2 Version: @PACKAGE_VERSION@
4 Summary: Open source system for attribute-based Web SSO
5 Group: Productivity/Networking/Security
6 Vendor: Shibboleth Consortium
8 URL: http://shibboleth.net/
9 Source: %{name}-sp-%{version}.tar.gz
10 BuildRoot: %{_tmppath}/%{name}-sp-%{version}-root
11 Obsoletes: shibboleth-sp = 2.5.0
13 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
14 PreReq: xmltooling-schemas%{?_isa} >= 1.5.0, opensaml-schemas%{?_isa} >= 2.5.0
16 PreReq: xmltooling-schemas >= 1.5.0, opensaml-schemas >= 2.5.0
18 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
19 PreReq: %{insserv_prereq} %{fillup_prereq}
20 BuildRequires: libXerces-c-devel >= 2.8.0
22 BuildRequires: libxerces-c-devel >= 2.8.0
24 BuildRequires: libxml-security-c-devel >= 1.4.0
25 BuildRequires: libxmltooling-devel >= 1.5.0
26 BuildRequires: libsaml-devel >= 2.5.0
27 %{?_with_log4cpp:BuildRequires: liblog4cpp-devel >= 1.0}
28 %{!?_with_log4cpp:BuildRequires: liblog4shib-devel >= 1.0.4}
29 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
30 Requires: libcurl-openssl%{?_isa} >= 7.21.7
31 BuildRequires: chrpath
33 BuildRequires: gcc-c++, zlib-devel, boost-devel >= 1.32.0
34 %{!?_without_doxygen:BuildRequires: doxygen}
35 %{!?_without_odbc:BuildRequires:unixODBC-devel}
36 %{?_with_fastcgi:BuildRequires: fcgi-devel}
37 %if 0%{?centos_version} >= 600
38 BuildRequires: libmemcached-devel
40 %{?_with_memcached:BuildRequires: libmemcached-devel}
41 %if "%{_vendor}" == "redhat"
42 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
43 %{!?_without_builtinapache:BuildRequires: httpd-devel%{?_isa}}
45 %{!?_without_builtinapache:BuildRequires: httpd-devel}
47 BuildRequires: redhat-rpm-config
48 Requires(pre): shadow-utils
49 Requires(post): chkconfig
50 Requires(preun): chkconfig, initscripts
52 %if "%{_vendor}" == "suse"
53 Requires(pre): pwdutils
54 %{!?_without_builtinapache:BuildRequires: apache2-devel}
58 %if "%{_vendor}" == "suse"
59 %define pkgdocdir %{_docdir}/shibboleth
61 %define pkgdocdir %{_docdir}/shibboleth-%{version}
65 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
66 that supports multiple protocols, federated identity, and the extensible
67 exchange of rich attributes subject to privacy controls.
69 This package contains the Shibboleth Service Provider runtime libraries,
70 daemon, default plugins, and Apache module(s).
73 Summary: Shibboleth Development Headers
74 Group: Development/Libraries/C and C++
75 Requires: %{name} = %{version}-%{release}
76 Obsoletes: shibboleth-sp-devel = 2.5.0
77 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
78 Requires: libXerces-c-devel >= 2.8.0
80 Requires: libxerces-c-devel >= 2.8.0
82 Requires: libxml-security-c-devel >= 1.4.0
83 Requires: libxmltooling-devel >= 1.5.0
84 Requires: libsaml-devel >= 2.5.0
85 %{?_with_log4cpp:Requires: liblog4cpp-devel >= 1.0}
86 %{!?_with_log4cpp:Requires: liblog4shib-devel >= 1.0.4}
89 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
90 that supports multiple protocols, federated identity, and the extensible
91 exchange of rich attributes subject to privacy controls.
93 This package includes files needed for development with Shibboleth.
96 %setup -n %{name}-sp-%{version}
99 %if 0%{?centos_version} >= 600
100 %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{!?_without_memcached:--with-memcached} %{?shib_options}
102 %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{?_with_memcached} %{?shib_options}
104 %{__make} pkgdocdir=%{pkgdocdir}
107 %{__make} install NOKEYGEN=1 DESTDIR=$RPM_BUILD_ROOT pkgdocdir=%{pkgdocdir}
109 %if "%{_vendor}" == "suse"
110 %{__sed} -i "s/\/var\/log\/httpd/\/var\/log\/apache2/g" \
111 $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/native.logger
114 # Plug the SP into the built-in Apache on a recognized system.
117 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_13.so ] ; then
118 APACHE_CONFIG="apache.config"
120 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_20.so ] ; then
121 APACHE_CONFIG="apache2.config"
123 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_22.so ] ; then
124 APACHE_CONFIG="apache22.config"
126 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_24.so ] ; then
127 APACHE_CONFIG="apache24.config"
129 %{?_without_builtinapache:APACHE_CONFIG="no"}
130 if [ "$APACHE_CONFIG" != "no" ] ; then
132 if [ -d %{_sysconfdir}/httpd/conf.d ] ; then
133 APACHE_CONFD="%{_sysconfdir}/httpd/conf.d"
135 if [ -d %{_sysconfdir}/apache2/conf.d ] ; then
136 APACHE_CONFD="%{_sysconfdir}/apache2/conf.d"
138 if [ "$APACHE_CONFD" != "no" ] ; then
139 %{__mkdir} -p $RPM_BUILD_ROOT$APACHE_CONFD
140 %{__cp} -p $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/$APACHE_CONFIG $RPM_BUILD_ROOT$APACHE_CONFD/shib.conf
141 echo "%config(noreplace) $APACHE_CONFD/shib.conf" >> rpm.filelist
145 # Establish location of sysconfig file, if any.
147 %if "%{_vendor}" == "redhat"
148 %{__mkdir} -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
149 echo "%config(noreplace) %{_sysconfdir}/sysconfig/shibd" >> rpm.filelist
150 SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/shibd"
152 %if "%{_vendor}" == "suse"
153 %{__mkdir} -p $RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates
154 echo "%{_localstatedir}/adm/fillup-templates/sysconfig.shibd" >> rpm.filelist
155 SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates/sysconfig.shibd"
157 if [ "$SYSCONFIG_SHIBD" != "no" ] ; then
158 # Populate the sysconfig file.
159 cat > $SYSCONFIG_SHIBD <<EOF
160 # Shibboleth SP init script customization
162 # User account for shibd
163 SHIBD_USER=%{runuser}
165 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
166 cat >> $SYSCONFIG_SHIBD <<EOF
168 # Override OS-supplied libcurl
169 export LD_LIBRARY_PATH=/opt/shibboleth/%{_lib}
171 # Strip existing rpath to libcurl.
172 chrpath -d $RPM_BUILD_ROOT%{_sbindir}/shibd
173 chrpath -d $RPM_BUILD_ROOT%{_bindir}/mdquery
174 chrpath -d $RPM_BUILD_ROOT%{_bindir}/resolvertest
178 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
179 # %{_initddir} not yet in RHEL5, use deprecated %{_initrddir}
180 install -d -m 0755 $RPM_BUILD_ROOT%{_initrddir}
181 install -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/shibd-%{_vendor} $RPM_BUILD_ROOT%{_initrddir}/shibd
182 %if "%{_vendor}" == "suse"
183 install -d -m 0755 $RPM_BUILD_ROOT/%{_sbindir}
184 %{__ln_s} -f %{_initrddir}/shibd $RPM_BUILD_ROOT%{_sbindir}/rcshibd
192 [ "$RPM_BUILD_ROOT" != "/" ] && %{__rm} -rf $RPM_BUILD_ROOT
195 getent group %{runuser} >/dev/null || groupadd -r %{runuser}
196 getent passwd %{runuser} >/dev/null || useradd -r -g %{runuser} \
197 -d %{_localstatedir}/run/shibboleth -s /sbin/nologin -c "Shibboleth SP daemon" %{runuser}
201 %ifnos solaris2.8 solaris2.9 solaris2.10 solaris2.11
205 # Key generation or ownership fix
206 cd %{_sysconfdir}/shibboleth
207 if [ -f sp-key.pem ] ; then
208 %{__chown} %{runuser}:%{runuser} sp-key.pem sp-cert.pem 2>/dev/null || :
210 sh ./keygen.sh -b -u %{runuser} -g %{runuser}
213 # Fix ownership of log files (even on new installs, if they're left from an older one).
214 %{__chown} %{runuser}:%{runuser} %{_localstatedir}/log/shibboleth/* 2>/dev/null || :
216 %if "%{_vendor}" == "redhat"
217 if [ "$1" -gt "1" ] ; then
218 # On Red Hat with shib.conf installed, clean up old Alias commands
219 # by pointing them at new version-independent /usr/share/share tree.
220 # Any Aliases we didn't create we assume are custom files.
221 # This is to accomodate making shib.conf a noreplace config file.
222 # We can't do this for SUSE, because they disallow changes to
223 # packaged files in scriplets.
225 if [ -f %{_sysconfdir}/httpd/conf.d/shib.conf ] ; then
226 APACHE_CONF="%{_sysconfdir}/httpd/conf.d/shib.conf"
228 if [ "$APACHE_CONF" != "no" ] ; then
229 %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/main\.css/\/usr\/share\/shibboleth\/main.css/g" \
231 %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/logo\.jpg/\/usr\/share\/shibboleth\/logo.jpg/g" \
236 # This adds the proper /etc/rc*.d links for the script
237 /sbin/chkconfig --add shibd
239 %if "%{_vendor}" == "suse"
240 # This adds the proper /etc/rc*.d links for the script
241 # and populates the sysconfig/shibd file.
243 %{fillup_only -n shibd}
244 %insserv_force_if_yast shibd
248 # On final removal, stop shibd and remove service, restart Apache if running.
249 %if "%{_vendor}" == "redhat"
250 if [ "$1" -eq 0 ] ; then
251 /sbin/service shibd stop >/dev/null 2>&1
252 /sbin/chkconfig --del shibd
253 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
256 %if "%{_vendor}" == "suse"
257 %stop_on_removal shibd
258 if [ "$1" -eq 0 ] ; then
259 %{!?_without_builtinapache:/etc/init.d/apache2 status 1>/dev/null && /etc/init.d/apache2 restart 1>/dev/null}
265 %ifnos solaris2.8 solaris2.9 solaris2.10 solaris2.11
268 %if "%{_vendor}" == "redhat"
269 # On upgrade, restart components if they're already running.
270 if [ "$1" -ge "1" ] ; then
271 /etc/init.d/shibd status 1>/dev/null && /etc/init.d/shibd restart 1>/dev/null
272 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
276 %if "%{_vendor}" == "suse"
278 %restart_on_update shibd
279 %{!?_without_builtinapache:%restart_on_update apache2}
284 # ugly hack if init script got removed during %postun by upgraded (buggy/2.1) package
285 %if "%{_vendor}" == "redhat"
286 if [ ! -f %{_initrddir}/shibd ] ; then
287 if [ -f %{_sysconfdir}/shibboleth/shibd-%{_vendor} ] ; then
288 %{__cp} -p %{_sysconfdir}/shibboleth/shibd-%{_vendor} %{_initrddir}/shibd
289 %{__chmod} 755 %{_initrddir}/shibd
290 /sbin/chkconfig --add shibd
295 %files -f rpm.filelist
296 %defattr(-,root,root,-)
299 %{_bindir}/resolvertest
300 %{_libdir}/libshibsp.so.*
301 %{_libdir}/libshibsp-lite.so.*
302 %dir %{_libdir}/shibboleth
303 %{_libdir}/shibboleth/*
304 %attr(0750,%{runuser},%{runuser}) %dir %{_localstatedir}/log/shibboleth
305 %attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/run/shibboleth
306 %attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/cache/shibboleth
307 %dir %{_datadir}/xml/shibboleth
308 %{_datadir}/xml/shibboleth/*
309 %dir %{_datadir}/shibboleth
310 %{_datadir}/shibboleth/*
311 %dir %{_sysconfdir}/shibboleth
312 %config(noreplace) %{_sysconfdir}/shibboleth/*.xml
313 %config(noreplace) %{_sysconfdir}/shibboleth/*.html
314 %config(noreplace) %{_sysconfdir}/shibboleth/*.logger
315 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
316 %config %{_initrddir}/shibd
318 %if "%{_vendor}" == "suse"
321 %{_sysconfdir}/shibboleth/*.dist
322 %{_sysconfdir}/shibboleth/apache*.config
323 %{_sysconfdir}/shibboleth/shibd-*
324 %attr(0755,root,root) %{_sysconfdir}/shibboleth/keygen.sh
325 %attr(0755,root,root) %{_sysconfdir}/shibboleth/metagen.sh
326 %{_sysconfdir}/shibboleth/*.xsl
328 %exclude %{pkgdocdir}/api
331 %defattr(-,root,root,-)
333 %{_libdir}/libshibsp.so
334 %{_libdir}/libshibsp-lite.so
335 %doc %{pkgdocdir}/api
338 * Tue Sep 25 2012 Scott Cantor <cantor.2@osu.edu> - 2.5.1-1
339 - Merge back various changes used in released packages
340 - Prep for 2.5.1 by pulling extra restart out
342 * Tue Aug 7 2012 Scott Cantor <cantor.2@osu.edu> - 2.5.0-2
343 - Changed package name back to shibboleth because of upgrade bugs
344 - Put back extra restart for this release only.
346 * Thu Mar 1 2012 Scott Cantor <cantor.2@osu.edu> - 2.5.0-1
347 - Move logo and stylesheet to version-independent tree
348 - Make shib.conf noreplace
349 - Post-fixup of Alias commands in older shib.conf
350 - Changes to run shibd as non-root shibboleth user
351 - Move init customizations to /etc/sysconfig/shibd
352 - Copy shibd restart for Red Hat to postun
353 - Add boost-devel dependency
354 - Build memcache plugin on RH6
355 - Add cachedir to install
356 - Add Apache 2.4 to install
358 * Sun Jun 26 2011 Scott Cantor <cantor.2@osu.edu> - 2.4.3-1
359 - Log files shouldn't be world readable.
360 - Explicit requirement for libcurl-openssl on RHEL6
361 - Uncomment LD_LIBRARY_PATH in init script for RHEL6
362 - Remove rpath from binaries for RHEL6
364 * Fri Dec 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.4-1
365 - Update dependencies.
367 * Mon Nov 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.3.1-1
368 - Reset revision for 2.3.1 release
370 * Wed Aug 19 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-2
371 - SuSE init script changes
372 - Restart Apache on removal, not just upgrade
373 - Fix scriptlet exit values when Apache is stopped
375 * Mon Aug 10 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
376 - Doc handling changes
379 * Tue Aug 4 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
380 - Initial version for 2.2.1, with shibd/httpd restart on upgrade
382 * Thu Jun 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-3
383 - Add additional cleanup to posttrans fix
385 * Tue Jun 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-2
386 - Reverse without_builtinapache macro test
387 - Fix init script handling on Red Hat to handle upgrades
389 * Wed Dec 3 2008 Scott Cantor <cantor.2@osu.edu> - 2.2-1
390 - Bump minor version.
391 - Make keygen.sh executable.
392 - Fixing SUSE Xerces dependency name.
393 - Optionally package shib.conf.
395 * Tue Jun 10 2008 Scott Cantor <cantor.2@osu.edu> - 2.1-1
396 - Change shib.conf handling to treat as config file.
398 * Mon Mar 17 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-6
401 * Fri Jan 18 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-5
402 - Release candidate 1.
404 * Sun Oct 21 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-4
405 - libexec -> lib/shibboleth changes
406 - Added doc subpackage
408 * Thu Aug 16 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-3
411 * Fri Jul 13 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-2
412 - Second alpha release.
414 * Sun Jun 10 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-1
415 - First alpha release.
417 * Mon Oct 2 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-11
418 - Applied fix for secadv 20061002
419 - Fix for metadata loader loop
421 * Wed Jun 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-10
422 - Applied fix for sec 20060615
424 * Fri Apr 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-9
425 - Misc. patches, SuSE, Apache 2.2, gcc 4.1, and 64-bit support
427 * Mon Jan 9 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-8
428 - Applied new fix for secadv 20060109
430 * Tue Nov 8 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-7
431 - Applied new fix for secadv 20050901 plus rollup
433 * Fri Sep 23 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-6
434 - Minor patches and default config changes
436 - Fix shib.conf creation
437 - Integrated init.d script
438 - Prevent replacement of config files
440 * Thu Sep 1 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-5
441 - Applied fix for secadv 20050901 plus rollup of NSAPI fixes
443 * Sun Apr 24 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-1
444 - Updated test programs and location of schemas.
445 - move siterefresh to to sbindir
447 * Fri Apr 1 2005 Derek Atkins <derek@ihtfp.com> - 1.3-1
448 - Add selinux-targeted-policy package
449 - move shar to sbindir
451 * Tue Oct 19 2004 Derek Atkins <derek@ihtfp.com> - 1.2-1
452 - Create SPEC file based on various versions in existence.