2 Version: @PACKAGE_VERSION@
4 Summary: Open source system for attribute-based Web SSO
5 Group: Productivity/Networking/Security
8 URL: http://shibboleth.internet2.edu/
9 Source: %{name}-sp-%{version}.tar.gz
10 BuildRoot: %{_tmppath}/%{name}-%{version}-root
12 PreReq: xmltooling-schemas, opensaml-schemas
13 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
14 PreReq: %{insserv_prereq} %{fillup_prereq}
15 BuildRequires: libXerces-c-devel >= 2.8.0
17 BuildRequires: libxerces-c-devel >= 2.8.0
19 BuildRequires: libxml-security-c-devel >= 1.4.0
20 BuildRequires: libxmltooling-devel >= 1.5
21 BuildRequires: libsaml-devel >= 2.5
22 %{?_with_log4cpp:BuildRequires: liblog4cpp-devel >= 1.0}
23 %{!?_with_log4cpp:BuildRequires: liblog4shib-devel}
24 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
25 Requires: libcurl-openssl >= 7.21.7
26 BuildRequires: chrpath
28 BuildRequires: gcc-c++, zlib-devel, boost-devel >= 1.32.0
29 %{!?_without_doxygen:BuildRequires: doxygen}
30 %{!?_without_odbc:BuildRequires:unixODBC-devel}
31 %{?_with_fastcgi:BuildRequires: fcgi-devel}
32 %if 0%{?centos_version} >= 600
33 BuildRequires: libmemcached-devel
35 %{?_with_memcached:BuildRequires: libmemcached-devel}
36 %if "%{_vendor}" == "redhat"
37 %{!?_without_builtinapache:BuildRequires: httpd-devel}
38 BuildRequires: redhat-rpm-config
39 Requires(pre): shadow-utils
40 Requires(post): chkconfig
41 Requires(preun): chkconfig, initscripts
43 %if "%{_vendor}" == "suse"
44 Requires(pre): pwdutils
45 %{!?_without_builtinapache:BuildRequires: apache2-devel}
49 %if "%{_vendor}" == "suse"
50 %define pkgdocdir %{_docdir}/%{name}
52 %define pkgdocdir %{_docdir}/%{name}-%{version}
56 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
57 that supports multiple protocols, federated identity, and the extensible
58 exchange of rich attributes subject to privacy controls.
60 This package contains the Shibboleth Service Provider runtime libraries,
61 daemon, default plugins, and Apache module(s).
64 Summary: Shibboleth Development Headers
65 Group: Development/Libraries/C and C++
66 Requires: %{name} = %{version}-%{release}
67 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
68 Requires: libXerces-c-devel >= 2.8.0
70 Requires: libxerces-c-devel >= 2.8.0
72 Requires: libxml-security-c-devel >= 1.4.0
73 Requires: libxmltooling-devel >= 1.5
74 Requires: libsaml-devel >= 2.5
75 %{?_with_log4cpp:Requires: liblog4cpp-devel >= 1.0}
76 %{!?_with_log4cpp:Requires: liblog4shib-devel}
79 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
80 that supports multiple protocols, federated identity, and the extensible
81 exchange of rich attributes subject to privacy controls.
83 This package includes files needed for development with Shibboleth.
89 %if 0%{?centos_version} >= 600
90 %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{!?_without_memcached:--with-memcached} %{?shib_options}
92 %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{?_with_memcached} %{?shib_options}
94 %{__make} pkgdocdir=%{pkgdocdir}
97 %{__make} install NOKEYGEN=1 DESTDIR=$RPM_BUILD_ROOT pkgdocdir=%{pkgdocdir}
99 %if "%{_vendor}" == "suse"
100 %{__sed} -i "s/\/var\/log\/httpd/\/var\/log\/apache2/g" \
101 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/native.logger
104 # Plug the SP into the built-in Apache on a recognized system.
107 if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_13.so ] ; then
108 APACHE_CONFIG="apache.config"
110 if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_20.so ] ; then
111 APACHE_CONFIG="apache2.config"
113 if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_22.so ] ; then
114 APACHE_CONFIG="apache22.config"
116 %{?_without_builtinapache:APACHE_CONFIG="no"}
117 if [ "$APACHE_CONFIG" != "no" ] ; then
119 if [ -d %{_sysconfdir}/httpd/conf.d ] ; then
120 APACHE_CONFD="%{_sysconfdir}/httpd/conf.d"
122 if [ -d %{_sysconfdir}/apache2/conf.d ] ; then
123 APACHE_CONFD="%{_sysconfdir}/apache2/conf.d"
125 if [ "$APACHE_CONFD" != "no" ] ; then
126 %{__mkdir} -p $RPM_BUILD_ROOT$APACHE_CONFD
127 %{__cp} -p $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/$APACHE_CONFIG $RPM_BUILD_ROOT$APACHE_CONFD/shib.conf
128 echo "%config(noreplace) $APACHE_CONFD/shib.conf" >> rpm.filelist
132 # Establish location of sysconfig file, if any.
134 %if "%{_vendor}" == "redhat"
135 %{__mkdir} -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
136 echo "%config(noreplace) %{_sysconfdir}/sysconfig/shibd" >> rpm.filelist
137 SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/shibd"
139 %if "%{_vendor}" == "suse"
140 %{__mkdir} -p $RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates
141 echo "%{_localstatedir}/adm/fillup-templates/sysconfig.shibd" >> rpm.filelist
142 SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates/sysconfig.shibd"
144 if [ "$SYSCONFIG_SHIBD" != "no" ] ; then
145 # Populate the sysconfig file.
146 cat > $SYSCONFIG_SHIBD <<EOF
147 # Shibboleth SP init script customization
149 # User account for shibd
150 SHIBD_USER=%{runuser}
152 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
153 cat >> $SYSCONFIG_SHIBD <<EOF
155 # Override OS-supplied libcurl
156 export LD_LIBRARY_PATH=/opt/shibboleth/%{_lib}
158 # Strip existing rpath to libcurl.
159 chrpath -d $RPM_BUILD_ROOT%{_sbindir}/shibd
160 chrpath -d $RPM_BUILD_ROOT%{_bindir}/mdquery
161 chrpath -d $RPM_BUILD_ROOT%{_bindir}/resolvertest
165 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
166 # %{_initddir} not yet in RHEL5, use deprecated %{_initrddir}
167 install -d -m 0755 $RPM_BUILD_ROOT%{_initrddir}
168 install -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/shibd-%{_vendor} $RPM_BUILD_ROOT%{_initrddir}/shibd
169 %if "%{_vendor}" == "suse"
170 install -d -m 0755 $RPM_BUILD_ROOT/%{_sbindir}
171 %{__ln_s} -f %{_initrddir}/shibd $RPM_BUILD_ROOT%{_sbindir}/rcshibd
179 [ "$RPM_BUILD_ROOT" != "/" ] && %{__rm} -rf $RPM_BUILD_ROOT
182 getent group %{runuser} >/dev/null || groupadd -r %{runuser}
183 getent passwd %{runuser} >/dev/null || useradd -r -g %{runuser} \
184 -d %{_localstatedir}/run/%{name} -s /sbin/nologin -c "Shibboleth SP daemon" %{runuser}
188 %ifnos solaris2.8 solaris2.9 solaris2.10
192 # Key generation or ownership fix
193 cd %{_sysconfdir}/%{name}
194 if [ -f sp-key.pem ] ; then
195 %{__chown} %{runuser}:%{runuser} sp-key.pem sp-cert.pem 2>/dev/null || :
197 sh ./keygen.sh -b -u %{runuser} -g %{runuser}
200 # Fix ownership of log files (even on new installs, if they're left from an older one).
201 %{__chown} %{runuser}:%{runuser} %{_localstatedir}/log/%{name}/* 2>/dev/null || :
203 %if "%{_vendor}" == "redhat"
204 if [ "$1" -gt "1" ] ; then
205 # On Red Hat with shib.conf installed, clean up old Alias commands
206 # by pointing them at new version-independent /usr/share/share tree.
207 # Any Aliases we didn't create we assume are custom files.
208 # This is to accomodate making shib.conf a noreplace config file.
209 # We can't do this for SUSE, because they disallow changes to
210 # packaged files in scriplets.
212 if [ -f %{_sysconfdir}/httpd/conf.d/shib.conf ] ; then
213 APACHE_CONF="%{_sysconfdir}/httpd/conf.d/shib.conf"
215 if [ "$APACHE_CONF" != "no" ] ; then
216 %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/main\.css/\/usr\/share\/shibboleth\/main.css/g" \
218 %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/logo\.jpg/\/usr\/share\/shibboleth\/logo.jpg/g" \
223 # This adds the proper /etc/rc*.d links for the script
224 /sbin/chkconfig --add shibd
226 # On upgrade, restart components if they're already running.
227 # This gets repeated now down in %postun, and the next release
228 # should remove this copy. If we yank it now, we'll break upgrades.
229 if [ "$1" -gt "1" ] ; then
230 /etc/init.d/shibd status 1>/dev/null && /etc/init.d/shibd restart 1>/dev/null
231 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
235 %if "%{_vendor}" == "suse"
236 # This adds the proper /etc/rc*.d links for the script
237 # and populates the sysconfig/shibd file.
239 %{fillup_only -n shibd}
240 %insserv_force_if_yast shibd
244 # On final removal, stop shibd and remove service, restart Apache if running.
245 %if "%{_vendor}" == "redhat"
246 if [ "$1" -eq 0 ] ; then
247 /sbin/service shibd stop >/dev/null 2>&1
248 /sbin/chkconfig --del shibd
249 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
252 %if "%{_vendor}" == "suse"
253 %stop_on_removal shibd
254 if [ "$1" -eq 0 ] ; then
255 %{!?_without_builtinapache:/etc/init.d/apache2 status 1>/dev/null && /etc/init.d/apache2 restart 1>/dev/null}
261 %ifnos solaris2.8 solaris2.9 solaris2.10
264 %if "%{_vendor}" == "redhat"
265 # On upgrade, restart components if they're already running.
266 if [ "$1" -ge "1" ] ; then
267 /etc/init.d/shibd status 1>/dev/null && /etc/init.d/shibd restart 1>/dev/null
268 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
272 %if "%{_vendor}" == "suse"
274 %restart_on_update shibd
275 %{!?_without_builtinapache:%restart_on_update apache2}
280 # ugly hack if init script got removed during %postun by upgraded (buggy/2.1) package
281 %if "%{_vendor}" == "redhat"
282 if [ ! -f %{_initrddir}/shibd ] ; then
283 if [ -f %{_sysconfdir}/%{name}/shibd-%{_vendor} ] ; then
284 %{__cp} -p %{_sysconfdir}/%{name}/shibd-%{_vendor} %{_initrddir}/shibd
285 %{__chmod} 755 %{_initrddir}/shibd
286 /sbin/chkconfig --add shibd
291 %files -f rpm.filelist
292 %defattr(-,root,root,-)
295 %{_bindir}/resolvertest
296 %{_libdir}/libshibsp.so.*
297 %{_libdir}/libshibsp-lite.so.*
298 %dir %{_libdir}/%{name}
300 %exclude %{_libdir}/%{name}/*.la
301 %attr(0750,%{runuser},%{runuser}) %dir %{_localstatedir}/log/%{name}
302 %attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/run/%{name}
303 %attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/cache/%{name}
304 %dir %{_datadir}/xml/%{name}
305 %{_datadir}/xml/%{name}/*
306 %dir %{_datadir}/%{name}
307 %{_datadir}/%{name}/*
308 %dir %{_sysconfdir}/%{name}
309 %config(noreplace) %{_sysconfdir}/%{name}/*.xml
310 %config(noreplace) %{_sysconfdir}/%{name}/*.html
311 %config(noreplace) %{_sysconfdir}/%{name}/*.logger
312 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
313 %config %{_initrddir}/shibd
315 %if "%{_vendor}" == "suse"
318 %{_sysconfdir}/%{name}/*.dist
319 %{_sysconfdir}/%{name}/apache*.config
320 %{_sysconfdir}/%{name}/shibd-*
321 %attr(0755,root,root) %{_sysconfdir}/%{name}/keygen.sh
322 %attr(0755,root,root) %{_sysconfdir}/%{name}/metagen.sh
323 %{_sysconfdir}/%{name}/*.xsl
325 %exclude %{pkgdocdir}/api
328 %defattr(-,root,root,-)
330 %{_libdir}/libshibsp.so
331 %{_libdir}/libshibsp-lite.so
332 %doc %{pkgdocdir}/api
335 * Thu Mar 1 2012 Scott Cantor <cantor.2@osu.edu> - 2.5-1
336 - Move logo and stylesheet to version-independent tree
337 - Make shib.conf noreplace
338 - Post-fixup of Alias commands in older shib.conf
339 - Changes to run shibd as non-root shibboleth user
340 - Move init customizations to /etc/sysconfig/shibd
341 - Copy shibd restart for Red Hat to postun
342 - Add boost-devel dependency
343 - Build memcache plugin on RH6
344 - Add cachedir to install
346 * Sun Jun 26 2011 Scott Cantor <cantor.2@osu.edu> - 2.4.3-1
347 - Log files shouldn't be world readable.
348 - Explicit requirement for libcurl-openssl on RHEL6
349 - Uncomment LD_LIBRARY_PATH in init script for RHEL6
350 - Remove rpath from binaries for RHEL6
352 * Fri Dec 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.4-1
353 - Update dependencies.
355 * Mon Nov 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.3.1-1
356 - Reset revision for 2.3.1 release
358 * Wed Aug 19 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-2
359 - SuSE init script changes
360 - Restart Apache on removal, not just upgrade
361 - Fix scriptlet exit values when Apache is stopped
363 * Mon Aug 10 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
364 - Doc handling changes
367 * Tue Aug 4 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
368 - Initial version for 2.2.1, with shibd/httpd restart on upgrade
370 * Thu Jun 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-3
371 - Add additional cleanup to posttrans fix
373 * Tue Jun 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-2
374 - Reverse without_builtinapache macro test
375 - Fix init script handling on Red Hat to handle upgrades
377 * Wed Dec 3 2008 Scott Cantor <cantor.2@osu.edu> - 2.2-1
378 - Bump minor version.
379 - Make keygen.sh executable.
380 - Fixing SUSE Xerces dependency name.
381 - Optionally package shib.conf.
383 * Tue Jun 10 2008 Scott Cantor <cantor.2@osu.edu> - 2.1-1
384 - Change shib.conf handling to treat as config file.
386 * Mon Mar 17 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-6
389 * Fri Jan 18 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-5
390 - Release candidate 1.
392 * Sun Oct 21 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-4
393 - libexec -> lib/shibboleth changes
394 - Added doc subpackage
396 * Thu Aug 16 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-3
399 * Fri Jul 13 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-2
400 - Second alpha release.
402 * Sun Jun 10 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-1
403 - First alpha release.
405 * Mon Oct 2 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-11
406 - Applied fix for secadv 20061002
407 - Fix for metadata loader loop
409 * Wed Jun 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-10
410 - Applied fix for sec 20060615
412 * Fri Apr 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-9
413 - Misc. patches, SuSE, Apache 2.2, gcc 4.1, and 64-bit support
415 * Mon Jan 9 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-8
416 - Applied new fix for secadv 20060109
418 * Tue Nov 8 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-7
419 - Applied new fix for secadv 20050901 plus rollup
421 * Fri Sep 23 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-6
422 - Minor patches and default config changes
424 - Fix shib.conf creation
425 - Integrated init.d script
426 - Prevent replacement of config files
428 * Thu Sep 1 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-5
429 - Applied fix for secadv 20050901 plus rollup of NSAPI fixes
431 * Sun Apr 24 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-1
432 - Updated test programs and location of schemas.
433 - move siterefresh to to sbindir
435 * Fri Apr 1 2005 Derek Atkins <derek@ihtfp.com> - 1.3-1
436 - Add selinux-targeted-policy package
437 - move shar to sbindir
439 * Tue Oct 19 2004 Derek Atkins <derek@ihtfp.com> - 1.2-1
440 - Create SPEC file based on various versions in existence.