# For .el4 and 5. %{!?_initddir: %global _initddir %{_initrddir}} # Determine httpd version. %if 0%{?el4} %global httpd_version 2 %else %global httpd_version 22 %endif Name: shibboleth Version: 2.3.1 Release: 3%{?dist} Summary: Web Single Sign On Group: System Environment/Libraries License: ASL 2.0 URL: http://shibboleth.internet2.edu/ # For distribution the file WS-Trust.xsd must be removed and other files # updated to reflect this. # wget http://shibboleth.internet2.edu/downloads/%{name}/cppsp/latest/%{name}-sp-%{version}.tar.gz # tar zvf %{name}-sp-%{version}.tar.gz # rm shibboleth-%{version}/schemas/WS-Trust.xsd # Edit files shibboleth-%{version}/schemas/{catalog.xml.in,Makefile.in,Makefile.am} # removing references to WS-Trust.xsd # tar cfz shibboleth-sp-%{version}-MODIFIED.tar.gz shibboleth-%{version} Source0: shibboleth-sp-2.3.1-MODIFIED.tar.gz Source1: shibd.sysconfig # Allows loading of a /etc/sysconfig/shibd file from the init.d script. # https://bugs.internet2.edu/jira/browse/SSPCPP-280 Patch0: %{name}-run-non-root.patch # Allows the script to change ownership of the created keys. # https://bugs.internet2.edu/jira/browse/SSPCPP-281 Patch1: %{name}-keygen-alt-location.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: log4cpp-devel BuildRequires: xerces-c-devel >= 2 BuildRequires: unixODBC-devel BuildRequires: httpd-devel BuildRequires: openssl-devel BuildRequires: xml-security-c-devel >= 1.5.1 BuildRequires: opensaml-devel BuildRequires: doxygen BuildRequires: graphviz BuildRequires: xmltooling-devel BuildRequires: libmemcached-devel BuildRequires: fcgi-devel Requires: httpd Requires: xml-common Requires: mod_ssl Requires(pre): shadow-utils Requires(post): chkconfig Requires(post): openssl Requires(preun): chkconfig Requires(preun): initscripts Requires(postun): initscripts %description The Shibboleth System is a standards based, open source software package for web single sign-on across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner. %package doc Summary: Web Single Sign On Documentation Group: Documentation Requires: %{name} = %{version}-%{release} %if %{?fedora}%{!?fedora:0} >= 10 || %{?rhel}%{!?rhel:0} >= 6 BuildArch: noarch %endif %description doc The Shibboleth System is a standards based, open source software package for web single sign-on across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner. %{name}-doc contains documentation. %package devel Summary: Web Single Sign On Header Files Group: System Environment/Libraries Requires: %{name} = %{version}-%{release} %description devel The Shibboleth System is a standards based, open source software package for web single sign-on across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner. %{name}-devel contains development header files. %package memcache Summary: Memcache module for Web Single Sign On Group: System Environment/Libraries Requires: %{name} = %{version}-%{release} %description memcache The Shibboleth System is a standards based, open source software package for web single sign-on across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner. %{name}-memcache contains %package odbc Summary: ODBC module for Web Single Sign On Group: System Environment/Libraries Requires: %{name} = %{version}-%{release} %description odbc The Shibboleth System is a standards based, open source software package for web single sign-on across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner. %{name}-odbc contains %prep %setup -q %patch0 -p1 %patch1 -p1 cp -p %{SOURCE1} . %build %configure --with-fastcgi=yes --with-memcached=yes make %{?_smp_mflags} %install rm -rf $RPM_BUILD_ROOT make install NOKEYGEN=1 DESTDIR=$RPM_BUILD_ROOT # Remove .la files. rm -f $RPM_BUILD_ROOT%{_libdir}/%{name}/*.la # Move init.d script to its location. mkdir -p $RPM_BUILD_ROOT%{_initddir} mv $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/shibd-redhat $RPM_BUILD_ROOT%{_initddir}/shibd chmod 755 $RPM_BUILD_ROOT%{_initddir}/shibd # Remove the not needed init.d scripts for other platforms. rm -f $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/{shibd-debian,shibd-osx.plist,shibd-suse} rm -f $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/upgrade.xsl # Install sysconfig file for init.d mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig cp -p shibd.sysconfig $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/shibd # Create a log directory. mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/%{name} # Move httpd modules to default directory. mkdir -p $RPM_BUILD_ROOT%{_libdir}/httpd/modules mv $RPM_BUILD_ROOT%{_libdir}/%{name}/mod_shib_%{httpd_version}.so \ $RPM_BUILD_ROOT%{_libdir}/httpd/modules/mod_shib.so sed -i 's!shibboleth/mod_shib_%{httpd_version}.so!httpd/modules/mod_shib.so!' \ $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/apache%{httpd_version}.config \ # Remove the .dist configuration files. rm -f $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/*.dist # httpd configuration. mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d mv $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/apache%{httpd_version}.config \ $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/shib.conf rm -f $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/apache*.config # Stop loading files runtime out of doc directory and a # /usr/share/shib directory instead. mkdir -p $RPM_BUILD_ROOT%{_datarootdir}/%{name}/www install -p -m 644 doc/main.css $RPM_BUILD_ROOT%{_datarootdir}/%{name}/www/main.css install -p -m 644 doc/logo.jpg $RPM_BUILD_ROOT%{_datarootdir}/%{name}/www/logo.jpg sed -i 's!/usr/share/doc/shibboleth-%{version}!%{_datarootdir}/%{name}/www!' \ $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/shib.conf # Scripts. mv $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/keygen.sh \ $RPM_BUILD_ROOT%{_sbindir}/%{name}-keygen mv $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/metagen.sh \ $RPM_BUILD_ROOT%{_sbindir}/%{name}-metage %clean rm -rf $RPM_BUILD_ROOT %pre getent group shibd >/dev/null || groupadd -r shibd getent passwd shibd >/dev/null || \ useradd -r -g shibd -d %{_localstatedir}/run/%{name} -s /sbin/nologin \ -c "User to run the shibd daemon" shibd exit 0 %post /sbin/ldconfig /sbin/chkconfig --add shibd if [ ! -f /etc/shibboleth/sp-cert.pem ] && [ ! -f /etc/shibboleth/sp-key.pem ] ; then /usr/sbin/shibboleth-keygen -b -o /etc/shibboleth/ -u shibd fi : %preun if [ $1 = 0 ] ; then /sbin/service shibd stop >/dev/null 2>&1 /sbin/chkconfig --del shibd fi %postun /sbin/ldconfig if [ "$1" -ge "1" ] ; then /sbin/service shibd status >/dev/null 2>&1 && /sbin/service shibd restart >/dev/null 2>&1 exit 0 fi %files %defattr(-,root,root,-) %{_datadir}/xml/%{name} %{_libdir}/lib*.so.* %{_bindir}/* %{_sbindir}/* %{_libdir}/%{name}/adfs.so %{_libdir}/%{name}/adfs-lite.so %{_libdir}/httpd/modules/mod_shib.so %{_libdir}/%{name}/shibauthorizer %{_libdir}/%{name}/shibresponder %{_initddir}/shibd %dir %attr(-,shibd,shibd) %{_localstatedir}/run/%{name} %dir %attr(-,shibd,shibd) %{_localstatedir}/log/%{name} %{_datarootdir}/%{name} %config %dir %{_sysconfdir}/%{name} %config(noreplace) %{_sysconfdir}/%{name}/*.logger %config(noreplace) %{_sysconfdir}/%{name}/*.html %config(noreplace) %{_sysconfdir}/%{name}/*.xml %config(noreplace) %{_sysconfdir}/sysconfig/shibd %config(noreplace) %{_sysconfdir}/httpd/conf.d/shib.conf %doc doc/README.txt doc/LICENSE.txt doc/RELEASE.txt %files memcache %defattr(-,root,root,-) %{_libdir}/%{name}/memcache-store.so %files odbc %defattr(-,root,root,-) %{_libdir}/%{name}/odbc-store.so %files doc %defattr(-,root,root,-) %doc doc/api/html %files devel %defattr(-,root,root,-) %{_includedir}/* %{_libdir}/lib*.so %changelog * Tue Feb 23 2010 Steve Traylen - 2.3.1-3 - Various minor package fixes for Fedora reivew. - Remove WS-Trust.xsd due to its license header. - Enable memcache and odbc modules. * Mon Feb 22 2010 Steve Traylen - 2.3.1-2 - Change keygen-alt-location.patch to not use mktemp. * Sun Feb 21 2010 Steve Traylen - 2.3.1-1 - New upsteam. * Wed Oct 6 2009 Steve Traylen - 2.2.1-1 - First Build