shibboleth.spec.in

   1 Name:           @PACKAGE_NAME@
   2 Version:        @PACKAGE_VERSION@
   3 Release:        1
   4 Summary:        Open source system for attribute-based Web SSO
   5 Group:          Productivity/Networking/Security
   6 Vendor:         Internet2
   7 License:        Apache 2.0
   8 URL:            http://shibboleth.internet2.edu/
   9 Source:         %{name}-sp-%{version}.tar.gz
  10 BuildRoot:      %{_tmppath}/%{name}-%{version}-root
  11 Requires:       openssl
  12 PreReq:         xmltooling-schemas, opensaml-schemas
  13 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
  14 PreReq:         %{insserv_prereq} %{fillup_prereq}
  15 BuildRequires:  libXerces-c-devel >= 2.8.0
  16 %else
  17 BuildRequires:  libxerces-c-devel >= 2.8.0
  18 %endif
  19 BuildRequires:  libxml-security-c-devel >= 1.4.0
  20 BuildRequires:  libxmltooling-devel >= 1.5
  21 BuildRequires:  libsaml-devel >= 2.5
  22 %{?_with_log4cpp:BuildRequires: liblog4cpp-devel >= 1.0}
  23 %{!?_with_log4cpp:BuildRequires: liblog4shib-devel}
  24 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
  25 Requires:               libcurl-openssl >= 7.21.7
  26 BuildRequires:  chrpath
  27 %endif
  28 BuildRequires:  gcc-c++, zlib-devel, boost-devel >= 1.32.0
  29 %{!?_without_doxygen:BuildRequires: doxygen}
  30 %{!?_without_odbc:BuildRequires:unixODBC-devel}
  31 %{?_with_fastcgi:BuildRequires: fcgi-devel}
  32 %if 0%{?centos_version} >= 600
  33 BuildRequires:  libmemcached-devel
  34 %endif
  35 %{?_with_memcached:BuildRequires: libmemcached-devel}
  36 %if "%{_vendor}" == "redhat"
  37 %{!?_without_builtinapache:BuildRequires: httpd-devel}
  38 BuildRequires: redhat-rpm-config
  39 Requires(pre): shadow-utils
  40 Requires(post): chkconfig
  41 Requires(preun): chkconfig, initscripts
  42 %endif
  43 %if "%{_vendor}" == "suse"
  44 Requires(pre): pwdutils
  45 %{!?_without_builtinapache:BuildRequires: apache2-devel}
  46 %endif
  47
  48 %define runuser shibd
  49 %if "%{_vendor}" == "suse"
  50 %define pkgdocdir %{_docdir}/%{name}
  51 %else
  52 %define pkgdocdir %{_docdir}/%{name}-%{version}
  53 %endif
  54
  55 %description
  56 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
  57 that supports multiple protocols, federated identity, and the extensible
  58 exchange of rich attributes subject to privacy controls.
  59
  60 This package contains the Shibboleth Service Provider runtime libraries,
  61 daemon, default plugins, and Apache module(s).
  62
  63 %package devel
  64 Summary:        Shibboleth Development Headers
  65 Group:          Development/Libraries/C and C++
  66 Requires:       %{name} = %{version}-%{release}
  67 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
  68 Requires:       libXerces-c-devel >= 2.8.0
  69 %else
  70 Requires:       libxerces-c-devel >= 2.8.0
  71 %endif
  72 Requires:       libxml-security-c-devel >= 1.4.0
  73 Requires:       libxmltooling-devel >= 1.5
  74 Requires:       libsaml-devel >= 2.5
  75 %{?_with_log4cpp:Requires: liblog4cpp-devel >= 1.0}
  76 %{!?_with_log4cpp:Requires: liblog4shib-devel}
  77
  78 %description devel
  79 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
  80 that supports multiple protocols, federated identity, and the extensible
  81 exchange of rich attributes subject to privacy controls.
  82
  83 This package includes files needed for development with Shibboleth.
  84
  85 %prep
  86 %setup -q
  87
  88 %build
  89 %if 0%{?centos_version} >= 600
  90         %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{!?_without_memcached:--with-memcached} %{?shib_options}
  91 %else
  92         %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{?_with_memcached} %{?shib_options}
  93 %endif
  94 %{__make} pkgdocdir=%{pkgdocdir}
  95
  96 %install
  97 %{__make} install NOKEYGEN=1 DESTDIR=$RPM_BUILD_ROOT pkgdocdir=%{pkgdocdir}
  98
  99 %if "%{_vendor}" == "suse"
 100         %{__sed} -i "s/\/var\/log\/httpd/\/var\/log\/apache2/g" \
 101                 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/native.logger
 102 %endif
 103
 104 # Plug the SP into the built-in Apache on a recognized system.
 105 touch rpm.filelist
 106 APACHE_CONFIG="no"
 107 if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_13.so ] ; then
 108         APACHE_CONFIG="apache.config"
 109 fi
 110 if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_20.so ] ; then
 111         APACHE_CONFIG="apache2.config"
 112 fi
 113 if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_22.so ] ; then
 114         APACHE_CONFIG="apache22.config"
 115 fi
 116 %{?_without_builtinapache:APACHE_CONFIG="no"}
 117 if [ "$APACHE_CONFIG" != "no" ] ; then
 118         APACHE_CONFD="no"
 119         if [ -d %{_sysconfdir}/httpd/conf.d ] ; then
 120                 APACHE_CONFD="%{_sysconfdir}/httpd/conf.d"
 121         fi
 122         if [ -d %{_sysconfdir}/apache2/conf.d ] ; then
 123                 APACHE_CONFD="%{_sysconfdir}/apache2/conf.d"
 124         fi
 125         if [ "$APACHE_CONFD" != "no" ] ; then
 126                 %{__mkdir} -p $RPM_BUILD_ROOT$APACHE_CONFD
 127                 %{__cp} -p $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/$APACHE_CONFIG $RPM_BUILD_ROOT$APACHE_CONFD/shib.conf
 128                 echo "%config(noreplace) $APACHE_CONFD/shib.conf" >> rpm.filelist
 129         fi
 130 fi
 131
 132 # Establish location of sysconfig file, if any.
 133 SYSCONFIG_SHIBD="no"
 134 %if "%{_vendor}" == "redhat"
 135         %{__mkdir} -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
 136         echo "%config(noreplace) %{_sysconfdir}/sysconfig/shibd" >> rpm.filelist
 137         SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/shibd"
 138 %endif
 139 %if "%{_vendor}" == "suse"
 140         %{__mkdir} -p $RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates
 141         echo "%{_localstatedir}/adm/fillup-templates/sysconfig.shibd" >> rpm.filelist
 142         SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates/sysconfig.shibd"
 143 %endif
 144 if [ "$SYSCONFIG_SHIBD" != "no" ] ; then
 145         # Populate the sysconfig file.
 146         cat > $SYSCONFIG_SHIBD <<EOF
 147 # Shibboleth SP init script customization
 148
 149 # User account for shibd
 150 SHIBD_USER=%{runuser}
 151 EOF
 152         %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
 153                 cat >> $SYSCONFIG_SHIBD <<EOF
 154
 155 # Override OS-supplied libcurl
 156 export LD_LIBRARY_PATH=/opt/shibboleth/%{_lib}
 157 EOF
 158                 # Strip existing rpath to libcurl.
 159                 chrpath -d $RPM_BUILD_ROOT%{_sbindir}/shibd
 160                 chrpath -d $RPM_BUILD_ROOT%{_bindir}/mdquery
 161                 chrpath -d $RPM_BUILD_ROOT%{_bindir}/resolvertest
 162         %endif
 163 fi
 164
 165 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
 166         # %{_initddir} not yet in RHEL5, use deprecated %{_initrddir}
 167         install -d -m 0755 $RPM_BUILD_ROOT%{_initrddir}
 168         install -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/shibd-%{_vendor} $RPM_BUILD_ROOT%{_initrddir}/shibd
 169 %if "%{_vendor}" == "suse"
 170         install -d -m 0755 $RPM_BUILD_ROOT/%{_sbindir}
 171         %{__ln_s} -f %{_initrddir}/shibd $RPM_BUILD_ROOT%{_sbindir}/rcshibd
 172 %endif
 173 %endif
 174
 175 %check
 176 %{__make} check
 177
 178 %clean
 179 [ "$RPM_BUILD_ROOT" != "/" ] && %{__rm} -rf $RPM_BUILD_ROOT
 180
 181 %pre
 182 getent group %{runuser} >/dev/null || groupadd -r %{runuser}
 183 getent passwd %{runuser} >/dev/null || useradd -r -g %{runuser} \
 184         -d  %{_localstatedir}/run/%{name} -s /sbin/nologin -c "Shibboleth SP daemon" %{runuser}
 185 exit 0
 186
 187 %post
 188 %ifnos solaris2.8 solaris2.9 solaris2.10
 189 /sbin/ldconfig
 190 %endif
 191
 192 # Key generation or ownership fix
 193 cd %{_sysconfdir}/%{name}
 194 if [ -f sp-key.pem ] ; then
 195         %{__chown} %{runuser}:%{runuser} sp-key.pem sp-cert.pem 2>/dev/null || :
 196 else
 197         sh ./keygen.sh -b -u %{runuser} -g %{runuser}
 198 fi
 199
 200 # Fix ownership of log files (even on new installs, if they're left from an older one).
 201 %{__chown} %{runuser}:%{runuser} %{_localstatedir}/log/%{name}/* 2>/dev/null || :
 202
 203 %if "%{_vendor}" == "redhat"
 204         if [ "$1" -gt "1" ] ; then
 205                 # On Red Hat with shib.conf installed, clean up old Alias commands
 206                 # by pointing them at new version-independent /usr/share/share tree.
 207                 # Any Aliases we didn't create we assume are custom files.
 208                 # This is to accomodate making shib.conf a noreplace config file.
 209                 # We can't do this for SUSE, because they disallow changes to
 210                 # packaged files in scriplets.
 211                 APACHE_CONF="no"
 212                 if [ -f %{_sysconfdir}/httpd/conf.d/shib.conf ] ; then
 213                         APACHE_CONF="%{_sysconfdir}/httpd/conf.d/shib.conf"
 214                 fi
 215                 if [ "$APACHE_CONF" != "no" ] ; then
 216                         %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/main\.css/\/usr\/share\/shibboleth\/main.css/g" \
 217                                 $APACHE_CONF
 218                         %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/logo\.jpg/\/usr\/share\/shibboleth\/logo.jpg/g" \
 219                                 $APACHE_CONF
 220                 fi
 221         fi
 222
 223         # This adds the proper /etc/rc*.d links for the script
 224         /sbin/chkconfig --add shibd
 225
 226         # On upgrade, restart components if they're already running.
 227         # This gets repeated now down in %postun, and the next release
 228         # should remove this copy. If we yank it now, we'll break upgrades.
 229         if [ "$1" -gt "1" ] ; then
 230                 /etc/init.d/shibd status 1>/dev/null && /etc/init.d/shibd restart 1>/dev/null
 231                 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
 232                 exit 0
 233         fi
 234 %endif
 235 %if "%{_vendor}" == "suse"
 236         # This adds the proper /etc/rc*.d links for the script
 237         # and populates the sysconfig/shibd file.
 238         cd /
 239         %{fillup_only -n shibd}
 240         %insserv_force_if_yast shibd
 241 %endif
 242
 243 %preun
 244 # On final removal, stop shibd and remove service, restart Apache if running.
 245 %if "%{_vendor}" == "redhat"
 246         if [ "$1" -eq 0 ] ; then
 247                 /sbin/service shibd stop >/dev/null 2>&1
 248                 /sbin/chkconfig --del shibd
 249                 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
 250         fi
 251 %endif
 252 %if "%{_vendor}" == "suse"
 253         %stop_on_removal shibd
 254         if [ "$1" -eq 0 ] ; then
 255                 %{!?_without_builtinapache:/etc/init.d/apache2 status 1>/dev/null && /etc/init.d/apache2 restart 1>/dev/null}
 256         fi
 257 %endif
 258 exit 0
 259
 260 %postun
 261 %ifnos solaris2.8 solaris2.9 solaris2.10
 262 /sbin/ldconfig
 263 %endif
 264 %if "%{_vendor}" == "redhat"
 265         # On upgrade, restart components if they're already running.
 266         if [ "$1" -ge "1" ] ; then
 267                 /etc/init.d/shibd status 1>/dev/null && /etc/init.d/shibd restart 1>/dev/null
 268                 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
 269                 exit 0
 270         fi
 271 %endif
 272 %if "%{_vendor}" == "suse"
 273         cd /
 274         %restart_on_update shibd
 275         %{!?_without_builtinapache:%restart_on_update apache2}
 276         %{insserv_cleanup}
 277 %endif
 278
 279 %posttrans
 280 # ugly hack if init script got removed during %postun by upgraded (buggy/2.1) package
 281 %if "%{_vendor}" == "redhat"
 282         if [ ! -f %{_initrddir}/shibd ] ; then
 283                 if [ -f %{_sysconfdir}/%{name}/shibd-%{_vendor} ] ; then
 284                         %{__cp} -p %{_sysconfdir}/%{name}/shibd-%{_vendor} %{_initrddir}/shibd
 285                         %{__chmod} 755 %{_initrddir}/shibd
 286                         /sbin/chkconfig --add shibd
 287         fi
 288 fi
 289 %endif
 290
 291 %files -f rpm.filelist
 292 %defattr(-,root,root,-)
 293 %{_sbindir}/shibd
 294 %{_bindir}/mdquery
 295 %{_bindir}/resolvertest
 296 %{_libdir}/libshibsp.so.*
 297 %{_libdir}/libshibsp-lite.so.*
 298 %dir %{_libdir}/%{name}
 299 %{_libdir}/%{name}/*
 300 %exclude %{_libdir}/%{name}/*.la
 301 %attr(0750,%{runuser},%{runuser}) %dir %{_localstatedir}/log/%{name}
 302 %attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/run/%{name}
 303 %attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/cache/%{name}
 304 %dir %{_datadir}/xml/%{name}
 305 %{_datadir}/xml/%{name}/*
 306 %dir %{_datadir}/%{name}
 307 %{_datadir}/%{name}/*
 308 %dir %{_sysconfdir}/%{name}
 309 %config(noreplace) %{_sysconfdir}/%{name}/*.xml
 310 %config(noreplace) %{_sysconfdir}/%{name}/*.html
 311 %config(noreplace) %{_sysconfdir}/%{name}/*.logger
 312 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
 313 %config %{_initrddir}/shibd
 314 %endif
 315 %if "%{_vendor}" == "suse"
 316 %{_sbindir}/rcshibd
 317 %endif
 318 %{_sysconfdir}/%{name}/*.dist
 319 %{_sysconfdir}/%{name}/apache*.config
 320 %{_sysconfdir}/%{name}/shibd-*
 321 %attr(0755,root,root) %{_sysconfdir}/%{name}/keygen.sh
 322 %attr(0755,root,root) %{_sysconfdir}/%{name}/metagen.sh
 323 %{_sysconfdir}/%{name}/*.xsl
 324 %doc %{pkgdocdir}
 325 %exclude %{pkgdocdir}/api
 326
 327 %files devel
 328 %defattr(-,root,root,-)
 329 %{_includedir}/*
 330 %{_libdir}/libshibsp.so
 331 %{_libdir}/libshibsp-lite.so
 332 %doc %{pkgdocdir}/api
 333
 334 %changelog
 335 * Thu Mar 1 2012  Scott Cantor  <cantor.2@osu.edu>  - 2.5-1
 336 - Move logo and stylesheet to version-independent tree
 337 - Make shib.conf noreplace
 338 - Post-fixup of Alias commands in older shib.conf
 339 - Changes to run shibd as non-root shibboleth user
 340 - Move init customizations to /etc/sysconfig/shibd
 341 - Copy shibd restart for Red Hat to postun
 342 - Add boost-devel dependency
 343 - Build memcache plugin on RH6
 344 - Add cachedir to install
 345
 346 * Sun Jun 26 2011  Scott Cantor  <cantor.2@osu.edu>  - 2.4.3-1
 347 - Log files shouldn't be world readable.
 348 - Explicit requirement for libcurl-openssl on RHEL6
 349 - Uncomment LD_LIBRARY_PATH in init script for RHEL6
 350 - Remove rpath from binaries for RHEL6
 351
 352 * Fri Dec 25 2009  Scott Cantor  <cantor.2@osu.edu>  - 2.4-1
 353 - Update dependencies.
 354
 355 * Mon Nov 23 2009 Scott Cantor  <cantor.2@osu.edu>  - 2.3.1-1
 356 - Reset revision for 2.3.1 release
 357
 358 * Wed Aug 19 2009 Scott Cantor  <cantor.2@osu.edu>  - 2.2.1-2
 359 - SuSE init script changes
 360 - Restart Apache on removal, not just upgrade
 361 - Fix scriptlet exit values when Apache is stopped
 362
 363 * Mon Aug 10 2009 Scott Cantor  <cantor.2@osu.edu>  - 2.2.1-1
 364 - Doc handling changes
 365 - SuSE init script
 366
 367 * Tue Aug 4 2009 Scott Cantor  <cantor.2@osu.edu>  - 2.2.1-1
 368 - Initial version for 2.2.1, with shibd/httpd restart on upgrade
 369
 370 * Thu Jun 25 2009 Scott Cantor  <cantor.2@osu.edu>  - 2.2-3
 371 - Add additional cleanup to posttrans fix
 372
 373 * Tue Jun 23 2009 Scott Cantor  <cantor.2@osu.edu>  - 2.2-2
 374 - Reverse without_builtinapache macro test
 375 - Fix init script handling on Red Hat to handle upgrades
 376
 377 * Wed Dec 3 2008  Scott Cantor  <cantor.2@osu.edu>  - 2.2-1
 378 - Bump minor version.
 379 - Make keygen.sh executable.
 380 - Fixing SUSE Xerces dependency name.
 381 - Optionally package shib.conf.
 382
 383 * Tue Jun 10 2008  Scott Cantor  <cantor.2@osu.edu>  - 2.1-1
 384 - Change shib.conf handling to treat as config file.
 385
 386 * Mon Mar 17 2008  Scott Cantor  <cantor.2@osu.edu>  - 2.0-6
 387 - Official release.
 388
 389 * Fri Jan 18 2008  Scott Cantor  <cantor.2@osu.edu>  - 2.0-5
 390 - Release candidate 1.
 391
 392 * Sun Oct 21 2007 Scott Cantor  <cantor.2@osu.edu>  - 2.0-4
 393 - libexec -> lib/shibboleth changes
 394 - Added doc subpackage
 395
 396 * Thu Aug 16 2007 Scott Cantor  <cantor.2@osu.edu>  - 2.0-3
 397 - First public beta.
 398
 399 * Fri Jul 13 2007 Scott Cantor  <cantor.2@osu.edu>  - 2.0-2
 400 - Second alpha release.
 401
 402 * Sun Jun 10 2007 Scott Cantor  <cantor.2@osu.edu>  - 2.0-1
 403 - First alpha release.
 404
 405 * Mon Oct 2 2006 Scott Cantor   <cantor.2@osu.edu>  - 1.3-11
 406 - Applied fix for secadv 20061002
 407 - Fix for metadata loader loop
 408
 409 * Wed Jun 15 2006 Scott Cantor  <cantor.2@osu.edu>  - 1.3-10
 410 - Applied fix for sec 20060615
 411
 412 * Fri Apr 15 2006 Scott Cantor  <cantor.2@osu.edu>  - 1.3-9
 413 - Misc. patches, SuSE, Apache 2.2, gcc 4.1, and 64-bit support
 414
 415 * Mon Jan 9 2006 Scott Cantor  <cantor.2@osu.edu>  - 1.3-8
 416 - Applied new fix for secadv 20060109
 417
 418 * Tue Nov 8 2005 Scott Cantor  <cantor.2@osu.edu>  - 1.3-7
 419 - Applied new fix for secadv 20050901 plus rollup
 420
 421 * Fri Sep 23 2005 Scott Cantor  <cantor.2@osu.edu>  - 1.3-6
 422 - Minor patches and default config changes
 423 - pidfile patch
 424 - Fix shib.conf creation
 425 - Integrated init.d script
 426 - Prevent replacement of config files
 427
 428 * Thu Sep 1 2005  Scott Cantor  <cantor.2@osu.edu>  - 1.3-5
 429 - Applied fix for secadv 20050901 plus rollup of NSAPI fixes
 430
 431 * Sun Apr 24 2005  Scott Cantor  <cantor.2@osu.edu>  - 1.3-1
 432 - Updated test programs and location of schemas.
 433 - move siterefresh to to sbindir
 434
 435 * Fri Apr  1 2005  Derek Atkins  <derek@ihtfp.com>  - 1.3-1
 436 - Add selinux-targeted-policy package
 437 - move shar to sbindir
 438
 439 * Tue Oct 19 2004  Derek Atkins  <derek@ihtfp.com>  - 1.2-1
 440 - Create SPEC file based on various versions in existence.