2 Version: @PACKAGE_VERSION@
4 Summary: Open source system for attribute-based Web SSO
5 Group: Productivity/Networking/Security
6 Vendor: Shibboleth Consortium
8 URL: http://shibboleth.net/
9 Source: %{name}-sp-%{version}.tar.gz
10 BuildRoot: %{_tmppath}/%{name}-sp-%{version}-root
11 Obsoletes: shibboleth-sp = 2.5.0
13 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1
14 PreReq: xmltooling-schemas%{?_isa} >= 1.5.0, opensaml-schemas%{?_isa} >= 2.5.0
16 PreReq: xmltooling-schemas >= 1.5.0, opensaml-schemas >= 2.5.0
18 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
19 PreReq: %{insserv_prereq} %{fillup_prereq}
20 BuildRequires: libXerces-c-devel >= 2.8.0
22 %if 0%{?rhel} >= 7 || 0%{?centos_version} >= 700
23 BuildRequires: xerces-c-devel >= 2.8.0
25 BuildRequires: libxerces-c-devel >= 2.8.0
28 BuildRequires: libxml-security-c-devel >= 1.4.0
29 BuildRequires: libxmltooling-devel >= 1.5.0
30 BuildRequires: libsaml-devel >= 2.5.0
31 %{?_with_log4cpp:BuildRequires: liblog4cpp-devel >= 1.0}
32 %{!?_with_log4cpp:BuildRequires: liblog4shib-devel >= 1.0.4}
33 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1
34 Requires: libcurl-openssl%{?_isa} >= 7.21.7
35 BuildRequires: chrpath
37 %if 0%{?suse_version} > 1300
38 BuildRequires: libtool
40 BuildRequires: gcc-c++, zlib-devel, boost-devel >= 1.32.0
41 %{!?_without_gssapi:BuildRequires: krb5-devel}
42 %{!?_without_doxygen:BuildRequires: doxygen}
43 %{!?_without_odbc:BuildRequires:unixODBC-devel}
44 %{?_with_fastcgi:BuildRequires: fcgi-devel}
45 %if 0%{?centos_version} >= 600
46 BuildRequires: libmemcached-devel
48 %{?_with_memcached:BuildRequires: libmemcached-devel}
49 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon"
50 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1
51 %{!?_without_builtinapache:BuildRequires: httpd-devel%{?_isa}}
53 %{!?_without_builtinapache:BuildRequires: httpd-devel}
55 BuildRequires: redhat-rpm-config
56 Requires(pre): shadow-utils
57 Requires(post): chkconfig
58 Requires(preun): chkconfig, initscripts
60 %if "%{_vendor}" == "suse"
61 Requires(pre): pwdutils
62 %{!?_without_builtinapache:BuildRequires: apache2-devel}
66 %if "%{_vendor}" == "suse"
67 %define pkgdocdir %{_docdir}/shibboleth
69 %define pkgdocdir %{_docdir}/shibboleth-%{version}
73 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
74 that supports multiple protocols, federated identity, and the extensible
75 exchange of rich attributes subject to privacy controls.
77 This package contains the Shibboleth Service Provider runtime libraries,
78 daemon, default plugins, and Apache module(s).
81 Summary: Shibboleth Development Headers
82 Group: Development/Libraries/C and C++
83 Requires: %{name} = %{version}-%{release}
84 Obsoletes: shibboleth-sp-devel = 2.5.0
85 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
86 Requires: libXerces-c-devel >= 2.8.0
88 %if 0%{?rhel} >= 7 || 0%{?centos_version} >= 700
89 Requires: xerces-c-devel >= 2.8.0
91 Requires: libxerces-c-devel >= 2.8.0
94 Requires: libxml-security-c-devel >= 1.4.0
95 Requires: libxmltooling-devel >= 1.5.0
96 Requires: libsaml-devel >= 2.5.0
97 %{?_with_log4cpp:Requires: liblog4cpp-devel >= 1.0}
98 %{!?_with_log4cpp:Requires: liblog4shib-devel >= 1.0.4}
101 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
102 that supports multiple protocols, federated identity, and the extensible
103 exchange of rich attributes subject to privacy controls.
105 This package includes files needed for development with Shibboleth.
108 %setup -n %{name}-sp-%{version}
111 %if 0%{?centos_version} >= 600
112 %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{!?_without_gssapi:--with-gssapi} %{!?_without_memcached:--with-memcached} %{?shib_options}
114 %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{!?_without_gssapi:--with-gssapi} %{?_with_memcached} %{?shib_options}
116 %{__make} pkgdocdir=%{pkgdocdir}
119 %{__make} install NOKEYGEN=1 DESTDIR=$RPM_BUILD_ROOT pkgdocdir=%{pkgdocdir}
121 %if "%{_vendor}" == "suse"
122 %{__sed} -i "s/\/var\/log\/httpd/\/var\/log\/apache2/g" \
123 $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/native.logger
126 # Plug the SP into the built-in Apache on a recognized system.
129 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_13.so ] ; then
130 APACHE_CONFIG="apache.config"
132 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_20.so ] ; then
133 APACHE_CONFIG="apache2.config"
135 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_22.so ] ; then
136 APACHE_CONFIG="apache22.config"
138 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_24.so ] ; then
139 APACHE_CONFIG="apache24.config"
141 %{?_without_builtinapache:APACHE_CONFIG="no"}
142 if [ "$APACHE_CONFIG" != "no" ] ; then
144 if [ -d %{_sysconfdir}/httpd/conf.d ] ; then
145 APACHE_CONFD="%{_sysconfdir}/httpd/conf.d"
147 if [ -d %{_sysconfdir}/apache2/conf.d ] ; then
148 APACHE_CONFD="%{_sysconfdir}/apache2/conf.d"
150 if [ "$APACHE_CONFD" != "no" ] ; then
151 %{__mkdir} -p $RPM_BUILD_ROOT$APACHE_CONFD
152 %{__cp} -p $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/$APACHE_CONFIG $RPM_BUILD_ROOT$APACHE_CONFD/shib.conf
153 echo "%config(noreplace) $APACHE_CONFD/shib.conf" >> rpm.filelist
157 # Establish location of sysconfig file, if any.
159 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon"
160 %{__mkdir} -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
161 echo "%config(noreplace) %{_sysconfdir}/sysconfig/shibd" >> rpm.filelist
162 SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/shibd"
164 %if "%{_vendor}" == "suse"
165 %{__mkdir} -p $RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates
166 echo "%{_localstatedir}/adm/fillup-templates/sysconfig.shibd" >> rpm.filelist
167 SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates/sysconfig.shibd"
169 if [ "$SYSCONFIG_SHIBD" != "no" ] ; then
170 # Populate the sysconfig file.
171 cat > $SYSCONFIG_SHIBD <<EOF
172 # Shibboleth SP init script customization
174 # User account for shibd
175 SHIBD_USER=%{runuser}
177 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1
178 cat >> $SYSCONFIG_SHIBD <<EOF
180 # Override OS-supplied libcurl
181 export LD_LIBRARY_PATH=/opt/shibboleth/%{_lib}
183 # Strip existing rpath to libcurl.
184 chrpath -d $RPM_BUILD_ROOT%{_sbindir}/shibd
185 chrpath -d $RPM_BUILD_ROOT%{_bindir}/mdquery
186 chrpath -d $RPM_BUILD_ROOT%{_bindir}/resolvertest
190 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon" || "%{_vendor}" == "suse"
191 # %{_initddir} not yet in RHEL5, use deprecated %{_initrddir}
192 install -d -m 0755 $RPM_BUILD_ROOT%{_initrddir}
193 install -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/shibd-%{_vendor} $RPM_BUILD_ROOT%{_initrddir}/shibd
194 %if "%{_vendor}" == "suse"
195 install -d -m 0755 $RPM_BUILD_ROOT/%{_sbindir}
196 %{__ln_s} -f %{_initrddir}/shibd $RPM_BUILD_ROOT%{_sbindir}/rcshibd
204 [ "$RPM_BUILD_ROOT" != "/" ] && %{__rm} -rf $RPM_BUILD_ROOT
207 getent group %{runuser} >/dev/null || groupadd -r %{runuser}
208 getent passwd %{runuser} >/dev/null || useradd -r -g %{runuser} \
209 -d %{_localstatedir}/run/shibboleth -s /sbin/nologin -c "Shibboleth SP daemon" %{runuser}
213 %ifnos solaris2.8 solaris2.9 solaris2.10 solaris2.11
217 # Key generation or ownership fix
218 cd %{_sysconfdir}/shibboleth
219 if [ -f sp-key.pem ] ; then
220 %{__chown} %{runuser}:%{runuser} sp-key.pem sp-cert.pem 2>/dev/null || :
222 sh ./keygen.sh -b -u %{runuser} -g %{runuser}
225 # Fix ownership of log files (even on new installs, if they're left from an older one).
226 %{__chown} %{runuser}:%{runuser} %{_localstatedir}/log/shibboleth/* 2>/dev/null || :
228 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon"
229 if [ "$1" -gt "1" ] ; then
230 # On Red Hat with shib.conf installed, clean up old Alias commands
231 # by pointing them at new version-independent /usr/share/share tree.
232 # Any Aliases we didn't create we assume are custom files.
233 # This is to accomodate making shib.conf a noreplace config file.
234 # We can't do this for SUSE, because they disallow changes to
235 # packaged files in scriplets.
237 if [ -f %{_sysconfdir}/httpd/conf.d/shib.conf ] ; then
238 APACHE_CONF="%{_sysconfdir}/httpd/conf.d/shib.conf"
240 if [ "$APACHE_CONF" != "no" ] ; then
241 %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/main\.css/\/usr\/share\/shibboleth\/main.css/g" \
243 %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/logo\.jpg/\/usr\/share\/shibboleth\/logo.jpg/g" \
248 # This adds the proper /etc/rc*.d links for the script
249 /sbin/chkconfig --add shibd
251 %if "%{_vendor}" == "suse"
252 # This adds the proper /etc/rc*.d links for the script
253 # and populates the sysconfig/shibd file.
255 %{fillup_only -n shibd}
256 %insserv_force_if_yast shibd
260 # On final removal, stop shibd and remove service, restart Apache if running.
261 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon"
262 if [ "$1" -eq 0 ] ; then
263 /sbin/service shibd stop >/dev/null 2>&1
264 /sbin/chkconfig --del shibd
265 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
268 %if "%{_vendor}" == "suse"
269 %stop_on_removal shibd
270 if [ "$1" -eq 0 ] ; then
271 %{!?_without_builtinapache:/etc/init.d/apache2 status 1>/dev/null && /etc/init.d/apache2 restart 1>/dev/null}
277 %ifnos solaris2.8 solaris2.9 solaris2.10 solaris2.11
280 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon"
281 # On upgrade, restart components if they're already running.
282 if [ "$1" -ge "1" ] ; then
283 /etc/init.d/shibd status 1>/dev/null && /etc/init.d/shibd restart 1>/dev/null
284 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
288 %if "%{_vendor}" == "suse"
290 %restart_on_update shibd
291 %{!?_without_builtinapache:%restart_on_update apache2}
296 # ugly hack if init script got removed during %postun by upgraded (buggy/2.1) package
297 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon"
298 if [ ! -f %{_initrddir}/shibd ] ; then
299 if [ -f %{_sysconfdir}/shibboleth/shibd-%{_vendor} ] ; then
300 %{__cp} -p %{_sysconfdir}/shibboleth/shibd-%{_vendor} %{_initrddir}/shibd
301 %{__chmod} 755 %{_initrddir}/shibd
302 /sbin/chkconfig --add shibd
307 %files -f rpm.filelist
308 %defattr(-,root,root,-)
311 %{_bindir}/resolvertest
312 %{_libdir}/libshibsp.so.*
313 %{_libdir}/libshibsp-lite.so.*
314 %dir %{_libdir}/shibboleth
315 %{_libdir}/shibboleth/*
316 %attr(0750,%{runuser},%{runuser}) %dir %{_localstatedir}/log/shibboleth
317 %if 0%{?suse_version} < 1300
318 %attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/run/shibboleth
320 %attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/cache/shibboleth
321 %dir %{_datadir}/xml/shibboleth
322 %{_datadir}/xml/shibboleth/*
323 %dir %{_datadir}/shibboleth
324 %{_datadir}/shibboleth/*
325 %dir %{_sysconfdir}/shibboleth
326 %config(noreplace) %{_sysconfdir}/shibboleth/*.xml
327 %config(noreplace) %{_sysconfdir}/shibboleth/*.html
328 %config(noreplace) %{_sysconfdir}/shibboleth/*.logger
329 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon" || "%{_vendor}" == "suse"
330 %config %{_initrddir}/shibd
332 %if "%{_vendor}" == "suse"
335 %{_sysconfdir}/shibboleth/*.dist
336 %{_sysconfdir}/shibboleth/apache*.config
337 %{_sysconfdir}/shibboleth/shibd-*
338 %attr(0755,root,root) %{_sysconfdir}/shibboleth/keygen.sh
339 %attr(0755,root,root) %{_sysconfdir}/shibboleth/metagen.sh
340 %{_sysconfdir}/shibboleth/*.xsl
342 %exclude %{pkgdocdir}/api
345 %defattr(-,root,root,-)
347 %{_libdir}/libshibsp.so
348 %{_libdir}/libshibsp-lite.so
349 %doc %{pkgdocdir}/api
352 * Mon Jan 19 2015 Scott Cantor <cantor.2@osu.edu> - 2.5.4-1
353 - Add Amazon VM support
355 * Mon Nov 17 2014 Scott Cantor <cantor.2@osu.edu> - 2.5.3-2
356 - Add libtool dep for OpenSUSE 13
357 - Remove /var/run/shibboleth for OpenSUSE 13
359 * Tue May 13 2014 Ian Young <ian@iay.org.uk> - 2.5.3-1.2
360 - Update package dependencies for RHEL/CentOS 7
361 - Fix bogus dates in changelog
363 * Sat Jun 8 2013 Scott Cantor <cantor.2@osu.edu> - 2.5.2-1
364 - Add --with-gssapi using MIT K5 by default
366 * Tue Sep 25 2012 Scott Cantor <cantor.2@osu.edu> - 2.5.1-1
367 - Merge back various changes used in released packages
368 - Prep for 2.5.1 by pulling extra restart out
370 * Tue Aug 7 2012 Scott Cantor <cantor.2@osu.edu> - 2.5.0-2
371 - Changed package name back to shibboleth because of upgrade bugs
372 - Put back extra restart for this release only.
374 * Thu Mar 1 2012 Scott Cantor <cantor.2@osu.edu> - 2.5.0-1
375 - Move logo and stylesheet to version-independent tree
376 - Make shib.conf noreplace
377 - Post-fixup of Alias commands in older shib.conf
378 - Changes to run shibd as non-root shibboleth user
379 - Move init customizations to /etc/sysconfig/shibd
380 - Copy shibd restart for Red Hat to postun
381 - Add boost-devel dependency
382 - Build memcache plugin on RH6
383 - Add cachedir to install
384 - Add Apache 2.4 to install
386 * Sun Jun 26 2011 Scott Cantor <cantor.2@osu.edu> - 2.4.3-1
387 - Log files shouldn't be world readable.
388 - Explicit requirement for libcurl-openssl on RHEL6
389 - Uncomment LD_LIBRARY_PATH in init script for RHEL6
390 - Remove rpath from binaries for RHEL6
392 * Fri Dec 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.4-1
393 - Update dependencies.
395 * Mon Nov 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.3.1-1
396 - Reset revision for 2.3.1 release
398 * Wed Aug 19 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-2
399 - SuSE init script changes
400 - Restart Apache on removal, not just upgrade
401 - Fix scriptlet exit values when Apache is stopped
403 * Mon Aug 10 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
404 - Doc handling changes
407 * Tue Aug 4 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
408 - Initial version for 2.2.1, with shibd/httpd restart on upgrade
410 * Thu Jun 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-3
411 - Add additional cleanup to posttrans fix
413 * Tue Jun 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-2
414 - Reverse without_builtinapache macro test
415 - Fix init script handling on Red Hat to handle upgrades
417 * Wed Dec 3 2008 Scott Cantor <cantor.2@osu.edu> - 2.2-1
418 - Bump minor version.
419 - Make keygen.sh executable.
420 - Fixing SUSE Xerces dependency name.
421 - Optionally package shib.conf.
423 * Tue Jun 10 2008 Scott Cantor <cantor.2@osu.edu> - 2.1-1
424 - Change shib.conf handling to treat as config file.
426 * Mon Mar 17 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-6
429 * Fri Jan 18 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-5
430 - Release candidate 1.
432 * Sun Oct 21 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-4
433 - libexec -> lib/shibboleth changes
434 - Added doc subpackage
436 * Thu Aug 16 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-3
439 * Fri Jul 13 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-2
440 - Second alpha release.
442 * Sun Jun 10 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-1
443 - First alpha release.
445 * Mon Oct 2 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-11
446 - Applied fix for secadv 20061002
447 - Fix for metadata loader loop
449 * Thu Jun 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-10
450 - Applied fix for sec 20060615
452 * Sat Apr 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-9
453 - Misc. patches, SuSE, Apache 2.2, gcc 4.1, and 64-bit support
455 * Mon Jan 9 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-8
456 - Applied new fix for secadv 20060109
458 * Tue Nov 8 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-7
459 - Applied new fix for secadv 20050901 plus rollup
461 * Fri Sep 23 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-6
462 - Minor patches and default config changes
464 - Fix shib.conf creation
465 - Integrated init.d script
466 - Prevent replacement of config files
468 * Thu Sep 1 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-5
469 - Applied fix for secadv 20050901 plus rollup of NSAPI fixes
471 * Sun Apr 24 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-1
472 - Updated test programs and location of schemas.
473 - move siterefresh to to sbindir
475 * Fri Apr 1 2005 Derek Atkins <derek@ihtfp.com> - 1.3-1
476 - Add selinux-targeted-policy package
477 - move shar to sbindir
479 * Tue Oct 19 2004 Derek Atkins <derek@ihtfp.com> - 1.2-1
480 - Create SPEC file based on various versions in existence.