2 Version: @PACKAGE_VERSION@
4 Summary: Open source system for attribute-based Web SSO
5 Group: Productivity/Networking/Security
8 URL: http://shibboleth.internet2.edu/
9 Source: %{name}-sp-%{version}.tar.gz
10 BuildRoot: %{_tmppath}/%{name}-%{version}-root
12 PreReq: xmltooling-schemas, opensaml-schemas
13 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
14 PreReq: %{insserv_prereq}
15 BuildRequires: libXerces-c-devel >= 2.8.0
17 BuildRequires: libxerces-c-devel >= 2.8.0
19 BuildRequires: libxml-security-c-devel >= 1.4.0
20 BuildRequires: libxmltooling-devel >= 1.5
21 BuildRequires: libsaml-devel >= 2.5
22 %{?_with_log4cpp:BuildRequires: liblog4cpp-devel >= 1.0}
23 %{!?_with_log4cpp:BuildRequires: liblog4shib-devel}
24 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
25 Requires: libcurl-openssl >= 7.21.7
26 BuildRequires: chrpath
28 BuildRequires: gcc-c++, zlib-devel
29 %{!?_without_doxygen:BuildRequires: doxygen}
30 %{!?_without_odbc:BuildRequires:unixODBC-devel}
31 %{?_with_fastcgi:BuildRequires: fcgi-devel}
32 %if "%{_vendor}" == "redhat"
33 %{!?_without_builtinapache:BuildRequires: httpd-devel}
34 BuildRequires: redhat-rpm-config
36 %if "%{_vendor}" == "suse"
37 %{!?_without_builtinapache:BuildRequires: apache2-devel}
40 %if "%{_vendor}" == "suse"
41 %define pkgdocdir %{_docdir}/%{name}
43 %define pkgdocdir %{_docdir}/%{name}-%{version}
47 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
48 that supports multiple protocols, federated identity, and the extensible
49 exchange of rich attributes subject to privacy controls.
51 This package contains the Shibboleth Service Provider runtime libraries,
52 daemon, default plugins, and Apache module(s).
55 Summary: Shibboleth Development Headers
56 Group: Development/Libraries/C and C++
57 Requires: %{name} = %{version}-%{release}
58 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
59 Requires: libXerces-c-devel >= 2.8.0
61 Requires: libxerces-c-devel >= 2.8.0
63 Requires: libxml-security-c-devel >= 1.4.0
64 Requires: libxmltooling-devel >= 1.5
65 Requires: libsaml-devel >= 2.5
66 %{?_with_log4cpp:Requires: liblog4cpp-devel >= 1.0}
67 %{!?_with_log4cpp:Requires: liblog4shib-devel}
70 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
71 that supports multiple protocols, federated identity, and the extensible
72 exchange of rich attributes subject to privacy controls.
74 This package includes files needed for development with Shibboleth.
80 %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{?_with_memcached} %{?shib_options}
81 %{__make} pkgdocdir=%{pkgdocdir}
84 %{__make} install NOKEYGEN=1 DESTDIR=$RPM_BUILD_ROOT pkgdocdir=%{pkgdocdir}
86 %if "%{_vendor}" == "suse"
87 %{__sed} -i "s/\/var\/log\/httpd/\/var\/log\/apache2/g" \
88 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/native.logger
90 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
91 %{__sed} -i "s/#_RHEL6_//g" \
92 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/shibd-redhat
93 %{__sed} -i "s/\/opt\/shibboleth\/lib/\/opt\/shibboleth\/%{_lib}/g" \
94 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/shibd-redhat
95 chrpath -d $RPM_BUILD_ROOT%{_sbindir}/shibd
96 chrpath -d $RPM_BUILD_ROOT%{_bindir}/mdquery
97 chrpath -d $RPM_BUILD_ROOT%{_bindir}/resolvertest
100 # Plug the SP into the built-in Apache on a recognized system.
103 if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_13.so ] ; then
104 APACHE_CONFIG="apache.config"
106 if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_20.so ] ; then
107 APACHE_CONFIG="apache2.config"
109 if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_22.so ] ; then
110 APACHE_CONFIG="apache22.config"
112 %{?_without_builtinapache:APACHE_CONFIG="no"}
113 if [ "$APACHE_CONFIG" != "no" ] ; then
115 if [ -d %{_sysconfdir}/httpd/conf.d ] ; then
116 APACHE_CONFD="%{_sysconfdir}/httpd/conf.d"
118 if [ -d %{_sysconfdir}/apache2/conf.d ] ; then
119 APACHE_CONFD="%{_sysconfdir}/apache2/conf.d"
121 if [ "$APACHE_CONFD" != "no" ] ; then
122 %{__mkdir} -p $RPM_BUILD_ROOT$APACHE_CONFD
123 %{__cp} -p $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/$APACHE_CONFIG $RPM_BUILD_ROOT$APACHE_CONFD/shib.conf
124 echo "%config(noreplace) $APACHE_CONFD/shib.conf" > rpm.filelist
128 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
129 # %{_initddir} not yet in RHEL5, use deprecated %{_initrddir}
130 install -d -m 0755 $RPM_BUILD_ROOT%{_initrddir}
131 install -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/shibd-%{_vendor} $RPM_BUILD_ROOT%{_initrddir}/shibd
132 %if "%{_vendor}" == "suse"
133 install -d -m 0755 $RPM_BUILD_ROOT/%{_sbindir}
134 %{__ln_s} -f %{_initrddir}/shibd $RPM_BUILD_ROOT%{_sbindir}/rcshibd
142 [ "$RPM_BUILD_ROOT" != "/" ] && %{__rm} -rf $RPM_BUILD_ROOT
145 %ifnos solaris2.8 solaris2.9 solaris2.10
150 cd %{_sysconfdir}/%{name}
153 if [ "$1" -gt "1" ] ; then
154 # On systems with shib.conf installed, clean up old Alias commands
155 # by pointing them at new version-independent /usr/share/share tree.
156 # Any Aliases we didn't create we assume are custom files.
157 # This is to accomodate making shib.conf a noreplace config file.
159 if [ -f %{_sysconfdir}/httpd/conf.d/shib.conf ] ; then
160 APACHE_CONF="%{_sysconfdir}/httpd/conf.d/shib.conf"
162 if [ -f %{_sysconfdir}/apache2/conf.d/shib.conf ] ; then
163 APACHE_CONF="%{_sysconfdir}/apache2/conf.d/shib.conf"
165 if [ "$APACHE_CONF" != "no" ] ; then
166 %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/main\.css/\/usr\/share\/shibboleth\/main.css/g" \
168 %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/logo\.jpg/\/usr\/share\/shibboleth\/logo.jpg/g" \
173 %if "%{_vendor}" == "redhat"
174 # This adds the proper /etc/rc*.d links for the script
175 /sbin/chkconfig --add shibd
176 # On upgrade, restart components if they're already running.
177 if [ "$1" -gt "1" ] ; then
178 /etc/init.d/shibd status 1>/dev/null && /etc/init.d/shibd restart 1>/dev/null
179 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
183 %if "%{_vendor}" == "suse"
184 # This adds the proper /etc/rc*.d links for the script
186 %insserv_force_if_yast shibd
190 %if "%{_vendor}" == "redhat"
191 if [ "$1" = 0 ] ; then
192 /sbin/service shibd stop >/dev/null 2>&1
193 /sbin/chkconfig --del shibd
194 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
197 %if "%{_vendor}" == "suse"
198 %stop_on_removal shibd
199 if [ "$1" = 0 ] ; then
200 %{!?_without_builtinapache:/etc/init.d/apache2 status 1>/dev/null && /etc/init.d/apache2 restart 1>/dev/null}
206 %ifnos solaris2.8 solaris2.9 solaris2.10
209 %if "%{_vendor}" == "suse"
211 %restart_on_update shibd
212 %{!?_without_builtinapache:%restart_on_update apache2}
217 # ugly hack if init script got removed during %postun by upgraded (buggy/2.1) package
218 %if "%{_vendor}" == "redhat"
219 if [ ! -f %{_initrddir}/shibd ] ; then
220 if [ -f %{_sysconfdir}/%{name}/shibd-%{_vendor} ] ; then
221 %{__cp} -p %{_sysconfdir}/%{name}/shibd-%{_vendor} %{_initrddir}/shibd
222 %{__chmod} 755 %{_initrddir}/shibd
223 /sbin/chkconfig --add shibd
228 %files -f rpm.filelist
229 %defattr(-,root,root,-)
232 %{_bindir}/resolvertest
233 %{_libdir}/libshibsp.so.*
234 %{_libdir}/libshibsp-lite.so.*
235 %dir %{_libdir}/%{name}
237 %exclude %{_libdir}/%{name}/*.la
238 %attr(0750,root,root) %dir %{_localstatedir}/log/%{name}
239 %dir %{_localstatedir}/run/%{name}
240 %dir %{_datadir}/xml/%{name}
241 %{_datadir}/xml/%{name}/*
242 %dir %{_datadir}/%{name}
243 %{_datadir}/%{name}/*
244 %dir %{_sysconfdir}/%{name}
245 %config(noreplace) %{_sysconfdir}/%{name}/*.xml
246 %config(noreplace) %{_sysconfdir}/%{name}/*.html
247 %config(noreplace) %{_sysconfdir}/%{name}/*.logger
248 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
249 %config %{_initrddir}/shibd
251 %if "%{_vendor}" == "suse"
254 %{_sysconfdir}/%{name}/*.dist
255 %{_sysconfdir}/%{name}/apache*.config
256 %{_sysconfdir}/%{name}/shibd-*
257 %attr(0755,root,root) %{_sysconfdir}/%{name}/keygen.sh
258 %attr(0755,root,root) %{_sysconfdir}/%{name}/metagen.sh
259 %{_sysconfdir}/%{name}/*.xsl
261 %exclude %{pkgdocdir}/api
264 %defattr(-,root,root,-)
266 %{_libdir}/libshibsp.so
267 %{_libdir}/libshibsp-lite.so
268 %doc %{pkgdocdir}/api
271 * Tue Aug 9 2011 Scott Cantor <cantor.2@osu.edu> - 2.5-1
272 - Move logo and stylesheet to version-independent tree
273 - Make shib.conf noreplace
274 - Post-fixup of Alias commands in older shib.conf
276 * Sun Jun 26 2011 Scott Cantor <cantor.2@osu.edu> - 2.4.3-1
277 - Log files shouldn't be world readable.
278 - Explicit requirement for libcurl-openssl on RHEL6
279 - Uncomment LD_LIBRARY_PATH in init script for RHEL6
280 - Remove rpath from binaries for RHEL6
282 * Fri Dec 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.4-1
283 - Update dependencies.
285 * Mon Nov 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.3.1-1
286 - Reset revision for 2.3.1 release
288 * Wed Aug 19 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-2
289 - SuSE init script changes
290 - Restart Apache on removal, not just upgrade
291 - Fix scriptlet exit values when Apache is stopped
293 * Mon Aug 10 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
294 - Doc handling changes
297 * Tue Aug 4 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
298 - Initial version for 2.2.1, with shibd/httpd restart on upgrade
300 * Thu Jun 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-3
301 - Add additional cleanup to posttrans fix
303 * Tue Jun 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-2
304 - Reverse without_builtinapache macro test
305 - Fix init script handling on Red Hat to handle upgrades
307 * Wed Dec 3 2008 Scott Cantor <cantor.2@osu.edu> - 2.2-1
308 - Bump minor version.
309 - Make keygen.sh executable.
310 - Fixing SUSE Xerces dependency name.
311 - Optionally package shib.conf.
313 * Tue Jun 10 2008 Scott Cantor <cantor.2@osu.edu> - 2.1-1
314 - Change shib.conf handling to treat as config file.
316 * Mon Mar 17 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-6
319 * Fri Jan 18 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-5
320 - Release candidate 1.
322 * Sun Oct 21 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-4
323 - libexec -> lib/shibboleth changes
324 - Added doc subpackage
326 * Thu Aug 16 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-3
329 * Fri Jul 13 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-2
330 - Second alpha release.
332 * Sun Jun 10 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-1
333 - First alpha release.
335 * Mon Oct 2 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-11
336 - Applied fix for secadv 20061002
337 - Fix for metadata loader loop
339 * Wed Jun 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-10
340 - Applied fix for sec 20060615
342 * Fri Apr 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-9
343 - Misc. patches, SuSE, Apache 2.2, gcc 4.1, and 64-bit support
345 * Mon Jan 9 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-8
346 - Applied new fix for secadv 20060109
348 * Tue Nov 8 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-7
349 - Applied new fix for secadv 20050901 plus rollup
351 * Fri Sep 23 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-6
352 - Minor patches and default config changes
354 - Fix shib.conf creation
355 - Integrated init.d script
356 - Prevent replacement of config files
358 * Thu Sep 1 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-5
359 - Applied fix for secadv 20050901 plus rollup of NSAPI fixes
361 * Sun Apr 24 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-1
362 - Updated test programs and location of schemas.
363 - move siterefresh to to sbindir
365 * Fri Apr 1 2005 Derek Atkins <derek@ihtfp.com> - 1.3-1
366 - Add selinux-targeted-policy package
367 - move shar to sbindir
369 * Tue Oct 19 2004 Derek Atkins <derek@ihtfp.com> - 1.2-1
370 - Create SPEC file based on various versions in existence.