[packages/apache-mod_auth_mellon] new, version 0.7.0

glen glen at pld-linux.org
Tue Apr 29 17:57:05 CEST 2014 

commit e0ae282c60679c72e6c2f9eddba869fd546c9179
Author: Elan Ruusamäe <glen at delfi.ee>
Date:   Tue Apr 29 18:56:23 2014 +0300

    new, version 0.7.0
    
    based on fedora package
    5f23c37313733e6fa2245d2017ae23de0e3c8d2a

 apache-mod_auth_mellon.spec | 62 ++++++++++++++++++++++++++++++
 auth_mellon.conf            |  6 +++
 mellon_create_metadata.sh   | 92 +++++++++++++++++++++++++++++++++++++++++++++
 mod_auth_mellon.tmpfiles    |  2 +
 4 files changed, 162 insertions(+)
---
diff --git a/apache-mod_auth_mellon.spec b/apache-mod_auth_mellon.spec
new file mode 100644
index 0000000..430ebd4
--- /dev/null
+++ b/apache-mod_auth_mellon.spec
@@ -0,0 +1,62 @@
+%define		mod_name	auth_mellon
+%define 	apxs		%{_sbindir}/apxs
+Summary:	A SAML 2.0 authentication module for the Apache Httpd Server
+Name:		apache-mod_%{mod_name}
+Version:	0.7.0
+Release:	1
+License:	GPL v2+
+Group:		Networking/Daemons/HTTP
+Source0:	https://modmellon.googlecode.com/files/mod_auth_mellon-%{version}.tar.gz
+# Source0-md5:	b1d58363c6feb00a39402b347bc2e17b
+Source1:	auth_mellon.conf
+Source3:	mod_auth_mellon.tmpfiles
+Source4:	mellon_create_metadata.sh
+URL:		https://code.google.com/p/modmellon/
+BuildRequires:	%{apxs}
+BuildRequires:	apache-devel >= 2.2
+BuildRequires:	curl-devel
+BuildRequires:	glib2-devel
+BuildRequires:	lasso-devel
+BuildRequires:	openssl-devel
+BuildRequires:	rpmbuild(macros) >= 1.268
+BuildRequires:	xmlsec1-devel
+Requires:	apache(modules-api) = %apache_modules_api
+Requires:	lasso >= 2.3.6
+BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
+
+%define		_pkglibdir	%(%{apxs} -q LIBEXECDIR 2>/dev/null)
+%define		_sysconfdir	%(%{apxs} -q SYSCONFDIR 2>/dev/null)/conf.d
+
+%description
+The mod_auth_mellon module is an authentication service that
+implements the SAML 2.0 federation protocol. It grants access based on
+the attributes received in assertions generated by a IdP server.
+
+%prep
+%setup -q -n mod_%{mod_name}-%{version}
+
+%build
+%configure \
+	APXS=%{apxs}
+%{__make}
+
+%install
+rm -rf $RPM_BUILD_ROOT
+install -d $RPM_BUILD_ROOT{%{_pkglibdir},%{_sysconfdir},%{systemdtmpfilesdir},%{_libdir}/%{name},/var/run/mod_%{mod_name}}
+
+install -p .libs/mod_%{mod_name}.so $RPM_BUILD_ROOT%{_pkglibdir}
+cp -p %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/90_mod_%{mod_name}.conf
+cp -p %{SOURCE3} $RPM_BUILD_ROOT%{systemdtmpfilesdir}/%{name}.conf
+cp -p %{SOURCE4} $RPM_BUILD_ROOT%{_libdir}
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%files
+%defattr(644,root,root,755)
+%doc README COPYING
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/*_mod_%{mod_name}.conf
+%attr(755,root,root) %{_pkglibdir}/mod_%{mod_name}.so
+%attr(755,root,root) %{_libdir}/mellon_create_metadata.sh
+%dir %attr(755,http,http) /var/run/mod_%{mod_name}
+%{systemdtmpfilesdir}/%{name}.conf
diff --git a/auth_mellon.conf b/auth_mellon.conf
new file mode 100644
index 0000000..4b75e5e
--- /dev/null
+++ b/auth_mellon.conf
@@ -0,0 +1,6 @@
+LoadModule auth_mellon_module modules/mod_auth_mellon.so
+
+<IfModule mod_auth_mellon.c>
+	MellonCacheSize 100
+	MellonLockFile "/var/run/mod_auth_mellon/lock"
+</IfModule>
diff --git a/mellon_create_metadata.sh b/mellon_create_metadata.sh
new file mode 100644
index 0000000..4eb0baf
--- /dev/null
+++ b/mellon_create_metadata.sh
@@ -0,0 +1,92 @@
+#!/usr/bin/env bash
+set -e
+
+PROG="$(basename "$0")"
+
+printUsage() {
+    echo "Usage: $PROG ENTITY-ID ENDPOINT-URL"
+    echo ""
+    echo "Example:"
+    echo "  $PROG urn:someservice https://sp.example.org/mellon"
+    echo ""
+}
+
+if [ "$#" -lt 2 ]; then
+    printUsage
+    exit 1
+fi
+
+ENTITYID="$1"
+if [ -z "$ENTITYID" ]; then
+    echo "$PROG: An entity ID is required." >&2
+    exit 1
+fi
+
+BASEURL="$2"
+if [ -z "$BASEURL" ]; then
+    echo "$PROG: The URL to the MellonEndpointPath is required." >&2
+    exit 1
+fi
+
+if ! echo "$BASEURL" | grep -q '^https\?://'; then
+    echo "$PROG: The URL must start with \"http://\" or \"https://\"." >&2
+    exit 1
+fi
+
+HOST="$(echo "$BASEURL" | sed 's#^[a-z]*://\([^/]*\).*#\1#')"
+BASEURL="$(echo "$BASEURL" | sed 's#/$##')"
+
+OUTFILE="$(echo "$ENTITYID" | sed 's/[^A-Za-z.]/_/g' | sed 's/__*/_/g')"
+echo "Output files:"
+echo "Private key:               $OUTFILE.key"
+echo "Certificate:               $OUTFILE.cert"
+echo "Metadata:                  $OUTFILE.xml"
+echo "Host:                      $HOST"
+echo
+echo "Endpoints:"
+echo "SingleLogoutService:       $BASEURL/logout"
+echo "AssertionConsumerService:  $BASEURL/postResponse"
+echo
+
+# No files should not be readable by the rest of the world.
+umask 0077
+
+TEMPLATEFILE="$(mktemp -t mellon_create_sp.XXXXXXXXXX)"
+
+cat >"$TEMPLATEFILE" <<EOF
+RANDFILE           = /dev/urandom
+[req]
+default_bits       = 2048
+default_keyfile    = privkey.pem
+distinguished_name = req_distinguished_name
+prompt             = no
+policy             = policy_anything
+[req_distinguished_name]
+commonName         = $HOST
+EOF
+
+openssl req -utf8 -batch -config "$TEMPLATEFILE" -new -x509 -days 3652 -nodes -out "$OUTFILE.cert" -keyout "$OUTFILE.key" 2>/dev/null
+
+rm -f "$TEMPLATEFILE"
+
+CERT="$(grep -v '^-----' "$OUTFILE.cert")"
+
+cat >"$OUTFILE.xml" <<EOF
+<EntityDescriptor entityID="$ENTITYID" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+    <KeyDescriptor use="signing">
+      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+        <ds:X509Data>
+          <ds:X509Certificate>$CERT</ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+    </KeyDescriptor>
+    <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="$BASEURL/logout"/>
+    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="$BASEURL/postResponse" index="0"/>
+  </SPSSODescriptor>
+</EntityDescriptor>
+EOF
+
+umask 0777
+chmod go+r "$OUTFILE.xml"
+chmod go+r "$OUTFILE.cert"
diff --git a/mod_auth_mellon.tmpfiles b/mod_auth_mellon.tmpfiles
new file mode 100644
index 0000000..e68dd80
--- /dev/null
+++ b/mod_auth_mellon.tmpfiles
@@ -0,0 +1,2 @@
+# mod_auth_mellon lock file is created in this directory
+d /var/run/mod_auth_mellon 755 http http
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/apache-mod_auth_mellon.git/commitdiff/e0ae282c60679c72e6c2f9eddba869fd546c9179

More information about the pld-cvs-commit mailing list