2 Version: @PACKAGE_VERSION@
4 Summary: Open source system for attribute-based Web SSO
5 Group: Productivity/Networking/Security
6 Vendor: Shibboleth Consortium
8 URL: http://shibboleth.net/
9 Source: %{name}-%{version}.tar.gz
10 BuildRoot: %{_tmppath}/%{name}-%{version}-root
11 Obsoletes: @PACKAGE_NAME@ < %{version}-%{release}
13 PreReq: xmltooling-schemas, opensaml-schemas
14 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
15 PreReq: %{insserv_prereq} %{fillup_prereq}
16 BuildRequires: libXerces-c-devel >= 2.8.0
18 BuildRequires: libxerces-c-devel >= 2.8.0
20 BuildRequires: libxml-security-c-devel >= 1.4.0
21 BuildRequires: libxmltooling-devel >= 1.5
22 BuildRequires: libsaml-devel >= 2.5
23 BuildRequires: krb5-moonshot-devel
25 %{?_with_log4cpp:BuildRequires: liblog4cpp-devel >= 1.0}
26 %{!?_with_log4cpp:BuildRequires: liblog4shib-devel >= 1.0.4}
27 BuildRequires: gcc-c++, zlib-devel, boost-devel >= 1.32.0
28 %{!?_without_doxygen:BuildRequires: doxygen}
29 %{!?_without_odbc:BuildRequires:unixODBC-devel}
30 %{?_with_fastcgi:BuildRequires: fcgi-devel}
31 %if 0%{?centos_version} >= 600
32 BuildRequires: libmemcached-devel
34 %{?_with_memcached:BuildRequires: libmemcached-devel}
35 %if "%{_vendor}" == "redhat"
36 %{!?_without_builtinapache:BuildRequires: httpd-devel}
37 BuildRequires: redhat-rpm-config
38 Requires(pre): shadow-utils
39 Requires(post): chkconfig
40 Requires(preun): chkconfig, initscripts
42 %if "%{_vendor}" == "suse"
43 Requires(pre): pwdutils
44 %{!?_without_builtinapache:BuildRequires: apache2-devel}
48 %if "%{_vendor}" == "suse"
49 %define pkgdocdir %{_docdir}/shibboleth
51 %define pkgdocdir %{_docdir}/shibboleth-%{version}
55 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
56 that supports multiple protocols, federated identity, and the extensible
57 exchange of rich attributes subject to privacy controls.
59 This package contains the Shibboleth Service Provider runtime libraries,
60 daemon, default plugins, and Apache module(s).
63 Summary: Shibboleth Development Headers
64 Group: Development/Libraries/C and C++
65 Requires: %{name} = %{version}-%{release}
66 Obsoletes: shibboleth-devel < %{version}-%{release}
67 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
68 Requires: libXerces-c-devel >= 2.8.0
70 Requires: libxerces-c-devel >= 2.8.0
72 Requires: libxml-security-c-devel >= 1.4.0
73 Requires: libxmltooling-devel >= 1.5
74 Requires: libsaml-devel >= 2.5
75 %{?_with_log4cpp:Requires: liblog4cpp-devel >= 1.0}
76 %{!?_with_log4cpp:Requires: liblog4shib-devel >= 1.0.4}
79 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
80 that supports multiple protocols, federated identity, and the extensible
81 exchange of rich attributes subject to privacy controls.
83 This package includes files needed for development with Shibboleth.
89 %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{?_with_memcached} %{?shib_options} --with-gssapi=%{_prefix} --with-xmltooling=%{_prefix}
90 %{__make} pkgdocdir=%{pkgdocdir}
93 %{__make} install NOKEYGEN=1 DESTDIR=$RPM_BUILD_ROOT pkgdocdir=%{pkgdocdir}
95 %if "%{_vendor}" == "suse"
96 %{__sed} -i "s/\/var\/log\/httpd/\/var\/log\/apache2/g" \
97 $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/native.logger
100 # Plug the SP into the built-in Apache on a recognized system.
103 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_13.so ] ; then
104 APACHE_CONFIG="apache.config"
106 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_20.so ] ; then
107 APACHE_CONFIG="apache2.config"
109 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_22.so ] ; then
110 APACHE_CONFIG="apache22.config"
112 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_24.so ] ; then
113 APACHE_CONFIG="apache24.config"
115 %{?_without_builtinapache:APACHE_CONFIG="no"}
116 if [ "$APACHE_CONFIG" != "no" ] ; then
118 if [ -d %{_sysconfdir}/httpd/conf.d ] ; then
119 APACHE_CONFD="%{_sysconfdir}/httpd/conf.d"
121 if [ -d %{_sysconfdir}/apache2/conf.d ] ; then
122 APACHE_CONFD="%{_sysconfdir}/apache2/conf.d"
124 if [ "$APACHE_CONFD" != "no" ] ; then
125 %{__mkdir} -p $RPM_BUILD_ROOT$APACHE_CONFD
126 %{__cp} -p $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/$APACHE_CONFIG $RPM_BUILD_ROOT$APACHE_CONFD/shib.conf
127 echo "%config(noreplace) $APACHE_CONFD/shib.conf" >> rpm.filelist
131 # Establish location of sysconfig file, if any.
133 %if "%{_vendor}" == "redhat"
134 %{__mkdir} -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
135 echo "%config(noreplace) %{_sysconfdir}/sysconfig/shibd" >> rpm.filelist
136 SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/shibd"
138 %if "%{_vendor}" == "suse"
139 %{__mkdir} -p $RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates
140 echo "%{_localstatedir}/adm/fillup-templates/sysconfig.shibd" >> rpm.filelist
141 SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates/sysconfig.shibd"
143 if [ "$SYSCONFIG_SHIBD" != "no" ] ; then
144 # Populate the sysconfig file.
145 cat > $SYSCONFIG_SHIBD <<EOF
146 # Shibboleth SP init script customization
148 # User account for shibd
149 SHIBD_USER=%{runuser}
153 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
154 # %{_initddir} not yet in RHEL5, use deprecated %{_initrddir}
155 install -d -m 0755 $RPM_BUILD_ROOT%{_initrddir}
156 install -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/shibd-%{_vendor} $RPM_BUILD_ROOT%{_initrddir}/shibd
157 %if "%{_vendor}" == "suse"
158 install -d -m 0755 $RPM_BUILD_ROOT/%{_sbindir}
159 %{__ln_s} -f %{_initrddir}/shibd $RPM_BUILD_ROOT%{_sbindir}/rcshibd
167 [ "$RPM_BUILD_ROOT" != "/" ] && %{__rm} -rf $RPM_BUILD_ROOT
170 getent group %{runuser} >/dev/null || groupadd -r %{runuser}
171 getent passwd %{runuser} >/dev/null || useradd -r -g %{runuser} \
172 -d %{_localstatedir}/run/shibboleth -s /sbin/nologin -c "Shibboleth SP daemon" %{runuser}
176 %ifnos solaris2.8 solaris2.9 solaris2.10
180 # Key generation or ownership fix
181 cd %{_sysconfdir}/shibboleth
182 if [ -f sp-key.pem ] ; then
183 %{__chown} %{runuser}:%{runuser} sp-key.pem sp-cert.pem 2>/dev/null || :
185 sh ./keygen.sh -b -u %{runuser} -g %{runuser}
188 # Fix ownership of log files (even on new installs, if they're left from an older one).
189 %{__chown} %{runuser}:%{runuser} %{_localstatedir}/log/shibboleth/* 2>/dev/null || :
191 %if "%{_vendor}" == "redhat"
192 if [ "$1" -gt "1" ] ; then
193 # On Red Hat with shib.conf installed, clean up old Alias commands
194 # by pointing them at new version-independent /usr/share/share tree.
195 # Any Aliases we didn't create we assume are custom files.
196 # This is to accomodate making shib.conf a noreplace config file.
197 # We can't do this for SUSE, because they disallow changes to
198 # packaged files in scriplets.
200 if [ -f %{_sysconfdir}/httpd/conf.d/shib.conf ] ; then
201 APACHE_CONF="%{_sysconfdir}/httpd/conf.d/shib.conf"
203 if [ "$APACHE_CONF" != "no" ] ; then
204 %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/main\.css/\/usr\/share\/shibboleth\/main.css/g" \
206 %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/logo\.jpg/\/usr\/share\/shibboleth\/logo.jpg/g" \
211 # This adds the proper /etc/rc*.d links for the script
212 /sbin/chkconfig --add shibd
214 %if "%{_vendor}" == "suse"
215 # This adds the proper /etc/rc*.d links for the script
216 # and populates the sysconfig/shibd file.
218 %{fillup_only -n shibd}
219 %insserv_force_if_yast shibd
223 # On final removal, stop shibd and remove service, restart Apache if running.
224 %if "%{_vendor}" == "redhat"
225 if [ "$1" -eq 0 ] ; then
226 /sbin/service shibd stop >/dev/null 2>&1
227 /sbin/chkconfig --del shibd
228 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
231 %if "%{_vendor}" == "suse"
232 %stop_on_removal shibd
233 if [ "$1" -eq 0 ] ; then
234 %{!?_without_builtinapache:/etc/init.d/apache2 status 1>/dev/null && /etc/init.d/apache2 restart 1>/dev/null}
240 %ifnos solaris2.8 solaris2.9 solaris2.10
243 %if "%{_vendor}" == "redhat"
244 # On upgrade, restart components if they're already running.
245 if [ "$1" -ge "1" ] ; then
246 /etc/init.d/shibd status 1>/dev/null && /etc/init.d/shibd restart 1>/dev/null
247 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
251 %if "%{_vendor}" == "suse"
253 %restart_on_update shibd
254 %{!?_without_builtinapache:%restart_on_update apache2}
259 # ugly hack if init script got removed during %postun by upgraded (buggy/2.1) package
260 %if "%{_vendor}" == "redhat"
261 if [ ! -f %{_initrddir}/shibd ] ; then
262 if [ -f %{_sysconfdir}/shibboleth/shibd-%{_vendor} ] ; then
263 %{__cp} -p %{_sysconfdir}/shibboleth/shibd-%{_vendor} %{_initrddir}/shibd
264 %{__chmod} 755 %{_initrddir}/shibd
265 /sbin/chkconfig --add shibd
270 %files -f rpm.filelist
271 %defattr(-,root,root,-)
274 %{_bindir}/resolvertest
275 %{_libdir}/libshibsp.so.*
276 %{_libdir}/libshibsp-lite.so.*
277 %dir %{_libdir}/shibboleth
278 %{_libdir}/shibboleth/*
279 %attr(0750,%{runuser},%{runuser}) %dir %{_localstatedir}/log/shibboleth
280 %attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/run/shibboleth
281 %attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/cache/shibboleth
282 %dir %{_datadir}/xml/shibboleth
283 %{_datadir}/xml/shibboleth/*
284 %dir %{_datadir}/shibboleth
285 %{_datadir}/shibboleth/*
286 %dir %{_sysconfdir}/shibboleth
287 %config(noreplace) %{_sysconfdir}/shibboleth/*.xml
288 %config(noreplace) %{_sysconfdir}/shibboleth/*.html
289 %config(noreplace) %{_sysconfdir}/shibboleth/*.logger
290 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
291 %config %{_initrddir}/shibd
293 %if "%{_vendor}" == "suse"
296 %{_sysconfdir}/shibboleth/*.dist
297 %{_sysconfdir}/shibboleth/apache*.config
298 %{_sysconfdir}/shibboleth/shibd-*
299 %attr(0755,root,root) %{_sysconfdir}/shibboleth/keygen.sh
300 %attr(0755,root,root) %{_sysconfdir}/shibboleth/metagen.sh
301 %{_sysconfdir}/shibboleth/*.xsl
303 %exclude %{pkgdocdir}/api
306 %defattr(-,root,root,-)
308 %{_libdir}/libshibsp.so
309 %{_libdir}/libshibsp-lite.so
310 %doc %{pkgdocdir}/api
313 * Thu Mar 1 2012 Scott Cantor <cantor.2@osu.edu> - 2.5-1
314 - Move logo and stylesheet to version-independent tree
315 - Make shib.conf noreplace
316 - Post-fixup of Alias commands in older shib.conf
317 - Changes to run shibd as non-root shibboleth user
318 - Move init customizations to /etc/sysconfig/shibd
319 - Copy shibd restart for Red Hat to postun
320 - Add boost-devel dependency
321 - Build memcache plugin on RH6
322 - Add cachedir to install
323 - Add Apache 2.4 to install
325 * Sun Jun 26 2011 Scott Cantor <cantor.2@osu.edu> - 2.4.3-1
326 - Log files shouldn't be world readable.
327 - Explicit requirement for libcurl-openssl on RHEL6
328 - Uncomment LD_LIBRARY_PATH in init script for RHEL6
329 - Remove rpath from binaries for RHEL6
331 * Fri Dec 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.4-1
332 - Update dependencies.
334 * Mon Nov 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.3.1-1
335 - Reset revision for 2.3.1 release
337 * Wed Aug 19 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-2
338 - SuSE init script changes
339 - Restart Apache on removal, not just upgrade
340 - Fix scriptlet exit values when Apache is stopped
342 * Mon Aug 10 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
343 - Doc handling changes
346 * Tue Aug 4 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
347 - Initial version for 2.2.1, with shibd/httpd restart on upgrade
349 * Thu Jun 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-3
350 - Add additional cleanup to posttrans fix
352 * Tue Jun 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-2
353 - Reverse without_builtinapache macro test
354 - Fix init script handling on Red Hat to handle upgrades
356 * Wed Dec 3 2008 Scott Cantor <cantor.2@osu.edu> - 2.2-1
357 - Bump minor version.
358 - Make keygen.sh executable.
359 - Fixing SUSE Xerces dependency name.
360 - Optionally package shib.conf.
362 * Tue Jun 10 2008 Scott Cantor <cantor.2@osu.edu> - 2.1-1
363 - Change shib.conf handling to treat as config file.
365 * Mon Mar 17 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-6
368 * Fri Jan 18 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-5
369 - Release candidate 1.
371 * Sun Oct 21 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-4
372 - libexec -> lib/shibboleth changes
373 - Added doc subpackage
375 * Thu Aug 16 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-3
378 * Fri Jul 13 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-2
379 - Second alpha release.
381 * Sun Jun 10 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-1
382 - First alpha release.
384 * Mon Oct 2 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-11
385 - Applied fix for secadv 20061002
386 - Fix for metadata loader loop
388 * Wed Jun 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-10
389 - Applied fix for sec 20060615
391 * Fri Apr 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-9
392 - Misc. patches, SuSE, Apache 2.2, gcc 4.1, and 64-bit support
394 * Mon Jan 9 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-8
395 - Applied new fix for secadv 20060109
397 * Tue Nov 8 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-7
398 - Applied new fix for secadv 20050901 plus rollup
400 * Fri Sep 23 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-6
401 - Minor patches and default config changes
403 - Fix shib.conf creation
404 - Integrated init.d script
405 - Prevent replacement of config files
407 * Thu Sep 1 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-5
408 - Applied fix for secadv 20050901 plus rollup of NSAPI fixes
410 * Sun Apr 24 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-1
411 - Updated test programs and location of schemas.
412 - move siterefresh to to sbindir
414 * Fri Apr 1 2005 Derek Atkins <derek@ihtfp.com> - 1.3-1
415 - Add selinux-targeted-policy package
416 - move shar to sbindir
418 * Tue Oct 19 2004 Derek Atkins <derek@ihtfp.com> - 1.2-1
419 - Create SPEC file based on various versions in existence.