-Name: shibboleth
+Name: shibboleth-sp
Version: @PACKAGE_VERSION@
Release: 1
Summary: Open source system for attribute-based Web SSO
Vendor: Shibboleth Consortium
License: Apache 2.0
URL: http://shibboleth.net/
-Source: %{name}-sp-%{version}.tar.gz
-BuildRoot: %{_tmppath}/%{name}-sp-%{version}-root
+Source: %{name}-%{version}.tar.bz2
+BuildRoot: %{_tmppath}/%{name}-%{version}-root
Obsoletes: shibboleth-sp = 2.5.0
Requires: openssl
-%if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
-PreReq: xmltooling-schemas%{?_isa} >= 1.5.0, opensaml-schemas%{?_isa} >= 2.5.0
+%if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1
+Requires: xmltooling-schemas%{?_isa} >= 1.5.5, opensaml-schemas%{?_isa} >= 2.5.5
%else
-PreReq: xmltooling-schemas >= 1.5.0, opensaml-schemas >= 2.5.0
+Requires: xmltooling-schemas >= 1.5.5, opensaml-schemas >= 2.5.5
%endif
%if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
-PreReq: %{insserv_prereq} %{fillup_prereq}
-BuildRequires: libXerces-c-devel >= 2.8.0
+Requires: %{insserv_prereq} %{fillup_prereq}
+BuildRequires: libxerces-c-devel >= 3.1
%else
-BuildRequires: libxerces-c-devel >= 2.8.0
+%if 0%{?rhel} >= 7 || 0%{?centos_version} >= 700
+BuildRequires: systemd-devel, pkgconfig
+BuildRequires: xerces-c-devel >= 3.1
+%else
+BuildRequires: libxerces-c-devel >= 3.1
+%endif
%endif
-BuildRequires: libxml-security-c-devel >= 1.4.0
-BuildRequires: libxmltooling-devel >= 1.5.0
-BuildRequires: libsaml-devel >= 2.5.0
+BuildRequires: libxml-security-c-devel >= 1.7.3
+BuildRequires: libxmltooling-devel >= 1.5.5
+BuildRequires: libsaml-devel >= 2.5.5
%{?_with_log4cpp:BuildRequires: liblog4cpp-devel >= 1.0}
%{!?_with_log4cpp:BuildRequires: liblog4shib-devel >= 1.0.4}
-%if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
+%if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1
Requires: libcurl-openssl%{?_isa} >= 7.21.7
BuildRequires: chrpath
%endif
+%if 0%{?suse_version} > 1300
+BuildRequires: libtool
+%endif
BuildRequires: gcc-c++, zlib-devel, boost-devel >= 1.32.0
%{!?_without_gssapi:BuildRequires: krb5-devel}
%{!?_without_doxygen:BuildRequires: doxygen}
BuildRequires: libmemcached-devel
%endif
%{?_with_memcached:BuildRequires: libmemcached-devel}
-%if "%{_vendor}" == "redhat"
-%if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
+%if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon"
+%if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1
%{!?_without_builtinapache:BuildRequires: httpd-devel%{?_isa}}
%else
%{!?_without_builtinapache:BuildRequires: httpd-devel}
%if "%{_vendor}" == "suse"
Requires(pre): pwdutils
%{!?_without_builtinapache:BuildRequires: apache2-devel}
+%{?systemd_requires}
+%if 0%{?suse_version} >= 1210
+BuildRequires: systemd-rpm-macros, systemd-devel, pkgconfig
+%endif
%endif
+%{!?_tmpfilesdir:%global _tmpfilesdir /usr/lib/tmpfiles.d}
+
%define runuser shibd
%if "%{_vendor}" == "suse"
%define pkgdocdir %{_docdir}/shibboleth
Group: Development/Libraries/C and C++
Requires: %{name} = %{version}-%{release}
Obsoletes: shibboleth-sp-devel = 2.5.0
-%if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
-Requires: libXerces-c-devel >= 2.8.0
+%if 0%{?rhel} >= 7 || 0%{?centos_version} >= 700
+Requires: xerces-c-devel >= 3.1
%else
-Requires: libxerces-c-devel >= 2.8.0
+Requires: libxerces-c-devel >= 3.1
%endif
-Requires: libxml-security-c-devel >= 1.4.0
-Requires: libxmltooling-devel >= 1.5.0
-Requires: libsaml-devel >= 2.5.0
+Requires: libxml-security-c-devel >= 1.7.3
+Requires: libxmltooling-devel >= 1.5.5
+Requires: libsaml-devel >= 2.5.5
%{?_with_log4cpp:Requires: liblog4cpp-devel >= 1.0}
%{!?_with_log4cpp:Requires: liblog4shib-devel >= 1.0.4}
This package includes files needed for development with Shibboleth.
%prep
-%setup -n %{name}-sp-%{version}
+%setup -n %{name}-%{version}
%build
+%if 0%{?suse_version} >= 1210
+ %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{!?_without_gssapi:--with-gssapi} %{!?_without_systemd:--enable-systemd} %{?shib_options}
+%else
+%if 0%{?rhel} >= 7 || 0%{?centos_version} >= 700
+ %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{!?_without_gssapi:--with-gssapi} %{!?_without_memcached:--with-memcached} %{!?_without_systemd:--enable-systemd} %{?shib_options}
+%else
%if 0%{?centos_version} >= 600
%configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{!?_without_gssapi:--with-gssapi} %{!?_without_memcached:--with-memcached} %{?shib_options}
%else
%configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{!?_without_gssapi:--with-gssapi} %{?_with_memcached} %{?shib_options}
%endif
+%endif
+%endif
%{__make} pkgdocdir=%{pkgdocdir}
%install
fi
fi
-# Establish location of sysconfig file, if any.
+# Establish location of systemd file, if any.
+SYSTEMD_SHIBD="no"
+%if 0%{?suse_version} >= 1210 || 0%{?rhel} >= 7 || 0%{?centos_version} >= 700
+ %{__mkdir} -p $RPM_BUILD_ROOT%{_unitdir}
+ echo "%attr(0444,-,-) %{_unitdir}/shibd.service" >> rpm.filelist
+ SYSTEMD_SHIBD="$RPM_BUILD_ROOT%{_unitdir}/shibd.service"
+
+ # Get run directory created at boot time.
+ %{__mkdir} -p $RPM_BUILD_ROOT%{_tmpfilesdir}
+ echo "%attr(0444,-,-) %{_tmpfilesdir}/%{name}.conf" >> rpm.filelist
+ cat > $RPM_BUILD_ROOT%{_tmpfilesdir}/%{name}.conf <<EOF
+d /run/%{name} 755 %{runuser} %{runuser} -
+EOF
+%endif
+
+# Otherwise, establish location of sysconfig file, if any.
SYSCONFIG_SHIBD="no"
-%if "%{_vendor}" == "redhat"
+if [ "$SYSTEMD_SHIBD" == "no" ] ; then
+%if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon"
%{__mkdir} -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
echo "%config(noreplace) %{_sysconfdir}/sysconfig/shibd" >> rpm.filelist
SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/shibd"
echo "%{_localstatedir}/adm/fillup-templates/sysconfig.shibd" >> rpm.filelist
SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates/sysconfig.shibd"
%endif
-if [ "$SYSCONFIG_SHIBD" != "no" ] ; then
+fi
+
+if [ "$SYSTEMD_SHIBD" != "no" ] ; then
+ # Populate the systemd file
+ cat > $SYSTEMD_SHIBD <<EOF
+[Unit]
+Description=Shibboleth Service Provider Daemon
+After=network.target
+Before=httpd.service
+
+[Service]
+Type=notify
+NotifyAccess=main
+User=%{runuser}
+%if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1
+Environment=LD_LIBRARY_PATH=/opt/shibboleth/%{_lib}
+%endif
+ExecStart=%{_sbindir}/shibd -f -F
+StandardInput=null
+StandardOutput=null
+StandardError=journal
+TimeoutStopSec=5s
+TimeoutStartSec=90s
+Restart=on-failure
+RestartSec=30s
+
+[Install]
+WantedBy=multi-user.target
+EOF
+elif [ "$SYSCONFIG_SHIBD" != "no" ] ; then
# Populate the sysconfig file.
cat > $SYSCONFIG_SHIBD <<EOF
# Shibboleth SP init script customization
# User account for shibd
SHIBD_USER=%{runuser}
+
+# Umask for shibd
+# SHIBD_UMASK=022
+
+# Wait period (secs) for configuration (and metadata) to load
+SHIBD_WAIT=30
EOF
- %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
+ %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1
cat >> $SYSCONFIG_SHIBD <<EOF
# Override OS-supplied libcurl
export LD_LIBRARY_PATH=/opt/shibboleth/%{_lib}
EOF
- # Strip existing rpath to libcurl.
- chrpath -d $RPM_BUILD_ROOT%{_sbindir}/shibd
- chrpath -d $RPM_BUILD_ROOT%{_bindir}/mdquery
- chrpath -d $RPM_BUILD_ROOT%{_bindir}/resolvertest
%endif
fi
-%if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
+%if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1
+ # Strip existing rpath to libcurl.
+ chrpath -d $RPM_BUILD_ROOT%{_sbindir}/shibd
+ chrpath -d $RPM_BUILD_ROOT%{_bindir}/mdquery
+ chrpath -d $RPM_BUILD_ROOT%{_bindir}/resolvertest
+%endif
+
+%if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon" || "%{_vendor}" == "suse"
+if [ "$SYSTEMD_SHIBD" == "no" ] ; then
# %{_initddir} not yet in RHEL5, use deprecated %{_initrddir}
install -d -m 0755 $RPM_BUILD_ROOT%{_initrddir}
install -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/shibd-%{_vendor} $RPM_BUILD_ROOT%{_initrddir}/shibd
install -d -m 0755 $RPM_BUILD_ROOT/%{_sbindir}
%{__ln_s} -f %{_initrddir}/shibd $RPM_BUILD_ROOT%{_sbindir}/rcshibd
%endif
+fi
%endif
%check
getent group %{runuser} >/dev/null || groupadd -r %{runuser}
getent passwd %{runuser} >/dev/null || useradd -r -g %{runuser} \
-d %{_localstatedir}/run/shibboleth -s /sbin/nologin -c "Shibboleth SP daemon" %{runuser}
+%if 0%{?suse_version} >= 1210
+ %service_add_pre shibd.service
+%endif
exit 0
%post
if [ -f sp-key.pem ] ; then
%{__chown} %{runuser}:%{runuser} sp-key.pem sp-cert.pem 2>/dev/null || :
else
- sh ./keygen.sh -b -u %{runuser} -g %{runuser}
+ /bin/sh ./keygen.sh -b -u %{runuser} -g %{runuser}
fi
# Fix ownership of log files (even on new installs, if they're left from an older one).
%{__chown} %{runuser}:%{runuser} %{_localstatedir}/log/shibboleth/* 2>/dev/null || :
-%if "%{_vendor}" == "redhat"
- if [ "$1" -gt "1" ] ; then
+%if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon"
+ if [ $1 -gt 1 ] ; then
# On Red Hat with shib.conf installed, clean up old Alias commands
# by pointing them at new version-independent /usr/share/share tree.
# Any Aliases we didn't create we assume are custom files.
fi
fi
- # This adds the proper /etc/rc*.d links for the script
+%if 0%{?rhel} >= 7 || 0%{?centos_version} >= 700
+ # Initial prep for systemd
+ %systemd_post shibd.service
+ if [ $1 -gt 1 ] ; then
+ systemctl daemon-reload
+ fi
+%else
+ # Add the proper /etc/rc*.d links for the script
/sbin/chkconfig --add shibd
%endif
+%endif
%if "%{_vendor}" == "suse"
+%if 0%{?suse_version} >= 1210
+ %service_add_post shibd.service
+ systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf
+%else
# This adds the proper /etc/rc*.d links for the script
# and populates the sysconfig/shibd file.
cd /
%{fillup_only -n shibd}
%insserv_force_if_yast shibd
%endif
+%endif
%preun
# On final removal, stop shibd and remove service, restart Apache if running.
-%if "%{_vendor}" == "redhat"
- if [ "$1" -eq 0 ] ; then
+%if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon"
+%if 0%{?rhel} >= 7 || 0%{?centos_version} >= 700
+ %systemd_preun shibd.service
+%else
+ if [ $1 -eq 0 ] ; then
/sbin/service shibd stop >/dev/null 2>&1
/sbin/chkconfig --del shibd
- %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
+ fi
+%endif
+ if [ $1 -eq 0 ] ; then
+ %{!?_without_builtinapache:/sbin/service httpd status 1>/dev/null && /sbin/service httpd restart 1>/dev/null}
fi
%endif
%if "%{_vendor}" == "suse"
+%if 0%{?suse_version} >= 1210
+ %service_del_preun shibd.service
+%else
%stop_on_removal shibd
- if [ "$1" -eq 0 ] ; then
- %{!?_without_builtinapache:/etc/init.d/apache2 status 1>/dev/null && /etc/init.d/apache2 restart 1>/dev/null}
+%endif
+ if [ $1 -eq 0 ] ; then
+ %{!?_without_builtinapache:/sbin/service apache2 status 1>/dev/null && /sbin/service apache2 restart 1>/dev/null}
fi
%endif
exit 0
%ifnos solaris2.8 solaris2.9 solaris2.10 solaris2.11
/sbin/ldconfig
%endif
-%if "%{_vendor}" == "redhat"
+%if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon"
# On upgrade, restart components if they're already running.
- if [ "$1" -ge "1" ] ; then
- /etc/init.d/shibd status 1>/dev/null && /etc/init.d/shibd restart 1>/dev/null
- %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
+%if 0%{?rhel} >= 7 || 0%{?centos_version} >= 700
+ %systemd_postun_with_restart shibd.service
+%else
+ if [ $1 -ge 1 ] ; then
+ /sbin/service shibd status 1>/dev/null && /sbin/service shibd restart 1>/dev/null
+ fi
+%endif
+ if [ $1 -ge 1 ] ; then
+ %{!?_without_builtinapache:/sbin/service httpd status 1>/dev/null && /sbin/service httpd restart 1>/dev/null}
exit 0
fi
%endif
%if "%{_vendor}" == "suse"
+%if 0%{?suse_version} >= 1210
+ %service_del_postun shibd.service
+%else
cd /
%restart_on_update shibd
- %{!?_without_builtinapache:%restart_on_update apache2}
%{insserv_cleanup}
%endif
+ %{!?_without_builtinapache:%restart_on_update apache2}
+%endif
%posttrans
-# ugly hack if init script got removed during %postun by upgraded (buggy/2.1) package
-%if "%{_vendor}" == "redhat"
- if [ ! -f %{_initrddir}/shibd ] ; then
- if [ -f %{_sysconfdir}/shibboleth/shibd-%{_vendor} ] ; then
- %{__cp} -p %{_sysconfdir}/shibboleth/shibd-%{_vendor} %{_initrddir}/shibd
- %{__chmod} 755 %{_initrddir}/shibd
- /sbin/chkconfig --add shibd
- fi
-fi
+# One-time extra restart of shibd and Apache to work around
+# SUSE bug that breaks old %restart_on_update macro.
+# If we remove, upgrades from pre-systemd to post-systemd
+# will stop doing the final restart.
+%if "%{_vendor}" == "suse" && 0%{?suse_version} >= 1210
+ /usr/bin/systemctl try-restart shibd >/dev/null 2>&1 || :
+ /usr/bin/systemctl try-restart apache2 >/dev/null 2>&1 || :
%endif
+exit 0
%files -f rpm.filelist
%defattr(-,root,root,-)
%dir %{_libdir}/shibboleth
%{_libdir}/shibboleth/*
%attr(0750,%{runuser},%{runuser}) %dir %{_localstatedir}/log/shibboleth
+%if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon" || "%{_vendor}" == "suse"
+%if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon"
+%attr(0750,apache,apache) %dir %{_localstatedir}/log/shibboleth-www
+%endif
+%if "%{_vendor}" == "suse"
+%attr(0750,wwwrun,www) %dir %{_localstatedir}/log/shibboleth-www
+%endif
+%else
+%attr(0750,-,-) %dir %{_localstatedir}/log/shibboleth-www
+%endif
+%if 0%{?suse_version} < 1300
%attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/run/shibboleth
+%endif
%attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/cache/shibboleth
%dir %{_datadir}/xml/shibboleth
%{_datadir}/xml/shibboleth/*
%config(noreplace) %{_sysconfdir}/shibboleth/*.xml
%config(noreplace) %{_sysconfdir}/shibboleth/*.html
%config(noreplace) %{_sysconfdir}/shibboleth/*.logger
-%if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
+%if "%{_vendor}" == "redhat"
+%if 0%{?rhel} >= 7 || 0%{?centos_version} >= 700
+%else
%config %{_initrddir}/shibd
%endif
-%if "%{_vendor}" == "suse"
+%endif
+%if "%{_vendor}" == "amazon"
+%config %{_initrddir}/shibd
+%endif
+%if "%{_vendor}" == "suse" && 0%{?suse_version} < 1210
+%config %{_initrddir}/shibd
%{_sbindir}/rcshibd
%endif
+%if 0%{?suse_version} >= 1210 || 0%{?rhel} >= 7 || 0%{?centos_version} >= 700
+%{_tmpfilesdir}/%{name}.conf
+%endif
%{_sysconfdir}/shibboleth/*.dist
%{_sysconfdir}/shibboleth/apache*.config
%{_sysconfdir}/shibboleth/shibd-*
%doc %{pkgdocdir}/api
%changelog
+* Thu Jul 23 2015 Scott Cantor <cantor.2@osu.edu> - 2.5.5-2
+- Fix use of /var/run/shibboleth on newer tmpfs platforms
+
+* Thu Jul 2 2015 Scott Cantor <cantor.2@osu.edu> - 2.5.5-1
+- Revamp with systemd support for RH/CentOS 7+ and SUSE 12.1+
+
+* Mon Mar 9 2015 Scott Cantor <cantor.2@osu.edu> - 2.5.4-1
+- Add Amazon VM support
+- Add a separate native logging directory
+- Remove hard-coded init.d usage
+- Switch to bz2 sources to prevent future issues with SuSE
+
+* Mon Nov 17 2014 Scott Cantor <cantor.2@osu.edu> - 2.5.3-2
+- Add libtool dep for OpenSUSE 13
+- Remove /var/run/shibboleth for OpenSUSE 13
+
+* Tue May 13 2014 Ian Young <ian@iay.org.uk> - 2.5.3-1.2
+- Update package dependencies for RHEL/CentOS 7
+- Fix bogus dates in changelog
+
* Sat Jun 8 2013 Scott Cantor <cantor.2@osu.edu> - 2.5.2-1
- Add --with-gssapi using MIT K5 by default
- Applied fix for secadv 20061002
- Fix for metadata loader loop
-* Wed Jun 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-10
+* Thu Jun 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-10
- Applied fix for sec 20060615
-* Fri Apr 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-9
+* Sat Apr 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-9
- Misc. patches, SuSE, Apache 2.2, gcc 4.1, and 64-bit support
* Mon Jan 9 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-8
projects / shibboleth / cpp-sp.git / blobdiff