2 Version: @PACKAGE_VERSION@
4 Summary: Open source system for attribute-based Web SSO
5 Group: Productivity/Networking/Security
6 Vendor: Shibboleth Consortium
8 URL: http://shibboleth.net/
9 Source: %{name}-sp-%{version}.tar.bz2
10 BuildRoot: %{_tmppath}/%{name}-sp-%{version}-root
11 Obsoletes: shibboleth-sp = 2.5.0
13 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1
14 PreReq: xmltooling-schemas%{?_isa} >= 1.5.0, opensaml-schemas%{?_isa} >= 2.5.0
16 PreReq: xmltooling-schemas >= 1.5.0, opensaml-schemas >= 2.5.0
18 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
19 PreReq: %{insserv_prereq} %{fillup_prereq}
20 BuildRequires: libxerces-c-devel >= 3.1
22 %if 0%{?rhel} >= 7 || 0%{?centos_version} >= 700
23 BuildRequires: xerces-c-devel >= 3.1
25 BuildRequires: libxerces-c-devel >= 3.1
28 BuildRequires: libxml-security-c-devel >= 1.4.0
29 BuildRequires: libxmltooling-devel >= 1.5.0
30 BuildRequires: libsaml-devel >= 2.5.0
31 %{?_with_log4cpp:BuildRequires: liblog4cpp-devel >= 1.0}
32 %{!?_with_log4cpp:BuildRequires: liblog4shib-devel >= 1.0.4}
33 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1
34 Requires: libcurl-openssl%{?_isa} >= 7.21.7
35 BuildRequires: chrpath
37 %if 0%{?suse_version} > 1300
38 BuildRequires: libtool
40 BuildRequires: gcc-c++, zlib-devel, boost-devel >= 1.32.0
41 %{!?_without_gssapi:BuildRequires: krb5-devel}
42 %{!?_without_doxygen:BuildRequires: doxygen}
43 %{!?_without_odbc:BuildRequires:unixODBC-devel}
44 %{?_with_fastcgi:BuildRequires: fcgi-devel}
45 %if 0%{?centos_version} >= 600
46 BuildRequires: libmemcached-devel
48 %{?_with_memcached:BuildRequires: libmemcached-devel}
49 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon"
50 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1
51 %{!?_without_builtinapache:BuildRequires: httpd-devel%{?_isa}}
53 %{!?_without_builtinapache:BuildRequires: httpd-devel}
55 BuildRequires: redhat-rpm-config
56 Requires(pre): shadow-utils
57 Requires(post): chkconfig
58 Requires(preun): chkconfig, initscripts
60 %if "%{_vendor}" == "suse"
61 Requires(pre): pwdutils
62 %{!?_without_builtinapache:BuildRequires: apache2-devel}
66 %if "%{_vendor}" == "suse"
67 %define pkgdocdir %{_docdir}/shibboleth
69 %define pkgdocdir %{_docdir}/shibboleth-%{version}
73 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
74 that supports multiple protocols, federated identity, and the extensible
75 exchange of rich attributes subject to privacy controls.
77 This package contains the Shibboleth Service Provider runtime libraries,
78 daemon, default plugins, and Apache module(s).
81 Summary: Shibboleth Development Headers
82 Group: Development/Libraries/C and C++
83 Requires: %{name} = %{version}-%{release}
84 Obsoletes: shibboleth-sp-devel = 2.5.0
85 %if 0%{?rhel} >= 7 || 0%{?centos_version} >= 700
86 Requires: xerces-c-devel >= 3.1
88 Requires: libxerces-c-devel >= 3.1
90 Requires: libxml-security-c-devel >= 1.4.0
91 Requires: libxmltooling-devel >= 1.5.0
92 Requires: libsaml-devel >= 2.5.0
93 %{?_with_log4cpp:Requires: liblog4cpp-devel >= 1.0}
94 %{!?_with_log4cpp:Requires: liblog4shib-devel >= 1.0.4}
97 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
98 that supports multiple protocols, federated identity, and the extensible
99 exchange of rich attributes subject to privacy controls.
101 This package includes files needed for development with Shibboleth.
104 %setup -n %{name}-sp-%{version}
107 %if 0%{?centos_version} >= 600
108 %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{!?_without_gssapi:--with-gssapi} %{!?_without_memcached:--with-memcached} %{?shib_options}
110 %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{!?_without_gssapi:--with-gssapi} %{?_with_memcached} %{?shib_options}
112 %{__make} pkgdocdir=%{pkgdocdir}
115 %{__make} install NOKEYGEN=1 DESTDIR=$RPM_BUILD_ROOT pkgdocdir=%{pkgdocdir}
117 %if "%{_vendor}" == "suse"
118 %{__sed} -i "s/\/var\/log\/httpd/\/var\/log\/apache2/g" \
119 $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/native.logger
122 # Plug the SP into the built-in Apache on a recognized system.
125 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_13.so ] ; then
126 APACHE_CONFIG="apache.config"
128 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_20.so ] ; then
129 APACHE_CONFIG="apache2.config"
131 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_22.so ] ; then
132 APACHE_CONFIG="apache22.config"
134 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_24.so ] ; then
135 APACHE_CONFIG="apache24.config"
137 %{?_without_builtinapache:APACHE_CONFIG="no"}
138 if [ "$APACHE_CONFIG" != "no" ] ; then
140 if [ -d %{_sysconfdir}/httpd/conf.d ] ; then
141 APACHE_CONFD="%{_sysconfdir}/httpd/conf.d"
143 if [ -d %{_sysconfdir}/apache2/conf.d ] ; then
144 APACHE_CONFD="%{_sysconfdir}/apache2/conf.d"
146 if [ "$APACHE_CONFD" != "no" ] ; then
147 %{__mkdir} -p $RPM_BUILD_ROOT$APACHE_CONFD
148 %{__cp} -p $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/$APACHE_CONFIG $RPM_BUILD_ROOT$APACHE_CONFD/shib.conf
149 echo "%config(noreplace) $APACHE_CONFD/shib.conf" >> rpm.filelist
153 # Establish location of sysconfig file, if any.
155 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon"
156 %{__mkdir} -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
157 echo "%config(noreplace) %{_sysconfdir}/sysconfig/shibd" >> rpm.filelist
158 SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/shibd"
160 %if "%{_vendor}" == "suse"
161 %{__mkdir} -p $RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates
162 echo "%{_localstatedir}/adm/fillup-templates/sysconfig.shibd" >> rpm.filelist
163 SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates/sysconfig.shibd"
165 if [ "$SYSCONFIG_SHIBD" != "no" ] ; then
166 # Populate the sysconfig file.
167 cat > $SYSCONFIG_SHIBD <<EOF
168 # Shibboleth SP init script customization
170 # User account for shibd
171 SHIBD_USER=%{runuser}
176 # Wait period (secs) for configuration (and metadata) to load
179 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1
180 cat >> $SYSCONFIG_SHIBD <<EOF
182 # Override OS-supplied libcurl
183 export LD_LIBRARY_PATH=/opt/shibboleth/%{_lib}
185 # Strip existing rpath to libcurl.
186 chrpath -d $RPM_BUILD_ROOT%{_sbindir}/shibd
187 chrpath -d $RPM_BUILD_ROOT%{_bindir}/mdquery
188 chrpath -d $RPM_BUILD_ROOT%{_bindir}/resolvertest
192 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon" || "%{_vendor}" == "suse"
193 # %{_initddir} not yet in RHEL5, use deprecated %{_initrddir}
194 install -d -m 0755 $RPM_BUILD_ROOT%{_initrddir}
195 install -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/shibd-%{_vendor} $RPM_BUILD_ROOT%{_initrddir}/shibd
196 %if "%{_vendor}" == "suse"
197 install -d -m 0755 $RPM_BUILD_ROOT/%{_sbindir}
198 %{__ln_s} -f %{_initrddir}/shibd $RPM_BUILD_ROOT%{_sbindir}/rcshibd
206 [ "$RPM_BUILD_ROOT" != "/" ] && %{__rm} -rf $RPM_BUILD_ROOT
209 getent group %{runuser} >/dev/null || groupadd -r %{runuser}
210 getent passwd %{runuser} >/dev/null || useradd -r -g %{runuser} \
211 -d %{_localstatedir}/run/shibboleth -s /sbin/nologin -c "Shibboleth SP daemon" %{runuser}
215 %ifnos solaris2.8 solaris2.9 solaris2.10 solaris2.11
219 # Key generation or ownership fix
220 cd %{_sysconfdir}/shibboleth
221 if [ -f sp-key.pem ] ; then
222 %{__chown} %{runuser}:%{runuser} sp-key.pem sp-cert.pem 2>/dev/null || :
224 sh ./keygen.sh -b -u %{runuser} -g %{runuser}
227 # Fix ownership of log files (even on new installs, if they're left from an older one).
228 %{__chown} %{runuser}:%{runuser} %{_localstatedir}/log/shibboleth/* 2>/dev/null || :
230 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon"
231 if [ "$1" -gt "1" ] ; then
232 # On Red Hat with shib.conf installed, clean up old Alias commands
233 # by pointing them at new version-independent /usr/share/share tree.
234 # Any Aliases we didn't create we assume are custom files.
235 # This is to accomodate making shib.conf a noreplace config file.
236 # We can't do this for SUSE, because they disallow changes to
237 # packaged files in scriplets.
239 if [ -f %{_sysconfdir}/httpd/conf.d/shib.conf ] ; then
240 APACHE_CONF="%{_sysconfdir}/httpd/conf.d/shib.conf"
242 if [ "$APACHE_CONF" != "no" ] ; then
243 %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/main\.css/\/usr\/share\/shibboleth\/main.css/g" \
245 %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/logo\.jpg/\/usr\/share\/shibboleth\/logo.jpg/g" \
250 # This adds the proper /etc/rc*.d links for the script
251 /sbin/chkconfig --add shibd
253 %if "%{_vendor}" == "suse"
254 # This adds the proper /etc/rc*.d links for the script
255 # and populates the sysconfig/shibd file.
257 %{fillup_only -n shibd}
258 %insserv_force_if_yast shibd
262 # On final removal, stop shibd and remove service, restart Apache if running.
263 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon"
264 if [ "$1" -eq 0 ] ; then
265 /sbin/service shibd stop >/dev/null 2>&1
266 /sbin/chkconfig --del shibd
267 %{!?_without_builtinapache:/sbin/service httpd status 1>/dev/null && /sbin/service httpd restart 1>/dev/null}
270 %if "%{_vendor}" == "suse"
271 %stop_on_removal shibd
272 if [ "$1" -eq 0 ] ; then
273 %{!?_without_builtinapache:/sbin/service apache2 status 1>/dev/null && /sbin/service apache2 restart 1>/dev/null}
279 %ifnos solaris2.8 solaris2.9 solaris2.10 solaris2.11
282 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon"
283 # On upgrade, restart components if they're already running.
284 if [ "$1" -ge "1" ] ; then
285 /sbin/service shibd status 1>/dev/null && /sbin/service shibd restart 1>/dev/null
286 %{!?_without_builtinapache:/sbin/service httpd status 1>/dev/null && /sbin/service httpd restart 1>/dev/null}
290 %if "%{_vendor}" == "suse"
292 %restart_on_update shibd
293 %{!?_without_builtinapache:%restart_on_update apache2}
298 # ugly hack if init script got removed during %postun by upgraded (buggy/2.1) package
299 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon"
300 if [ ! -f %{_initrddir}/shibd ] ; then
301 if [ -f %{_sysconfdir}/shibboleth/shibd-%{_vendor} ] ; then
302 %{__cp} -p %{_sysconfdir}/shibboleth/shibd-%{_vendor} %{_initrddir}/shibd
303 %{__chmod} 755 %{_initrddir}/shibd
304 /sbin/chkconfig --add shibd
309 %files -f rpm.filelist
310 %defattr(-,root,root,-)
313 %{_bindir}/resolvertest
314 %{_libdir}/libshibsp.so.*
315 %{_libdir}/libshibsp-lite.so.*
316 %dir %{_libdir}/shibboleth
317 %{_libdir}/shibboleth/*
318 %attr(0750,%{runuser},%{runuser}) %dir %{_localstatedir}/log/shibboleth
319 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon" || "%{_vendor}" == "suse"
320 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon"
321 %attr(0750,apache,apache) %dir %{_localstatedir}/log/shibboleth-www
323 %if "%{_vendor}" == "suse"
324 %attr(0750,wwwrun,www) %dir %{_localstatedir}/log/shibboleth-www
327 %attr(0750,-,-) %dir %{_localstatedir}/log/shibboleth-www
329 %if 0%{?suse_version} < 1300
330 %attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/run/shibboleth
332 %attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/cache/shibboleth
333 %dir %{_datadir}/xml/shibboleth
334 %{_datadir}/xml/shibboleth/*
335 %dir %{_datadir}/shibboleth
336 %{_datadir}/shibboleth/*
337 %dir %{_sysconfdir}/shibboleth
338 %config(noreplace) %{_sysconfdir}/shibboleth/*.xml
339 %config(noreplace) %{_sysconfdir}/shibboleth/*.html
340 %config(noreplace) %{_sysconfdir}/shibboleth/*.logger
341 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon" || "%{_vendor}" == "suse"
342 %config %{_initrddir}/shibd
344 %if "%{_vendor}" == "suse"
347 %{_sysconfdir}/shibboleth/*.dist
348 %{_sysconfdir}/shibboleth/apache*.config
349 %{_sysconfdir}/shibboleth/shibd-*
350 %attr(0755,root,root) %{_sysconfdir}/shibboleth/keygen.sh
351 %attr(0755,root,root) %{_sysconfdir}/shibboleth/metagen.sh
352 %{_sysconfdir}/shibboleth/*.xsl
354 %exclude %{pkgdocdir}/api
357 %defattr(-,root,root,-)
359 %{_libdir}/libshibsp.so
360 %{_libdir}/libshibsp-lite.so
361 %doc %{pkgdocdir}/api
364 * Mon Mar 9 2015 Scott Cantor <cantor.2@osu.edu> - 2.5.4-1
365 - Add Amazon VM support
366 - Add a separate native logging directory
367 - Remove hard-coded init.d usage
368 - Switch to bz2 sources to prevent future issues with SuSE
370 * Mon Nov 17 2014 Scott Cantor <cantor.2@osu.edu> - 2.5.3-2
371 - Add libtool dep for OpenSUSE 13
372 - Remove /var/run/shibboleth for OpenSUSE 13
374 * Tue May 13 2014 Ian Young <ian@iay.org.uk> - 2.5.3-1.2
375 - Update package dependencies for RHEL/CentOS 7
376 - Fix bogus dates in changelog
378 * Sat Jun 8 2013 Scott Cantor <cantor.2@osu.edu> - 2.5.2-1
379 - Add --with-gssapi using MIT K5 by default
381 * Tue Sep 25 2012 Scott Cantor <cantor.2@osu.edu> - 2.5.1-1
382 - Merge back various changes used in released packages
383 - Prep for 2.5.1 by pulling extra restart out
385 * Tue Aug 7 2012 Scott Cantor <cantor.2@osu.edu> - 2.5.0-2
386 - Changed package name back to shibboleth because of upgrade bugs
387 - Put back extra restart for this release only.
389 * Thu Mar 1 2012 Scott Cantor <cantor.2@osu.edu> - 2.5.0-1
390 - Move logo and stylesheet to version-independent tree
391 - Make shib.conf noreplace
392 - Post-fixup of Alias commands in older shib.conf
393 - Changes to run shibd as non-root shibboleth user
394 - Move init customizations to /etc/sysconfig/shibd
395 - Copy shibd restart for Red Hat to postun
396 - Add boost-devel dependency
397 - Build memcache plugin on RH6
398 - Add cachedir to install
399 - Add Apache 2.4 to install
401 * Sun Jun 26 2011 Scott Cantor <cantor.2@osu.edu> - 2.4.3-1
402 - Log files shouldn't be world readable.
403 - Explicit requirement for libcurl-openssl on RHEL6
404 - Uncomment LD_LIBRARY_PATH in init script for RHEL6
405 - Remove rpath from binaries for RHEL6
407 * Fri Dec 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.4-1
408 - Update dependencies.
410 * Mon Nov 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.3.1-1
411 - Reset revision for 2.3.1 release
413 * Wed Aug 19 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-2
414 - SuSE init script changes
415 - Restart Apache on removal, not just upgrade
416 - Fix scriptlet exit values when Apache is stopped
418 * Mon Aug 10 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
419 - Doc handling changes
422 * Tue Aug 4 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
423 - Initial version for 2.2.1, with shibd/httpd restart on upgrade
425 * Thu Jun 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-3
426 - Add additional cleanup to posttrans fix
428 * Tue Jun 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-2
429 - Reverse without_builtinapache macro test
430 - Fix init script handling on Red Hat to handle upgrades
432 * Wed Dec 3 2008 Scott Cantor <cantor.2@osu.edu> - 2.2-1
433 - Bump minor version.
434 - Make keygen.sh executable.
435 - Fixing SUSE Xerces dependency name.
436 - Optionally package shib.conf.
438 * Tue Jun 10 2008 Scott Cantor <cantor.2@osu.edu> - 2.1-1
439 - Change shib.conf handling to treat as config file.
441 * Mon Mar 17 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-6
444 * Fri Jan 18 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-5
445 - Release candidate 1.
447 * Sun Oct 21 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-4
448 - libexec -> lib/shibboleth changes
449 - Added doc subpackage
451 * Thu Aug 16 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-3
454 * Fri Jul 13 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-2
455 - Second alpha release.
457 * Sun Jun 10 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-1
458 - First alpha release.
460 * Mon Oct 2 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-11
461 - Applied fix for secadv 20061002
462 - Fix for metadata loader loop
464 * Thu Jun 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-10
465 - Applied fix for sec 20060615
467 * Sat Apr 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-9
468 - Misc. patches, SuSE, Apache 2.2, gcc 4.1, and 64-bit support
470 * Mon Jan 9 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-8
471 - Applied new fix for secadv 20060109
473 * Tue Nov 8 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-7
474 - Applied new fix for secadv 20050901 plus rollup
476 * Fri Sep 23 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-6
477 - Minor patches and default config changes
479 - Fix shib.conf creation
480 - Integrated init.d script
481 - Prevent replacement of config files
483 * Thu Sep 1 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-5
484 - Applied fix for secadv 20050901 plus rollup of NSAPI fixes
486 * Sun Apr 24 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-1
487 - Updated test programs and location of schemas.
488 - move siterefresh to to sbindir
490 * Fri Apr 1 2005 Derek Atkins <derek@ihtfp.com> - 1.3-1
491 - Add selinux-targeted-policy package
492 - move shar to sbindir
494 * Tue Oct 19 2004 Derek Atkins <derek@ihtfp.com> - 1.2-1
495 - Create SPEC file based on various versions in existence.