#! /bin/sh
+# Added for Debian. The upstream version is installed in /etc/shibboleth and
+# for Debian we wanted to move it to /usr/bin, so change directories so that
+# it puts files in the correct location.
+cd /etc/shibboleth
+
while getopts h:e:y:bf c
do
case $c in
exit 0
fi
+# --fqdn flag added for Debian to generate better names for certificates.
if [ -z "$FQDN" ] ; then
FQDN=`hostname --fqdn`
fi
Section: web
Architecture: any
Depends: ${shlibs:Depends}
-Recommends: apache2
+Recommends: apache2, openssl
Conflicts: libapache2-mod-shib
Description: Federated web single sign-on system (Apache module)
The Shibboleth System is a standards based software package for web
--- /dev/null
+=head1 NAME
+
+shib-keygen - Generate a key pair for a Shibboleth SP
+
+=head1 SYNOPSIS
+
+B<shib-keygen> [B<-bf>] [B<-e> I<entity-id>] [B<-h> I<hostname>]
+ [B<-y> I<years>]
+
+=head1 DESCRIPTION
+
+Generate a self-signed X.509 certificate for a Shibboleth SP. By default,
+the certificate will be for the local fully-qualified (as returned by
+C<hostname --fqdn>) hostname. An entity ID can be specified with the
+B<-e> flag. The B<openssl> command-line client is used to generate the
+key pair. The public certificate will be created in
+F</etc/shibboleth/sp-cert.pem> and the private key in
+F</etc/shibboleth/sp-key.pem>.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-b>
+
+Suppress all standard error output when creating the certificate. This
+option is normally only used by the package build.
+
+=item B<-e> I<entity-id>
+
+Add I<entity-id> (which should be a URI) as an alternative name for the
+certificate.
+
+=item B<-f>
+
+Remove F</etc/shibboleth/sp-cert.pem> and F</etc/shibboleth/sp-key.pem>
+before generating a new certificate. Without this option, if those files
+already exist, B<shib-keygen> prints an error and exits rather than
+overwriting them.
+
+=item B<-h> I<hostname>
+
+Specify the fully-qualified domain name for which to generate a
+certificate. If this option isn't given, the hostname defaults to the
+result of C<hostname --fqdn>.
+
+=item B<-y> I<years>
+
+The number of years for which the certificate should be valid. The
+default expiration time is ten years into the future.
+
+=back
+
+=head1 FILES
+
+=over 4
+
+=item F</etc/shibboleth/sp-cert.cnf>
+
+The OpenSSL configuration file used for generating the self-signed
+certificate. This configuration file is generated when the script is run
+and deleted afterwards.
+
+=item F</etc/shibboelth/sp-cert.pem>
+
+The public certificate created by this script.
+
+=item F</etc/shibboleth/sp-key.pem>
+
+The private key for the certificate created by this script.
+
+=back
+
+=head1 AUTHOR
+
+This manual page was written by Russ Allbery for Debian GNU/Linux.
+
+=head1 COPYRIGHT
+
+Copyright 2008 Russ Allbery. This manual page is hereby placed into the
+public domain by its author.
+
+=cut
[ ! -f Makefile ] || $(MAKE) distclean
find . -name Makefile.in -print0 | xargs -0r rm
dh_clean aclocal.m4 config.h config.h.in config.status configure \
- config.guess config.sub libtool.m4 ltmain.sh
+ config.guess config.sub libtool.m4 ltmain.sh \
+ debian/libapache2-mod-shib2.shibd.init
install: install-stamp
install-stamp:
$(MAKE) DESTDIR=$(CURDIR)/debian/tmp install
rm -r $(CURDIR)/debian/tmp/usr/share/doc/shibboleth
rm $(CURDIR)/debian/tmp/etc/shibboleth/*.{dist,config}
+ rm $(CURDIR)/debian/tmp/etc/shibboleth/shibd-osx.plist
rm $(CURDIR)/debian/tmp/etc/shibboleth/shibd-redhat
+ rm $(CURDIR)/debian/tmp/etc/shibboleth/sp-*.pem
chmod +x $(CURDIR)/debian/tmp/etc/shibboleth/keygen.sh
+ mv $(CURDIR)/debian/tmp/etc/shibboleth/keygen.sh \
+ $(CURDIR)/debian/tmp/usr/sbin/shib-keygen
mv $(CURDIR)/debian/tmp/etc/shibboleth/shibd-debian \
$(CURDIR)/debian/libapache2-mod-shib2.shibd.init
dh_installdirs -s -i
pod2man $(CURDIR)/debian/man-pages/resolvertest.pod --section 1 \
--center 'Shibboleth' --release 2.0 \
$(CURDIR)/debian/libapache2-mod-shib2/usr/share/man/man1/resolvertest.1
+ pod2man $(CURDIR)/debian/man-pages/shib-keygen.pod --section 8 \
+ --center 'Shibboleth' --release 2.0 \
+ $(CURDIR)/debian/libapache2-mod-shib2/usr/share/man/man1/shib-keygen.8
pod2man $(CURDIR)/debian/man-pages/shibd.pod --section 8 \
--center 'Shibboleth' --release 2.0 \
$(CURDIR)/debian/libapache2-mod-shib2/usr/share/man/man8/shibd.8