2 Version: @PACKAGE_VERSION@
4 Summary: Open source system for attribute-based Web SSO
5 Group: Productivity/Networking/Security
8 URL: http://shibboleth.internet2.edu/
9 Source: %{name}-%{version}.tar.gz
10 BuildRoot: %{_tmppath}/%{name}-%{version}-root
11 Obsoletes: @PACKAGE_NAME@ < %{version}-%{release}
13 PreReq: xmltooling-schemas, opensaml-schemas
14 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
15 PreReq: %{insserv_prereq} %{fillup_prereq}
16 BuildRequires: libXerces-c-devel >= 2.8.0
18 BuildRequires: libxerces-c-devel >= 2.8.0
20 BuildRequires: libxml-security-c-devel >= 1.4.0
21 BuildRequires: libxmltooling-devel >= 1.5
22 BuildRequires: libsaml-devel >= 2.5
23 %{?_with_log4cpp:BuildRequires: liblog4cpp-devel >= 1.0}
24 %{!?_with_log4cpp:BuildRequires: liblog4shib-devel}
25 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
26 Requires: libcurl-openssl >= 7.21.7
27 BuildRequires: chrpath
29 BuildRequires: gcc-c++, zlib-devel, boost-devel >= 1.32.0
30 %{!?_without_doxygen:BuildRequires: doxygen}
31 %{!?_without_odbc:BuildRequires:unixODBC-devel}
32 %{?_with_fastcgi:BuildRequires: fcgi-devel}
33 %if 0%{?centos_version} >= 600
34 BuildRequires: libmemcached-devel
36 %{?_with_memcached:BuildRequires: libmemcached-devel}
37 %if "%{_vendor}" == "redhat"
38 %{!?_without_builtinapache:BuildRequires: httpd-devel}
39 BuildRequires: redhat-rpm-config
40 Requires(pre): shadow-utils
41 Requires(post): chkconfig
42 Requires(preun): chkconfig, initscripts
44 %if "%{_vendor}" == "suse"
45 Requires(pre): pwdutils
46 %{!?_without_builtinapache:BuildRequires: apache2-devel}
50 %if "%{_vendor}" == "suse"
51 %define pkgdocdir %{_docdir}/%{name}
53 %define pkgdocdir %{_docdir}/%{name}-%{version}
57 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
58 that supports multiple protocols, federated identity, and the extensible
59 exchange of rich attributes subject to privacy controls.
61 This package contains the Shibboleth Service Provider runtime libraries,
62 daemon, default plugins, and Apache module(s).
65 Summary: Shibboleth Development Headers
66 Group: Development/Libraries/C and C++
67 Requires: %{name} = %{version}-%{release}
68 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
69 Requires: libXerces-c-devel >= 2.8.0
71 Requires: libxerces-c-devel >= 2.8.0
73 Requires: libxml-security-c-devel >= 1.4.0
74 Requires: libxmltooling-devel >= 1.5
75 Requires: libsaml-devel >= 2.5
76 %{?_with_log4cpp:Requires: liblog4cpp-devel >= 1.0}
77 %{!?_with_log4cpp:Requires: liblog4shib-devel}
80 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
81 that supports multiple protocols, federated identity, and the extensible
82 exchange of rich attributes subject to privacy controls.
84 This package includes files needed for development with Shibboleth.
90 %if 0%{?centos_version} >= 600
91 %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{!?_without_memcached:--with-memcached} %{?shib_options}
93 %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{?_with_memcached} %{?shib_options}
95 %{__make} pkgdocdir=%{pkgdocdir}
98 %{__make} install NOKEYGEN=1 DESTDIR=$RPM_BUILD_ROOT pkgdocdir=%{pkgdocdir}
100 %if "%{_vendor}" == "suse"
101 %{__sed} -i "s/\/var\/log\/httpd/\/var\/log\/apache2/g" \
102 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/native.logger
105 # Plug the SP into the built-in Apache on a recognized system.
108 if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_13.so ] ; then
109 APACHE_CONFIG="apache.config"
111 if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_20.so ] ; then
112 APACHE_CONFIG="apache2.config"
114 if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_22.so ] ; then
115 APACHE_CONFIG="apache22.config"
117 if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_24.so ] ; then
118 APACHE_CONFIG="apache24.config"
120 %{?_without_builtinapache:APACHE_CONFIG="no"}
121 if [ "$APACHE_CONFIG" != "no" ] ; then
123 if [ -d %{_sysconfdir}/httpd/conf.d ] ; then
124 APACHE_CONFD="%{_sysconfdir}/httpd/conf.d"
126 if [ -d %{_sysconfdir}/apache2/conf.d ] ; then
127 APACHE_CONFD="%{_sysconfdir}/apache2/conf.d"
129 if [ "$APACHE_CONFD" != "no" ] ; then
130 %{__mkdir} -p $RPM_BUILD_ROOT$APACHE_CONFD
131 %{__cp} -p $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/$APACHE_CONFIG $RPM_BUILD_ROOT$APACHE_CONFD/shib.conf
132 echo "%config(noreplace) $APACHE_CONFD/shib.conf" >> rpm.filelist
136 # Establish location of sysconfig file, if any.
138 %if "%{_vendor}" == "redhat"
139 %{__mkdir} -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
140 echo "%config(noreplace) %{_sysconfdir}/sysconfig/shibd" >> rpm.filelist
141 SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/shibd"
143 %if "%{_vendor}" == "suse"
144 %{__mkdir} -p $RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates
145 echo "%{_localstatedir}/adm/fillup-templates/sysconfig.shibd" >> rpm.filelist
146 SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates/sysconfig.shibd"
148 if [ "$SYSCONFIG_SHIBD" != "no" ] ; then
149 # Populate the sysconfig file.
150 cat > $SYSCONFIG_SHIBD <<EOF
151 # Shibboleth SP init script customization
153 # User account for shibd
154 SHIBD_USER=%{runuser}
156 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
157 cat >> $SYSCONFIG_SHIBD <<EOF
159 # Override OS-supplied libcurl
160 export LD_LIBRARY_PATH=/opt/shibboleth/%{_lib}
162 # Strip existing rpath to libcurl.
163 chrpath -d $RPM_BUILD_ROOT%{_sbindir}/shibd
164 chrpath -d $RPM_BUILD_ROOT%{_bindir}/mdquery
165 chrpath -d $RPM_BUILD_ROOT%{_bindir}/resolvertest
169 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
170 # %{_initddir} not yet in RHEL5, use deprecated %{_initrddir}
171 install -d -m 0755 $RPM_BUILD_ROOT%{_initrddir}
172 install -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/shibd-%{_vendor} $RPM_BUILD_ROOT%{_initrddir}/shibd
173 %if "%{_vendor}" == "suse"
174 install -d -m 0755 $RPM_BUILD_ROOT/%{_sbindir}
175 %{__ln_s} -f %{_initrddir}/shibd $RPM_BUILD_ROOT%{_sbindir}/rcshibd
183 [ "$RPM_BUILD_ROOT" != "/" ] && %{__rm} -rf $RPM_BUILD_ROOT
186 getent group %{runuser} >/dev/null || groupadd -r %{runuser}
187 getent passwd %{runuser} >/dev/null || useradd -r -g %{runuser} \
188 -d %{_localstatedir}/run/%{name} -s /sbin/nologin -c "Shibboleth SP daemon" %{runuser}
192 %ifnos solaris2.8 solaris2.9 solaris2.10
196 # Key generation or ownership fix
197 cd %{_sysconfdir}/%{name}
198 if [ -f sp-key.pem ] ; then
199 %{__chown} %{runuser}:%{runuser} sp-key.pem sp-cert.pem 2>/dev/null || :
201 sh ./keygen.sh -b -u %{runuser} -g %{runuser}
204 # Fix ownership of log files (even on new installs, if they're left from an older one).
205 %{__chown} %{runuser}:%{runuser} %{_localstatedir}/log/%{name}/* 2>/dev/null || :
207 %if "%{_vendor}" == "redhat"
208 if [ "$1" -gt "1" ] ; then
209 # On Red Hat with shib.conf installed, clean up old Alias commands
210 # by pointing them at new version-independent /usr/share/share tree.
211 # Any Aliases we didn't create we assume are custom files.
212 # This is to accomodate making shib.conf a noreplace config file.
213 # We can't do this for SUSE, because they disallow changes to
214 # packaged files in scriplets.
216 if [ -f %{_sysconfdir}/httpd/conf.d/shib.conf ] ; then
217 APACHE_CONF="%{_sysconfdir}/httpd/conf.d/shib.conf"
219 if [ "$APACHE_CONF" != "no" ] ; then
220 %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/main\.css/\/usr\/share\/shibboleth\/main.css/g" \
222 %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/logo\.jpg/\/usr\/share\/shibboleth\/logo.jpg/g" \
227 # This adds the proper /etc/rc*.d links for the script
228 /sbin/chkconfig --add shibd
230 # On upgrade, restart components if they're already running.
231 # This gets repeated now down in %postun, and the next release
232 # should remove this copy. If we yank it now, we'll break upgrades.
233 if [ "$1" -gt "1" ] ; then
234 /etc/init.d/shibd status 1>/dev/null && /etc/init.d/shibd restart 1>/dev/null
235 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
239 %if "%{_vendor}" == "suse"
240 # This adds the proper /etc/rc*.d links for the script
241 # and populates the sysconfig/shibd file.
243 %{fillup_only -n shibd}
244 %insserv_force_if_yast shibd
248 # On final removal, stop shibd and remove service, restart Apache if running.
249 %if "%{_vendor}" == "redhat"
250 if [ "$1" -eq 0 ] ; then
251 /sbin/service shibd stop >/dev/null 2>&1
252 /sbin/chkconfig --del shibd
253 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
256 %if "%{_vendor}" == "suse"
257 %stop_on_removal shibd
258 if [ "$1" -eq 0 ] ; then
259 %{!?_without_builtinapache:/etc/init.d/apache2 status 1>/dev/null && /etc/init.d/apache2 restart 1>/dev/null}
265 %ifnos solaris2.8 solaris2.9 solaris2.10
268 %if "%{_vendor}" == "redhat"
269 # On upgrade, restart components if they're already running.
270 if [ "$1" -ge "1" ] ; then
271 /etc/init.d/shibd status 1>/dev/null && /etc/init.d/shibd restart 1>/dev/null
272 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
276 %if "%{_vendor}" == "suse"
278 %restart_on_update shibd
279 %{!?_without_builtinapache:%restart_on_update apache2}
284 # ugly hack if init script got removed during %postun by upgraded (buggy/2.1) package
285 %if "%{_vendor}" == "redhat"
286 if [ ! -f %{_initrddir}/shibd ] ; then
287 if [ -f %{_sysconfdir}/%{name}/shibd-%{_vendor} ] ; then
288 %{__cp} -p %{_sysconfdir}/%{name}/shibd-%{_vendor} %{_initrddir}/shibd
289 %{__chmod} 755 %{_initrddir}/shibd
290 /sbin/chkconfig --add shibd
295 %files -f rpm.filelist
296 %defattr(-,root,root,-)
299 %{_bindir}/resolvertest
300 %{_libdir}/libshibsp.so.*
301 %{_libdir}/libshibsp-lite.so.*
302 %dir %{_libdir}/%{name}
304 %exclude %{_libdir}/%{name}/*.la
305 %attr(0750,%{runuser},%{runuser}) %dir %{_localstatedir}/log/%{name}
306 %attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/run/%{name}
307 %attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/cache/%{name}
308 %dir %{_datadir}/xml/%{name}
309 %{_datadir}/xml/%{name}/*
310 %dir %{_datadir}/%{name}
311 %{_datadir}/%{name}/*
312 %dir %{_sysconfdir}/%{name}
313 %config(noreplace) %{_sysconfdir}/%{name}/*.xml
314 %config(noreplace) %{_sysconfdir}/%{name}/*.html
315 %config(noreplace) %{_sysconfdir}/%{name}/*.logger
316 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
317 %config %{_initrddir}/shibd
319 %if "%{_vendor}" == "suse"
322 %{_sysconfdir}/%{name}/*.dist
323 %{_sysconfdir}/%{name}/apache*.config
324 %{_sysconfdir}/%{name}/shibd-*
325 %attr(0755,root,root) %{_sysconfdir}/%{name}/keygen.sh
326 %attr(0755,root,root) %{_sysconfdir}/%{name}/metagen.sh
327 %{_sysconfdir}/%{name}/*.xsl
329 %exclude %{pkgdocdir}/api
332 %defattr(-,root,root,-)
334 %{_libdir}/libshibsp.so
335 %{_libdir}/libshibsp-lite.so
336 %doc %{pkgdocdir}/api
339 * Thu Mar 1 2012 Scott Cantor <cantor.2@osu.edu> - 2.5-1
340 - Move logo and stylesheet to version-independent tree
341 - Make shib.conf noreplace
342 - Post-fixup of Alias commands in older shib.conf
343 - Changes to run shibd as non-root shibboleth user
344 - Move init customizations to /etc/sysconfig/shibd
345 - Copy shibd restart for Red Hat to postun
346 - Add boost-devel dependency
347 - Build memcache plugin on RH6
348 - Add cachedir to install
349 - Add Apache 2.4 to install
351 * Sun Jun 26 2011 Scott Cantor <cantor.2@osu.edu> - 2.4.3-1
352 - Log files shouldn't be world readable.
353 - Explicit requirement for libcurl-openssl on RHEL6
354 - Uncomment LD_LIBRARY_PATH in init script for RHEL6
355 - Remove rpath from binaries for RHEL6
357 * Fri Dec 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.4-1
358 - Update dependencies.
360 * Mon Nov 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.3.1-1
361 - Reset revision for 2.3.1 release
363 * Wed Aug 19 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-2
364 - SuSE init script changes
365 - Restart Apache on removal, not just upgrade
366 - Fix scriptlet exit values when Apache is stopped
368 * Mon Aug 10 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
369 - Doc handling changes
372 * Tue Aug 4 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
373 - Initial version for 2.2.1, with shibd/httpd restart on upgrade
375 * Thu Jun 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-3
376 - Add additional cleanup to posttrans fix
378 * Tue Jun 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-2
379 - Reverse without_builtinapache macro test
380 - Fix init script handling on Red Hat to handle upgrades
382 * Wed Dec 3 2008 Scott Cantor <cantor.2@osu.edu> - 2.2-1
383 - Bump minor version.
384 - Make keygen.sh executable.
385 - Fixing SUSE Xerces dependency name.
386 - Optionally package shib.conf.
388 * Tue Jun 10 2008 Scott Cantor <cantor.2@osu.edu> - 2.1-1
389 - Change shib.conf handling to treat as config file.
391 * Mon Mar 17 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-6
394 * Fri Jan 18 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-5
395 - Release candidate 1.
397 * Sun Oct 21 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-4
398 - libexec -> lib/shibboleth changes
399 - Added doc subpackage
401 * Thu Aug 16 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-3
404 * Fri Jul 13 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-2
405 - Second alpha release.
407 * Sun Jun 10 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-1
408 - First alpha release.
410 * Mon Oct 2 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-11
411 - Applied fix for secadv 20061002
412 - Fix for metadata loader loop
414 * Wed Jun 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-10
415 - Applied fix for sec 20060615
417 * Fri Apr 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-9
418 - Misc. patches, SuSE, Apache 2.2, gcc 4.1, and 64-bit support
420 * Mon Jan 9 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-8
421 - Applied new fix for secadv 20060109
423 * Tue Nov 8 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-7
424 - Applied new fix for secadv 20050901 plus rollup
426 * Fri Sep 23 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-6
427 - Minor patches and default config changes
429 - Fix shib.conf creation
430 - Integrated init.d script
431 - Prevent replacement of config files
433 * Thu Sep 1 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-5
434 - Applied fix for secadv 20050901 plus rollup of NSAPI fixes
436 * Sun Apr 24 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-1
437 - Updated test programs and location of schemas.
438 - move siterefresh to to sbindir
440 * Fri Apr 1 2005 Derek Atkins <derek@ihtfp.com> - 1.3-1
441 - Add selinux-targeted-policy package
442 - move shar to sbindir
444 * Tue Oct 19 2004 Derek Atkins <derek@ihtfp.com> - 1.2-1
445 - Create SPEC file based on various versions in existence.