2 Version: @PACKAGE_VERSION@
4 Summary: Open source system for attribute-based Web SSO
5 Group: Productivity/Networking/Security
8 URL: http://shibboleth.internet2.edu/
9 Source: %{name}-sp-%{version}.tar.gz
10 BuildRoot: %{_tmppath}/%{name}-%{version}-root
12 PreReq: xmltooling-schemas, opensaml-schemas
13 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
14 PreReq: %{insserv_prereq} %{fillup_prereq}
15 BuildRequires: libXerces-c-devel >= 2.8.0
17 BuildRequires: libxerces-c-devel >= 2.8.0
19 BuildRequires: libxml-security-c-devel >= 1.4.0
20 BuildRequires: libxmltooling-devel >= 1.5
21 BuildRequires: libsaml-devel >= 2.5
22 %{?_with_log4cpp:BuildRequires: liblog4cpp-devel >= 1.0}
23 %{!?_with_log4cpp:BuildRequires: liblog4shib-devel}
24 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
25 Requires: libcurl-openssl >= 7.21.7
26 BuildRequires: chrpath, libmemcached-devel
28 BuildRequires: gcc-c++, zlib-devel, boost-devel >= 1.32.0
29 %{!?_without_doxygen:BuildRequires: doxygen}
30 %{!?_without_odbc:BuildRequires:unixODBC-devel}
31 %{?_with_fastcgi:BuildRequires: fcgi-devel}
32 %{?_with_memcached:BuildRequires: libmemcached-devel}
33 %if "%{_vendor}" == "redhat"
34 %{!?_without_builtinapache:BuildRequires: httpd-devel}
35 BuildRequires: redhat-rpm-config
36 Requires(pre): shadow-utils
37 Requires(post): chkconfig
38 Requires(preun): chkconfig, initscripts
40 %if "%{_vendor}" == "suse"
41 Requires(pre): pwdutils
42 %{!?_without_builtinapache:BuildRequires: apache2-devel}
46 %if "%{_vendor}" == "suse"
47 %define pkgdocdir %{_docdir}/%{name}
49 %define pkgdocdir %{_docdir}/%{name}-%{version}
53 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
54 that supports multiple protocols, federated identity, and the extensible
55 exchange of rich attributes subject to privacy controls.
57 This package contains the Shibboleth Service Provider runtime libraries,
58 daemon, default plugins, and Apache module(s).
61 Summary: Shibboleth Development Headers
62 Group: Development/Libraries/C and C++
63 Requires: %{name} = %{version}-%{release}
64 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
65 Requires: libXerces-c-devel >= 2.8.0
67 Requires: libxerces-c-devel >= 2.8.0
69 Requires: libxml-security-c-devel >= 1.4.0
70 Requires: libxmltooling-devel >= 1.5
71 Requires: libsaml-devel >= 2.5
72 %{?_with_log4cpp:Requires: liblog4cpp-devel >= 1.0}
73 %{!?_with_log4cpp:Requires: liblog4shib-devel}
76 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
77 that supports multiple protocols, federated identity, and the extensible
78 exchange of rich attributes subject to privacy controls.
80 This package includes files needed for development with Shibboleth.
86 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
87 %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{!?_without_memcached:--with-memcached} %{?shib_options}
89 %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{?_with_memcached} %{?shib_options}
91 %{__make} pkgdocdir=%{pkgdocdir}
94 %{__make} install NOKEYGEN=1 DESTDIR=$RPM_BUILD_ROOT pkgdocdir=%{pkgdocdir}
96 %if "%{_vendor}" == "suse"
97 %{__sed} -i "s/\/var\/log\/httpd/\/var\/log\/apache2/g" \
98 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/native.logger
101 # Plug the SP into the built-in Apache on a recognized system.
104 if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_13.so ] ; then
105 APACHE_CONFIG="apache.config"
107 if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_20.so ] ; then
108 APACHE_CONFIG="apache2.config"
110 if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_22.so ] ; then
111 APACHE_CONFIG="apache22.config"
113 %{?_without_builtinapache:APACHE_CONFIG="no"}
114 if [ "$APACHE_CONFIG" != "no" ] ; then
116 if [ -d %{_sysconfdir}/httpd/conf.d ] ; then
117 APACHE_CONFD="%{_sysconfdir}/httpd/conf.d"
119 if [ -d %{_sysconfdir}/apache2/conf.d ] ; then
120 APACHE_CONFD="%{_sysconfdir}/apache2/conf.d"
122 if [ "$APACHE_CONFD" != "no" ] ; then
123 %{__mkdir} -p $RPM_BUILD_ROOT$APACHE_CONFD
124 %{__cp} -p $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/$APACHE_CONFIG $RPM_BUILD_ROOT$APACHE_CONFD/shib.conf
125 echo "%config(noreplace) $APACHE_CONFD/shib.conf" >> rpm.filelist
129 # Establish location of sysconfig file, if any.
131 %if "%{_vendor}" == "redhat"
132 %{__mkdir} -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
133 echo "%config(noreplace) %{_sysconfdir}/sysconfig/shibd" >> rpm.filelist
134 SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/shibd"
136 %if "%{_vendor}" == "suse"
137 %{__mkdir} -p $RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates
138 echo "%{_localstatedir}/adm/fillup-templates/sysconfig.shibd" >> rpm.filelist
139 SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates/sysconfig.shibd"
141 if [ "$SYSCONFIG_SHIBD" != "no" ] ; then
142 # Populate the sysconfig file.
143 cat > $SYSCONFIG_SHIBD <<EOF
144 # Shibboleth SP init script customization
146 # User account for shibd
147 SHIBD_USER=%{runuser}
149 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
150 cat >> $SYSCONFIG_SHIBD <<EOF
152 # Override OS-supplied libcurl
153 export LD_LIBRARY_PATH=/opt/shibboleth/%{_lib}
155 # Strip existing rpath to libcurl.
156 chrpath -d $RPM_BUILD_ROOT%{_sbindir}/shibd
157 chrpath -d $RPM_BUILD_ROOT%{_bindir}/mdquery
158 chrpath -d $RPM_BUILD_ROOT%{_bindir}/resolvertest
162 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
163 # %{_initddir} not yet in RHEL5, use deprecated %{_initrddir}
164 install -d -m 0755 $RPM_BUILD_ROOT%{_initrddir}
165 install -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/shibd-%{_vendor} $RPM_BUILD_ROOT%{_initrddir}/shibd
166 %if "%{_vendor}" == "suse"
167 install -d -m 0755 $RPM_BUILD_ROOT/%{_sbindir}
168 %{__ln_s} -f %{_initrddir}/shibd $RPM_BUILD_ROOT%{_sbindir}/rcshibd
176 [ "$RPM_BUILD_ROOT" != "/" ] && %{__rm} -rf $RPM_BUILD_ROOT
179 getent group %{runuser} >/dev/null || groupadd -r %{runuser}
180 getent passwd %{runuser} >/dev/null || useradd -r -g %{runuser} \
181 -d %{_localstatedir}/run/%{name} -s /sbin/nologin -c "Shibboleth SP daemon" %{runuser}
185 %ifnos solaris2.8 solaris2.9 solaris2.10
189 # Key generation or ownership fix
190 cd %{_sysconfdir}/%{name}
191 if [ -f sp-key.pem ] ; then
192 %{__chown} %{runuser}:%{runuser} sp-key.pem sp-cert.pem 2>/dev/null || :
194 sh ./keygen.sh -b -u %{runuser} -g %{runuser}
197 # Fix ownership of log files (even on new installs, if they're left from an older one).
198 %{__chown} %{runuser}:%{runuser} %{_localstatedir}/log/%{name}/* 2>/dev/null || :
200 %if "%{_vendor}" == "redhat"
201 if [ "$1" -gt "1" ] ; then
202 # On Red Hat with shib.conf installed, clean up old Alias commands
203 # by pointing them at new version-independent /usr/share/share tree.
204 # Any Aliases we didn't create we assume are custom files.
205 # This is to accomodate making shib.conf a noreplace config file.
206 # We can't do this for SUSE, because they disallow changes to
207 # packaged files in scriplets.
209 if [ -f %{_sysconfdir}/httpd/conf.d/shib.conf ] ; then
210 APACHE_CONF="%{_sysconfdir}/httpd/conf.d/shib.conf"
212 if [ "$APACHE_CONF" != "no" ] ; then
213 %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/main\.css/\/usr\/share\/shibboleth\/main.css/g" \
215 %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/logo\.jpg/\/usr\/share\/shibboleth\/logo.jpg/g" \
220 # This adds the proper /etc/rc*.d links for the script
221 /sbin/chkconfig --add shibd
223 # On upgrade, restart components if they're already running.
224 # This gets repeated now down in %postun, and the next release
225 # should remove this copy. If we yank it now, we'll break upgrades.
226 if [ "$1" -gt "1" ] ; then
227 /etc/init.d/shibd status 1>/dev/null && /etc/init.d/shibd restart 1>/dev/null
228 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
232 %if "%{_vendor}" == "suse"
233 # This adds the proper /etc/rc*.d links for the script
234 # and populates the sysconfig/shibd file.
236 %{fillup_only -n shibd}
237 %insserv_force_if_yast shibd
241 # On final removal, stop shibd and remove service, restart Apache if running.
242 %if "%{_vendor}" == "redhat"
243 if [ "$1" -eq 0 ] ; then
244 /sbin/service shibd stop >/dev/null 2>&1
245 /sbin/chkconfig --del shibd
246 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
249 %if "%{_vendor}" == "suse"
250 %stop_on_removal shibd
251 if [ "$1" -eq 0 ] ; then
252 %{!?_without_builtinapache:/etc/init.d/apache2 status 1>/dev/null && /etc/init.d/apache2 restart 1>/dev/null}
258 %ifnos solaris2.8 solaris2.9 solaris2.10
261 %if "%{_vendor}" == "redhat"
262 # On upgrade, restart components if they're already running.
263 if [ "$1" -ge "1" ] ; then
264 /etc/init.d/shibd status 1>/dev/null && /etc/init.d/shibd restart 1>/dev/null
265 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
269 %if "%{_vendor}" == "suse"
271 %restart_on_update shibd
272 %{!?_without_builtinapache:%restart_on_update apache2}
277 # ugly hack if init script got removed during %postun by upgraded (buggy/2.1) package
278 %if "%{_vendor}" == "redhat"
279 if [ ! -f %{_initrddir}/shibd ] ; then
280 if [ -f %{_sysconfdir}/%{name}/shibd-%{_vendor} ] ; then
281 %{__cp} -p %{_sysconfdir}/%{name}/shibd-%{_vendor} %{_initrddir}/shibd
282 %{__chmod} 755 %{_initrddir}/shibd
283 /sbin/chkconfig --add shibd
288 %files -f rpm.filelist
289 %defattr(-,root,root,-)
292 %{_bindir}/resolvertest
293 %{_libdir}/libshibsp.so.*
294 %{_libdir}/libshibsp-lite.so.*
295 %dir %{_libdir}/%{name}
297 %exclude %{_libdir}/%{name}/*.la
298 %attr(0750,%{runuser},%{runuser}) %dir %{_localstatedir}/log/%{name}
299 %attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/run/%{name}
300 %dir %{_datadir}/xml/%{name}
301 %{_datadir}/xml/%{name}/*
302 %dir %{_datadir}/%{name}
303 %{_datadir}/%{name}/*
304 %dir %{_sysconfdir}/%{name}
305 %config(noreplace) %{_sysconfdir}/%{name}/*.xml
306 %config(noreplace) %{_sysconfdir}/%{name}/*.html
307 %config(noreplace) %{_sysconfdir}/%{name}/*.logger
308 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
309 %config %{_initrddir}/shibd
311 %if "%{_vendor}" == "suse"
314 %{_sysconfdir}/%{name}/*.dist
315 %{_sysconfdir}/%{name}/apache*.config
316 %{_sysconfdir}/%{name}/shibd-*
317 %attr(0755,root,root) %{_sysconfdir}/%{name}/keygen.sh
318 %attr(0755,root,root) %{_sysconfdir}/%{name}/metagen.sh
319 %{_sysconfdir}/%{name}/*.xsl
321 %exclude %{pkgdocdir}/api
324 %defattr(-,root,root,-)
326 %{_libdir}/libshibsp.so
327 %{_libdir}/libshibsp-lite.so
328 %doc %{pkgdocdir}/api
331 * Fri Feb 10 2012 Scott Cantor <cantor.2@osu.edu> - 2.5-1
332 - Move logo and stylesheet to version-independent tree
333 - Make shib.conf noreplace
334 - Post-fixup of Alias commands in older shib.conf
335 - Changes to run shibd as non-root shibboleth user
336 - Move init customizations to /etc/sysconfig/shibd
337 - Copy shibd restart for Red Hat to postun
338 - Add boost-devel dependency
339 - Build memcache plugin on RH6
341 * Sun Jun 26 2011 Scott Cantor <cantor.2@osu.edu> - 2.4.3-1
342 - Log files shouldn't be world readable.
343 - Explicit requirement for libcurl-openssl on RHEL6
344 - Uncomment LD_LIBRARY_PATH in init script for RHEL6
345 - Remove rpath from binaries for RHEL6
347 * Fri Dec 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.4-1
348 - Update dependencies.
350 * Mon Nov 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.3.1-1
351 - Reset revision for 2.3.1 release
353 * Wed Aug 19 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-2
354 - SuSE init script changes
355 - Restart Apache on removal, not just upgrade
356 - Fix scriptlet exit values when Apache is stopped
358 * Mon Aug 10 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
359 - Doc handling changes
362 * Tue Aug 4 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
363 - Initial version for 2.2.1, with shibd/httpd restart on upgrade
365 * Thu Jun 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-3
366 - Add additional cleanup to posttrans fix
368 * Tue Jun 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-2
369 - Reverse without_builtinapache macro test
370 - Fix init script handling on Red Hat to handle upgrades
372 * Wed Dec 3 2008 Scott Cantor <cantor.2@osu.edu> - 2.2-1
373 - Bump minor version.
374 - Make keygen.sh executable.
375 - Fixing SUSE Xerces dependency name.
376 - Optionally package shib.conf.
378 * Tue Jun 10 2008 Scott Cantor <cantor.2@osu.edu> - 2.1-1
379 - Change shib.conf handling to treat as config file.
381 * Mon Mar 17 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-6
384 * Fri Jan 18 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-5
385 - Release candidate 1.
387 * Sun Oct 21 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-4
388 - libexec -> lib/shibboleth changes
389 - Added doc subpackage
391 * Thu Aug 16 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-3
394 * Fri Jul 13 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-2
395 - Second alpha release.
397 * Sun Jun 10 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-1
398 - First alpha release.
400 * Mon Oct 2 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-11
401 - Applied fix for secadv 20061002
402 - Fix for metadata loader loop
404 * Wed Jun 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-10
405 - Applied fix for sec 20060615
407 * Fri Apr 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-9
408 - Misc. patches, SuSE, Apache 2.2, gcc 4.1, and 64-bit support
410 * Mon Jan 9 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-8
411 - Applied new fix for secadv 20060109
413 * Tue Nov 8 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-7
414 - Applied new fix for secadv 20050901 plus rollup
416 * Fri Sep 23 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-6
417 - Minor patches and default config changes
419 - Fix shib.conf creation
420 - Integrated init.d script
421 - Prevent replacement of config files
423 * Thu Sep 1 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-5
424 - Applied fix for secadv 20050901 plus rollup of NSAPI fixes
426 * Sun Apr 24 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-1
427 - Updated test programs and location of schemas.
428 - move siterefresh to to sbindir
430 * Fri Apr 1 2005 Derek Atkins <derek@ihtfp.com> - 1.3-1
431 - Add selinux-targeted-policy package
432 - move shar to sbindir
434 * Tue Oct 19 2004 Derek Atkins <derek@ihtfp.com> - 1.2-1
435 - Create SPEC file based on various versions in existence.