-Name: @PACKAGE_NAME@
+Name: shibboleth-sp
Version: @PACKAGE_VERSION@
Release: 1
Summary: Open source system for attribute-based Web SSO
Vendor: Internet2
License: Apache 2.0
URL: http://shibboleth.internet2.edu/
-Source: %{name}-sp-%{version}.tar.gz
+Source: %{name}-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-root
+Obsoletes: @PACKAGE_NAME@ < %{version}-%{release}
Requires: openssl
PreReq: xmltooling-schemas, opensaml-schemas
%if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
-PreReq: %{insserv_prereq}
+PreReq: %{insserv_prereq} %{fillup_prereq}
BuildRequires: libXerces-c-devel >= 2.8.0
%else
BuildRequires: libxerces-c-devel >= 2.8.0
Requires: libcurl-openssl >= 7.21.7
BuildRequires: chrpath
%endif
-BuildRequires: gcc-c++, zlib-devel
+BuildRequires: gcc-c++, zlib-devel, boost-devel >= 1.32.0
%{!?_without_doxygen:BuildRequires: doxygen}
%{!?_without_odbc:BuildRequires:unixODBC-devel}
%{?_with_fastcgi:BuildRequires: fcgi-devel}
+%if 0%{?centos_version} >= 600
+BuildRequires: libmemcached-devel
+%endif
+%{?_with_memcached:BuildRequires: libmemcached-devel}
%if "%{_vendor}" == "redhat"
%{!?_without_builtinapache:BuildRequires: httpd-devel}
BuildRequires: redhat-rpm-config
Requires(pre): shadow-utils
+Requires(post): chkconfig
+Requires(preun): chkconfig, initscripts
%endif
%if "%{_vendor}" == "suse"
Requires(pre): pwdutils
%{!?_without_builtinapache:BuildRequires: apache2-devel}
%endif
-%define runuser shibboleth
+%define runuser shibd
%if "%{_vendor}" == "suse"
%define pkgdocdir %{_docdir}/%{name}
%else
%setup -q
%build
-%configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{?_with_memcached} %{?shib_options}
+%if 0%{?centos_version} >= 600
+ %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{!?_without_memcached:--with-memcached} %{?shib_options}
+%else
+ %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{?_with_memcached} %{?shib_options}
+%endif
%{__make} pkgdocdir=%{pkgdocdir}
%install
$RPM_BUILD_ROOT%{_sysconfdir}/%{name}/native.logger
%endif
-%if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
- %{__sed} -i "s/#_RHEL6_//g" \
- $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/shibd-redhat
- %{__sed} -i "s/\/opt\/shibboleth\/lib/\/opt\/shibboleth\/%{_lib}/g" \
- $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/shibd-redhat
- chrpath -d $RPM_BUILD_ROOT%{_sbindir}/shibd
- chrpath -d $RPM_BUILD_ROOT%{_bindir}/mdquery
- chrpath -d $RPM_BUILD_ROOT%{_bindir}/resolvertest
-%endif
-
# Plug the SP into the built-in Apache on a recognized system.
touch rpm.filelist
APACHE_CONFIG="no"
if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_22.so ] ; then
APACHE_CONFIG="apache22.config"
fi
+if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_24.so ] ; then
+ APACHE_CONFIG="apache24.config"
+fi
%{?_without_builtinapache:APACHE_CONFIG="no"}
if [ "$APACHE_CONFIG" != "no" ] ; then
APACHE_CONFD="no"
if [ "$APACHE_CONFD" != "no" ] ; then
%{__mkdir} -p $RPM_BUILD_ROOT$APACHE_CONFD
%{__cp} -p $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/$APACHE_CONFIG $RPM_BUILD_ROOT$APACHE_CONFD/shib.conf
- echo "%config(noreplace) $APACHE_CONFD/shib.conf" > rpm.filelist
+ echo "%config(noreplace) $APACHE_CONFD/shib.conf" >> rpm.filelist
fi
fi
+# Establish location of sysconfig file, if any.
+SYSCONFIG_SHIBD="no"
+%if "%{_vendor}" == "redhat"
+ %{__mkdir} -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
+ echo "%config(noreplace) %{_sysconfdir}/sysconfig/shibd" >> rpm.filelist
+ SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/shibd"
+%endif
+%if "%{_vendor}" == "suse"
+ %{__mkdir} -p $RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates
+ echo "%{_localstatedir}/adm/fillup-templates/sysconfig.shibd" >> rpm.filelist
+ SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates/sysconfig.shibd"
+%endif
+if [ "$SYSCONFIG_SHIBD" != "no" ] ; then
+ # Populate the sysconfig file.
+ cat > $SYSCONFIG_SHIBD <<EOF
+# Shibboleth SP init script customization
+
+# User account for shibd
+SHIBD_USER=%{runuser}
+EOF
+ %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
+ cat >> $SYSCONFIG_SHIBD <<EOF
+
+# Override OS-supplied libcurl
+export LD_LIBRARY_PATH=/opt/shibboleth/%{_lib}
+EOF
+ # Strip existing rpath to libcurl.
+ chrpath -d $RPM_BUILD_ROOT%{_sbindir}/shibd
+ chrpath -d $RPM_BUILD_ROOT%{_bindir}/mdquery
+ chrpath -d $RPM_BUILD_ROOT%{_bindir}/resolvertest
+ %endif
+fi
+
%if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
- %{__sed} -i "s/SHIBD_USER=root/SHIBD_USER=%{runuser}/g" \
- $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/shibd-%{_vendor}
# %{_initddir} not yet in RHEL5, use deprecated %{_initrddir}
install -d -m 0755 $RPM_BUILD_ROOT%{_initrddir}
install -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/shibd-%{_vendor} $RPM_BUILD_ROOT%{_initrddir}/shibd
/sbin/ldconfig
%endif
-# Key generation
+# Key generation or ownership fix
cd %{_sysconfdir}/%{name}
-sh ./keygen.sh -b -u %{runuser} -g %{runuser}
+if [ -f sp-key.pem ] ; then
+ %{__chown} %{runuser}:%{runuser} sp-key.pem sp-cert.pem 2>/dev/null || :
+else
+ sh ./keygen.sh -b -u %{runuser} -g %{runuser}
+fi
+
+# Fix ownership of log files (even on new installs, if they're left from an older one).
+%{__chown} %{runuser}:%{runuser} %{_localstatedir}/log/%{name}/* 2>/dev/null || :
%if "%{_vendor}" == "redhat"
if [ "$1" -gt "1" ] ; then
# This adds the proper /etc/rc*.d links for the script
/sbin/chkconfig --add shibd
+
# On upgrade, restart components if they're already running.
+ # This gets repeated now down in %postun, and the next release
+ # should remove this copy. If we yank it now, we'll break upgrades.
if [ "$1" -gt "1" ] ; then
/etc/init.d/shibd status 1>/dev/null && /etc/init.d/shibd restart 1>/dev/null
%{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
%endif
%if "%{_vendor}" == "suse"
# This adds the proper /etc/rc*.d links for the script
+ # and populates the sysconfig/shibd file.
cd /
+ %{fillup_only -n shibd}
%insserv_force_if_yast shibd
%endif
%preun
+# On final removal, stop shibd and remove service, restart Apache if running.
%if "%{_vendor}" == "redhat"
- if [ "$1" = 0 ] ; then
+ if [ "$1" -eq 0 ] ; then
/sbin/service shibd stop >/dev/null 2>&1
/sbin/chkconfig --del shibd
%{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
%endif
%if "%{_vendor}" == "suse"
%stop_on_removal shibd
- if [ "$1" = 0 ] ; then
+ if [ "$1" -eq 0 ] ; then
%{!?_without_builtinapache:/etc/init.d/apache2 status 1>/dev/null && /etc/init.d/apache2 restart 1>/dev/null}
fi
%endif
%ifnos solaris2.8 solaris2.9 solaris2.10
/sbin/ldconfig
%endif
+%if "%{_vendor}" == "redhat"
+ # On upgrade, restart components if they're already running.
+ if [ "$1" -ge "1" ] ; then
+ /etc/init.d/shibd status 1>/dev/null && /etc/init.d/shibd restart 1>/dev/null
+ %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
+ exit 0
+ fi
+%endif
%if "%{_vendor}" == "suse"
-cd /
-%restart_on_update shibd
-%{!?_without_builtinapache:%restart_on_update apache2}
-%{insserv_cleanup}
+ cd /
+ %restart_on_update shibd
+ %{!?_without_builtinapache:%restart_on_update apache2}
+ %{insserv_cleanup}
%endif
%posttrans
%exclude %{_libdir}/%{name}/*.la
%attr(0750,%{runuser},%{runuser}) %dir %{_localstatedir}/log/%{name}
%attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/run/%{name}
+%attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/cache/%{name}
%dir %{_datadir}/xml/%{name}
%{_datadir}/xml/%{name}/*
%dir %{_datadir}/%{name}
%doc %{pkgdocdir}/api
%changelog
-* Tue Aug 9 2011 Scott Cantor <cantor.2@osu.edu> - 2.5-1
+* Thu Mar 1 2012 Scott Cantor <cantor.2@osu.edu> - 2.5-1
- Move logo and stylesheet to version-independent tree
- Make shib.conf noreplace
- Post-fixup of Alias commands in older shib.conf
-- Run shibd as non-root
+- Changes to run shibd as non-root shibboleth user
+- Move init customizations to /etc/sysconfig/shibd
+- Copy shibd restart for Red Hat to postun
+- Add boost-devel dependency
+- Build memcache plugin on RH6
+- Add cachedir to install
+- Add Apache 2.4 to install
* Sun Jun 26 2011 Scott Cantor <cantor.2@osu.edu> - 2.4.3-1
- Log files shouldn't be world readable.
projects / shibboleth / sp.git / blobdiff