diff options
| author | Palle Girgensohn <girgen@FreeBSD.org> | 2013-06-04 17:29:21 +0000 |
|---|---|---|
| committer | Palle Girgensohn <girgen@FreeBSD.org> | 2013-06-04 17:29:21 +0000 |
| commit | 732610c7360eaaeb26f84ddd9fd4d3302f07ac82 (patch) | |
| tree | 4b402459887dd978d82326c7033b384c026b386b | |
| parent | 23327530f45cb8d7c5d0cf826c41a71cde1486ab (diff) | |
| download | ports-732610c7360eaaeb26f84ddd9fd4d3302f07ac82.tar.gz ports-732610c7360eaaeb26f84ddd9fd4d3302f07ac82.zip | |
Notes
| -rw-r--r-- | GIDs | 1 | ||||
| -rw-r--r-- | UIDs | 1 | ||||
| -rw-r--r-- | devel/log4shib/Makefile | 8 | ||||
| -rw-r--r-- | devel/log4shib/distinfo | 4 | ||||
| -rw-r--r-- | devel/xmltooling/Makefile | 11 | ||||
| -rw-r--r-- | devel/xmltooling/distinfo | 4 | ||||
| -rw-r--r-- | devel/xmltooling/pkg-plist | 8 | ||||
| -rw-r--r-- | security/apache-xml-security-c/Makefile | 4 | ||||
| -rw-r--r-- | security/apache-xml-security-c/distinfo | 4 | ||||
| -rw-r--r-- | security/apache-xml-security-c/pkg-plist | 2 | ||||
| -rw-r--r-- | security/opensaml2/Makefile | 9 | ||||
| -rw-r--r-- | security/opensaml2/distinfo | 4 | ||||
| -rw-r--r-- | security/opensaml2/pkg-plist | 5 | ||||
| -rw-r--r-- | security/shibboleth2-sp/Makefile | 53 | ||||
| -rw-r--r-- | security/shibboleth2-sp/distinfo | 4 | ||||
| -rw-r--r-- | security/shibboleth2-sp/files/patch-configure.ac | 11 | ||||
| -rw-r--r-- | security/shibboleth2-sp/files/patch-makefiles-docdir | 47 | ||||
| -rw-r--r-- | security/shibboleth2-sp/files/patch-shibboleth-spec | 26 | ||||
| -rw-r--r-- | security/shibboleth2-sp/files/shibboleth-sp.in | 38 | ||||
| -rw-r--r-- | security/shibboleth2-sp/pkg-descr | 2 | ||||
| -rw-r--r-- | security/shibboleth2-sp/pkg-plist | 39 |
21 files changed, 200 insertions, 85 deletions
@@ -253,5 +253,6 @@ elasticsearch:*:965: ossec:*:966: kippo:*:969: colord:*:970: +shibd:*:971: nogroup:*:65533: nobody:*:65534: @@ -260,4 +260,5 @@ ossecm:*:967:966::0:0:OSSEC mail user:/usr/local/ossec-hids:/usr/sbin/nologin ossecr:*:968:966::0:0:OSSEC rem user:/usr/local/ossec-hids:/usr/sbin/nologin kippo:*:969:969::0:0:kippo user:/nonexistent:/usr/sbin/nologin colord:*:970:970::0:0:colord color management daemon:/nonexistent:/usr/sbin/nologin +shibd:*:971:971::0:0:Shibboleth SAML daemon:/nonexistent:/usr/sbin/nologin nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin diff --git a/devel/log4shib/Makefile b/devel/log4shib/Makefile index a1b9524c62bb..d4d5b1691ac9 100644 --- a/devel/log4shib/Makefile +++ b/devel/log4shib/Makefile @@ -7,11 +7,11 @@ # PORTNAME= log4shib -DISTVERSION= 1.0.4 +DISTVERSION= 1.0.6 CATEGORIES= devel -MASTER_SITES= http://shibboleth.internet2.edu/downloads/${PORTNAME}/${DISTVERSION}/ +MASTER_SITES= http://shibboleth.net/downloads/${PORTNAME}/${DISTVERSION}/ -MAINTAINER= vanilla@FreeBSD.org +MAINTAINER= girgen@FreeBSD.org COMMENT= A library of C++ classes for flexible logging USE_AUTOTOOLS= libtool @@ -21,8 +21,8 @@ USE_GNOME= pkgconfig gnomehack CONFIGURE_ARGS= --with-pthreads --disable-html-docs --disable-doxygen USE_LDCONFIG= yes +USES= pathfix post-patch: @${REINPLACE_CMD} -e 's| -pedantic||g' ${WRKSRC}/configure - @${REINPLACE_CMD} -e 's|(libdir)/pkgconfig|(prefix)/libdata/pkgconfig|' ${WRKSRC}/Makefile.in .include <bsd.port.mk> diff --git a/devel/log4shib/distinfo b/devel/log4shib/distinfo index 50fc4375b84e..2f4d8f33039c 100644 --- a/devel/log4shib/distinfo +++ b/devel/log4shib/distinfo @@ -1,2 +1,2 @@ -SHA256 (log4shib-1.0.4.tar.gz) = 4e5f9e58f14f2498d8be15dc0a6223e83f0510a924494295329b20745cacbc38 -SIZE (log4shib-1.0.4.tar.gz) = 487529 +SHA256 (log4shib-1.0.6.tar.gz) = 060f472a085e34658f4eb19c2be56010adfcf33cf138071f8e7c953aa278d567 +SIZE (log4shib-1.0.6.tar.gz) = 571088 diff --git a/devel/xmltooling/Makefile b/devel/xmltooling/Makefile index 565d22adc460..e58961db79e5 100644 --- a/devel/xmltooling/Makefile +++ b/devel/xmltooling/Makefile @@ -2,18 +2,19 @@ # $FreeBSD$ PORTNAME= xmltooling -PORTVERSION= 1.4.2 -PORTREVISION= 1 +PORTVERSION= 1.5.2 CATEGORIES= devel security -MASTER_SITES= http://www.shibboleth.net/downloads/c++-opensaml/2.4.3/ +MASTER_SITES= http://shibboleth.net/downloads/c++-opensaml/2.5.2/ -MAINTAINER= jmohacsi@bsd.hu +MAINTAINER= girgen@FreeBSD.org COMMENT= Low level XML support for SAML LIB_DEPENDS= curl.6:${PORTSDIR}/ftp/curl \ log4shib.1:${PORTSDIR}/devel/log4shib \ xerces-c.3:${PORTSDIR}/textproc/xerces-c3 \ - xml-security-c.16:${PORTSDIR}/security/apache-xml-security-c + xml-security-c.17:${PORTSDIR}/security/apache-xml-security-c + +BUILD_DEPENDS= boost-libs>=0:${PORTSDIR}/devel/boost-libs GNU_CONFIGURE= yes CONFIGURE_ARGS+=--with-log4shib=${LOCALBASE} --with-openssl=${OPENSSLBASE} --with-curl=${LOCALBASE} --disable-doxygen-doc diff --git a/devel/xmltooling/distinfo b/devel/xmltooling/distinfo index a6bcb53ede98..68b32c4ff083 100644 --- a/devel/xmltooling/distinfo +++ b/devel/xmltooling/distinfo @@ -1,2 +1,2 @@ -SHA256 (xmltooling-1.4.2.tar.gz) = c32c503532cd0f2c64a71f0a7f4e63f660f1205830603b0bcd9225dc3c23445d -SIZE (xmltooling-1.4.2.tar.gz) = 636598 +SHA256 (xmltooling-1.5.2.tar.gz) = d43719f8d742d87131ea64f2dbc8f1b366c7f216ac21015090a51693ff11df98 +SIZE (xmltooling-1.5.2.tar.gz) = 679098 diff --git a/devel/xmltooling/pkg-plist b/devel/xmltooling/pkg-plist index 2e58b81087b0..1802636c0178 100644 --- a/devel/xmltooling/pkg-plist +++ b/devel/xmltooling/pkg-plist @@ -48,7 +48,10 @@ include/xmltooling/security/KeyInfoCredentialContext.h include/xmltooling/security/KeyInfoResolver.h include/xmltooling/security/OpenSSLCredential.h include/xmltooling/security/OpenSSLCryptoX509CRL.h +include/xmltooling/security/OpenSSLPathValidator.h include/xmltooling/security/OpenSSLTrustEngine.h +include/xmltooling/security/PKIXPathValidatorParams.h +include/xmltooling/security/PathValidator.h include/xmltooling/security/SecurityHelper.h include/xmltooling/security/SignatureTrustEngine.h include/xmltooling/security/TrustEngine.h @@ -84,13 +87,14 @@ include/xmltooling/validation/Validator.h include/xmltooling/validation/ValidatorSuite.h include/xmltooling/version.h lib/libxmltooling-lite.so -lib/libxmltooling-lite.so.5 +lib/libxmltooling-lite.so.6 lib/libxmltooling.so -lib/libxmltooling.so.5 +lib/libxmltooling.so.6 libdata/pkgconfig/xmltooling.pc share/xml/xmltooling/catalog.xml share/xml/xmltooling/soap-envelope.xsd share/xml/xmltooling/xenc-schema.xsd +share/xml/xmltooling/xenc11-schema.xsd share/xml/xmltooling/xml.xsd share/xml/xmltooling/xmldsig-core-schema.xsd share/xml/xmltooling/xmldsig11-schema.xsd diff --git a/security/apache-xml-security-c/Makefile b/security/apache-xml-security-c/Makefile index 777649bdaad1..40ad919c9afd 100644 --- a/security/apache-xml-security-c/Makefile +++ b/security/apache-xml-security-c/Makefile @@ -2,13 +2,13 @@ # $FreeBSD$ PORTNAME= xml-security-c -PORTVERSION= 1.6.1 +PORTVERSION= 1.7.0 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_APACHE} MASTER_SITE_SUBDIR=santuario/c-library PKGNAMEPREFIX= apache- -MAINTAINER= jmohacsi@bsd.hu +MAINTAINER= girgen@FreeBSD.org COMMENT= Apache XML security libraries - C++ version LICENSE= AL2 diff --git a/security/apache-xml-security-c/distinfo b/security/apache-xml-security-c/distinfo index 1cf0b5a6d730..6c16d8dc1865 100644 --- a/security/apache-xml-security-c/distinfo +++ b/security/apache-xml-security-c/distinfo @@ -1,2 +1,2 @@ -SHA256 (xml-security-c-1.6.1.tar.gz) = 73931a55d6925a82416ea48f8d6f1b8ed591368e1dfc30574fe43904b7c62fcd -SIZE (xml-security-c-1.6.1.tar.gz) = 864366 +SHA256 (xml-security-c-1.7.0.tar.gz) = c8cd6ec3d3b777fcca295cb4b273b08e4cfe37e03fc27131ec079894b9dae87c +SIZE (xml-security-c-1.7.0.tar.gz) = 874025 diff --git a/security/apache-xml-security-c/pkg-plist b/security/apache-xml-security-c/pkg-plist index dc6d2c91ed3a..fc21acc56b0b 100644 --- a/security/apache-xml-security-c/pkg-plist +++ b/security/apache-xml-security-c/pkg-plist @@ -160,7 +160,7 @@ include/xsec/xkms/XKMSValidateResult.hpp include/xsec/xkms/XKMSValidityInterval.hpp lib/libxml-security-c.a lib/libxml-security-c.so -lib/libxml-security-c.so.16 +lib/libxml-security-c.so.17 @dirrm include/xsec/xkms @dirrm include/xsec/xenc @dirrm include/xsec/utils/unixutils diff --git a/security/opensaml2/Makefile b/security/opensaml2/Makefile index 82259491df15..75757240614c 100644 --- a/security/opensaml2/Makefile +++ b/security/opensaml2/Makefile @@ -2,19 +2,18 @@ # $FreeBSD$ PORTNAME= opensaml2 -PORTVERSION= 2.4.3 -PORTREVISION= 1 +PORTVERSION= 2.5.2 CATEGORIES= security -MASTER_SITES= http://www.shibboleth.net/downloads/c++-opensaml/${PORTVERSION}/ +MASTER_SITES= http://shibboleth.net/downloads/c++-opensaml/${PORTVERSION}/ DISTNAME= opensaml-${PORTVERSION} -MAINTAINER= jmohacsi@bsd.hu +MAINTAINER= girgen@FreeBSD.org COMMENT= Open source implementation of SAML2 LIB_DEPENDS= curl.6:${PORTSDIR}/ftp/curl \ log4shib.1:${PORTSDIR}/devel/log4shib \ xerces-c.3:${PORTSDIR}/textproc/xerces-c3 \ - xmltooling.5:${PORTSDIR}/devel/xmltooling + xmltooling.6:${PORTSDIR}/devel/xmltooling GNU_CONFIGURE= yes CONFIGURE_ARGS+=--with-log4shib=${LOCALBASE} --with-openssl=${OPENSSLBASE} \ diff --git a/security/opensaml2/distinfo b/security/opensaml2/distinfo index 72152db89615..e82df96738c0 100644 --- a/security/opensaml2/distinfo +++ b/security/opensaml2/distinfo @@ -1,2 +1,2 @@ -SHA256 (opensaml-2.4.3.tar.gz) = 850187c7dd664f9216a387bcc9e08f36643f04ddc08d11551e33a46dd15d2539 -SIZE (opensaml-2.4.3.tar.gz) = 871693 +SHA256 (opensaml-2.5.2.tar.gz) = 5bc3fbe5e789ad7aedfc2919413131400290466ecd2b77b1c3f3dc4c37e6fe54 +SIZE (opensaml-2.5.2.tar.gz) = 707139 diff --git a/security/opensaml2/pkg-plist b/security/opensaml2/pkg-plist index 00c8c06581ba..e6b84d8e823f 100644 --- a/security/opensaml2/pkg-plist +++ b/security/opensaml2/pkg-plist @@ -25,6 +25,7 @@ include/saml/saml2/metadata/AbstractMetadataProvider.h include/saml/saml2/metadata/DiscoverableMetadataProvider.h include/saml/saml2/metadata/DynamicMetadataProvider.h include/saml/saml2/metadata/EndpointManager.h +include/saml/saml2/metadata/EntityMatcher.h include/saml/saml2/metadata/Metadata.h include/saml/saml2/metadata/MetadataCredentialContext.h include/saml/saml2/metadata/MetadataCredentialCriteria.h @@ -46,7 +47,7 @@ include/saml/signature/SignableObject.h include/saml/signature/SignatureProfileValidator.h include/saml/util/CommonDomainCookie.h include/saml/util/SAMLConstants.h -lib/libsaml.so.7 +lib/libsaml.so.8 lib/libsaml.so libdata/pkgconfig/opensaml.pc %%PORTDOCS%%%%DOCSDIR%%/README.txt @@ -67,6 +68,8 @@ share/xml/opensaml/cs-sstc-schema-assertion-01.xsd share/xml/opensaml/cs-sstc-schema-protocol-01.xsd share/xml/opensaml/cs-sstc-schema-assertion-1.1.xsd share/xml/opensaml/cs-sstc-schema-protocol-1.1.xsd +share/xml/opensaml/saml-async-slo-v1.0.xsd +share/xml/opensaml/saml-metadata-rpi-v1.0.xsd share/xml/opensaml/saml-schema-assertion-2.0.xsd share/xml/opensaml/saml-schema-authn-context-2.0.xsd share/xml/opensaml/saml-schema-authn-context-auth-telephony-2.0.xsd diff --git a/security/shibboleth2-sp/Makefile b/security/shibboleth2-sp/Makefile index 8d573b5b61a6..c20e1b49b365 100644 --- a/security/shibboleth2-sp/Makefile +++ b/security/shibboleth2-sp/Makefile @@ -2,53 +2,58 @@ # $FreeBSD$ PORTNAME= shibboleth-sp -PORTVERSION= 2.4.3 -PORTREVISION= 1 +PORTVERSION= 2.5.1 CATEGORIES= security www -MASTER_SITES= http://www.shibboleth.net/downloads/service-provider/${PORTVERSION}/ +MASTER_SITES= http://shibboleth.net/downloads/service-provider/${PORTVERSION}/ -MAINTAINER= swills@FreeBSD.org +MAINTAINER= girgen@FreeBSD.org COMMENT= C++ Shibboleth Service Provider (Internet2) for Apache -LIB_DEPENDS= saml.7:${PORTSDIR}/security/opensaml2 - -OPTIONS_DEFINE= APACHE22 -APACHE22_DESC= Use Apache version 2.2 instead of version 2.0 +LIB_DEPENDS= saml.8:${PORTSDIR}/security/opensaml2 MAKE_JOBS_SAFE= yes USE_GMAKE= yes GNU_CONFIGURE= yes +MAKE_ENV= NOKEYGEN=YES USE_LDCONFIG= yes USE_RC_SUBR= shibboleth-sp -USE_AUTOTOOLS= autoconf automake:env libtool:env -WRKSRC= ${WRKDIR}/shibboleth-${PORTVERSION} LATEST_LINK= shibboleth2-sp +USERS= shibd +GROUPS= shibd + +USE_APACHE= 22-24 +USE_OPENSSL= yes + .include <bsd.port.pre.mk> -.if ${PORT_OPTIONS:MAPACHE22} -USE_APACHE= 22 +.if ${APACHE_VERSION} == 22 CONFIGURE_ARGS= --enable-apache-22 --with-apxs22=${APXS} PLIST_SUB+= WITH_APACHE_22="" -PLIST_SUB+= WITH_APACHE_20="@comment " +PLIST_SUB+= WITH_APACHE_24="@comment " .else -IGNORE= apache20 is no longer available -#USE_APACHE= 20 -#CONFIGURE_ARGS= --enable-apache-20 --with-apxs2=${APXS} --with-apr=${PREFIX}/lib/apache2/apr-config --with-apu=${PREFIX}/lib/apache2/apu-config +CONFIGURE_ARGS= --enable-apache-24 --with-apxs24=${APXS} PLIST_SUB+= WITH_APACHE_22="@comment " -PLIST_SUB+= WITH_APACHE_20="" +PLIST_SUB+= WITH_APACHE_24="" .endif + +SUB_LIST+= SH=${SH} +PLIST_SUB+= WWWOWN=${WWWOWN} WWWGRP=${WWWGRP} + +SUB_LIST+= SHIBD_USER=${USERS} +SUB_LIST+= SHIBD_GROUP=${GROUPS} +PLIST_SUB+= SHIBD_USER=${USERS} +PLIST_SUB+= SHIBD_GROUP=${GROUPS} + CONFIGURE_ARGS+= --localstatedir=/var --with-log4shib=${LOCALBASE} CONFIGURE_ARGS+= --with-openssl=${OPENSSLBASE} --with-xmltooling=${LOCALBASE} CONFIGURE_ARGS+= --disable-doxygen-doc -pre-configure: - @${REINPLACE_CMD} -e 's|/run|/run/shibboleth|' ${WRKSRC}/configs/Makefile.in - @${REINPLACE_CMD} -e 's|/doc/@PACKAGE@-@PACKAGE_VERSION@|/doc/@PACKAGE@|' \ - ${WRKSRC}/configs/Makefile.am ${WRKSRC}/configs/Makefile.in \ - ${WRKSRC}/doc/Makefile.am ${WRKSRC}/doc/Makefile.in - ${RM} ${WRKSRC}/aclocal.m4 - @cd ${WRKSRC} && ${AUTORECONF} -fvi +post-install: + ${CHOWN} -R ${USERS}:${GROUPS} /var/cache/shibboleth ;\ + ${CHOWN} -R ${USERS}:${GROUPS} /var/log/shibboleth ;\ + ${CHOWN} -R ${USERS}:${WWWGRP} /var/run/shibboleth ;\ + ${CHMOD} -R u=rwx,g=rx,o= /var/run/shibboleth .include <bsd.port.post.mk> diff --git a/security/shibboleth2-sp/distinfo b/security/shibboleth2-sp/distinfo index eeba5920b73b..7539abe0ad73 100644 --- a/security/shibboleth2-sp/distinfo +++ b/security/shibboleth2-sp/distinfo @@ -1,2 +1,2 @@ -SHA256 (shibboleth-sp-2.4.3.tar.gz) = 9e0b219707046b55d0ca38627fb213b799ac98cf11541845b7e6b036a89dcdcf -SIZE (shibboleth-sp-2.4.3.tar.gz) = 854326 +SHA256 (shibboleth-sp-2.5.1.tar.gz) = a697034fe56a170602a3907cde6faf822836b1ba23cdc11af315a81df6102f04 +SIZE (shibboleth-sp-2.5.1.tar.gz) = 952815 diff --git a/security/shibboleth2-sp/files/patch-configure.ac b/security/shibboleth2-sp/files/patch-configure.ac deleted file mode 100644 index 90e629c972da..000000000000 --- a/security/shibboleth2-sp/files/patch-configure.ac +++ /dev/null @@ -1,11 +0,0 @@ ---- configure.ac.orig 2009-12-01 19:07:37.000000000 +0200 -+++ configure.ac 2010-01-06 19:23:05.000000000 +0200 -@@ -717,7 +717,7 @@ - AC_MSG_CHECKING(for user-specified apu-config name/location) - if test "$withval" != "no" ; then - if test "$withval" != "yes"; then -- APR_CONFIG=$withval -+ APU_CONFIG=$withval - AC_MSG_RESULT("$withval") - fi - fi diff --git a/security/shibboleth2-sp/files/patch-makefiles-docdir b/security/shibboleth2-sp/files/patch-makefiles-docdir new file mode 100644 index 000000000000..aa62695f5a1d --- /dev/null +++ b/security/shibboleth2-sp/files/patch-makefiles-docdir @@ -0,0 +1,47 @@ +--- doc/Makefile.am.orig 2012-07-23 22:08:29.000000000 +0200 ++++ doc/Makefile.am 2013-02-22 10:53:42.000000000 +0100 +@@ -1,7 +1,7 @@ + AUTOMAKE_OPTIONS = foreign + +-pkgdocdir = $(datadir)/doc/@PACKAGE_NAME@-@PACKAGE_VERSION@ +-pkgwebdir = $(datadir)/@PACKAGE_NAME@ ++pkgdocdir = $(datadir)/doc/@PACKAGE_NAME@ ++pkgwebdir = $(datadir)/doc/@PACKAGE_NAME@ + + install-data-hook: + if test -d api ; then \ +--- doc/Makefile.in.orig 2012-12-04 05:50:56.000000000 +0100 ++++ doc/Makefile.in 2013-02-22 10:53:42.000000000 +0100 +@@ -288,8 +288,8 @@ + top_srcdir = @top_srcdir@ + xs = @xs@ + AUTOMAKE_OPTIONS = foreign +-pkgdocdir = $(datadir)/doc/@PACKAGE_NAME@-@PACKAGE_VERSION@ +-pkgwebdir = $(datadir)/@PACKAGE_NAME@ ++pkgdocdir = $(datadir)/doc/@PACKAGE_NAME@ ++pkgwebdir = $(datadir)/doc/@PACKAGE_NAME@ + docfiles = \ + CREDITS.txt \ + LICENSE.txt \ +--- configs/Makefile.am.orig 2012-12-04 05:49:50.000000000 +0100 ++++ configs/Makefile.am 2013-02-22 10:53:42.000000000 +0100 +@@ -6,7 +6,7 @@ + pkglogdir = ${localstatedir}/log/@PACKAGE_NAME@ + shirelogdir = ${localstatedir}/log/httpd + pkgxmldir = $(datadir)/xml/@PACKAGE_NAME@ +-pkgwebdir = $(datadir)/@PACKAGE_NAME@ ++pkgwebdir = $(datadir)/doc/@PACKAGE_NAME@ + pkgrundir = $(localstatedir)/run/@PACKAGE_NAME@ + pkgcachedir = $(localstatedir)/cache/@PACKAGE_NAME@ + pkgsysconfdir = $(sysconfdir)/@PACKAGE_NAME@ +--- configs/Makefile.in.orig 2012-12-04 05:50:56.000000000 +0100 ++++ configs/Makefile.in 2013-02-22 10:53:42.000000000 +0100 +@@ -291,7 +291,7 @@ + pkglogdir = ${localstatedir}/log/@PACKAGE_NAME@ + shirelogdir = ${localstatedir}/log/httpd + pkgxmldir = $(datadir)/xml/@PACKAGE_NAME@ +-pkgwebdir = $(datadir)/@PACKAGE_NAME@ ++pkgwebdir = $(datadir)/doc/@PACKAGE_NAME@ + pkgrundir = $(localstatedir)/run/@PACKAGE_NAME@ + pkgcachedir = $(localstatedir)/cache/@PACKAGE_NAME@ + pkgsysconfdir = $(sysconfdir)/@PACKAGE_NAME@ diff --git a/security/shibboleth2-sp/files/patch-shibboleth-spec b/security/shibboleth2-sp/files/patch-shibboleth-spec new file mode 100644 index 000000000000..532bafccf508 --- /dev/null +++ b/security/shibboleth2-sp/files/patch-shibboleth-spec @@ -0,0 +1,26 @@ +--- shibboleth.spec.in.orig 2012-12-04 05:49:49.000000000 +0100 ++++ shibboleth.spec.in 2013-06-03 16:19:28.000000000 +0200 +@@ -58,7 +58,7 @@ + %if "%{_vendor}" == "suse" + %define pkgdocdir %{_docdir}/shibboleth + %else +-%define pkgdocdir %{_docdir}/shibboleth-%{version} ++%define pkgdocdir %{_docdir}/shibboleth + %endif + + %description +@@ -202,14 +202,6 @@ + /sbin/ldconfig + %endif + +-# Key generation or ownership fix +-cd %{_sysconfdir}/shibboleth +-if [ -f sp-key.pem ] ; then +- %{__chown} %{runuser}:%{runuser} sp-key.pem sp-cert.pem 2>/dev/null || : +-else +- sh ./keygen.sh -b -u %{runuser} -g %{runuser} +-fi +- + # Fix ownership of log files (even on new installs, if they're left from an older one). + %{__chown} %{runuser}:%{runuser} %{_localstatedir}/log/shibboleth/* 2>/dev/null || : + diff --git a/security/shibboleth2-sp/files/shibboleth-sp.in b/security/shibboleth2-sp/files/shibboleth-sp.in index 5a81e04202f5..65f874747287 100644 --- a/security/shibboleth2-sp/files/shibboleth-sp.in +++ b/security/shibboleth2-sp/files/shibboleth-sp.in @@ -11,9 +11,43 @@ name="shibboleth_sp" rcvar=shibboleth_sp_enable +: ${shibboleth_sp_enable:='NO'} +: ${shibboleth_sp_flags:=''} + command=${shibboleth_sp_program:-%%PREFIX%%/sbin/shibd} -pidfile="${shibboleth_sp_pidfile:-/var/run/${name}.pid}" -command_args="-f -p ${pidfile}" +pidfile="${shibboleth_sp_pidfile:-/var/run/shibboleth/${name}.pid}" +start_precmd="shibboleth_sp_configtest" +restart_precmd="shibboleth_sp_configtest" +configtest_cmd="shibboleth_sp_configtest" +keygen_cmd="shibboleth_sp_keygen" + +shibboleth_sp_user=%%SHIBD_USER%% +shibboleth_sp_group=%%SHIBD_GROUP%% load_rc_config $name + +command_args="-f -p ${pidfile} -u ${shibboleth_sp_user} -g ${shibboleth_sp_group}" +confdir=${SHIBSP_CFGDIR:-%%PREFIX%%/etc}/shibboleth +cert=sp-cert.pem +key=sp-key.pem + +shibboleth_sp_configtest() { + if [ ! -s ${confdir}/${key} -o ! -s ${confdir}/${cert} ]; then + run_rc_command keygen + else + # update from 2.4.x, chown %%SHIBD_USER%% the key and cert + for f in ${confdir}/${key} ${confdir}/${cert}; do + set X `stat ${f}` + test $6 != ${shibboleth_sp_user} && chown ${shibboleth_sp_user}:${shibboleth_sp_group} ${f} + done + fi + ${command} ${shibboleth_sp_flags} -u ${shibboleth_sp_user} -g ${shibboleth_sp_group} -t +} + +shibboleth_sp_keygen() { + %%SH%% ${confdir}/keygen.sh -o ${confdir} -u ${shibboleth_sp_user} -g ${shibboleth_sp_group} +} + +extra_commands="configtest keygen" + run_rc_command "$1" diff --git a/security/shibboleth2-sp/pkg-descr b/security/shibboleth2-sp/pkg-descr index 69a5d4d6ec80..6ee434a8a710 100644 --- a/security/shibboleth2-sp/pkg-descr +++ b/security/shibboleth2-sp/pkg-descr @@ -10,4 +10,4 @@ service provider manages secured resources. User access to resources is based on assertions received by the service provider (SP) from an identity provider. -WWW: http://shibboleth.internet2.edu/ +WWW: http://shibboleth.internet2.edu/ diff --git a/security/shibboleth2-sp/pkg-plist b/security/shibboleth2-sp/pkg-plist index 560d302da628..0e4b0dd03c27 100644 --- a/security/shibboleth2-sp/pkg-plist +++ b/security/shibboleth2-sp/pkg-plist @@ -64,11 +64,13 @@ etc/shibboleth/shibd-suse etc/shibboleth/shibd-osx.plist etc/shibboleth/apache.config etc/shibboleth/apache2.config +@unexec if cmp -s %D/etc/shibboleth/attrChecker.html.dist %D/etc/shibboleth/attrChecker.html; then rm -f %D/etc/shibboleth/attrChecker.html; fi +etc/shibboleth/attrChecker.html.dist +@exec if [ ! -f %D/etc/shibboleth/attrChecker.html ] ; then cp -p %D/etc/shibboleth/attrChecker.html.dist %D/etc/shibboleth/attrChecker.html; fi etc/shibboleth/apache22.config +etc/shibboleth/apache24.config etc/shibboleth/keygen.sh etc/shibboleth/upgrade.xsl -etc/shibboleth/sp-key.pem -etc/shibboleth/sp-cert.pem @unexec if cmp -s %D/etc/shibboleth/postTemplate.html.dist %D/etc/shibboleth/postTemplate.html; then rm -f %D/etc/shibboleth/postTemplate.html; fi etc/shibboleth/postTemplate.html.dist @exec if [ ! -f %D/etc/shibboleth/postTemplate.html ] ; then cp -p %D/etc/shibboleth/postTemplate.html.dist %D/etc/shibboleth/postTemplate.html; fi @@ -88,6 +90,7 @@ include/shibsp/SessionCacheEx.h include/shibsp/TransactionLog.h include/shibsp/attribute/Attribute.h include/shibsp/attribute/AttributeDecoder.h +include/shibsp/attribute/BinaryAttribute.h include/shibsp/attribute/ExtensibleAttribute.h include/shibsp/attribute/NameIDAttribute.h include/shibsp/attribute/ScopedAttribute.h @@ -102,10 +105,10 @@ include/shibsp/attribute/resolver/AttributeExtractor.h include/shibsp/attribute/resolver/AttributeResolver.h include/shibsp/attribute/resolver/ResolutionContext.h include/shibsp/base.h -include/shibsp/config_pub.h include/shibsp/binding/ArtifactResolver.h include/shibsp/binding/ProtocolProvider.h include/shibsp/binding/SOAPClient.h +include/shibsp/config_pub.h include/shibsp/exceptions.h include/shibsp/handler/AbstractHandler.h include/shibsp/handler/AssertionConsumerService.h @@ -113,6 +116,7 @@ include/shibsp/handler/Handler.h include/shibsp/handler/LogoutHandler.h include/shibsp/handler/LogoutInitiator.h include/shibsp/handler/RemotedHandler.h +include/shibsp/handler/SecuredHandler.h include/shibsp/handler/SessionInitiator.h include/shibsp/lite/CommonDomainCookie.h include/shibsp/lite/SAMLConstants.h @@ -126,21 +130,20 @@ include/shibsp/security/SecurityPolicy.h include/shibsp/security/SecurityPolicyProvider.h include/shibsp/util/CGIParser.h include/shibsp/util/DOMPropertySet.h +include/shibsp/util/IPRange.h include/shibsp/util/PropertySet.h include/shibsp/util/SPConstants.h include/shibsp/util/TemplateParameters.h include/shibsp/version.h -lib/libshibsp.so.5 +lib/libshibsp.so.6 lib/libshibsp.so lib/shibboleth/adfs.so -lib/shibboleth/adfs.la lib/shibboleth/adfs-lite.so -lib/shibboleth/adfs-lite.la +lib/shibboleth/plugins-lite.so +lib/shibboleth/plugins.so %%WITH_APACHE_22%%lib/shibboleth/mod_shib_22.so -%%WITH_APACHE_22%%lib/shibboleth/mod_shib_22.la -%%WITH_APACHE_20%%lib/shibboleth/mod_shib_20.so -%%WITH_APACHE_20%%lib/shibboleth/mod_shib_20.la -lib/libshibsp-lite.so.5 +%%WITH_APACHE_24%%lib/shibboleth/mod_shib_24.so +lib/libshibsp-lite.so.6 lib/libshibsp-lite.so sbin/shibd share/xml/shibboleth/catalog.xml @@ -155,20 +158,22 @@ share/xml/shibboleth/shibboleth-metadata-1.0.xsd share/xml/shibboleth/shibboleth.xsd share/xml/shibboleth/WS-Trust.xsd share/doc/shibboleth/CREDITS.txt +share/doc/shibboleth/FASTCGI.LICENSE share/doc/shibboleth/LICENSE.txt +share/doc/shibboleth/LOG4CPP.LICENSE share/doc/shibboleth/NOTICE.txt +share/doc/shibboleth/OPENSSL.LICENSE share/doc/shibboleth/README.txt share/doc/shibboleth/RELEASE.txt -share/doc/shibboleth/FASTCGI.LICENSE -share/doc/shibboleth/OPENSSL.LICENSE -share/doc/shibboleth/LOG4CPP.LICENSE share/doc/shibboleth/main.css -share/doc/shibboleth/logo.jpg -@exec mkdir -p %D/data +@exec mkdir -p /var/cache/shibboleth +@exec chown -R %%SHIBD_USER%%:%%SHIBD_GROUP%% /var/cache/shibboleth @exec mkdir -p /var/log/shibboleth +@exec chown -R %%SHIBD_USER%%:%%SHIBD_GROUP%% /var/log/shibboleth @exec mkdir -p /var/run/shibboleth -@exec chown www:www /var/run/shibboleth -@exec chmod -R ug=rwx,o= /var/run/shibboleth +@exec chown -R %%SHIBD_USER%%:%%WWWGRP%% /var/run/shibboleth +@exec chmod -R u=rwx,g=rx,o= /var/run/shibboleth +@unexec rm -rf /var/cache/shibboleth 2>&1 >/dev/null || true @unexec rm -rf /var/run/shibboleth 2>&1 >/dev/null || true @dirrmtry share/doc/shibboleth/api @dirrmtry share/doc/shibboleth |