| Table of Contents |
|---|
Building the Native SP from SRPM Source Packages
...
The rpmbuild command, and others required for the build process, are often missing from a server installation, so you may need to install them first. The following list of packages covers most of the prerequisites on many systems:
automakeboost-develchrpathdoxygengcc-c++groffhttpd-devellibidn-developenldap-developenssl-develredhat-rpm-configrpm-build(forrpmbuild)stunnel (for curl-openssl)unixODBC-devel
You can save some time during the build process by installing all of the above that are available on your system, along with their dependencies. On "yum" platforms, the simplest way is just to install them all at once:
...
You'll then need to repeat the same basic steps for each package, in the following order:
log4shibxerces-cxml-security-ccurl-openssl(on RHEL/CentOS 6.x and 7.x)xmltoolingopensamlshibboleth
If you jump ahead, the RPM commands will tell you what's missing. The basic steps for each package are:
...
A few options are built-in to control certain dependencies and turn on and off some optional features:
| Effect |
|---|---|
| Include FastCGI support (requires |
| Build against the original log4cpp library instead of log4shib (not advised) |
| Expressly include the ODBC storage plugin (requires |
| Don't include ADFS WS-Federation plugin |
| Bypass requirement for native OS httpd-devel package |
| Don't include the ODBC plugin, even if it can be built |
Targeting a Custom Apache
...
| Code Block | ||
|---|---|---|
| ||
# Source RPMS to rebuild, and the order to rebuild them in.
RPMS_ORDER='log4shib-2.0.0-3.1.src.rpm xerces-c-3.2.1-1.1.src.rpm xml-security-c-2.0.2-3.1.src.rpm curl-openssl-7.63.0-1.1.src.rpm xmltooling-3.0.4-3.1.src.rpm opensaml-3.0.1-3.1.src.rpm shibboleth-3.0.4-3.1.src.rpm'
for rpm in $RPMS_ORDER; do echo $rpm;
wget "https://download.opensuse.org/repositories/security:/shibboleth/CentOS_7/src/$rpm"
done
# Build tools, as suggested earlier in the wiki
yum install \
automake \
boost-devel \
chrpath \
doxygen \
gcc-c++ \
groff \
httpd24-devel \
libidn-devel \
openldap-devel \
openssl-devel \
redhat-rpm-config \
rpm-build \
stunnel \
unixODBC-devel
for rpm in $RPMS_ORDER; do echo $rpm;
# The shib source rpm has special instructions, so do that seperately
if [[ $rpm != shibboleth* ]]; then
sudo rpmbuild --rebuild $rpm
# Install what we just built since it may be a dependency of the next build
sudo yum localinstall -y /usr/src/rpm/RPMS/x86_64/*.rpm
fi
if [[ $rpm = curl-openssl* ]]; then
# After curl-openssl is installed, subsequent builds should use it, mainly xmltooling
export PKG_CONFIG_PATH=/opt/shibboleth/lib64/pkgconfig/
fi
done
# Shibboleth needs to be built differently since it assumes differently-named apache24 packages.
# We need to tell the build to ignore looking for OS packages. On my system, I had to explicitly
# point out the path to the OpenSSL cURL build as well. Remember to use -E with sudo so
that your export
# isthat preservedthe export PKG_CONFIG_PATH=/opt/shibboleth/lib64/pkgconfig/ export is preserved
sudo -E rpmbuild --rebuild --without builtinapache -D 'shib_options -with-apxs24=/usr/bin/apxs -with-apr1=/usr/bin/apr-1-config -enable-apache-24' shibboleth*
sudo yum localinstall /usr/src/rpm/RPMS/x86_64/shibboleth-3.0.2-1.1.x86_64.rpm
# Confirm it has the apache mod you need
rpm -qpl /usr/src/rpm/RPMS/x86_64/shibboleth-3.0.2-1.1.x86_64.rpm | grep mod_shib
# Expected output: /usr/lib64/shibboleth/mod_shib_24.so
# You will need to add a configuration directive to actually load the module
# since those are also stored in an atypical directory, /etc/httpd/conf.modules.d/.
# The typical shib.conf file for Apache 2.4 will work.
ln -s /etc/shibboleth/apache24.config /etc/httpd/conf.modules.d/shib.conf |
...