Name: shibboleth
-Summary: Open source system for attribute-based Web SSO
-Version: 2.1
+Version: 2.2.1
Release: 1
-#Copyright: Internet2
+Summary: Open source system for attribute-based Web SSO
Group: System Environment/Libraries
-License: Apache style
+Vendor: Internet2
+License: Apache 2.0
URL: http://shibboleth.internet2.edu/
-Source0: http://shibboleth.internet2.edu/downloads/%{name}-%{version}.tar.gz
+Source: %{name}-sp-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-root
-BuildRequires: openssl-devel
-BuildRequires: xerces%{?xercesver}-c-devel >= 2.8.0
+%if 0%{?suse_version} > 1030
+BuildRequires: libXerces-c-devel >= 2.8.0
+BuildRequires: libxml-security-c-devel >= 1.4.0
+BuildRequires: libxmltooling-devel >= 1.2
+BuildRequires: libsaml-devel >= 2.2
+%{?_with_log4cpp:BuildRequires: liblog4cpp-devel >= 1.0}
+%{!?_with_log4cpp:BuildRequires: liblog4shib-devel}
+%else
+BuildRequires: xerces%{?xercesver}-c-devel >= 2.8.0
BuildRequires: xml-security-c-devel >= 1.4.0
-BuildRequires: zlib-devel, opensaml-devel >= 2.1
-%{?_with_log4cpp:BuildRequires: log4cpp-devel >= 1.0}
+BuildRequires: xmltooling-devel >= 1.2
+BuildRequires: opensaml-devel >= 2.2
+%{?_with_log4cpp:BuildRequires: log4cpp-devel >= 1.0}
%{!?_with_log4cpp:BuildRequires: log4shib-devel}
+%endif
+BuildRequires: gcc-c++
+%{!?_without_doxygen:BuildRequires: doxygen}
+%{!?_without_odbc:BuildRequires:unixODBC-devel}
+BuildRequires: zlib-devel
%{?_with_fastcgi:BuildRequires: fcgi-devel}
%if "%{_vendor}" == "redhat"
%{!?_without_builtinapache:BuildRequires: httpd-devel}
%{!?_without_builtinapache:BuildRequires: apache2-devel}
%endif
+%if "%{_vendor}" == "suse"
+%define pkgdocdir %{_docdir}/%{name}
+%else
+%define pkgdocdir %{_docdir}/%{name}-%{version}
+%endif
%description
-Shibboleth, a project of Internet2/MACE, is developing architectures,
-policy structures, practical technologies, and an open source
-implementation to support inter-institutional sharing of web resources
-subject to access controls. In addition, Shibboleth will develop a
-policy framework that will allow inter-operation within the higher
-education community.
+Shibboleth is a Web Single Sign-On implementations based on OpenSAML
+that supports multiple protocols, federated identity, and the extensible
+exchange of rich attributes subject to privacy controls.
-This package contains the shibboleth runtime library and apache module.
+This package contains the Shibboleth Service Provider runtime libraries
+and Apache module(s).
%package devel
Summary: Shibboleth development Headers
Group: Development/Libraries
Requires: %{name} = %{version}
+%if 0%{?suse_version} > 1030
+Requires: libXerces-c-devel >= 2.8.0
+Requires: libxml-security-c-devel >= 1.4.0
+Requires: libxmltooling-devel >= 1.2
+Requires: libsaml-devel >= 2.2
+%{?_with_log4cpp:Requires: liblog4cpp-devel >= 1.0}
+%{!?_with_log4cpp:Requires: liblog4shib-devel}
+%else
+Requires: xerces%{?xercesver}-c-devel >= 2.8.0
+Requires: xml-security-c-devel >= 1.4.0
+Requires: xmltooling-devel >= 1.2
+Requires: opensaml-devel >= 2.2
+%{?_with_log4cpp:Requires: log4cpp-devel >= 1.0}
+%{!?_with_log4cpp:Requires: log4shib-devel}
+%endif
%description devel
-Shibboleth, a project of Internet2/MACE, is developing architectures,
-policy structures, practical technologies, and an open source
-implementation to support inter-institutional sharing of web resources
-subject to access controls. In addition, Shibboleth will develop a
-policy framework that will allow inter-operation within the higher
-education community.
-
-This package contains the headers and other necessary files to build
-applications that use the shibboleth library.
-
-%package docs
-Summary: Shibboleth API Documentation
-Group: Development/Libraries
-Requires: %{name} = %{version}
+Shibboleth is a Web Single Sign-On implementations based on OpenSAML
+that supports multiple protocols, federated identity, and the extensible
+exchange of rich attributes subject to privacy controls.
+
+This package includes files needed for development with Shibboleth.
-%description docs
-Shibboleth Library API documentation generated by doxygen.
%prep
%setup -q
%build
-%configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{?shib_options}
-%{__make}
+%configure %{?_without_odbc:--disable-odbc} %{?_without_adfs:--disable-adfs} %{?_with_fastcgi} %{?_with_memcached} %{?shib_options}
+%{__make} pkgdocdir=%{pkgdocdir}
%install
-[ "$RPM_BUILD_ROOT" != "/" ] && %{__rm} -rf $RPM_BUILD_ROOT
-%{__make} install NOKEYGEN=1 DESTDIR=$RPM_BUILD_ROOT
+%{__make} install NOKEYGEN=1 DESTDIR=$RPM_BUILD_ROOT pkgdocdir=%{pkgdocdir}
%if "%{_vendor}" == "suse"
%{__sed} -i "s/\/var\/log\/httpd/\/var\/log\/apache2/g" \
- $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/native.logger
+ $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/native.logger
%endif
-# Plug the SP into Apache on a recognized system.
+# Plug the SP into the built-in Apache on a recognized system.
+touch rpm.filelist
APACHE_CONFIG="no"
-if [ -f $RPM_BUILD_ROOT/%{_libdir}/%{name}/mod_shib_13.so ] ; then
+if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_13.so ] ; then
APACHE_CONFIG="apache.config"
fi
-if [ -f $RPM_BUILD_ROOT/%{_libdir}/%{name}/mod_shib_20.so ] ; then
+if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_20.so ] ; then
APACHE_CONFIG="apache2.config"
fi
-if [ -f $RPM_BUILD_ROOT/%{_libdir}/%{name}/mod_shib_22.so ] ; then
+if [ -f $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_22.so ] ; then
APACHE_CONFIG="apache22.config"
fi
+%{?_without_builtinapache:APACHE_CONFIG="no"}
if [ "$APACHE_CONFIG" != "no" ] ; then
APACHE_CONFD="no"
if [ -d %{_sysconfdir}/httpd/conf.d ] ; then
fi
if [ "$APACHE_CONFD" != "no" ] ; then
%{__mkdir} -p $RPM_BUILD_ROOT$APACHE_CONFD
-%if "%{_vendor}" == "suse"
- %{__sed} "s/\/usr\/doc\/%{name}/\/usr\/share\/doc\/packages\/%{name}/g" \
- $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/$APACHE_CONFIG \
- > $RPM_BUILD_ROOT$APACHE_CONFD/shib.conf
-%else
- %{__sed} "s/\/usr\/doc\/%{name}/\/usr\/share\/doc\/%{name}-2.1/g" \
- $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/$APACHE_CONFIG \
- > $RPM_BUILD_ROOT$APACHE_CONFD/shib.conf
-%endif
+ %{__cp} -p $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/$APACHE_CONFIG $RPM_BUILD_ROOT$APACHE_CONFD/shib.conf
+ echo "%config $APACHE_CONFD/shib.conf" > rpm.filelist
fi
fi
-%check || :
+%if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
+ # %{_initddir} not yet in RHEL5, use deprecated %{_initrddir}
+ mkdir -p $RPM_BUILD_ROOT%{_initrddir}
+ %{__cp} -p $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/shibd-%{_vendor} $RPM_BUILD_ROOT%{_initrddir}/shibd
+ %{__chmod} 755 $RPM_BUILD_ROOT%{_initrddir}/shibd
+%endif
+
+%check
%{__make} check
%clean
/sbin/ldconfig
%endif
-# Install the shibd init.d scripts and service
-%if "%{_vendor}" == "redhat"
- if [ -d %{_sysconfdir}/init.d ] ; then
- if [ ! -f %{_sysconfdir}/init.d/shibd ] ; then
- %{__cp} -p %{_sysconfdir}/%{name}/shibd-%{_vendor} %{_sysconfdir}/init.d/shibd
- %{__chmod} 755 %{_sysconfdir}/init.d/shibd
- chkconfig --add shibd
- fi
- fi
-%endif
-
# Key generation
cd %{_sysconfdir}/%{name}
sh ./keygen.sh -b
-%postun
+%if "%{_vendor}" == "redhat"
+ # This adds the proper /etc/rc*.d links for the script
+ /sbin/chkconfig --add shibd
+ # On upgrade, restart components if they're already running.
+ if [ "$1" -gt "1" ] ; then
+ /etc/init.d/shibd status 1>/dev/null && /etc/init.d/shibd restart 1>/dev/null
+ %{!?_without_builtinapache:/etc/init.d/httpd status 1>/dev/null && /etc/init.d/httpd restart 1>/dev/null}
+ fi
+%endif
+%if "%{_vendor}" == "suse"
+ # This adds the proper /etc/rc*.d links for the script
+ /sbin/chkconfig --add shibd
+ cd /usr/sbin && ln -s /etc/init.d/shibd rcshibd
+ # On upgrade, restart components if they're already running.
+ if [ "$1" -gt "1" ] ; then
+ /etc/init.d/shibd status 1>/dev/null && /etc/init.d/shibd restart 1>/dev/null
+ %{!?_without_builtinapache:/etc/init.d/apache2 status 1>/dev/null && /etc/init.d/apache2 restart 1>/dev/null}
+ fi
+%endif
+
+%preun
+%if "%{_vendor}" == "redhat"
+ if [ "$1" = 0 ] ; then
+ /sbin/service shibd stop >/dev/null 2>&1
+ /sbin/chkconfig --del shibd
+ fi
+%endif
+%if "%{_vendor}" == "suse"
+ if [ "$1" = 0 ] ; then
+ /sbin/service shibd stop >/dev/null 2>&1
+ /sbin/chkconfig --del shibd
+ cd /usr/sbin && %{__rm} -f rcshibd
+ fi
+%endif
+
%ifnos solaris2.8 solaris2.9 solaris2.10
-/sbin/ldconfig
+%postun -p /sbin/ldconfig
%endif
-# clear init.d state
+%posttrans
+# ugly hack if init script got removed during %postun by upgraded (buggy/2.1) package
%if "%{_vendor}" == "redhat"
- chkconfig --del shibd
- [ -f %{_sysconfdir}/init.d/shibd ] && \
- %{__rm} -f %{_sysconfdir}/init.d/shibd
+ if [ ! -f %{_initrddir}/shibd ] ; then
+ if [ -f %{_sysconfdir}/%{name}/shibd-%{_vendor} ] ; then
+ %{__cp} -p %{_sysconfdir}/%{name}/shibd-%{_vendor} %{_initrddir}/shibd
+ %{__chmod} 755 %{_initrddir}/shibd
+ /sbin/chkconfig --add shibd
+ fi
+ fi
%endif
-%files
+%files -f rpm.filelist
%defattr(-,root,root,-)
%{_sbindir}/shibd
%{_bindir}/mdquery
%config(noreplace) %{_sysconfdir}/%{name}/*.xml
%config(noreplace) %{_sysconfdir}/%{name}/*.html
%config(noreplace) %{_sysconfdir}/%{name}/*.logger
-%if "%{_vendor}" == "suse"
-%config %{_sysconfdir}/apache2/conf.d/shib.conf
-%else
-%config %{_sysconfdir}/httpd/conf.d/shib.conf
+%if "%{_vendor}" == "redhat" || "%{_vendor}" == "suse"
+%attr(755, root, root) %{_initrddir}/shibd
%endif
%{_sysconfdir}/%{name}/*.dist
%{_sysconfdir}/%{name}/apache*.config
-%{_sysconfdir}/%{name}/shibd-redhat
-%{_sysconfdir}/%{name}/shibd-debian
-%{_sysconfdir}/%{name}/shibd-osx.plist
-%{_sysconfdir}/%{name}/keygen.sh
+%{_sysconfdir}/%{name}/shibd-*
+%attr(755, root, root) %{_sysconfdir}/%{name}/keygen.sh
+%attr(755, root, root) %{_sysconfdir}/%{name}/metagen.sh
%{_sysconfdir}/%{name}/*.xsl
-%docdir %{_datadir}/doc/%{name}
-%{_datadir}/doc/%{name}/CREDITS.txt
-%{_datadir}/doc/%{name}/FASTCGI.LICENSE
-%{_datadir}/doc/%{name}/LICENSE.txt
-%{_datadir}/doc/%{name}/LOG4CPP.LICENSE
-%{_datadir}/doc/%{name}/logo.jpg
-%{_datadir}/doc/%{name}/main.css
-%{_datadir}/doc/%{name}/NOTICE.txt
-%{_datadir}/doc/%{name}/OPENSSL.LICENSE
-%{_datadir}/doc/%{name}/README.txt
-%{_datadir}/doc/%{name}/RELEASE.txt
+%doc %{pkgdocdir}
+%exclude %{pkgdocdir}/api
%files devel
%defattr(-,root,root,-)
-%{_includedir}
+%{_includedir}/*
%{_libdir}/libshibsp.so
%{_libdir}/libshibsp-lite.so
-
-%files docs
-%defattr(644,root,root,755)
-%doc %{_datadir}/doc/%{name}/api
+%doc %{pkgdocdir}/api
%changelog
+* Mon Aug 10 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
+- Doc handling changes
+- SuSE init script
+
+* Tue Aug 4 2009 Scott Cantor <cantor.2@osu.edu> - 2.2.1-1
+- Initial version for 2.2.1, with shibd/httpd restart on upgrade
+
+* Thu Jun 25 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-3
+- Add additional cleanup to posttrans fix
+
+* Tue Jun 23 2009 Scott Cantor <cantor.2@osu.edu> - 2.2-2
+- Reverse without_builtinapache macro test
+- Fix init script handling on Red Hat to handle upgrades
+
+* Wed Dec 3 2008 Scott Cantor <cantor.2@osu.edu> - 2.2-1
+- Bump minor version.
+- Make keygen.sh executable.
+- Fixing SUSE Xerces dependency name.
+- Optionally package shib.conf.
+
* Tue Jun 10 2008 Scott Cantor <cantor.2@osu.edu> - 2.1-1
- Change shib.conf handling to treat as config file.
projects / shibboleth / sp.git / blobdiff