X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-sp.git;a=blobdiff_plain;f=shibboleth.spec.in;h=d8f44443c29274ccdd97daae319712b2a943ee65;hp=b0d3d0cc3672ec6d0418f84f2dfe2117b9ee655a;hb=HEAD;hpb=ccc5adbaf732b0ae9687eb08dfceef166ee251ff diff --git a/shibboleth.spec.in b/shibboleth.spec.in index b0d3d0c..d8f4444 100644 --- a/shibboleth.spec.in +++ b/shibboleth.spec.in @@ -1,4 +1,4 @@ -Name: shibboleth +Name: shibboleth-sp Version: @PACKAGE_VERSION@ Release: 1 Summary: Open source system for attribute-based Web SSO @@ -6,28 +6,29 @@ Group: Productivity/Networking/Security Vendor: Shibboleth Consortium License: Apache 2.0 URL: http://shibboleth.net/ -Source: %{name}-sp-%{version}.tar.gz -BuildRoot: %{_tmppath}/%{name}-sp-%{version}-root +Source: %{name}-%{version}.tar.bz2 +BuildRoot: %{_tmppath}/%{name}-%{version}-root Obsoletes: shibboleth-sp = 2.5.0 Requires: openssl %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1 -PreReq: xmltooling-schemas%{?_isa} >= 1.5.0, opensaml-schemas%{?_isa} >= 2.5.0 +Requires: xmltooling-schemas%{?_isa} >= 1.5.5, opensaml-schemas%{?_isa} >= 2.5.5 %else -PreReq: xmltooling-schemas >= 1.5.0, opensaml-schemas >= 2.5.0 +Requires: xmltooling-schemas >= 1.5.5, opensaml-schemas >= 2.5.5 %endif %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130 -PreReq: %{insserv_prereq} %{fillup_prereq} -BuildRequires: libXerces-c-devel >= 2.8.0 +Requires: %{insserv_prereq} %{fillup_prereq} +BuildRequires: libxerces-c-devel >= 3.1 %else %if 0%{?rhel} >= 7 || 0%{?centos_version} >= 700 -BuildRequires: xerces-c-devel >= 2.8.0 +BuildRequires: systemd-devel, pkgconfig +BuildRequires: xerces-c-devel >= 3.1 %else -BuildRequires: libxerces-c-devel >= 2.8.0 +BuildRequires: libxerces-c-devel >= 3.1 %endif %endif -BuildRequires: libxml-security-c-devel >= 1.4.0 -BuildRequires: libxmltooling-devel >= 1.5.0 -BuildRequires: libsaml-devel >= 2.5.0 +BuildRequires: libxml-security-c-devel >= 1.7.3 +BuildRequires: libxmltooling-devel >= 1.5.5 +BuildRequires: libsaml-devel >= 2.5.5 %{?_with_log4cpp:BuildRequires: liblog4cpp-devel >= 1.0} %{!?_with_log4cpp:BuildRequires: liblog4shib-devel >= 1.0.4} %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1 @@ -60,7 +61,13 @@ Requires(preun): chkconfig, initscripts %if "%{_vendor}" == "suse" Requires(pre): pwdutils %{!?_without_builtinapache:BuildRequires: apache2-devel} +%{?systemd_requires} +%if 0%{?suse_version} >= 1210 +BuildRequires: systemd-rpm-macros, systemd-devel, pkgconfig %endif +%endif + +%{!?_tmpfilesdir:%global _tmpfilesdir /usr/lib/tmpfiles.d} %define runuser shibd %if "%{_vendor}" == "suse" @@ -82,18 +89,14 @@ Summary: Shibboleth Development Headers Group: Development/Libraries/C and C++ Requires: %{name} = %{version}-%{release} Obsoletes: shibboleth-sp-devel = 2.5.0 -%if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130 -Requires: libXerces-c-devel >= 2.8.0 -%else %if 0%{?rhel} >= 7 || 0%{?centos_version} >= 700 -Requires: xerces-c-devel >= 2.8.0 +Requires: xerces-c-devel >= 3.1 %else -Requires: libxerces-c-devel >= 2.8.0 +Requires: libxerces-c-devel >= 3.1 %endif -%endif -Requires: libxml-security-c-devel >= 1.4.0 -Requires: libxmltooling-devel >= 1.5.0 -Requires: libsaml-devel >= 2.5.0 +Requires: libxml-security-c-devel >= 1.7.3 +Requires: libxmltooling-devel >= 1.5.5 +Requires: libsaml-devel >= 2.5.5 %{?_with_log4cpp:Requires: liblog4cpp-devel >= 1.0} %{!?_with_log4cpp:Requires: liblog4shib-devel >= 1.0.4} @@ -105,14 +108,22 @@ exchange of rich attributes subject to privacy controls. This package includes files needed for development with Shibboleth. %prep -%setup -n %{name}-sp-%{version} +%setup -n %{name}-%{version} %build +%if 0%{?suse_version} >= 1210 + %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{!?_without_gssapi:--with-gssapi} %{!?_without_systemd:--enable-systemd} %{?shib_options} +%else +%if 0%{?rhel} >= 7 || 0%{?centos_version} >= 700 + %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{!?_without_gssapi:--with-gssapi} %{!?_without_memcached:--with-memcached} %{!?_without_systemd:--enable-systemd} %{?shib_options} +%else %if 0%{?centos_version} >= 600 %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{!?_without_gssapi:--with-gssapi} %{!?_without_memcached:--with-memcached} %{?shib_options} %else %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{!?_without_gssapi:--with-gssapi} %{?_with_memcached} %{?shib_options} %endif +%endif +%endif %{__make} pkgdocdir=%{pkgdocdir} %install @@ -154,8 +165,24 @@ if [ "$APACHE_CONFIG" != "no" ] ; then fi fi -# Establish location of sysconfig file, if any. +# Establish location of systemd file, if any. +SYSTEMD_SHIBD="no" +%if 0%{?suse_version} >= 1210 || 0%{?rhel} >= 7 || 0%{?centos_version} >= 700 + %{__mkdir} -p $RPM_BUILD_ROOT%{_unitdir} + echo "%attr(0444,-,-) %{_unitdir}/shibd.service" >> rpm.filelist + SYSTEMD_SHIBD="$RPM_BUILD_ROOT%{_unitdir}/shibd.service" + + # Get run directory created at boot time. + %{__mkdir} -p $RPM_BUILD_ROOT%{_tmpfilesdir} + echo "%attr(0444,-,-) %{_tmpfilesdir}/%{name}.conf" >> rpm.filelist + cat > $RPM_BUILD_ROOT%{_tmpfilesdir}/%{name}.conf <> rpm.filelist @@ -166,13 +193,48 @@ SYSCONFIG_SHIBD="no" echo "%{_localstatedir}/adm/fillup-templates/sysconfig.shibd" >> rpm.filelist SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates/sysconfig.shibd" %endif -if [ "$SYSCONFIG_SHIBD" != "no" ] ; then +fi + +if [ "$SYSTEMD_SHIBD" != "no" ] ; then + # Populate the systemd file + cat > $SYSTEMD_SHIBD <= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1 +Environment=LD_LIBRARY_PATH=/opt/shibboleth/%{_lib} +%endif +ExecStart=%{_sbindir}/shibd -f -F +StandardInput=null +StandardOutput=null +StandardError=journal +TimeoutStopSec=5s +TimeoutStartSec=90s +Restart=on-failure +RestartSec=30s + +[Install] +WantedBy=multi-user.target +EOF +elif [ "$SYSCONFIG_SHIBD" != "no" ] ; then # Populate the sysconfig file. cat > $SYSCONFIG_SHIBD <= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1 cat >> $SYSCONFIG_SHIBD <= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1 + # Strip existing rpath to libcurl. + chrpath -d $RPM_BUILD_ROOT%{_sbindir}/shibd + chrpath -d $RPM_BUILD_ROOT%{_bindir}/mdquery + chrpath -d $RPM_BUILD_ROOT%{_bindir}/resolvertest +%endif + %if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon" || "%{_vendor}" == "suse" +if [ "$SYSTEMD_SHIBD" == "no" ] ; then # %{_initddir} not yet in RHEL5, use deprecated %{_initrddir} install -d -m 0755 $RPM_BUILD_ROOT%{_initrddir} install -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/shibd-%{_vendor} $RPM_BUILD_ROOT%{_initrddir}/shibd @@ -195,6 +261,7 @@ fi install -d -m 0755 $RPM_BUILD_ROOT/%{_sbindir} %{__ln_s} -f %{_initrddir}/shibd $RPM_BUILD_ROOT%{_sbindir}/rcshibd %endif +fi %endif %check @@ -207,6 +274,9 @@ fi getent group %{runuser} >/dev/null || groupadd -r %{runuser} getent passwd %{runuser} >/dev/null || useradd -r -g %{runuser} \ -d %{_localstatedir}/run/shibboleth -s /sbin/nologin -c "Shibboleth SP daemon" %{runuser} +%if 0%{?suse_version} >= 1210 + %service_add_pre shibd.service +%endif exit 0 %post @@ -219,14 +289,14 @@ cd %{_sysconfdir}/shibboleth if [ -f sp-key.pem ] ; then %{__chown} %{runuser}:%{runuser} sp-key.pem sp-cert.pem 2>/dev/null || : else - sh ./keygen.sh -b -u %{runuser} -g %{runuser} + /bin/sh ./keygen.sh -b -u %{runuser} -g %{runuser} fi # Fix ownership of log files (even on new installs, if they're left from an older one). %{__chown} %{runuser}:%{runuser} %{_localstatedir}/log/shibboleth/* 2>/dev/null || : %if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon" - if [ "$1" -gt "1" ] ; then + if [ $1 -gt 1 ] ; then # On Red Hat with shib.conf installed, clean up old Alias commands # by pointing them at new version-independent /usr/share/share tree. # Any Aliases we didn't create we assume are custom files. @@ -245,30 +315,53 @@ fi fi fi - # This adds the proper /etc/rc*.d links for the script +%if 0%{?rhel} >= 7 || 0%{?centos_version} >= 700 + # Initial prep for systemd + %systemd_post shibd.service + if [ $1 -gt 1 ] ; then + systemctl daemon-reload + fi +%else + # Add the proper /etc/rc*.d links for the script /sbin/chkconfig --add shibd %endif +%endif %if "%{_vendor}" == "suse" +%if 0%{?suse_version} >= 1210 + %service_add_post shibd.service + systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf +%else # This adds the proper /etc/rc*.d links for the script # and populates the sysconfig/shibd file. cd / %{fillup_only -n shibd} %insserv_force_if_yast shibd %endif +%endif %preun # On final removal, stop shibd and remove service, restart Apache if running. %if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon" - if [ "$1" -eq 0 ] ; then +%if 0%{?rhel} >= 7 || 0%{?centos_version} >= 700 + %systemd_preun shibd.service +%else + if [ $1 -eq 0 ] ; then /sbin/service shibd stop >/dev/null 2>&1 /sbin/chkconfig --del shibd - %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null} + fi +%endif + if [ $1 -eq 0 ] ; then + %{!?_without_builtinapache:/sbin/service httpd status 1>/dev/null && /sbin/service httpd restart 1>/dev/null} fi %endif %if "%{_vendor}" == "suse" +%if 0%{?suse_version} >= 1210 + %service_del_preun shibd.service +%else %stop_on_removal shibd - if [ "$1" -eq 0 ] ; then - %{!?_without_builtinapache:/etc/init.d/apache2 status 1>/dev/null && /etc/init.d/apache2 restart 1>/dev/null} +%endif + if [ $1 -eq 0 ] ; then + %{!?_without_builtinapache:/sbin/service apache2 status 1>/dev/null && /sbin/service apache2 restart 1>/dev/null} fi %endif exit 0 @@ -279,30 +372,39 @@ exit 0 %endif %if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon" # On upgrade, restart components if they're already running. - if [ "$1" -ge "1" ] ; then - /etc/init.d/shibd status 1>/dev/null && /etc/init.d/shibd restart 1>/dev/null - %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null} +%if 0%{?rhel} >= 7 || 0%{?centos_version} >= 700 + %systemd_postun_with_restart shibd.service +%else + if [ $1 -ge 1 ] ; then + /sbin/service shibd status 1>/dev/null && /sbin/service shibd restart 1>/dev/null + fi +%endif + if [ $1 -ge 1 ] ; then + %{!?_without_builtinapache:/sbin/service httpd status 1>/dev/null && /sbin/service httpd restart 1>/dev/null} exit 0 fi %endif %if "%{_vendor}" == "suse" +%if 0%{?suse_version} >= 1210 + %service_del_postun shibd.service +%else cd / %restart_on_update shibd - %{!?_without_builtinapache:%restart_on_update apache2} %{insserv_cleanup} %endif + %{!?_without_builtinapache:%restart_on_update apache2} +%endif %posttrans -# ugly hack if init script got removed during %postun by upgraded (buggy/2.1) package -%if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon" - if [ ! -f %{_initrddir}/shibd ] ; then - if [ -f %{_sysconfdir}/shibboleth/shibd-%{_vendor} ] ; then - %{__cp} -p %{_sysconfdir}/shibboleth/shibd-%{_vendor} %{_initrddir}/shibd - %{__chmod} 755 %{_initrddir}/shibd - /sbin/chkconfig --add shibd - fi -fi +# One-time extra restart of shibd and Apache to work around +# SUSE bug that breaks old %restart_on_update macro. +# If we remove, upgrades from pre-systemd to post-systemd +# will stop doing the final restart. +%if "%{_vendor}" == "suse" && 0%{?suse_version} >= 1210 + /usr/bin/systemctl try-restart shibd >/dev/null 2>&1 || : + /usr/bin/systemctl try-restart apache2 >/dev/null 2>&1 || : %endif +exit 0 %files -f rpm.filelist %defattr(-,root,root,-) @@ -336,12 +438,22 @@ fi %config(noreplace) %{_sysconfdir}/shibboleth/*.xml %config(noreplace) %{_sysconfdir}/shibboleth/*.html %config(noreplace) %{_sysconfdir}/shibboleth/*.logger -%if "%{_vendor}" == "redhat" || "%{_vendor}" == "amazon" || "%{_vendor}" == "suse" +%if "%{_vendor}" == "redhat" +%if 0%{?rhel} >= 7 || 0%{?centos_version} >= 700 +%else %config %{_initrddir}/shibd %endif -%if "%{_vendor}" == "suse" +%endif +%if "%{_vendor}" == "amazon" +%config %{_initrddir}/shibd +%endif +%if "%{_vendor}" == "suse" && 0%{?suse_version} < 1210 +%config %{_initrddir}/shibd %{_sbindir}/rcshibd %endif +%if 0%{?suse_version} >= 1210 || 0%{?rhel} >= 7 || 0%{?centos_version} >= 700 +%{_tmpfilesdir}/%{name}.conf +%endif %{_sysconfdir}/shibboleth/*.dist %{_sysconfdir}/shibboleth/apache*.config %{_sysconfdir}/shibboleth/shibd-* @@ -359,9 +471,17 @@ fi %doc %{pkgdocdir}/api %changelog -* Wed Feb 25 2015 Scott Cantor - 2.5.4-1 +* Thu Jul 23 2015 Scott Cantor - 2.5.5-2 +- Fix use of /var/run/shibboleth on newer tmpfs platforms + +* Thu Jul 2 2015 Scott Cantor - 2.5.5-1 +- Revamp with systemd support for RH/CentOS 7+ and SUSE 12.1+ + +* Mon Mar 9 2015 Scott Cantor - 2.5.4-1 - Add Amazon VM support - Add a separate native logging directory +- Remove hard-coded init.d usage +- Switch to bz2 sources to prevent future issues with SuSE * Mon Nov 17 2014 Scott Cantor - 2.5.3-2 - Add libtool dep for OpenSUSE 13