svn commit: r319885 - in head: . devel/log4shib devel/xmltooling security/apache-xml-security-c security/opensaml2 security/shibboleth2-sp security/shibboleth2-sp/files
Palle Girgensohn
girgen at FreeBSD.org
Tue Jun 4 17:29:26 UTC 2013
Author: girgen
Date: Tue Jun 4 17:29:21 2013
New Revision: 319885
URL: http://svnweb.freebsd.org/changeset/ports/319885
Log:
Update Shibboleth-sp and its tool chain to 2.5.1.
Note that from 2.5, shibd is run as the user shibd. The port tries to fix the
key file ownership but if you have changed the file name of the key from the
default sp-key.pem, make sure you chown your key file(s) to user shibd.
Also, take maintainership of the entire tool chain (approved by all previous
maintainers).
Incorporates the ideas suggested by Craig Leres [177668], making sure that the
ssl key is not added to the package.
PR: 177668, 178694
Added:
head/security/shibboleth2-sp/files/patch-makefiles-docdir (contents, props changed)
head/security/shibboleth2-sp/files/patch-shibboleth-spec (contents, props changed)
Deleted:
head/security/shibboleth2-sp/files/patch-configure.ac
Modified:
head/GIDs
head/UIDs
head/devel/log4shib/Makefile
head/devel/log4shib/distinfo
head/devel/xmltooling/Makefile
head/devel/xmltooling/distinfo
head/devel/xmltooling/pkg-plist
head/security/apache-xml-security-c/Makefile
head/security/apache-xml-security-c/distinfo
head/security/apache-xml-security-c/pkg-plist
head/security/opensaml2/Makefile
head/security/opensaml2/distinfo
head/security/opensaml2/pkg-plist
head/security/shibboleth2-sp/Makefile
head/security/shibboleth2-sp/distinfo
head/security/shibboleth2-sp/files/shibboleth-sp.in
head/security/shibboleth2-sp/pkg-descr
head/security/shibboleth2-sp/pkg-plist (contents, props changed)
Modified: head/GIDs
==============================================================================
--- head/GIDs Tue Jun 4 17:16:37 2013 (r319884)
+++ head/GIDs Tue Jun 4 17:29:21 2013 (r319885)
@@ -253,5 +253,6 @@ elasticsearch:*:965:
ossec:*:966:
kippo:*:969:
colord:*:970:
+shibd:*:971:
nogroup:*:65533:
nobody:*:65534:
Modified: head/UIDs
==============================================================================
--- head/UIDs Tue Jun 4 17:16:37 2013 (r319884)
+++ head/UIDs Tue Jun 4 17:29:21 2013 (r319885)
@@ -260,4 +260,5 @@ ossecm:*:967:966::0:0:OSSEC mail user:/u
ossecr:*:968:966::0:0:OSSEC rem user:/usr/local/ossec-hids:/usr/sbin/nologin
kippo:*:969:969::0:0:kippo user:/nonexistent:/usr/sbin/nologin
colord:*:970:970::0:0:colord color management daemon:/nonexistent:/usr/sbin/nologin
+shibd:*:971:971::0:0:Shibboleth SAML daemon:/nonexistent:/usr/sbin/nologin
nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin
Modified: head/devel/log4shib/Makefile
==============================================================================
--- head/devel/log4shib/Makefile Tue Jun 4 17:16:37 2013 (r319884)
+++ head/devel/log4shib/Makefile Tue Jun 4 17:29:21 2013 (r319885)
@@ -7,11 +7,11 @@
#
PORTNAME= log4shib
-DISTVERSION= 1.0.4
+DISTVERSION= 1.0.6
CATEGORIES= devel
-MASTER_SITES= http://shibboleth.internet2.edu/downloads/${PORTNAME}/${DISTVERSION}/
+MASTER_SITES= http://shibboleth.net/downloads/${PORTNAME}/${DISTVERSION}/
-MAINTAINER= vanilla at FreeBSD.org
+MAINTAINER= girgen at FreeBSD.org
COMMENT= A library of C++ classes for flexible logging
USE_AUTOTOOLS= libtool
@@ -21,8 +21,8 @@ USE_GNOME= pkgconfig gnomehack
CONFIGURE_ARGS= --with-pthreads --disable-html-docs --disable-doxygen
USE_LDCONFIG= yes
+USES= pathfix
post-patch:
@${REINPLACE_CMD} -e 's| -pedantic||g' ${WRKSRC}/configure
- @${REINPLACE_CMD} -e 's|(libdir)/pkgconfig|(prefix)/libdata/pkgconfig|' ${WRKSRC}/Makefile.in
.include <bsd.port.mk>
Modified: head/devel/log4shib/distinfo
==============================================================================
--- head/devel/log4shib/distinfo Tue Jun 4 17:16:37 2013 (r319884)
+++ head/devel/log4shib/distinfo Tue Jun 4 17:29:21 2013 (r319885)
@@ -1,2 +1,2 @@
-SHA256 (log4shib-1.0.4.tar.gz) = 4e5f9e58f14f2498d8be15dc0a6223e83f0510a924494295329b20745cacbc38
-SIZE (log4shib-1.0.4.tar.gz) = 487529
+SHA256 (log4shib-1.0.6.tar.gz) = 060f472a085e34658f4eb19c2be56010adfcf33cf138071f8e7c953aa278d567
+SIZE (log4shib-1.0.6.tar.gz) = 571088
Modified: head/devel/xmltooling/Makefile
==============================================================================
--- head/devel/xmltooling/Makefile Tue Jun 4 17:16:37 2013 (r319884)
+++ head/devel/xmltooling/Makefile Tue Jun 4 17:29:21 2013 (r319885)
@@ -2,18 +2,19 @@
# $FreeBSD$
PORTNAME= xmltooling
-PORTVERSION= 1.4.2
-PORTREVISION= 1
+PORTVERSION= 1.5.2
CATEGORIES= devel security
-MASTER_SITES= http://www.shibboleth.net/downloads/c++-opensaml/2.4.3/
+MASTER_SITES= http://shibboleth.net/downloads/c++-opensaml/2.5.2/
-MAINTAINER= jmohacsi at bsd.hu
+MAINTAINER= girgen at FreeBSD.org
COMMENT= Low level XML support for SAML
LIB_DEPENDS= curl.6:${PORTSDIR}/ftp/curl \
log4shib.1:${PORTSDIR}/devel/log4shib \
xerces-c.3:${PORTSDIR}/textproc/xerces-c3 \
- xml-security-c.16:${PORTSDIR}/security/apache-xml-security-c
+ xml-security-c.17:${PORTSDIR}/security/apache-xml-security-c
+
+BUILD_DEPENDS= boost-libs>=0:${PORTSDIR}/devel/boost-libs
GNU_CONFIGURE= yes
CONFIGURE_ARGS+=--with-log4shib=${LOCALBASE} --with-openssl=${OPENSSLBASE} --with-curl=${LOCALBASE} --disable-doxygen-doc
Modified: head/devel/xmltooling/distinfo
==============================================================================
--- head/devel/xmltooling/distinfo Tue Jun 4 17:16:37 2013 (r319884)
+++ head/devel/xmltooling/distinfo Tue Jun 4 17:29:21 2013 (r319885)
@@ -1,2 +1,2 @@
-SHA256 (xmltooling-1.4.2.tar.gz) = c32c503532cd0f2c64a71f0a7f4e63f660f1205830603b0bcd9225dc3c23445d
-SIZE (xmltooling-1.4.2.tar.gz) = 636598
+SHA256 (xmltooling-1.5.2.tar.gz) = d43719f8d742d87131ea64f2dbc8f1b366c7f216ac21015090a51693ff11df98
+SIZE (xmltooling-1.5.2.tar.gz) = 679098
Modified: head/devel/xmltooling/pkg-plist
==============================================================================
--- head/devel/xmltooling/pkg-plist Tue Jun 4 17:16:37 2013 (r319884)
+++ head/devel/xmltooling/pkg-plist Tue Jun 4 17:29:21 2013 (r319885)
@@ -48,7 +48,10 @@ include/xmltooling/security/KeyInfoCrede
include/xmltooling/security/KeyInfoResolver.h
include/xmltooling/security/OpenSSLCredential.h
include/xmltooling/security/OpenSSLCryptoX509CRL.h
+include/xmltooling/security/OpenSSLPathValidator.h
include/xmltooling/security/OpenSSLTrustEngine.h
+include/xmltooling/security/PKIXPathValidatorParams.h
+include/xmltooling/security/PathValidator.h
include/xmltooling/security/SecurityHelper.h
include/xmltooling/security/SignatureTrustEngine.h
include/xmltooling/security/TrustEngine.h
@@ -84,13 +87,14 @@ include/xmltooling/validation/Validator.
include/xmltooling/validation/ValidatorSuite.h
include/xmltooling/version.h
lib/libxmltooling-lite.so
-lib/libxmltooling-lite.so.5
+lib/libxmltooling-lite.so.6
lib/libxmltooling.so
-lib/libxmltooling.so.5
+lib/libxmltooling.so.6
libdata/pkgconfig/xmltooling.pc
share/xml/xmltooling/catalog.xml
share/xml/xmltooling/soap-envelope.xsd
share/xml/xmltooling/xenc-schema.xsd
+share/xml/xmltooling/xenc11-schema.xsd
share/xml/xmltooling/xml.xsd
share/xml/xmltooling/xmldsig-core-schema.xsd
share/xml/xmltooling/xmldsig11-schema.xsd
Modified: head/security/apache-xml-security-c/Makefile
==============================================================================
--- head/security/apache-xml-security-c/Makefile Tue Jun 4 17:16:37 2013 (r319884)
+++ head/security/apache-xml-security-c/Makefile Tue Jun 4 17:29:21 2013 (r319885)
@@ -2,13 +2,13 @@
# $FreeBSD$
PORTNAME= xml-security-c
-PORTVERSION= 1.6.1
+PORTVERSION= 1.7.0
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_APACHE}
MASTER_SITE_SUBDIR=santuario/c-library
PKGNAMEPREFIX= apache-
-MAINTAINER= jmohacsi at bsd.hu
+MAINTAINER= girgen at FreeBSD.org
COMMENT= Apache XML security libraries - C++ version
LICENSE= AL2
Modified: head/security/apache-xml-security-c/distinfo
==============================================================================
--- head/security/apache-xml-security-c/distinfo Tue Jun 4 17:16:37 2013 (r319884)
+++ head/security/apache-xml-security-c/distinfo Tue Jun 4 17:29:21 2013 (r319885)
@@ -1,2 +1,2 @@
-SHA256 (xml-security-c-1.6.1.tar.gz) = 73931a55d6925a82416ea48f8d6f1b8ed591368e1dfc30574fe43904b7c62fcd
-SIZE (xml-security-c-1.6.1.tar.gz) = 864366
+SHA256 (xml-security-c-1.7.0.tar.gz) = c8cd6ec3d3b777fcca295cb4b273b08e4cfe37e03fc27131ec079894b9dae87c
+SIZE (xml-security-c-1.7.0.tar.gz) = 874025
Modified: head/security/apache-xml-security-c/pkg-plist
==============================================================================
--- head/security/apache-xml-security-c/pkg-plist Tue Jun 4 17:16:37 2013 (r319884)
+++ head/security/apache-xml-security-c/pkg-plist Tue Jun 4 17:29:21 2013 (r319885)
@@ -160,7 +160,7 @@ include/xsec/xkms/XKMSValidateResult.hpp
include/xsec/xkms/XKMSValidityInterval.hpp
lib/libxml-security-c.a
lib/libxml-security-c.so
-lib/libxml-security-c.so.16
+lib/libxml-security-c.so.17
@dirrm include/xsec/xkms
@dirrm include/xsec/xenc
@dirrm include/xsec/utils/unixutils
Modified: head/security/opensaml2/Makefile
==============================================================================
--- head/security/opensaml2/Makefile Tue Jun 4 17:16:37 2013 (r319884)
+++ head/security/opensaml2/Makefile Tue Jun 4 17:29:21 2013 (r319885)
@@ -2,19 +2,18 @@
# $FreeBSD$
PORTNAME= opensaml2
-PORTVERSION= 2.4.3
-PORTREVISION= 1
+PORTVERSION= 2.5.2
CATEGORIES= security
-MASTER_SITES= http://www.shibboleth.net/downloads/c++-opensaml/${PORTVERSION}/
+MASTER_SITES= http://shibboleth.net/downloads/c++-opensaml/${PORTVERSION}/
DISTNAME= opensaml-${PORTVERSION}
-MAINTAINER= jmohacsi at bsd.hu
+MAINTAINER= girgen at FreeBSD.org
COMMENT= Open source implementation of SAML2
LIB_DEPENDS= curl.6:${PORTSDIR}/ftp/curl \
log4shib.1:${PORTSDIR}/devel/log4shib \
xerces-c.3:${PORTSDIR}/textproc/xerces-c3 \
- xmltooling.5:${PORTSDIR}/devel/xmltooling
+ xmltooling.6:${PORTSDIR}/devel/xmltooling
GNU_CONFIGURE= yes
CONFIGURE_ARGS+=--with-log4shib=${LOCALBASE} --with-openssl=${OPENSSLBASE} \
Modified: head/security/opensaml2/distinfo
==============================================================================
--- head/security/opensaml2/distinfo Tue Jun 4 17:16:37 2013 (r319884)
+++ head/security/opensaml2/distinfo Tue Jun 4 17:29:21 2013 (r319885)
@@ -1,2 +1,2 @@
-SHA256 (opensaml-2.4.3.tar.gz) = 850187c7dd664f9216a387bcc9e08f36643f04ddc08d11551e33a46dd15d2539
-SIZE (opensaml-2.4.3.tar.gz) = 871693
+SHA256 (opensaml-2.5.2.tar.gz) = 5bc3fbe5e789ad7aedfc2919413131400290466ecd2b77b1c3f3dc4c37e6fe54
+SIZE (opensaml-2.5.2.tar.gz) = 707139
Modified: head/security/opensaml2/pkg-plist
==============================================================================
--- head/security/opensaml2/pkg-plist Tue Jun 4 17:16:37 2013 (r319884)
+++ head/security/opensaml2/pkg-plist Tue Jun 4 17:29:21 2013 (r319885)
@@ -25,6 +25,7 @@ include/saml/saml2/metadata/AbstractMeta
include/saml/saml2/metadata/DiscoverableMetadataProvider.h
include/saml/saml2/metadata/DynamicMetadataProvider.h
include/saml/saml2/metadata/EndpointManager.h
+include/saml/saml2/metadata/EntityMatcher.h
include/saml/saml2/metadata/Metadata.h
include/saml/saml2/metadata/MetadataCredentialContext.h
include/saml/saml2/metadata/MetadataCredentialCriteria.h
@@ -46,7 +47,7 @@ include/saml/signature/SignableObject.h
include/saml/signature/SignatureProfileValidator.h
include/saml/util/CommonDomainCookie.h
include/saml/util/SAMLConstants.h
-lib/libsaml.so.7
+lib/libsaml.so.8
lib/libsaml.so
libdata/pkgconfig/opensaml.pc
%%PORTDOCS%%%%DOCSDIR%%/README.txt
@@ -67,6 +68,8 @@ share/xml/opensaml/cs-sstc-schema-assert
share/xml/opensaml/cs-sstc-schema-protocol-01.xsd
share/xml/opensaml/cs-sstc-schema-assertion-1.1.xsd
share/xml/opensaml/cs-sstc-schema-protocol-1.1.xsd
+share/xml/opensaml/saml-async-slo-v1.0.xsd
+share/xml/opensaml/saml-metadata-rpi-v1.0.xsd
share/xml/opensaml/saml-schema-assertion-2.0.xsd
share/xml/opensaml/saml-schema-authn-context-2.0.xsd
share/xml/opensaml/saml-schema-authn-context-auth-telephony-2.0.xsd
Modified: head/security/shibboleth2-sp/Makefile
==============================================================================
--- head/security/shibboleth2-sp/Makefile Tue Jun 4 17:16:37 2013 (r319884)
+++ head/security/shibboleth2-sp/Makefile Tue Jun 4 17:29:21 2013 (r319885)
@@ -2,53 +2,58 @@
# $FreeBSD$
PORTNAME= shibboleth-sp
-PORTVERSION= 2.4.3
-PORTREVISION= 1
+PORTVERSION= 2.5.1
CATEGORIES= security www
-MASTER_SITES= http://www.shibboleth.net/downloads/service-provider/${PORTVERSION}/
+MASTER_SITES= http://shibboleth.net/downloads/service-provider/${PORTVERSION}/
-MAINTAINER= swills at FreeBSD.org
+MAINTAINER= girgen at FreeBSD.org
COMMENT= C++ Shibboleth Service Provider (Internet2) for Apache
-LIB_DEPENDS= saml.7:${PORTSDIR}/security/opensaml2
-
-OPTIONS_DEFINE= APACHE22
-APACHE22_DESC= Use Apache version 2.2 instead of version 2.0
+LIB_DEPENDS= saml.8:${PORTSDIR}/security/opensaml2
MAKE_JOBS_SAFE= yes
USE_GMAKE= yes
GNU_CONFIGURE= yes
+MAKE_ENV= NOKEYGEN=YES
USE_LDCONFIG= yes
USE_RC_SUBR= shibboleth-sp
-USE_AUTOTOOLS= autoconf automake:env libtool:env
-WRKSRC= ${WRKDIR}/shibboleth-${PORTVERSION}
LATEST_LINK= shibboleth2-sp
+USERS= shibd
+GROUPS= shibd
+
+USE_APACHE= 22-24
+USE_OPENSSL= yes
+
.include <bsd.port.pre.mk>
-.if ${PORT_OPTIONS:MAPACHE22}
-USE_APACHE= 22
+.if ${APACHE_VERSION} == 22
CONFIGURE_ARGS= --enable-apache-22 --with-apxs22=${APXS}
PLIST_SUB+= WITH_APACHE_22=""
-PLIST_SUB+= WITH_APACHE_20="@comment "
+PLIST_SUB+= WITH_APACHE_24="@comment "
.else
-IGNORE= apache20 is no longer available
-#USE_APACHE= 20
-#CONFIGURE_ARGS= --enable-apache-20 --with-apxs2=${APXS} --with-apr=${PREFIX}/lib/apache2/apr-config --with-apu=${PREFIX}/lib/apache2/apu-config
+CONFIGURE_ARGS= --enable-apache-24 --with-apxs24=${APXS}
PLIST_SUB+= WITH_APACHE_22="@comment "
-PLIST_SUB+= WITH_APACHE_20=""
+PLIST_SUB+= WITH_APACHE_24=""
.endif
+
+SUB_LIST+= SH=${SH}
+PLIST_SUB+= WWWOWN=${WWWOWN} WWWGRP=${WWWGRP}
+
+SUB_LIST+= SHIBD_USER=${USERS}
+SUB_LIST+= SHIBD_GROUP=${GROUPS}
+PLIST_SUB+= SHIBD_USER=${USERS}
+PLIST_SUB+= SHIBD_GROUP=${GROUPS}
+
CONFIGURE_ARGS+= --localstatedir=/var --with-log4shib=${LOCALBASE}
CONFIGURE_ARGS+= --with-openssl=${OPENSSLBASE} --with-xmltooling=${LOCALBASE}
CONFIGURE_ARGS+= --disable-doxygen-doc
-pre-configure:
- @${REINPLACE_CMD} -e 's|/run|/run/shibboleth|' ${WRKSRC}/configs/Makefile.in
- @${REINPLACE_CMD} -e 's|/doc/@PACKAGE at -@PACKAGE_VERSION@|/doc/@PACKAGE@|' \
- ${WRKSRC}/configs/Makefile.am ${WRKSRC}/configs/Makefile.in \
- ${WRKSRC}/doc/Makefile.am ${WRKSRC}/doc/Makefile.in
- ${RM} ${WRKSRC}/aclocal.m4
- @cd ${WRKSRC} && ${AUTORECONF} -fvi
+post-install:
+ ${CHOWN} -R ${USERS}:${GROUPS} /var/cache/shibboleth ;\
+ ${CHOWN} -R ${USERS}:${GROUPS} /var/log/shibboleth ;\
+ ${CHOWN} -R ${USERS}:${WWWGRP} /var/run/shibboleth ;\
+ ${CHMOD} -R u=rwx,g=rx,o= /var/run/shibboleth
.include <bsd.port.post.mk>
Modified: head/security/shibboleth2-sp/distinfo
==============================================================================
--- head/security/shibboleth2-sp/distinfo Tue Jun 4 17:16:37 2013 (r319884)
+++ head/security/shibboleth2-sp/distinfo Tue Jun 4 17:29:21 2013 (r319885)
@@ -1,2 +1,2 @@
-SHA256 (shibboleth-sp-2.4.3.tar.gz) = 9e0b219707046b55d0ca38627fb213b799ac98cf11541845b7e6b036a89dcdcf
-SIZE (shibboleth-sp-2.4.3.tar.gz) = 854326
+SHA256 (shibboleth-sp-2.5.1.tar.gz) = a697034fe56a170602a3907cde6faf822836b1ba23cdc11af315a81df6102f04
+SIZE (shibboleth-sp-2.5.1.tar.gz) = 952815
Added: head/security/shibboleth2-sp/files/patch-makefiles-docdir
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/shibboleth2-sp/files/patch-makefiles-docdir Tue Jun 4 17:29:21 2013 (r319885)
@@ -0,0 +1,47 @@
+--- doc/Makefile.am.orig 2012-07-23 22:08:29.000000000 +0200
++++ doc/Makefile.am 2013-02-22 10:53:42.000000000 +0100
+@@ -1,7 +1,7 @@
+ AUTOMAKE_OPTIONS = foreign
+
+-pkgdocdir = $(datadir)/doc/@PACKAGE_NAME at -@PACKAGE_VERSION@
+-pkgwebdir = $(datadir)/@PACKAGE_NAME@
++pkgdocdir = $(datadir)/doc/@PACKAGE_NAME@
++pkgwebdir = $(datadir)/doc/@PACKAGE_NAME@
+
+ install-data-hook:
+ if test -d api ; then \
+--- doc/Makefile.in.orig 2012-12-04 05:50:56.000000000 +0100
++++ doc/Makefile.in 2013-02-22 10:53:42.000000000 +0100
+@@ -288,8 +288,8 @@
+ top_srcdir = @top_srcdir@
+ xs = @xs@
+ AUTOMAKE_OPTIONS = foreign
+-pkgdocdir = $(datadir)/doc/@PACKAGE_NAME at -@PACKAGE_VERSION@
+-pkgwebdir = $(datadir)/@PACKAGE_NAME@
++pkgdocdir = $(datadir)/doc/@PACKAGE_NAME@
++pkgwebdir = $(datadir)/doc/@PACKAGE_NAME@
+ docfiles = \
+ CREDITS.txt \
+ LICENSE.txt \
+--- configs/Makefile.am.orig 2012-12-04 05:49:50.000000000 +0100
++++ configs/Makefile.am 2013-02-22 10:53:42.000000000 +0100
+@@ -6,7 +6,7 @@
+ pkglogdir = ${localstatedir}/log/@PACKAGE_NAME@
+ shirelogdir = ${localstatedir}/log/httpd
+ pkgxmldir = $(datadir)/xml/@PACKAGE_NAME@
+-pkgwebdir = $(datadir)/@PACKAGE_NAME@
++pkgwebdir = $(datadir)/doc/@PACKAGE_NAME@
+ pkgrundir = $(localstatedir)/run/@PACKAGE_NAME@
+ pkgcachedir = $(localstatedir)/cache/@PACKAGE_NAME@
+ pkgsysconfdir = $(sysconfdir)/@PACKAGE_NAME@
+--- configs/Makefile.in.orig 2012-12-04 05:50:56.000000000 +0100
++++ configs/Makefile.in 2013-02-22 10:53:42.000000000 +0100
+@@ -291,7 +291,7 @@
+ pkglogdir = ${localstatedir}/log/@PACKAGE_NAME@
+ shirelogdir = ${localstatedir}/log/httpd
+ pkgxmldir = $(datadir)/xml/@PACKAGE_NAME@
+-pkgwebdir = $(datadir)/@PACKAGE_NAME@
++pkgwebdir = $(datadir)/doc/@PACKAGE_NAME@
+ pkgrundir = $(localstatedir)/run/@PACKAGE_NAME@
+ pkgcachedir = $(localstatedir)/cache/@PACKAGE_NAME@
+ pkgsysconfdir = $(sysconfdir)/@PACKAGE_NAME@
Added: head/security/shibboleth2-sp/files/patch-shibboleth-spec
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/shibboleth2-sp/files/patch-shibboleth-spec Tue Jun 4 17:29:21 2013 (r319885)
@@ -0,0 +1,26 @@
+--- shibboleth.spec.in.orig 2012-12-04 05:49:49.000000000 +0100
++++ shibboleth.spec.in 2013-06-03 16:19:28.000000000 +0200
+@@ -58,7 +58,7 @@
+ %if "%{_vendor}" == "suse"
+ %define pkgdocdir %{_docdir}/shibboleth
+ %else
+-%define pkgdocdir %{_docdir}/shibboleth-%{version}
++%define pkgdocdir %{_docdir}/shibboleth
+ %endif
+
+ %description
+@@ -202,14 +202,6 @@
+ /sbin/ldconfig
+ %endif
+
+-# Key generation or ownership fix
+-cd %{_sysconfdir}/shibboleth
+-if [ -f sp-key.pem ] ; then
+- %{__chown} %{runuser}:%{runuser} sp-key.pem sp-cert.pem 2>/dev/null || :
+-else
+- sh ./keygen.sh -b -u %{runuser} -g %{runuser}
+-fi
+-
+ # Fix ownership of log files (even on new installs, if they're left from an older one).
+ %{__chown} %{runuser}:%{runuser} %{_localstatedir}/log/shibboleth/* 2>/dev/null || :
+
Modified: head/security/shibboleth2-sp/files/shibboleth-sp.in
==============================================================================
--- head/security/shibboleth2-sp/files/shibboleth-sp.in Tue Jun 4 17:16:37 2013 (r319884)
+++ head/security/shibboleth2-sp/files/shibboleth-sp.in Tue Jun 4 17:29:21 2013 (r319885)
@@ -11,9 +11,43 @@
name="shibboleth_sp"
rcvar=shibboleth_sp_enable
+: ${shibboleth_sp_enable:='NO'}
+: ${shibboleth_sp_flags:=''}
+
command=${shibboleth_sp_program:-%%PREFIX%%/sbin/shibd}
-pidfile="${shibboleth_sp_pidfile:-/var/run/${name}.pid}"
-command_args="-f -p ${pidfile}"
+pidfile="${shibboleth_sp_pidfile:-/var/run/shibboleth/${name}.pid}"
+start_precmd="shibboleth_sp_configtest"
+restart_precmd="shibboleth_sp_configtest"
+configtest_cmd="shibboleth_sp_configtest"
+keygen_cmd="shibboleth_sp_keygen"
+
+shibboleth_sp_user=%%SHIBD_USER%%
+shibboleth_sp_group=%%SHIBD_GROUP%%
load_rc_config $name
+
+command_args="-f -p ${pidfile} -u ${shibboleth_sp_user} -g ${shibboleth_sp_group}"
+confdir=${SHIBSP_CFGDIR:-%%PREFIX%%/etc}/shibboleth
+cert=sp-cert.pem
+key=sp-key.pem
+
+shibboleth_sp_configtest() {
+ if [ ! -s ${confdir}/${key} -o ! -s ${confdir}/${cert} ]; then
+ run_rc_command keygen
+ else
+ # update from 2.4.x, chown %%SHIBD_USER%% the key and cert
+ for f in ${confdir}/${key} ${confdir}/${cert}; do
+ set X `stat ${f}`
+ test $6 != ${shibboleth_sp_user} && chown ${shibboleth_sp_user}:${shibboleth_sp_group} ${f}
+ done
+ fi
+ ${command} ${shibboleth_sp_flags} -u ${shibboleth_sp_user} -g ${shibboleth_sp_group} -t
+}
+
+shibboleth_sp_keygen() {
+ %%SH%% ${confdir}/keygen.sh -o ${confdir} -u ${shibboleth_sp_user} -g ${shibboleth_sp_group}
+}
+
+extra_commands="configtest keygen"
+
run_rc_command "$1"
Modified: head/security/shibboleth2-sp/pkg-descr
==============================================================================
--- head/security/shibboleth2-sp/pkg-descr Tue Jun 4 17:16:37 2013 (r319884)
+++ head/security/shibboleth2-sp/pkg-descr Tue Jun 4 17:29:21 2013 (r319885)
@@ -10,4 +10,4 @@ service provider manages secured resourc
is based on assertions received by the service provider (SP) from
an identity provider.
-WWW: http://shibboleth.internet2.edu/
+WWW: http://shibboleth.internet2.edu/
Modified: head/security/shibboleth2-sp/pkg-plist
==============================================================================
--- head/security/shibboleth2-sp/pkg-plist Tue Jun 4 17:16:37 2013 (r319884)
+++ head/security/shibboleth2-sp/pkg-plist Tue Jun 4 17:29:21 2013 (r319885)
@@ -64,11 +64,13 @@ etc/shibboleth/shibd-suse
etc/shibboleth/shibd-osx.plist
etc/shibboleth/apache.config
etc/shibboleth/apache2.config
+ at unexec if cmp -s %D/etc/shibboleth/attrChecker.html.dist %D/etc/shibboleth/attrChecker.html; then rm -f %D/etc/shibboleth/attrChecker.html; fi
+etc/shibboleth/attrChecker.html.dist
+ at exec if [ ! -f %D/etc/shibboleth/attrChecker.html ] ; then cp -p %D/etc/shibboleth/attrChecker.html.dist %D/etc/shibboleth/attrChecker.html; fi
etc/shibboleth/apache22.config
+etc/shibboleth/apache24.config
etc/shibboleth/keygen.sh
etc/shibboleth/upgrade.xsl
-etc/shibboleth/sp-key.pem
-etc/shibboleth/sp-cert.pem
@unexec if cmp -s %D/etc/shibboleth/postTemplate.html.dist %D/etc/shibboleth/postTemplate.html; then rm -f %D/etc/shibboleth/postTemplate.html; fi
etc/shibboleth/postTemplate.html.dist
@exec if [ ! -f %D/etc/shibboleth/postTemplate.html ] ; then cp -p %D/etc/shibboleth/postTemplate.html.dist %D/etc/shibboleth/postTemplate.html; fi
@@ -88,6 +90,7 @@ include/shibsp/SessionCacheEx.h
include/shibsp/TransactionLog.h
include/shibsp/attribute/Attribute.h
include/shibsp/attribute/AttributeDecoder.h
+include/shibsp/attribute/BinaryAttribute.h
include/shibsp/attribute/ExtensibleAttribute.h
include/shibsp/attribute/NameIDAttribute.h
include/shibsp/attribute/ScopedAttribute.h
@@ -102,10 +105,10 @@ include/shibsp/attribute/resolver/Attrib
include/shibsp/attribute/resolver/AttributeResolver.h
include/shibsp/attribute/resolver/ResolutionContext.h
include/shibsp/base.h
-include/shibsp/config_pub.h
include/shibsp/binding/ArtifactResolver.h
include/shibsp/binding/ProtocolProvider.h
include/shibsp/binding/SOAPClient.h
+include/shibsp/config_pub.h
include/shibsp/exceptions.h
include/shibsp/handler/AbstractHandler.h
include/shibsp/handler/AssertionConsumerService.h
@@ -113,6 +116,7 @@ include/shibsp/handler/Handler.h
include/shibsp/handler/LogoutHandler.h
include/shibsp/handler/LogoutInitiator.h
include/shibsp/handler/RemotedHandler.h
+include/shibsp/handler/SecuredHandler.h
include/shibsp/handler/SessionInitiator.h
include/shibsp/lite/CommonDomainCookie.h
include/shibsp/lite/SAMLConstants.h
@@ -126,21 +130,20 @@ include/shibsp/security/SecurityPolicy.h
include/shibsp/security/SecurityPolicyProvider.h
include/shibsp/util/CGIParser.h
include/shibsp/util/DOMPropertySet.h
+include/shibsp/util/IPRange.h
include/shibsp/util/PropertySet.h
include/shibsp/util/SPConstants.h
include/shibsp/util/TemplateParameters.h
include/shibsp/version.h
-lib/libshibsp.so.5
+lib/libshibsp.so.6
lib/libshibsp.so
lib/shibboleth/adfs.so
-lib/shibboleth/adfs.la
lib/shibboleth/adfs-lite.so
-lib/shibboleth/adfs-lite.la
+lib/shibboleth/plugins-lite.so
+lib/shibboleth/plugins.so
%%WITH_APACHE_22%%lib/shibboleth/mod_shib_22.so
-%%WITH_APACHE_22%%lib/shibboleth/mod_shib_22.la
-%%WITH_APACHE_20%%lib/shibboleth/mod_shib_20.so
-%%WITH_APACHE_20%%lib/shibboleth/mod_shib_20.la
-lib/libshibsp-lite.so.5
+%%WITH_APACHE_24%%lib/shibboleth/mod_shib_24.so
+lib/libshibsp-lite.so.6
lib/libshibsp-lite.so
sbin/shibd
share/xml/shibboleth/catalog.xml
@@ -155,20 +158,22 @@ share/xml/shibboleth/shibboleth-metadata
share/xml/shibboleth/shibboleth.xsd
share/xml/shibboleth/WS-Trust.xsd
share/doc/shibboleth/CREDITS.txt
+share/doc/shibboleth/FASTCGI.LICENSE
share/doc/shibboleth/LICENSE.txt
+share/doc/shibboleth/LOG4CPP.LICENSE
share/doc/shibboleth/NOTICE.txt
+share/doc/shibboleth/OPENSSL.LICENSE
share/doc/shibboleth/README.txt
share/doc/shibboleth/RELEASE.txt
-share/doc/shibboleth/FASTCGI.LICENSE
-share/doc/shibboleth/OPENSSL.LICENSE
-share/doc/shibboleth/LOG4CPP.LICENSE
share/doc/shibboleth/main.css
-share/doc/shibboleth/logo.jpg
- at exec mkdir -p %D/data
+ at exec mkdir -p /var/cache/shibboleth
+ at exec chown -R %%SHIBD_USER%%:%%SHIBD_GROUP%% /var/cache/shibboleth
@exec mkdir -p /var/log/shibboleth
+ at exec chown -R %%SHIBD_USER%%:%%SHIBD_GROUP%% /var/log/shibboleth
@exec mkdir -p /var/run/shibboleth
- at exec chown www:www /var/run/shibboleth
- at exec chmod -R ug=rwx,o= /var/run/shibboleth
+ at exec chown -R %%SHIBD_USER%%:%%WWWGRP%% /var/run/shibboleth
+ at exec chmod -R u=rwx,g=rx,o= /var/run/shibboleth
+ at unexec rm -rf /var/cache/shibboleth 2>&1 >/dev/null || true
@unexec rm -rf /var/run/shibboleth 2>&1 >/dev/null || true
@dirrmtry share/doc/shibboleth/api
@dirrmtry share/doc/shibboleth
More information about the svn-ports-head
mailing list