shibboleth.spec.in

   1 Name:           shibboleth-sp
   2 Version:        @PACKAGE_VERSION@
   3 Release:        1
   4 Summary:        Open source system for attribute-based Web SSO
   5 Group:          Productivity/Networking/Security
   6 Vendor:         Shibboleth Consortium
   7 License:        Apache 2.0
   8 URL:            http://shibboleth.net/
   9 Source:         %{name}-%{version}.tar.gz
  10 BuildRoot:      %{_tmppath}/%{name}-%{version}-root
  11 Obsoletes:      @PACKAGE_NAME@ < %{version}-%{release}
  12 Requires:       openssl
  13 PreReq:         xmltooling-schemas, opensaml-schemas
  14 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
  15 PreReq:         %{insserv_prereq} %{fillup_prereq}
  16 BuildRequires:  libXerces-c-devel >= 2.8.0
  17 %else
  18 BuildRequires:  libxerces-c-devel >= 2.8.0
  19 %endif
  20 BuildRequires:  libxml-security-c-devel >= 1.4.0
  21 BuildRequires:  libxmltooling-devel >= 1.5
  22 BuildRequires:  libsaml-devel >= 2.5
  23 BuildRequires: krb5-moonshot-devel
  24
  25 %{?_with_log4cpp:BuildRequires: liblog4cpp-devel >= 1.0}
  26 %{!?_with_log4cpp:BuildRequires: liblog4shib-devel >= 1.0.4}
  27 BuildRequires:  gcc-c++, zlib-devel, boost-devel >= 1.32.0
  28 %{!?_without_doxygen:BuildRequires: doxygen}
  29 %{!?_without_odbc:BuildRequires:unixODBC-devel}
  30 %{?_with_fastcgi:BuildRequires: fcgi-devel}
  31 %if 0%{?centos_version} >= 600
  32 BuildRequires:  libmemcached-devel
  33 %endif
  34 %{?_with_memcached:BuildRequires: libmemcached-devel}
  35 %if "%{_vendor}" == "redhat"
  36 %{!?_without_builtinapache:BuildRequires: httpd-devel}
  37 BuildRequires: redhat-rpm-config
  38 Requires(pre): shadow-utils
  39 Requires(post): chkconfig
  40 Requires(preun): chkconfig, initscripts
  41 %endif
  42 %if "%{_vendor}" == "suse"
  43 Requires(pre): pwdutils
  44 %{!?_without_builtinapache:BuildRequires: apache2-devel}
  45 %endif
  46
  47 %define runuser shibd
  48 %if "%{_vendor}" == "suse"
  49 %define pkgdocdir %{_docdir}/shibboleth
  50 %else
  51 %define pkgdocdir %{_docdir}/shibboleth-%{version}
  52 %endif
  53
  54 %description
  55 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
  56 that supports multiple protocols, federated identity, and the extensible
  57 exchange of rich attributes subject to privacy controls.
  58
  59 This package contains the Shibboleth Service Provider runtime libraries,
  60 daemon, default plugins, and Apache module(s).
  61
  62 %package devel
  63 Summary:        Shibboleth Development Headers
  64 Group:          Development/Libraries/C and C++
  65 Requires:       %{name} = %{version}-%{release}
  66 Obsoletes:      shibboleth-devel < %{version}-%{release}
  67 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
  68 Requires:       libXerces-c-devel >= 2.8.0
  69 %else
  70 Requires:       libxerces-c-devel >= 2.8.0
  71 %endif
  72 Requires:       libxml-security-c-devel >= 1.4.0
  73 Requires:       libxmltooling-devel >= 1.5
  74 Requires:       libsaml-devel >= 2.5
  75 %{?_with_log4cpp:Requires: liblog4cpp-devel >= 1.0}
  76 %{!?_with_log4cpp:Requires: liblog4shib-devel >= 1.0.4}
  77
  78 %description devel
  79 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
  80 that supports multiple protocols, federated identity, and the extensible
  81 exchange of rich attributes subject to privacy controls.
  82
  83 This package includes files needed for development with Shibboleth.
  84
  85 %prep
  86 %setup -q
  87
  88 %build
  89 %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{?_with_memcached} %{?shib_options} --with-gssapi=%{_prefix} --with-xmltooling=%{_prefix}
  90 %{__make} pkgdocdir=%{pkgdocdir}
  91
  92 %install
  93 %{__make} install NOKEYGEN=1 DESTDIR=$RPM_BUILD_ROOT pkgdocdir=%{pkgdocdir}
  94
  95 %if "%{_vendor}" == "suse"
  96         %{__sed} -i "s/\/var\/log\/httpd/\/var\/log\/apache2/g" \
  97                 $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/native.logger
  98 %endif
  99
 100 # Plug the SP into the built-in Apache on a recognized system.
 101 touch rpm.filelist
 102 APACHE_CONFIG="no"
 103 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_13.so ] ; then
 104         APACHE_CONFIG="apache.config"
 105 fi
 106 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_20.so ] ; then
 107         APACHE_CONFIG="apache2.config"
 108 fi
 109 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_22.so ] ; then
 110         APACHE_CONFIG="apache22.config"
 111 fi
 112 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_24.so ] ; then
 113         APACHE_CONFIG="apache24.config"
 114 fi
 115 %{?_without_builtinapache:APACHE_CONFIG="no"}
 116 if [ "$APACHE_CONFIG" != "no" ] ; then
 117         APACHE_CONFD="no"
 118         if [ -d %{_sysconfdir}/httpd/conf.d ] ; then
 119                 APACHE_CONFD="%{_sysconfdir}/httpd/conf.d"
 120         fi
 121         if [ -d %{_sysconfdir}/apache2/conf.d ] ; then
 122                 APACHE_CONFD="%{_sysconfdir}/apache2/conf.d"
 123         fi
 124         if [ "$APACHE_CONFD" != "no" ] ; then
 125                 %{__mkdir} -p $RPM_BUILD_ROOT$APACHE_CONFD
 126                 %{__cp} -p $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/$APACHE_CONFIG $RPM_BUILD_ROOT$APACHE_CONFD/shib.conf
 127                 echo "%config(noreplace) $APACHE_CONFD/shib.conf" >> rpm.filelist
 128         fi
 129 fi
 130
 131 # Establish location of sysconfig file, if any.
 132 SYSCONFIG_SHIBD="no"
 133 %if "%{_vendor}" == "redhat"
 134         %{__mkdir} -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
 135         echo "%config(noreplace) %{_sysconfdir}/sysconfig/shibd" >> rpm.filelist
 136         SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/shibd"
 137 %endif
 138 %if "%{_vendor}" == "suse"
 139         %{__mkdir} -p $RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates
 140         echo "%{_localstatedir}/adm/fillup-templates/sysconfig.shibd" >> rpm.filelist
 141         SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates/sysconfig.shibd"
 142 %endif
 143 if [ "$SYSCONFIG_SHIBD" != "no" ] ; then
 144         # Populate the sysconfig file.
 145         cat > $SYSCONFIG_SHIBD <<EOF
 146 # Shibboleth SP init script customization
 147
 148 # User account for shibd
 149 SHIBD_USER=%{runuser}
 150 EOF
 151 fi
 152
 153 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
 154         # %{_initddir} not yet in RHEL5, use deprecated %{_initrddir}
 155         install -d -m 0755 $RPM_BUILD_ROOT%{_initrddir}
 156         install -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/shibd-%{_vendor} $RPM_BUILD_ROOT%{_initrddir}/shibd
 157 %if "%{_vendor}" == "suse"
 158         install -d -m 0755 $RPM_BUILD_ROOT/%{_sbindir}
 159         %{__ln_s} -f %{_initrddir}/shibd $RPM_BUILD_ROOT%{_sbindir}/rcshibd
 160 %endif
 161 %endif
 162
 163 %check
 164 %{__make} check
 165
 166 %clean
 167 [ "$RPM_BUILD_ROOT" != "/" ] && %{__rm} -rf $RPM_BUILD_ROOT
 168
 169 %pre
 170 getent group %{runuser} >/dev/null || groupadd -r %{runuser}
 171 getent passwd %{runuser} >/dev/null || useradd -r -g %{runuser} \
 172         -d  %{_localstatedir}/run/shibboleth -s /sbin/nologin -c "Shibboleth SP daemon" %{runuser}
 173 exit 0
 174
 175 %post
 176 %ifnos solaris2.8 solaris2.9 solaris2.10
 177 /sbin/ldconfig
 178 %endif
 179
 180 # Key generation or ownership fix
 181 cd %{_sysconfdir}/shibboleth
 182 if [ -f sp-key.pem ] ; then
 183         %{__chown} %{runuser}:%{runuser} sp-key.pem sp-cert.pem 2>/dev/null || :
 184 else
 185         sh ./keygen.sh -b -u %{runuser} -g %{runuser}
 186 fi
 187
 188 # Fix ownership of log files (even on new installs, if they're left from an older one).
 189 %{__chown} %{runuser}:%{runuser} %{_localstatedir}/log/shibboleth/* 2>/dev/null || :
 190
 191 %if "%{_vendor}" == "redhat"
 192         if [ "$1" -gt "1" ] ; then
 193                 # On Red Hat with shib.conf installed, clean up old Alias commands
 194                 # by pointing them at new version-independent /usr/share/share tree.
 195                 # Any Aliases we didn't create we assume are custom files.
 196                 # This is to accomodate making shib.conf a noreplace config file.
 197                 # We can't do this for SUSE, because they disallow changes to
 198                 # packaged files in scriplets.
 199                 APACHE_CONF="no"
 200                 if [ -f %{_sysconfdir}/httpd/conf.d/shib.conf ] ; then
 201                         APACHE_CONF="%{_sysconfdir}/httpd/conf.d/shib.conf"
 202                 fi
 203                 if [ "$APACHE_CONF" != "no" ] ; then
 204                         %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/main\.css/\/usr\/share\/shibboleth\/main.css/g" \
 205                                 $APACHE_CONF
 206                         %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/logo\.jpg/\/usr\/share\/shibboleth\/logo.jpg/g" \
 207                                 $APACHE_CONF
 208                 fi
 209         fi
 210
 211         # This adds the proper /etc/rc*.d links for the script
 212         /sbin/chkconfig --add shibd
 213 %endif
 214 %if "%{_vendor}" == "suse"
 215         # This adds the proper /etc/rc*.d links for the script
 216         # and populates the sysconfig/shibd file.
 217         cd /
 218         %{fillup_only -n shibd}
 219         %insserv_force_if_yast shibd
 220 %endif
 221
 222 %preun
 223 # On final removal, stop shibd and remove service, restart Apache if running.
 224 %if "%{_vendor}" == "redhat"
 225         if [ "$1" -eq 0 ] ; then
 226                 /sbin/service shibd stop >/dev/null 2>&1
 227                 /sbin/chkconfig --del shibd
 228                 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
 229         fi
 230 %endif
 231 %if "%{_vendor}" == "suse"
 232         %stop_on_removal shibd
 233         if [ "$1" -eq 0 ] ; then
 234                 %{!?_without_builtinapache:/etc/init.d/apache2 status 1>/dev/null && /etc/init.d/apache2 restart 1>/dev/null}
 235         fi
 236 %endif
 237 exit 0
 238
 239 %postun
 240 %ifnos solaris2.8 solaris2.9 solaris2.10
 241 /sbin/ldconfig
 242 %endif
 243 %if "%{_vendor}" == "redhat"
 244         # On upgrade, restart components if they're already running.
 245         if [ "$1" -ge "1" ] ; then
 246                 /etc/init.d/shibd status 1>/dev/null && /etc/init.d/shibd restart 1>/dev/null
 247                 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
 248                 exit 0
 249         fi
 250 %endif
 251 %if "%{_vendor}" == "suse"
 252         cd /
 253         %restart_on_update shibd
 254         %{!?_without_builtinapache:%restart_on_update apache2}
 255         %{insserv_cleanup}
 256 %endif
 257
 258 %posttrans
 259 # ugly hack if init script got removed during %postun by upgraded (buggy/2.1) package
 260 %if "%{_vendor}" == "redhat"
 261         if [ ! -f %{_initrddir}/shibd ] ; then
 262                 if [ -f %{_sysconfdir}/shibboleth/shibd-%{_vendor} ] ; then
 263                         %{__cp} -p %{_sysconfdir}/shibboleth/shibd-%{_vendor} %{_initrddir}/shibd
 264                         %{__chmod} 755 %{_initrddir}/shibd
 265                         /sbin/chkconfig --add shibd
 266         fi
 267 fi
 268 %endif
 269
 270 %files -f rpm.filelist
 271 %defattr(-,root,root,-)
 272 %{_sbindir}/shibd
 273 %{_bindir}/mdquery
 274 %{_bindir}/resolvertest
 275 %{_libdir}/libshibsp.so.*
 276 %{_libdir}/libshibsp-lite.so.*
 277 %dir %{_libdir}/shibboleth
 278 %{_libdir}/shibboleth/*
 279 %attr(0750,%{runuser},%{runuser}) %dir %{_localstatedir}/log/shibboleth
 280 %attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/run/shibboleth
 281 %attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/cache/shibboleth
 282 %dir %{_datadir}/xml/shibboleth
 283 %{_datadir}/xml/shibboleth/*
 284 %dir %{_datadir}/shibboleth
 285 %{_datadir}/shibboleth/*
 286 %dir %{_sysconfdir}/shibboleth
 287 %config(noreplace) %{_sysconfdir}/shibboleth/*.xml
 288 %config(noreplace) %{_sysconfdir}/shibboleth/*.html
 289 %config(noreplace) %{_sysconfdir}/shibboleth/*.logger
 290 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
 291 %config %{_initrddir}/shibd
 292 %endif
 293 %if "%{_vendor}" == "suse"
 294 %{_sbindir}/rcshibd
 295 %endif
 296 %{_sysconfdir}/shibboleth/*.dist
 297 %{_sysconfdir}/shibboleth/apache*.config
 298 %{_sysconfdir}/shibboleth/shibd-*
 299 %attr(0755,root,root) %{_sysconfdir}/shibboleth/keygen.sh
 300 %attr(0755,root,root) %{_sysconfdir}/shibboleth/metagen.sh
 301 %{_sysconfdir}/shibboleth/*.xsl
 302 %doc %{pkgdocdir}
 303 %exclude %{pkgdocdir}/api
 304
 305 %files devel
 306 %defattr(-,root,root,-)
 307 %{_includedir}/*
 308 %{_libdir}/libshibsp.so
 309 %{_libdir}/libshibsp-lite.so
 310 %doc %{pkgdocdir}/api
 311
 312 %changelog
 313 * Thu Mar 1 2012  Scott Cantor  <cantor.2@osu.edu>  - 2.5-1
 314 - Move logo and stylesheet to version-independent tree
 315 - Make shib.conf noreplace
 316 - Post-fixup of Alias commands in older shib.conf
 317 - Changes to run shibd as non-root shibboleth user
 318 - Move init customizations to /etc/sysconfig/shibd
 319 - Copy shibd restart for Red Hat to postun
 320 - Add boost-devel dependency
 321 - Build memcache plugin on RH6
 322 - Add cachedir to install
 323 - Add Apache 2.4 to install
 324
 325 * Sun Jun 26 2011  Scott Cantor  <cantor.2@osu.edu>  - 2.4.3-1
 326 - Log files shouldn't be world readable.
 327 - Explicit requirement for libcurl-openssl on RHEL6
 328 - Uncomment LD_LIBRARY_PATH in init script for RHEL6
 329 - Remove rpath from binaries for RHEL6
 330
 331 * Fri Dec 25 2009  Scott Cantor  <cantor.2@osu.edu>  - 2.4-1
 332 - Update dependencies.
 333
 334 * Mon Nov 23 2009 Scott Cantor  <cantor.2@osu.edu>  - 2.3.1-1
 335 - Reset revision for 2.3.1 release
 336
 337 * Wed Aug 19 2009 Scott Cantor  <cantor.2@osu.edu>  - 2.2.1-2
 338 - SuSE init script changes
 339 - Restart Apache on removal, not just upgrade
 340 - Fix scriptlet exit values when Apache is stopped
 341
 342 * Mon Aug 10 2009 Scott Cantor  <cantor.2@osu.edu>  - 2.2.1-1
 343 - Doc handling changes
 344 - SuSE init script
 345
 346 * Tue Aug 4 2009 Scott Cantor  <cantor.2@osu.edu>  - 2.2.1-1
 347 - Initial version for 2.2.1, with shibd/httpd restart on upgrade
 348
 349 * Thu Jun 25 2009 Scott Cantor  <cantor.2@osu.edu>  - 2.2-3
 350 - Add additional cleanup to posttrans fix
 351
 352 * Tue Jun 23 2009 Scott Cantor  <cantor.2@osu.edu>  - 2.2-2
 353 - Reverse without_builtinapache macro test
 354 - Fix init script handling on Red Hat to handle upgrades
 355
 356 * Wed Dec 3 2008  Scott Cantor  <cantor.2@osu.edu>  - 2.2-1
 357 - Bump minor version.
 358 - Make keygen.sh executable.
 359 - Fixing SUSE Xerces dependency name.
 360 - Optionally package shib.conf.
 361
 362 * Tue Jun 10 2008  Scott Cantor  <cantor.2@osu.edu>  - 2.1-1
 363 - Change shib.conf handling to treat as config file.
 364
 365 * Mon Mar 17 2008  Scott Cantor  <cantor.2@osu.edu>  - 2.0-6
 366 - Official release.
 367
 368 * Fri Jan 18 2008  Scott Cantor  <cantor.2@osu.edu>  - 2.0-5
 369 - Release candidate 1.
 370
 371 * Sun Oct 21 2007 Scott Cantor  <cantor.2@osu.edu>  - 2.0-4
 372 - libexec -> lib/shibboleth changes
 373 - Added doc subpackage
 374
 375 * Thu Aug 16 2007 Scott Cantor  <cantor.2@osu.edu>  - 2.0-3
 376 - First public beta.
 377
 378 * Fri Jul 13 2007 Scott Cantor  <cantor.2@osu.edu>  - 2.0-2
 379 - Second alpha release.
 380
 381 * Sun Jun 10 2007 Scott Cantor  <cantor.2@osu.edu>  - 2.0-1
 382 - First alpha release.
 383
 384 * Mon Oct 2 2006 Scott Cantor   <cantor.2@osu.edu>  - 1.3-11
 385 - Applied fix for secadv 20061002
 386 - Fix for metadata loader loop
 387
 388 * Wed Jun 15 2006 Scott Cantor  <cantor.2@osu.edu>  - 1.3-10
 389 - Applied fix for sec 20060615
 390
 391 * Fri Apr 15 2006 Scott Cantor  <cantor.2@osu.edu>  - 1.3-9
 392 - Misc. patches, SuSE, Apache 2.2, gcc 4.1, and 64-bit support
 393
 394 * Mon Jan 9 2006 Scott Cantor  <cantor.2@osu.edu>  - 1.3-8
 395 - Applied new fix for secadv 20060109
 396
 397 * Tue Nov 8 2005 Scott Cantor  <cantor.2@osu.edu>  - 1.3-7
 398 - Applied new fix for secadv 20050901 plus rollup
 399
 400 * Fri Sep 23 2005 Scott Cantor  <cantor.2@osu.edu>  - 1.3-6
 401 - Minor patches and default config changes
 402 - pidfile patch
 403 - Fix shib.conf creation
 404 - Integrated init.d script
 405 - Prevent replacement of config files
 406
 407 * Thu Sep 1 2005  Scott Cantor  <cantor.2@osu.edu>  - 1.3-5
 408 - Applied fix for secadv 20050901 plus rollup of NSAPI fixes
 409
 410 * Sun Apr 24 2005  Scott Cantor  <cantor.2@osu.edu>  - 1.3-1
 411 - Updated test programs and location of schemas.
 412 - move siterefresh to to sbindir
 413
 414 * Fri Apr  1 2005  Derek Atkins  <derek@ihtfp.com>  - 1.3-1
 415 - Add selinux-targeted-policy package
 416 - move shar to sbindir
 417
 418 * Tue Oct 19 2004  Derek Atkins  <derek@ihtfp.com>  - 1.2-1
 419 - Create SPEC file based on various versions in existence.