214 # We can't do this for SUSE, because they disallow changes to
215 # packaged files in scriplets.
217 if [ -f %{_sysconfdir}/httpd/conf.d/shib.conf ] ; then
218 APACHE_CONF="%{_sysconfdir}/httpd/conf.d/shib.conf"
220 if [ "$APACHE_CONF" != "no" ] ; then
221 %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/main\.css/\/usr\/share\/shibboleth\/main.css/g" \
223 %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/logo\.jpg/\/usr\/share\/shibboleth\/logo.jpg/g" \
228 # This adds the proper /etc/rc*.d links for the script
229 /sbin/chkconfig --add shibd
231 %if "%{_vendor}" == "suse"
232 # This adds the proper /etc/rc*.d links for the script
233 # and populates the sysconfig/shibd file.
235 %{fillup_only -n shibd}
236 %insserv_force_if_yast shibd
240 # On final removal, stop shibd and remove service, restart Apache if running.
241 %if "%{_vendor}" == "redhat"
242 if [ "$1" -eq 0 ] ; then
243 /sbin/service shibd stop >/dev/null 2>&1
244 /sbin/chkconfig --del shibd
245 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
248 %if "%{_vendor}" == "suse"
249 %stop_on_removal shibd
250 if [ "$1" -eq 0 ] ; then
251 %{!?_without_builtinapache:/etc/init.d/apache2 status 1>/dev/null && /etc/init.d/apache2 restart 1>/dev/null}
257 %ifnos solaris2.8 solaris2.9 solaris2.10
260 %if "%{_vendor}" == "redhat"
261 # On upgrade, restart components if they're already running.
262 if [ "$1" -ge "1" ] ; then
263 /etc/init.d/shibd status 1>/dev/null && /etc/init.d/shibd restart 1>/dev/null
264 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
268 %if "%{_vendor}" == "suse"
270 %restart_on_update shibd
271 %{!?_without_builtinapache:%restart_on_update apache2}
276 # ugly hack if init script got removed during %postun by upgraded (buggy/2.1) package
277 %if "%{_vendor}" == "redhat"
278 if [ ! -f %{_initrddir}/shibd ] ; then
279 if [ -f %{_sysconfdir}/shibboleth/shibd-%{_vendor} ] ; then
280 %{__cp} -p %{_sysconfdir}/shibboleth/shibd-%{_vendor} %{_initrddir}/shibd
281 %{__chmod} 755 %{_initrddir}/shibd
282 /sbin/chkconfig --add shibd
287 %files -f rpm.filelist
288 %defattr(-,root,root,-)
291 %{_bindir}/resolvertest
292 %{_libdir}/libshibsp.so.*
293 %{_libdir}/libshibsp-lite.so.*
294 %dir %{_libdir}/shibboleth
295 %{_libdir}/shibboleth/*
296 %attr(0750,%{runuser},%{runuser}) %dir %{_localstatedir}/log/shibboleth
297 %attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/run/shibboleth
298 %attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/cache/shibboleth
299 %dir %{_datadir}/xml/shibboleth
300 %{_datadir}/xml/shibboleth/*
301 %dir %{_datadir}/shibboleth
302 %{_datadir}/shibboleth/*
303 %dir %{_sysconfdir}/shibboleth
304 %config(noreplace) %{_sysconfdir}/shibboleth/*.xml
305 %config(noreplace) %{_sysconfdir}/shibboleth/*.html
306 %config(noreplace) %{_sysconfdir}/shibboleth/*.logger
307 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
308 %config %{_initrddir}/shibd
310 %if "%{_vendor}" == "suse"
313 %{_sysconfdir}/shibboleth/*.dist
314 %{_sysconfdir}/shibboleth/apache*.config
315 %{_sysconfdir}/shibboleth/shibd-*
316 %attr(0755,root,root) %{_sysconfdir}/shibboleth/keygen.sh
317 %attr(0755,root,root) %{_sysconfdir}/shibboleth/metagen.sh
318 %{_sysconfdir}/shibboleth/*.xsl
320 %exclude %{pkgdocdir}/api
323 %defattr(-,root,root,-)
325 %{_libdir}/libshibsp.so
326 %{_libdir}/libshibsp-lite.so
327 %doc %{pkgdocdir}/api
330 * Thu Mar 1 2012 Scott Cantor <cantor.2@osu.edu> - 2.5-1
331 - Move logo and stylesheet to version-independent tree
332 - Make shib.conf noreplace
333 - Post-fixup of Alias commands in older shib.conf
334 - Changes to run shibd as non-root shibboleth user
335 - Move init customizations to /etc/sysconfig/shibd
336 - Copy shibd restart for Red Hat to postun
337 - Add boost-devel dependency
338 - Build memcache plugin on RH6
339 - Add cachedir to install
340 - Add Apache 2.4 to install
342 * Sun Jun 26 2011 Scott Cantor <cantor.2@osu.edu> - 2.4.3-1
343 - Log files shouldn't be world readable.
344 - Explicit requirement for libcurl-openssl on RHEL6
345 - Uncomment LD_LIBRARY_PATH in init script for RHEL6
346 - Remove rpath from binaries for RHEL6
348 * Fri Dec 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.4-1
349 - Update dependencies.
351 * Mon Nov 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.3.1-1
352 - Reset revision for 2.3.1 release
354 * Wed Aug 19 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-2
355 - SuSE init script changes
356 - Restart Apache on removal, not just upgrade
357 - Fix scriptlet exit values when Apache is stopped
359 * Mon Aug 10 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
360 - Doc handling changes
363 * Tue Aug 4 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
364 - Initial version for 2.2.1, with shibd/httpd restart on upgrade
366 * Thu Jun 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-3
367 - Add additional cleanup to posttrans fix
369 * Tue Jun 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-2
370 - Reverse without_builtinapache macro test
371 - Fix init script handling on Red Hat to handle upgrades
373 * Wed Dec 3 2008 Scott Cantor <cantor.2@osu.edu> - 2.2-1
374 - Bump minor version.
375 - Make keygen.sh executable.
376 - Fixing SUSE Xerces dependency name.
377 - Optionally package shib.conf.
379 * Tue Jun 10 2008 Scott Cantor <cantor.2@osu.edu> - 2.1-1
380 - Change shib.conf handling to treat as config file.
382 * Mon Mar 17 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-6
385 * Fri Jan 18 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-5
386 - Release candidate 1.
388 * Sun Oct 21 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-4
389 - libexec -> lib/shibboleth changes
390 - Added doc subpackage
392 * Thu Aug 16 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-3
395 * Fri Jul 13 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-2
396 - Second alpha release.
398 * Sun Jun 10 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-1
399 - First alpha release.
401 * Mon Oct 2 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-11
402 - Applied fix for secadv 20061002
403 - Fix for metadata loader loop
405 * Wed Jun 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-10
406 - Applied fix for sec 20060615
408 * Fri Apr 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-9
409 - Misc. patches, SuSE, Apache 2.2, gcc 4.1, and 64-bit support
411 * Mon Jan 9 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-8
412 - Applied new fix for secadv 20060109
414 * Tue Nov 8 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-7
415 - Applied new fix for secadv 20050901 plus rollup
417 * Fri Sep 23 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-6
418 - Minor patches and default config changes
420 - Fix shib.conf creation
421 - Integrated init.d script
422 - Prevent replacement of config files
424 * Thu Sep 1 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-5
425 - Applied fix for secadv 20050901 plus rollup of NSAPI fixes
427 * Sun Apr 24 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-1
428 - Updated test programs and location of schemas.
429 - move siterefresh to to sbindir
431 * Fri Apr 1 2005 Derek Atkins <derek@ihtfp.com> - 1.3-1
432 - Add selinux-targeted-policy package
433 - move shar to sbindir
435 * Tue Oct 19 2004 Derek Atkins <derek@ihtfp.com> - 1.2-1
436 - Create SPEC file based on various versions in existence.