pkglibdir = ${libdir}/@PACKAGE@
pkglogdir = ${localstatedir}/log/@PACKAGE@
- pkgdocdir = ${datadir}/doc/@PACKAGE@
-pkgdocdir = $(datadir)/doc/@PACKAGE@-@PACKAGE_VERSION@
-shirelogdir = ${localstatedir}/log/httpd
++pkgdocdir = $(datadir)/doc/@PACKAGE@
+shirelogdir = ${localstatedir}/log/apache2
pkgxmldir = $(datadir)/xml/@PACKAGE@
pkgrundir = $(localstatedir)/run/@PACKAGE@
pkgsysconfdir = $(sysconfdir)/@PACKAGE@
#! /bin/sh
-
- while getopts h:e:y:bf c
+# Added for Debian. The upstream version is installed in /etc/shibboleth and
+# for Debian we wanted to move it to /usr/bin, so change directories so that
+# it puts files in the correct location.
+cd /etc/shibboleth
+ while getopts h:u:g:o:e:y:bf c
do
case $c in
+ u) USER=$OPTARG;;
+ g) GROUP=$OPTARG;;
+ o) OUT=$OPTARG;;
b) BATCH=1;;
f) FORCE=1;;
h) FQDN=$OPTARG;;
-#! /bin/sh
+#! /bin/bash
- while getopts a:c:e:h:n:o:s:t: c
+ DECLS=1
+
+ SAML1=0
+ SAML2=0
+ ARTIFACT=0
+ DS=0
+ LOGOUT=0
+ NAMEIDMGMT=0
+
+ SAML10PROT="urn:oasis:names:tc:SAML:1.0:protocol"
+ SAML11PROT="urn:oasis:names:tc:SAML:1.1:protocol"
+ SAML20PROT="urn:oasis:names:tc:SAML:2.0:protocol"
+
+ SAML20SOAP="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
+ SAML20REDIRECT="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+ SAML20POST="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+ SAML20POSTSS="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
+ SAML20ART="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
+ SAML20PAOS="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
+
+ SAML1POST="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
+ SAML1ART="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
+
+ while getopts a:c:e:f:h:n:o:s:t:u:12ADLNO c
do
case $c in
- c) CERTS[${#CERTS[*]}]=$OPTARG;;
- e) ENTITYID=$OPTARG;;
- h) HOSTS[${#HOSTS[*]}]=$OPTARG;;
- n) NAKEDHOSTS[${#NAKEDHOSTS[*]}]=$OPTARG;;
- o) ORGNAME=$OPTARG;;
- a) ADMIN[${#ADMIN[*]}]=$OPTARG;;
- s) SUP[${#SUP[*]}]=$OPTARG;;
- t) TECH[${#TECH[*]}]=$OPTARG;;
- \?) echo metagen -c cert1 [-c cert2 ...] -h host1 [-h host2 ...] [-e entityID]
- exit 1;;
+ c) CERTS[${#CERTS[*]}]=$OPTARG;;
+ e) ENTITYID=$OPTARG;;
+ f) FORMATS[${#FORMATS[*]}]=$OPTARG;;
+ h) HOSTS[${#HOSTS[*]}]=$OPTARG;;
+ n) NAKEDHOSTS[${#NAKEDHOSTS[*]}]=$OPTARG;;
+ o) ORGNAME=$OPTARG;;
+ a) ADMIN[${#ADMIN[*]}]=$OPTARG;;
+ s) SUP[${#SUP[*]}]=$OPTARG;;
+ t) TECH[${#TECH[*]}]=$OPTARG;;
+ u) URL=$OPTARG;;
+ 1) SAML1=1;;
+ 2) SAML2=1;;
+ A) ARTIFACT=1;;
+ D) DS=1;;
+ L) LOGOUT=1;;
+ N) NAMEIDMGMT=1;;
+ O) DECLS=0;;
+ \?) echo metagen [-12ADLNO] -c cert1 [-c cert2 ...] -h host1 [-h host2 ...] [-e entityID]
+ exit 1;;
esac
done
# define the appender
-log4j.appender.native_log=org.apache.log4j.RollingFileAppender
-log4j.appender.native_log.fileName=@-SHIRELOGDIR-@/native.log
-log4j.appender.native_log.maxFileSize=1000000
-log4j.appender.native_log.maxBackupIndex=10
-log4j.appender.native_log.layout=org.apache.log4j.PatternLayout
-log4j.appender.native_log.layout.ConversionPattern=%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
+# This is the default, but it's essentially useless under normal
+# circumstances since Apache doesn't have access to write to that
+# directory.
+#log4j.appender.native_log=org.apache.log4j.RollingFileAppender
+#log4j.appender.native_log.fileName=@-SHIRELOGDIR-@/native.log
+#log4j.appender.native_log.maxFileSize=1000000
+#log4j.appender.native_log.maxBackupIndex=10
- ##log4j.appender.native_log.layout=org.apache.log4j.BasicLayout
+#log4j.appender.native_log.layout=org.apache.log4j.PatternLayout
+#log4j.appender.native_log.layout.ConversionPattern=%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
+ log4j.appender.warn_log=org.apache.log4j.RollingFileAppender
+ log4j.appender.warn_log.fileName=@-SHIRELOGDIR-@/native_warn.log
+ log4j.appender.warn_log.maxFileSize=1000000
+ log4j.appender.warn_log.maxBackupIndex=10
+ log4j.appender.warn_log.layout=org.apache.log4j.PatternLayout
+ log4j.appender.warn_log.layout.ConversionPattern=%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
+ log4j.appender.warn_log.threshold=WARN
+# Use syslog instead, since then at least the messages will go somewhere.
+# That facility is (3 << 3) or LOG_DAEMON, since log4cpp apparently
+# doesn't recognize symbolic log facilities.
+#
+# This is a Debian-specific change.
+log4j.appender.native_log=org.apache.log4j.LocalSyslogAppender
+log4j.appender.native_log.syslogName=shibboleth-sp
+log4j.appender.native_log.facility=24
+log4j.appender.native_log.layout=org.apache.log4j.BasicLayout
stop)
echo -n "Stopping $DESC: "
start-stop-daemon --stop --quiet --pidfile $PIDFILE \
-- --exec $DAEMON
++ --retry TERM/30/KILL/5 --exec $DAEMON
echo "$NAME."
;;
restart|force-reload)
-
+ prepare_environment
echo -n "Restarting $DESC: "
start-stop-daemon --stop --quiet --pidfile $PIDFILE \
--exec $DAEMON