X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=shibboleth.spec.in;h=d8f44443c29274ccdd97daae319712b2a943ee65;hb=HEAD;hp=4da3bf99d86fecb7c39d57370f96853375212377;hpb=f81d01565a5cc55176831ecc738d3bdd1ce17b2d;p=shibboleth%2Fcpp-sp.git diff --git a/shibboleth.spec.in b/shibboleth.spec.in index 4da3bf9..d8f4444 100644 --- a/shibboleth.spec.in +++ b/shibboleth.spec.in @@ -1,172 +1,594 @@ -Name: shibboleth -Summary: Open source system to enable inter-institutional resource sharing -Version: @-VERSION-@ -Release: 6 -#Copyright: University Corporation for Advanced Internet Development, Inc. -Group: System Environment/Libraries -License: Apache style -URL: http://shibboleth.internet2.edu/ -Source0: http://wayf.internet2.edu/shibboleth/%{name}-%{version}.tar.gz -Source1: http://wayf.internet2.edu/shibboleth/%{name}-%{version}.tar.gz.asc +Name: shibboleth-sp +Version: @PACKAGE_VERSION@ +Release: 1 +Summary: Open source system for attribute-based Web SSO +Group: Productivity/Networking/Security +Vendor: Shibboleth Consortium +License: Apache 2.0 +URL: http://shibboleth.net/ +Source: %{name}-%{version}.tar.bz2 BuildRoot: %{_tmppath}/%{name}-%{version}-root - -BuildRequires: openssl-devel, curl-devel >= 7.10.6, xerces-c-devel >= 2.6.1 -BuildRequires: xml-security-c-devel >= 1.1.0, log4cpp-devel >= 0.3.5 -BuildRequires: zlib-devel, opensaml-devel >= 1.1, httpd-devel +Obsoletes: shibboleth-sp = 2.5.0 +Requires: openssl +%if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1 +Requires: xmltooling-schemas%{?_isa} >= 1.5.5, opensaml-schemas%{?_isa} >= 2.5.5 +%else +Requires: xmltooling-schemas >= 1.5.5, opensaml-schemas >= 2.5.5 +%endif +%if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130 +Requires: %{insserv_prereq} %{fillup_prereq} +BuildRequires: libxerces-c-devel >= 3.1 +%else +%if 0%{?rhel} >= 7 || 0%{?centos_version} >= 700 +BuildRequires: systemd-devel, pkgconfig +BuildRequires: xerces-c-devel >= 3.1 +%else +BuildRequires: libxerces-c-devel >= 3.1 +%endif +%endif +BuildRequires: libxml-security-c-devel >= 1.7.3 +BuildRequires: libxmltooling-devel >= 1.5.5 +BuildRequires: libsaml-devel >= 2.5.5 +%{?_with_log4cpp:BuildRequires: liblog4cpp-devel >= 1.0} +%{!?_with_log4cpp:BuildRequires: liblog4shib-devel >= 1.0.4} +%if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1 +Requires: libcurl-openssl%{?_isa} >= 7.21.7 +BuildRequires: chrpath +%endif +%if 0%{?suse_version} > 1300 +BuildRequires: libtool +%endif +BuildRequires: gcc-c++, zlib-devel, boost-devel >= 1.32.0 +%{!?_without_gssapi:BuildRequires: krb5-devel} +%{!?_without_doxygen:BuildRequires: doxygen} +%{!?_without_odbc:BuildRequires:unixODBC-devel} +%{?_with_fastcgi:BuildRequires: fcgi-devel} +%if 0%{?centos_version} >= 600 +BuildRequires: libmemcached-devel +%endif +%{?_with_memcached:BuildRequires: libmemcached-devel} +%if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon" +%if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1 +%{!?_without_builtinapache:BuildRequires: httpd-devel%{?_isa}} +%else +%{!?_without_builtinapache:BuildRequires: httpd-devel} +%endif +BuildRequires: redhat-rpm-config +Requires(pre): shadow-utils +Requires(post): chkconfig +Requires(preun): chkconfig, initscripts +%endif +%if "%{_vendor}" == "suse" +Requires(pre): pwdutils +%{!?_without_builtinapache:BuildRequires: apache2-devel} +%{?systemd_requires} +%if 0%{?suse_version} >= 1210 +BuildRequires: systemd-rpm-macros, systemd-devel, pkgconfig +%endif +%endif + +%{!?_tmpfilesdir:%global _tmpfilesdir /usr/lib/tmpfiles.d} + +%define runuser shibd +%if "%{_vendor}" == "suse" +%define pkgdocdir %{_docdir}/shibboleth +%else +%define pkgdocdir %{_docdir}/shibboleth-%{version} +%endif %description -Shibboleth, a project of Internet2/MACE, is developing architectures, -policy structures, practical technologies, and an open source -implementation to support inter-institutional sharing of web resources -subject to access controls. In addition, Shibboleth will develop a -policy framework that will allow inter-operation within the higher -education community. +Shibboleth is a Web Single Sign-On implementations based on OpenSAML +that supports multiple protocols, federated identity, and the extensible +exchange of rich attributes subject to privacy controls. -This package contains the shibboleth runtime library and apache module. +This package contains the Shibboleth Service Provider runtime libraries, +daemon, default plugins, and Apache module(s). %package devel -Summary: Shibboleth development Headers -Group: Development/Libraries -Requires: %{name} = %{version} +Summary: Shibboleth Development Headers +Group: Development/Libraries/C and C++ +Requires: %{name} = %{version}-%{release} +Obsoletes: shibboleth-sp-devel = 2.5.0 +%if 0%{?rhel} >= 7 || 0%{?centos_version} >= 700 +Requires: xerces-c-devel >= 3.1 +%else +Requires: libxerces-c-devel >= 3.1 +%endif +Requires: libxml-security-c-devel >= 1.7.3 +Requires: libxmltooling-devel >= 1.5.5 +Requires: libsaml-devel >= 2.5.5 +%{?_with_log4cpp:Requires: liblog4cpp-devel >= 1.0} +%{!?_with_log4cpp:Requires: liblog4shib-devel >= 1.0.4} %description devel -Shibboleth, a project of Internet2/MACE, is developing architectures, -policy structures, practical technologies, and an open source -implementation to support inter-institutional sharing of web resources -subject to access controls. In addition, Shibboleth will develop a -policy framework that will allow inter-operation within the higher -education community. - -This package contains the headers and other necessary files to build -applications that use the shibboleth library. - -%package selinux-policy-targeted -Summary: SELinux policy targeted configuration for Shibboleth SP -Group: System Environment/Base -Requires: selinux-policy-targeted-sources - -%description selinux-policy-targeted -Shibboleth, a project of Internet2/MACE, is developing architectures, -policy structures, practical technologies, and an open source -implementation to support inter-institutional sharing of web resources -subject to access controls. In addition, Shibboleth will develop a -policy framework that will allow inter-operation within the higher -education community. - -This package contains the SELinux Policy (source) Configuration to -enable the Shibboleth SP to integrate into Apache HTTPD in Red Hat / -Fedora's Policy Targeted SELinux implementation. It requires -rebuilding your policy, so you must have the policy-targeted-source -installed. +Shibboleth is a Web Single Sign-On implementations based on OpenSAML +that supports multiple protocols, federated identity, and the extensible +exchange of rich attributes subject to privacy controls. + +This package includes files needed for development with Shibboleth. %prep -%setup -q +%setup -n %{name}-%{version} %build -%configure --enable-apache-20 -make -make -C selinux +%if 0%{?suse_version} >= 1210 + %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{!?_without_gssapi:--with-gssapi} %{!?_without_systemd:--enable-systemd} %{?shib_options} +%else +%if 0%{?rhel} >= 7 || 0%{?centos_version} >= 700 + %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{!?_without_gssapi:--with-gssapi} %{!?_without_memcached:--with-memcached} %{!?_without_systemd:--enable-systemd} %{?shib_options} +%else +%if 0%{?centos_version} >= 600 + %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{!?_without_gssapi:--with-gssapi} %{!?_without_memcached:--with-memcached} %{?shib_options} +%else + %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{!?_without_gssapi:--with-gssapi} %{?_with_memcached} %{?shib_options} +%endif +%endif +%endif +%{__make} pkgdocdir=%{pkgdocdir} %install -[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT -rm -rf _docs +%{__make} install NOKEYGEN=1 DESTDIR=$RPM_BUILD_ROOT pkgdocdir=%{pkgdocdir} + +%if "%{_vendor}" == "suse" + %{__sed} -i "s/\/var\/log\/httpd/\/var\/log\/apache2/g" \ + $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/native.logger +%endif + +# Plug the SP into the built-in Apache on a recognized system. +touch rpm.filelist +APACHE_CONFIG="no" +if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_13.so ] ; then + APACHE_CONFIG="apache.config" +fi +if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_20.so ] ; then + APACHE_CONFIG="apache2.config" +fi +if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_22.so ] ; then + APACHE_CONFIG="apache22.config" +fi +if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_24.so ] ; then + APACHE_CONFIG="apache24.config" +fi +%{?_without_builtinapache:APACHE_CONFIG="no"} +if [ "$APACHE_CONFIG" != "no" ] ; then + APACHE_CONFD="no" + if [ -d %{_sysconfdir}/httpd/conf.d ] ; then + APACHE_CONFD="%{_sysconfdir}/httpd/conf.d" + fi + if [ -d %{_sysconfdir}/apache2/conf.d ] ; then + APACHE_CONFD="%{_sysconfdir}/apache2/conf.d" + fi + if [ "$APACHE_CONFD" != "no" ] ; then + %{__mkdir} -p $RPM_BUILD_ROOT$APACHE_CONFD + %{__cp} -p $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/$APACHE_CONFIG $RPM_BUILD_ROOT$APACHE_CONFD/shib.conf + echo "%config(noreplace) $APACHE_CONFD/shib.conf" >> rpm.filelist + fi +fi -make install DESTDIR=$RPM_BUILD_ROOT -make -C selinux install DESTDIR=$RPM_BUILD_ROOT -mv $RPM_BUILD_ROOT/usr/doc/shibboleth _docs +# Establish location of systemd file, if any. +SYSTEMD_SHIBD="no" +%if 0%{?suse_version} >= 1210 || 0%{?rhel} >= 7 || 0%{?centos_version} >= 700 + %{__mkdir} -p $RPM_BUILD_ROOT%{_unitdir} + echo "%attr(0444,-,-) %{_unitdir}/shibd.service" >> rpm.filelist + SYSTEMD_SHIBD="$RPM_BUILD_ROOT%{_unitdir}/shibd.service" + + # Get run directory created at boot time. + %{__mkdir} -p $RPM_BUILD_ROOT%{_tmpfilesdir} + echo "%attr(0444,-,-) %{_tmpfilesdir}/%{name}.conf" >> rpm.filelist + cat > $RPM_BUILD_ROOT%{_tmpfilesdir}/%{name}.conf <> rpm.filelist + SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/shibd" +%endif +%if "%{_vendor}" == "suse" + %{__mkdir} -p $RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates + echo "%{_localstatedir}/adm/fillup-templates/sysconfig.shibd" >> rpm.filelist + SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates/sysconfig.shibd" +%endif +fi -find $RPM_BUILD_ROOT/%{_libexecdir} -type f -or -type l | grep \.so | - sed -e "s|$RPM_BUILD_ROOT||" | sort > rpm.filelist +if [ "$SYSTEMD_SHIBD" != "no" ] ; then + # Populate the systemd file + cat > $SYSTEMD_SHIBD <= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1 +Environment=LD_LIBRARY_PATH=/opt/shibboleth/%{_lib} +%endif +ExecStart=%{_sbindir}/shibd -f -F +StandardInput=null +StandardOutput=null +StandardError=journal +TimeoutStopSec=5s +TimeoutStartSec=90s +Restart=on-failure +RestartSec=30s + +[Install] +WantedBy=multi-user.target +EOF +elif [ "$SYSCONFIG_SHIBD" != "no" ] ; then + # Populate the sysconfig file. + cat > $SYSCONFIG_SHIBD <= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1 + cat >> $SYSCONFIG_SHIBD <= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1 + # Strip existing rpath to libcurl. + chrpath -d $RPM_BUILD_ROOT%{_sbindir}/shibd + chrpath -d $RPM_BUILD_ROOT%{_bindir}/mdquery + chrpath -d $RPM_BUILD_ROOT%{_bindir}/resolvertest +%endif + +%if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon" || "%{_vendor}" == "suse" +if [ "$SYSTEMD_SHIBD" == "no" ] ; then + # %{_initddir} not yet in RHEL5, use deprecated %{_initrddir} + install -d -m 0755 $RPM_BUILD_ROOT%{_initrddir} + install -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/shibd-%{_vendor} $RPM_BUILD_ROOT%{_initrddir}/shibd +%if "%{_vendor}" == "suse" + install -d -m 0755 $RPM_BUILD_ROOT/%{_sbindir} + %{__ln_s} -f %{_initrddir}/shibd $RPM_BUILD_ROOT%{_sbindir}/rcshibd +%endif +fi +%endif + +%check +%{__make} check %clean -[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT +[ "$RPM_BUILD_ROOT" != "/" ] && %{__rm} -rf $RPM_BUILD_ROOT + +%pre +getent group %{runuser} >/dev/null || groupadd -r %{runuser} +getent passwd %{runuser} >/dev/null || useradd -r -g %{runuser} \ + -d %{_localstatedir}/run/shibboleth -s /sbin/nologin -c "Shibboleth SP daemon" %{runuser} +%if 0%{?suse_version} >= 1210 + %service_add_pre shibd.service +%endif +exit 0 %post +%ifnos solaris2.8 solaris2.9 solaris2.10 solaris2.11 /sbin/ldconfig +%endif + +# Key generation or ownership fix +cd %{_sysconfdir}/shibboleth +if [ -f sp-key.pem ] ; then + %{__chown} %{runuser}:%{runuser} sp-key.pem sp-cert.pem 2>/dev/null || : +else + /bin/sh ./keygen.sh -b -u %{runuser} -g %{runuser} +fi -# Plug the shibboleth SP into Apache2 on a Red Hat system. -if [ -d %{_sysconfdir}/httpd/conf.d ] ; then - if [ ! -f %{_sysconfdir}/httpd/conf.d/shib.conf ] ; then - sed "s/\/usr\/doc\/shibboleth/\/usr\/share\/doc\/shibboleth-@-VERSION-@/g" \ - %{_sysconfdir}/shibboleth/apache2.config \ - > %{_sysconfdir}/httpd/conf.d/shib.conf +# Fix ownership of log files (even on new installs, if they're left from an older one). +%{__chown} %{runuser}:%{runuser} %{_localstatedir}/log/shibboleth/* 2>/dev/null || : + +%if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon" + if [ $1 -gt 1 ] ; then + # On Red Hat with shib.conf installed, clean up old Alias commands + # by pointing them at new version-independent /usr/share/share tree. + # Any Aliases we didn't create we assume are custom files. + # This is to accomodate making shib.conf a noreplace config file. + # We can't do this for SUSE, because they disallow changes to + # packaged files in scriplets. + APACHE_CONF="no" + if [ -f %{_sysconfdir}/httpd/conf.d/shib.conf ] ; then + APACHE_CONF="%{_sysconfdir}/httpd/conf.d/shib.conf" + fi + if [ "$APACHE_CONF" != "no" ] ; then + %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/main\.css/\/usr\/share\/shibboleth\/main.css/g" \ + $APACHE_CONF + %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/logo\.jpg/\/usr\/share\/shibboleth\/logo.jpg/g" \ + $APACHE_CONF + fi fi -fi -# Install the shibd init.d scripts and service -if [ -d %{_sysconfdir}/init.d ] ; then - if [ ! -f %{_sysconfdir}/init.d/shibd ] ; then - cp -p %{_sysconfdir}/shibboleth/shibd %{_sysconfdir}/init.d/shibd - chmod 755 %{_sysconfdir}/init.d/shibd - chkconfig --add shibd +%if 0%{?rhel} >= 7 || 0%{?centos_version} >= 700 + # Initial prep for systemd + %systemd_post shibd.service + if [ $1 -gt 1 ] ; then + systemctl daemon-reload fi -fi +%else + # Add the proper /etc/rc*.d links for the script + /sbin/chkconfig --add shibd +%endif +%endif +%if "%{_vendor}" == "suse" +%if 0%{?suse_version} >= 1210 + %service_add_post shibd.service + systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf +%else + # This adds the proper /etc/rc*.d links for the script + # and populates the sysconfig/shibd file. + cd / + %{fillup_only -n shibd} + %insserv_force_if_yast shibd +%endif +%endif + +%preun +# On final removal, stop shibd and remove service, restart Apache if running. +%if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon" +%if 0%{?rhel} >= 7 || 0%{?centos_version} >= 700 + %systemd_preun shibd.service +%else + if [ $1 -eq 0 ] ; then + /sbin/service shibd stop >/dev/null 2>&1 + /sbin/chkconfig --del shibd + fi +%endif + if [ $1 -eq 0 ] ; then + %{!?_without_builtinapache:/sbin/service httpd status 1>/dev/null && /sbin/service httpd restart 1>/dev/null} + fi +%endif +%if "%{_vendor}" == "suse" +%if 0%{?suse_version} >= 1210 + %service_del_preun shibd.service +%else + %stop_on_removal shibd +%endif + if [ $1 -eq 0 ] ; then + %{!?_without_builtinapache:/sbin/service apache2 status 1>/dev/null && /sbin/service apache2 restart 1>/dev/null} + fi +%endif +exit 0 %postun +%ifnos solaris2.8 solaris2.9 solaris2.10 solaris2.11 /sbin/ldconfig - -# delete the shibboleth apache configuration if we're being removed -[ "$1" = 0 ] || exit 0 -[ -f %{_sysconfdir}/httpd/conf.d/shib.conf ] && \ - rm -f %{_sysconfdir}/httpd/conf.d/shib.conf - -# clear init.d state -chkconfig --del shibd -[ -f %{_sysconfdir}/init.d/shibd ] && \ - rm -f %{_sysconfdir}/init.d/shibd - -%triggerin selinux-policy-targeted -- %{name} -restorecon %{_sbindir}/shibd - -%triggerin selinux-policy-targeted -- selinux-policy-targeted-sources -cd %{_sysconfdir}/selinux/targeted/src/policy || exit 1 -make -W install -make load -restorecon %{_sbindir}/shibd +%endif +%if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon" + # On upgrade, restart components if they're already running. +%if 0%{?rhel} >= 7 || 0%{?centos_version} >= 700 + %systemd_postun_with_restart shibd.service +%else + if [ $1 -ge 1 ] ; then + /sbin/service shibd status 1>/dev/null && /sbin/service shibd restart 1>/dev/null + fi +%endif + if [ $1 -ge 1 ] ; then + %{!?_without_builtinapache:/sbin/service httpd status 1>/dev/null && /sbin/service httpd restart 1>/dev/null} + exit 0 + fi +%endif +%if "%{_vendor}" == "suse" +%if 0%{?suse_version} >= 1210 + %service_del_postun shibd.service +%else + cd / + %restart_on_update shibd + %{insserv_cleanup} +%endif + %{!?_without_builtinapache:%restart_on_update apache2} +%endif + +%posttrans +# One-time extra restart of shibd and Apache to work around +# SUSE bug that breaks old %restart_on_update macro. +# If we remove, upgrades from pre-systemd to post-systemd +# will stop doing the final restart. +%if "%{_vendor}" == "suse" && 0%{?suse_version} >= 1210 + /usr/bin/systemctl try-restart shibd >/dev/null 2>&1 || : + /usr/bin/systemctl try-restart apache2 >/dev/null 2>&1 || : +%endif +exit 0 %files -f rpm.filelist %defattr(-,root,root,-) -%doc _docs/CREDITS.txt _docs/NOTICE.txt _docs/NEWS.txt _docs/logo.jpg -%doc _docs/main.css _docs/README.txt _docs/LICENSE.txt _docs/mysql-4.0.12.diff %{_sbindir}/shibd -%{_sbindir}/siterefresh -%{_bindir}/shibtest -%{_libdir}/libshib.so.* -%{_libdir}/libshib-target.so.* -%dir /var/log/shibboleth +%{_bindir}/mdquery +%{_bindir}/resolvertest +%{_libdir}/libshibsp.so.* +%{_libdir}/libshibsp-lite.so.* +%dir %{_libdir}/shibboleth +%{_libdir}/shibboleth/* +%attr(0750,%{runuser},%{runuser}) %dir %{_localstatedir}/log/shibboleth +%if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon" || "%{_vendor}" == "suse" +%if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon" +%attr(0750,apache,apache) %dir %{_localstatedir}/log/shibboleth-www +%endif +%if "%{_vendor}" == "suse" +%attr(0750,wwwrun,www) %dir %{_localstatedir}/log/shibboleth-www +%endif +%else +%attr(0750,-,-) %dir %{_localstatedir}/log/shibboleth-www +%endif +%if 0%{?suse_version} < 1300 +%attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/run/shibboleth +%endif +%attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/cache/shibboleth %dir %{_datadir}/xml/shibboleth -%{_datadir}/xml/shibboleth/*.xsd -%{_datadir}/xml/shibboleth/*.xsl +%{_datadir}/xml/shibboleth/* +%dir %{_datadir}/shibboleth +%{_datadir}/shibboleth/* %dir %{_sysconfdir}/shibboleth %config(noreplace) %{_sysconfdir}/shibboleth/*.xml %config(noreplace) %{_sysconfdir}/shibboleth/*.html %config(noreplace) %{_sysconfdir}/shibboleth/*.logger -%config %{_sysconfdir}/shibboleth/inqueue.pem -%config %{_sysconfdir}/shibboleth/sp-example.crt -%config %{_sysconfdir}/shibboleth/sp-example.key +%if "%{_vendor}" == "redhat" +%if 0%{?rhel} >= 7 || 0%{?centos_version} >= 700 +%else +%config %{_initrddir}/shibd +%endif +%endif +%if "%{_vendor}" == "amazon" +%config %{_initrddir}/shibd +%endif +%if "%{_vendor}" == "suse" && 0%{?suse_version} < 1210 +%config %{_initrddir}/shibd +%{_sbindir}/rcshibd +%endif +%if 0%{?suse_version} >= 1210 || 0%{?rhel} >= 7 || 0%{?centos_version} >= 700 +%{_tmpfilesdir}/%{name}.conf +%endif %{_sysconfdir}/shibboleth/*.dist %{_sysconfdir}/shibboleth/apache*.config -%{_sysconfdir}/shibboleth/shibd - -%exclude %{_bindir}/posttest -%exclude %{_bindir}/test-client -%exclude %{_libexecdir}/*.la +%{_sysconfdir}/shibboleth/shibd-* +%attr(0755,root,root) %{_sysconfdir}/shibboleth/keygen.sh +%attr(0755,root,root) %{_sysconfdir}/shibboleth/metagen.sh +%{_sysconfdir}/shibboleth/*.xsl +%doc %{pkgdocdir} +%exclude %{pkgdocdir}/api %files devel %defattr(-,root,root,-) -%{_includedir} -%{_libdir}/libshib.so -%{_libdir}/libshib-target.so - -%files selinux-policy-targeted -%defattr(-,root,root,-) -%{_sysconfdir}/selinux/targeted/src/policy/file_contexts/program/*.fc -%{_sysconfdir}/selinux/targeted/src/policy/domains/program/*.te +%{_includedir}/* +%{_libdir}/libshibsp.so +%{_libdir}/libshibsp-lite.so +%doc %{pkgdocdir}/api %changelog +* Thu Jul 23 2015 Scott Cantor - 2.5.5-2 +- Fix use of /var/run/shibboleth on newer tmpfs platforms + +* Thu Jul 2 2015 Scott Cantor - 2.5.5-1 +- Revamp with systemd support for RH/CentOS 7+ and SUSE 12.1+ + +* Mon Mar 9 2015 Scott Cantor - 2.5.4-1 +- Add Amazon VM support +- Add a separate native logging directory +- Remove hard-coded init.d usage +- Switch to bz2 sources to prevent future issues with SuSE + +* Mon Nov 17 2014 Scott Cantor - 2.5.3-2 +- Add libtool dep for OpenSUSE 13 +- Remove /var/run/shibboleth for OpenSUSE 13 + +* Tue May 13 2014 Ian Young - 2.5.3-1.2 +- Update package dependencies for RHEL/CentOS 7 +- Fix bogus dates in changelog + +* Sat Jun 8 2013 Scott Cantor - 2.5.2-1 +- Add --with-gssapi using MIT K5 by default + +* Tue Sep 25 2012 Scott Cantor - 2.5.1-1 +- Merge back various changes used in released packages +- Prep for 2.5.1 by pulling extra restart out + +* Tue Aug 7 2012 Scott Cantor - 2.5.0-2 +- Changed package name back to shibboleth because of upgrade bugs +- Put back extra restart for this release only. + +* Thu Mar 1 2012 Scott Cantor - 2.5.0-1 +- Move logo and stylesheet to version-independent tree +- Make shib.conf noreplace +- Post-fixup of Alias commands in older shib.conf +- Changes to run shibd as non-root shibboleth user +- Move init customizations to /etc/sysconfig/shibd +- Copy shibd restart for Red Hat to postun +- Add boost-devel dependency +- Build memcache plugin on RH6 +- Add cachedir to install +- Add Apache 2.4 to install + +* Sun Jun 26 2011 Scott Cantor - 2.4.3-1 +- Log files shouldn't be world readable. +- Explicit requirement for libcurl-openssl on RHEL6 +- Uncomment LD_LIBRARY_PATH in init script for RHEL6 +- Remove rpath from binaries for RHEL6 + +* Fri Dec 25 2009 Scott Cantor - 2.4-1 +- Update dependencies. + +* Mon Nov 23 2009 Scott Cantor - 2.3.1-1 +- Reset revision for 2.3.1 release + +* Wed Aug 19 2009 Scott Cantor - 2.2.1-2 +- SuSE init script changes +- Restart Apache on removal, not just upgrade +- Fix scriptlet exit values when Apache is stopped + +* Mon Aug 10 2009 Scott Cantor - 2.2.1-1 +- Doc handling changes +- SuSE init script + +* Tue Aug 4 2009 Scott Cantor - 2.2.1-1 +- Initial version for 2.2.1, with shibd/httpd restart on upgrade + +* Thu Jun 25 2009 Scott Cantor - 2.2-3 +- Add additional cleanup to posttrans fix + +* Tue Jun 23 2009 Scott Cantor - 2.2-2 +- Reverse without_builtinapache macro test +- Fix init script handling on Red Hat to handle upgrades + +* Wed Dec 3 2008 Scott Cantor - 2.2-1 +- Bump minor version. +- Make keygen.sh executable. +- Fixing SUSE Xerces dependency name. +- Optionally package shib.conf. + +* Tue Jun 10 2008 Scott Cantor - 2.1-1 +- Change shib.conf handling to treat as config file. + +* Mon Mar 17 2008 Scott Cantor - 2.0-6 +- Official release. + +* Fri Jan 18 2008 Scott Cantor - 2.0-5 +- Release candidate 1. + +* Sun Oct 21 2007 Scott Cantor - 2.0-4 +- libexec -> lib/shibboleth changes +- Added doc subpackage + +* Thu Aug 16 2007 Scott Cantor - 2.0-3 +- First public beta. + +* Fri Jul 13 2007 Scott Cantor - 2.0-2 +- Second alpha release. + +* Sun Jun 10 2007 Scott Cantor - 2.0-1 +- First alpha release. + +* Mon Oct 2 2006 Scott Cantor - 1.3-11 +- Applied fix for secadv 20061002 +- Fix for metadata loader loop + +* Thu Jun 15 2006 Scott Cantor - 1.3-10 +- Applied fix for sec 20060615 + +* Sat Apr 15 2006 Scott Cantor - 1.3-9 +- Misc. patches, SuSE, Apache 2.2, gcc 4.1, and 64-bit support + +* Mon Jan 9 2006 Scott Cantor - 1.3-8 +- Applied new fix for secadv 20060109 + +* Tue Nov 8 2005 Scott Cantor - 1.3-7 +- Applied new fix for secadv 20050901 plus rollup + * Fri Sep 23 2005 Scott Cantor - 1.3-6 - Minor patches and default config changes - pidfile patch