shibboleth.spec.in

   1 Name:           @PACKAGE_NAME@
   2 Version:        @PACKAGE_VERSION@
   3 Release:        1
   4 Summary:        Open source system for attribute-based Web SSO
   5 Group:          Productivity/Networking/Security
   6 Vendor:         Internet2
   7 License:        Apache 2.0
   8 URL:            http://shibboleth.internet2.edu/
   9 Source:         %{name}-sp-%{version}.tar.gz
  10 BuildRoot:      %{_tmppath}/%{name}-%{version}-root
  11 Requires:       openssl
  12 PreReq:         xmltooling-schemas, opensaml-schemas
  13 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
  14 PreReq:         %{insserv_prereq}
  15 BuildRequires:  libXerces-c-devel >= 2.8.0
  16 %else
  17 BuildRequires:  libxerces-c-devel >= 2.8.0
  18 %endif
  19 BuildRequires:  libxml-security-c-devel >= 1.4.0
  20 BuildRequires:  libxmltooling-devel >= 1.5
  21 BuildRequires:  libsaml-devel >= 2.5
  22 %{?_with_log4cpp:BuildRequires: liblog4cpp-devel >= 1.0}
  23 %{!?_with_log4cpp:BuildRequires: liblog4shib-devel}
  24 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
  25 Requires:               libcurl-openssl >= 7.21.7
  26 BuildRequires:  chrpath
  27 %endif
  28 BuildRequires:  gcc-c++, zlib-devel
  29 %{!?_without_doxygen:BuildRequires: doxygen}
  30 %{!?_without_odbc:BuildRequires:unixODBC-devel}
  31 %{?_with_fastcgi:BuildRequires: fcgi-devel}
  32 %if "%{_vendor}" == "redhat"
  33 %{!?_without_builtinapache:BuildRequires: httpd-devel}
  34 BuildRequires: redhat-rpm-config
  35 Requires(pre): shadow-utils
  36 %endif
  37 %if "%{_vendor}" == "suse"
  38 Requires(pre): pwdutils
  39 %{!?_without_builtinapache:BuildRequires: apache2-devel}
  40 %endif
  41
  42 %define runuser shibboleth
  43 %if "%{_vendor}" == "suse"
  44 %define pkgdocdir %{_docdir}/%{name}
  45 %else
  46 %define pkgdocdir %{_docdir}/%{name}-%{version}
  47 %endif
  48
  49 %description
  50 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
  51 that supports multiple protocols, federated identity, and the extensible
  52 exchange of rich attributes subject to privacy controls.
  53
  54 This package contains the Shibboleth Service Provider runtime libraries,
  55 daemon, default plugins, and Apache module(s).
  56
  57 %package devel
  58 Summary:        Shibboleth Development Headers
  59 Group:          Development/Libraries/C and C++
  60 Requires:       %{name} = %{version}-%{release}
  61 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
  62 Requires:       libXerces-c-devel >= 2.8.0
  63 %else
  64 Requires:       libxerces-c-devel >= 2.8.0
  65 %endif
  66 Requires:       libxml-security-c-devel >= 1.4.0
  67 Requires:       libxmltooling-devel >= 1.5
  68 Requires:       libsaml-devel >= 2.5
  69 %{?_with_log4cpp:Requires: liblog4cpp-devel >= 1.0}
  70 %{!?_with_log4cpp:Requires: liblog4shib-devel}
  71
  72 %description devel
  73 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
  74 that supports multiple protocols, federated identity, and the extensible
  75 exchange of rich attributes subject to privacy controls.
  76
  77 This package includes files needed for development with Shibboleth.
  78
  79 %prep
  80 %setup -q
  81
  82 %build
  83 %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{?_with_memcached} %{?shib_options}
  84 %{__make} pkgdocdir=%{pkgdocdir}
  85
  86 %install
  87 %{__make} install NOKEYGEN=1 DESTDIR=$RPM_BUILD_ROOT pkgdocdir=%{pkgdocdir}
  88
  89 %if "%{_vendor}" == "suse"
  90         %{__sed} -i "s/\/var\/log\/httpd/\/var\/log\/apache2/g" \
  91                 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/native.logger
  92 %endif
  93
  94 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
  95         %{__sed} -i "s/#_RHEL6_//g" \
  96                 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/shibd-redhat
  97         %{__sed} -i "s/\/opt\/shibboleth\/lib/\/opt\/shibboleth\/%{_lib}/g" \
  98                 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/shibd-redhat
  99         chrpath -d $RPM_BUILD_ROOT%{_sbindir}/shibd
 100         chrpath -d $RPM_BUILD_ROOT%{_bindir}/mdquery
 101         chrpath -d $RPM_BUILD_ROOT%{_bindir}/resolvertest
 102 %endif
 103
 104 # Plug the SP into the built-in Apache on a recognized system.
 105 touch rpm.filelist
 106 APACHE_CONFIG="no"
 107 if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_13.so ] ; then
 108         APACHE_CONFIG="apache.config"
 109 fi
 110 if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_20.so ] ; then
 111         APACHE_CONFIG="apache2.config"
 112 fi
 113 if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_22.so ] ; then
 114         APACHE_CONFIG="apache22.config"
 115 fi
 116 %{?_without_builtinapache:APACHE_CONFIG="no"}
 117 if [ "$APACHE_CONFIG" != "no" ] ; then
 118         APACHE_CONFD="no"
 119         if [ -d %{_sysconfdir}/httpd/conf.d ] ; then
 120                 APACHE_CONFD="%{_sysconfdir}/httpd/conf.d"
 121         fi
 122         if [ -d %{_sysconfdir}/apache2/conf.d ] ; then
 123                 APACHE_CONFD="%{_sysconfdir}/apache2/conf.d"
 124         fi
 125         if [ "$APACHE_CONFD" != "no" ] ; then
 126                 %{__mkdir} -p $RPM_BUILD_ROOT$APACHE_CONFD
 127                 %{__cp} -p $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/$APACHE_CONFIG $RPM_BUILD_ROOT$APACHE_CONFD/shib.conf
 128                 echo "%config(noreplace) $APACHE_CONFD/shib.conf" > rpm.filelist
 129         fi
 130 fi
 131
 132 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
 133         %{__sed} -i "s/SHIBD_USER=root/SHIBD_USER=%{runuser}/g" \
 134                 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/shibd-%{_vendor}
 135         # %{_initddir} not yet in RHEL5, use deprecated %{_initrddir}
 136         install -d -m 0755 $RPM_BUILD_ROOT%{_initrddir}
 137         install -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/shibd-%{_vendor} $RPM_BUILD_ROOT%{_initrddir}/shibd
 138 %if "%{_vendor}" == "suse"
 139         install -d -m 0755 $RPM_BUILD_ROOT/%{_sbindir}
 140         %{__ln_s} -f %{_initrddir}/shibd $RPM_BUILD_ROOT%{_sbindir}/rcshibd
 141 %endif
 142 %endif
 143
 144 %check
 145 %{__make} check
 146
 147 %clean
 148 [ "$RPM_BUILD_ROOT" != "/" ] && %{__rm} -rf $RPM_BUILD_ROOT
 149
 150 %pre
 151 getent group %{runuser} >/dev/null || groupadd -r %{runuser}
 152 getent passwd %{runuser} >/dev/null || useradd -r -g %{runuser} \
 153         -d  %{_localstatedir}/run/%{name} -s /sbin/nologin -c "Shibboleth SP daemon" %{runuser}
 154 exit 0
 155
 156 %post
 157 %ifnos solaris2.8 solaris2.9 solaris2.10
 158 /sbin/ldconfig
 159 %endif
 160
 161 # Key generation
 162 cd %{_sysconfdir}/%{name}
 163 sh ./keygen.sh -b -u %{runuser} -g %{runuser}
 164
 165 %if "%{_vendor}" == "redhat"
 166         if [ "$1" -gt "1" ] ; then
 167                 # On Red Hat with shib.conf installed, clean up old Alias commands
 168                 # by pointing them at new version-independent /usr/share/share tree.
 169                 # Any Aliases we didn't create we assume are custom files.
 170                 # This is to accomodate making shib.conf a noreplace config file.
 171                 # We can't do this for SUSE, because they disallow changes to
 172                 # packaged files in scriplets.
 173                 APACHE_CONF="no"
 174                 if [ -f %{_sysconfdir}/httpd/conf.d/shib.conf ] ; then
 175                         APACHE_CONF="%{_sysconfdir}/httpd/conf.d/shib.conf"
 176                 fi
 177                 if [ "$APACHE_CONF" != "no" ] ; then
 178                         %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/main\.css/\/usr\/share\/shibboleth\/main.css/g" \
 179                                 $APACHE_CONF
 180                         %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/logo\.jpg/\/usr\/share\/shibboleth\/logo.jpg/g" \
 181                                 $APACHE_CONF
 182                 fi
 183         fi
 184
 185         # This adds the proper /etc/rc*.d links for the script
 186         /sbin/chkconfig --add shibd
 187         # On upgrade, restart components if they're already running.
 188         if [ "$1" -gt "1" ] ; then
 189                 /etc/init.d/shibd status 1>/dev/null && /etc/init.d/shibd restart 1>/dev/null
 190                 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
 191                 exit 0
 192         fi
 193 %endif
 194 %if "%{_vendor}" == "suse"
 195         # This adds the proper /etc/rc*.d links for the script
 196         cd /
 197         %insserv_force_if_yast shibd
 198 %endif
 199
 200 %preun
 201 %if "%{_vendor}" == "redhat"
 202         if [ "$1" = 0 ] ; then
 203                 /sbin/service shibd stop >/dev/null 2>&1
 204                 /sbin/chkconfig --del shibd
 205                 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
 206         fi
 207 %endif
 208 %if "%{_vendor}" == "suse"
 209         %stop_on_removal shibd
 210         if [ "$1" = 0 ] ; then
 211                 %{!?_without_builtinapache:/etc/init.d/apache2 status 1>/dev/null && /etc/init.d/apache2 restart 1>/dev/null}
 212         fi
 213 %endif
 214 exit 0
 215
 216 %postun
 217 %ifnos solaris2.8 solaris2.9 solaris2.10
 218 /sbin/ldconfig
 219 %endif
 220 %if "%{_vendor}" == "suse"
 221 cd /
 222 %restart_on_update shibd
 223 %{!?_without_builtinapache:%restart_on_update apache2}
 224 %{insserv_cleanup}
 225 %endif
 226
 227 %posttrans
 228 # ugly hack if init script got removed during %postun by upgraded (buggy/2.1) package
 229 %if "%{_vendor}" == "redhat"
 230         if [ ! -f %{_initrddir}/shibd ] ; then
 231                 if [ -f %{_sysconfdir}/%{name}/shibd-%{_vendor} ] ; then
 232                         %{__cp} -p %{_sysconfdir}/%{name}/shibd-%{_vendor} %{_initrddir}/shibd
 233                         %{__chmod} 755 %{_initrddir}/shibd
 234                         /sbin/chkconfig --add shibd
 235         fi
 236 fi
 237 %endif
 238
 239 %files -f rpm.filelist
 240 %defattr(-,root,root,-)
 241 %{_sbindir}/shibd
 242 %{_bindir}/mdquery
 243 %{_bindir}/resolvertest
 244 %{_libdir}/libshibsp.so.*
 245 %{_libdir}/libshibsp-lite.so.*
 246 %dir %{_libdir}/%{name}
 247 %{_libdir}/%{name}/*
 248 %exclude %{_libdir}/%{name}/*.la
 249 %attr(0750,%{runuser},%{runuser}) %dir %{_localstatedir}/log/%{name}
 250 %attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/run/%{name}
 251 %dir %{_datadir}/xml/%{name}
 252 %{_datadir}/xml/%{name}/*
 253 %dir %{_datadir}/%{name}
 254 %{_datadir}/%{name}/*
 255 %dir %{_sysconfdir}/%{name}
 256 %config(noreplace) %{_sysconfdir}/%{name}/*.xml
 257 %config(noreplace) %{_sysconfdir}/%{name}/*.html
 258 %config(noreplace) %{_sysconfdir}/%{name}/*.logger
 259 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
 260 %config %{_initrddir}/shibd
 261 %endif
 262 %if "%{_vendor}" == "suse"
 263 %{_sbindir}/rcshibd
 264 %endif
 265 %{_sysconfdir}/%{name}/*.dist
 266 %{_sysconfdir}/%{name}/apache*.config
 267 %{_sysconfdir}/%{name}/shibd-*
 268 %attr(0755,root,root) %{_sysconfdir}/%{name}/keygen.sh
 269 %attr(0755,root,root) %{_sysconfdir}/%{name}/metagen.sh
 270 %{_sysconfdir}/%{name}/*.xsl
 271 %doc %{pkgdocdir}
 272 %exclude %{pkgdocdir}/api
 273
 274 %files devel
 275 %defattr(-,root,root,-)
 276 %{_includedir}/*
 277 %{_libdir}/libshibsp.so
 278 %{_libdir}/libshibsp-lite.so
 279 %doc %{pkgdocdir}/api
 280
 281 %changelog
 282 * Tue Aug 9 2011  Scott Cantor  <cantor.2@osu.edu>  - 2.5-1
 283 - Move logo and stylesheet to version-independent tree
 284 - Make shib.conf noreplace
 285 - Post-fixup of Alias commands in older shib.conf
 286 - Run shibd as non-root
 287
 288 * Sun Jun 26 2011  Scott Cantor  <cantor.2@osu.edu>  - 2.4.3-1
 289 - Log files shouldn't be world readable.
 290 - Explicit requirement for libcurl-openssl on RHEL6
 291 - Uncomment LD_LIBRARY_PATH in init script for RHEL6
 292 - Remove rpath from binaries for RHEL6
 293
 294 * Fri Dec 25 2009  Scott Cantor  <cantor.2@osu.edu>  - 2.4-1
 295 - Update dependencies.
 296
 297 * Mon Nov 23 2009 Scott Cantor  <cantor.2@osu.edu>  - 2.3.1-1
 298 - Reset revision for 2.3.1 release
 299
 300 * Wed Aug 19 2009 Scott Cantor  <cantor.2@osu.edu>  - 2.2.1-2
 301 - SuSE init script changes
 302 - Restart Apache on removal, not just upgrade
 303 - Fix scriptlet exit values when Apache is stopped
 304
 305 * Mon Aug 10 2009 Scott Cantor  <cantor.2@osu.edu>  - 2.2.1-1
 306 - Doc handling changes
 307 - SuSE init script
 308
 309 * Tue Aug 4 2009 Scott Cantor  <cantor.2@osu.edu>  - 2.2.1-1
 310 - Initial version for 2.2.1, with shibd/httpd restart on upgrade
 311
 312 * Thu Jun 25 2009 Scott Cantor  <cantor.2@osu.edu>  - 2.2-3
 313 - Add additional cleanup to posttrans fix
 314
 315 * Tue Jun 23 2009 Scott Cantor  <cantor.2@osu.edu>  - 2.2-2
 316 - Reverse without_builtinapache macro test
 317 - Fix init script handling on Red Hat to handle upgrades
 318
 319 * Wed Dec 3 2008  Scott Cantor  <cantor.2@osu.edu>  - 2.2-1
 320 - Bump minor version.
 321 - Make keygen.sh executable.
 322 - Fixing SUSE Xerces dependency name.
 323 - Optionally package shib.conf.
 324
 325 * Tue Jun 10 2008  Scott Cantor  <cantor.2@osu.edu>  - 2.1-1
 326 - Change shib.conf handling to treat as config file.
 327
 328 * Mon Mar 17 2008  Scott Cantor  <cantor.2@osu.edu>  - 2.0-6
 329 - Official release.
 330
 331 * Fri Jan 18 2008  Scott Cantor  <cantor.2@osu.edu>  - 2.0-5
 332 - Release candidate 1.
 333
 334 * Sun Oct 21 2007 Scott Cantor  <cantor.2@osu.edu>  - 2.0-4
 335 - libexec -> lib/shibboleth changes
 336 - Added doc subpackage
 337
 338 * Thu Aug 16 2007 Scott Cantor  <cantor.2@osu.edu>  - 2.0-3
 339 - First public beta.
 340
 341 * Fri Jul 13 2007 Scott Cantor  <cantor.2@osu.edu>  - 2.0-2
 342 - Second alpha release.
 343
 344 * Sun Jun 10 2007 Scott Cantor  <cantor.2@osu.edu>  - 2.0-1
 345 - First alpha release.
 346
 347 * Mon Oct 2 2006 Scott Cantor   <cantor.2@osu.edu>  - 1.3-11
 348 - Applied fix for secadv 20061002
 349 - Fix for metadata loader loop
 350
 351 * Wed Jun 15 2006 Scott Cantor  <cantor.2@osu.edu>  - 1.3-10
 352 - Applied fix for sec 20060615
 353
 354 * Fri Apr 15 2006 Scott Cantor  <cantor.2@osu.edu>  - 1.3-9
 355 - Misc. patches, SuSE, Apache 2.2, gcc 4.1, and 64-bit support
 356
 357 * Mon Jan 9 2006 Scott Cantor  <cantor.2@osu.edu>  - 1.3-8
 358 - Applied new fix for secadv 20060109
 359
 360 * Tue Nov 8 2005 Scott Cantor  <cantor.2@osu.edu>  - 1.3-7
 361 - Applied new fix for secadv 20050901 plus rollup
 362
 363 * Fri Sep 23 2005 Scott Cantor  <cantor.2@osu.edu>  - 1.3-6
 364 - Minor patches and default config changes
 365 - pidfile patch
 366 - Fix shib.conf creation
 367 - Integrated init.d script
 368 - Prevent replacement of config files
 369
 370 * Thu Sep 1 2005  Scott Cantor  <cantor.2@osu.edu>  - 1.3-5
 371 - Applied fix for secadv 20050901 plus rollup of NSAPI fixes
 372
 373 * Sun Apr 24 2005  Scott Cantor  <cantor.2@osu.edu>  - 1.3-1
 374 - Updated test programs and location of schemas.
 375 - move siterefresh to to sbindir
 376
 377 * Fri Apr  1 2005  Derek Atkins  <derek@ihtfp.com>  - 1.3-1
 378 - Add selinux-targeted-policy package
 379 - move shar to sbindir
 380
 381 * Tue Oct 19 2004  Derek Atkins  <derek@ihtfp.com>  - 1.2-1
 382 - Create SPEC file based on various versions in existence.