Building Shibboleth 1.0 target side on Debian GNU/Linux unstable/i386 --------------------------------------------------------------------- # location: http://www.switch.ch/aai/docs/shibboleth/SWITCH/1.0/ # [where you also find sample config files] # authors: Thomas Lenggenhager & Urs Marti, SWITCH # contact: aai@switch.ch # version: 2.2 - 20030707 # This guide is only an addition to the original Shibboleth 1.0 # Target-Deployment Guide and the doc/INSTALL.txt files you can # find in the opensaml and shibboleth source trees. # You should study them first. # If your platform is RedHat or Solaris, you can get the # tar-balls and you do not have to start from the sources # as we had, since we use Debian GNU/Linux, for which no # package is readily available. Preconditions ------------- If '/usr/local/lib' is not in '/etc/ld.so.conf': $ su Password $ echo "/usr/local/lib" >> /etc/ld.so.conf $ exit Debian Packet management ------------------------ There is a bug in apt. Add the following two lines to the file "/etc/apt/apt.conf" APT::Default-Release "woody"; APT::Cache-Limit "8388608"; Sysklog ------- Syslog has to accept network connections: Change one line in /etc/init.d/sysklogd from SYSLOGD="" to SYSLOGD="-r". C++ Compiler 3.2 ---------------- g++-3.3 triggers errors, so we use g++-3.2 $ export CC=gcc-3.2 $ export CXX=g++-3.2 apache-ssl ---------- apache-ssl as well as apache are built without thread support. This will cause the processes to stop if a module is loaded that has libpthread (dynamically) linked. However, this is the case for the shibboleth modules! Therefore, apache has to be built from sources. The dependencies will build the following packages automatically: apache-common apache-dev apache-doc apache-ssl apache libssl-dev libssl0.9.7 openssl_0.9.7 Make sure, there is only one version of openssl and libssl installed. $ export LDFLAGS=-lpthread $ apt-build install apache-ssl $ apt-get install apache-dev $ ldconfig xerces-c 2.2.0 -------------- $ cd $ wget http://xml.apache.org/dist/xerces-c/stable/xerces-c-src2_2_0.tar.gz $ tar xzf xerces-c-src2_2_0.tar.gz $ cd xerces-c-src2_2_0 $ export XERCESCROOT=/home/umarti/xerces-c-src2_2_0 $ cd $XERCESCROOT/src/xercesc As of 2003-06-23, gcc-3.3 is the default compiler, but opensaml doesn't compile. Use one of the following lines: $ ./runConfigure -p linux -c gcc -x g++ -r pthread -b 32 $ ./runConfigure -p linux -c gcc-3.2 -x g++-3.2 -r pthread -b 32 $ make $ su Password # export XERCESCROOT=/home/umarti/xerces-c-src2_2_0 # make install # ldconfig # exit log4cpp 0.3.4b -------------- $ cd $ wget http://switch.dl.sourceforge.net/sourceforge/log4cpp/log4cpp-0.3.4b.tar.gz $ tar xzf log4cpp-0.3.4b.tar.gz $ cd log4cpp-0.3.4b $ ./configure --with-pthreads=yes --enable-static=no --enable-doxygen=no $ make $ su Password # make install # ldconfig xml-security 0.2.0 ------------------ XERCESCROOT has to be set, see xerces-c above $ cd $ wget http://www.apache.org/dist/xml/security/c-library/xml-security-0.2.0.tar.gz $ tar xzf xml-security-0.2.0.tar.gz $ cd xml-security-0.2.0/src $ ./configure --without-xalan $ make $ su Password # cd .. # mv lib/* bin/* /usr/local # mv include/* /usr/local/include This can be dangerous, check this directories: # chown -R root.staff /usr/local/include/xsec /usr/local/lib /usr/local/bin # ldconfig # exit opensaml 0.9 ------------ $ cd $ wget http://wayf.internet2.edu/shibboleth/opensaml-0.9.tar.gz $ tar xzf opensaml-0.9.tar.gz $ cd opensaml-0.9 $ ./configure --with-xerces=/usr/local $ make -k $ su Password # make -k install # mkdir /usr/local/etc/shibboleth /usr/local/etc/opensaml # cp /home/umarti/opensaml-0.9/schemas/* /usr/local/etc/shibboleth # cp /home/umarti/opensaml-0.9/schemas/* /usr/local/etc/opensaml # ldconfig # exit libapreq 1.1 ------------ $ cd $ wget http://www.apache.org/dist/httpd/libapreq/libapreq-1.1.tar.gz $ tar xzf libapreq-1.1.tar.gz $ cd libapreq-1.1 $ /configure --enable-static=no --with-apache-includes=/usr/include/apache-1.3 $ make $ su Password # make install # ldconfig # exit shibboleth 1.0 -------------- $ cd $ wget http://wayf.internet2.edu/shibboleth/shibboleth-1.0.tar.gz $ tar xzf shibboleth-1.0.tar.gz $ export CXXFLAGS=-DSHIBTARGET_INIFILE=\"\\\"/usr/local/etc/shibboleth/shibboleth.ini\\\"\" $ cd shibboleth-1.0 $ ./configure --with-xercesc --with-apxs -C $ make -k $ su Password $ make -k install $ ldconfig Now there should be two apache modules mod_shibrm and mod_shire in /usr/local/libexec/ and the shar binary in /usr/local/bin. Try this test instead of the one mentioned in doc/INSTALL.txt $ /usr/local/bin/shibtest -d /usr/local/etc/shibboleth/ -h foo \ -q urn:mace:switch.ch:SWITCHaai:pilot -r http://www.switch.ch/ \ -a https://maunakea.switch.ch/SWITCHaai/AA Continue now with configuration according to the deployment guide and the additional information for SWITCHaai. selections.txt (not all of these packages are really necessary) -------------- [generated with 'dpkg --get-selections >> selections.txt'] adduser install apache install apache-common install apache-dev install apache-ssl install apt install apt-build install apt-utils install aptitude install at install autoconf install automake1.7 install autoproject install autotools-dev install base-config install base-files install base-passwd install bash install bc install bin86 install bind9-host install binutils install bison install bsdmainutils install bsdutils install build-essential install console-common install console-data install console-tools install coreutils install cpio install cpp install cpp-3.2 install cpp-3.3 install cramfsprogs install cron install cvs install dash install dc install debconf install debconf-utils install debhelper install debianutils install devscripts install diff install dnsutils install dpkg install dpkg-dev install dselect install e2fsprogs install exim install fakeroot install fdutils install file install fileutils install findutils install flex install ftp install g++ install g++-3.2 install g++-3.3 install gcc install gcc-3.2 install gcc-3.2-base install gcc-3.3 install gcc-3.3-base install gdb install gettext install gettext-base install grep install groff-base install gzip install hostname install html2text install ifupdown install initrd-tools install initscripts install ipchains install joe install kernel-image-2.4.18-bf2.4 install klogd install less install libapache-mod-perl install libappconfig-perl install libblkid1 install libbz2-1.0 install libc6 install libc6-dev install libcap1 install libconsole install libcurl2 install libcurl2-dev install libdb1-compat install libdb2 install libdb2-dev install libdb2-util install libdb3 install libdb4.0 install libdb4.1 install libdevel-symdump-perl install libdns8 install libdps1 install libexpat1 install libexpat1-dev install libfreetype6 install libgcc1 install libgcrypt1 install libgdbm3 install libgdbmg1 install libglib2.0-0 install libglib2.0-data install libgnutls5 install libgpmg1 install libhtml-format-perl install libhtml-parser-perl install libhtml-tagset-perl install libhtml-tree-perl install libident install libisc4 install libldap2 install liblockfile1 install libltdl3 install liblwres1 install liblzo1 install libmagic1 install libmailtools-perl install libmm13 install libmysqlclient10 install libncurses5 install libnet-perl install libnet-ph-perl install libnet-snpp-perl install libnet-telnet-perl install libnewt0 install libnewt0.51 install libopencdk4 install libpam-modules install libpam-runtime install libpam0g install libpcap0.7 install libpcre3 install libperl5.8 install libpopt0 install libreadline4 install libsasl2 install libsasl2-modules install libsasl7 install libsigc++-1.2-5c102 install libssl-dev install libssl0.9.7 install libstdc++2.10-glibc2.2 install libstdc++5 install libstdc++5-3.3-dev install libstdc++5-dev install libtasn1-0 install libtimedate-perl install libtool install liburi-perl install libwrap0 install libwww-perl install libxaw7 install libxerces21-dev install libxerces21c102 install libxml2 install libxml2-dev install libxmlsec0 install libxmlsec0-dev install libxslt1 install libxslt1-dev install lilo install locales install login install logrotate install lsof install ltrace install lynx install m4 install mailx install make install makedev install man-db install manpages install manpages-dev install mawk install mbr install mime-support install modconf install modutils install mount install mpack install mysql-common install ncurses-base install ncurses-bin install ncurses-term install net-tools install netbase install netkit-inetd install netkit-ping install ntp install ntp-simple install openssl install passwd install patch install perl install perl-base install perl-modules install php4 install pkg-config install po-debconf install portmap install procps install psmisc install sed install sharutils install shellutils install slang1 install slang1a-utf8 install ssh install strace install sudo install sysklogd install sysv-rc install sysvinit install tar install tasksel install tcpd install textutils install time install util-linux install util-linux-locales install uuid-dev install vim install wget install whiptail install zlib1g install zlib1g-dev install