Table of Contents |
---|
Building the Native SP from SRPM Source Packages
...
The rpmbuild
command, and others required for the build process, are often missing from a server installation, so you may need to install them first. The following list of packages covers most of the prerequisites on many systems:
automake
boost-devel
chrpath
doxygen
gcc-c++
groff
httpd-devel
libidn-devel
openldap-devel
openssl-devel
redhat-rpm-config
rpm-build
(forrpmbuild
)stunnel (for curl-openssl)
unixODBC-devel
You can save some time during the build process by installing all of the above that are available on your system, along with their dependencies. On "yum" platforms, the simplest way is just to install them all at once:
...
You'll then need to repeat the same basic steps for each package, in the following order:
log4shib
xerces-c
xml-security-c
curl-openssl
(on RHEL/CentOS 6.x and 7.x)xmltooling
opensaml
shibboleth
If you jump ahead, the RPM commands will tell you what's missing. The basic steps for each package are:
...
A few options are built-in to control certain dependencies and turn on and off some optional features:
| Effect |
---|---|
| Include FastCGI support (requires |
| Build against the original log4cpp library instead of log4shib (not advised) |
| Expressly include the ODBC storage plugin (requires |
| Don't include ADFS WS-Federation plugin |
| Bypass requirement for native OS httpd-devel package |
| Don't include the ODBC plugin, even if it can be built |
Targeting a Custom Apache
...
Code Block | ||
---|---|---|
| ||
# Source RPMS to rebuild, and the order to rebuild them in. RPMS_ORDER='log4shib-2.0.0-3.1.src.rpm xerces-c-3.2.1-1.1.src.rpm xml-security-c-2.0.2-3.1.src.rpm curl-openssl-7.63.0-1.1.src.rpm xmltooling-3.0.4-3.1.src.rpm opensaml-3.0.1-3.1.src.rpm shibboleth-3.0.4-3.1.src.rpm' for rpm in $RPMS_ORDER; do echo $rpm; wget "https://download.opensuse.org/repositories/security:/shibboleth/CentOS_7/src/$rpm" done # Build tools, as suggested earlier in the wiki yum install \ automake \ boost-devel \ chrpath \ doxygen \ gcc-c++ \ groff \ httpd24-devel \ libidn-devel \ openldap-devel \ openssl-devel \ redhat-rpm-config \ rpm-build \ stunnel \ unixODBC-devel for rpm in $RPMS_ORDER; do echo $rpm; # The shib source rpm has special instructions, so do that seperately if [[ $rpm != shibboleth* ]]; then sudo rpmbuild --rebuild $rpm # Install what we just built since it may be a dependency of the next build sudo yum localinstall -y /usr/src/rpm/RPMS/x86_64/*.rpm fi if [[ $rpm = curl-openssl* ]]; then # After curl-openssl is installed, subsequent builds should use it, mainly xmltooling export PKG_CONFIG_PATH=/opt/shibboleth/lib64/pkgconfig/ fi done # Shibboleth needs to be built differently since it assumes differently-named apache24 packages. # We need to tell the build to ignore looking for OS packages. On my system, I had to explicitly # point out the path to the OpenSSL cURL build as well. Remember to use -E with sudo so that your export # isthat preservedthe export PKG_CONFIG_PATH=/opt/shibboleth/lib64/pkgconfig/ export is preserved sudo -E rpmbuild --rebuild --without builtinapache -D 'shib_options -with-apxs24=/usr/bin/apxs -with-apr1=/usr/bin/apr-1-config -enable-apache-24' shibboleth* sudo yum localinstall /usr/src/rpm/RPMS/x86_64/shibboleth-3.0.2-1.1.x86_64.rpm # Confirm it has the apache mod you need rpm -qpl /usr/src/rpm/RPMS/x86_64/shibboleth-3.0.2-1.1.x86_64.rpm | grep mod_shib # Expected output: /usr/lib64/shibboleth/mod_shib_24.so # You will need to add a configuration directive to actually load the module # since those are also stored in an atypical directory, /etc/httpd/conf.modules.d/. # The typical shib.conf file for Apache 2.4 will work. ln -s /etc/shibboleth/apache24.config /etc/httpd/conf.modules.d/shib.conf |
...