2 Version: @PACKAGE_VERSION@
4 Summary: Open source system for attribute-based Web SSO
5 Group: Productivity/Networking/Security
6 Vendor: Shibboleth Consortium
8 URL: http://shibboleth.net/
9 Source: %{name}-sp-%{version}.tar.gz
10 BuildRoot: %{_tmppath}/%{name}-sp-%{version}-root
11 Obsoletes: shibboleth-sp = 2.5.0
13 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
14 PreReq: xmltooling-schemas%{?_isa} >= 1.5.0, opensaml-schemas%{?_isa} >= 2.5.0
16 PreReq: xmltooling-schemas >= 1.5.0, opensaml-schemas >= 2.5.0
18 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
19 PreReq: %{insserv_prereq} %{fillup_prereq}
20 BuildRequires: libXerces-c-devel >= 2.8.0
22 BuildRequires: libxerces-c-devel >= 2.8.0
24 BuildRequires: libxml-security-c-devel >= 1.4.0
25 BuildRequires: libxmltooling-devel >= 1.5
26 BuildRequires: libsaml-devel >= 2.5
27 %{?_with_log4cpp:BuildRequires: liblog4cpp-devel >= 1.0}
28 %{!?_with_log4cpp:BuildRequires: liblog4shib-devel >= 1.0.4}
29 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
30 Requires: libcurl-openssl%{?_isa} >= 7.21.7
31 BuildRequires: chrpath
33 BuildRequires: gcc-c++, zlib-devel, boost-devel >= 1.32.0
34 %{!?_without_doxygen:BuildRequires: doxygen}
35 %{!?_without_odbc:BuildRequires:unixODBC-devel}
36 %{?_with_fastcgi:BuildRequires: fcgi-devel}
37 %if 0%{?centos_version} >= 600
38 BuildRequires: libmemcached-devel
40 %{?_with_memcached:BuildRequires: libmemcached-devel}
41 %if "%{_vendor}" == "redhat"
42 %{!?_without_builtinapache:BuildRequires: httpd-devel}
43 BuildRequires: redhat-rpm-config
44 Requires(pre): shadow-utils
45 Requires(post): chkconfig
46 Requires(preun): chkconfig, initscripts
48 %if "%{_vendor}" == "suse"
49 Requires(pre): pwdutils
50 %{!?_without_builtinapache:BuildRequires: apache2-devel}
54 %if "%{_vendor}" == "suse"
55 %define pkgdocdir %{_docdir}/shibboleth
57 %define pkgdocdir %{_docdir}/shibboleth-%{version}
61 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
62 that supports multiple protocols, federated identity, and the extensible
63 exchange of rich attributes subject to privacy controls.
65 This package contains the Shibboleth Service Provider runtime libraries,
66 daemon, default plugins, and Apache module(s).
69 Summary: Shibboleth Development Headers
70 Group: Development/Libraries/C and C++
71 Requires: %{name} = %{version}-%{release}
72 Obsoletes: shibboleth-sp-devel = 2.5.0
73 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
74 Requires: libXerces-c-devel >= 2.8.0
76 Requires: libxerces-c-devel >= 2.8.0
78 Requires: libxml-security-c-devel >= 1.4.0
79 Requires: libxmltooling-devel >= 1.5
80 Requires: libsaml-devel >= 2.5
81 %{?_with_log4cpp:Requires: liblog4cpp-devel >= 1.0}
82 %{!?_with_log4cpp:Requires: liblog4shib-devel >= 1.0.4}
85 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
86 that supports multiple protocols, federated identity, and the extensible
87 exchange of rich attributes subject to privacy controls.
89 This package includes files needed for development with Shibboleth.
92 %setup -n %{name}-sp-%{version}
95 %if 0%{?centos_version} >= 600
96 %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{!?_without_memcached:--with-memcached} %{?shib_options}
98 %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{?_with_memcached} %{?shib_options}
100 %{__make} pkgdocdir=%{pkgdocdir}
103 %{__make} install NOKEYGEN=1 DESTDIR=$RPM_BUILD_ROOT pkgdocdir=%{pkgdocdir}
105 %if "%{_vendor}" == "suse"
106 %{__sed} -i "s/\/var\/log\/httpd/\/var\/log\/apache2/g" \
107 $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/native.logger
110 # Plug the SP into the built-in Apache on a recognized system.
113 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_13.so ] ; then
114 APACHE_CONFIG="apache.config"
116 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_20.so ] ; then
117 APACHE_CONFIG="apache2.config"
119 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_22.so ] ; then
120 APACHE_CONFIG="apache22.config"
122 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_24.so ] ; then
123 APACHE_CONFIG="apache24.config"
125 %{?_without_builtinapache:APACHE_CONFIG="no"}
126 if [ "$APACHE_CONFIG" != "no" ] ; then
128 if [ -d %{_sysconfdir}/httpd/conf.d ] ; then
129 APACHE_CONFD="%{_sysconfdir}/httpd/conf.d"
131 if [ -d %{_sysconfdir}/apache2/conf.d ] ; then
132 APACHE_CONFD="%{_sysconfdir}/apache2/conf.d"
134 if [ "$APACHE_CONFD" != "no" ] ; then
135 %{__mkdir} -p $RPM_BUILD_ROOT$APACHE_CONFD
136 %{__cp} -p $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/$APACHE_CONFIG $RPM_BUILD_ROOT$APACHE_CONFD/shib.conf
137 echo "%config(noreplace) $APACHE_CONFD/shib.conf" >> rpm.filelist
141 # Establish location of sysconfig file, if any.
143 %if "%{_vendor}" == "redhat"
144 %{__mkdir} -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
145 echo "%config(noreplace) %{_sysconfdir}/sysconfig/shibd" >> rpm.filelist
146 SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/shibd"
148 %if "%{_vendor}" == "suse"
149 %{__mkdir} -p $RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates
150 echo "%{_localstatedir}/adm/fillup-templates/sysconfig.shibd" >> rpm.filelist
151 SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates/sysconfig.shibd"
153 if [ "$SYSCONFIG_SHIBD" != "no" ] ; then
154 # Populate the sysconfig file.
155 cat > $SYSCONFIG_SHIBD <<EOF
156 # Shibboleth SP init script customization
158 # User account for shibd
159 SHIBD_USER=%{runuser}
161 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
162 cat >> $SYSCONFIG_SHIBD <<EOF
164 # Override OS-supplied libcurl
165 export LD_LIBRARY_PATH=/opt/shibboleth/%{_lib}
167 # Strip existing rpath to libcurl.
168 chrpath -d $RPM_BUILD_ROOT%{_sbindir}/shibd
169 chrpath -d $RPM_BUILD_ROOT%{_bindir}/mdquery
170 chrpath -d $RPM_BUILD_ROOT%{_bindir}/resolvertest
174 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
175 # %{_initddir} not yet in RHEL5, use deprecated %{_initrddir}
176 install -d -m 0755 $RPM_BUILD_ROOT%{_initrddir}
177 install -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/shibd-%{_vendor} $RPM_BUILD_ROOT%{_initrddir}/shibd
178 %if "%{_vendor}" == "suse"
179 install -d -m 0755 $RPM_BUILD_ROOT/%{_sbindir}
180 %{__ln_s} -f %{_initrddir}/shibd $RPM_BUILD_ROOT%{_sbindir}/rcshibd
188 [ "$RPM_BUILD_ROOT" != "/" ] && %{__rm} -rf $RPM_BUILD_ROOT
191 getent group %{runuser} >/dev/null || groupadd -r %{runuser}
192 getent passwd %{runuser} >/dev/null || useradd -r -g %{runuser} \
193 -d %{_localstatedir}/run/shibboleth -s /sbin/nologin -c "Shibboleth SP daemon" %{runuser}
197 %ifnos solaris2.8 solaris2.9 solaris2.10 solaris2.11
201 # Key generation or ownership fix
202 cd %{_sysconfdir}/shibboleth
203 if [ -f sp-key.pem ] ; then
204 %{__chown} %{runuser}:%{runuser} sp-key.pem sp-cert.pem 2>/dev/null || :
206 sh ./keygen.sh -b -u %{runuser} -g %{runuser}
209 # Fix ownership of log files (even on new installs, if they're left from an older one).
210 %{__chown} %{runuser}:%{runuser} %{_localstatedir}/log/shibboleth/* 2>/dev/null || :
212 %if "%{_vendor}" == "redhat"
213 if [ "$1" -gt "1" ] ; then
214 # On Red Hat with shib.conf installed, clean up old Alias commands
215 # by pointing them at new version-independent /usr/share/share tree.
216 # Any Aliases we didn't create we assume are custom files.
217 # This is to accomodate making shib.conf a noreplace config file.
218 # We can't do this for SUSE, because they disallow changes to
219 # packaged files in scriplets.
221 if [ -f %{_sysconfdir}/httpd/conf.d/shib.conf ] ; then
222 APACHE_CONF="%{_sysconfdir}/httpd/conf.d/shib.conf"
224 if [ "$APACHE_CONF" != "no" ] ; then
225 %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/main\.css/\/usr\/share\/shibboleth\/main.css/g" \
227 %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/logo\.jpg/\/usr\/share\/shibboleth\/logo.jpg/g" \
232 # This adds the proper /etc/rc*.d links for the script
233 /sbin/chkconfig --add shibd
235 %if "%{_vendor}" == "suse"
236 # This adds the proper /etc/rc*.d links for the script
237 # and populates the sysconfig/shibd file.
239 %{fillup_only -n shibd}
240 %insserv_force_if_yast shibd
244 # On final removal, stop shibd and remove service, restart Apache if running.
245 %if "%{_vendor}" == "redhat"
246 if [ "$1" -eq 0 ] ; then
247 /sbin/service shibd stop >/dev/null 2>&1
248 /sbin/chkconfig --del shibd
249 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
252 %if "%{_vendor}" == "suse"
253 %stop_on_removal shibd
254 if [ "$1" -eq 0 ] ; then
255 %{!?_without_builtinapache:/etc/init.d/apache2 status 1>/dev/null && /etc/init.d/apache2 restart 1>/dev/null}
261 %ifnos solaris2.8 solaris2.9 solaris2.10 solaris2.11
264 %if "%{_vendor}" == "redhat"
265 # On upgrade, restart components if they're already running.
266 if [ "$1" -ge "1" ] ; then
267 /etc/init.d/shibd status 1>/dev/null && /etc/init.d/shibd restart 1>/dev/null
268 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
272 %if "%{_vendor}" == "suse"
274 %restart_on_update shibd
275 %{!?_without_builtinapache:%restart_on_update apache2}
280 # ugly hack if init script got removed during %postun by upgraded (buggy/2.1) package
281 %if "%{_vendor}" == "redhat"
282 if [ ! -f %{_initrddir}/shibd ] ; then
283 if [ -f %{_sysconfdir}/shibboleth/shibd-%{_vendor} ] ; then
284 %{__cp} -p %{_sysconfdir}/shibboleth/shibd-%{_vendor} %{_initrddir}/shibd
285 %{__chmod} 755 %{_initrddir}/shibd
286 /sbin/chkconfig --add shibd
291 %files -f rpm.filelist
292 %defattr(-,root,root,-)
295 %{_bindir}/resolvertest
296 %{_libdir}/libshibsp.so.*
297 %{_libdir}/libshibsp-lite.so.*
298 %dir %{_libdir}/shibboleth
299 %{_libdir}/shibboleth/*
300 %attr(0750,%{runuser},%{runuser}) %dir %{_localstatedir}/log/shibboleth
301 %attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/run/shibboleth
302 %attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/cache/shibboleth
303 %dir %{_datadir}/xml/shibboleth
304 %{_datadir}/xml/shibboleth/*
305 %dir %{_datadir}/shibboleth
306 %{_datadir}/shibboleth/*
307 %dir %{_sysconfdir}/shibboleth
308 %config(noreplace) %{_sysconfdir}/shibboleth/*.xml
309 %config(noreplace) %{_sysconfdir}/shibboleth/*.html
310 %config(noreplace) %{_sysconfdir}/shibboleth/*.logger
311 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
312 %config %{_initrddir}/shibd
314 %if "%{_vendor}" == "suse"
317 %{_sysconfdir}/shibboleth/*.dist
318 %{_sysconfdir}/shibboleth/apache*.config
319 %{_sysconfdir}/shibboleth/shibd-*
320 %attr(0755,root,root) %{_sysconfdir}/shibboleth/keygen.sh
321 %attr(0755,root,root) %{_sysconfdir}/shibboleth/metagen.sh
322 %{_sysconfdir}/shibboleth/*.xsl
324 %exclude %{pkgdocdir}/api
327 %defattr(-,root,root,-)
329 %{_libdir}/libshibsp.so
330 %{_libdir}/libshibsp-lite.so
331 %doc %{pkgdocdir}/api
334 * Tue Sep 25 2012 Scott Cantor <cantor.2@osu.edu> - 2.5.1-1
335 - Merge back various changes used in released packages
336 - Prep for 2.5.1 by pulling extra restart out
338 * Tue Aug 7 2012 Scott Cantor <cantor.2@osu.edu> - 2.5.0-2
339 - Changed package name back to shibboleth because of upgrade bugs
340 - Put back extra restart for this release only.
342 * Thu Mar 1 2012 Scott Cantor <cantor.2@osu.edu> - 2.5.0-1
343 - Move logo and stylesheet to version-independent tree
344 - Make shib.conf noreplace
345 - Post-fixup of Alias commands in older shib.conf
346 - Changes to run shibd as non-root shibboleth user
347 - Move init customizations to /etc/sysconfig/shibd
348 - Copy shibd restart for Red Hat to postun
349 - Add boost-devel dependency
350 - Build memcache plugin on RH6
351 - Add cachedir to install
352 - Add Apache 2.4 to install
354 * Sun Jun 26 2011 Scott Cantor <cantor.2@osu.edu> - 2.4.3-1
355 - Log files shouldn't be world readable.
356 - Explicit requirement for libcurl-openssl on RHEL6
357 - Uncomment LD_LIBRARY_PATH in init script for RHEL6
358 - Remove rpath from binaries for RHEL6
360 * Fri Dec 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.4-1
361 - Update dependencies.
363 * Mon Nov 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.3.1-1
364 - Reset revision for 2.3.1 release
366 * Wed Aug 19 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-2
367 - SuSE init script changes
368 - Restart Apache on removal, not just upgrade
369 - Fix scriptlet exit values when Apache is stopped
371 * Mon Aug 10 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
372 - Doc handling changes
375 * Tue Aug 4 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
376 - Initial version for 2.2.1, with shibd/httpd restart on upgrade
378 * Thu Jun 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-3
379 - Add additional cleanup to posttrans fix
381 * Tue Jun 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-2
382 - Reverse without_builtinapache macro test
383 - Fix init script handling on Red Hat to handle upgrades
385 * Wed Dec 3 2008 Scott Cantor <cantor.2@osu.edu> - 2.2-1
386 - Bump minor version.
387 - Make keygen.sh executable.
388 - Fixing SUSE Xerces dependency name.
389 - Optionally package shib.conf.
391 * Tue Jun 10 2008 Scott Cantor <cantor.2@osu.edu> - 2.1-1
392 - Change shib.conf handling to treat as config file.
394 * Mon Mar 17 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-6
397 * Fri Jan 18 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-5
398 - Release candidate 1.
400 * Sun Oct 21 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-4
401 - libexec -> lib/shibboleth changes
402 - Added doc subpackage
404 * Thu Aug 16 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-3
407 * Fri Jul 13 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-2
408 - Second alpha release.
410 * Sun Jun 10 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-1
411 - First alpha release.
413 * Mon Oct 2 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-11
414 - Applied fix for secadv 20061002
415 - Fix for metadata loader loop
417 * Wed Jun 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-10
418 - Applied fix for sec 20060615
420 * Fri Apr 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-9
421 - Misc. patches, SuSE, Apache 2.2, gcc 4.1, and 64-bit support
423 * Mon Jan 9 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-8
424 - Applied new fix for secadv 20060109
426 * Tue Nov 8 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-7
427 - Applied new fix for secadv 20050901 plus rollup
429 * Fri Sep 23 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-6
430 - Minor patches and default config changes
432 - Fix shib.conf creation
433 - Integrated init.d script
434 - Prevent replacement of config files
436 * Thu Sep 1 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-5
437 - Applied fix for secadv 20050901 plus rollup of NSAPI fixes
439 * Sun Apr 24 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-1
440 - Updated test programs and location of schemas.
441 - move siterefresh to to sbindir
443 * Fri Apr 1 2005 Derek Atkins <derek@ihtfp.com> - 1.3-1
444 - Add selinux-targeted-policy package
445 - move shar to sbindir
447 * Tue Oct 19 2004 Derek Atkins <derek@ihtfp.com> - 1.2-1
448 - Create SPEC file based on various versions in existence.