X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=shibboleth.spec.in;h=d510452e0602fd38fb8df57c10e642f642eb6f08;hb=0a385e33a45ef0d86ba16fb7745ec044a78899dd;hp=ba5c42f7dd35f6f5985883d923bb67a42c3b4cc1;hpb=21ed49a9b26b9d8341375a98af8452159bb3ec2a;p=shibboleth%2Fsp.git diff --git a/shibboleth.spec.in b/shibboleth.spec.in index ba5c42f..d510452 100644 --- a/shibboleth.spec.in +++ b/shibboleth.spec.in @@ -1,202 +1,289 @@ -Name: shibboleth -Summary: Open source system to enable inter-institutional resource sharing -Version: @-VERSION-@ -Release: 2 -#Copyright: Internet2 +Name: @PACKAGE_NAME@ +Version: @PACKAGE_VERSION@ +Release: 1 +Summary: Open source system for attribute-based Web SSO Group: System Environment/Libraries -License: Apache style +Vendor: Internet2 +License: Apache 2.0 URL: http://shibboleth.internet2.edu/ -Source0: http://shibboleth.internet2.edu/downloads/%{name}-%{version}.tar.gz +Source: %{name}-sp-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-root - -BuildRequires: openssl-devel, curl-devel >= 7.10.6, xerces%{?xercesver}-c-devel >= 2.6.1 -BuildRequires: xml-security-c-devel >= 1.3.1, log4cpp-devel >= 0.3.5 -BuildRequires: zlib-devel, unixODBC-devel, opensaml-devel >= 2.0 +PreReq: openssl, xmltooling-schemas, opensaml-schemas +%if 0%{?suse_version} > 1030 +PreReq: %{insserv_prereq} +BuildRequires: libXerces-c-devel >= 2.8.0 +%else +BuildRequires: libxerces-c-devel >= 2.8.0 +%endif +BuildRequires: libxml-security-c-devel >= 1.4.0 +BuildRequires: libxmltooling-devel >= 1.4 +BuildRequires: libsaml-devel >= 2.4 +%{?_with_log4cpp:BuildRequires: liblog4cpp-devel >= 1.0} +%{!?_with_log4cpp:BuildRequires: liblog4shib-devel} +BuildRequires: gcc-c++, zlib-devel +%{!?_without_doxygen:BuildRequires: doxygen} +%{!?_without_odbc:BuildRequires:unixODBC-devel} +%{?_with_fastcgi:BuildRequires: fcgi-devel} %if "%{_vendor}" == "redhat" -BuildRequires: httpd-devel +%{!?_without_builtinapache:BuildRequires: httpd-devel} +BuildRequires: redhat-rpm-config %endif %if "%{_vendor}" == "suse" -BuildRequires: apache2-devel +%{!?_without_builtinapache:BuildRequires: apache2-devel} %endif +%if "%{_vendor}" == "suse" +%define pkgdocdir %{_docdir}/%{name} +%else +%define pkgdocdir %{_docdir}/%{name}-%{version} +%endif %description -Shibboleth, a project of Internet2/MACE, is developing architectures, -policy structures, practical technologies, and an open source -implementation to support inter-institutional sharing of web resources -subject to access controls. In addition, Shibboleth will develop a -policy framework that will allow inter-operation within the higher -education community. +Shibboleth is a Web Single Sign-On implementations based on OpenSAML +that supports multiple protocols, federated identity, and the extensible +exchange of rich attributes subject to privacy controls. -This package contains the shibboleth runtime library and apache module. +This package contains the Shibboleth Service Provider runtime libraries +and Apache module(s). %package devel -Summary: Shibboleth development Headers -Group: Development/Libraries -Requires: %{name} = %{version} +Summary: Shibboleth development Headers +Group: Development/Libraries +Requires: %{name} = %{version}-%{release} +%if 0%{?suse_version} > 1030 +Requires: libXerces-c-devel >= 2.8.0 +%else +Requires: libxerces-c-devel >= 2.8.0 +%endif +Requires: libxml-security-c-devel >= 1.4.0 +Requires: libxmltooling-devel >= 1.4 +Requires: libsaml-devel >= 2.4 +%{?_with_log4cpp:Requires: liblog4cpp-devel >= 1.0} +%{!?_with_log4cpp:Requires: liblog4shib-devel} %description devel -Shibboleth, a project of Internet2/MACE, is developing architectures, -policy structures, practical technologies, and an open source -implementation to support inter-institutional sharing of web resources -subject to access controls. In addition, Shibboleth will develop a -policy framework that will allow inter-operation within the higher -education community. - -This package contains the headers and other necessary files to build -applications that use the shibboleth library. - -%package selinux-policy-targeted -Summary: SELinux policy targeted configuration for Shibboleth SP -Group: System Environment/Base -Requires: selinux-policy-targeted-sources - -%description selinux-policy-targeted -Shibboleth, a project of Internet2/MACE, is developing architectures, -policy structures, practical technologies, and an open source -implementation to support inter-institutional sharing of web resources -subject to access controls. In addition, Shibboleth will develop a -policy framework that will allow inter-operation within the higher -education community. - -This package contains the SELinux Policy (source) Configuration to -enable the Shibboleth SP to integrate into Apache HTTPD in Red Hat / -Fedora's Policy Targeted SELinux implementation. It requires -rebuilding your policy, so you must have the policy-targeted-source -installed. +Shibboleth is a Web Single Sign-On implementations based on OpenSAML +that supports multiple protocols, federated identity, and the extensible +exchange of rich attributes subject to privacy controls. + +This package includes files needed for development with Shibboleth. %prep %setup -q %build -%configure %{?shib_options} -make -#make -C selinux +%configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{?_with_memcached} %{?shib_options} +%{__make} pkgdocdir=%{pkgdocdir} %install -[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT -rm -rf _docs -make install DESTDIR=$RPM_BUILD_ROOT -make -C selinux install DESTDIR=$RPM_BUILD_ROOT -mv $RPM_BUILD_ROOT/usr/doc/%{name} _docs - -find $RPM_BUILD_ROOT/%{_libexecdir} -type f -or -type l | grep \.so | - sed -e "s|$RPM_BUILD_ROOT||" | sort > rpm.filelist - -%check || : -make check +%{__make} install NOKEYGEN=1 DESTDIR=$RPM_BUILD_ROOT pkgdocdir=%{pkgdocdir} -%clean -[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT - -%post -/sbin/ldconfig +%if "%{_vendor}" == "suse" + %{__sed} -i "s/\/var\/log\/httpd/\/var\/log\/apache2/g" \ + $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/native.logger +%endif -# Plug the SP into Apache on a recognized system. +# Plug the SP into the built-in Apache on a recognized system. +touch rpm.filelist APACHE_CONFIG="no" -if [ -f $RPM_BUILD_ROOT/%{_libexecdir}/mod_shib_13.so ] ; then - APACHE_CONFIG="apache.config" +if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_13.so ] ; then + APACHE_CONFIG="apache.config" fi -if [ -f $RPM_BUILD_ROOT/%{_libexecdir}/mod_shib_20.so ] ; then - APACHE_CONFIG="apache2.config" +if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_20.so ] ; then + APACHE_CONFIG="apache2.config" fi -if [ -f $RPM_BUILD_ROOT/%{_libexecdir}/mod_shib_22.so ] ; then - APACHE_CONFIG="apache22.config" +if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_22.so ] ; then + APACHE_CONFIG="apache22.config" fi +%{?_without_builtinapache:APACHE_CONFIG="no"} if [ "$APACHE_CONFIG" != "no" ] ; then - APACHE_CONFD="no" - if [ -d %{_sysconfdir}/httpd/conf.d ] ; then - APACHE_CONFD="%{_sysconfdir}/httpd/conf.d" - fi - if [ -d %{_sysconfdir}/apache2/conf.d ] ; then - APACHE_CONFD="%{_sysconfdir}/apache2/conf.d" - fi - if [ "$APACHE_CONFD" != "no" ] ; then - if [ ! -f $APACHE_CONFD/shib.conf ] ; then - sed "s/\/usr\/doc\/%{name}/\/usr\/share\/doc\/%{name}-@-VERSION-@/g" \ - %{_sysconfdir}/%{name}/$APACHE_CONFIG \ - > $APACHE_CONFD/shib.conf - fi - fi + APACHE_CONFD="no" + if [ -d %{_sysconfdir}/httpd/conf.d ] ; then + APACHE_CONFD="%{_sysconfdir}/httpd/conf.d" + fi + if [ -d %{_sysconfdir}/apache2/conf.d ] ; then + APACHE_CONFD="%{_sysconfdir}/apache2/conf.d" + fi + if [ "$APACHE_CONFD" != "no" ] ; then + %{__mkdir} -p $RPM_BUILD_ROOT$APACHE_CONFD + %{__cp} -p $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/$APACHE_CONFIG $RPM_BUILD_ROOT$APACHE_CONFD/shib.conf + echo "%config $APACHE_CONFD/shib.conf" > rpm.filelist + fi fi -# Install the shibd init.d scripts and service -%if "%{_vendor}" == "redhat" - if [ -d %{_sysconfdir}/init.d ] ; then - if [ ! -f %{_sysconfdir}/init.d/shibd ] ; then - cp -p %{_sysconfdir}/%{name}/shibd %{_sysconfdir}/init.d/shibd - chmod 755 %{_sysconfdir}/init.d/shibd - chkconfig --add shibd - fi - fi +%if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse" + # %{_initddir} not yet in RHEL5, use deprecated %{_initrddir} + install -d -m 0755 $RPM_BUILD_ROOT%{_initrddir} + install -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/shibd-%{_vendor} $RPM_BUILD_ROOT%{_initrddir}/shibd +%if "%{_vendor}" == "suse" + install -d -m 0755 $RPM_BUILD_ROOT/%{_sbindir} + %{__ln_s} -f %{_initrddir}/shibd $RPM_BUILD_ROOT%{_sbindir}/rcshibd +%endif %endif -%postun +%check +%{__make} check + +%clean +[ "$RPM_BUILD_ROOT" != "/" ] && %{__rm} -rf $RPM_BUILD_ROOT + +%post +%ifnos solaris2.8 solaris2.9 solaris2.10 /sbin/ldconfig +%endif -# delete the Apache configuration if we're being removed -[ "$1" = 0 ] || exit 0 -[ -f %{_sysconfdir}/httpd/conf.d/shib.conf ] && \ - rm -f %{_sysconfdir}/httpd/conf.d/shib.conf -[ -f %{_sysconfdir}/apache2/conf.d/shib.conf ] && \ - rm -f %{_sysconfdir}/apache2/conf.d/shib.conf +# Key generation +cd %{_sysconfdir}/%{name} +sh ./keygen.sh -b + +%if "%{_vendor}" == "redhat" + # This adds the proper /etc/rc*.d links for the script + /sbin/chkconfig --add shibd + # On upgrade, restart components if they're already running. + if [ "$1" -gt "1" ] ; then + /etc/init.d/shibd status 1>/dev/null && /etc/init.d/shibd restart 1>/dev/null + %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null} + exit 0 + fi +%endif +%if "%{_vendor}" == "suse" + # This adds the proper /etc/rc*.d links for the script + cd / + %insserv_force_if_yast shibd +%endif -# clear init.d state +%preun %if "%{_vendor}" == "redhat" - chkconfig --del shibd - [ -f %{_sysconfdir}/init.d/shibd ] && \ - rm -f %{_sysconfdir}/init.d/shibd + if [ "$1" = 0 ] ; then + /sbin/service shibd stop >/dev/null 2>&1 + /sbin/chkconfig --del shibd + %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null} + fi +%endif +%if "%{_vendor}" == "suse" + %stop_on_removal shibd + if [ "$1" = 0 ] ; then + %{!?_without_builtinapache:/etc/init.d/apache2 status 1>/dev/null && /etc/init.d/apache2 restart 1>/dev/null} + fi %endif +exit 0 -%triggerin selinux-policy-targeted -- %{name} -restorecon %{_sbindir}/shibd +%postun +%ifnos solaris2.8 solaris2.9 solaris2.10 +/sbin/ldconfig +%endif +%if "%{_vendor}" == "suse" +cd / +%restart_on_update shibd +%{!?_without_builtinapache:%restart_on_update apache2} +%{insserv_cleanup} +%endif -%triggerin selinux-policy-targeted -- selinux-policy-targeted-sources -cd %{_sysconfdir}/selinux/targeted/src/policy || exit 1 -make -W install -make load -restorecon %{_sbindir}/shibd +%posttrans +# ugly hack if init script got removed during %postun by upgraded (buggy/2.1) package +%if "%{_vendor}" == "redhat" + if [ ! -f %{_initrddir}/shibd ] ; then + if [ -f %{_sysconfdir}/%{name}/shibd-%{_vendor} ] ; then + %{__cp} -p %{_sysconfdir}/%{name}/shibd-%{_vendor} %{_initrddir}/shibd + %{__chmod} 755 %{_initrddir}/shibd + /sbin/chkconfig --add shibd + fi + fi +%endif %files -f rpm.filelist %defattr(-,root,root,-) -%doc _docs/CREDITS.txt _docs/LICENSE.txt _docs/NOTICE.txt _docs/README.txt _docs/RELEASE.txt -%doc _docs/logo.jpg _docs/main.css %{_sbindir}/shibd -%{_sbindir}/siterefresh -%{_bindir}/samlquery +%{_bindir}/mdquery +%{_bindir}/resolvertest %{_libdir}/libshibsp.so.* %{_libdir}/libshibsp-lite.so.* +%dir %{_libdir}/%{name} +%{_libdir}/%{name}/* +%exclude %{_libdir}/%{name}/*.la %dir %{_localstatedir}/log/%{name} +%dir %{_localstatedir}/run/%{name} %dir %{_datadir}/xml/%{name} -%{_datadir}/xml/%{name} +%{_datadir}/xml/%{name}/* %dir %{_sysconfdir}/%{name} %config(noreplace) %{_sysconfdir}/%{name}/*.xml %config(noreplace) %{_sysconfdir}/%{name}/*.html %config(noreplace) %{_sysconfdir}/%{name}/*.logger -%config %{_sysconfdir}/%{name}/sp-example.crt -%config %{_sysconfdir}/%{name}/sp-example.key +%if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse" +%config %{_initrddir}/shibd +%endif +%if "%{_vendor}" == "suse" +%{_sbindir}/rcshibd +%endif %{_sysconfdir}/%{name}/*.dist %{_sysconfdir}/%{name}/apache*.config -%{_sysconfdir}/%{name}/shibd -%exclude %{_libexecdir}/*.la +%{_sysconfdir}/%{name}/shibd-* +%attr(755, root, root) %{_sysconfdir}/%{name}/keygen.sh +%attr(755, root, root) %{_sysconfdir}/%{name}/metagen.sh +%{_sysconfdir}/%{name}/*.xsl +%doc %{pkgdocdir} +%exclude %{pkgdocdir}/api %files devel %defattr(-,root,root,-) -%{_includedir} +%{_includedir}/* %{_libdir}/libshibsp.so %{_libdir}/libshibsp-lite.so - -%files selinux-policy-targeted -%defattr(-,root,root,-) -%{_sysconfdir}/selinux/targeted/src/policy/file_contexts/program/*.fc -%{_sysconfdir}/selinux/targeted/src/policy/domains/program/*.te +%doc %{pkgdocdir}/api %changelog +* Fri Dec 25 2009 Scott Cantor - 2.4-1 +- Update dependencies. + +* Mon Nov 23 2009 Scott Cantor - 2.3.1-1 +- Reset revision for 2.3.1 release + +* Wed Aug 19 2009 Scott Cantor - 2.2.1-2 +- SuSE init script changes +- Restart Apache on removal, not just upgrade +- Fix scriptlet exit values when Apache is stopped + +* Mon Aug 10 2009 Scott Cantor - 2.2.1-1 +- Doc handling changes +- SuSE init script + +* Tue Aug 4 2009 Scott Cantor - 2.2.1-1 +- Initial version for 2.2.1, with shibd/httpd restart on upgrade + +* Thu Jun 25 2009 Scott Cantor - 2.2-3 +- Add additional cleanup to posttrans fix + +* Tue Jun 23 2009 Scott Cantor - 2.2-2 +- Reverse without_builtinapache macro test +- Fix init script handling on Red Hat to handle upgrades + +* Wed Dec 3 2008 Scott Cantor - 2.2-1 +- Bump minor version. +- Make keygen.sh executable. +- Fixing SUSE Xerces dependency name. +- Optionally package shib.conf. + +* Tue Jun 10 2008 Scott Cantor - 2.1-1 +- Change shib.conf handling to treat as config file. + +* Mon Mar 17 2008 Scott Cantor - 2.0-6 +- Official release. + +* Fri Jan 18 2008 Scott Cantor - 2.0-5 +- Release candidate 1. + +* Sun Oct 21 2007 Scott Cantor - 2.0-4 +- libexec -> lib/shibboleth changes +- Added doc subpackage + +* Thu Aug 16 2007 Scott Cantor - 2.0-3 +- First public beta. + * Fri Jul 13 2007 Scott Cantor - 2.0-2 -- Second alpha release +- Second alpha release. * Sun Jun 10 2007 Scott Cantor - 2.0-1 -- First alpha release +- First alpha release. * Mon Oct 2 2006 Scott Cantor - 1.3-11 - Applied fix for secadv 20061002