File shibboleth-sp.spec of Package shibboleth-sp.13459
#
# spec file for package shibboleth-sp
#
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
%global _tmpfilesdir %{_libexecdir}/tmpfiles.d
%define runuser shibd
%define realname shibboleth
%define pkgdocdir %{_docdir}/%{realname}
Name: shibboleth-sp
Version: 2.5.5
Release: 0
Summary: Open source system for attribute-based Web SSO
License: Apache-2.0
Group: Productivity/Networking/Security
Url: http://shibboleth.net/
Source0: http://shibboleth.net/downloads/service-provider/%{version}/%{name}-%{version}.tar.bz2
Source1: http://shibboleth.net/downloads/service-provider/%{version}/%{name}-%{version}.tar.bz2.asc
Source2: %{name}.keyring
Source3: shibd.service
Patch0: shibboleth-sp-2.5.5-doxygen_timestamp.patch
Patch1: shibboleth-sp-2.5.5-CVE-2017-16852.patch
BuildRequires: apache2-devel
BuildRequires: boost-devel >= 1.32.0
BuildRequires: doxygen
BuildRequires: gcc-c++
BuildRequires: krb5-devel
BuildRequires: liblog4shib-devel >= 1.0.4
BuildRequires: libsaml-devel >= 2.5.5
BuildRequires: libtool
BuildRequires: libmemcached-devel
BuildRequires: libxerces-c-devel >= 3.1
BuildRequires: libxml-security-c-devel >= 1.7.3
BuildRequires: libxmltooling-devel >= 1.5.5
BuildRequires: pkgconfig
BuildRequires: systemd-devel
BuildRequires: systemd-rpm-macros
BuildRequires: unixODBC-devel
BuildRequires: zlib-devel
Requires: openssl
PreReq: opensaml-schemas >= 2.5.5
PreReq: xmltooling-schemas >= 1.5.5
Requires(pre): pwdutils
Obsoletes: shibboleth-sp = 2.5.0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%{?systemd_requires}
%description
Shibboleth is a Web Single Sign-On implementations based on OpenSAML
that supports multiple protocols, federated identity, and the extensible
exchange of rich attributes subject to privacy controls.
This package contains the Shibboleth Service Provider runtime libraries,
daemon, default plugins, and Apache module.
%package -n libshibsp6
Summary: Shared Library for Shibboleth
Group: Productivity/Networking/Security
%description -n libshibsp6
Shibboleth is a Web Single Sign-On implementations based on OpenSAML
that supports multiple protocols, federated identity, and the extensible
exchange of rich attributes subject to privacy controls.
This package contains just the shared library.
%package -n libshibsp-lite6
Summary: Shared Library for Shibboleth
Group: Productivity/Networking/Security
%description -n libshibsp-lite6
Shibboleth is a Web Single Sign-On implementations based on OpenSAML
that supports multiple protocols, federated identity, and the extensible
exchange of rich attributes subject to privacy controls.
This package contains just the shared library.
%package devel
Summary: Shibboleth Development Headers
Group: Development/Libraries/C and C++
Requires: %{name} = %{version}-%{release}
Requires: liblog4shib-devel >= 1.0.4
Requires: libsaml-devel >= 2.5.5
Requires: libshibsp-lite6 = %{version}-%{release}
Requires: libshibsp6 = %{version}-%{release}
Requires: libxerces-c-devel >= 3.1
Requires: libxml-security-c-devel >= 1.7.3
Requires: libxmltooling-devel >= 1.5.5
Obsoletes: shibboleth-sp-devel = 2.5.0
%description devel
Shibboleth is a Web Single Sign-On implementations based on OpenSAML
that supports multiple protocols, federated identity, and the extensible
exchange of rich attributes subject to privacy controls.
This package includes files needed for development with Shibboleth.
%prep
%setup -q
%patch0 -p1
%patch1 -p1
%build
CXXFLAGS="$RPM_OPT_FLAGS -std=c++11"
%configure --with-gssapi --enable-systemd --with-memcached
make %{?_smp_mflags} pkgdocdir=%{pkgdocdir}
%install
make install NOKEYGEN=1 DESTDIR=%{buildroot} pkgdocdir=%{pkgdocdir}
install -D -m 644 %{SOURCE3} %{buildroot}%{_unitdir}/shibd.service
ln -sf %{_sbindir}/service %{buildroot}/%{_sbindir}/rcshibd
sed -i "s/\/var\/log\/httpd/\/var\/log\/apache2/g" \
%{buildroot}%{_sysconfdir}/%{realname}/native.logger
# Delete unnecessary files
pushd %{buildroot}/%{_sysconfdir}/%{realname}
rm shibd-debian shibd-redhat shibd-amazon shibd-suse shibd-osx.plist apache.config apache2.config apache22.config shibd-systemd
rm *.dist
popd
# Plug the SP into the Apache
touch rpm.filelist
APACHE_CONFIG="no"
if [ -f %{buildroot}%{_libdir}/%{realname}/mod_shib_24.so ] ; then
APACHE_CONFIG="apache24.config"
fi
if [ "$APACHE_CONFIG" != "no" ] ; then
APACHE_CONFD="no"
if [ -d %{_sysconfdir}/apache2/conf.d ] ; then
APACHE_CONFD="%{_sysconfdir}/apache2/conf.d"
fi
if [ "$APACHE_CONFD" != "no" ] ; then
mkdir -p $RPM_BUILD_ROOT$APACHE_CONFD
cp -p %{buildroot}%{_sysconfdir}/%{realname}/$APACHE_CONFIG $RPM_BUILD_ROOT$APACHE_CONFD/shib.conf
echo "%config(noreplace) $APACHE_CONFD/shib.conf" >> rpm.filelist
fi
fi
# Get run directory created at boot time.
mkdir -p %{buildroot}%{_tmpfilesdir}
echo "%attr(0444,-,-) %{_tmpfilesdir}/%{realname}.conf" >> rpm.filelist
cat > %{buildroot}%{_tmpfilesdir}/%{realname}.conf <<EOF
d /run/%{realname} 755 %{runuser} %{runuser} -
EOF
%check
make %{?_smp_mflags} check
%pre
getent group %{runuser} >/dev/null || groupadd -r %{runuser}
getent passwd %{runuser} >/dev/null || useradd -r -g %{runuser} \
-d %{_localstatedir}/run/%{realname} -s /sbin/nologin -c "Shibboleth SP daemon" %{runuser}
%service_add_pre shibd.service
exit 0
%post -n libshibsp6 -p /sbin/ldconfig
%post -n libshibsp-lite6 -p /sbin/ldconfig
%post
# Key generation
cd %{_sysconfdir}/%{realname}
if [ ! -f sp-key.pem ] ; then
/bin/sh ./keygen.sh -b -u %{runuser} -g %{runuser}
fi
%service_add_post shibd.service
systemd-tmpfiles --create %{_tmpfilesdir}/%{realname}.conf
%preun
# On final removal, stop shibd and remove service, restart Apache if running.
%service_del_preun shibd.service
if [ $1 -eq 0 ] ; then
/sbin/service apache2 status 1>/dev/null && /sbin/service apache2 restart 1>/dev/null
fi
exit 0
%postun -n libshibsp6 -p /sbin/ldconfig
%postun -n libshibsp-lite6 -p /sbin/ldconfig
%postun
%service_del_postun shibd.service
%restart_on_update apache2
%posttrans
# One-time extra restart of shibd and Apache to work around
# SUSE bug that breaks old %%restart_on_update macro.
# If we remove, upgrades from pre-systemd to post-systemd
# will stop doing the final restart.
%{_bindir}/systemctl try-restart shibd >/dev/null 2>&1 || :
%{_bindir}/systemctl try-restart apache2 >/dev/null 2>&1 || :
exit 0
%files -f rpm.filelist
%defattr(-,root,root,-)
%{_sbindir}/shibd
%{_sbindir}/rcshibd
%{_bindir}/mdquery
%{_bindir}/resolvertest
%dir %{_libdir}/%{realname}
%{_libdir}/%{realname}/*
%{_unitdir}/shibd.service
%attr(0750,%{runuser},%{runuser}) %dir %{_localstatedir}/log/%{realname}
%attr(0750,wwwrun,www) %dir %{_localstatedir}/log/%{realname}-www
%attr(0755,%{runuser},%{runuser}) %dir %{_localstatedir}/cache/%{realname}
%ghost %attr(0755,%{runuser},%{runuser}) %dir /run/%{realname}
%dir %{_datadir}/xml/%{realname}
%{_datadir}/xml/%{realname}/*
%dir %{_datadir}/%{realname}
%{_datadir}/%{realname}/*
%dir %{_sysconfdir}/%{realname}
%config(noreplace) %{_sysconfdir}/%{realname}/*.xml
%config(noreplace) %{_sysconfdir}/%{realname}/*.html
%config(noreplace) %{_sysconfdir}/%{realname}/*.logger
%{_tmpfilesdir}/%{realname}.conf
%{_sysconfdir}/%{realname}/apache24.config
%attr(0755,root,root) %{_sysconfdir}/%{realname}/keygen.sh
%attr(0755,root,root) %{_sysconfdir}/%{realname}/metagen.sh
%{_sysconfdir}/%{realname}/*.xsl
%doc %{pkgdocdir}
%exclude %{pkgdocdir}/api
%files -n libshibsp6
%defattr(-,root,root,-)
%{_libdir}/libshibsp.so.*
%files -n libshibsp-lite6
%defattr(-,root,root,-)
%{_libdir}/libshibsp-lite.so.*
%files devel
%defattr(-,root,root,-)
%{_includedir}/*
%{_libdir}/libshibsp.so
%{_libdir}/libshibsp-lite.so
%doc %{pkgdocdir}/api
%changelog
