Building Shibboleth 1.0 target side on Debian GNU/Linux testing/i386 (sarge) -------------------------------------- * location: http://www.switch.ch/aai/docs/shibboleth/SWITCH/1.0/ * [where you also find sample config files] * authors: Thomas Lenggenhager & Urs Marti, SWITCH * contact: aai@switch.ch * version: 2.3 - 20030711 * This guide is only an addition to the original Shibboleth 1.0 * Target-Deployment Guide and the doc/INSTALL.txt files you can * find in the opensaml and shibboleth source trees. * You should study them first. * If your platform is RedHat or Solaris, you can get the * tar-balls and you do not have to start from the sources * as we had, since we use Debian GNU/Linux, for which no * package is readily available. Preconditions ------------- If '/usr/local/lib' is not in '/etc/ld.so.conf': $ su Password # echo "/usr/local/lib" >> /etc/ld.so.conf # exit Debian Packet management ------------------------ There is a bug in apt. Add the following two lines to the file "/etc/apt/apt.conf" APT::Default-Release "sarge"; APT::Cache-Limit "8388608"; Debian Package Selection ------------------------ There is a more or less minimal selection of packages at the end of this file generated by $ dpkg --get-selections >> selections.txt You can compare it against your installation with 'diff -b' to find required, but not yet installed packages on your system. Sysklog ------- Syslog has to accept network connections: Change one line in /etc/init.d/sysklogd from SYSLOGD="" to SYSLOGD="-r". C++ Compiler 3.2 ---------------- g++-3.3 triggers errors, so we use g++-3.2 $ apt-get install g++-3.2 This installs also: cpp-3.2 gcc-3.2 gcc-3.2-base libstdc++5-dev $ export CC=gcc-3.2 $ export CXX=g++-3.2 apt-build --------- We need apt-build later on to build apache $ apt-get install apt-build this installs also: devscripts dpkg-dev g++ g++-3.3 gcc gcc-3.3 libappconfig-perl libstdc++5-3.3-dev libcurl2-dev ------------ We need libcurl2-dev later on to build opensaml $ apt get install libcurl2-dev This installs also: libcurl2 zlib1g-dev libapache-mod-ssl ----------------- /usr/share/doc/libapache-mod-ssl-doc/README.Debian has the info on how to change httpd.conf for using SSL. $ apt-get install libapache-mod-ssl libapache-mod-ssl-doc This installs also: openssl apache 1.3.27 ------------- apache is built without thread support. This will cause the processes to stop if a module is loaded that has libpthread (dynamically) linked. However, this is the case for the shibboleth modules! Therefore, apache has to be built from sources. This apt-build first installs also: debconf-utils debhelper html2text imagemagick libbz2-1.0 libdb4.1-dev libexpat1-dev liblcms libmagick5 libssl-dev libtiff3g libwmf0.2-2 libxml2 po-debconf The dependencies will build the following packages automatically: apache-common apache-dev apache-doc apache-ssl apache Make sure, there is only one version of openssl and libssl installed. $ export LDFLAGS=-lpthread $ apt-build --rebuild --reinstall install apache $ apt-get install apache-dev $ ldconfig xerces-c 2.2.0 (2.3.0 is not compatible with xml-security-0.2.0) -------------- $ cd $ wget http://xml.apache.org/dist/xerces-c/stable/archives/Xerces-C_2_2_0/xerces-c-src2_2_0.tar.gz $ tar xzf xerces-c-src2_2_0.tar.gz $ cd xerces-c-src2_2_0 $ export XERCESCROOT=$HOME/xerces-c-src2_2_0 $ cd $XERCESCROOT/src/xercesc As of 2003-06-23, gcc-3.3 is the default compiler for Debian testing, but opensaml doesn't compile with it yet, so we used gcc-3.2. Use one of the following lines: $ ./runConfigure -p linux -c gcc -x g++ -r pthread -b 32 $ ./runConfigure -p linux -c gcc-3.2 -x g++-3.2 -r pthread -b 32 $ make (not gmake as the output of runConfigure suggests) $ su Password XERCESCROOT has to be set, see above # make install # ldconfig # exit log4cpp 0.3.4b -------------- $ cd $ wget http://switch.dl.sourceforge.net/sourceforge/log4cpp/log4cpp-0.3.4b.tar.gz $ tar xzf log4cpp-0.3.4b.tar.gz $ cd log4cpp-0.3.4b $ ./configure --with-pthreads=yes --enable-static=no --enable-doxygen=no $ make $ su Password # make install # ldconfig xml-security 0.2.0 ------------------ XERCESCROOT has to be set, see xerces-c above $ cd $ wget http://www.apache.org/dist/xml/security/c-library/xml-security-0.2.0.tar.gz $ tar xzf xml-security-0.2.0.tar.gz $ cd xml-security-0.2.0/src $ ./configure --without-xalan $ make $ su Password # cd .. # chown -R root.staff include/xsec lib/* bin/* # cp -p bin/* /usr/local/bin # cp -p lib/* /usr/local/lib # cp -pr include/* /usr/local/include # ldconfig # exit opensaml 0.9 ------------ $ cd $ wget http://wayf.internet2.edu/shibboleth/opensaml-0.9.tar.gz $ tar xzf opensaml-0.9.tar.gz $ cd opensaml-0.9 $ ./configure --with-xerces=/usr/local $ make $ su Password # make install # ldconfig # exit libapreq 1.1 ------------ $ cd $ wget http://www.apache.org/dist/httpd/libapreq/libapreq-1.1.tar.gz $ tar xzf libapreq-1.1.tar.gz $ cd libapreq-1.1 $ ./configure --enable-static=no --with-apache-includes=/usr/include/apache-1.3 $ make $ su Password # make install # ldconfig # exit shibboleth 1.0 -------------- $ cd $ wget http://wayf.internet2.edu/shibboleth/shibboleth-1.0.tar.gz $ tar xzf shibboleth-1.0.tar.gz $ export CXXFLAGS=-DSHIBTARGET_INIFILE=\"\\\"/usr/local/etc/shibboleth/shibboleth.ini\\\"\" $ cd shibboleth-1.0 $ ./configure --with-xercesc --with-apxs -C $ make -k $ su Password # make -k install # ldconfig # exit Now there should be two apache modules mod_shibrm and mod_shire in /usr/local/libexec/ and the shar binary in /usr/local/bin. Try this test instead of the one mentioned in doc/INSTALL.txt $ /usr/local/bin/shibtest -d /usr/local/etc/shibboleth/ -h foo \ -q urn:mace:switch.ch:SWITCHaai:pilot -r http://www.switch.ch/ \ -a https://maunakea.switch.ch/SWITCHaai/AA Continue now with configuration according to the deployment guide and the additional information for SWITCHaai. selections.txt (a more or less minimal list of packages required) -------------- [generated with 'dpkg --get-selections >> selections.txt'] adduser install apache install apache-common install apache-dev install apt install apt-build install apt-utils install aptitude install at install autoconf install automake1.7 install autoproject install autotools-dev install base-config install base-files install base-passwd install bash install bind9-host install binutils install bsdmainutils install bsdutils install console-common install console-data install coreutils install cpio install cpp install cpp-3.2 install cpp-3.3 install cron install cvs install debconf install debianutils install devscripts install diff install dnsutils install doc-linux-text install dpkg install dpkg-dev install dselect install e2fsprogs install exim install fdutils install file install fileutils install findutils install ftp install g++ install g++-3.2 install g++-3.3 install gcc install gcc-3.2 install gcc-3.2-base install gcc-3.3 install gcc-3.3-base install gettext-base install grep install groff-base install gzip install hostname install ifupdown install info install initscripts install kernel-image-2.4.18-bf2.4 install klogd install less install libapache-mod-ssl install libapache-mod-ssl-doc install libappconfig-perl install libblkid1 install libbz2-1.0 install libc6 install libc6-dev install libcap1 install libcurl2 install libcurl2-dev install libdb1-compat install libdb2 install libdb3 install libdb4.0 install libdb4.1 install libdb4.1-dev install libdns8 install libexpat1 install libexpat1-dev install libgcc1 install libgcrypt1 install libgdbmg1 install libident install libisc4 install libldap2 install libltdl3 install liblwres1 install liblzo1 install libmagic1 install libmm11 install libncurses5 install libnewt0 install libnewt0.51 install libopencdk4 install libpam-modules install libpam-runtime install libpam0g install libpcre3 install libperl5.6 install libpopt0 install libreadline4 install libsasl7 install libsigc++0 install libssl-dev install libssl0.9.7 install libstdc++2.10-glibc2.2 install libstdc++5 install libstdc++5-3.3-dev install libstdc++5-dev install libwrap0 install libxml2 install lilo install login install logrotate install lsof install ltrace install m4 install make install makedev install man-db install manpages install manpages-dev install mawk install mbr install mime-support install modconf install modutils install mount install ncurses-base install ncurses-bin install ncurses-term install net-tools install netbase install netkit-inetd install netkit-ping install ntp install ntp-simple install nvi install openssl install passwd install patch install perl install perl-base install perl-modules install php4 install procps install psmisc install sed install sharutils install shellutils install slang1 install slang1a-utf8 install ssh install strace install sudo install sysklogd install sysv-rc install sysvinit install tar install tasksel install tcpd install tcsh install telnet install textutils install time install util-linux install util-linux-locales install wget install whiptail install zlib1g install zlib1g-dev install