Bug 177668
| Summary: | [PATCH] security/shibboleth2-sp: create cert on first use; other fixes | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Craig Leres <leres> | ||||
| Component: | Individual Port(s) | Assignee: | Palle Girgensohn <girgen> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Only Me | CC: | leres | ||||
| Priority: | Normal | ||||||
| Version: | Latest | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
|
Description
Craig Leres
2013-04-06 19:30:00 UTC
Responsible Changed From-To: freebsd-ports-bugs->swills Over to maintainer (via the GNATS Auto Assign Tool) Responsible Changed From-To: swills->girgen Assign to girgen who has agreed to take maintainership of the shibboleth and related ports Author: girgen Date: Tue Jun 4 17:29:21 2013 New Revision: 319885 URL: http://svnweb.freebsd.org/changeset/ports/319885 Log: Update Shibboleth-sp and its tool chain to 2.5.1. Note that from 2.5, shibd is run as the user shibd. The port tries to fix the key file ownership but if you have changed the file name of the key from the default sp-key.pem, make sure you chown your key file(s) to user shibd. Also, take maintainership of the entire tool chain (approved by all previous maintainers). Incorporates the ideas suggested by Craig Leres [177668], making sure that the ssl key is not added to the package. PR: 177668, 178694 Added: head/security/shibboleth2-sp/files/patch-makefiles-docdir (contents, props changed) head/security/shibboleth2-sp/files/patch-shibboleth-spec (contents, props changed) Deleted: head/security/shibboleth2-sp/files/patch-configure.ac Modified: head/GIDs head/UIDs head/devel/log4shib/Makefile head/devel/log4shib/distinfo head/devel/xmltooling/Makefile head/devel/xmltooling/distinfo head/devel/xmltooling/pkg-plist head/security/apache-xml-security-c/Makefile head/security/apache-xml-security-c/distinfo head/security/apache-xml-security-c/pkg-plist head/security/opensaml2/Makefile head/security/opensaml2/distinfo head/security/opensaml2/pkg-plist head/security/shibboleth2-sp/Makefile head/security/shibboleth2-sp/distinfo head/security/shibboleth2-sp/files/shibboleth-sp.in head/security/shibboleth2-sp/pkg-descr head/security/shibboleth2-sp/pkg-plist (contents, props changed) Modified: head/GIDs ============================================================================== --- head/GIDs Tue Jun 4 17:16:37 2013 (r319884) +++ head/GIDs Tue Jun 4 17:29:21 2013 (r319885) @@ -253,5 +253,6 @@ elasticsearch:*:965: ossec:*:966: kippo:*:969: colord:*:970: +shibd:*:971: nogroup:*:65533: nobody:*:65534: Modified: head/UIDs ============================================================================== --- head/UIDs Tue Jun 4 17:16:37 2013 (r319884) +++ head/UIDs Tue Jun 4 17:29:21 2013 (r319885) @@ -260,4 +260,5 @@ ossecm:*:967:966::0:0:OSSEC mail user:/u ossecr:*:968:966::0:0:OSSEC rem user:/usr/local/ossec-hids:/usr/sbin/nologin kippo:*:969:969::0:0:kippo user:/nonexistent:/usr/sbin/nologin colord:*:970:970::0:0:colord color management daemon:/nonexistent:/usr/sbin/nologin +shibd:*:971:971::0:0:Shibboleth SAML daemon:/nonexistent:/usr/sbin/nologin nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin Modified: head/devel/log4shib/Makefile ============================================================================== --- head/devel/log4shib/Makefile Tue Jun 4 17:16:37 2013 (r319884) +++ head/devel/log4shib/Makefile Tue Jun 4 17:29:21 2013 (r319885) @@ -7,11 +7,11 @@ # PORTNAME= log4shib -DISTVERSION= 1.0.4 +DISTVERSION= 1.0.6 CATEGORIES= devel -MASTER_SITES= http://shibboleth.internet2.edu/downloads/${PORTNAME}/${DISTVERSION}/ +MASTER_SITES= http://shibboleth.net/downloads/${PORTNAME}/${DISTVERSION}/ -MAINTAINER= vanilla@FreeBSD.org +MAINTAINER= girgen@FreeBSD.org COMMENT= A library of C++ classes for flexible logging USE_AUTOTOOLS= libtool @@ -21,8 +21,8 @@ USE_GNOME= pkgconfig gnomehack CONFIGURE_ARGS= --with-pthreads --disable-html-docs --disable-doxygen USE_LDCONFIG= yes +USES= pathfix post-patch: @${REINPLACE_CMD} -e 's| -pedantic||g' ${WRKSRC}/configure - @${REINPLACE_CMD} -e 's|(libdir)/pkgconfig|(prefix)/libdata/pkgconfig|' ${WRKSRC}/Makefile.in .include <bsd.port.mk> Modified: head/devel/log4shib/distinfo ============================================================================== --- head/devel/log4shib/distinfo Tue Jun 4 17:16:37 2013 (r319884) +++ head/devel/log4shib/distinfo Tue Jun 4 17:29:21 2013 (r319885) @@ -1,2 +1,2 @@ -SHA256 (log4shib-1.0.4.tar.gz) = 4e5f9e58f14f2498d8be15dc0a6223e83f0510a924494295329b20745cacbc38 -SIZE (log4shib-1.0.4.tar.gz) = 487529 +SHA256 (log4shib-1.0.6.tar.gz) = 060f472a085e34658f4eb19c2be56010adfcf33cf138071f8e7c953aa278d567 +SIZE (log4shib-1.0.6.tar.gz) = 571088 Modified: head/devel/xmltooling/Makefile ============================================================================== --- head/devel/xmltooling/Makefile Tue Jun 4 17:16:37 2013 (r319884) +++ head/devel/xmltooling/Makefile Tue Jun 4 17:29:21 2013 (r319885) @@ -2,18 +2,19 @@ # $FreeBSD$ PORTNAME= xmltooling -PORTVERSION= 1.4.2 -PORTREVISION= 1 +PORTVERSION= 1.5.2 CATEGORIES= devel security -MASTER_SITES= http://www.shibboleth.net/downloads/c++-opensaml/2.4.3/ +MASTER_SITES= http://shibboleth.net/downloads/c++-opensaml/2.5.2/ -MAINTAINER= jmohacsi@bsd.hu +MAINTAINER= girgen@FreeBSD.org COMMENT= Low level XML support for SAML LIB_DEPENDS= curl.6:${PORTSDIR}/ftp/curl \ log4shib.1:${PORTSDIR}/devel/log4shib \ xerces-c.3:${PORTSDIR}/textproc/xerces-c3 \ - xml-security-c.16:${PORTSDIR}/security/apache-xml-security-c + xml-security-c.17:${PORTSDIR}/security/apache-xml-security-c + +BUILD_DEPENDS= boost-libs>=0:${PORTSDIR}/devel/boost-libs GNU_CONFIGURE= yes CONFIGURE_ARGS+=--with-log4shib=${LOCALBASE} --with-openssl=${OPENSSLBASE} --with-curl=${LOCALBASE} --disable-doxygen-doc Modified: head/devel/xmltooling/distinfo ============================================================================== --- head/devel/xmltooling/distinfo Tue Jun 4 17:16:37 2013 (r319884) +++ head/devel/xmltooling/distinfo Tue Jun 4 17:29:21 2013 (r319885) @@ -1,2 +1,2 @@ -SHA256 (xmltooling-1.4.2.tar.gz) = c32c503532cd0f2c64a71f0a7f4e63f660f1205830603b0bcd9225dc3c23445d -SIZE (xmltooling-1.4.2.tar.gz) = 636598 +SHA256 (xmltooling-1.5.2.tar.gz) = d43719f8d742d87131ea64f2dbc8f1b366c7f216ac21015090a51693ff11df98 +SIZE (xmltooling-1.5.2.tar.gz) = 679098 Modified: head/devel/xmltooling/pkg-plist ============================================================================== --- head/devel/xmltooling/pkg-plist Tue Jun 4 17:16:37 2013 (r319884) +++ head/devel/xmltooling/pkg-plist Tue Jun 4 17:29:21 2013 (r319885) @@ -48,7 +48,10 @@ include/xmltooling/security/KeyInfoCrede include/xmltooling/security/KeyInfoResolver.h include/xmltooling/security/OpenSSLCredential.h include/xmltooling/security/OpenSSLCryptoX509CRL.h +include/xmltooling/security/OpenSSLPathValidator.h include/xmltooling/security/OpenSSLTrustEngine.h +include/xmltooling/security/PKIXPathValidatorParams.h +include/xmltooling/security/PathValidator.h include/xmltooling/security/SecurityHelper.h include/xmltooling/security/SignatureTrustEngine.h include/xmltooling/security/TrustEngine.h @@ -84,13 +87,14 @@ include/xmltooling/validation/Validator. include/xmltooling/validation/ValidatorSuite.h include/xmltooling/version.h lib/libxmltooling-lite.so -lib/libxmltooling-lite.so.5 +lib/libxmltooling-lite.so.6 lib/libxmltooling.so -lib/libxmltooling.so.5 +lib/libxmltooling.so.6 libdata/pkgconfig/xmltooling.pc share/xml/xmltooling/catalog.xml share/xml/xmltooling/soap-envelope.xsd share/xml/xmltooling/xenc-schema.xsd +share/xml/xmltooling/xenc11-schema.xsd share/xml/xmltooling/xml.xsd share/xml/xmltooling/xmldsig-core-schema.xsd share/xml/xmltooling/xmldsig11-schema.xsd Modified: head/security/apache-xml-security-c/Makefile ============================================================================== --- head/security/apache-xml-security-c/Makefile Tue Jun 4 17:16:37 2013 (r319884) +++ head/security/apache-xml-security-c/Makefile Tue Jun 4 17:29:21 2013 (r319885) @@ -2,13 +2,13 @@ # $FreeBSD$ PORTNAME= xml-security-c -PORTVERSION= 1.6.1 +PORTVERSION= 1.7.0 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_APACHE} MASTER_SITE_SUBDIR=santuario/c-library PKGNAMEPREFIX= apache- -MAINTAINER= jmohacsi@bsd.hu +MAINTAINER= girgen@FreeBSD.org COMMENT= Apache XML security libraries - C++ version LICENSE= AL2 Modified: head/security/apache-xml-security-c/distinfo ============================================================================== --- head/security/apache-xml-security-c/distinfo Tue Jun 4 17:16:37 2013 (r319884) +++ head/security/apache-xml-security-c/distinfo Tue Jun 4 17:29:21 2013 (r319885) @@ -1,2 +1,2 @@ -SHA256 (xml-security-c-1.6.1.tar.gz) = 73931a55d6925a82416ea48f8d6f1b8ed591368e1dfc30574fe43904b7c62fcd -SIZE (xml-security-c-1.6.1.tar.gz) = 864366 +SHA256 (xml-security-c-1.7.0.tar.gz) = c8cd6ec3d3b777fcca295cb4b273b08e4cfe37e03fc27131ec079894b9dae87c +SIZE (xml-security-c-1.7.0.tar.gz) = 874025 Modified: head/security/apache-xml-security-c/pkg-plist ============================================================================== --- head/security/apache-xml-security-c/pkg-plist Tue Jun 4 17:16:37 2013 (r319884) +++ head/security/apache-xml-security-c/pkg-plist Tue Jun 4 17:29:21 2013 (r319885) @@ -160,7 +160,7 @@ include/xsec/xkms/XKMSValidateResult.hpp include/xsec/xkms/XKMSValidityInterval.hpp lib/libxml-security-c.a lib/libxml-security-c.so -lib/libxml-security-c.so.16 +lib/libxml-security-c.so.17 @dirrm include/xsec/xkms @dirrm include/xsec/xenc @dirrm include/xsec/utils/unixutils Modified: head/security/opensaml2/Makefile ============================================================================== --- head/security/opensaml2/Makefile Tue Jun 4 17:16:37 2013 (r319884) +++ head/security/opensaml2/Makefile Tue Jun 4 17:29:21 2013 (r319885) @@ -2,19 +2,18 @@ # $FreeBSD$ PORTNAME= opensaml2 -PORTVERSION= 2.4.3 -PORTREVISION= 1 +PORTVERSION= 2.5.2 CATEGORIES= security -MASTER_SITES= http://www.shibboleth.net/downloads/c++-opensaml/${PORTVERSION}/ +MASTER_SITES= http://shibboleth.net/downloads/c++-opensaml/${PORTVERSION}/ DISTNAME= opensaml-${PORTVERSION} -MAINTAINER= jmohacsi@bsd.hu +MAINTAINER= girgen@FreeBSD.org COMMENT= Open source implementation of SAML2 LIB_DEPENDS= curl.6:${PORTSDIR}/ftp/curl \ log4shib.1:${PORTSDIR}/devel/log4shib \ xerces-c.3:${PORTSDIR}/textproc/xerces-c3 \ - xmltooling.5:${PORTSDIR}/devel/xmltooling + xmltooling.6:${PORTSDIR}/devel/xmltooling GNU_CONFIGURE= yes CONFIGURE_ARGS+=--with-log4shib=${LOCALBASE} --with-openssl=${OPENSSLBASE} \ Modified: head/security/opensaml2/distinfo ============================================================================== --- head/security/opensaml2/distinfo Tue Jun 4 17:16:37 2013 (r319884) +++ head/security/opensaml2/distinfo Tue Jun 4 17:29:21 2013 (r319885) @@ -1,2 +1,2 @@ -SHA256 (opensaml-2.4.3.tar.gz) = 850187c7dd664f9216a387bcc9e08f36643f04ddc08d11551e33a46dd15d2539 -SIZE (opensaml-2.4.3.tar.gz) = 871693 +SHA256 (opensaml-2.5.2.tar.gz) = 5bc3fbe5e789ad7aedfc2919413131400290466ecd2b77b1c3f3dc4c37e6fe54 +SIZE (opensaml-2.5.2.tar.gz) = 707139 Modified: head/security/opensaml2/pkg-plist ============================================================================== --- head/security/opensaml2/pkg-plist Tue Jun 4 17:16:37 2013 (r319884) +++ head/security/opensaml2/pkg-plist Tue Jun 4 17:29:21 2013 (r319885) @@ -25,6 +25,7 @@ include/saml/saml2/metadata/AbstractMeta include/saml/saml2/metadata/DiscoverableMetadataProvider.h include/saml/saml2/metadata/DynamicMetadataProvider.h include/saml/saml2/metadata/EndpointManager.h +include/saml/saml2/metadata/EntityMatcher.h include/saml/saml2/metadata/Metadata.h include/saml/saml2/metadata/MetadataCredentialContext.h include/saml/saml2/metadata/MetadataCredentialCriteria.h @@ -46,7 +47,7 @@ include/saml/signature/SignableObject.h include/saml/signature/SignatureProfileValidator.h include/saml/util/CommonDomainCookie.h include/saml/util/SAMLConstants.h -lib/libsaml.so.7 +lib/libsaml.so.8 lib/libsaml.so libdata/pkgconfig/opensaml.pc %%PORTDOCS%%%%DOCSDIR%%/README.txt @@ -67,6 +68,8 @@ share/xml/opensaml/cs-sstc-schema-assert share/xml/opensaml/cs-sstc-schema-protocol-01.xsd share/xml/opensaml/cs-sstc-schema-assertion-1.1.xsd share/xml/opensaml/cs-sstc-schema-protocol-1.1.xsd +share/xml/opensaml/saml-async-slo-v1.0.xsd +share/xml/opensaml/saml-metadata-rpi-v1.0.xsd share/xml/opensaml/saml-schema-assertion-2.0.xsd share/xml/opensaml/saml-schema-authn-context-2.0.xsd share/xml/opensaml/saml-schema-authn-context-auth-telephony-2.0.xsd Modified: head/security/shibboleth2-sp/Makefile ============================================================================== --- head/security/shibboleth2-sp/Makefile Tue Jun 4 17:16:37 2013 (r319884) +++ head/security/shibboleth2-sp/Makefile Tue Jun 4 17:29:21 2013 (r319885) @@ -2,53 +2,58 @@ # $FreeBSD$ PORTNAME= shibboleth-sp -PORTVERSION= 2.4.3 -PORTREVISION= 1 +PORTVERSION= 2.5.1 CATEGORIES= security www -MASTER_SITES= http://www.shibboleth.net/downloads/service-provider/${PORTVERSION}/ +MASTER_SITES= http://shibboleth.net/downloads/service-provider/${PORTVERSION}/ -MAINTAINER= swills@FreeBSD.org +MAINTAINER= girgen@FreeBSD.org COMMENT= C++ Shibboleth Service Provider (Internet2) for Apache -LIB_DEPENDS= saml.7:${PORTSDIR}/security/opensaml2 - -OPTIONS_DEFINE= APACHE22 -APACHE22_DESC= Use Apache version 2.2 instead of version 2.0 +LIB_DEPENDS= saml.8:${PORTSDIR}/security/opensaml2 MAKE_JOBS_SAFE= yes USE_GMAKE= yes GNU_CONFIGURE= yes +MAKE_ENV= NOKEYGEN=YES USE_LDCONFIG= yes USE_RC_SUBR= shibboleth-sp -USE_AUTOTOOLS= autoconf automake:env libtool:env -WRKSRC= ${WRKDIR}/shibboleth-${PORTVERSION} LATEST_LINK= shibboleth2-sp +USERS= shibd +GROUPS= shibd + +USE_APACHE= 22-24 +USE_OPENSSL= yes + .include <bsd.port.pre.mk> -.if ${PORT_OPTIONS:MAPACHE22} -USE_APACHE= 22 +.if ${APACHE_VERSION} == 22 CONFIGURE_ARGS= --enable-apache-22 --with-apxs22=${APXS} PLIST_SUB+= WITH_APACHE_22="" -PLIST_SUB+= WITH_APACHE_20="@comment " +PLIST_SUB+= WITH_APACHE_24="@comment " .else -IGNORE= apache20 is no longer available -#USE_APACHE= 20 -#CONFIGURE_ARGS= --enable-apache-20 --with-apxs2=${APXS} --with-apr=${PREFIX}/lib/apache2/apr-config --with-apu=${PREFIX}/lib/apache2/apu-config +CONFIGURE_ARGS= --enable-apache-24 --with-apxs24=${APXS} PLIST_SUB+= WITH_APACHE_22="@comment " -PLIST_SUB+= WITH_APACHE_20="" +PLIST_SUB+= WITH_APACHE_24="" .endif + +SUB_LIST+= SH=${SH} +PLIST_SUB+= WWWOWN=${WWWOWN} WWWGRP=${WWWGRP} + +SUB_LIST+= SHIBD_USER=${USERS} +SUB_LIST+= SHIBD_GROUP=${GROUPS} +PLIST_SUB+= SHIBD_USER=${USERS} +PLIST_SUB+= SHIBD_GROUP=${GROUPS} + CONFIGURE_ARGS+= --localstatedir=/var --with-log4shib=${LOCALBASE} CONFIGURE_ARGS+= --with-openssl=${OPENSSLBASE} --with-xmltooling=${LOCALBASE} CONFIGURE_ARGS+= --disable-doxygen-doc -pre-configure: - @${REINPLACE_CMD} -e 's|/run|/run/shibboleth|' ${WRKSRC}/configs/Makefile.in - @${REINPLACE_CMD} -e 's|/doc/@PACKAGE@-@PACKAGE_VERSION@|/doc/@PACKAGE@|' \ - ${WRKSRC}/configs/Makefile.am ${WRKSRC}/configs/Makefile.in \ - ${WRKSRC}/doc/Makefile.am ${WRKSRC}/doc/Makefile.in - ${RM} ${WRKSRC}/aclocal.m4 - @cd ${WRKSRC} && ${AUTORECONF} -fvi +post-install: + ${CHOWN} -R ${USERS}:${GROUPS} /var/cache/shibboleth ;\ + ${CHOWN} -R ${USERS}:${GROUPS} /var/log/shibboleth ;\ + ${CHOWN} -R ${USERS}:${WWWGRP} /var/run/shibboleth ;\ + ${CHMOD} -R u=rwx,g=rx,o= /var/run/shibboleth .include <bsd.port.post.mk> Modified: head/security/shibboleth2-sp/distinfo ============================================================================== --- head/security/shibboleth2-sp/distinfo Tue Jun 4 17:16:37 2013 (r319884) +++ head/security/shibboleth2-sp/distinfo Tue Jun 4 17:29:21 2013 (r319885) @@ -1,2 +1,2 @@ -SHA256 (shibboleth-sp-2.4.3.tar.gz) = 9e0b219707046b55d0ca38627fb213b799ac98cf11541845b7e6b036a89dcdcf -SIZE (shibboleth-sp-2.4.3.tar.gz) = 854326 +SHA256 (shibboleth-sp-2.5.1.tar.gz) = a697034fe56a170602a3907cde6faf822836b1ba23cdc11af315a81df6102f04 +SIZE (shibboleth-sp-2.5.1.tar.gz) = 952815 Added: head/security/shibboleth2-sp/files/patch-makefiles-docdir ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/shibboleth2-sp/files/patch-makefiles-docdir Tue Jun 4 17:29:21 2013 (r319885) @@ -0,0 +1,47 @@ +--- doc/Makefile.am.orig 2012-07-23 22:08:29.000000000 +0200 ++++ doc/Makefile.am 2013-02-22 10:53:42.000000000 +0100 +@@ -1,7 +1,7 @@ + AUTOMAKE_OPTIONS = foreign + +-pkgdocdir = $(datadir)/doc/@PACKAGE_NAME@-@PACKAGE_VERSION@ +-pkgwebdir = $(datadir)/@PACKAGE_NAME@ ++pkgdocdir = $(datadir)/doc/@PACKAGE_NAME@ ++pkgwebdir = $(datadir)/doc/@PACKAGE_NAME@ + + install-data-hook: + if test -d api ; then \ +--- doc/Makefile.in.orig 2012-12-04 05:50:56.000000000 +0100 ++++ doc/Makefile.in 2013-02-22 10:53:42.000000000 +0100 +@@ -288,8 +288,8 @@ + top_srcdir = @top_srcdir@ + xs = @xs@ + AUTOMAKE_OPTIONS = foreign +-pkgdocdir = $(datadir)/doc/@PACKAGE_NAME@-@PACKAGE_VERSION@ +-pkgwebdir = $(datadir)/@PACKAGE_NAME@ ++pkgdocdir = $(datadir)/doc/@PACKAGE_NAME@ ++pkgwebdir = $(datadir)/doc/@PACKAGE_NAME@ + docfiles = \ + CREDITS.txt \ + LICENSE.txt \ +--- configs/Makefile.am.orig 2012-12-04 05:49:50.000000000 +0100 ++++ configs/Makefile.am 2013-02-22 10:53:42.000000000 +0100 +@@ -6,7 +6,7 @@ + pkglogdir = ${localstatedir}/log/@PACKAGE_NAME@ + shirelogdir = ${localstatedir}/log/httpd + pkgxmldir = $(datadir)/xml/@PACKAGE_NAME@ +-pkgwebdir = $(datadir)/@PACKAGE_NAME@ ++pkgwebdir = $(datadir)/doc/@PACKAGE_NAME@ + pkgrundir = $(localstatedir)/run/@PACKAGE_NAME@ + pkgcachedir = $(localstatedir)/cache/@PACKAGE_NAME@ + pkgsysconfdir = $(sysconfdir)/@PACKAGE_NAME@ +--- configs/Makefile.in.orig 2012-12-04 05:50:56.000000000 +0100 ++++ configs/Makefile.in 2013-02-22 10:53:42.000000000 +0100 +@@ -291,7 +291,7 @@ + pkglogdir = ${localstatedir}/log/@PACKAGE_NAME@ + shirelogdir = ${localstatedir}/log/httpd + pkgxmldir = $(datadir)/xml/@PACKAGE_NAME@ +-pkgwebdir = $(datadir)/@PACKAGE_NAME@ ++pkgwebdir = $(datadir)/doc/@PACKAGE_NAME@ + pkgrundir = $(localstatedir)/run/@PACKAGE_NAME@ + pkgcachedir = $(localstatedir)/cache/@PACKAGE_NAME@ + pkgsysconfdir = $(sysconfdir)/@PACKAGE_NAME@ Added: head/security/shibboleth2-sp/files/patch-shibboleth-spec ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/shibboleth2-sp/files/patch-shibboleth-spec Tue Jun 4 17:29:21 2013 (r319885) @@ -0,0 +1,26 @@ +--- shibboleth.spec.in.orig 2012-12-04 05:49:49.000000000 +0100 ++++ shibboleth.spec.in 2013-06-03 16:19:28.000000000 +0200 +@@ -58,7 +58,7 @@ + %if "%{_vendor}" == "suse" + %define pkgdocdir %{_docdir}/shibboleth + %else +-%define pkgdocdir %{_docdir}/shibboleth-%{version} ++%define pkgdocdir %{_docdir}/shibboleth + %endif + + %description +@@ -202,14 +202,6 @@ + /sbin/ldconfig + %endif + +-# Key generation or ownership fix +-cd %{_sysconfdir}/shibboleth +-if [ -f sp-key.pem ] ; then +- %{__chown} %{runuser}:%{runuser} sp-key.pem sp-cert.pem 2>/dev/null || : +-else +- sh ./keygen.sh -b -u %{runuser} -g %{runuser} +-fi +- + # Fix ownership of log files (even on new installs, if they're left from an older one). + %{__chown} %{runuser}:%{runuser} %{_localstatedir}/log/shibboleth/* 2>/dev/null || : + Modified: head/security/shibboleth2-sp/files/shibboleth-sp.in ============================================================================== --- head/security/shibboleth2-sp/files/shibboleth-sp.in Tue Jun 4 17:16:37 2013 (r319884) +++ head/security/shibboleth2-sp/files/shibboleth-sp.in Tue Jun 4 17:29:21 2013 (r319885) @@ -11,9 +11,43 @@ name="shibboleth_sp" rcvar=shibboleth_sp_enable +: ${shibboleth_sp_enable:='NO'} +: ${shibboleth_sp_flags:=''} + command=${shibboleth_sp_program:-%%PREFIX%%/sbin/shibd} -pidfile="${shibboleth_sp_pidfile:-/var/run/${name}.pid}" -command_args="-f -p ${pidfile}" +pidfile="${shibboleth_sp_pidfile:-/var/run/shibboleth/${name}.pid}" +start_precmd="shibboleth_sp_configtest" +restart_precmd="shibboleth_sp_configtest" +configtest_cmd="shibboleth_sp_configtest" +keygen_cmd="shibboleth_sp_keygen" + +shibboleth_sp_user=%%SHIBD_USER%% +shibboleth_sp_group=%%SHIBD_GROUP%% load_rc_config $name + +command_args="-f -p ${pidfile} -u ${shibboleth_sp_user} -g ${shibboleth_sp_group}" +confdir=${SHIBSP_CFGDIR:-%%PREFIX%%/etc}/shibboleth +cert=sp-cert.pem +key=sp-key.pem + +shibboleth_sp_configtest() { + if [ ! -s ${confdir}/${key} -o ! -s ${confdir}/${cert} ]; then + run_rc_command keygen + else + # update from 2.4.x, chown %%SHIBD_USER%% the key and cert + for f in ${confdir}/${key} ${confdir}/${cert}; do + set X `stat ${f}` + test $6 != ${shibboleth_sp_user} && chown ${shibboleth_sp_user}:${shibboleth_sp_group} ${f} + done + fi + ${command} ${shibboleth_sp_flags} -u ${shibboleth_sp_user} -g ${shibboleth_sp_group} -t +} + +shibboleth_sp_keygen() { + %%SH%% ${confdir}/keygen.sh -o ${confdir} -u ${shibboleth_sp_user} -g ${shibboleth_sp_group} +} + +extra_commands="configtest keygen" + run_rc_command "$1" Modified: head/security/shibboleth2-sp/pkg-descr ============================================================================== --- head/security/shibboleth2-sp/pkg-descr Tue Jun 4 17:16:37 2013 (r319884) +++ head/security/shibboleth2-sp/pkg-descr Tue Jun 4 17:29:21 2013 (r319885) @@ -10,4 +10,4 @@ service provider manages secured resourc is based on assertions received by the service provider (SP) from an identity provider. -WWW: http://shibboleth.internet2.edu/ +WWW: http://shibboleth.internet2.edu/ Modified: head/security/shibboleth2-sp/pkg-plist ============================================================================== --- head/security/shibboleth2-sp/pkg-plist Tue Jun 4 17:16:37 2013 (r319884) +++ head/security/shibboleth2-sp/pkg-plist Tue Jun 4 17:29:21 2013 (r319885) @@ -64,11 +64,13 @@ etc/shibboleth/shibd-suse etc/shibboleth/shibd-osx.plist etc/shibboleth/apache.config etc/shibboleth/apache2.config +@unexec if cmp -s %D/etc/shibboleth/attrChecker.html.dist %D/etc/shibboleth/attrChecker.html; then rm -f %D/etc/shibboleth/attrChecker.html; fi +etc/shibboleth/attrChecker.html.dist +@exec if [ ! -f %D/etc/shibboleth/attrChecker.html ] ; then cp -p %D/etc/shibboleth/attrChecker.html.dist %D/etc/shibboleth/attrChecker.html; fi etc/shibboleth/apache22.config +etc/shibboleth/apache24.config etc/shibboleth/keygen.sh etc/shibboleth/upgrade.xsl -etc/shibboleth/sp-key.pem -etc/shibboleth/sp-cert.pem @unexec if cmp -s %D/etc/shibboleth/postTemplate.html.dist %D/etc/shibboleth/postTemplate.html; then rm -f %D/etc/shibboleth/postTemplate.html; fi etc/shibboleth/postTemplate.html.dist @exec if [ ! -f %D/etc/shibboleth/postTemplate.html ] ; then cp -p %D/etc/shibboleth/postTemplate.html.dist %D/etc/shibboleth/postTemplate.html; fi @@ -88,6 +90,7 @@ include/shibsp/SessionCacheEx.h include/shibsp/TransactionLog.h include/shibsp/attribute/Attribute.h include/shibsp/attribute/AttributeDecoder.h +include/shibsp/attribute/BinaryAttribute.h include/shibsp/attribute/ExtensibleAttribute.h include/shibsp/attribute/NameIDAttribute.h include/shibsp/attribute/ScopedAttribute.h @@ -102,10 +105,10 @@ include/shibsp/attribute/resolver/Attrib include/shibsp/attribute/resolver/AttributeResolver.h include/shibsp/attribute/resolver/ResolutionContext.h include/shibsp/base.h -include/shibsp/config_pub.h include/shibsp/binding/ArtifactResolver.h include/shibsp/binding/ProtocolProvider.h include/shibsp/binding/SOAPClient.h +include/shibsp/config_pub.h include/shibsp/exceptions.h include/shibsp/handler/AbstractHandler.h include/shibsp/handler/AssertionConsumerService.h @@ -113,6 +116,7 @@ include/shibsp/handler/Handler.h include/shibsp/handler/LogoutHandler.h include/shibsp/handler/LogoutInitiator.h include/shibsp/handler/RemotedHandler.h +include/shibsp/handler/SecuredHandler.h include/shibsp/handler/SessionInitiator.h include/shibsp/lite/CommonDomainCookie.h include/shibsp/lite/SAMLConstants.h @@ -126,21 +130,20 @@ include/shibsp/security/SecurityPolicy.h include/shibsp/security/SecurityPolicyProvider.h include/shibsp/util/CGIParser.h include/shibsp/util/DOMPropertySet.h +include/shibsp/util/IPRange.h include/shibsp/util/PropertySet.h include/shibsp/util/SPConstants.h include/shibsp/util/TemplateParameters.h include/shibsp/version.h -lib/libshibsp.so.5 +lib/libshibsp.so.6 lib/libshibsp.so lib/shibboleth/adfs.so -lib/shibboleth/adfs.la lib/shibboleth/adfs-lite.so -lib/shibboleth/adfs-lite.la +lib/shibboleth/plugins-lite.so +lib/shibboleth/plugins.so %%WITH_APACHE_22%%lib/shibboleth/mod_shib_22.so -%%WITH_APACHE_22%%lib/shibboleth/mod_shib_22.la -%%WITH_APACHE_20%%lib/shibboleth/mod_shib_20.so -%%WITH_APACHE_20%%lib/shibboleth/mod_shib_20.la -lib/libshibsp-lite.so.5 +%%WITH_APACHE_24%%lib/shibboleth/mod_shib_24.so +lib/libshibsp-lite.so.6 lib/libshibsp-lite.so sbin/shibd share/xml/shibboleth/catalog.xml @@ -155,20 +158,22 @@ share/xml/shibboleth/shibboleth-metadata share/xml/shibboleth/shibboleth.xsd share/xml/shibboleth/WS-Trust.xsd share/doc/shibboleth/CREDITS.txt +share/doc/shibboleth/FASTCGI.LICENSE share/doc/shibboleth/LICENSE.txt +share/doc/shibboleth/LOG4CPP.LICENSE share/doc/shibboleth/NOTICE.txt +share/doc/shibboleth/OPENSSL.LICENSE share/doc/shibboleth/README.txt share/doc/shibboleth/RELEASE.txt -share/doc/shibboleth/FASTCGI.LICENSE -share/doc/shibboleth/OPENSSL.LICENSE -share/doc/shibboleth/LOG4CPP.LICENSE share/doc/shibboleth/main.css -share/doc/shibboleth/logo.jpg -@exec mkdir -p %D/data +@exec mkdir -p /var/cache/shibboleth +@exec chown -R %%SHIBD_USER%%:%%SHIBD_GROUP%% /var/cache/shibboleth @exec mkdir -p /var/log/shibboleth +@exec chown -R %%SHIBD_USER%%:%%SHIBD_GROUP%% /var/log/shibboleth @exec mkdir -p /var/run/shibboleth -@exec chown www:www /var/run/shibboleth -@exec chmod -R ug=rwx,o= /var/run/shibboleth +@exec chown -R %%SHIBD_USER%%:%%WWWGRP%% /var/run/shibboleth +@exec chmod -R u=rwx,g=rx,o= /var/run/shibboleth +@unexec rm -rf /var/cache/shibboleth 2>&1 >/dev/null || true @unexec rm -rf /var/run/shibboleth 2>&1 >/dev/null || true @dirrmtry share/doc/shibboleth/api @dirrmtry share/doc/shibboleth _______________________________________________ svn-ports-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-ports-all To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org" State Changed From-To: open->closed Committed with some modifications. Thanks! |