2 Version: @PACKAGE_VERSION@
4 Summary: Open source system for attribute-based Web SSO
5 Group: Productivity/Networking/Security
6 Vendor: Shibboleth Consortium
8 URL: http://shibboleth.net/
9 Source: %{name}-sp-%{version}.tar.gz
10 BuildRoot: %{_tmppath}/%{name}-sp-%{version}-root
11 Obsoletes: shibboleth-sp = 2.5.0
13 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
14 PreReq: xmltooling-schemas%{?_isa} >= 1.5.0, opensaml-schemas%{?_isa} >= 2.5.0
16 PreReq: xmltooling-schemas >= 1.5.0, opensaml-schemas >= 2.5.0
18 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
19 PreReq: %{insserv_prereq} %{fillup_prereq}
20 BuildRequires: libXerces-c-devel >= 2.8.0
22 %if 0%{?rhel} >= 7 || 0%{?centos_version} >= 700
23 BuildRequires: xerces-c-devel >= 2.8.0
25 BuildRequires: libxerces-c-devel >= 2.8.0
28 BuildRequires: libxml-security-c-devel >= 1.4.0
29 BuildRequires: libxmltooling-devel >= 1.5.0
30 BuildRequires: libsaml-devel >= 2.5.0
31 %{?_with_log4cpp:BuildRequires: liblog4cpp-devel >= 1.0}
32 %{!?_with_log4cpp:BuildRequires: liblog4shib-devel >= 1.0.4}
33 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
34 Requires: libcurl-openssl%{?_isa} >= 7.21.7
35 BuildRequires: chrpath
37 BuildRequires: gcc-c++, zlib-devel, boost-devel >= 1.32.0
38 %{!?_without_gssapi:BuildRequires: krb5-devel}
39 %{!?_without_doxygen:BuildRequires: doxygen}
40 %{!?_without_odbc:BuildRequires:unixODBC-devel}
41 %{?_with_fastcgi:BuildRequires: fcgi-devel}
42 %if 0%{?centos_version} >= 600
43 BuildRequires: libmemcached-devel
45 %{?_with_memcached:BuildRequires: libmemcached-devel}
46 %if "%{_vendor}" == "redhat"
47 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
48 %{!?_without_builtinapache:BuildRequires: httpd-devel%{?_isa}}
50 %{!?_without_builtinapache:BuildRequires: httpd-devel}
52 BuildRequires: redhat-rpm-config
53 Requires(pre): shadow-utils
54 Requires(post): chkconfig
55 Requires(preun): chkconfig, initscripts
57 %if "%{_vendor}" == "suse"
58 Requires(pre): pwdutils
59 %{!?_without_builtinapache:BuildRequires: apache2-devel}
63 %if "%{_vendor}" == "suse"
64 %define pkgdocdir %{_docdir}/shibboleth
66 %define pkgdocdir %{_docdir}/shibboleth-%{version}
70 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
71 that supports multiple protocols, federated identity, and the extensible
72 exchange of rich attributes subject to privacy controls.
74 This package contains the Shibboleth Service Provider runtime libraries,
75 daemon, default plugins, and Apache module(s).
78 Summary: Shibboleth Development Headers
79 Group: Development/Libraries/C and C++
80 Requires: %{name} = %{version}-%{release}
81 Obsoletes: shibboleth-sp-devel = 2.5.0
82 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
83 Requires: libXerces-c-devel >= 2.8.0
85 %if 0%{?rhel} >= 7 || 0%{?centos_version} >= 700
86 Requires: xerces-c-devel >= 2.8.0
88 Requires: libxerces-c-devel >= 2.8.0
91 Requires: libxml-security-c-devel >= 1.4.0
92 Requires: libxmltooling-devel >= 1.5.0
93 Requires: libsaml-devel >= 2.5.0
94 %{?_with_log4cpp:Requires: liblog4cpp-devel >= 1.0}
95 %{!?_with_log4cpp:Requires: liblog4shib-devel >= 1.0.4}
98 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
99 that supports multiple protocols, federated identity, and the extensible
100 exchange of rich attributes subject to privacy controls.
102 This package includes files needed for development with Shibboleth.
105 %setup -n %{name}-sp-%{version}
108 %if 0%{?centos_version} >= 600
109 %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{!?_without_gssapi:--with-gssapi} %{!?_without_memcached:--with-memcached} %{?shib_options}
111 %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{!?_without_gssapi:--with-gssapi} %{?_with_memcached} %{?shib_options}
113 %{__make} pkgdocdir=%{pkgdocdir}
116 %{__make} install NOKEYGEN=1 DESTDIR=$RPM_BUILD_ROOT pkgdocdir=%{pkgdocdir}
118 %if "%{_vendor}" == "suse"
119 %{__sed} -i "s/\/var\/log\/httpd/\/var\/log\/apache2/g" \
120 $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/native.logger
123 # Plug the SP into the built-in Apache on a recognized system.
126 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_13.so ] ; then
127 APACHE_CONFIG="apache.config"
129 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_20.so ] ; then
130 APACHE_CONFIG="apache2.config"
132 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_22.so ] ; then
133 APACHE_CONFIG="apache22.config"
135 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_24.so ] ; then
136 APACHE_CONFIG="apache24.config"
138 %{?_without_builtinapache:APACHE_CONFIG="no"}
139 if [ "$APACHE_CONFIG" != "no" ] ; then
141 if [ -d %{_sysconfdir}/httpd/conf.d ] ; then
142 APACHE_CONFD="%{_sysconfdir}/httpd/conf.d"
144 if [ -d %{_sysconfdir}/apache2/conf.d ] ; then
145 APACHE_CONFD="%{_sysconfdir}/apache2/conf.d"
147 if [ "$APACHE_CONFD" != "no" ] ; then
148 %{__mkdir} -p $RPM_BUILD_ROOT$APACHE_CONFD
149 %{__cp} -p $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/$APACHE_CONFIG $RPM_BUILD_ROOT$APACHE_CONFD/shib.conf
150 echo "%config(noreplace) $APACHE_CONFD/shib.conf" >> rpm.filelist
154 # Establish location of sysconfig file, if any.
156 %if "%{_vendor}" == "redhat"
157 %{__mkdir} -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
158 echo "%config(noreplace) %{_sysconfdir}/sysconfig/shibd" >> rpm.filelist
159 SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/shibd"
161 %if "%{_vendor}" == "suse"
162 %{__mkdir} -p $RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates
163 echo "%{_localstatedir}/adm/fillup-templates/sysconfig.shibd" >> rpm.filelist
164 SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates/sysconfig.shibd"
166 if [ "$SYSCONFIG_SHIBD" != "no" ] ; then
167 # Populate the sysconfig file.
168 cat > $SYSCONFIG_SHIBD <<EOF
169 # Shibboleth SP init script customization
171 # User account for shibd
172 SHIBD_USER=%{runuser}
174 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
175 cat >> $SYSCONFIG_SHIBD <<EOF
177 # Override OS-supplied libcurl
178 export LD_LIBRARY_PATH=/opt/shibboleth/%{_lib}
180 # Strip existing rpath to libcurl.
181 chrpath -d $RPM_BUILD_ROOT%{_sbindir}/shibd
182 chrpath -d $RPM_BUILD_ROOT%{_bindir}/mdquery
183 chrpath -d $RPM_BUILD_ROOT%{_bindir}/resolvertest
187 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
188 # %{_initddir} not yet in RHEL5, use deprecated %{_initrddir}
189 install -d -m 0755 $RPM_BUILD_ROOT%{_initrddir}
190 install -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/shibd-%{_vendor} $RPM_BUILD_ROOT%{_initrddir}/shibd
191 %if "%{_vendor}" == "suse"
192 install -d -m 0755 $RPM_BUILD_ROOT/%{_sbindir}
193 %{__ln_s} -f %{_initrddir}/shibd $RPM_BUILD_ROOT%{_sbindir}/rcshibd
201 [ "$RPM_BUILD_ROOT" != "/" ] && %{__rm} -rf $RPM_BUILD_ROOT
204 getent group %{runuser} >/dev/null || groupadd -r %{runuser}
205 getent passwd %{runuser} >/dev/null || useradd -r -g %{runuser} \
206 -d %{_localstatedir}/run/shibboleth -s /sbin/nologin -c "Shibboleth SP daemon" %{runuser}
210 %ifnos solaris2.8 solaris2.9 solaris2.10 solaris2.11
214 # Key generation or ownership fix
215 cd %{_sysconfdir}/shibboleth
216 if [ -f sp-key.pem ] ; then
217 %{__chown} %{runuser}:%{runuser} sp-key.pem sp-cert.pem 2>/dev/null || :
219 sh ./keygen.sh -b -u %{runuser} -g %{runuser}
222 # Fix ownership of log files (even on new installs, if they're left from an older one).
223 %{__chown} %{runuser}:%{runuser} %{_localstatedir}/log/shibboleth/* 2>/dev/null || :
225 %if "%{_vendor}" == "redhat"
226 if [ "$1" -gt "1" ] ; then
227 # On Red Hat with shib.conf installed, clean up old Alias commands
228 # by pointing them at new version-independent /usr/share/share tree.
229 # Any Aliases we didn't create we assume are custom files.
230 # This is to accomodate making shib.conf a noreplace config file.
231 # We can't do this for SUSE, because they disallow changes to
232 # packaged files in scriplets.
234 if [ -f %{_sysconfdir}/httpd/conf.d/shib.conf ] ; then
235 APACHE_CONF="%{_sysconfdir}/httpd/conf.d/shib.conf"
237 if [ "$APACHE_CONF" != "no" ] ; then
238 %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/main\.css/\/usr\/share\/shibboleth\/main.css/g" \
240 %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/logo\.jpg/\/usr\/share\/shibboleth\/logo.jpg/g" \
245 # This adds the proper /etc/rc*.d links for the script
246 /sbin/chkconfig --add shibd
248 %if "%{_vendor}" == "suse"
249 # This adds the proper /etc/rc*.d links for the script
250 # and populates the sysconfig/shibd file.
252 %{fillup_only -n shibd}
253 %insserv_force_if_yast shibd
257 # On final removal, stop shibd and remove service, restart Apache if running.
258 %if "%{_vendor}" == "redhat"
259 if [ "$1" -eq 0 ] ; then
260 /sbin/service shibd stop >/dev/null 2>&1
261 /sbin/chkconfig --del shibd
262 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
265 %if "%{_vendor}" == "suse"
266 %stop_on_removal shibd
267 if [ "$1" -eq 0 ] ; then
268 %{!?_without_builtinapache:/etc/init.d/apache2 status 1>/dev/null && /etc/init.d/apache2 restart 1>/dev/null}
274 %ifnos solaris2.8 solaris2.9 solaris2.10 solaris2.11
277 %if "%{_vendor}" == "redhat"
278 # On upgrade, restart components if they're already running.
279 if [ "$1" -ge "1" ] ; then
280 /etc/init.d/shibd status 1>/dev/null && /etc/init.d/shibd restart 1>/dev/null
281 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
285 %if "%{_vendor}" == "suse"
287 %restart_on_update shibd
288 %{!?_without_builtinapache:%restart_on_update apache2}
293 # ugly hack if init script got removed during %postun by upgraded (buggy/2.1) package
294 %if "%{_vendor}" == "redhat"
295 if [ ! -f %{_initrddir}/shibd ] ; then
296 if [ -f %{_sysconfdir}/shibboleth/shibd-%{_vendor} ] ; then
297 %{__cp} -p %{_sysconfdir}/shibboleth/shibd-%{_vendor} %{_initrddir}/shibd
298 %{__chmod} 755 %{_initrddir}/shibd
299 /sbin/chkconfig --add shibd
304 %files -f rpm.filelist
305 %defattr(-,root,root,-)
308 %{_bindir}/resolvertest
309 %{_libdir}/libshibsp.so.*
310 %{_libdir}/libshibsp-lite.so.*
311 %dir %{_libdir}/shibboleth
312 %{_libdir}/shibboleth/*
313 %attr(0750,%{runuser},%{runuser}) %dir %{_localstatedir}/log/shibboleth
314 %attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/run/shibboleth
315 %attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/cache/shibboleth
316 %dir %{_datadir}/xml/shibboleth
317 %{_datadir}/xml/shibboleth/*
318 %dir %{_datadir}/shibboleth
319 %{_datadir}/shibboleth/*
320 %dir %{_sysconfdir}/shibboleth
321 %config(noreplace) %{_sysconfdir}/shibboleth/*.xml
322 %config(noreplace) %{_sysconfdir}/shibboleth/*.html
323 %config(noreplace) %{_sysconfdir}/shibboleth/*.logger
324 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
325 %config %{_initrddir}/shibd
327 %if "%{_vendor}" == "suse"
330 %{_sysconfdir}/shibboleth/*.dist
331 %{_sysconfdir}/shibboleth/apache*.config
332 %{_sysconfdir}/shibboleth/shibd-*
333 %attr(0755,root,root) %{_sysconfdir}/shibboleth/keygen.sh
334 %attr(0755,root,root) %{_sysconfdir}/shibboleth/metagen.sh
335 %{_sysconfdir}/shibboleth/*.xsl
337 %exclude %{pkgdocdir}/api
340 %defattr(-,root,root,-)
342 %{_libdir}/libshibsp.so
343 %{_libdir}/libshibsp-lite.so
344 %doc %{pkgdocdir}/api
347 * Tue May 13 2014 Ian Young <ian@iay.org.uk> - 2.5.3-1.2
348 - Update package dependencies for RHEL/CentOS 7
349 - Fix bogus dates in changelog
351 * Sat Jun 8 2013 Scott Cantor <cantor.2@osu.edu> - 2.5.2-1
352 - Add --with-gssapi using MIT K5 by default
354 * Tue Sep 25 2012 Scott Cantor <cantor.2@osu.edu> - 2.5.1-1
355 - Merge back various changes used in released packages
356 - Prep for 2.5.1 by pulling extra restart out
358 * Tue Aug 7 2012 Scott Cantor <cantor.2@osu.edu> - 2.5.0-2
359 - Changed package name back to shibboleth because of upgrade bugs
360 - Put back extra restart for this release only.
362 * Thu Mar 1 2012 Scott Cantor <cantor.2@osu.edu> - 2.5.0-1
363 - Move logo and stylesheet to version-independent tree
364 - Make shib.conf noreplace
365 - Post-fixup of Alias commands in older shib.conf
366 - Changes to run shibd as non-root shibboleth user
367 - Move init customizations to /etc/sysconfig/shibd
368 - Copy shibd restart for Red Hat to postun
369 - Add boost-devel dependency
370 - Build memcache plugin on RH6
371 - Add cachedir to install
372 - Add Apache 2.4 to install
374 * Sun Jun 26 2011 Scott Cantor <cantor.2@osu.edu> - 2.4.3-1
375 - Log files shouldn't be world readable.
376 - Explicit requirement for libcurl-openssl on RHEL6
377 - Uncomment LD_LIBRARY_PATH in init script for RHEL6
378 - Remove rpath from binaries for RHEL6
380 * Fri Dec 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.4-1
381 - Update dependencies.
383 * Mon Nov 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.3.1-1
384 - Reset revision for 2.3.1 release
386 * Wed Aug 19 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-2
387 - SuSE init script changes
388 - Restart Apache on removal, not just upgrade
389 - Fix scriptlet exit values when Apache is stopped
391 * Mon Aug 10 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
392 - Doc handling changes
395 * Tue Aug 4 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
396 - Initial version for 2.2.1, with shibd/httpd restart on upgrade
398 * Thu Jun 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-3
399 - Add additional cleanup to posttrans fix
401 * Tue Jun 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-2
402 - Reverse without_builtinapache macro test
403 - Fix init script handling on Red Hat to handle upgrades
405 * Wed Dec 3 2008 Scott Cantor <cantor.2@osu.edu> - 2.2-1
406 - Bump minor version.
407 - Make keygen.sh executable.
408 - Fixing SUSE Xerces dependency name.
409 - Optionally package shib.conf.
411 * Tue Jun 10 2008 Scott Cantor <cantor.2@osu.edu> - 2.1-1
412 - Change shib.conf handling to treat as config file.
414 * Mon Mar 17 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-6
417 * Fri Jan 18 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-5
418 - Release candidate 1.
420 * Sun Oct 21 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-4
421 - libexec -> lib/shibboleth changes
422 - Added doc subpackage
424 * Thu Aug 16 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-3
427 * Fri Jul 13 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-2
428 - Second alpha release.
430 * Sun Jun 10 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-1
431 - First alpha release.
433 * Mon Oct 2 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-11
434 - Applied fix for secadv 20061002
435 - Fix for metadata loader loop
437 * Thu Jun 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-10
438 - Applied fix for sec 20060615
440 * Sat Apr 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-9
441 - Misc. patches, SuSE, Apache 2.2, gcc 4.1, and 64-bit support
443 * Mon Jan 9 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-8
444 - Applied new fix for secadv 20060109
446 * Tue Nov 8 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-7
447 - Applied new fix for secadv 20050901 plus rollup
449 * Fri Sep 23 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-6
450 - Minor patches and default config changes
452 - Fix shib.conf creation
453 - Integrated init.d script
454 - Prevent replacement of config files
456 * Thu Sep 1 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-5
457 - Applied fix for secadv 20050901 plus rollup of NSAPI fixes
459 * Sun Apr 24 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-1
460 - Updated test programs and location of schemas.
461 - move siterefresh to to sbindir
463 * Fri Apr 1 2005 Derek Atkins <derek@ihtfp.com> - 1.3-1
464 - Add selinux-targeted-policy package
465 - move shar to sbindir
467 * Tue Oct 19 2004 Derek Atkins <derek@ihtfp.com> - 1.2-1
468 - Create SPEC file based on various versions in existence.