[SCM] Debian packaging for the 2.0 Apache Shibboleth SP branch, debian, updated. upstream/2.0.dfsg1-58-g988635c

Russ Allbery rra at debian.org
Thu Jun 26 00:20:49 UTC 2008


The following commit has been merged in the debian branch:
commit f483bc9cd050359f70cf611c73eabee31625d6b3
Author: Russ Allbery <rra at debian.org>
Date:   Wed Jun 25 16:59:15 2008 -0700

    Move keygen.sh into /usr/sbin and clean up /etc/shibboleth
    
    Move the keygen.sh script into /usr/sbin/shib-keygen and add a man page
    for it since users may want to run it after installation.  Remove the
    keys generated as part of the build process, since they'll be for the
    build host and hence useless in the package.  Also remove an OS X
    configuration file.
    
    Modify keygen.sh to cd to /etc/shibboleth before doing anything so that
    its file paths will still be correct and comment the --fqdn change.
    
    debian/libapache2-mod-shib2.shibd.init is created as part of the build,
    so remove it in the clean target.

diff --git a/configs/keygen.sh b/configs/keygen.sh
index 5bb67db..534516c 100755
--- a/configs/keygen.sh
+++ b/configs/keygen.sh
@@ -1,5 +1,10 @@
 #! /bin/sh
 
+# Added for Debian.  The upstream version is installed in /etc/shibboleth and
+# for Debian we wanted to move it to /usr/bin, so change directories so that
+# it puts files in the correct location.
+cd /etc/shibboleth
+
 while getopts h:e:y:bf c
      do
          case $c in
@@ -26,6 +31,7 @@ if  [ -s sp-key.pem -o -s sp-cert.pem ] ; then
     exit 0
 fi
 
+# --fqdn flag added for Debian to generate better names for certificates.
 if [ -z "$FQDN" ] ; then
     FQDN=`hostname --fqdn`
 fi
diff --git a/debian/control b/debian/control
index 09723b4..bcdf78c 100644
--- a/debian/control
+++ b/debian/control
@@ -16,7 +16,7 @@ Package: libapache2-mod-shib2
 Section: web
 Architecture: any
 Depends: ${shlibs:Depends}
-Recommends: apache2
+Recommends: apache2, openssl
 Conflicts: libapache2-mod-shib
 Description: Federated web single sign-on system (Apache module)
  The Shibboleth System is a standards based software package for web
diff --git a/debian/man-pages/shib-keygen.pod b/debian/man-pages/shib-keygen.pod
new file mode 100644
index 0000000..078e060
--- /dev/null
+++ b/debian/man-pages/shib-keygen.pod
@@ -0,0 +1,83 @@
+=head1 NAME
+
+shib-keygen - Generate a key pair for a Shibboleth SP
+
+=head1 SYNOPSIS
+
+B<shib-keygen> [B<-bf>] [B<-e> I<entity-id>] [B<-h> I<hostname>]
+    [B<-y> I<years>]
+
+=head1 DESCRIPTION
+
+Generate a self-signed X.509 certificate for a Shibboleth SP.  By default,
+the certificate will be for the local fully-qualified (as returned by
+C<hostname --fqdn>) hostname.  An entity ID can be specified with the
+B<-e> flag.  The B<openssl> command-line client is used to generate the
+key pair.  The public certificate will be created in
+F</etc/shibboleth/sp-cert.pem> and the private key in
+F</etc/shibboleth/sp-key.pem>.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-b>
+
+Suppress all standard error output when creating the certificate.  This
+option is normally only used by the package build.
+
+=item B<-e> I<entity-id>
+
+Add I<entity-id> (which should be a URI) as an alternative name for the
+certificate.
+
+=item B<-f>
+
+Remove F</etc/shibboleth/sp-cert.pem> and F</etc/shibboleth/sp-key.pem>
+before generating a new certificate.  Without this option, if those files
+already exist, B<shib-keygen> prints an error and exits rather than
+overwriting them.
+
+=item B<-h> I<hostname>
+
+Specify the fully-qualified domain name for which to generate a
+certificate.  If this option isn't given, the hostname defaults to the
+result of C<hostname --fqdn>.
+
+=item B<-y> I<years>
+
+The number of years for which the certificate should be valid.  The
+default expiration time is ten years into the future.
+
+=back
+
+=head1 FILES
+
+=over 4
+
+=item F</etc/shibboleth/sp-cert.cnf>
+
+The OpenSSL configuration file used for generating the self-signed
+certificate.  This configuration file is generated when the script is run
+and deleted afterwards.
+
+=item F</etc/shibboelth/sp-cert.pem>
+
+The public certificate created by this script.
+
+=item F</etc/shibboleth/sp-key.pem>
+
+The private key for the certificate created by this script.
+
+=back
+
+=head1 AUTHOR
+
+This manual page was written by Russ Allbery for Debian GNU/Linux.
+
+=head1 COPYRIGHT
+
+Copyright 2008 Russ Allbery.  This manual page is hereby placed into the
+public domain by its author.
+
+=cut
diff --git a/debian/rules b/debian/rules
index 52b38e6..8e54be8 100755
--- a/debian/rules
+++ b/debian/rules
@@ -74,7 +74,8 @@ clean:
 	[ ! -f Makefile ] || $(MAKE) distclean
 	find . -name Makefile.in -print0 | xargs -0r rm
 	dh_clean aclocal.m4 config.h config.h.in config.status configure \
-	    config.guess config.sub libtool.m4 ltmain.sh
+	    config.guess config.sub libtool.m4 ltmain.sh \
+	    debian/libapache2-mod-shib2.shibd.init
 
 install: install-stamp
 install-stamp:
@@ -84,8 +85,12 @@ install-stamp:
 	$(MAKE) DESTDIR=$(CURDIR)/debian/tmp install
 	rm -r $(CURDIR)/debian/tmp/usr/share/doc/shibboleth
 	rm $(CURDIR)/debian/tmp/etc/shibboleth/*.{dist,config}
+	rm $(CURDIR)/debian/tmp/etc/shibboleth/shibd-osx.plist
 	rm $(CURDIR)/debian/tmp/etc/shibboleth/shibd-redhat
+	rm $(CURDIR)/debian/tmp/etc/shibboleth/sp-*.pem
 	chmod +x $(CURDIR)/debian/tmp/etc/shibboleth/keygen.sh
+	mv $(CURDIR)/debian/tmp/etc/shibboleth/keygen.sh \
+	    $(CURDIR)/debian/tmp/usr/sbin/shib-keygen
 	mv $(CURDIR)/debian/tmp/etc/shibboleth/shibd-debian \
 	    $(CURDIR)/debian/libapache2-mod-shib2.shibd.init
 	dh_installdirs -s -i
@@ -98,6 +103,9 @@ install-stamp:
 	pod2man $(CURDIR)/debian/man-pages/resolvertest.pod --section 1 \
 	    --center 'Shibboleth' --release 2.0 \
 	    $(CURDIR)/debian/libapache2-mod-shib2/usr/share/man/man1/resolvertest.1
+	pod2man $(CURDIR)/debian/man-pages/shib-keygen.pod --section 8 \
+	    --center 'Shibboleth' --release 2.0 \
+	    $(CURDIR)/debian/libapache2-mod-shib2/usr/share/man/man1/shib-keygen.8
 	pod2man $(CURDIR)/debian/man-pages/shibd.pod --section 8 \
 	    --center 'Shibboleth' --release 2.0 \
 	    $(CURDIR)/debian/libapache2-mod-shib2/usr/share/man/man8/shibd.8

-- 
Debian packaging for the 2.0 Apache Shibboleth SP



More information about the Pkg-shibboleth-devel mailing list