+if [ "$SYSTEMD_SHIBD" != "no" ] ; then
+ # Populate the systemd file
+ cat > $SYSTEMD_SHIBD <<EOF
+[Unit]
+Description=Shibboleth Service Provider Daemon
+After=network.target
+Before=httpd.service
+
+[Service]
+Type=notify
+NotifyAccess=main
+User=%{runuser}
+%if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1
+Environment=LD_LIBRARY_PATH=/opt/shibboleth/%{_lib}
+%endif
+ExecStart=%{_sbindir}/shibd -f -F
+StandardInput=null
+StandardOutput=null
+StandardError=journal
+TimeoutStopSec=5s
+TimeoutStartSec=90s
+Restart=on-failure
+RestartSec=30s
+
+[Install]
+WantedBy=multi-user.target
+EOF
+elif [ "$SYSCONFIG_SHIBD" != "no" ] ; then
+ # Populate the sysconfig file.
+ cat > $SYSCONFIG_SHIBD <<EOF
+# Shibboleth SP init script customization
+
+# User account for shibd
+SHIBD_USER=%{runuser}
+
+# Umask for shibd
+# SHIBD_UMASK=022
+
+# Wait period (secs) for configuration (and metadata) to load
+SHIBD_WAIT=30
+EOF
+ %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1
+ cat >> $SYSCONFIG_SHIBD <<EOF
+
+# Override OS-supplied libcurl
+export LD_LIBRARY_PATH=/opt/shibboleth/%{_lib}
+EOF
+ %endif
+fi
+
+%if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1
+ # Strip existing rpath to libcurl.
+ chrpath -d $RPM_BUILD_ROOT%{_sbindir}/shibd
+ chrpath -d $RPM_BUILD_ROOT%{_bindir}/mdquery
+ chrpath -d $RPM_BUILD_ROOT%{_bindir}/resolvertest
+%endif
+
+%if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon" || "%{_vendor}" == "suse"
+if [ "$SYSTEMD_SHIBD" == "no" ] ; then
+ # %{_initddir} not yet in RHEL5, use deprecated %{_initrddir}
+ install -d -m 0755 $RPM_BUILD_ROOT%{_initrddir}
+ install -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/shibd-%{_vendor} $RPM_BUILD_ROOT%{_initrddir}/shibd
+%if "%{_vendor}" == "suse"
+ install -d -m 0755 $RPM_BUILD_ROOT/%{_sbindir}
+ %{__ln_s} -f %{_initrddir}/shibd $RPM_BUILD_ROOT%{_sbindir}/rcshibd
+%endif
+fi
+%endif
+
+%check
+%{__make} check
+
+%clean
+[ "$RPM_BUILD_ROOT" != "/" ] && %{__rm} -rf $RPM_BUILD_ROOT
+
+%pre
+getent group %{runuser} >/dev/null || groupadd -r %{runuser}
+getent passwd %{runuser} >/dev/null || useradd -r -g %{runuser} \
+ -d %{_localstatedir}/run/shibboleth -s /sbin/nologin -c "Shibboleth SP daemon" %{runuser}
+%if 0%{?suse_version} >= 1210
+ %service_add_pre shibd.service
+%endif
+exit 0
+
+%post
+%ifnos solaris2.8 solaris2.9 solaris2.10 solaris2.11
+/sbin/ldconfig
+%endif
+
+# Key generation or ownership fix
+cd %{_sysconfdir}/shibboleth
+if [ -f sp-key.pem ] ; then
+ %{__chown} %{runuser}:%{runuser} sp-key.pem sp-cert.pem 2>/dev/null || :
+else
+ /bin/sh ./keygen.sh -b -u %{runuser} -g %{runuser}
+fi
+
+# Fix ownership of log files (even on new installs, if they're left from an older one).
+%{__chown} %{runuser}:%{runuser} %{_localstatedir}/log/shibboleth/* 2>/dev/null || :
+
+%if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon"
+ if [ $1 -gt 1 ] ; then
+ # On Red Hat with shib.conf installed, clean up old Alias commands
+ # by pointing them at new version-independent /usr/share/share tree.
+ # Any Aliases we didn't create we assume are custom files.
+ # This is to accomodate making shib.conf a noreplace config file.
+ # We can't do this for SUSE, because they disallow changes to
+ # packaged files in scriplets.
+ APACHE_CONF="no"
+ if [ -f %{_sysconfdir}/httpd/conf.d/shib.conf ] ; then
+ APACHE_CONF="%{_sysconfdir}/httpd/conf.d/shib.conf"
+ fi
+ if [ "$APACHE_CONF" != "no" ] ; then
+ %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/main\.css/\/usr\/share\/shibboleth\/main.css/g" \
+ $APACHE_CONF
+ %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/logo\.jpg/\/usr\/share\/shibboleth\/logo.jpg/g" \
+ $APACHE_CONF