2 Version: @PACKAGE_VERSION@
4 Summary: Open source system for attribute-based Web SSO
5 Group: Productivity/Networking/Security
6 Vendor: Shibboleth Consortium
8 URL: http://shibboleth.net/
9 Source: %{name}-sp-%{version}.tar.gz
10 BuildRoot: %{_tmppath}/%{name}-sp-%{version}-root
11 Obsoletes: shibboleth-sp = 2.5.0
13 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
14 PreReq: xmltooling-schemas%{?_isa} >= 1.5.0, opensaml-schemas%{?_isa} >= 2.5.0
16 PreReq: xmltooling-schemas >= 1.5.0, opensaml-schemas >= 2.5.0
18 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
19 PreReq: %{insserv_prereq} %{fillup_prereq}
20 BuildRequires: libXerces-c-devel >= 2.8.0
22 BuildRequires: libxerces-c-devel >= 2.8.0
24 BuildRequires: libxml-security-c-devel >= 1.4.0
25 BuildRequires: libxmltooling-devel >= 1.5.0
26 BuildRequires: libsaml-devel >= 2.5.0
27 %{?_with_log4cpp:BuildRequires: liblog4cpp-devel >= 1.0}
28 %{!?_with_log4cpp:BuildRequires: liblog4shib-devel >= 1.0.4}
29 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
30 Requires: libcurl-openssl%{?_isa} >= 7.21.7
31 BuildRequires: chrpath
33 BuildRequires: gcc-c++, zlib-devel, boost-devel >= 1.32.0
34 %{!?_without_gssapi:BuildRequires: krb5-devel}
35 %{!?_without_doxygen:BuildRequires: doxygen}
36 %{!?_without_odbc:BuildRequires:unixODBC-devel}
37 %{?_with_fastcgi:BuildRequires: fcgi-devel}
38 %if 0%{?centos_version} >= 600
39 BuildRequires: libmemcached-devel
41 %{?_with_memcached:BuildRequires: libmemcached-devel}
42 %if "%{_vendor}" == "redhat"
43 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
44 %{!?_without_builtinapache:BuildRequires: httpd-devel%{?_isa}}
46 %{!?_without_builtinapache:BuildRequires: httpd-devel}
48 BuildRequires: redhat-rpm-config
49 Requires(pre): shadow-utils
50 Requires(post): chkconfig
51 Requires(preun): chkconfig, initscripts
53 %if "%{_vendor}" == "suse"
54 Requires(pre): pwdutils
55 %{!?_without_builtinapache:BuildRequires: apache2-devel}
59 %if "%{_vendor}" == "suse"
60 %define pkgdocdir %{_docdir}/shibboleth
62 %define pkgdocdir %{_docdir}/shibboleth-%{version}
66 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
67 that supports multiple protocols, federated identity, and the extensible
68 exchange of rich attributes subject to privacy controls.
70 This package contains the Shibboleth Service Provider runtime libraries,
71 daemon, default plugins, and Apache module(s).
74 Summary: Shibboleth Development Headers
75 Group: Development/Libraries/C and C++
76 Requires: %{name} = %{version}-%{release}
77 Obsoletes: shibboleth-sp-devel = 2.5.0
78 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
79 Requires: libXerces-c-devel >= 2.8.0
81 Requires: libxerces-c-devel >= 2.8.0
83 Requires: libxml-security-c-devel >= 1.4.0
84 Requires: libxmltooling-devel >= 1.5.0
85 Requires: libsaml-devel >= 2.5.0
86 %{?_with_log4cpp:Requires: liblog4cpp-devel >= 1.0}
87 %{!?_with_log4cpp:Requires: liblog4shib-devel >= 1.0.4}
90 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
91 that supports multiple protocols, federated identity, and the extensible
92 exchange of rich attributes subject to privacy controls.
94 This package includes files needed for development with Shibboleth.
97 %setup -n %{name}-sp-%{version}
100 %if 0%{?centos_version} >= 600
101 %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{!?_without_gssapi:--with-gssapi} %{!?_without_memcached:--with-memcached} %{?shib_options}
103 %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{!?_without_gssapi:--with-gssapi} %{?_with_memcached} %{?shib_options}
105 %{__make} pkgdocdir=%{pkgdocdir}
108 %{__make} install NOKEYGEN=1 DESTDIR=$RPM_BUILD_ROOT pkgdocdir=%{pkgdocdir}
110 %if "%{_vendor}" == "suse"
111 %{__sed} -i "s/\/var\/log\/httpd/\/var\/log\/apache2/g" \
112 $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/native.logger
115 # Plug the SP into the built-in Apache on a recognized system.
118 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_13.so ] ; then
119 APACHE_CONFIG="apache.config"
121 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_20.so ] ; then
122 APACHE_CONFIG="apache2.config"
124 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_22.so ] ; then
125 APACHE_CONFIG="apache22.config"
127 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_24.so ] ; then
128 APACHE_CONFIG="apache24.config"
130 %{?_without_builtinapache:APACHE_CONFIG="no"}
131 if [ "$APACHE_CONFIG" != "no" ] ; then
133 if [ -d %{_sysconfdir}/httpd/conf.d ] ; then
134 APACHE_CONFD="%{_sysconfdir}/httpd/conf.d"
136 if [ -d %{_sysconfdir}/apache2/conf.d ] ; then
137 APACHE_CONFD="%{_sysconfdir}/apache2/conf.d"
139 if [ "$APACHE_CONFD" != "no" ] ; then
140 %{__mkdir} -p $RPM_BUILD_ROOT$APACHE_CONFD
141 %{__cp} -p $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/$APACHE_CONFIG $RPM_BUILD_ROOT$APACHE_CONFD/shib.conf
142 echo "%config(noreplace) $APACHE_CONFD/shib.conf" >> rpm.filelist
146 # Establish location of sysconfig file, if any.
148 %if "%{_vendor}" == "redhat"
149 %{__mkdir} -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
150 echo "%config(noreplace) %{_sysconfdir}/sysconfig/shibd" >> rpm.filelist
151 SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/shibd"
153 %if "%{_vendor}" == "suse"
154 %{__mkdir} -p $RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates
155 echo "%{_localstatedir}/adm/fillup-templates/sysconfig.shibd" >> rpm.filelist
156 SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates/sysconfig.shibd"
158 if [ "$SYSCONFIG_SHIBD" != "no" ] ; then
159 # Populate the sysconfig file.
160 cat > $SYSCONFIG_SHIBD <<EOF
161 # Shibboleth SP init script customization
163 # User account for shibd
164 SHIBD_USER=%{runuser}
166 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
167 cat >> $SYSCONFIG_SHIBD <<EOF
169 # Override OS-supplied libcurl
170 export LD_LIBRARY_PATH=/opt/shibboleth/%{_lib}
172 # Strip existing rpath to libcurl.
173 chrpath -d $RPM_BUILD_ROOT%{_sbindir}/shibd
174 chrpath -d $RPM_BUILD_ROOT%{_bindir}/mdquery
175 chrpath -d $RPM_BUILD_ROOT%{_bindir}/resolvertest
179 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
180 # %{_initddir} not yet in RHEL5, use deprecated %{_initrddir}
181 install -d -m 0755 $RPM_BUILD_ROOT%{_initrddir}
182 install -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/shibd-%{_vendor} $RPM_BUILD_ROOT%{_initrddir}/shibd
183 %if "%{_vendor}" == "suse"
184 install -d -m 0755 $RPM_BUILD_ROOT/%{_sbindir}
185 %{__ln_s} -f %{_initrddir}/shibd $RPM_BUILD_ROOT%{_sbindir}/rcshibd
193 [ "$RPM_BUILD_ROOT" != "/" ] && %{__rm} -rf $RPM_BUILD_ROOT
196 getent group %{runuser} >/dev/null || groupadd -r %{runuser}
197 getent passwd %{runuser} >/dev/null || useradd -r -g %{runuser} \
198 -d %{_localstatedir}/run/shibboleth -s /sbin/nologin -c "Shibboleth SP daemon" %{runuser}
202 %ifnos solaris2.8 solaris2.9 solaris2.10 solaris2.11
206 # Key generation or ownership fix
207 cd %{_sysconfdir}/shibboleth
208 if [ -f sp-key.pem ] ; then
209 %{__chown} %{runuser}:%{runuser} sp-key.pem sp-cert.pem 2>/dev/null || :
211 sh ./keygen.sh -b -u %{runuser} -g %{runuser}
214 # Fix ownership of log files (even on new installs, if they're left from an older one).
215 %{__chown} %{runuser}:%{runuser} %{_localstatedir}/log/shibboleth/* 2>/dev/null || :
217 %if "%{_vendor}" == "redhat"
218 if [ "$1" -gt "1" ] ; then
219 # On Red Hat with shib.conf installed, clean up old Alias commands
220 # by pointing them at new version-independent /usr/share/share tree.
221 # Any Aliases we didn't create we assume are custom files.
222 # This is to accomodate making shib.conf a noreplace config file.
223 # We can't do this for SUSE, because they disallow changes to
224 # packaged files in scriplets.
226 if [ -f %{_sysconfdir}/httpd/conf.d/shib.conf ] ; then
227 APACHE_CONF="%{_sysconfdir}/httpd/conf.d/shib.conf"
229 if [ "$APACHE_CONF" != "no" ] ; then
230 %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/main\.css/\/usr\/share\/shibboleth\/main.css/g" \
232 %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/logo\.jpg/\/usr\/share\/shibboleth\/logo.jpg/g" \
237 # This adds the proper /etc/rc*.d links for the script
238 /sbin/chkconfig --add shibd
240 %if "%{_vendor}" == "suse"
241 # This adds the proper /etc/rc*.d links for the script
242 # and populates the sysconfig/shibd file.
244 %{fillup_only -n shibd}
245 %insserv_force_if_yast shibd
249 # On final removal, stop shibd and remove service, restart Apache if running.
250 %if "%{_vendor}" == "redhat"
251 if [ "$1" -eq 0 ] ; then
252 /sbin/service shibd stop >/dev/null 2>&1
253 /sbin/chkconfig --del shibd
254 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
257 %if "%{_vendor}" == "suse"
258 %stop_on_removal shibd
259 if [ "$1" -eq 0 ] ; then
260 %{!?_without_builtinapache:/etc/init.d/apache2 status 1>/dev/null && /etc/init.d/apache2 restart 1>/dev/null}
266 %ifnos solaris2.8 solaris2.9 solaris2.10 solaris2.11
269 %if "%{_vendor}" == "redhat"
270 # On upgrade, restart components if they're already running.
271 if [ "$1" -ge "1" ] ; then
272 /etc/init.d/shibd status 1>/dev/null && /etc/init.d/shibd restart 1>/dev/null
273 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
277 %if "%{_vendor}" == "suse"
279 %restart_on_update shibd
280 %{!?_without_builtinapache:%restart_on_update apache2}
285 # ugly hack if init script got removed during %postun by upgraded (buggy/2.1) package
286 %if "%{_vendor}" == "redhat"
287 if [ ! -f %{_initrddir}/shibd ] ; then
288 if [ -f %{_sysconfdir}/shibboleth/shibd-%{_vendor} ] ; then
289 %{__cp} -p %{_sysconfdir}/shibboleth/shibd-%{_vendor} %{_initrddir}/shibd
290 %{__chmod} 755 %{_initrddir}/shibd
291 /sbin/chkconfig --add shibd
296 %files -f rpm.filelist
297 %defattr(-,root,root,-)
300 %{_bindir}/resolvertest
301 %{_libdir}/libshibsp.so.*
302 %{_libdir}/libshibsp-lite.so.*
303 %dir %{_libdir}/shibboleth
304 %{_libdir}/shibboleth/*
305 %attr(0750,%{runuser},%{runuser}) %dir %{_localstatedir}/log/shibboleth
306 %attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/run/shibboleth
307 %attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/cache/shibboleth
308 %dir %{_datadir}/xml/shibboleth
309 %{_datadir}/xml/shibboleth/*
310 %dir %{_datadir}/shibboleth
311 %{_datadir}/shibboleth/*
312 %dir %{_sysconfdir}/shibboleth
313 %config(noreplace) %{_sysconfdir}/shibboleth/*.xml
314 %config(noreplace) %{_sysconfdir}/shibboleth/*.html
315 %config(noreplace) %{_sysconfdir}/shibboleth/*.logger
316 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
317 %config %{_initrddir}/shibd
319 %if "%{_vendor}" == "suse"
322 %{_sysconfdir}/shibboleth/*.dist
323 %{_sysconfdir}/shibboleth/apache*.config
324 %{_sysconfdir}/shibboleth/shibd-*
325 %attr(0755,root,root) %{_sysconfdir}/shibboleth/keygen.sh
326 %attr(0755,root,root) %{_sysconfdir}/shibboleth/metagen.sh
327 %{_sysconfdir}/shibboleth/*.xsl
329 %exclude %{pkgdocdir}/api
332 %defattr(-,root,root,-)
334 %{_libdir}/libshibsp.so
335 %{_libdir}/libshibsp-lite.so
336 %doc %{pkgdocdir}/api
339 * Sat Jun 8 2013 Scott Cantor <cantor.2@osu.edu> - 2.5.2-1
340 - Add --with-gssapi using MIT K5 by default
342 * Tue Sep 25 2012 Scott Cantor <cantor.2@osu.edu> - 2.5.1-1
343 - Merge back various changes used in released packages
344 - Prep for 2.5.1 by pulling extra restart out
346 * Tue Aug 7 2012 Scott Cantor <cantor.2@osu.edu> - 2.5.0-2
347 - Changed package name back to shibboleth because of upgrade bugs
348 - Put back extra restart for this release only.
350 * Thu Mar 1 2012 Scott Cantor <cantor.2@osu.edu> - 2.5.0-1
351 - Move logo and stylesheet to version-independent tree
352 - Make shib.conf noreplace
353 - Post-fixup of Alias commands in older shib.conf
354 - Changes to run shibd as non-root shibboleth user
355 - Move init customizations to /etc/sysconfig/shibd
356 - Copy shibd restart for Red Hat to postun
357 - Add boost-devel dependency
358 - Build memcache plugin on RH6
359 - Add cachedir to install
360 - Add Apache 2.4 to install
362 * Sun Jun 26 2011 Scott Cantor <cantor.2@osu.edu> - 2.4.3-1
363 - Log files shouldn't be world readable.
364 - Explicit requirement for libcurl-openssl on RHEL6
365 - Uncomment LD_LIBRARY_PATH in init script for RHEL6
366 - Remove rpath from binaries for RHEL6
368 * Fri Dec 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.4-1
369 - Update dependencies.
371 * Mon Nov 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.3.1-1
372 - Reset revision for 2.3.1 release
374 * Wed Aug 19 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-2
375 - SuSE init script changes
376 - Restart Apache on removal, not just upgrade
377 - Fix scriptlet exit values when Apache is stopped
379 * Mon Aug 10 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
380 - Doc handling changes
383 * Tue Aug 4 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
384 - Initial version for 2.2.1, with shibd/httpd restart on upgrade
386 * Thu Jun 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-3
387 - Add additional cleanup to posttrans fix
389 * Tue Jun 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-2
390 - Reverse without_builtinapache macro test
391 - Fix init script handling on Red Hat to handle upgrades
393 * Wed Dec 3 2008 Scott Cantor <cantor.2@osu.edu> - 2.2-1
394 - Bump minor version.
395 - Make keygen.sh executable.
396 - Fixing SUSE Xerces dependency name.
397 - Optionally package shib.conf.
399 * Tue Jun 10 2008 Scott Cantor <cantor.2@osu.edu> - 2.1-1
400 - Change shib.conf handling to treat as config file.
402 * Mon Mar 17 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-6
405 * Fri Jan 18 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-5
406 - Release candidate 1.
408 * Sun Oct 21 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-4
409 - libexec -> lib/shibboleth changes
410 - Added doc subpackage
412 * Thu Aug 16 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-3
415 * Fri Jul 13 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-2
416 - Second alpha release.
418 * Sun Jun 10 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-1
419 - First alpha release.
421 * Mon Oct 2 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-11
422 - Applied fix for secadv 20061002
423 - Fix for metadata loader loop
425 * Wed Jun 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-10
426 - Applied fix for sec 20060615
428 * Fri Apr 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-9
429 - Misc. patches, SuSE, Apache 2.2, gcc 4.1, and 64-bit support
431 * Mon Jan 9 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-8
432 - Applied new fix for secadv 20060109
434 * Tue Nov 8 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-7
435 - Applied new fix for secadv 20050901 plus rollup
437 * Fri Sep 23 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-6
438 - Minor patches and default config changes
440 - Fix shib.conf creation
441 - Integrated init.d script
442 - Prevent replacement of config files
444 * Thu Sep 1 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-5
445 - Applied fix for secadv 20050901 plus rollup of NSAPI fixes
447 * Sun Apr 24 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-1
448 - Updated test programs and location of schemas.
449 - move siterefresh to to sbindir
451 * Fri Apr 1 2005 Derek Atkins <derek@ihtfp.com> - 1.3-1
452 - Add selinux-targeted-policy package
453 - move shar to sbindir
455 * Tue Oct 19 2004 Derek Atkins <derek@ihtfp.com> - 1.2-1
456 - Create SPEC file based on various versions in existence.