Name: shibboleth
Summary: Open source system to enable inter-institutional resource sharing
Version: @-VERSION-@
-Release: 1
-Copyright: University Corporation for Advanced Internet Development, Inc.
+Release: 2
+#Copyright: Internet2
Group: System Environment/Libraries
License: Apache style
URL: http://shibboleth.internet2.edu/
-Source0: http://wayf.internet2.edu/shibboleth/%{name}-%{version}.tar.gz
-Source1: http://wayf.internet2.edu/shibboleth/%{name}-%{version}.tar.gz.asc
+Source0: http://shibboleth.internet2.edu/downloads/%{name}-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-root
-BuildRequires: openssl-devel, curl-devel >= 7.10.6, xerces-c-devel >= 2.6.1
-BuildRequires: xml-security-c-devel >= 1.1.0, log4cpp-devel >= 0.3.5
-BuildRequires: zlib-devel, opensaml-devel, httpd-devel
-%{?_with_mysql:BuildRequires: mysql-devel >= 4}
+BuildRequires: openssl-devel, curl-devel >= 7.10.6
+BuildRequires: xerces%{?xercesver}-c-devel >= 2.6.1, xml-security-c-devel >= 1.3.1
+BuildRequires: zlib-devel, opensaml-devel >= 2.0
+%if %{?_with_log4cpp:1}
+BuildRequires: log4cpp-devel >= 0.3.5
+%else
+BuildRequires: log4shib-devel
+%endif
+%{!?_without_odbc:BuildRequires: unixODBC-devel}
+%if "%{_vendor}" == "redhat"
+%{!?_without_builtinapache:BuildRequires: httpd-devel}
+%endif
+%if "%{_vendor}" == "suse"
+%{!?_without_builtinapache:BuildRequires: apache2-devel}
+%endif
+
%description
Shibboleth, a project of Internet2/MACE, is developing architectures,
This package contains the headers and other necessary files to build
applications that use the shibboleth library.
+%package selinux-policy-targeted
+Summary: SELinux policy targeted configuration for Shibboleth SP
+Group: System Environment/Base
+Requires: selinux-policy-targeted-sources
+
+%description selinux-policy-targeted
+Shibboleth, a project of Internet2/MACE, is developing architectures,
+policy structures, practical technologies, and an open source
+implementation to support inter-institutional sharing of web resources
+subject to access controls. In addition, Shibboleth will develop a
+policy framework that will allow inter-operation within the higher
+education community.
+
+This package contains the SELinux Policy (source) Configuration to
+enable the Shibboleth SP to integrate into Apache HTTPD in Red Hat /
+Fedora's Policy Targeted SELinux implementation. It requires
+rebuilding your policy, so you must have the policy-targeted-source
+installed.
+
%prep
%setup -q
%build
-%configure --enable-apache20 %{?_with_mysql:--enable-mysql} \
- %{!?_with_mysql:--disable-mysql}
+%configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?shib_options}
make
+#make -C selinux
%install
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
rm -rf _docs
-
make install DESTDIR=$RPM_BUILD_ROOT
-mv $RPM_BUILD_ROOT/doc/shibboleth _docs
+make -C selinux install DESTDIR=$RPM_BUILD_ROOT
+mv $RPM_BUILD_ROOT/usr/doc/%{name} _docs
+
+%if "%{_vendor}" == "suse"
+ sed -i "s/\/var\/log\/httpd/\/var\/log\/apache2/g" \
+ $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/native.logger
+%endif
+
+find $RPM_BUILD_ROOT/%{_libexecdir} -type f -or -type l | grep \.so |
+ sed -e "s|$RPM_BUILD_ROOT||" | sort > rpm.filelist
%check || :
make check
%post
/sbin/ldconfig
+# Plug the SP into Apache on a recognized system.
+APACHE_CONFIG="no"
+if [ -f $RPM_BUILD_ROOT/%{_libexecdir}/mod_shib_13.so ] ; then
+ APACHE_CONFIG="apache.config"
+fi
+if [ -f $RPM_BUILD_ROOT/%{_libexecdir}/mod_shib_20.so ] ; then
+ APACHE_CONFIG="apache2.config"
+fi
+if [ -f $RPM_BUILD_ROOT/%{_libexecdir}/mod_shib_22.so ] ; then
+ APACHE_CONFIG="apache22.config"
+fi
+if [ "$APACHE_CONFIG" != "no" ] ; then
+ APACHE_CONFD="no"
+ if [ -d %{_sysconfdir}/httpd/conf.d ] ; then
+ APACHE_CONFD="%{_sysconfdir}/httpd/conf.d"
+ fi
+ if [ -d %{_sysconfdir}/apache2/conf.d ] ; then
+ APACHE_CONFD="%{_sysconfdir}/apache2/conf.d"
+ fi
+ if [ "$APACHE_CONFD" != "no" ] ; then
+ if [ ! -f $APACHE_CONFD/shib.conf ] ; then
+%if "%{_vendor}" == "suse"
+ sed "s/\/usr\/doc\/%{name}/\/usr\/share\/doc\/packages\/%{name}/g" \
+ %{_sysconfdir}/%{name}/$APACHE_CONFIG \
+ > $APACHE_CONFD/shib.conf
+%else
+ sed "s/\/usr\/doc\/%{name}/\/usr\/share\/doc\/%{name}-@-VERSION-@/g" \
+ %{_sysconfdir}/%{name}/$APACHE_CONFIG \
+ > $APACHE_CONFD/shib.conf
+%endif
+ fi
+ fi
+fi
+
+# Install the shibd init.d scripts and service
+%if "%{_vendor}" == "redhat"
+ if [ -d %{_sysconfdir}/init.d ] ; then
+ if [ ! -f %{_sysconfdir}/init.d/shibd ] ; then
+ cp -p %{_sysconfdir}/%{name}/shibd-%{_vendor} %{_sysconfdir}/init.d/shibd
+ chmod 755 %{_sysconfdir}/init.d/shibd
+ chkconfig --add shibd
+ fi
+ fi
+%endif
+
%postun
/sbin/ldconfig
-%files
+# delete the Apache configuration if we're being removed
+[ "$1" = 0 ] || exit 0
+[ -f %{_sysconfdir}/httpd/conf.d/shib.conf ] && \
+ rm -f %{_sysconfdir}/httpd/conf.d/shib.conf
+[ -f %{_sysconfdir}/apache2/conf.d/shib.conf ] && \
+ rm -f %{_sysconfdir}/apache2/conf.d/shib.conf
+
+# clear init.d state
+%if "%{_vendor}" == "redhat"
+ chkconfig --del shibd
+ [ -f %{_sysconfdir}/init.d/shibd ] && \
+ rm -f %{_sysconfdir}/init.d/shibd
+%endif
+
+%triggerin selinux-policy-targeted -- %{name}
+restorecon %{_sbindir}/shibd
+
+%triggerin selinux-policy-targeted -- selinux-policy-targeted-sources
+cd %{_sysconfdir}/selinux/targeted/src/policy || exit 1
+make -W install
+make load
+restorecon %{_sbindir}/shibd
+
+%files -f rpm.filelist
%defattr(-,root,root,-)
-%doc _docs/LICENSE.txt _docs/NEWS.txt _docs/README.txt _docs/TODO.txt
-%{_bindir}/shar
-%{_bindir}/site-refresh
-%exclude %{_bindir}/shibtest
-%exclude %{_bindir}/signtest
-%exclude %{_bindir}/test-client
-%{_libdir}/libshib.so.*
-%{_libexecdir}/mod_shib_20.so
-%{_libexecdir}/xmlproviders.so
-%{_datadir}/shibboleth/*.xsd
-%config %{_datadir}/shibboleth/*.xml
-%{?_with_mysql:%{_libexecdir}/shib-mysql-ccache.so}
+%doc _docs/CREDITS.txt _docs/LICENSE.txt _docs/NOTICE.txt _docs/README.txt _docs/RELEASE.txt
+%doc _docs/logo.jpg _docs/main.css
+%{_sbindir}/shibd
+%{_sbindir}/siterefresh
+%{_bindir}/samlquery
+%{_libdir}/libshibsp.so.*
+%{_libdir}/libshibsp-lite.so.*
+%dir %{_localstatedir}/log/%{name}
+%dir %{_datadir}/xml/%{name}
+%{_datadir}/xml/%{name}
+%dir %{_sysconfdir}/%{name}
+%config(noreplace) %{_sysconfdir}/%{name}/*.xml
+%config(noreplace) %{_sysconfdir}/%{name}/*.html
+%config(noreplace) %{_sysconfdir}/%{name}/*.logger
+%config %{_sysconfdir}/%{name}/sp-example.crt
+%config %{_sysconfdir}/%{name}/sp-example.key
+%{_sysconfdir}/%{name}/*.dist
+%{_sysconfdir}/%{name}/apache*.config
+%{_sysconfdir}/%{name}/shibd
+%exclude %{_libexecdir}/*.la
%files devel
%defattr(-,root,root,-)
%{_includedir}
-%{_libdir}/libshib.so
+%{_libdir}/libshibsp.so
+%{_libdir}/libshibsp-lite.so
+
+%files selinux-policy-targeted
+%defattr(-,root,root,-)
+%{_sysconfdir}/selinux/targeted/src/policy/file_contexts/program/*.fc
+%{_sysconfdir}/selinux/targeted/src/policy/domains/program/*.te
%changelog
+* Fri Jul 13 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-2
+- Second alpha release
+
+* Sun Jun 10 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-1
+- First alpha release
+
+* Mon Oct 2 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-11
+- Applied fix for secadv 20061002
+- Fix for metadata loader loop
+
+* Wed Jun 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-10
+- Applied fix for sec 20060615
+
+* Fri Apr 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-9
+- Misc. patches, SuSE, Apache 2.2, gcc 4.1, and 64-bit support
+
+* Mon Jan 9 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-8
+- Applied new fix for secadv 20060109
+
+* Tue Nov 8 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-7
+- Applied new fix for secadv 20050901 plus rollup
+
+* Fri Sep 23 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-6
+- Minor patches and default config changes
+- pidfile patch
+- Fix shib.conf creation
+- Integrated init.d script
+- Prevent replacement of config files
+
+* Thu Sep 1 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-5
+- Applied fix for secadv 20050901 plus rollup of NSAPI fixes
+
+* Sun Apr 24 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-1
+- Updated test programs and location of schemas.
+- move siterefresh to to sbindir
+
+* Fri Apr 1 2005 Derek Atkins <derek@ihtfp.com> - 1.3-1
+- Add selinux-targeted-policy package
+- move shar to sbindir
+
* Tue Oct 19 2004 Derek Atkins <derek@ihtfp.com> - 1.2-1
- Create SPEC file based on various versions in existence.