Name: shibboleth
-Summary: Open source system to enable inter-institutional resource sharing
-Version: @-VERSION-@
-Release: 6
-#Copyright: University Corporation for Advanced Internet Development, Inc.
-Group: System Environment/Libraries
-License: Apache style
-URL: http://shibboleth.internet2.edu/
-Source0: http://wayf.internet2.edu/shibboleth/%{name}-%{version}.tar.gz
-Source1: http://wayf.internet2.edu/shibboleth/%{name}-%{version}.tar.gz.asc
-BuildRoot: %{_tmppath}/%{name}-%{version}-root
-
-BuildRequires: openssl-devel, curl-devel >= 7.10.6, xerces-c-devel >= 2.6.1
-BuildRequires: xml-security-c-devel >= 1.1.0, log4cpp-devel >= 0.3.5
-BuildRequires: zlib-devel, opensaml-devel >= 1.1, httpd-devel
+Version: @PACKAGE_VERSION@
+Release: 1
+Summary: Open source system for attribute-based Web SSO
+Group: Productivity/Networking/Security
+Vendor: Shibboleth Consortium
+License: Apache 2.0
+URL: http://shibboleth.net/
+Source: %{name}-sp-%{version}.tar.bz2
+BuildRoot: %{_tmppath}/%{name}-sp-%{version}-root
+Obsoletes: shibboleth-sp = 2.5.0
+Requires: openssl
+%if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1
+PreReq: xmltooling-schemas%{?_isa} >= 1.5.0, opensaml-schemas%{?_isa} >= 2.5.0
+%else
+PreReq: xmltooling-schemas >= 1.5.0, opensaml-schemas >= 2.5.0
+%endif
+%if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
+PreReq: %{insserv_prereq} %{fillup_prereq}
+BuildRequires: libxerces-c-devel >= 3.1
+%else
+%if 0%{?rhel} >= 7 || 0%{?centos_version} >= 700
+BuildRequires: systemd
+BuildRequires: xerces-c-devel >= 3.1
+%else
+BuildRequires: libxerces-c-devel >= 3.1
+%endif
+%endif
+BuildRequires: libxml-security-c-devel >= 1.4.0
+BuildRequires: libxmltooling-devel >= 1.5.0
+BuildRequires: libsaml-devel >= 2.5.0
+%{?_with_log4cpp:BuildRequires: liblog4cpp-devel >= 1.0}
+%{!?_with_log4cpp:BuildRequires: liblog4shib-devel >= 1.0.4}
+%if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1
+Requires: libcurl-openssl%{?_isa} >= 7.21.7
+BuildRequires: chrpath
+%endif
+%if 0%{?suse_version} > 1300
+BuildRequires: libtool
+%endif
+BuildRequires: gcc-c++, zlib-devel, boost-devel >= 1.32.0
+%{!?_without_gssapi:BuildRequires: krb5-devel}
+%{!?_without_doxygen:BuildRequires: doxygen}
+%{!?_without_odbc:BuildRequires:unixODBC-devel}
+%{?_with_fastcgi:BuildRequires: fcgi-devel}
+%if 0%{?centos_version} >= 600
+BuildRequires: libmemcached-devel
+%endif
+%{?_with_memcached:BuildRequires: libmemcached-devel}
+%if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon"
+%if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1
+%{!?_without_builtinapache:BuildRequires: httpd-devel%{?_isa}}
+%else
+%{!?_without_builtinapache:BuildRequires: httpd-devel}
+%endif
+BuildRequires: redhat-rpm-config
+Requires(pre): shadow-utils
+Requires(post): chkconfig
+Requires(preun): chkconfig, initscripts
+%endif
+%if "%{_vendor}" == "suse"
+Requires(pre): pwdutils
+%{!?_without_builtinapache:BuildRequires: apache2-devel}
+%if 0%{?suse_version} >= 1210
+Requires: %{?systemd_requires}
+BuildRequires: systemd-rpm-macros
+%endif
+%endif
+
+%define runuser shibd
+%if "%{_vendor}" == "suse"
+%define pkgdocdir %{_docdir}/shibboleth
+%else
+%define pkgdocdir %{_docdir}/shibboleth-%{version}
+%endif
%description
-Shibboleth, a project of Internet2/MACE, is developing architectures,
-policy structures, practical technologies, and an open source
-implementation to support inter-institutional sharing of web resources
-subject to access controls. In addition, Shibboleth will develop a
-policy framework that will allow inter-operation within the higher
-education community.
+Shibboleth is a Web Single Sign-On implementations based on OpenSAML
+that supports multiple protocols, federated identity, and the extensible
+exchange of rich attributes subject to privacy controls.
-This package contains the shibboleth runtime library and apache module.
+This package contains the Shibboleth Service Provider runtime libraries,
+daemon, default plugins, and Apache module(s).
%package devel
-Summary: Shibboleth development Headers
-Group: Development/Libraries
-Requires: %{name} = %{version}
+Summary: Shibboleth Development Headers
+Group: Development/Libraries/C and C++
+Requires: %{name} = %{version}-%{release}
+Obsoletes: shibboleth-sp-devel = 2.5.0
+%if 0%{?rhel} >= 7 || 0%{?centos_version} >= 700
+Requires: xerces-c-devel >= 3.1
+%else
+Requires: libxerces-c-devel >= 3.1
+%endif
+Requires: libxml-security-c-devel >= 1.4.0
+Requires: libxmltooling-devel >= 1.5.0
+Requires: libsaml-devel >= 2.5.0
+%{?_with_log4cpp:Requires: liblog4cpp-devel >= 1.0}
+%{!?_with_log4cpp:Requires: liblog4shib-devel >= 1.0.4}
%description devel
-Shibboleth, a project of Internet2/MACE, is developing architectures,
-policy structures, practical technologies, and an open source
-implementation to support inter-institutional sharing of web resources
-subject to access controls. In addition, Shibboleth will develop a
-policy framework that will allow inter-operation within the higher
-education community.
-
-This package contains the headers and other necessary files to build
-applications that use the shibboleth library.
-
-%package selinux-policy-targeted
-Summary: SELinux policy targeted configuration for Shibboleth SP
-Group: System Environment/Base
-Requires: selinux-policy-targeted-sources
-
-%description selinux-policy-targeted
-Shibboleth, a project of Internet2/MACE, is developing architectures,
-policy structures, practical technologies, and an open source
-implementation to support inter-institutional sharing of web resources
-subject to access controls. In addition, Shibboleth will develop a
-policy framework that will allow inter-operation within the higher
-education community.
-
-This package contains the SELinux Policy (source) Configuration to
-enable the Shibboleth SP to integrate into Apache HTTPD in Red Hat /
-Fedora's Policy Targeted SELinux implementation. It requires
-rebuilding your policy, so you must have the policy-targeted-source
-installed.
+Shibboleth is a Web Single Sign-On implementations based on OpenSAML
+that supports multiple protocols, federated identity, and the extensible
+exchange of rich attributes subject to privacy controls.
+
+This package includes files needed for development with Shibboleth.
%prep
-%setup -q
+%setup -n %{name}-sp-%{version}
%build
-%configure --enable-apache-20
-make
-make -C selinux
+%if 0%{?suse_version} >= 1210
+ %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{!?_without_gssapi:--with-gssapi} %{!?_without_systemd:--enable-systemd} %{?shib_options}
+%else
+%if 0%{?rhel} >= 7 || 0%{?centos_version} >= 700
+ %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{!?_without_gssapi:--with-gssapi} %{!?_without_memcached:--with-memcached} %{!?_without_systemd:--enable-systemd} %{?shib_options}
+%else
+%if 0%{?centos_version} >= 600
+ %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{!?_without_gssapi:--with-gssapi} %{!?_without_memcached:--with-memcached} %{?shib_options}
+%else
+ %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{!?_without_gssapi:--with-gssapi} %{?_with_memcached} %{?shib_options}
+%endif
+%endif
+%endif
+%{__make} pkgdocdir=%{pkgdocdir}
%install
-[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
-rm -rf _docs
+%{__make} install NOKEYGEN=1 DESTDIR=$RPM_BUILD_ROOT pkgdocdir=%{pkgdocdir}
+
+%if "%{_vendor}" == "suse"
+ %{__sed} -i "s/\/var\/log\/httpd/\/var\/log\/apache2/g" \
+ $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/native.logger
+%endif
+
+# Plug the SP into the built-in Apache on a recognized system.
+touch rpm.filelist
+APACHE_CONFIG="no"
+if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_13.so ] ; then
+ APACHE_CONFIG="apache.config"
+fi
+if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_20.so ] ; then
+ APACHE_CONFIG="apache2.config"
+fi
+if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_22.so ] ; then
+ APACHE_CONFIG="apache22.config"
+fi
+if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_24.so ] ; then
+ APACHE_CONFIG="apache24.config"
+fi
+%{?_without_builtinapache:APACHE_CONFIG="no"}
+if [ "$APACHE_CONFIG" != "no" ] ; then
+ APACHE_CONFD="no"
+ if [ -d %{_sysconfdir}/httpd/conf.d ] ; then
+ APACHE_CONFD="%{_sysconfdir}/httpd/conf.d"
+ fi
+ if [ -d %{_sysconfdir}/apache2/conf.d ] ; then
+ APACHE_CONFD="%{_sysconfdir}/apache2/conf.d"
+ fi
+ if [ "$APACHE_CONFD" != "no" ] ; then
+ %{__mkdir} -p $RPM_BUILD_ROOT$APACHE_CONFD
+ %{__cp} -p $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/$APACHE_CONFIG $RPM_BUILD_ROOT$APACHE_CONFD/shib.conf
+ echo "%config(noreplace) $APACHE_CONFD/shib.conf" >> rpm.filelist
+ fi
+fi
-make install DESTDIR=$RPM_BUILD_ROOT
-make -C selinux install DESTDIR=$RPM_BUILD_ROOT
-mv $RPM_BUILD_ROOT/usr/doc/shibboleth _docs
+# Establish location of systemd file, if any.
+SYSTEMD_SHIBD="no"
+%if 0%{?suse_version} >= 1210 || 0%{?rhel} >= 7 || 0%{?centos_version} >= 700
+ %{__mkdir} -p $RPM_BUILD_ROOT%{_unitdir}
+ echo "%attr(0444,-,-) %{_unitdir}/shibd.service >> rpm.filelist
+ SYSTEMD_SHIBD="$RPM_BUILD_ROOT%{_unitdir}/shibd.service"
+%endif
+
+# Otherwise, establish location of sysconfig file, if any.
+SYSCONFIG_SHIBD="no"
+if [ "$SYSTEMD_SHIBD" == "no" ] ; then
+%if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon"
+ %{__mkdir} -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
+ echo "%config(noreplace) %{_sysconfdir}/sysconfig/shibd" >> rpm.filelist
+ SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/shibd"
+%endif
+%if "%{_vendor}" == "suse"
+ %{__mkdir} -p $RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates
+ echo "%{_localstatedir}/adm/fillup-templates/sysconfig.shibd" >> rpm.filelist
+ SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates/sysconfig.shibd"
+%endif
+fi
-find $RPM_BUILD_ROOT/%{_libexecdir} -type f -or -type l | grep \.so |
- sed -e "s|$RPM_BUILD_ROOT||" | sort > rpm.filelist
+if [ "$SYSTEMD_SHIBD" != "no" ] ; then
+ # Populate the systemd file
+ cat > $SYSTEMD_SHIBD <<EOF
+[Unit]
+Description=Shibboleth Service Provider Daemon
+After=network.target
+Before=httpd.service
+
+[Service]
+Type=notify
+NotifyAccess=main
+User=%{runuser}
+%if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1
+Environment=LD_LIBRARY_PATH=/opt/shibboleth/%{_lib}
+%endif
+ExecStart=%{_sbindir}/shibd -f -F
+StandardInput=null
+StandardOutput=null
+StandardError=journal
+TimeoutStopSec=5s
+TimeoutStartSec=90s
+Restart=on-failure
+RestartSec=30s
+
+[Install]
+WantedBy=multi-user.target
+EOF
+elif [ "$SYSCONFIG_SHIBD" != "no" ] ; then
+ # Populate the sysconfig file.
+ cat > $SYSCONFIG_SHIBD <<EOF
+# Shibboleth SP init script customization
+
+# User account for shibd
+SHIBD_USER=%{runuser}
+
+# Umask for shibd
+# SHIBD_UMASK=022
+
+# Wait period (secs) for configuration (and metadata) to load
+SHIBD_WAIT=30
+EOF
+ %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1
+ cat >> $SYSCONFIG_SHIBD <<EOF
+
+# Override OS-supplied libcurl
+export LD_LIBRARY_PATH=/opt/shibboleth/%{_lib}
+EOF
+ %endif
+fi
-%check || :
-make check
+%if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1
+ # Strip existing rpath to libcurl.
+ chrpath -d $RPM_BUILD_ROOT%{_sbindir}/shibd
+ chrpath -d $RPM_BUILD_ROOT%{_bindir}/mdquery
+ chrpath -d $RPM_BUILD_ROOT%{_bindir}/resolvertest
+%endif
+
+%if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon" || "%{_vendor}" == "suse"
+if [ "$SYSTEMD_SHIBD" == "no" ] ; then
+ # %{_initddir} not yet in RHEL5, use deprecated %{_initrddir}
+ install -d -m 0755 $RPM_BUILD_ROOT%{_initrddir}
+ install -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/shibd-%{_vendor} $RPM_BUILD_ROOT%{_initrddir}/shibd
+%if "%{_vendor}" == "suse"
+ install -d -m 0755 $RPM_BUILD_ROOT/%{_sbindir}
+ %{__ln_s} -f %{_initrddir}/shibd $RPM_BUILD_ROOT%{_sbindir}/rcshibd
+%endif
+fi
+%endif
+
+%check
+%{__make} check
%clean
-[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
+[ "$RPM_BUILD_ROOT" != "/" ] && %{__rm} -rf $RPM_BUILD_ROOT
+
+%pre
+getent group %{runuser} >/dev/null || groupadd -r %{runuser}
+getent passwd %{runuser} >/dev/null || useradd -r -g %{runuser} \
+ -d %{_localstatedir}/run/shibboleth -s /sbin/nologin -c "Shibboleth SP daemon" %{runuser}
+%if 0%{?suse_version} >= 1210
+ %service_add_pre shibd.service
+%endif
+exit 0
%post
+%ifnos solaris2.8 solaris2.9 solaris2.10 solaris2.11
/sbin/ldconfig
+%endif
+
+# Key generation or ownership fix
+cd %{_sysconfdir}/shibboleth
+if [ -f sp-key.pem ] ; then
+ %{__chown} %{runuser}:%{runuser} sp-key.pem sp-cert.pem 2>/dev/null || :
+else
+ /bin/sh ./keygen.sh -b -u %{runuser} -g %{runuser}
+fi
-# Plug the shibboleth SP into Apache2 on a Red Hat system.
-if [ -d %{_sysconfdir}/httpd/conf.d ] ; then
- if [ ! -f %{_sysconfdir}/httpd/conf.d/shib.conf ] ; then
- sed "s/\/usr\/doc\/shibboleth/\/usr\/share\/doc\/shibboleth-@-VERSION-@/g" \
- %{_sysconfdir}/shibboleth/apache2.config \
- > %{_sysconfdir}/httpd/conf.d/shib.conf
+# Fix ownership of log files (even on new installs, if they're left from an older one).
+%{__chown} %{runuser}:%{runuser} %{_localstatedir}/log/shibboleth/* 2>/dev/null || :
+
+%if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon"
+ if [ $1 -gt 1 ] ; then
+ # On Red Hat with shib.conf installed, clean up old Alias commands
+ # by pointing them at new version-independent /usr/share/share tree.
+ # Any Aliases we didn't create we assume are custom files.
+ # This is to accomodate making shib.conf a noreplace config file.
+ # We can't do this for SUSE, because they disallow changes to
+ # packaged files in scriplets.
+ APACHE_CONF="no"
+ if [ -f %{_sysconfdir}/httpd/conf.d/shib.conf ] ; then
+ APACHE_CONF="%{_sysconfdir}/httpd/conf.d/shib.conf"
+ fi
+ if [ "$APACHE_CONF" != "no" ] ; then
+ %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/main\.css/\/usr\/share\/shibboleth\/main.css/g" \
+ $APACHE_CONF
+ %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/logo\.jpg/\/usr\/share\/shibboleth\/logo.jpg/g" \
+ $APACHE_CONF
+ fi
fi
-fi
-# Install the shibd init.d scripts and service
-if [ -d %{_sysconfdir}/init.d ] ; then
- if [ ! -f %{_sysconfdir}/init.d/shibd ] ; then
- cp -p %{_sysconfdir}/shibboleth/shibd %{_sysconfdir}/init.d/shibd
- chmod 755 %{_sysconfdir}/init.d/shibd
- chkconfig --add shibd
+%if 0%{?rhel} >= 7 || 0%{?centos_version} >= 700
+ # Initial prep for systemd
+ %systemd_post shibd.service
+%else
+ # Add the proper /etc/rc*.d links for the script
+ /sbin/chkconfig --add shibd
+%endif
+%endif
+%if "%{_vendor}" == "suse"
+%if 0%{?suse_version} >= 1210
+ %service_add_post shibd.service
+%else
+ # This adds the proper /etc/rc*.d links for the script
+ # and populates the sysconfig/shibd file.
+ cd /
+ %{fillup_only -n shibd}
+ %insserv_force_if_yast shibd
+%endif
+%endif
+
+%preun
+# On final removal, stop shibd and remove service, restart Apache if running.
+%if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon"
+%if 0%{?rhel} >= 7 || 0%{?centos_version} >= 700
+ %systemd_preun shibd.service
+%else
+ if [ $1 -eq 0 ] ; then
+ /sbin/service shibd stop >/dev/null 2>&1
+ /sbin/chkconfig --del shibd
fi
-fi
+%endif
+ if [ $1 -eq 0 ] ; then
+ %{!?_without_builtinapache:/sbin/service httpd status 1>/dev/null && /sbin/service httpd restart 1>/dev/null}
+ fi
+%endif
+%if "%{_vendor}" == "suse"
+%if 0%{?suse_version} >= 1210
+ %service_del_preun shibd.service
+%else
+ %stop_on_removal shibd
+%endif
+ if [ $1 -eq 0 ] ; then
+ %{!?_without_builtinapache:/sbin/service apache2 status 1>/dev/null && /sbin/service apache2 restart 1>/dev/null}
+ fi
+%endif
+exit 0
%postun
+%ifnos solaris2.8 solaris2.9 solaris2.10 solaris2.11
/sbin/ldconfig
-
-# delete the shibboleth apache configuration if we're being removed
-[ "$0" = 0 ] || exit 0
-[ -f %{_sysconfdir}/httpd/conf.d/shib.conf ] && \
- rm -f %{_sysconfdir}/httpd/conf.d/shib.conf
-
-# clear init.d state
-chkconfig --del shibd
-[ -f %{_sysconfdir}/init.d/shibd ] && \
- rm -f %{_sysconfdir}/init.d/shibd
-
-%triggerin selinux-policy-targeted -- %{name}
-restorecon %{_sbindir}/shibd
-
-%triggerin selinux-policy-targeted -- selinux-policy-targeted-sources
-cd %{_sysconfdir}/selinux/targeted/src/policy || exit 1
-make -W install
-make load
-restorecon %{_sbindir}/shibd
+%endif
+%if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon"
+ # On upgrade, restart components if they're already running.
+%if 0%{?rhel} >= 7 || 0%{?centos_version} >= 700
+ %systemd_postun_with_restart shibd.service
+%else
+ if [ $1 -ge 1 ] ; then
+ /sbin/service shibd status 1>/dev/null && /sbin/service shibd restart 1>/dev/null
+ fi
+%endif
+ if [ $1 -ge 1 ] ; then
+ %{!?_without_builtinapache:/sbin/service httpd status 1>/dev/null && /sbin/service httpd restart 1>/dev/null}
+ exit 0
+ fi
+%endif
+%if "%{_vendor}" == "suse"
+%if 0%{?suse_version} >= 1210
+ %service_del_postun shibd.service
+%else
+ cd /
+ %restart_on_update shibd
+ %{insserv_cleanup}
+%endif
+ %{!?_without_builtinapache:%restart_on_update apache2}
+%endif
+
+%posttrans
+# ugly hack if init script got removed during %postun by upgraded (buggy/2.1) package
+%if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon"
+if [ -f %{_sysconfdir}/sysconfig/shibd ] ; then
+ if [ ! -f %{_initrddir}/shibd ] ; then
+ if [ -f %{_sysconfdir}/shibboleth/shibd-%{_vendor} ] ; then
+ %{__cp} -p %{_sysconfdir}/shibboleth/shibd-%{_vendor} %{_initrddir}/shibd
+ %{__chmod} 755 %{_initrddir}/shibd
+ /sbin/chkconfig --add shibd
+ fi
+fi
+%endif
%files -f rpm.filelist
%defattr(-,root,root,-)
-%doc _docs/CREDITS.txt _docs/NOTICE.txt _docs/NEWS.txt _docs/logo.jpg
-%doc _docs/main.css _docs/README.txt _docs/LICENSE.txt _docs/mysql-4.0.12.diff
%{_sbindir}/shibd
-%{_sbindir}/siterefresh
-%{_bindir}/shibtest
-%{_libdir}/libshib.so.*
-%{_libdir}/libshib-target.so.*
-%dir /var/log/shibboleth
+%{_bindir}/mdquery
+%{_bindir}/resolvertest
+%{_libdir}/libshibsp.so.*
+%{_libdir}/libshibsp-lite.so.*
+%dir %{_libdir}/shibboleth
+%{_libdir}/shibboleth/*
+%attr(0750,%{runuser},%{runuser}) %dir %{_localstatedir}/log/shibboleth
+%if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon" || "%{_vendor}" == "suse"
+%if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon"
+%attr(0750,apache,apache) %dir %{_localstatedir}/log/shibboleth-www
+%endif
+%if "%{_vendor}" == "suse"
+%attr(0750,wwwrun,www) %dir %{_localstatedir}/log/shibboleth-www
+%endif
+%else
+%attr(0750,-,-) %dir %{_localstatedir}/log/shibboleth-www
+%endif
+%if 0%{?suse_version} < 1300
+%attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/run/shibboleth
+%endif
+%attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/cache/shibboleth
%dir %{_datadir}/xml/shibboleth
-%{_datadir}/xml/shibboleth/*.xsd
-%{_datadir}/xml/shibboleth/*.xsl
+%{_datadir}/xml/shibboleth/*
+%dir %{_datadir}/shibboleth
+%{_datadir}/shibboleth/*
%dir %{_sysconfdir}/shibboleth
-%config %{_sysconfdir}/shibboleth/*.xml
-%config %{_sysconfdir}/shibboleth/*.html
-%config %{_sysconfdir}/shibboleth/*.logger
-%config %{_sysconfdir}/shibboleth/inqueue.pem
-%config %{_sysconfdir}/shibboleth/sp-example.crt
-%config %{_sysconfdir}/shibboleth/sp-example.key
+%config(noreplace) %{_sysconfdir}/shibboleth/*.xml
+%config(noreplace) %{_sysconfdir}/shibboleth/*.html
+%config(noreplace) %{_sysconfdir}/shibboleth/*.logger
+%if "%{_vendor}" == "redhat"
+%if 0%{?rhel} >= 7 || 0%{?centos_version} >= 700
+%else
+%config %{_initrddir}/shibd
+%endif
+%endif
+%if "%{_vendor}" == "amazon"
+%config %{_initrddir}/shibd
+%endif
+%if "%{_vendor}" == "suse" && 0%{?suse_version} < 1210
+%config %{_initrddir}/shibd
+%{_sbindir}/rcshibd
+%endif
%{_sysconfdir}/shibboleth/*.dist
%{_sysconfdir}/shibboleth/apache*.config
-%{_sysconfdir}/shibboleth/shibd
-
-%exclude %{_bindir}/posttest
-%exclude %{_bindir}/test-client
-%exclude %{_libexecdir}/*.la
+%{_sysconfdir}/shibboleth/shibd-*
+%attr(0755,root,root) %{_sysconfdir}/shibboleth/keygen.sh
+%attr(0755,root,root) %{_sysconfdir}/shibboleth/metagen.sh
+%{_sysconfdir}/shibboleth/*.xsl
+%doc %{pkgdocdir}
+%exclude %{pkgdocdir}/api
%files devel
%defattr(-,root,root,-)
-%{_includedir}
-%{_libdir}/libshib.so
-%{_libdir}/libshib-target.so
-
-%files selinux-policy-targeted
-%defattr(-,root,root,-)
-%{_sysconfdir}/selinux/targeted/src/policy/file_contexts/program/*.fc
-%{_sysconfdir}/selinux/targeted/src/policy/domains/program/*.te
+%{_includedir}/*
+%{_libdir}/libshibsp.so
+%{_libdir}/libshibsp-lite.so
+%doc %{pkgdocdir}/api
%changelog
+* Thu Jul 2 2015 Scott Cantor <cantor.2@osu.edu> - 2.5.5-1
+- Revamp with systemd support for RH/CentOS 7+ and SUSE 12.1+
+
+* Mon Mar 9 2015 Scott Cantor <cantor.2@osu.edu> - 2.5.4-1
+- Add Amazon VM support
+- Add a separate native logging directory
+- Remove hard-coded init.d usage
+- Switch to bz2 sources to prevent future issues with SuSE
+
+* Mon Nov 17 2014 Scott Cantor <cantor.2@osu.edu> - 2.5.3-2
+- Add libtool dep for OpenSUSE 13
+- Remove /var/run/shibboleth for OpenSUSE 13
+
+* Tue May 13 2014 Ian Young <ian@iay.org.uk> - 2.5.3-1.2
+- Update package dependencies for RHEL/CentOS 7
+- Fix bogus dates in changelog
+
+* Sat Jun 8 2013 Scott Cantor <cantor.2@osu.edu> - 2.5.2-1
+- Add --with-gssapi using MIT K5 by default
+
+* Tue Sep 25 2012 Scott Cantor <cantor.2@osu.edu> - 2.5.1-1
+- Merge back various changes used in released packages
+- Prep for 2.5.1 by pulling extra restart out
+
+* Tue Aug 7 2012 Scott Cantor <cantor.2@osu.edu> - 2.5.0-2
+- Changed package name back to shibboleth because of upgrade bugs
+- Put back extra restart for this release only.
+
+* Thu Mar 1 2012 Scott Cantor <cantor.2@osu.edu> - 2.5.0-1
+- Move logo and stylesheet to version-independent tree
+- Make shib.conf noreplace
+- Post-fixup of Alias commands in older shib.conf
+- Changes to run shibd as non-root shibboleth user
+- Move init customizations to /etc/sysconfig/shibd
+- Copy shibd restart for Red Hat to postun
+- Add boost-devel dependency
+- Build memcache plugin on RH6
+- Add cachedir to install
+- Add Apache 2.4 to install
+
+* Sun Jun 26 2011 Scott Cantor <cantor.2@osu.edu> - 2.4.3-1
+- Log files shouldn't be world readable.
+- Explicit requirement for libcurl-openssl on RHEL6
+- Uncomment LD_LIBRARY_PATH in init script for RHEL6
+- Remove rpath from binaries for RHEL6
+
+* Fri Dec 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.4-1
+- Update dependencies.
+
+* Mon Nov 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.3.1-1
+- Reset revision for 2.3.1 release
+
+* Wed Aug 19 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-2
+- SuSE init script changes
+- Restart Apache on removal, not just upgrade
+- Fix scriptlet exit values when Apache is stopped
+
+* Mon Aug 10 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
+- Doc handling changes
+- SuSE init script
+
+* Tue Aug 4 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
+- Initial version for 2.2.1, with shibd/httpd restart on upgrade
+
+* Thu Jun 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-3
+- Add additional cleanup to posttrans fix
+
+* Tue Jun 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-2
+- Reverse without_builtinapache macro test
+- Fix init script handling on Red Hat to handle upgrades
+
+* Wed Dec 3 2008 Scott Cantor <cantor.2@osu.edu> - 2.2-1
+- Bump minor version.
+- Make keygen.sh executable.
+- Fixing SUSE Xerces dependency name.
+- Optionally package shib.conf.
+
+* Tue Jun 10 2008 Scott Cantor <cantor.2@osu.edu> - 2.1-1
+- Change shib.conf handling to treat as config file.
+
+* Mon Mar 17 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-6
+- Official release.
+
+* Fri Jan 18 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-5
+- Release candidate 1.
+
+* Sun Oct 21 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-4
+- libexec -> lib/shibboleth changes
+- Added doc subpackage
+
+* Thu Aug 16 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-3
+- First public beta.
+
+* Fri Jul 13 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-2
+- Second alpha release.
+
+* Sun Jun 10 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-1
+- First alpha release.
+
+* Mon Oct 2 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-11
+- Applied fix for secadv 20061002
+- Fix for metadata loader loop
+
+* Thu Jun 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-10
+- Applied fix for sec 20060615
+
+* Sat Apr 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-9
+- Misc. patches, SuSE, Apache 2.2, gcc 4.1, and 64-bit support
+
+* Mon Jan 9 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-8
+- Applied new fix for secadv 20060109
+
+* Tue Nov 8 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-7
+- Applied new fix for secadv 20050901 plus rollup
+
* Fri Sep 23 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-6
- Minor patches and default config changes
- pidfile patch
- Fix shib.conf creation
- Integrated init.d script
+- Prevent replacement of config files
* Thu Sep 1 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-5
- Applied fix for secadv 20050901 plus rollup of NSAPI fixes