diff options
| author | girgen <girgen@FreeBSD.org> | 2013-06-04 17:29:21 +0000 |
|---|---|---|
| committer | girgen <girgen@FreeBSD.org> | 2013-06-04 17:29:21 +0000 |
| commit | dfffa9ba08ae5dd8420e809f76f67132090755de (patch) | |
| tree | 4b402459887dd978d82326c7033b384c026b386b | |
| parent | d0a9e72d4679a0e8452432997102c4337ae88339 (diff) | |
| download | FreeBSD-ports-dfffa9ba08ae5dd8420e809f76f67132090755de.zip FreeBSD-ports-dfffa9ba08ae5dd8420e809f76f67132090755de.tar.gz | |
Update Shibboleth-sp and its tool chain to 2.5.1.
Note that from 2.5, shibd is run as the user shibd. The port tries to fix the
key file ownership but if you have changed the file name of the key from the
default sp-key.pem, make sure you chown your key file(s) to user shibd.
Also, take maintainership of the entire tool chain (approved by all previous
maintainers).
Incorporates the ideas suggested by Craig Leres [177668], making sure that the
ssl key is not added to the package.
PR: 177668, 178694
| -rw-r--r-- | GIDs | 1 | ||||
| -rw-r--r-- | UIDs | 1 | ||||
| -rw-r--r-- | devel/log4shib/Makefile | 8 | ||||
| -rw-r--r-- | devel/log4shib/distinfo | 4 | ||||
| -rw-r--r-- | devel/xmltooling/Makefile | 11 | ||||
| -rw-r--r-- | devel/xmltooling/distinfo | 4 | ||||
| -rw-r--r-- | devel/xmltooling/pkg-plist | 8 | ||||
| -rw-r--r-- | security/apache-xml-security-c/Makefile | 4 | ||||
| -rw-r--r-- | security/apache-xml-security-c/distinfo | 4 | ||||
| -rw-r--r-- | security/apache-xml-security-c/pkg-plist | 2 | ||||
| -rw-r--r-- | security/opensaml2/Makefile | 9 | ||||
| -rw-r--r-- | security/opensaml2/distinfo | 4 | ||||
| -rw-r--r-- | security/opensaml2/pkg-plist | 5 | ||||
| -rw-r--r-- | security/shibboleth2-sp/Makefile | 53 | ||||
| -rw-r--r-- | security/shibboleth2-sp/distinfo | 4 | ||||
| -rw-r--r-- | security/shibboleth2-sp/files/patch-configure.ac | 11 | ||||
| -rw-r--r-- | security/shibboleth2-sp/files/patch-makefiles-docdir | 47 | ||||
| -rw-r--r-- | security/shibboleth2-sp/files/patch-shibboleth-spec | 26 | ||||
| -rw-r--r-- | security/shibboleth2-sp/files/shibboleth-sp.in | 38 | ||||
| -rw-r--r-- | security/shibboleth2-sp/pkg-descr | 2 | ||||
| -rw-r--r-- | security/shibboleth2-sp/pkg-plist | 39 |
21 files changed, 200 insertions, 85 deletions
@@ -253,5 +253,6 @@ elasticsearch:*:965: ossec:*:966: kippo:*:969: colord:*:970: +shibd:*:971: nogroup:*:65533: nobody:*:65534: @@ -260,4 +260,5 @@ ossecm:*:967:966::0:0:OSSEC mail user:/usr/local/ossec-hids:/usr/sbin/nologin ossecr:*:968:966::0:0:OSSEC rem user:/usr/local/ossec-hids:/usr/sbin/nologin kippo:*:969:969::0:0:kippo user:/nonexistent:/usr/sbin/nologin colord:*:970:970::0:0:colord color management daemon:/nonexistent:/usr/sbin/nologin +shibd:*:971:971::0:0:Shibboleth SAML daemon:/nonexistent:/usr/sbin/nologin nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin diff --git a/devel/log4shib/Makefile b/devel/log4shib/Makefile index a1b9524..d4d5b16 100644 --- a/devel/log4shib/Makefile +++ b/devel/log4shib/Makefile @@ -7,11 +7,11 @@ # PORTNAME= log4shib -DISTVERSION= 1.0.4 +DISTVERSION= 1.0.6 CATEGORIES= devel -MASTER_SITES= http://shibboleth.internet2.edu/downloads/${PORTNAME}/${DISTVERSION}/ +MASTER_SITES= http://shibboleth.net/downloads/${PORTNAME}/${DISTVERSION}/ -MAINTAINER= vanilla@FreeBSD.org +MAINTAINER= girgen@FreeBSD.org COMMENT= A library of C++ classes for flexible logging USE_AUTOTOOLS= libtool @@ -21,8 +21,8 @@ USE_GNOME= pkgconfig gnomehack CONFIGURE_ARGS= --with-pthreads --disable-html-docs --disable-doxygen USE_LDCONFIG= yes +USES= pathfix post-patch: @${REINPLACE_CMD} -e 's| -pedantic||g' ${WRKSRC}/configure - @${REINPLACE_CMD} -e 's|(libdir)/pkgconfig|(prefix)/libdata/pkgconfig|' ${WRKSRC}/Makefile.in .include <bsd.port.mk> diff --git a/devel/log4shib/distinfo b/devel/log4shib/distinfo index 50fc437..2f4d8f3 100644 --- a/devel/log4shib/distinfo +++ b/devel/log4shib/distinfo @@ -1,2 +1,2 @@ -SHA256 (log4shib-1.0.4.tar.gz) = 4e5f9e58f14f2498d8be15dc0a6223e83f0510a924494295329b20745cacbc38 -SIZE (log4shib-1.0.4.tar.gz) = 487529 +SHA256 (log4shib-1.0.6.tar.gz) = 060f472a085e34658f4eb19c2be56010adfcf33cf138071f8e7c953aa278d567 +SIZE (log4shib-1.0.6.tar.gz) = 571088 diff --git a/devel/xmltooling/Makefile b/devel/xmltooling/Makefile index 565d22a..e58961d 100644 --- a/devel/xmltooling/Makefile +++ b/devel/xmltooling/Makefile @@ -2,18 +2,19 @@ # $FreeBSD$ PORTNAME= xmltooling -PORTVERSION= 1.4.2 -PORTREVISION= 1 +PORTVERSION= 1.5.2 CATEGORIES= devel security -MASTER_SITES= http://www.shibboleth.net/downloads/c++-opensaml/2.4.3/ +MASTER_SITES= http://shibboleth.net/downloads/c++-opensaml/2.5.2/ -MAINTAINER= jmohacsi@bsd.hu +MAINTAINER= girgen@FreeBSD.org COMMENT= Low level XML support for SAML LIB_DEPENDS= curl.6:${PORTSDIR}/ftp/curl \ log4shib.1:${PORTSDIR}/devel/log4shib \ xerces-c.3:${PORTSDIR}/textproc/xerces-c3 \ - xml-security-c.16:${PORTSDIR}/security/apache-xml-security-c + xml-security-c.17:${PORTSDIR}/security/apache-xml-security-c + +BUILD_DEPENDS= boost-libs>=0:${PORTSDIR}/devel/boost-libs GNU_CONFIGURE= yes CONFIGURE_ARGS+=--with-log4shib=${LOCALBASE} --with-openssl=${OPENSSLBASE} --with-curl=${LOCALBASE} --disable-doxygen-doc diff --git a/devel/xmltooling/distinfo b/devel/xmltooling/distinfo index a6bcb53..68b32c4 100644 --- a/devel/xmltooling/distinfo +++ b/devel/xmltooling/distinfo @@ -1,2 +1,2 @@ -SHA256 (xmltooling-1.4.2.tar.gz) = c32c503532cd0f2c64a71f0a7f4e63f660f1205830603b0bcd9225dc3c23445d -SIZE (xmltooling-1.4.2.tar.gz) = 636598 +SHA256 (xmltooling-1.5.2.tar.gz) = d43719f8d742d87131ea64f2dbc8f1b366c7f216ac21015090a51693ff11df98 +SIZE (xmltooling-1.5.2.tar.gz) = 679098 diff --git a/devel/xmltooling/pkg-plist b/devel/xmltooling/pkg-plist index 2e58b81..1802636 100644 --- a/devel/xmltooling/pkg-plist +++ b/devel/xmltooling/pkg-plist @@ -48,7 +48,10 @@ include/xmltooling/security/KeyInfoCredentialContext.h include/xmltooling/security/KeyInfoResolver.h include/xmltooling/security/OpenSSLCredential.h include/xmltooling/security/OpenSSLCryptoX509CRL.h +include/xmltooling/security/OpenSSLPathValidator.h include/xmltooling/security/OpenSSLTrustEngine.h +include/xmltooling/security/PKIXPathValidatorParams.h +include/xmltooling/security/PathValidator.h include/xmltooling/security/SecurityHelper.h include/xmltooling/security/SignatureTrustEngine.h include/xmltooling/security/TrustEngine.h @@ -84,13 +87,14 @@ include/xmltooling/validation/Validator.h include/xmltooling/validation/ValidatorSuite.h include/xmltooling/version.h lib/libxmltooling-lite.so -lib/libxmltooling-lite.so.5 +lib/libxmltooling-lite.so.6 lib/libxmltooling.so -lib/libxmltooling.so.5 +lib/libxmltooling.so.6 libdata/pkgconfig/xmltooling.pc share/xml/xmltooling/catalog.xml share/xml/xmltooling/soap-envelope.xsd share/xml/xmltooling/xenc-schema.xsd +share/xml/xmltooling/xenc11-schema.xsd share/xml/xmltooling/xml.xsd share/xml/xmltooling/xmldsig-core-schema.xsd share/xml/xmltooling/xmldsig11-schema.xsd diff --git a/security/apache-xml-security-c/Makefile b/security/apache-xml-security-c/Makefile index 777649b..40ad919 100644 --- a/security/apache-xml-security-c/Makefile +++ b/security/apache-xml-security-c/Makefile @@ -2,13 +2,13 @@ # $FreeBSD$ PORTNAME= xml-security-c -PORTVERSION= 1.6.1 +PORTVERSION= 1.7.0 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_APACHE} MASTER_SITE_SUBDIR=santuario/c-library PKGNAMEPREFIX= apache- -MAINTAINER= jmohacsi@bsd.hu +MAINTAINER= girgen@FreeBSD.org COMMENT= Apache XML security libraries - C++ version LICENSE= AL2 diff --git a/security/apache-xml-security-c/distinfo b/security/apache-xml-security-c/distinfo index 1cf0b5a..6c16d8d 100644 --- a/security/apache-xml-security-c/distinfo +++ b/security/apache-xml-security-c/distinfo @@ -1,2 +1,2 @@ -SHA256 (xml-security-c-1.6.1.tar.gz) = 73931a55d6925a82416ea48f8d6f1b8ed591368e1dfc30574fe43904b7c62fcd -SIZE (xml-security-c-1.6.1.tar.gz) = 864366 +SHA256 (xml-security-c-1.7.0.tar.gz) = c8cd6ec3d3b777fcca295cb4b273b08e4cfe37e03fc27131ec079894b9dae87c +SIZE (xml-security-c-1.7.0.tar.gz) = 874025 diff --git a/security/apache-xml-security-c/pkg-plist b/security/apache-xml-security-c/pkg-plist index dc6d2c9..fc21acc 100644 --- a/security/apache-xml-security-c/pkg-plist +++ b/security/apache-xml-security-c/pkg-plist @@ -160,7 +160,7 @@ include/xsec/xkms/XKMSValidateResult.hpp include/xsec/xkms/XKMSValidityInterval.hpp lib/libxml-security-c.a lib/libxml-security-c.so -lib/libxml-security-c.so.16 +lib/libxml-security-c.so.17 @dirrm include/xsec/xkms @dirrm include/xsec/xenc @dirrm include/xsec/utils/unixutils diff --git a/security/opensaml2/Makefile b/security/opensaml2/Makefile index 8225949..7575724 100644 --- a/security/opensaml2/Makefile +++ b/security/opensaml2/Makefile @@ -2,19 +2,18 @@ # $FreeBSD$ PORTNAME= opensaml2 -PORTVERSION= 2.4.3 -PORTREVISION= 1 +PORTVERSION= 2.5.2 CATEGORIES= security -MASTER_SITES= http://www.shibboleth.net/downloads/c++-opensaml/${PORTVERSION}/ +MASTER_SITES= http://shibboleth.net/downloads/c++-opensaml/${PORTVERSION}/ DISTNAME= opensaml-${PORTVERSION} -MAINTAINER= jmohacsi@bsd.hu +MAINTAINER= girgen@FreeBSD.org COMMENT= Open source implementation of SAML2 LIB_DEPENDS= curl.6:${PORTSDIR}/ftp/curl \ log4shib.1:${PORTSDIR}/devel/log4shib \ xerces-c.3:${PORTSDIR}/textproc/xerces-c3 \ - xmltooling.5:${PORTSDIR}/devel/xmltooling + xmltooling.6:${PORTSDIR}/devel/xmltooling GNU_CONFIGURE= yes CONFIGURE_ARGS+=--with-log4shib=${LOCALBASE} --with-openssl=${OPENSSLBASE} \ diff --git a/security/opensaml2/distinfo b/security/opensaml2/distinfo index 72152db..e82df96 100644 --- a/security/opensaml2/distinfo +++ b/security/opensaml2/distinfo @@ -1,2 +1,2 @@ -SHA256 (opensaml-2.4.3.tar.gz) = 850187c7dd664f9216a387bcc9e08f36643f04ddc08d11551e33a46dd15d2539 -SIZE (opensaml-2.4.3.tar.gz) = 871693 +SHA256 (opensaml-2.5.2.tar.gz) = 5bc3fbe5e789ad7aedfc2919413131400290466ecd2b77b1c3f3dc4c37e6fe54 +SIZE (opensaml-2.5.2.tar.gz) = 707139 diff --git a/security/opensaml2/pkg-plist b/security/opensaml2/pkg-plist index 00c8c06..e6b84d8 100644 --- a/security/opensaml2/pkg-plist +++ b/security/opensaml2/pkg-plist @@ -25,6 +25,7 @@ include/saml/saml2/metadata/AbstractMetadataProvider.h include/saml/saml2/metadata/DiscoverableMetadataProvider.h include/saml/saml2/metadata/DynamicMetadataProvider.h include/saml/saml2/metadata/EndpointManager.h +include/saml/saml2/metadata/EntityMatcher.h include/saml/saml2/metadata/Metadata.h include/saml/saml2/metadata/MetadataCredentialContext.h include/saml/saml2/metadata/MetadataCredentialCriteria.h @@ -46,7 +47,7 @@ include/saml/signature/SignableObject.h include/saml/signature/SignatureProfileValidator.h include/saml/util/CommonDomainCookie.h include/saml/util/SAMLConstants.h -lib/libsaml.so.7 +lib/libsaml.so.8 lib/libsaml.so libdata/pkgconfig/opensaml.pc %%PORTDOCS%%%%DOCSDIR%%/README.txt @@ -67,6 +68,8 @@ share/xml/opensaml/cs-sstc-schema-assertion-01.xsd share/xml/opensaml/cs-sstc-schema-protocol-01.xsd share/xml/opensaml/cs-sstc-schema-assertion-1.1.xsd share/xml/opensaml/cs-sstc-schema-protocol-1.1.xsd +share/xml/opensaml/saml-async-slo-v1.0.xsd +share/xml/opensaml/saml-metadata-rpi-v1.0.xsd share/xml/opensaml/saml-schema-assertion-2.0.xsd share/xml/opensaml/saml-schema-authn-context-2.0.xsd share/xml/opensaml/saml-schema-authn-context-auth-telephony-2.0.xsd diff --git a/security/shibboleth2-sp/Makefile b/security/shibboleth2-sp/Makefile index 8d573b5..c20e1b4 100644 --- a/security/shibboleth2-sp/Makefile +++ b/security/shibboleth2-sp/Makefile @@ -2,53 +2,58 @@ # $FreeBSD$ PORTNAME= shibboleth-sp -PORTVERSION= 2.4.3 -PORTREVISION= 1 +PORTVERSION= 2.5.1 CATEGORIES= security www -MASTER_SITES= http://www.shibboleth.net/downloads/service-provider/${PORTVERSION}/ +MASTER_SITES= http://shibboleth.net/downloads/service-provider/${PORTVERSION}/ -MAINTAINER= swills@FreeBSD.org +MAINTAINER= girgen@FreeBSD.org COMMENT= C++ Shibboleth Service Provider (Internet2) for Apache -LIB_DEPENDS= saml.7:${PORTSDIR}/security/opensaml2 - -OPTIONS_DEFINE= APACHE22 -APACHE22_DESC= Use Apache version 2.2 instead of version 2.0 +LIB_DEPENDS= saml.8:${PORTSDIR}/security/opensaml2 MAKE_JOBS_SAFE= yes USE_GMAKE= yes GNU_CONFIGURE= yes +MAKE_ENV= NOKEYGEN=YES USE_LDCONFIG= yes USE_RC_SUBR= shibboleth-sp -USE_AUTOTOOLS= autoconf automake:env libtool:env -WRKSRC= ${WRKDIR}/shibboleth-${PORTVERSION} LATEST_LINK= shibboleth2-sp +USERS= shibd +GROUPS= shibd + +USE_APACHE= 22-24 +USE_OPENSSL= yes + .include <bsd.port.pre.mk> -.if ${PORT_OPTIONS:MAPACHE22} -USE_APACHE= 22 +.if ${APACHE_VERSION} == 22 CONFIGURE_ARGS= --enable-apache-22 --with-apxs22=${APXS} PLIST_SUB+= WITH_APACHE_22="" -PLIST_SUB+= WITH_APACHE_20="@comment " +PLIST_SUB+= WITH_APACHE_24="@comment " .else -IGNORE= apache20 is no longer available -#USE_APACHE= 20 -#CONFIGURE_ARGS= --enable-apache-20 --with-apxs2=${APXS} --with-apr=${PREFIX}/lib/apache2/apr-config --with-apu=${PREFIX}/lib/apache2/apu-config +CONFIGURE_ARGS= --enable-apache-24 --with-apxs24=${APXS} PLIST_SUB+= WITH_APACHE_22="@comment " -PLIST_SUB+= WITH_APACHE_20="" +PLIST_SUB+= WITH_APACHE_24="" .endif + +SUB_LIST+= SH=${SH} +PLIST_SUB+= WWWOWN=${WWWOWN} WWWGRP=${WWWGRP} + +SUB_LIST+= SHIBD_USER=${USERS} +SUB_LIST+= SHIBD_GROUP=${GROUPS} +PLIST_SUB+= SHIBD_USER=${USERS} +PLIST_SUB+= SHIBD_GROUP=${GROUPS} + CONFIGURE_ARGS+= --localstatedir=/var --with-log4shib=${LOCALBASE} CONFIGURE_ARGS+= --with-openssl=${OPENSSLBASE} --with-xmltooling=${LOCALBASE} CONFIGURE_ARGS+= --disable-doxygen-doc -pre-configure: - @${REINPLACE_CMD} -e 's|/run|/run/shibboleth|' ${WRKSRC}/configs/Makefile.in - @${REINPLACE_CMD} -e 's|/doc/@PACKAGE@-@PACKAGE_VERSION@|/doc/@PACKAGE@|' \ - ${WRKSRC}/configs/Makefile.am ${WRKSRC}/configs/Makefile.in \ - ${WRKSRC}/doc/Makefile.am ${WRKSRC}/doc/Makefile.in - ${RM} ${WRKSRC}/aclocal.m4 - @cd ${WRKSRC} && ${AUTORECONF} -fvi +post-install: + ${CHOWN} -R ${USERS}:${GROUPS} /var/cache/shibboleth ;\ + ${CHOWN} -R ${USERS}:${GROUPS} /var/log/shibboleth ;\ + ${CHOWN} -R ${USERS}:${WWWGRP} /var/run/shibboleth ;\ + ${CHMOD} -R u=rwx,g=rx,o= /var/run/shibboleth .include <bsd.port.post.mk> diff --git a/security/shibboleth2-sp/distinfo b/security/shibboleth2-sp/distinfo index eeba592..7539abe 100644 --- a/security/shibboleth2-sp/distinfo +++ b/security/shibboleth2-sp/distinfo @@ -1,2 +1,2 @@ -SHA256 (shibboleth-sp-2.4.3.tar.gz) = 9e0b219707046b55d0ca38627fb213b799ac98cf11541845b7e6b036a89dcdcf -SIZE (shibboleth-sp-2.4.3.tar.gz) = 854326 +SHA256 (shibboleth-sp-2.5.1.tar.gz) = a697034fe56a170602a3907cde6faf822836b1ba23cdc11af315a81df6102f04 +SIZE (shibboleth-sp-2.5.1.tar.gz) = 952815 diff --git a/security/shibboleth2-sp/files/patch-configure.ac b/security/shibboleth2-sp/files/patch-configure.ac deleted file mode 100644 index 90e629c..0000000 --- a/security/shibboleth2-sp/files/patch-configure.ac +++ /dev/null @@ -1,11 +0,0 @@ ---- configure.ac.orig 2009-12-01 19:07:37.000000000 +0200 -+++ configure.ac 2010-01-06 19:23:05.000000000 +0200 -@@ -717,7 +717,7 @@ - AC_MSG_CHECKING(for user-specified apu-config name/location) - if test "$withval" != "no" ; then - if test "$withval" != "yes"; then -- APR_CONFIG=$withval -+ APU_CONFIG=$withval - AC_MSG_RESULT("$withval") - fi - fi diff --git a/security/shibboleth2-sp/files/patch-makefiles-docdir b/security/shibboleth2-sp/files/patch-makefiles-docdir new file mode 100644 index 0000000..aa62695 --- /dev/null +++ b/security/shibboleth2-sp/files/patch-makefiles-docdir @@ -0,0 +1,47 @@ +--- doc/Makefile.am.orig 2012-07-23 22:08:29.000000000 +0200 ++++ doc/Makefile.am 2013-02-22 10:53:42.000000000 +0100 +@@ -1,7 +1,7 @@ + AUTOMAKE_OPTIONS = foreign + +-pkgdocdir = $(datadir)/doc/@PACKAGE_NAME@-@PACKAGE_VERSION@ +-pkgwebdir = $(datadir)/@PACKAGE_NAME@ ++pkgdocdir = $(datadir)/doc/@PACKAGE_NAME@ ++pkgwebdir = $(datadir)/doc/@PACKAGE_NAME@ + + install-data-hook: + if test -d api ; then \ +--- doc/Makefile.in.orig 2012-12-04 05:50:56.000000000 +0100 ++++ doc/Makefile.in 2013-02-22 10:53:42.000000000 +0100 +@@ -288,8 +288,8 @@ + top_srcdir = @top_srcdir@ + xs = @xs@ + AUTOMAKE_OPTIONS = foreign +-pkgdocdir = $(datadir)/doc/@PACKAGE_NAME@-@PACKAGE_VERSION@ +-pkgwebdir = $(datadir)/@PACKAGE_NAME@ ++pkgdocdir = $(datadir)/doc/@PACKAGE_NAME@ ++pkgwebdir = $(datadir)/doc/@PACKAGE_NAME@ + docfiles = \ + CREDITS.txt \ + LICENSE.txt \ +--- configs/Makefile.am.orig 2012-12-04 05:49:50.000000000 +0100 ++++ configs/Makefile.am 2013-02-22 10:53:42.000000000 +0100 +@@ -6,7 +6,7 @@ + pkglogdir = ${localstatedir}/log/@PACKAGE_NAME@ + shirelogdir = ${localstatedir}/log/httpd + pkgxmldir = $(datadir)/xml/@PACKAGE_NAME@ +-pkgwebdir = $(datadir)/@PACKAGE_NAME@ ++pkgwebdir = $(datadir)/doc/@PACKAGE_NAME@ + pkgrundir = $(localstatedir)/run/@PACKAGE_NAME@ + pkgcachedir = $(localstatedir)/cache/@PACKAGE_NAME@ + pkgsysconfdir = $(sysconfdir)/@PACKAGE_NAME@ +--- configs/Makefile.in.orig 2012-12-04 05:50:56.000000000 +0100 ++++ configs/Makefile.in 2013-02-22 10:53:42.000000000 +0100 +@@ -291,7 +291,7 @@ + pkglogdir = ${localstatedir}/log/@PACKAGE_NAME@ + shirelogdir = ${localstatedir}/log/httpd + pkgxmldir = $(datadir)/xml/@PACKAGE_NAME@ +-pkgwebdir = $(datadir)/@PACKAGE_NAME@ ++pkgwebdir = $(datadir)/doc/@PACKAGE_NAME@ + pkgrundir = $(localstatedir)/run/@PACKAGE_NAME@ + pkgcachedir = $(localstatedir)/cache/@PACKAGE_NAME@ + pkgsysconfdir = $(sysconfdir)/@PACKAGE_NAME@ diff --git a/security/shibboleth2-sp/files/patch-shibboleth-spec b/security/shibboleth2-sp/files/patch-shibboleth-spec new file mode 100644 index 0000000..532bafc --- /dev/null +++ b/security/shibboleth2-sp/files/patch-shibboleth-spec @@ -0,0 +1,26 @@ +--- shibboleth.spec.in.orig 2012-12-04 05:49:49.000000000 +0100 ++++ shibboleth.spec.in 2013-06-03 16:19:28.000000000 +0200 +@@ -58,7 +58,7 @@ + %if "%{_vendor}" == "suse" + %define pkgdocdir %{_docdir}/shibboleth + %else +-%define pkgdocdir %{_docdir}/shibboleth-%{version} ++%define pkgdocdir %{_docdir}/shibboleth + %endif + + %description +@@ -202,14 +202,6 @@ + /sbin/ldconfig + %endif + +-# Key generation or ownership fix +-cd %{_sysconfdir}/shibboleth +-if [ -f sp-key.pem ] ; then +- %{__chown} %{runuser}:%{runuser} sp-key.pem sp-cert.pem 2>/dev/null || : +-else +- sh ./keygen.sh -b -u %{runuser} -g %{runuser} +-fi +- + # Fix ownership of log files (even on new installs, if they're left from an older one). + %{__chown} %{runuser}:%{runuser} %{_localstatedir}/log/shibboleth/* 2>/dev/null || : + diff --git a/security/shibboleth2-sp/files/shibboleth-sp.in b/security/shibboleth2-sp/files/shibboleth-sp.in index 5a81e04..65f8747 100644 --- a/security/shibboleth2-sp/files/shibboleth-sp.in +++ b/security/shibboleth2-sp/files/shibboleth-sp.in @@ -11,9 +11,43 @@ name="shibboleth_sp" rcvar=shibboleth_sp_enable +: ${shibboleth_sp_enable:='NO'} +: ${shibboleth_sp_flags:=''} + command=${shibboleth_sp_program:-%%PREFIX%%/sbin/shibd} -pidfile="${shibboleth_sp_pidfile:-/var/run/${name}.pid}" -command_args="-f -p ${pidfile}" +pidfile="${shibboleth_sp_pidfile:-/var/run/shibboleth/${name}.pid}" +start_precmd="shibboleth_sp_configtest" +restart_precmd="shibboleth_sp_configtest" +configtest_cmd="shibboleth_sp_configtest" +keygen_cmd="shibboleth_sp_keygen" + +shibboleth_sp_user=%%SHIBD_USER%% +shibboleth_sp_group=%%SHIBD_GROUP%% load_rc_config $name + +command_args="-f -p ${pidfile} -u ${shibboleth_sp_user} -g ${shibboleth_sp_group}" +confdir=${SHIBSP_CFGDIR:-%%PREFIX%%/etc}/shibboleth +cert=sp-cert.pem +key=sp-key.pem + +shibboleth_sp_configtest() { + if [ ! -s ${confdir}/${key} -o ! -s ${confdir}/${cert} ]; then + run_rc_command keygen + else + # update from 2.4.x, chown %%SHIBD_USER%% the key and cert + for f in ${confdir}/${key} ${confdir}/${cert}; do + set X `stat ${f}` + test $6 != ${shibboleth_sp_user} && chown ${shibboleth_sp_user}:${shibboleth_sp_group} ${f} + done + fi + ${command} ${shibboleth_sp_flags} -u ${shibboleth_sp_user} -g ${shibboleth_sp_group} -t +} + +shibboleth_sp_keygen() { + %%SH%% ${confdir}/keygen.sh -o ${confdir} -u ${shibboleth_sp_user} -g ${shibboleth_sp_group} +} + +extra_commands="configtest keygen" + run_rc_command "$1" diff --git a/security/shibboleth2-sp/pkg-descr b/security/shibboleth2-sp/pkg-descr index 69a5d4d..6ee434a 100644 --- a/security/shibboleth2-sp/pkg-descr +++ b/security/shibboleth2-sp/pkg-descr @@ -10,4 +10,4 @@ service provider manages secured resources. User access to resources is based on assertions received by the service provider (SP) from an identity provider. -WWW: http://shibboleth.internet2.edu/ +WWW: http://shibboleth.internet2.edu/ diff --git a/security/shibboleth2-sp/pkg-plist b/security/shibboleth2-sp/pkg-plist index 560d302..0e4b0dd 100644 --- a/security/shibboleth2-sp/pkg-plist +++ b/security/shibboleth2-sp/pkg-plist @@ -64,11 +64,13 @@ etc/shibboleth/shibd-suse etc/shibboleth/shibd-osx.plist etc/shibboleth/apache.config etc/shibboleth/apache2.config +@unexec if cmp -s %D/etc/shibboleth/attrChecker.html.dist %D/etc/shibboleth/attrChecker.html; then rm -f %D/etc/shibboleth/attrChecker.html; fi +etc/shibboleth/attrChecker.html.dist +@exec if [ ! -f %D/etc/shibboleth/attrChecker.html ] ; then cp -p %D/etc/shibboleth/attrChecker.html.dist %D/etc/shibboleth/attrChecker.html; fi etc/shibboleth/apache22.config +etc/shibboleth/apache24.config etc/shibboleth/keygen.sh etc/shibboleth/upgrade.xsl -etc/shibboleth/sp-key.pem -etc/shibboleth/sp-cert.pem @unexec if cmp -s %D/etc/shibboleth/postTemplate.html.dist %D/etc/shibboleth/postTemplate.html; then rm -f %D/etc/shibboleth/postTemplate.html; fi etc/shibboleth/postTemplate.html.dist @exec if [ ! -f %D/etc/shibboleth/postTemplate.html ] ; then cp -p %D/etc/shibboleth/postTemplate.html.dist %D/etc/shibboleth/postTemplate.html; fi @@ -88,6 +90,7 @@ include/shibsp/SessionCacheEx.h include/shibsp/TransactionLog.h include/shibsp/attribute/Attribute.h include/shibsp/attribute/AttributeDecoder.h +include/shibsp/attribute/BinaryAttribute.h include/shibsp/attribute/ExtensibleAttribute.h include/shibsp/attribute/NameIDAttribute.h include/shibsp/attribute/ScopedAttribute.h @@ -102,10 +105,10 @@ include/shibsp/attribute/resolver/AttributeExtractor.h include/shibsp/attribute/resolver/AttributeResolver.h include/shibsp/attribute/resolver/ResolutionContext.h include/shibsp/base.h -include/shibsp/config_pub.h include/shibsp/binding/ArtifactResolver.h include/shibsp/binding/ProtocolProvider.h include/shibsp/binding/SOAPClient.h +include/shibsp/config_pub.h include/shibsp/exceptions.h include/shibsp/handler/AbstractHandler.h include/shibsp/handler/AssertionConsumerService.h @@ -113,6 +116,7 @@ include/shibsp/handler/Handler.h include/shibsp/handler/LogoutHandler.h include/shibsp/handler/LogoutInitiator.h include/shibsp/handler/RemotedHandler.h +include/shibsp/handler/SecuredHandler.h include/shibsp/handler/SessionInitiator.h include/shibsp/lite/CommonDomainCookie.h include/shibsp/lite/SAMLConstants.h @@ -126,21 +130,20 @@ include/shibsp/security/SecurityPolicy.h include/shibsp/security/SecurityPolicyProvider.h include/shibsp/util/CGIParser.h include/shibsp/util/DOMPropertySet.h +include/shibsp/util/IPRange.h include/shibsp/util/PropertySet.h include/shibsp/util/SPConstants.h include/shibsp/util/TemplateParameters.h include/shibsp/version.h -lib/libshibsp.so.5 +lib/libshibsp.so.6 lib/libshibsp.so lib/shibboleth/adfs.so -lib/shibboleth/adfs.la lib/shibboleth/adfs-lite.so -lib/shibboleth/adfs-lite.la +lib/shibboleth/plugins-lite.so +lib/shibboleth/plugins.so %%WITH_APACHE_22%%lib/shibboleth/mod_shib_22.so -%%WITH_APACHE_22%%lib/shibboleth/mod_shib_22.la -%%WITH_APACHE_20%%lib/shibboleth/mod_shib_20.so -%%WITH_APACHE_20%%lib/shibboleth/mod_shib_20.la -lib/libshibsp-lite.so.5 +%%WITH_APACHE_24%%lib/shibboleth/mod_shib_24.so +lib/libshibsp-lite.so.6 lib/libshibsp-lite.so sbin/shibd share/xml/shibboleth/catalog.xml @@ -155,20 +158,22 @@ share/xml/shibboleth/shibboleth-metadata-1.0.xsd share/xml/shibboleth/shibboleth.xsd share/xml/shibboleth/WS-Trust.xsd share/doc/shibboleth/CREDITS.txt +share/doc/shibboleth/FASTCGI.LICENSE share/doc/shibboleth/LICENSE.txt +share/doc/shibboleth/LOG4CPP.LICENSE share/doc/shibboleth/NOTICE.txt +share/doc/shibboleth/OPENSSL.LICENSE share/doc/shibboleth/README.txt share/doc/shibboleth/RELEASE.txt -share/doc/shibboleth/FASTCGI.LICENSE -share/doc/shibboleth/OPENSSL.LICENSE -share/doc/shibboleth/LOG4CPP.LICENSE share/doc/shibboleth/main.css -share/doc/shibboleth/logo.jpg -@exec mkdir -p %D/data +@exec mkdir -p /var/cache/shibboleth +@exec chown -R %%SHIBD_USER%%:%%SHIBD_GROUP%% /var/cache/shibboleth @exec mkdir -p /var/log/shibboleth +@exec chown -R %%SHIBD_USER%%:%%SHIBD_GROUP%% /var/log/shibboleth @exec mkdir -p /var/run/shibboleth -@exec chown www:www /var/run/shibboleth -@exec chmod -R ug=rwx,o= /var/run/shibboleth +@exec chown -R %%SHIBD_USER%%:%%WWWGRP%% /var/run/shibboleth +@exec chmod -R u=rwx,g=rx,o= /var/run/shibboleth +@unexec rm -rf /var/cache/shibboleth 2>&1 >/dev/null || true @unexec rm -rf /var/run/shibboleth 2>&1 >/dev/null || true @dirrmtry share/doc/shibboleth/api @dirrmtry share/doc/shibboleth |
