2 Version: @PACKAGE_VERSION@
4 Summary: Open source system for attribute-based Web SSO
5 Group: Productivity/Networking/Security
6 Vendor: Shibboleth Consortium
8 URL: http://shibboleth.net/
9 Source: %{name}-%{version}.tar.gz
10 BuildRoot: %{_tmppath}/%{name}-%{version}-root
11 Obsoletes: @PACKAGE_NAME@ < %{version}-%{release}
13 PreReq: xmltooling-schemas, opensaml-schemas
14 %if 0%{?suse_version} > 1030 && 0%{?suse_version} < 1130
15 PreReq: %{insserv_prereq} %{fillup_prereq}
17 BuildRequires: libxmltooling-devel >= 1.5
18 BuildRequires: libsaml-devel >= 2.5
19 %{?_with_log4cpp:BuildRequires: liblog4cpp-devel >= 1.0}
20 %{!?_with_log4cpp:BuildRequires: liblog4shib-devel >= 1.0.4}
21 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
22 Requires: libcurl-openssl >= 7.21.7
23 BuildRequires: chrpath
25 BuildRequires: gcc-c++, zlib-devel, boost-devel >= 1.32.0
26 %{!?_without_doxygen:BuildRequires: doxygen}
27 %{!?_without_odbc:BuildRequires:unixODBC-devel}
28 %{?_with_fastcgi:BuildRequires: fcgi-devel}
29 %if 0%{?centos_version} >= 600
30 BuildRequires: libmemcached-devel
32 %{?_with_memcached:BuildRequires: libmemcached-devel}
33 %if "%{_vendor}" == "redhat"
34 %{!?_without_builtinapache:BuildRequires: httpd-devel}
35 BuildRequires: redhat-rpm-config
36 Requires(pre): shadow-utils
37 Requires(post): chkconfig
38 Requires(preun): chkconfig, initscripts
40 %if "%{_vendor}" == "suse"
41 Requires(pre): pwdutils
42 %{!?_without_builtinapache:BuildRequires: apache2-devel}
46 %if "%{_vendor}" == "suse"
47 %define pkgdocdir %{_docdir}/shibboleth
49 %define pkgdocdir %{_docdir}/shibboleth-%{version}
53 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
54 that supports multiple protocols, federated identity, and the extensible
55 exchange of rich attributes subject to privacy controls.
57 This package contains the Shibboleth Service Provider runtime libraries,
58 daemon, default plugins, and Apache module(s).
61 Summary: Shibboleth Development Headers
62 Group: Development/Libraries/C and C++
63 Requires: %{name} = %{version}-%{release}
64 Obsoletes: shibboleth-devel < %{version}-%{release}
65 Requires: libxmltooling-devel >= 1.5
66 Requires: libsaml-devel >= 2.5
67 %{?_with_log4cpp:Requires: liblog4cpp-devel >= 1.0}
68 %{!?_with_log4cpp:Requires: liblog4shib-devel >= 1.0.4}
71 Shibboleth is a Web Single Sign-On implementations based on OpenSAML
72 that supports multiple protocols, federated identity, and the extensible
73 exchange of rich attributes subject to privacy controls.
75 This package includes files needed for development with Shibboleth.
81 %if 0%{?centos_version} >= 600
82 %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{!?_without_memcached:--with-memcached} %{?shib_options} --with-gssapi=%{_prefix} --with-xmltooling=%{_prefix} --with-opensaml=%{_prefix}
84 %configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{?_with_memcached} %{?shib_options} --with-gssapi=%{_prefix} --with-xmltooling=%{_prefix} --with-opensaml=%{_prefix}
86 %{__make} pkgdocdir=%{pkgdocdir}
89 %{__make} install NOKEYGEN=1 DESTDIR=$RPM_BUILD_ROOT pkgdocdir=%{pkgdocdir}
91 %if "%{_vendor}" == "suse"
92 %{__sed} -i "s/\/var\/log\/httpd/\/var\/log\/apache2/g" \
93 $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/native.logger
96 # Plug the SP into the built-in Apache on a recognized system.
99 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_13.so ] ; then
100 APACHE_CONFIG="apache.config"
102 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_20.so ] ; then
103 APACHE_CONFIG="apache2.config"
105 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_22.so ] ; then
106 APACHE_CONFIG="apache22.config"
108 if [ -f $RPM_BUILD_ROOT%{_libdir}/shibboleth/mod_shib_24.so ] ; then
109 APACHE_CONFIG="apache24.config"
111 %{?_without_builtinapache:APACHE_CONFIG="no"}
112 if [ "$APACHE_CONFIG" != "no" ] ; then
114 if [ -d %{_sysconfdir}/httpd/conf.d ] ; then
115 APACHE_CONFD="%{_sysconfdir}/httpd/conf.d"
117 if [ -d %{_sysconfdir}/apache2/conf.d ] ; then
118 APACHE_CONFD="%{_sysconfdir}/apache2/conf.d"
120 if [ "$APACHE_CONFD" != "no" ] ; then
121 %{__mkdir} -p $RPM_BUILD_ROOT$APACHE_CONFD
122 %{__cp} -p $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/$APACHE_CONFIG $RPM_BUILD_ROOT$APACHE_CONFD/shib.conf
123 echo "%config(noreplace) $APACHE_CONFD/shib.conf" >> rpm.filelist
127 # Establish location of sysconfig file, if any.
129 %if "%{_vendor}" == "redhat"
130 %{__mkdir} -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
131 echo "%config(noreplace) %{_sysconfdir}/sysconfig/shibd" >> rpm.filelist
132 SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/shibd"
134 %if "%{_vendor}" == "suse"
135 %{__mkdir} -p $RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates
136 echo "%{_localstatedir}/adm/fillup-templates/sysconfig.shibd" >> rpm.filelist
137 SYSCONFIG_SHIBD="$RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates/sysconfig.shibd"
139 if [ "$SYSCONFIG_SHIBD" != "no" ] ; then
140 # Populate the sysconfig file.
141 cat > $SYSCONFIG_SHIBD <<EOF
142 # Shibboleth SP init script customization
144 # User account for shibd
145 SHIBD_USER=%{runuser}
147 %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600
148 cat >> $SYSCONFIG_SHIBD <<EOF
150 # Override OS-supplied libcurl
151 export LD_LIBRARY_PATH=/opt/shibboleth/%{_lib}
153 # Strip existing rpath to libcurl.
154 chrpath -d $RPM_BUILD_ROOT%{_sbindir}/shibd
155 chrpath -d $RPM_BUILD_ROOT%{_bindir}/mdquery
156 chrpath -d $RPM_BUILD_ROOT%{_bindir}/resolvertest
160 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
161 # %{_initddir} not yet in RHEL5, use deprecated %{_initrddir}
162 install -d -m 0755 $RPM_BUILD_ROOT%{_initrddir}
163 install -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/shibboleth/shibd-%{_vendor} $RPM_BUILD_ROOT%{_initrddir}/shibd
164 %if "%{_vendor}" == "suse"
165 install -d -m 0755 $RPM_BUILD_ROOT/%{_sbindir}
166 %{__ln_s} -f %{_initrddir}/shibd $RPM_BUILD_ROOT%{_sbindir}/rcshibd
174 [ "$RPM_BUILD_ROOT" != "/" ] && %{__rm} -rf $RPM_BUILD_ROOT
177 getent group %{runuser} >/dev/null || groupadd -r %{runuser}
178 getent passwd %{runuser} >/dev/null || useradd -r -g %{runuser} \
179 -d %{_localstatedir}/run/shibboleth -s /sbin/nologin -c "Shibboleth SP daemon" %{runuser}
183 %ifnos solaris2.8 solaris2.9 solaris2.10
187 # Key generation or ownership fix
188 cd %{_sysconfdir}/shibboleth
189 if [ -f sp-key.pem ] ; then
190 %{__chown} %{runuser}:%{runuser} sp-key.pem sp-cert.pem 2>/dev/null || :
192 sh ./keygen.sh -b -u %{runuser} -g %{runuser}
195 # Fix ownership of log files (even on new installs, if they're left from an older one).
196 %{__chown} %{runuser}:%{runuser} %{_localstatedir}/log/shibboleth/* 2>/dev/null || :
198 %if "%{_vendor}" == "redhat"
199 if [ "$1" -gt "1" ] ; then
200 # On Red Hat with shib.conf installed, clean up old Alias commands
201 # by pointing them at new version-independent /usr/share/share tree.
202 # Any Aliases we didn't create we assume are custom files.
203 # This is to accomodate making shib.conf a noreplace config file.
204 # We can't do this for SUSE, because they disallow changes to
205 # packaged files in scriplets.
207 if [ -f %{_sysconfdir}/httpd/conf.d/shib.conf ] ; then
208 APACHE_CONF="%{_sysconfdir}/httpd/conf.d/shib.conf"
210 if [ "$APACHE_CONF" != "no" ] ; then
211 %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/main\.css/\/usr\/share\/shibboleth\/main.css/g" \
213 %{__sed} -i "s/\/usr\/share\/doc\/shibboleth\(\-\(.\)\{1,\}\)\{0,1\}\/logo\.jpg/\/usr\/share\/shibboleth\/logo.jpg/g" \
218 # This adds the proper /etc/rc*.d links for the script
219 /sbin/chkconfig --add shibd
221 %if "%{_vendor}" == "suse"
222 # This adds the proper /etc/rc*.d links for the script
223 # and populates the sysconfig/shibd file.
225 %{fillup_only -n shibd}
226 %insserv_force_if_yast shibd
230 # On final removal, stop shibd and remove service, restart Apache if running.
231 %if "%{_vendor}" == "redhat"
232 if [ "$1" -eq 0 ] ; then
233 /sbin/service shibd stop >/dev/null 2>&1
234 /sbin/chkconfig --del shibd
235 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
238 %if "%{_vendor}" == "suse"
239 %stop_on_removal shibd
240 if [ "$1" -eq 0 ] ; then
241 %{!?_without_builtinapache:/etc/init.d/apache2 status 1>/dev/null && /etc/init.d/apache2 restart 1>/dev/null}
247 %ifnos solaris2.8 solaris2.9 solaris2.10
250 %if "%{_vendor}" == "redhat"
251 # On upgrade, restart components if they're already running.
252 if [ "$1" -ge "1" ] ; then
253 /etc/init.d/shibd status 1>/dev/null && /etc/init.d/shibd restart 1>/dev/null
254 %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
258 %if "%{_vendor}" == "suse"
260 %restart_on_update shibd
261 %{!?_without_builtinapache:%restart_on_update apache2}
266 # ugly hack if init script got removed during %postun by upgraded (buggy/2.1) package
267 %if "%{_vendor}" == "redhat"
268 if [ ! -f %{_initrddir}/shibd ] ; then
269 if [ -f %{_sysconfdir}/shibboleth/shibd-%{_vendor} ] ; then
270 %{__cp} -p %{_sysconfdir}/shibboleth/shibd-%{_vendor} %{_initrddir}/shibd
271 %{__chmod} 755 %{_initrddir}/shibd
272 /sbin/chkconfig --add shibd
277 %files -f rpm.filelist
278 %defattr(-,root,root,-)
281 %{_bindir}/resolvertest
282 %{_libdir}/libshibsp.so.*
283 %{_libdir}/libshibsp-lite.so.*
284 %dir %{_libdir}/shibboleth
285 %{_libdir}/shibboleth/*
286 %attr(0750,%{runuser},%{runuser}) %dir %{_localstatedir}/log/shibboleth
287 %attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/run/shibboleth
288 %attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/cache/shibboleth
289 %dir %{_datadir}/xml/shibboleth
290 %{_datadir}/xml/shibboleth/*
291 %dir %{_datadir}/shibboleth
292 %{_datadir}/shibboleth/*
293 %dir %{_sysconfdir}/shibboleth
294 %config(noreplace) %{_sysconfdir}/shibboleth/*.xml
295 %config(noreplace) %{_sysconfdir}/shibboleth/*.html
296 %config(noreplace) %{_sysconfdir}/shibboleth/*.logger
297 %if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
298 %config %{_initrddir}/shibd
300 %if "%{_vendor}" == "suse"
303 %{_sysconfdir}/shibboleth/*.dist
304 %{_sysconfdir}/shibboleth/apache*.config
305 %{_sysconfdir}/shibboleth/shibd-*
306 %attr(0755,root,root) %{_sysconfdir}/shibboleth/keygen.sh
307 %attr(0755,root,root) %{_sysconfdir}/shibboleth/metagen.sh
308 %{_sysconfdir}/shibboleth/*.xsl
310 %exclude %{pkgdocdir}/api
313 %defattr(-,root,root,-)
315 %{_libdir}/libshibsp.so
316 %{_libdir}/libshibsp-lite.so
317 %doc %{pkgdocdir}/api
320 * Thu Mar 1 2012 Scott Cantor <cantor.2@osu.edu> - 2.5-1
321 - Move logo and stylesheet to version-independent tree
322 - Make shib.conf noreplace
323 - Post-fixup of Alias commands in older shib.conf
324 - Changes to run shibd as non-root shibboleth user
325 - Move init customizations to /etc/sysconfig/shibd
326 - Copy shibd restart for Red Hat to postun
327 - Add boost-devel dependency
328 - Build memcache plugin on RH6
329 - Add cachedir to install
330 - Add Apache 2.4 to install
332 * Sun Jun 26 2011 Scott Cantor <cantor.2@osu.edu> - 2.4.3-1
333 - Log files shouldn't be world readable.
334 - Explicit requirement for libcurl-openssl on RHEL6
335 - Uncomment LD_LIBRARY_PATH in init script for RHEL6
336 - Remove rpath from binaries for RHEL6
338 * Fri Dec 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.4-1
339 - Update dependencies.
341 * Mon Nov 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.3.1-1
342 - Reset revision for 2.3.1 release
344 * Wed Aug 19 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-2
345 - SuSE init script changes
346 - Restart Apache on removal, not just upgrade
347 - Fix scriptlet exit values when Apache is stopped
349 * Mon Aug 10 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
350 - Doc handling changes
353 * Tue Aug 4 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
354 - Initial version for 2.2.1, with shibd/httpd restart on upgrade
356 * Thu Jun 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-3
357 - Add additional cleanup to posttrans fix
359 * Tue Jun 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-2
360 - Reverse without_builtinapache macro test
361 - Fix init script handling on Red Hat to handle upgrades
363 * Wed Dec 3 2008 Scott Cantor <cantor.2@osu.edu> - 2.2-1
364 - Bump minor version.
365 - Make keygen.sh executable.
366 - Fixing SUSE Xerces dependency name.
367 - Optionally package shib.conf.
369 * Tue Jun 10 2008 Scott Cantor <cantor.2@osu.edu> - 2.1-1
370 - Change shib.conf handling to treat as config file.
372 * Mon Mar 17 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-6
375 * Fri Jan 18 2008 Scott Cantor <cantor.2@osu.edu> - 2.0-5
376 - Release candidate 1.
378 * Sun Oct 21 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-4
379 - libexec -> lib/shibboleth changes
380 - Added doc subpackage
382 * Thu Aug 16 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-3
385 * Fri Jul 13 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-2
386 - Second alpha release.
388 * Sun Jun 10 2007 Scott Cantor <cantor.2@osu.edu> - 2.0-1
389 - First alpha release.
391 * Mon Oct 2 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-11
392 - Applied fix for secadv 20061002
393 - Fix for metadata loader loop
395 * Wed Jun 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-10
396 - Applied fix for sec 20060615
398 * Fri Apr 15 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-9
399 - Misc. patches, SuSE, Apache 2.2, gcc 4.1, and 64-bit support
401 * Mon Jan 9 2006 Scott Cantor <cantor.2@osu.edu> - 1.3-8
402 - Applied new fix for secadv 20060109
404 * Tue Nov 8 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-7
405 - Applied new fix for secadv 20050901 plus rollup
407 * Fri Sep 23 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-6
408 - Minor patches and default config changes
410 - Fix shib.conf creation
411 - Integrated init.d script
412 - Prevent replacement of config files
414 * Thu Sep 1 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-5
415 - Applied fix for secadv 20050901 plus rollup of NSAPI fixes
417 * Sun Apr 24 2005 Scott Cantor <cantor.2@osu.edu> - 1.3-1
418 - Updated test programs and location of schemas.
419 - move siterefresh to to sbindir
421 * Fri Apr 1 2005 Derek Atkins <derek@ihtfp.com> - 1.3-1
422 - Add selinux-targeted-policy package
423 - move shar to sbindir
425 * Tue Oct 19 2004 Derek Atkins <derek@ihtfp.com> - 1.2-1
426 - Create SPEC file based on various versions in existence.