Summary: | shibboleth ebuild request | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Pat Riehecky <jcpunk> |
Component: | New packages | Assignee: | Default Assignee for New Packages <maintainer-wanted> |
Status: | CONFIRMED --- | ||
Severity: | enhancement | CC: | flow, jackhill, jonnykent, lebarjack, linkages |
Priority: | High | Keywords: | EBUILD |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://shibboleth.internet2.edu/ | ||
Whiteboard: | sunrise suggested | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 334317, 334385, 334313 | ||
Bug Blocks: | |||
Attachments: |
ebuild for shibboleth
shibboleth ebuild Manifest for shibboleth ebuild digest for shibboleth ebuild: digest-shibboleth-sp-1.3f log4shib-1.0 ebuild xml-security-c-1.3.0 ebuild provided here for completness only, most updated version may be found here: http://bugs.gentoo.org/show_bug.cgi?id=89076 opensaml-1.1b ebuild shibboleth-sp-1.3.1 ebuild for apache 2.2 shibboleth-sp-2.4.3.ebuild - BETA Supplemental files |
Description
Pat Riehecky
2007-12-21 19:34:19 UTC
I am starting work an ebuild for both the apache module and shibd and the required dependencies. Hopefully I'll have something up later this week since I will be needing this for my regular day job. I was searching for this last year and Giacomo Tenaglia from the opensaml mailing list offered me an ebuild that he had done. It worked well on my system (gentoo-hardened 2.6.18 at that time) and has been happily running since early October. He has given permission for me to upload it here. All credit for this version of the ebuild must go to him. He also notes "it's possible that I made mistakes on writing them (for example I have explicitely used the switch --with-apache-20 in the shibboleth-sp ebuild, which I suppose is not the right way to specify that)." Anyway this is a geat place to start from. Created attachment 146186 [details]
ebuild for shibboleth
ebuild for Shibboleth credited to Giacomo Tenaglia
Some added comments for those trying the build. After a succesful build using the Gentoo reverse dependency checker on the system I saw these issues: broken /usr/libexec/adfs.la (requires /usr/lib/libshib.la) broken /usr/libexec/adfs.la (requires /usr/lib/libshib-target.la) broken /usr/libexec/mod_shib_20.la (requires /usr/lib/libshib.la) broken /usr/libexec/mod_shib_20.la (requires /usr/lib/libshib- target.la) broken /usr/libexec/xmlproviders.la (requires /usr/lib/libshib.la) broken /usr/libexec/xmlproviders.la (requires /usr/lib/libshib-target.la ) and consulted with the gurus on the opensaml list who say the lib files aren't needed and hat that may be an issue with libtool (it's a weird interaction between libtool, prefix, DESTDIR, and the various ways in which one can install libraries). I have ignored it without problems for around 6 months now. Several dependencies are listed in the ebuild: DEPEND=">=dev-libs/openssl-0.9.7 =dev-libs/log4cpp-0.3.5_rc1 >=dev-libs/xerces-c-2.6.1 =dev-libs/xml-security-c-1.3.0 =dev-cpp/opensaml-1.1b" Of these openssl, log4cpp, xerces-c, and xml-security-c are already in portage for you to emerge. Note hat xerces is not the same as xerces-c and same for xml-security. The next issue is that it being an unstable build you need to unmask it per this http://forums.gentoo.org/viewtopic-t-33534.html I used ACCEPT_KEYWORDS="~x86" successfully. Caveat emptor: I am currently running apache 2.0.59 and had grief using this ebuild with apache 2.2 Of course since there is a current security advisory on apache <2.2 I may be forced into upgrading quite soon. And then there's a newer version of either Shibboleth or opensaml (don't recal which) in the wings also. Good luck with your Shibboleth ebuilds. Created attachment 146191 [details]
shibboleth ebuild
oops my bad. No tgz files allowed. Here is the plain text shibboleth ebuild
Created attachment 146192 [details]
Manifest for shibboleth ebuild
Created attachment 146193 [details]
digest for shibboleth ebuild: digest-shibboleth-sp-1.3f
opensaml-1.1 is also in portage so the above is all you should need extra. On my system they are in folders: /etc/local/portage/www-apps/shibboleth-sp/shibboleth-sp-1.3f.ebuild /etc/local/portage/www-apps/shibboleth-sp/Manifest /etc/local/portage/www-apps/shibboleth-sp/files/digest-shibboleth-sp-1.3f (In reply to comment #8) I now have shibboleth 1.3.1 working under gentoo hardened 2.6.23-r7 with apache 2.2 I was a little off in my previous posts above about which dependencies were in portage and which were not, so I'll update everything now to the latest I have and make it complete for others trying this. I have these versions of packages that Shibboleth depends on: openssl-0.9.8g : in portage currently at ver 0.9.8g for x86 log4shib-1.0 : not in portage log4cpp-1.0 : this is in portage but masked xerces-c-2.7-r1 : in portage xml-security-c-1.3.0: not in portage opensaml-1.1b: not in portage I have both but you don't need both log4cpp and log4shib. log4shib is a version of log4cpp specifically for shibboleth. Right now the working version of the shibboleth came from an ebuild that calls for log4shib. I will add the ebuilds for log4shib, xml-security-c, and shibboleth-1.3.1 in the next 4 posts. Created attachment 147497 [details]
log4shib-1.0 ebuild
Created attachment 147498 [details] xml-security-c-1.3.0 ebuild provided here for completness only, most updated version may be found here: http://bugs.gentoo.org/show_bug.cgi?id=89076 Created attachment 147501 [details]
opensaml-1.1b ebuild
Created attachment 147504 [details]
shibboleth-sp-1.3.1 ebuild for apache 2.2
may work for earlier versions of apache by removing the --enable-apache-22 flag as the shibboleth docs say that the build will figure out what version of apache you are running. Caveat: I haven't tried without the apache 22 flag.
Please open separate bugs for dev-cpp/opensaml and dev-libs/log4shib, add the Sunrise keywords & whiteboard for them and make them block this bug. (In reply to comment #14) > Please open separate bugs for dev-cpp/opensaml and dev-libs/log4shib, add the > Sunrise keywords & whiteboard for them and make them block this bug. > Thomas Beierlein appears to have quite recently opened bugs 334317 and 334313 and made those block this bug. I would recommend that this bug target Shibboleth 2 now as 1.3 is, although still working, becoming superceded by Shibboleth 2.x (In reply to comment #15) > (In reply to comment #14) > > Please open separate bugs for dev-cpp/opensaml and dev-libs/log4shib, add the > > Sunrise keywords & whiteboard for them and make them block this bug. > > > Thomas Beierlein appears to have quite recently opened bugs 334317 and 334313 > and made those block this bug. > > I would recommend that this bug target Shibboleth 2 now as 1.3 is, although > still working, becoming superceded by Shibboleth 2.x > The Shibboleth website http://shibboleth.internet2.edu/ now states that Shibboleth 1.3 is unsupported as of June 30th, 2010. Shibboleth 2.x requires OpenSAML 2 and a new library XML-Tooling-c and also Shibboleth 2.2 supports xerces-c 2.x and 3.x XML-Security: OpenSAML and Shibboleth 2.x require at least version 1.4.0, and version 1.5.1 or later are recommended. Since it seems better to move straight to Shibboleth 2.x should we open a new bug for that and add another bug to get tghe newly required XML-Tooling-c as well? (In reply to comment #16) > Since it seems better to move straight to Shibboleth 2.x should we open a new > bug for that and add another bug to get tghe newly required XML-Tooling-c as > well? No, this bug is fine. Simply open another bug for the dep. Created attachment 289065 [details] shibboleth-sp-2.4.3.ebuild - BETA This is a ebuild for shibboleth-sp 2 package. Service provider is a part of Shibboleth Internet2 project. I have also prepared ebuilds for dependencies blocking this package, Bug 334317, Bug 334385. This ebuild have still some issues with doc build and files in /etc/shibboleth. Additional files as init script, conf.d and apache module conf are included in another attachment. All files will need some review. But at this moment are able to build running shibboleth service provider. Created attachment 289075 [details]
Supplemental files
Almost 6 years and nobody cares about Shibboleth in Portage :( |