Bug 177668 - [PATCH] security/shibboleth2-sp: create cert on first use; other fixes
Summary: [PATCH] security/shibboleth2-sp: create cert on first use; other fixes
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Palle Girgensohn
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-04-06 19:30 UTC by Craig Leres
Modified: 2013-06-04 18:33 UTC (History)
1 user (show)

See Also:

Attachments
patch.txt (5.26 KB, text/plain)
2013-04-06 19:30 UTC, Craig Leres 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Craig Leres freebsd_committer freebsd_triage 2013-04-06 19:30:00 UTC 
	An openssl certificate and private key are generated at
	build time and are stored in the package. This means when
	you install shibboleth2-sp from a package on another machine,
	the CN doesn't match its hostname. And anyone with access
	to the package has a copy of the private key.

Fix: Create the certificate and key on first use from the rc.d
	script (just like sshd).

	Obey WWWOWN/WWWGRP when creating /var/run/shibboleth.

	Update Makefile headers.

	Remove obsolete WITH_APACHE_20 stuff.

	Add missing lib files to pkg-plist.

	Please see attached patches.
How-To-Repeat: 	% openssl x509 -text -in /usr/local/etc/shibboleth/sp-cert.pem | \
	    fgrep 'Subject: CN'
		Subject: CN=fun.ee.lbl.gov
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2013-04-06 19:30:08 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->swills

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 Steve Wills freebsd_committer freebsd_triage 2013-05-27 02:40:48 UTC 
Responsible Changed
From-To: swills->girgen

Assign to girgen who has agreed to take maintainership of the shibboleth and related ports
Comment 3 dfilter service freebsd_committer freebsd_triage 2013-06-04 18:29:34 UTC 
Author: girgen
Date: Tue Jun  4 17:29:21 2013
New Revision: 319885
URL: http://svnweb.freebsd.org/changeset/ports/319885

Log:
  Update Shibboleth-sp and its tool chain to 2.5.1.
  
  Note that from 2.5, shibd is run as the user shibd.  The port tries to fix the
  key file ownership but if you have changed the file name of the key from the
  default sp-key.pem, make sure you chown your key file(s) to user shibd.
  
  Also, take maintainership of the entire tool chain (approved by all previous
  maintainers).
  
  Incorporates the ideas suggested by Craig Leres [177668], making sure that the
  ssl key is not added to the package.
  
  PR:	177668, 178694

Added:
  head/security/shibboleth2-sp/files/patch-makefiles-docdir   (contents, props changed)
  head/security/shibboleth2-sp/files/patch-shibboleth-spec   (contents, props changed)
Deleted:
  head/security/shibboleth2-sp/files/patch-configure.ac
Modified:
  head/GIDs
  head/UIDs
  head/devel/log4shib/Makefile
  head/devel/log4shib/distinfo
  head/devel/xmltooling/Makefile
  head/devel/xmltooling/distinfo
  head/devel/xmltooling/pkg-plist
  head/security/apache-xml-security-c/Makefile
  head/security/apache-xml-security-c/distinfo
  head/security/apache-xml-security-c/pkg-plist
  head/security/opensaml2/Makefile
  head/security/opensaml2/distinfo
  head/security/opensaml2/pkg-plist
  head/security/shibboleth2-sp/Makefile
  head/security/shibboleth2-sp/distinfo
  head/security/shibboleth2-sp/files/shibboleth-sp.in
  head/security/shibboleth2-sp/pkg-descr
  head/security/shibboleth2-sp/pkg-plist   (contents, props changed)

Modified: head/GIDs
==============================================================================
--- head/GIDs	Tue Jun  4 17:16:37 2013	(r319884)
+++ head/GIDs	Tue Jun  4 17:29:21 2013	(r319885)
@@ -253,5 +253,6 @@ elasticsearch:*:965:
 ossec:*:966:
 kippo:*:969:
 colord:*:970:
+shibd:*:971:
 nogroup:*:65533:
 nobody:*:65534:

Modified: head/UIDs
==============================================================================
--- head/UIDs	Tue Jun  4 17:16:37 2013	(r319884)
+++ head/UIDs	Tue Jun  4 17:29:21 2013	(r319885)
@@ -260,4 +260,5 @@ ossecm:*:967:966::0:0:OSSEC mail user:/u
 ossecr:*:968:966::0:0:OSSEC rem user:/usr/local/ossec-hids:/usr/sbin/nologin
 kippo:*:969:969::0:0:kippo user:/nonexistent:/usr/sbin/nologin
 colord:*:970:970::0:0:colord color management daemon:/nonexistent:/usr/sbin/nologin
+shibd:*:971:971::0:0:Shibboleth SAML daemon:/nonexistent:/usr/sbin/nologin
 nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin

Modified: head/devel/log4shib/Makefile
==============================================================================
--- head/devel/log4shib/Makefile	Tue Jun  4 17:16:37 2013	(r319884)
+++ head/devel/log4shib/Makefile	Tue Jun  4 17:29:21 2013	(r319885)
@@ -7,11 +7,11 @@
 #
 
 PORTNAME=	log4shib
-DISTVERSION=	1.0.4
+DISTVERSION=	1.0.6
 CATEGORIES=	devel
-MASTER_SITES=	http://shibboleth.internet2.edu/downloads/${PORTNAME}/${DISTVERSION}/
+MASTER_SITES=	http://shibboleth.net/downloads/${PORTNAME}/${DISTVERSION}/
 
-MAINTAINER=	vanilla@FreeBSD.org
+MAINTAINER=	girgen@FreeBSD.org
 COMMENT=	A library of C++ classes for flexible logging
 
 USE_AUTOTOOLS=	libtool
@@ -21,8 +21,8 @@ USE_GNOME=	pkgconfig gnomehack
 CONFIGURE_ARGS=	--with-pthreads --disable-html-docs --disable-doxygen
 USE_LDCONFIG=	yes
 
+USES=		pathfix
 post-patch:
 	@${REINPLACE_CMD} -e 's| -pedantic||g' ${WRKSRC}/configure
-	@${REINPLACE_CMD} -e 's|(libdir)/pkgconfig|(prefix)/libdata/pkgconfig|' ${WRKSRC}/Makefile.in
 
 .include <bsd.port.mk>

Modified: head/devel/log4shib/distinfo
==============================================================================
--- head/devel/log4shib/distinfo	Tue Jun  4 17:16:37 2013	(r319884)
+++ head/devel/log4shib/distinfo	Tue Jun  4 17:29:21 2013	(r319885)
@@ -1,2 +1,2 @@
-SHA256 (log4shib-1.0.4.tar.gz) = 4e5f9e58f14f2498d8be15dc0a6223e83f0510a924494295329b20745cacbc38
-SIZE (log4shib-1.0.4.tar.gz) = 487529
+SHA256 (log4shib-1.0.6.tar.gz) = 060f472a085e34658f4eb19c2be56010adfcf33cf138071f8e7c953aa278d567
+SIZE (log4shib-1.0.6.tar.gz) = 571088

Modified: head/devel/xmltooling/Makefile
==============================================================================
--- head/devel/xmltooling/Makefile	Tue Jun  4 17:16:37 2013	(r319884)
+++ head/devel/xmltooling/Makefile	Tue Jun  4 17:29:21 2013	(r319885)
@@ -2,18 +2,19 @@
 # $FreeBSD$
 
 PORTNAME=	xmltooling
-PORTVERSION=	1.4.2
-PORTREVISION=	1
+PORTVERSION=	1.5.2
 CATEGORIES=	devel security
-MASTER_SITES=	http://www.shibboleth.net/downloads/c++-opensaml/2.4.3/
+MASTER_SITES=	http://shibboleth.net/downloads/c++-opensaml/2.5.2/
 
-MAINTAINER=	jmohacsi@bsd.hu
+MAINTAINER=	girgen@FreeBSD.org
 COMMENT=	Low level XML support for SAML
 
 LIB_DEPENDS=	curl.6:${PORTSDIR}/ftp/curl \
 		log4shib.1:${PORTSDIR}/devel/log4shib \
 		xerces-c.3:${PORTSDIR}/textproc/xerces-c3 \
-		xml-security-c.16:${PORTSDIR}/security/apache-xml-security-c
+		xml-security-c.17:${PORTSDIR}/security/apache-xml-security-c
+	
+BUILD_DEPENDS=	boost-libs>=0:${PORTSDIR}/devel/boost-libs
 
 GNU_CONFIGURE=	yes
 CONFIGURE_ARGS+=--with-log4shib=${LOCALBASE} --with-openssl=${OPENSSLBASE} --with-curl=${LOCALBASE} --disable-doxygen-doc

Modified: head/devel/xmltooling/distinfo
==============================================================================
--- head/devel/xmltooling/distinfo	Tue Jun  4 17:16:37 2013	(r319884)
+++ head/devel/xmltooling/distinfo	Tue Jun  4 17:29:21 2013	(r319885)
@@ -1,2 +1,2 @@
-SHA256 (xmltooling-1.4.2.tar.gz) = c32c503532cd0f2c64a71f0a7f4e63f660f1205830603b0bcd9225dc3c23445d
-SIZE (xmltooling-1.4.2.tar.gz) = 636598
+SHA256 (xmltooling-1.5.2.tar.gz) = d43719f8d742d87131ea64f2dbc8f1b366c7f216ac21015090a51693ff11df98
+SIZE (xmltooling-1.5.2.tar.gz) = 679098

Modified: head/devel/xmltooling/pkg-plist
==============================================================================
--- head/devel/xmltooling/pkg-plist	Tue Jun  4 17:16:37 2013	(r319884)
+++ head/devel/xmltooling/pkg-plist	Tue Jun  4 17:29:21 2013	(r319885)
@@ -48,7 +48,10 @@ include/xmltooling/security/KeyInfoCrede
 include/xmltooling/security/KeyInfoResolver.h
 include/xmltooling/security/OpenSSLCredential.h
 include/xmltooling/security/OpenSSLCryptoX509CRL.h
+include/xmltooling/security/OpenSSLPathValidator.h
 include/xmltooling/security/OpenSSLTrustEngine.h
+include/xmltooling/security/PKIXPathValidatorParams.h
+include/xmltooling/security/PathValidator.h
 include/xmltooling/security/SecurityHelper.h
 include/xmltooling/security/SignatureTrustEngine.h
 include/xmltooling/security/TrustEngine.h
@@ -84,13 +87,14 @@ include/xmltooling/validation/Validator.
 include/xmltooling/validation/ValidatorSuite.h
 include/xmltooling/version.h
 lib/libxmltooling-lite.so
-lib/libxmltooling-lite.so.5
+lib/libxmltooling-lite.so.6
 lib/libxmltooling.so
-lib/libxmltooling.so.5
+lib/libxmltooling.so.6
 libdata/pkgconfig/xmltooling.pc
 share/xml/xmltooling/catalog.xml
 share/xml/xmltooling/soap-envelope.xsd
 share/xml/xmltooling/xenc-schema.xsd
+share/xml/xmltooling/xenc11-schema.xsd
 share/xml/xmltooling/xml.xsd
 share/xml/xmltooling/xmldsig-core-schema.xsd
 share/xml/xmltooling/xmldsig11-schema.xsd

Modified: head/security/apache-xml-security-c/Makefile
==============================================================================
--- head/security/apache-xml-security-c/Makefile	Tue Jun  4 17:16:37 2013	(r319884)
+++ head/security/apache-xml-security-c/Makefile	Tue Jun  4 17:29:21 2013	(r319885)
@@ -2,13 +2,13 @@
 # $FreeBSD$
 
 PORTNAME=	xml-security-c
-PORTVERSION=	1.6.1
+PORTVERSION=	1.7.0
 CATEGORIES=	security
 MASTER_SITES=	${MASTER_SITE_APACHE}
 MASTER_SITE_SUBDIR=santuario/c-library
 PKGNAMEPREFIX=	apache-
 
-MAINTAINER=	jmohacsi@bsd.hu
+MAINTAINER=	girgen@FreeBSD.org
 COMMENT=	Apache XML security libraries - C++ version
 
 LICENSE=	AL2

Modified: head/security/apache-xml-security-c/distinfo
==============================================================================
--- head/security/apache-xml-security-c/distinfo	Tue Jun  4 17:16:37 2013	(r319884)
+++ head/security/apache-xml-security-c/distinfo	Tue Jun  4 17:29:21 2013	(r319885)
@@ -1,2 +1,2 @@
-SHA256 (xml-security-c-1.6.1.tar.gz) = 73931a55d6925a82416ea48f8d6f1b8ed591368e1dfc30574fe43904b7c62fcd
-SIZE (xml-security-c-1.6.1.tar.gz) = 864366
+SHA256 (xml-security-c-1.7.0.tar.gz) = c8cd6ec3d3b777fcca295cb4b273b08e4cfe37e03fc27131ec079894b9dae87c
+SIZE (xml-security-c-1.7.0.tar.gz) = 874025

Modified: head/security/apache-xml-security-c/pkg-plist
==============================================================================
--- head/security/apache-xml-security-c/pkg-plist	Tue Jun  4 17:16:37 2013	(r319884)
+++ head/security/apache-xml-security-c/pkg-plist	Tue Jun  4 17:29:21 2013	(r319885)
@@ -160,7 +160,7 @@ include/xsec/xkms/XKMSValidateResult.hpp
 include/xsec/xkms/XKMSValidityInterval.hpp
 lib/libxml-security-c.a
 lib/libxml-security-c.so
-lib/libxml-security-c.so.16
+lib/libxml-security-c.so.17
 @dirrm include/xsec/xkms
 @dirrm include/xsec/xenc
 @dirrm include/xsec/utils/unixutils

Modified: head/security/opensaml2/Makefile
==============================================================================
--- head/security/opensaml2/Makefile	Tue Jun  4 17:16:37 2013	(r319884)
+++ head/security/opensaml2/Makefile	Tue Jun  4 17:29:21 2013	(r319885)
@@ -2,19 +2,18 @@
 # $FreeBSD$
 
 PORTNAME=	opensaml2
-PORTVERSION=	2.4.3
-PORTREVISION=	1
+PORTVERSION=	2.5.2
 CATEGORIES=	security
-MASTER_SITES=	http://www.shibboleth.net/downloads/c++-opensaml/${PORTVERSION}/
+MASTER_SITES=	http://shibboleth.net/downloads/c++-opensaml/${PORTVERSION}/
 DISTNAME=	opensaml-${PORTVERSION}
 
-MAINTAINER=	jmohacsi@bsd.hu
+MAINTAINER=	girgen@FreeBSD.org
 COMMENT=	Open source implementation of SAML2
 
 LIB_DEPENDS=	curl.6:${PORTSDIR}/ftp/curl \
 		log4shib.1:${PORTSDIR}/devel/log4shib \
 		xerces-c.3:${PORTSDIR}/textproc/xerces-c3 \
-		xmltooling.5:${PORTSDIR}/devel/xmltooling
+		xmltooling.6:${PORTSDIR}/devel/xmltooling
 
 GNU_CONFIGURE=	yes
 CONFIGURE_ARGS+=--with-log4shib=${LOCALBASE} --with-openssl=${OPENSSLBASE} \

Modified: head/security/opensaml2/distinfo
==============================================================================
--- head/security/opensaml2/distinfo	Tue Jun  4 17:16:37 2013	(r319884)
+++ head/security/opensaml2/distinfo	Tue Jun  4 17:29:21 2013	(r319885)
@@ -1,2 +1,2 @@
-SHA256 (opensaml-2.4.3.tar.gz) = 850187c7dd664f9216a387bcc9e08f36643f04ddc08d11551e33a46dd15d2539
-SIZE (opensaml-2.4.3.tar.gz) = 871693
+SHA256 (opensaml-2.5.2.tar.gz) = 5bc3fbe5e789ad7aedfc2919413131400290466ecd2b77b1c3f3dc4c37e6fe54
+SIZE (opensaml-2.5.2.tar.gz) = 707139

Modified: head/security/opensaml2/pkg-plist
==============================================================================
--- head/security/opensaml2/pkg-plist	Tue Jun  4 17:16:37 2013	(r319884)
+++ head/security/opensaml2/pkg-plist	Tue Jun  4 17:29:21 2013	(r319885)
@@ -25,6 +25,7 @@ include/saml/saml2/metadata/AbstractMeta
 include/saml/saml2/metadata/DiscoverableMetadataProvider.h
 include/saml/saml2/metadata/DynamicMetadataProvider.h
 include/saml/saml2/metadata/EndpointManager.h
+include/saml/saml2/metadata/EntityMatcher.h
 include/saml/saml2/metadata/Metadata.h
 include/saml/saml2/metadata/MetadataCredentialContext.h
 include/saml/saml2/metadata/MetadataCredentialCriteria.h
@@ -46,7 +47,7 @@ include/saml/signature/SignableObject.h
 include/saml/signature/SignatureProfileValidator.h
 include/saml/util/CommonDomainCookie.h
 include/saml/util/SAMLConstants.h
-lib/libsaml.so.7
+lib/libsaml.so.8
 lib/libsaml.so
 libdata/pkgconfig/opensaml.pc
 %%PORTDOCS%%%%DOCSDIR%%/README.txt
@@ -67,6 +68,8 @@ share/xml/opensaml/cs-sstc-schema-assert
 share/xml/opensaml/cs-sstc-schema-protocol-01.xsd
 share/xml/opensaml/cs-sstc-schema-assertion-1.1.xsd
 share/xml/opensaml/cs-sstc-schema-protocol-1.1.xsd
+share/xml/opensaml/saml-async-slo-v1.0.xsd
+share/xml/opensaml/saml-metadata-rpi-v1.0.xsd
 share/xml/opensaml/saml-schema-assertion-2.0.xsd
 share/xml/opensaml/saml-schema-authn-context-2.0.xsd
 share/xml/opensaml/saml-schema-authn-context-auth-telephony-2.0.xsd

Modified: head/security/shibboleth2-sp/Makefile
==============================================================================
--- head/security/shibboleth2-sp/Makefile	Tue Jun  4 17:16:37 2013	(r319884)
+++ head/security/shibboleth2-sp/Makefile	Tue Jun  4 17:29:21 2013	(r319885)
@@ -2,53 +2,58 @@
 # $FreeBSD$
 
 PORTNAME=	shibboleth-sp
-PORTVERSION=	2.4.3
-PORTREVISION=	1
+PORTVERSION=	2.5.1
 CATEGORIES=	security www
-MASTER_SITES=	http://www.shibboleth.net/downloads/service-provider/${PORTVERSION}/
+MASTER_SITES=	http://shibboleth.net/downloads/service-provider/${PORTVERSION}/
 
-MAINTAINER=	swills@FreeBSD.org
+MAINTAINER=	girgen@FreeBSD.org
 COMMENT=	C++ Shibboleth Service Provider (Internet2) for Apache
 
-LIB_DEPENDS=	saml.7:${PORTSDIR}/security/opensaml2
-
-OPTIONS_DEFINE=	APACHE22
-APACHE22_DESC=	Use Apache version 2.2 instead of version 2.0
+LIB_DEPENDS=	saml.8:${PORTSDIR}/security/opensaml2
 
 MAKE_JOBS_SAFE=	yes
 USE_GMAKE=	yes
 GNU_CONFIGURE=	yes
+MAKE_ENV=	NOKEYGEN=YES
 USE_LDCONFIG=	yes
 USE_RC_SUBR=	shibboleth-sp
-USE_AUTOTOOLS=	autoconf automake:env libtool:env
-WRKSRC=		${WRKDIR}/shibboleth-${PORTVERSION}
 
 LATEST_LINK=	shibboleth2-sp
 
+USERS=		shibd
+GROUPS=		shibd
+
+USE_APACHE=	22-24
+USE_OPENSSL=	yes
+
 .include <bsd.port.pre.mk>
 
-.if ${PORT_OPTIONS:MAPACHE22}
-USE_APACHE=	22
+.if ${APACHE_VERSION} == 22
 CONFIGURE_ARGS=	--enable-apache-22 --with-apxs22=${APXS}
 PLIST_SUB+=	WITH_APACHE_22=""
-PLIST_SUB+=	WITH_APACHE_20="@comment "
+PLIST_SUB+=	WITH_APACHE_24="@comment "
 .else
-IGNORE=	apache20 is no longer available
-#USE_APACHE=	20
-#CONFIGURE_ARGS=	--enable-apache-20 --with-apxs2=${APXS} --with-apr=${PREFIX}/lib/apache2/apr-config --with-apu=${PREFIX}/lib/apache2/apu-config
+CONFIGURE_ARGS=	--enable-apache-24 --with-apxs24=${APXS}
 PLIST_SUB+=	WITH_APACHE_22="@comment "
-PLIST_SUB+=	WITH_APACHE_20=""
+PLIST_SUB+=	WITH_APACHE_24=""
 .endif
+
+SUB_LIST+=	SH=${SH}
+PLIST_SUB+=	WWWOWN=${WWWOWN} WWWGRP=${WWWGRP}
+
+SUB_LIST+=	SHIBD_USER=${USERS}
+SUB_LIST+=	SHIBD_GROUP=${GROUPS}
+PLIST_SUB+=	SHIBD_USER=${USERS}
+PLIST_SUB+=	SHIBD_GROUP=${GROUPS}
+
 CONFIGURE_ARGS+=	--localstatedir=/var --with-log4shib=${LOCALBASE}
 CONFIGURE_ARGS+=	--with-openssl=${OPENSSLBASE} --with-xmltooling=${LOCALBASE}
 CONFIGURE_ARGS+=	--disable-doxygen-doc
 
-pre-configure:
-	@${REINPLACE_CMD} -e 's|/run|/run/shibboleth|' ${WRKSRC}/configs/Makefile.in
-	@${REINPLACE_CMD} -e 's|/doc/@PACKAGE@-@PACKAGE_VERSION@|/doc/@PACKAGE@|' \
-		${WRKSRC}/configs/Makefile.am ${WRKSRC}/configs/Makefile.in \
-		${WRKSRC}/doc/Makefile.am ${WRKSRC}/doc/Makefile.in
-	${RM} ${WRKSRC}/aclocal.m4
-	@cd ${WRKSRC} && ${AUTORECONF} -fvi
+post-install:
+	${CHOWN} -R ${USERS}:${GROUPS} /var/cache/shibboleth ;\
+	${CHOWN} -R ${USERS}:${GROUPS} /var/log/shibboleth ;\
+       	${CHOWN} -R ${USERS}:${WWWGRP} /var/run/shibboleth ;\
+       	${CHMOD} -R u=rwx,g=rx,o= /var/run/shibboleth
 
 .include <bsd.port.post.mk>

Modified: head/security/shibboleth2-sp/distinfo
==============================================================================
--- head/security/shibboleth2-sp/distinfo	Tue Jun  4 17:16:37 2013	(r319884)
+++ head/security/shibboleth2-sp/distinfo	Tue Jun  4 17:29:21 2013	(r319885)
@@ -1,2 +1,2 @@
-SHA256 (shibboleth-sp-2.4.3.tar.gz) = 9e0b219707046b55d0ca38627fb213b799ac98cf11541845b7e6b036a89dcdcf
-SIZE (shibboleth-sp-2.4.3.tar.gz) = 854326
+SHA256 (shibboleth-sp-2.5.1.tar.gz) = a697034fe56a170602a3907cde6faf822836b1ba23cdc11af315a81df6102f04
+SIZE (shibboleth-sp-2.5.1.tar.gz) = 952815

Added: head/security/shibboleth2-sp/files/patch-makefiles-docdir
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/shibboleth2-sp/files/patch-makefiles-docdir	Tue Jun  4 17:29:21 2013	(r319885)
@@ -0,0 +1,47 @@
+--- doc/Makefile.am.orig	2012-07-23 22:08:29.000000000 +0200
++++ doc/Makefile.am	2013-02-22 10:53:42.000000000 +0100
+@@ -1,7 +1,7 @@
+ AUTOMAKE_OPTIONS = foreign
+ 
+-pkgdocdir = $(datadir)/doc/@PACKAGE_NAME@-@PACKAGE_VERSION@
+-pkgwebdir = $(datadir)/@PACKAGE_NAME@
++pkgdocdir = $(datadir)/doc/@PACKAGE_NAME@
++pkgwebdir = $(datadir)/doc/@PACKAGE_NAME@
+ 
+ install-data-hook:
+ 	if test -d api ; then \
+--- doc/Makefile.in.orig	2012-12-04 05:50:56.000000000 +0100
++++ doc/Makefile.in	2013-02-22 10:53:42.000000000 +0100
+@@ -288,8 +288,8 @@
+ top_srcdir = @top_srcdir@
+ xs = @xs@
+ AUTOMAKE_OPTIONS = foreign
+-pkgdocdir = $(datadir)/doc/@PACKAGE_NAME@-@PACKAGE_VERSION@
+-pkgwebdir = $(datadir)/@PACKAGE_NAME@
++pkgdocdir = $(datadir)/doc/@PACKAGE_NAME@
++pkgwebdir = $(datadir)/doc/@PACKAGE_NAME@
+ docfiles = \
+ 	CREDITS.txt \
+ 	LICENSE.txt \
+--- configs/Makefile.am.orig	2012-12-04 05:49:50.000000000 +0100
++++ configs/Makefile.am	2013-02-22 10:53:42.000000000 +0100
+@@ -6,7 +6,7 @@
+ pkglogdir = ${localstatedir}/log/@PACKAGE_NAME@
+ shirelogdir = ${localstatedir}/log/httpd
+ pkgxmldir = $(datadir)/xml/@PACKAGE_NAME@
+-pkgwebdir = $(datadir)/@PACKAGE_NAME@
++pkgwebdir = $(datadir)/doc/@PACKAGE_NAME@
+ pkgrundir = $(localstatedir)/run/@PACKAGE_NAME@
+ pkgcachedir = $(localstatedir)/cache/@PACKAGE_NAME@
+ pkgsysconfdir = $(sysconfdir)/@PACKAGE_NAME@
+--- configs/Makefile.in.orig	2012-12-04 05:50:56.000000000 +0100
++++ configs/Makefile.in	2013-02-22 10:53:42.000000000 +0100
+@@ -291,7 +291,7 @@
+ pkglogdir = ${localstatedir}/log/@PACKAGE_NAME@
+ shirelogdir = ${localstatedir}/log/httpd
+ pkgxmldir = $(datadir)/xml/@PACKAGE_NAME@
+-pkgwebdir = $(datadir)/@PACKAGE_NAME@
++pkgwebdir = $(datadir)/doc/@PACKAGE_NAME@
+ pkgrundir = $(localstatedir)/run/@PACKAGE_NAME@
+ pkgcachedir = $(localstatedir)/cache/@PACKAGE_NAME@
+ pkgsysconfdir = $(sysconfdir)/@PACKAGE_NAME@

Added: head/security/shibboleth2-sp/files/patch-shibboleth-spec
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/shibboleth2-sp/files/patch-shibboleth-spec	Tue Jun  4 17:29:21 2013	(r319885)
@@ -0,0 +1,26 @@
+--- shibboleth.spec.in.orig	2012-12-04 05:49:49.000000000 +0100
++++ shibboleth.spec.in	2013-06-03 16:19:28.000000000 +0200
+@@ -58,7 +58,7 @@
+ %if "%{_vendor}" == "suse"
+ %define pkgdocdir %{_docdir}/shibboleth
+ %else
+-%define pkgdocdir %{_docdir}/shibboleth-%{version}
++%define pkgdocdir %{_docdir}/shibboleth
+ %endif
+ 
+ %description
+@@ -202,14 +202,6 @@
+ /sbin/ldconfig
+ %endif
+ 
+-# Key generation or ownership fix
+-cd %{_sysconfdir}/shibboleth
+-if [ -f sp-key.pem ] ; then
+-	%{__chown} %{runuser}:%{runuser} sp-key.pem sp-cert.pem 2>/dev/null || :
+-else
+-	sh ./keygen.sh -b -u %{runuser} -g %{runuser}
+-fi
+-
+ # Fix ownership of log files (even on new installs, if they're left from an older one).
+ %{__chown} %{runuser}:%{runuser} %{_localstatedir}/log/shibboleth/* 2>/dev/null || :
+ 

Modified: head/security/shibboleth2-sp/files/shibboleth-sp.in
==============================================================================
--- head/security/shibboleth2-sp/files/shibboleth-sp.in	Tue Jun  4 17:16:37 2013	(r319884)
+++ head/security/shibboleth2-sp/files/shibboleth-sp.in	Tue Jun  4 17:29:21 2013	(r319885)
@@ -11,9 +11,43 @@
 name="shibboleth_sp"
 rcvar=shibboleth_sp_enable
 
+: ${shibboleth_sp_enable:='NO'}
+: ${shibboleth_sp_flags:=''}
+
 command=${shibboleth_sp_program:-%%PREFIX%%/sbin/shibd}
-pidfile="${shibboleth_sp_pidfile:-/var/run/${name}.pid}"
-command_args="-f -p ${pidfile}"
+pidfile="${shibboleth_sp_pidfile:-/var/run/shibboleth/${name}.pid}"
+start_precmd="shibboleth_sp_configtest"
+restart_precmd="shibboleth_sp_configtest"
+configtest_cmd="shibboleth_sp_configtest"
+keygen_cmd="shibboleth_sp_keygen"
+
+shibboleth_sp_user=%%SHIBD_USER%%
+shibboleth_sp_group=%%SHIBD_GROUP%%
 
 load_rc_config $name
+
+command_args="-f -p ${pidfile} -u ${shibboleth_sp_user} -g ${shibboleth_sp_group}"
+confdir=${SHIBSP_CFGDIR:-%%PREFIX%%/etc}/shibboleth
+cert=sp-cert.pem
+key=sp-key.pem
+
+shibboleth_sp_configtest() {
+	if [ ! -s ${confdir}/${key} -o ! -s ${confdir}/${cert} ]; then
+		run_rc_command keygen
+	else
+		# update from 2.4.x, chown %%SHIBD_USER%% the key and cert
+	       	for f in ${confdir}/${key} ${confdir}/${cert}; do
+			set X `stat ${f}`
+			test $6 != ${shibboleth_sp_user} && chown ${shibboleth_sp_user}:${shibboleth_sp_group} ${f}
+		done
+	fi
+	${command} ${shibboleth_sp_flags} -u ${shibboleth_sp_user} -g ${shibboleth_sp_group} -t
+}
+
+shibboleth_sp_keygen() {
+	%%SH%% ${confdir}/keygen.sh -o ${confdir} -u ${shibboleth_sp_user} -g ${shibboleth_sp_group}
+}
+
+extra_commands="configtest keygen"
+
 run_rc_command "$1"

Modified: head/security/shibboleth2-sp/pkg-descr
==============================================================================
--- head/security/shibboleth2-sp/pkg-descr	Tue Jun  4 17:16:37 2013	(r319884)
+++ head/security/shibboleth2-sp/pkg-descr	Tue Jun  4 17:29:21 2013	(r319885)
@@ -10,4 +10,4 @@ service provider manages secured resourc
 is based on assertions received by the service provider (SP) from
 an identity provider.
 
-WWW:	http://shibboleth.internet2.edu/
+WWW: http://shibboleth.internet2.edu/

Modified: head/security/shibboleth2-sp/pkg-plist
==============================================================================
--- head/security/shibboleth2-sp/pkg-plist	Tue Jun  4 17:16:37 2013	(r319884)
+++ head/security/shibboleth2-sp/pkg-plist	Tue Jun  4 17:29:21 2013	(r319885)
@@ -64,11 +64,13 @@ etc/shibboleth/shibd-suse
 etc/shibboleth/shibd-osx.plist
 etc/shibboleth/apache.config
 etc/shibboleth/apache2.config
+@unexec if cmp -s %D/etc/shibboleth/attrChecker.html.dist %D/etc/shibboleth/attrChecker.html; then rm -f %D/etc/shibboleth/attrChecker.html; fi
+etc/shibboleth/attrChecker.html.dist
+@exec if [ ! -f %D/etc/shibboleth/attrChecker.html ] ; then cp -p %D/etc/shibboleth/attrChecker.html.dist %D/etc/shibboleth/attrChecker.html; fi
 etc/shibboleth/apache22.config
+etc/shibboleth/apache24.config
 etc/shibboleth/keygen.sh
 etc/shibboleth/upgrade.xsl
-etc/shibboleth/sp-key.pem
-etc/shibboleth/sp-cert.pem
 @unexec if cmp -s %D/etc/shibboleth/postTemplate.html.dist %D/etc/shibboleth/postTemplate.html; then rm -f %D/etc/shibboleth/postTemplate.html; fi
 etc/shibboleth/postTemplate.html.dist
 @exec if [ ! -f %D/etc/shibboleth/postTemplate.html ] ; then cp -p %D/etc/shibboleth/postTemplate.html.dist %D/etc/shibboleth/postTemplate.html; fi
@@ -88,6 +90,7 @@ include/shibsp/SessionCacheEx.h
 include/shibsp/TransactionLog.h
 include/shibsp/attribute/Attribute.h
 include/shibsp/attribute/AttributeDecoder.h
+include/shibsp/attribute/BinaryAttribute.h
 include/shibsp/attribute/ExtensibleAttribute.h
 include/shibsp/attribute/NameIDAttribute.h
 include/shibsp/attribute/ScopedAttribute.h
@@ -102,10 +105,10 @@ include/shibsp/attribute/resolver/Attrib
 include/shibsp/attribute/resolver/AttributeResolver.h
 include/shibsp/attribute/resolver/ResolutionContext.h
 include/shibsp/base.h
-include/shibsp/config_pub.h
 include/shibsp/binding/ArtifactResolver.h
 include/shibsp/binding/ProtocolProvider.h
 include/shibsp/binding/SOAPClient.h
+include/shibsp/config_pub.h
 include/shibsp/exceptions.h
 include/shibsp/handler/AbstractHandler.h
 include/shibsp/handler/AssertionConsumerService.h
@@ -113,6 +116,7 @@ include/shibsp/handler/Handler.h
 include/shibsp/handler/LogoutHandler.h
 include/shibsp/handler/LogoutInitiator.h
 include/shibsp/handler/RemotedHandler.h
+include/shibsp/handler/SecuredHandler.h
 include/shibsp/handler/SessionInitiator.h
 include/shibsp/lite/CommonDomainCookie.h
 include/shibsp/lite/SAMLConstants.h
@@ -126,21 +130,20 @@ include/shibsp/security/SecurityPolicy.h
 include/shibsp/security/SecurityPolicyProvider.h
 include/shibsp/util/CGIParser.h
 include/shibsp/util/DOMPropertySet.h
+include/shibsp/util/IPRange.h
 include/shibsp/util/PropertySet.h
 include/shibsp/util/SPConstants.h
 include/shibsp/util/TemplateParameters.h
 include/shibsp/version.h
-lib/libshibsp.so.5
+lib/libshibsp.so.6
 lib/libshibsp.so
 lib/shibboleth/adfs.so
-lib/shibboleth/adfs.la
 lib/shibboleth/adfs-lite.so
-lib/shibboleth/adfs-lite.la
+lib/shibboleth/plugins-lite.so
+lib/shibboleth/plugins.so
 %%WITH_APACHE_22%%lib/shibboleth/mod_shib_22.so
-%%WITH_APACHE_22%%lib/shibboleth/mod_shib_22.la
-%%WITH_APACHE_20%%lib/shibboleth/mod_shib_20.so
-%%WITH_APACHE_20%%lib/shibboleth/mod_shib_20.la
-lib/libshibsp-lite.so.5
+%%WITH_APACHE_24%%lib/shibboleth/mod_shib_24.so
+lib/libshibsp-lite.so.6
 lib/libshibsp-lite.so
 sbin/shibd
 share/xml/shibboleth/catalog.xml
@@ -155,20 +158,22 @@ share/xml/shibboleth/shibboleth-metadata
 share/xml/shibboleth/shibboleth.xsd
 share/xml/shibboleth/WS-Trust.xsd
 share/doc/shibboleth/CREDITS.txt
+share/doc/shibboleth/FASTCGI.LICENSE
 share/doc/shibboleth/LICENSE.txt
+share/doc/shibboleth/LOG4CPP.LICENSE
 share/doc/shibboleth/NOTICE.txt
+share/doc/shibboleth/OPENSSL.LICENSE
 share/doc/shibboleth/README.txt
 share/doc/shibboleth/RELEASE.txt
-share/doc/shibboleth/FASTCGI.LICENSE
-share/doc/shibboleth/OPENSSL.LICENSE
-share/doc/shibboleth/LOG4CPP.LICENSE
 share/doc/shibboleth/main.css
-share/doc/shibboleth/logo.jpg
-@exec mkdir -p %D/data
+@exec mkdir -p /var/cache/shibboleth
+@exec chown -R %%SHIBD_USER%%:%%SHIBD_GROUP%% /var/cache/shibboleth
 @exec mkdir -p /var/log/shibboleth
+@exec chown -R %%SHIBD_USER%%:%%SHIBD_GROUP%% /var/log/shibboleth
 @exec mkdir -p /var/run/shibboleth
-@exec chown www:www /var/run/shibboleth
-@exec chmod -R ug=rwx,o= /var/run/shibboleth
+@exec chown -R %%SHIBD_USER%%:%%WWWGRP%%  /var/run/shibboleth
+@exec chmod -R u=rwx,g=rx,o= /var/run/shibboleth
+@unexec rm -rf /var/cache/shibboleth 2>&1 >/dev/null || true
 @unexec rm -rf /var/run/shibboleth 2>&1 >/dev/null || true
 @dirrmtry share/doc/shibboleth/api
 @dirrmtry share/doc/shibboleth
_______________________________________________
svn-ports-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-ports-all
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
Comment 4 Palle Girgensohn freebsd_committer freebsd_triage 2013-06-04 18:32:05 UTC 
State Changed
From-To: open->closed

Committed with some modifications. Thanks!