Name:           shibboleth-ucsf
Version:        0.2
Release:        6
Summary:        UCSF customizations for Shibboleth
Group:          System Environment/Libraries
Vendor:         UCSF
License:        Apache 2.0
URL:            http://tiny.ucsf.edu/myaccess
Source1:        attribute-map.xml.ucsf
Source2:        idp-metadata.xml
Source3:        incommon.pem
Source4:        shibboleth2.xml.ucsf
Source6:        ucsf-shib.conf
BuildArch:      noarch
BuildRoot:      %{_tmppath}/%{name}-%{version}-root
Requires:       shibboleth

%description
This package contains configuration files to make Shibboleth work
in the UCSF environment.

%install
[ "$RPM_BUILD_ROOT" != "/" ] && %{__rm} -rf $RPM_BUILD_ROOT

mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/shibboleth
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d
install -m 0644 %{SOURCE1} $RPM_BUILD_ROOT/%{_sysconfdir}/shibboleth/
install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/shibboleth/
install -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/%{_sysconfdir}/shibboleth/
install -m 0644 %{SOURCE4} $RPM_BUILD_ROOT/%{_sysconfdir}/shibboleth/
install -m 0644 %{SOURCE6} $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/

%clean
[ "$RPM_BUILD_ROOT" != "/" ] && %{__rm} -rf $RPM_BUILD_ROOT

%post
# Use our custom shib config
VER=$(cat /etc/redhat-release |perl -i -ne '/release ([0-9])/ && print "$1\n"')
if ((VER<7)); then
  if ! grep -q "shibd=" /etc/sysconfig/shibd; then
    echo 'shibd="$shibd -c /etc/shibboleth/shibboleth2.xml.ucsf"' >> /etc/sysconfig/shibd
  fi
else
  if ! grep -q "shibd=" /usr/lib/systemd/system/shibd.service; then
    echo 'shibd="$shibd -c /etc/shibboleth/shibboleth2.xml.ucsf"' >> /usr/lib/systemd/system/shibd.service
  fi
fi

# Set a default entityID based on hostname
perl -i -pe 's/%HOSTNAME%/'$HOSTNAME'/' /etc/shibboleth/shibboleth2.xml.ucsf
/sbin/service shibd restart
echo "Your SAML entityid was automatically set to https://$HOSTNAME/shibboleth. If you would like to select a different one, please edit /etc/shibboleth/shibboleth2.xml.ucsf then restart shibd"

%files
%config(noreplace) %{_sysconfdir}/shibboleth/attribute-map.xml.ucsf
%config(noreplace) %{_sysconfdir}/shibboleth/idp-metadata.xml
%config(noreplace) %{_sysconfdir}/shibboleth/incommon.pem
%config(noreplace) %{_sysconfdir}/shibboleth/shibboleth2.xml.ucsf
%config(noreplace) %{_sysconfdir}/httpd/conf.d/ucsf-shib.conf

%changelog
* Fri May 6 2016 Nathan Sheldon <nathan.sheldon@ucsf.edu> - 0.2-6
- Updated shibboleth2.xml.ucsf with correct InCommon metadata URL.
Repository source URL updated to myaccess.ucsf.edu instead of myaccess2.
* Wed Jun 26 2013 Elliot Kendall <elliot.kendall@ucsf.edu> - 0.2-5
- Include metadata for all IdPs
* Wed Jun 26 2013 Elliot Kendall <elliot.kendall@ucsf.edu> - 0.2-4
- Add memberOf to attribute-map
* Wed Jun 26 2013 Elliot Kendall <elliot.kendall@ucsf.edu> - 0.2-3
- Add sAMAccountName to attribute-map
* Fri Oct 5 2012 Elliot Kendall <elliot.kendall@ucsf.edu> - 0.2-2
- Include both eppn and eduPersonPrincipalName in REMOTE_USER
ApplicationDefaults
* Fri Aug 31 2012 Elliot Kendall <elliot.kendall@ucsf.edu> - 0.2-1
- Don't create /etc/sysconfig/shibd since the official shibboleth package
now does, too. Instead add to what's there
* Thu Jul 26 2012 Elliot Kendall <elliot.kendall@ucsf.edu> - 0.1-1
- Switch from a modified shibboleth package to one containing just configs