2 Version: @PACKAGE_VERSION@
4 Summary: Open source system for attribute-based Web SSO
5 Group: Productivity/Networking/Security
8 URL: http://shibboleth.internet2.edu/
9 Source: %{name}-sp-%{version}.tar.gz
10 BuildRoot: %{_tmppath}/%{name}-%{version}-root
11 Requires: openssl, xmltooling-schemas, opensaml-schemas
12 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
13 PreReq: %{insserv_prereq}
14 BuildRequires: libXerces-c-devel >= 2.8.0
16 BuildRequires: libxerces-c-devel >= 2.8.0
18 BuildRequires: libxml-security-c-devel >= 1.4.0
19 BuildRequires: libxmltooling-devel >= 1.4
20 BuildRequires: libsaml-devel >= 2.4
21 %{?_with_log4cpp:BuildRequires: liblog4cpp-devel >= 1.0}
22 %{!?_with_log4cpp:BuildRequires: liblog4shib-devel}
24 Requires: libcurl-openssl >= 7.21.7
25 BuildRequires: chrpath
27 BuildRequires: gcc-c++, zlib-devel
28 %{!?_without_doxygen:BuildRequires: doxygen}
29 %{!?_without_odbc:BuildRequires:unixODBC-devel}
30 %{?_with_fastcgi:BuildRequires: fcgi-devel}
31 %if "%{_vendor}" == "redhat"
32 %{!?_without_builtinapache:BuildRequires: httpd-devel}
33 BuildRequires: redhat-rpm-config
35 %if "%{_vendor}" == "suse"
36 %{!?_without_builtinapache:BuildRequires: apache2-devel}
39 %if "%{_vendor}" == "suse"
40 %define pkgdocdir %{_docdir}/%{name}
42 %define pkgdocdir %{_docdir}/%{name}-%{version}
46 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
47 that supports multiple protocols, federated identity, and the extensible
48 exchange of rich attributes subject to privacy controls.
50 This package contains the Shibboleth Service Provider runtime libraries
54 Summary: Shibboleth development Headers
55 Group: Development/Libraries/C and C++
56 Requires: %{name} = %{version}-%{release}
57 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
58 Requires: libXerces-c-devel >= 2.8.0
60 Requires: libxerces-c-devel >= 2.8.0
62 Requires: libxml-security-c-devel >= 1.4.0
63 Requires: libxmltooling-devel >= 1.4
64 Requires: libsaml-devel >= 2.4
65 %{?_with_log4cpp:Requires: liblog4cpp-devel >= 1.0}
66 %{!?_with_log4cpp:Requires: liblog4shib-devel}
69 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
70 that supports multiple protocols, federated identity, and the extensible
71 exchange of rich attributes subject to privacy controls.
73 This package includes files needed for development with Shibboleth.
79 %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{?_with_memcached} %{?shib_options}
80 %{__make} pkgdocdir=%{pkgdocdir}
83 %{__make} install NOKEYGEN=1 DESTDIR=$RPM_BUILD_ROOT pkgdocdir=%{pkgdocdir}
85 %if "%{_vendor}" == "suse"
86 %{__sed} -i "s/\/var\/log\/httpd/\/var\/log\/apache2/g" \
87 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/native.logger
90 %{__sed} -i "s/#_RHEL6_//g" \
91 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/shibd-redhat
92 chrpath -d $RPM_BUILD_ROOT%{_sbindir}/shibd
93 chrpath -d $RPM_BUILD_ROOT%{_bindir}/mdquery
94 chrpath -d $RPM_BUILD_ROOT%{_bindir}/resolvertest
97 # Plug the SP into the built-in Apache on a recognized system.
100 if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_13.so ] ; then
101 APACHE_CONFIG="apache.config"
103 if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_20.so ] ; then
104 APACHE_CONFIG="apache2.config"
106 if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_22.so ] ; then
107 APACHE_CONFIG="apache22.config"
109 %{?_without_builtinapache:APACHE_CONFIG="no"}
110 if [ "$APACHE_CONFIG" != "no" ] ; then
112 if [ -d %{_sysconfdir}/httpd/conf.d ] ; then
113 APACHE_CONFD="%{_sysconfdir}/httpd/conf.d"
115 if [ -d %{_sysconfdir}/apache2/conf.d ] ; then
116 APACHE_CONFD="%{_sysconfdir}/apache2/conf.d"
118 if [ "$APACHE_CONFD" != "no" ] ; then
119 %{__mkdir} -p $RPM_BUILD_ROOT$APACHE_CONFD
120 %{__cp} -p $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/$APACHE_CONFIG $RPM_BUILD_ROOT$APACHE_CONFD/shib.conf
121 echo "%config $APACHE_CONFD/shib.conf" > rpm.filelist
125 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
126 # %{_initddir} not yet in RHEL5, use deprecated %{_initrddir}
127 install -d -m 0755 $RPM_BUILD_ROOT%{_initrddir}
128 install -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/shibd-%{_vendor} $RPM_BUILD_ROOT%{_initrddir}/shibd
129 %if "%{_vendor}" == "suse"
130 install -d -m 0755 $RPM_BUILD_ROOT/%{_sbindir}
131 %{__ln_s} -f %{_initrddir}/shibd $RPM_BUILD_ROOT%{_sbindir}/rcshibd
139 [ "$RPM_BUILD_ROOT" != "/" ] && %{__rm} -rf $RPM_BUILD_ROOT
142 %ifnos solaris2.8 solaris2.9 solaris2.10
147 cd %{_sysconfdir}/%{name}
150 %if "%{_vendor}" == "redhat"
151 # This adds the proper /etc/rc*.d links for the script
152 /sbin/chkconfig --add shibd
153 # On upgrade, restart components if they're already running.
154 if [ "$1" -gt "1" ] ; then
155 /etc/init.d/shibd status 1>/dev/null && /etc/init.d/shibd restart 1>/dev/null
156 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
160 %if "%{_vendor}" == "suse"
161 # This adds the proper /etc/rc*.d links for the script
163 %insserv_force_if_yast shibd
167 %if "%{_vendor}" == "redhat"
168 if [ "$1" = 0 ] ; then
169 /sbin/service shibd stop >/dev/null 2>&1
170 /sbin/chkconfig --del shibd
171 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
174 %if "%{_vendor}" == "suse"
175 %stop_on_removal shibd
176 if [ "$1" = 0 ] ; then
177 %{!?_without_builtinapache:/etc/init.d/apache2 status 1>/dev/null && /etc/init.d/apache2 restart 1>/dev/null}
183 %ifnos solaris2.8 solaris2.9 solaris2.10
186 %if "%{_vendor}" == "suse"
188 %restart_on_update shibd
189 %{!?_without_builtinapache:%restart_on_update apache2}
194 # ugly hack if init script got removed during %postun by upgraded (buggy/2.1) package
195 %if "%{_vendor}" == "redhat"
196 if [ ! -f %{_initrddir}/shibd ] ; then
197 if [ -f %{_sysconfdir}/%{name}/shibd-%{_vendor} ] ; then
198 %{__cp} -p %{_sysconfdir}/%{name}/shibd-%{_vendor} %{_initrddir}/shibd
199 %{__chmod} 755 %{_initrddir}/shibd
200 /sbin/chkconfig --add shibd
205 %files -f rpm.filelist
206 %defattr(-,root,root,-)
209 %{_bindir}/resolvertest
210 %{_libdir}/libshibsp.so.*
211 %{_libdir}/libshibsp-lite.so.*
212 %dir %{_libdir}/%{name}
214 %exclude %{_libdir}/%{name}/*.la
215 %attr(0750,-,-) %dir %{_localstatedir}/log/%{name}
216 %dir %{_localstatedir}/run/%{name}
217 %dir %{_datadir}/xml/%{name}
218 %{_datadir}/xml/%{name}/*
219 %dir %{_sysconfdir}/%{name}
220 %config(noreplace) %{_sysconfdir}/%{name}/*.xml
221 %config(noreplace) %{_sysconfdir}/%{name}/*.html
222 %config(noreplace) %{_sysconfdir}/%{name}/*.logger
223 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
224 %config %{_initrddir}/shibd
226 %if "%{_vendor}" == "suse"
229 %{_sysconfdir}/%{name}/*.dist
230 %{_sysconfdir}/%{name}/apache*.config
231 %{_sysconfdir}/%{name}/shibd-*
232 %attr(755,-,-) %{_sysconfdir}/%{name}/keygen.sh
233 %attr(755,-,-) %{_sysconfdir}/%{name}/metagen.sh
234 %{_sysconfdir}/%{name}/*.xsl
236 %exclude %{pkgdocdir}/api
239 %defattr(-,root,root,-)
241 %{_libdir}/libshibsp.so
242 %{_libdir}/libshibsp-lite.so
243 %doc %{pkgdocdir}/api
246 * Sun Jun 26 2011 Scott Cantor <cantor.2@osu.edu> - 2.4.3-1
247 - Log files shouldn't be world readable.
248 - Explicit requirement for libcurl-openssl on RHEL6
249 - Uncomment LD_LIBRARY_PATH in init script for RHEL6
250 - Remove rpath from binaries for RHEL6
252 * Fri Dec 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.4-1
253 - Update dependencies.
255 * Mon Nov 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.3.1-1
256 - Reset revision for 2.3.1 release
258 * Wed Aug 19 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-2
259 - SuSE init script changes
260 - Restart Apache on removal, not just upgrade
261 - Fix scriptlet exit values when Apache is stopped
263 * Mon Aug 10 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
264 - Doc handling changes
267 * Tue Aug 4 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
268 - Initial version for 2.2.1, with shibd/httpd restart on upgrade
270 * Thu Jun 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-3
271 - Add additional cleanup to posttrans fix
273 * Tue Jun 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-2
274 - Reverse without_builtinapache macro test
275 - Fix init script handling on Red Hat to handle upgrades
277 * Wed Dec 3 2008 Scott Cantor <cantor.2@osu.edu> - 2.2-1
278 - Bump minor version.
279 - Make keygen.sh executable.
280 - Fixing SUSE Xerces dependency name.
281 - Optionally package shib.conf.
283 * Tue Jun 10 2008 Scott Cantor <cantor.2@osu.edu> - 2.1-1
284 - Change shib.conf handling to treat as config file.
286 * Mon Mar 17 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-6
289 * Fri Jan 18 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-5
290 - Release candidate 1.
292 * Sun Oct 21 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-4
293 - libexec -> lib/shibboleth changes
294 - Added doc subpackage
296 * Thu Aug 16 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-3
299 * Fri Jul 13 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-2
300 - Second alpha release.
302 * Sun Jun 10 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-1
303 - First alpha release.
305 * Mon Oct 2 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-11
306 - Applied fix for secadv 20061002
307 - Fix for metadata loader loop
309 * Wed Jun 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-10
310 - Applied fix for sec 20060615
312 * Fri Apr 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-9
313 - Misc. patches, SuSE, Apache 2.2, gcc 4.1, and 64-bit support
315 * Mon Jan 9 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-8
316 - Applied new fix for secadv 20060109
318 * Tue Nov 8 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-7
319 - Applied new fix for secadv 20050901 plus rollup
321 * Fri Sep 23 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-6
322 - Minor patches and default config changes
324 - Fix shib.conf creation
325 - Integrated init.d script
326 - Prevent replacement of config files
328 * Thu Sep 1 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-5
329 - Applied fix for secadv 20050901 plus rollup of NSAPI fixes
331 * Sun Apr 24 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-1
332 - Updated test programs and location of schemas.
333 - move siterefresh to to sbindir
335 * Fri Apr 1 2005 Derek Atkins <derek@ihtfp.com> - 1.3-1
336 - Add selinux-targeted-policy package
337 - move shar to sbindir
339 * Tue Oct 19 2004 Derek Atkins <derek@ihtfp.com> - 1.2-1
340 - Create SPEC file based on various versions in existence.