2 Version: @PACKAGE_VERSION@
4 Summary: Open source system for attribute-based Web SSO
5 Group: Productivity/Networking/Security
8 URL: http://shibboleth.internet2.edu/
9 Source: %{name}-sp-%{version}.tar.gz
10 BuildRoot: %{_tmppath}/%{name}-%{version}-root
12 PreReq: xmltooling-schemas, opensaml-schemas
13 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
14 PreReq: %{insserv_prereq}
15 BuildRequires: libXerces-c-devel >= 2.8.0
17 BuildRequires: libxerces-c-devel >= 2.8.0
19 BuildRequires: libxml-security-c-devel >= 1.4.0
20 BuildRequires: libxmltooling-devel >= 1.5
21 BuildRequires: libsaml-devel >= 2.5
22 %{?_with_log4cpp:BuildRequires: liblog4cpp-devel >= 1.0}
23 %{!?_with_log4cpp:BuildRequires: liblog4shib-devel}
24 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
25 Requires: libcurl-openssl >= 7.21.7
26 BuildRequires: chrpath
28 BuildRequires: gcc-c++, zlib-devel
29 %{!?_without_doxygen:BuildRequires: doxygen}
30 %{!?_without_odbc:BuildRequires:unixODBC-devel}
31 %{?_with_fastcgi:BuildRequires: fcgi-devel}
32 %if "%{_vendor}" == "redhat"
33 %{!?_without_builtinapache:BuildRequires: httpd-devel}
34 BuildRequires: redhat-rpm-config
35 Requires(pre): shadow-utils
37 %if "%{_vendor}" == "suse"
38 Requires(pre): pwdutils
39 %{!?_without_builtinapache:BuildRequires: apache2-devel}
42 %define runuser shibboleth
43 %if "%{_vendor}" == "suse"
44 %define pkgdocdir %{_docdir}/%{name}
46 %define pkgdocdir %{_docdir}/%{name}-%{version}
50 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
51 that supports multiple protocols, federated identity, and the extensible
52 exchange of rich attributes subject to privacy controls.
54 This package contains the Shibboleth Service Provider runtime libraries,
55 daemon, default plugins, and Apache module(s).
58 Summary: Shibboleth Development Headers
59 Group: Development/Libraries/C and C++
60 Requires: %{name} = %{version}-%{release}
61 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
62 Requires: libXerces-c-devel >= 2.8.0
64 Requires: libxerces-c-devel >= 2.8.0
66 Requires: libxml-security-c-devel >= 1.4.0
67 Requires: libxmltooling-devel >= 1.5
68 Requires: libsaml-devel >= 2.5
69 %{?_with_log4cpp:Requires: liblog4cpp-devel >= 1.0}
70 %{!?_with_log4cpp:Requires: liblog4shib-devel}
73 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
74 that supports multiple protocols, federated identity, and the extensible
75 exchange of rich attributes subject to privacy controls.
77 This package includes files needed for development with Shibboleth.
83 %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{?_with_memcached} %{?shib_options}
84 %{__make} pkgdocdir=%{pkgdocdir}
87 %{__make} install NOKEYGEN=1 DESTDIR=$RPM_BUILD_ROOT pkgdocdir=%{pkgdocdir}
89 %if "%{_vendor}" == "suse"
90 %{__sed} -i "s/\/var\/log\/httpd/\/var\/log\/apache2/g" \
91 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/native.logger
94 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
95 %{__sed} -i "s/#_RHEL6_//g" \
96 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/shibd-redhat
97 %{__sed} -i "s/\/opt\/shibboleth\/lib/\/opt\/shibboleth\/%{_lib}/g" \
98 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/shibd-redhat
99 chrpath -d $RPM_BUILD_ROOT%{_sbindir}/shibd
100 chrpath -d $RPM_BUILD_ROOT%{_bindir}/mdquery
101 chrpath -d $RPM_BUILD_ROOT%{_bindir}/resolvertest
104 # Plug the SP into the built-in Apache on a recognized system.
107 if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_13.so ] ; then
108 APACHE_CONFIG="apache.config"
110 if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_20.so ] ; then
111 APACHE_CONFIG="apache2.config"
113 if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_22.so ] ; then
114 APACHE_CONFIG="apache22.config"
116 %{?_without_builtinapache:APACHE_CONFIG="no"}
117 if [ "$APACHE_CONFIG" != "no" ] ; then
119 if [ -d %{_sysconfdir}/httpd/conf.d ] ; then
120 APACHE_CONFD="%{_sysconfdir}/httpd/conf.d"
122 if [ -d %{_sysconfdir}/apache2/conf.d ] ; then
123 APACHE_CONFD="%{_sysconfdir}/apache2/conf.d"
125 if [ "$APACHE_CONFD" != "no" ] ; then
126 %{__mkdir} -p $RPM_BUILD_ROOT$APACHE_CONFD
127 %{__cp} -p $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/$APACHE_CONFIG $RPM_BUILD_ROOT$APACHE_CONFD/shib.conf
128 echo "%config(noreplace) $APACHE_CONFD/shib.conf" > rpm.filelist
132 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
133 %{__sed} -i "s/SHIBD_USER=root/SHIBD_USER=%{runuser}/g" \
134 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/shibd-%{_vendor}
135 # %{_initddir} not yet in RHEL5, use deprecated %{_initrddir}
136 install -d -m 0755 $RPM_BUILD_ROOT%{_initrddir}
137 install -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/shibd-%{_vendor} $RPM_BUILD_ROOT%{_initrddir}/shibd
138 %if "%{_vendor}" == "suse"
139 install -d -m 0755 $RPM_BUILD_ROOT/%{_sbindir}
140 %{__ln_s} -f %{_initrddir}/shibd $RPM_BUILD_ROOT%{_sbindir}/rcshibd
148 [ "$RPM_BUILD_ROOT" != "/" ] && %{__rm} -rf $RPM_BUILD_ROOT
151 getent group %{runuser} >/dev/null || groupadd -r %{runuser}
152 getent passwd %{runuser} >/dev/null || useradd -r -g %{runuser} \
153 -d %{_localstatedir}/run/%{name} -s /sbin/nologin -c "Shibboleth SP daemon" %{runuser}
157 %ifnos solaris2.8 solaris2.9 solaris2.10
162 cd %{_sysconfdir}/%{name}
163 sh ./keygen.sh -b -u %{runuser} -g %{runuser}
165 %if "%{_vendor}" == "redhat"
166 if [ "$1" -gt "1" ] ; then
167 # On Red Hat with shib.conf installed, clean up old Alias commands
168 # by pointing them at new version-independent /usr/share/share tree.
169 # Any Aliases we didn't create we assume are custom files.
170 # This is to accomodate making shib.conf a noreplace config file.
171 # We can't do this for SUSE, because they disallow changes to
172 # packaged files in scriplets.
174 if [ -f %{_sysconfdir}/httpd/conf.d/shib.conf ] ; then
175 APACHE_CONF="%{_sysconfdir}/httpd/conf.d/shib.conf"
177 if [ "$APACHE_CONF" != "no" ] ; then
178 %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/main\.css/\/usr\/share\/shibboleth\/main.css/g" \
180 %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/logo\.jpg/\/usr\/share\/shibboleth\/logo.jpg/g" \
185 # This adds the proper /etc/rc*.d links for the script
186 /sbin/chkconfig --add shibd
187 # On upgrade, restart components if they're already running.
188 if [ "$1" -gt "1" ] ; then
189 /etc/init.d/shibd status 1>/dev/null && /etc/init.d/shibd restart 1>/dev/null
190 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
194 %if "%{_vendor}" == "suse"
195 # This adds the proper /etc/rc*.d links for the script
197 %insserv_force_if_yast shibd
201 %if "%{_vendor}" == "redhat"
202 if [ "$1" = 0 ] ; then
203 /sbin/service shibd stop >/dev/null 2>&1
204 /sbin/chkconfig --del shibd
205 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
208 %if "%{_vendor}" == "suse"
209 %stop_on_removal shibd
210 if [ "$1" = 0 ] ; then
211 %{!?_without_builtinapache:/etc/init.d/apache2 status 1>/dev/null && /etc/init.d/apache2 restart 1>/dev/null}
217 %ifnos solaris2.8 solaris2.9 solaris2.10
220 %if "%{_vendor}" == "suse"
222 %restart_on_update shibd
223 %{!?_without_builtinapache:%restart_on_update apache2}
228 # ugly hack if init script got removed during %postun by upgraded (buggy/2.1) package
229 %if "%{_vendor}" == "redhat"
230 if [ ! -f %{_initrddir}/shibd ] ; then
231 if [ -f %{_sysconfdir}/%{name}/shibd-%{_vendor} ] ; then
232 %{__cp} -p %{_sysconfdir}/%{name}/shibd-%{_vendor} %{_initrddir}/shibd
233 %{__chmod} 755 %{_initrddir}/shibd
234 /sbin/chkconfig --add shibd
239 %files -f rpm.filelist
240 %defattr(-,root,root,-)
243 %{_bindir}/resolvertest
244 %{_libdir}/libshibsp.so.*
245 %{_libdir}/libshibsp-lite.so.*
246 %dir %{_libdir}/%{name}
248 %exclude %{_libdir}/%{name}/*.la
249 %attr(0750,%{runuser},%{runuser}) %dir %{_localstatedir}/log/%{name}
250 %attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/run/%{name}
251 %dir %{_datadir}/xml/%{name}
252 %{_datadir}/xml/%{name}/*
253 %dir %{_datadir}/%{name}
254 %{_datadir}/%{name}/*
255 %dir %{_sysconfdir}/%{name}
256 %config(noreplace) %{_sysconfdir}/%{name}/*.xml
257 %config(noreplace) %{_sysconfdir}/%{name}/*.html
258 %config(noreplace) %{_sysconfdir}/%{name}/*.logger
259 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
260 %config %{_initrddir}/shibd
262 %if "%{_vendor}" == "suse"
265 %{_sysconfdir}/%{name}/*.dist
266 %{_sysconfdir}/%{name}/apache*.config
267 %{_sysconfdir}/%{name}/shibd-*
268 %attr(0755,root,root) %{_sysconfdir}/%{name}/keygen.sh
269 %attr(0755,root,root) %{_sysconfdir}/%{name}/metagen.sh
270 %{_sysconfdir}/%{name}/*.xsl
272 %exclude %{pkgdocdir}/api
275 %defattr(-,root,root,-)
277 %{_libdir}/libshibsp.so
278 %{_libdir}/libshibsp-lite.so
279 %doc %{pkgdocdir}/api
282 * Tue Aug 9 2011 Scott Cantor <cantor.2@osu.edu> - 2.5-1
283 - Move logo and stylesheet to version-independent tree
284 - Make shib.conf noreplace
285 - Post-fixup of Alias commands in older shib.conf
286 - Run shibd as non-root
288 * Sun Jun 26 2011 Scott Cantor <cantor.2@osu.edu> - 2.4.3-1
289 - Log files shouldn't be world readable.
290 - Explicit requirement for libcurl-openssl on RHEL6
291 - Uncomment LD_LIBRARY_PATH in init script for RHEL6
292 - Remove rpath from binaries for RHEL6
294 * Fri Dec 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.4-1
295 - Update dependencies.
297 * Mon Nov 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.3.1-1
298 - Reset revision for 2.3.1 release
300 * Wed Aug 19 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-2
301 - SuSE init script changes
302 - Restart Apache on removal, not just upgrade
303 - Fix scriptlet exit values when Apache is stopped
305 * Mon Aug 10 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
306 - Doc handling changes
309 * Tue Aug 4 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
310 - Initial version for 2.2.1, with shibd/httpd restart on upgrade
312 * Thu Jun 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-3
313 - Add additional cleanup to posttrans fix
315 * Tue Jun 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-2
316 - Reverse without_builtinapache macro test
317 - Fix init script handling on Red Hat to handle upgrades
319 * Wed Dec 3 2008 Scott Cantor <cantor.2@osu.edu> - 2.2-1
320 - Bump minor version.
321 - Make keygen.sh executable.
322 - Fixing SUSE Xerces dependency name.
323 - Optionally package shib.conf.
325 * Tue Jun 10 2008 Scott Cantor <cantor.2@osu.edu> - 2.1-1
326 - Change shib.conf handling to treat as config file.
328 * Mon Mar 17 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-6
331 * Fri Jan 18 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-5
332 - Release candidate 1.
334 * Sun Oct 21 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-4
335 - libexec -> lib/shibboleth changes
336 - Added doc subpackage
338 * Thu Aug 16 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-3
341 * Fri Jul 13 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-2
342 - Second alpha release.
344 * Sun Jun 10 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-1
345 - First alpha release.
347 * Mon Oct 2 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-11
348 - Applied fix for secadv 20061002
349 - Fix for metadata loader loop
351 * Wed Jun 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-10
352 - Applied fix for sec 20060615
354 * Fri Apr 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-9
355 - Misc. patches, SuSE, Apache 2.2, gcc 4.1, and 64-bit support
357 * Mon Jan 9 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-8
358 - Applied new fix for secadv 20060109
360 * Tue Nov 8 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-7
361 - Applied new fix for secadv 20050901 plus rollup
363 * Fri Sep 23 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-6
364 - Minor patches and default config changes
366 - Fix shib.conf creation
367 - Integrated init.d script
368 - Prevent replacement of config files
370 * Thu Sep 1 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-5
371 - Applied fix for secadv 20050901 plus rollup of NSAPI fixes
373 * Sun Apr 24 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-1
374 - Updated test programs and location of schemas.
375 - move siterefresh to to sbindir
377 * Fri Apr 1 2005 Derek Atkins <derek@ihtfp.com> - 1.3-1
378 - Add selinux-targeted-policy package
379 - move shar to sbindir
381 * Tue Oct 19 2004 Derek Atkins <derek@ihtfp.com> - 1.2-1
382 - Create SPEC file based on various versions in existence.