Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
Summary: Review Request: simplesamlphp - PHP SAML 2.0 service provider and identity provider
https://bugzilla.redhat.com/show_bug.cgi?id=800867
Summary: Review Request: simplesamlphp - PHP SAML 2.0 service provider and identity provider Product: Fedora Version: rawhide Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: Package Review AssignedTo: nobody@fedoraproject.org ReportedBy: fkooman@tuxed.net QAContact: extras-qa@fedoraproject.org CC: notting@redhat.com, package-review@lists.fedoraproject.org Classification: Fedora Story Points: --- Type: --- Regression: --- Mount Type: --- Documentation: ---
Spec URL: http://fkooman.fedorapeople.org/simplesamlphp/simplesamlphp.spec SRPM URL: http://fkooman.fedorapeople.org/simplesamlphp/simplesamlphp-1.8.2-5.fc16.src... Description:
SimpleSAMLphp is an award-winning application written in native PHP that deals with authentication. The project is led by UNINETT, has a large user base, a helpful user community and a large set of external contributors.
SimpleSAMLphp is having a main focus on providing support for:
SAML 2.0 as a Service Provider. SAML 2.0 as a Identity Provider.
But also supports some other identity protocols, such as Shibboleth 1.3, A-Select, CAS, OpenID, WS-Federation and OAuth.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=800867
--- Comment #1 from François Kooman fkooman@tuxed.net 2012-03-07 07:24:13 EST --- # #### Upstream Issues #### # # - enable simpleSAMLphp modules through (main) config file # ISSUE: http://code.google.com/p/simplesamlphp/issues/detail?id=475 # # - more configurable paths in config.php # ISSUE: http://code.google.com/p/simplesamlphp/issues/detail?id=349 # # - OAuth in modules/oauth/libextinc/OAuth.php is not the same as the # system-wide OAuth.php from php-oauth package # # - Yubico.php in modules/authYubiKey/libextinc/Yubico.php is not the same # as the one from the php-pear-Auth-Yubico package, it was modified. # # #### Packaging Issues #### # # - Follow packaging guidelines for SSL certificates, see # http://fedoraproject.org/wiki/PackagingDrafts/Certificates # # - Make sure SELinux does not interfere with reading the certificates from # /etc/pki/simplesamlphp/. Should be sufficient to just make them owned by # apache.apache with permissions 0640 for the PEM and 0644 for the CRT. # # - Figure out the status of the bundled 'xmlseclibs.php', we use 1.3.0 from # upstream now in this package # ISSUE: http://code.google.com/p/simplesamlphp/issues/detail?id=480 # # - Deal with bundled JavaScript (jquery, jquery-ui, ...) and also image sets? # or just ignore this stuff? # # - Make the log to file in /var/log/simplesamlphp actually work (permissions + # SELinux) # # - Allow Apache to write to /var/lib/simplesamlphp/metadata (permissions + # SELinux) for the "metarefresh" and "cron" plugins # # - Include a README.dist or similar file explaining the configuration specific # items for Fedora (and SELinux) # # - Maybe prepare a cron example file (for metarefresh) # # - Figure out all licenses used in simpleSAMLphp. Debian package list some # # - Figure out what to do with the tmp file location, should this really be # package specific e.g in /var/lib/simplesamlphp/tmp? #
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=800867
--- Comment #2 from François Kooman fkooman@tuxed.net 2012-03-07 07:28:36 EST --- [fkooman@localhost SPECS]$ rpmlint simplesamlphp.spec ../SRPMS/simplesamlphp-1.8.2-5.fc16.src.rpm ../RPMS/noarch/simplesamlphp-1.8.2-5.fc16.noarch.rpm simplesamlphp.spec:110: W: macro-in-comment %config simplesamlphp.spec:110: W: macro-in-comment %{_sysconfdir} simplesamlphp.spec:110: W: macro-in-comment %{name} simplesamlphp.spec:82: W: mixed-use-of-spaces-and-tabs (spaces: line 82, tab: line 1) simplesamlphp.spec: W: invalid-url Source0: http://simplesamlphp.googlecode.com/files/simplesamlphp-1.8.2.tar.gz HTTP Error 404: Not Found simplesamlphp.src:110: W: macro-in-comment %config simplesamlphp.src:110: W: macro-in-comment %{_sysconfdir} simplesamlphp.src:110: W: macro-in-comment %{name} simplesamlphp.src:82: W: mixed-use-of-spaces-and-tabs (spaces: line 82, tab: line 1) simplesamlphp.src: W: invalid-url Source0: http://simplesamlphp.googlecode.com/files/simplesamlphp-1.8.2.tar.gz HTTP Error 404: Not Found simplesamlphp.noarch: E: explicit-lib-dependency php-xmlseclibs simplesamlphp.noarch: E: zero-length /usr/share/simplesamlphp/modules/discopower/dictionaries/tabs.translation.json simplesamlphp.noarch: W: non-conffile-in-etc /etc/pki/simplesamlphp/server.crt simplesamlphp.noarch: W: dangling-relative-symlink /usr/share/simplesamlphp/lib/Auth ../../../../usr/share/pear/Auth_OpenID simplesamlphp.noarch: W: non-conffile-in-etc /etc/pki/simplesamlphp/server.pem simplesamlphp.noarch: W: dangling-relative-symlink /usr/share/simplesamlphp/modules/oauth/libextinc/OAuth.php ../../../../../../../usr/share/php/oauth/OAuth.php simplesamlphp.noarch: E: zero-length /usr/share/simplesamlphp/modules/authX509/default-disable simplesamlphp.noarch: E: zero-length /usr/share/simplesamlphp/modules/InfoCard/dictionaries/dict-InfoCard.translation.json simplesamlphp.noarch: W: dangling-relative-symlink /usr/share/simplesamlphp/modules/authYubiKey/libextinc/Yubico.php ../../../../../../../usr/share/pear/Auth/Yubico.php simplesamlphp.noarch: W: dangling-relative-symlink /usr/share/simplesamlphp/lib/xmlseclibs.php ../../../../../usr/share/php/xmlseclibs/xmlseclibs.php simplesamlphp.noarch: E: zero-length /usr/share/simplesamlphp/modules/openid/dictionaries/dictopenid.translation.json 2 packages and 1 specfiles checked; 5 errors, 16 warnings.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=800867
Jason Corley jason.corley@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jason.corley@gmail.com
--- Comment #3 from Jason Corley jason.corley@gmail.com 2012-04-13 10:26:58 EDT --- not sure how much this matters to you but if you change the find in %setup from: find . -type f -executable -not -path '*/bin/*' | xargs chmod -x to: find . -type f -perm /a+x -not -path '*/bin/*' | xargs chmod -x this package will build on EL5
https://bugzilla.redhat.com/show_bug.cgi?id=800867
--- Comment #4 from François Kooman fkooman@tuxed.net --- @Jason Corley: simpleSAMLphp 1.9.0 requires PHP >= 5.2. Is that available on EL5?
I upgraded the spec to simpleSAMLphp 1.9.0
http://fkooman.fedorapeople.org/simplesamlphp/simplesamlphp.spec http://fkooman.fedorapeople.org/simplesamlphp/simplesamlphp-1.9.0-1.fc16.src...
The xmlseclibs issue from Comment 1 is fixed. The bundled xmlseclibs.php is identical to the one from the xmlseclibs upstream project. The other issues are still open.
I want to look into the certificate business soon. This package works great when simpleSAMLphp is configured as a SP.
https://bugzilla.redhat.com/show_bug.cgi?id=800867
--- Comment #5 from François Kooman fkooman@tuxed.net --- It seems it also works fine in IdP mode with the certificates in /etc/pki/simplesamlphp without requiring any modifications to SELinux. The problem however is that the file is currently world-readable so it probably needs a chown to httpd user.
Also connecting to an LDAP @ localhost works from PHP immediately.
https://bugzilla.redhat.com/show_bug.cgi?id=800867
--- Comment #6 from Jason Corley jason.corley@gmail.com --- it's definitely possible to get php >= 5.2 on rhel5, through either the php53 rhel5 packages or through other means (I'm personally using the ius repos and php53u packages). since it's not a standard path though I imagine it's not a big priority for you, I just figured I'd mention that with that one very minor tweak it builds and runs in my random custom configuration. I should note I haven't tried out the 1.9 version though, just the 1.8.2 package thus far.
https://bugzilla.redhat.com/show_bug.cgi?id=800867
--- Comment #7 from François Kooman fkooman@tuxed.net --- @Jason Corley: I filed the issue upstream, maybe there the permissions can be fixed at the root :)
https://code.google.com/p/simplesamlphp/issues/detail?id=506
In the meantime I also updated the SPEC to use your suggested find/xargs command.
http://fkooman.fedorapeople.org/simplesamlphp/simplesamlphp.spec http://fkooman.fedorapeople.org/simplesamlphp/simplesamlphp-1.9.0-2.fc16.src...
https://bugzilla.redhat.com/show_bug.cgi?id=800867
--- Comment #8 from Jason Corley jason.corley@gmail.com --- and I see they accepted the issue, which is good, but not for 1.9.x, which seems like a bummer. but at least future revisions won't need the modification. I managed to rebuild the package in mock on rhel5.x86_64 with the ius php53 packages/mock config and it built without issue (not counting the incompatible srpm format that requires rpm2cpio and rpmbuild, which has nothing to do with your or this package). will be testing it later, so thanks for the update!
https://bugzilla.redhat.com/show_bug.cgi?id=800867
Victoriano Giralt victoriano@uma.es changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |victoriano@uma.es
--- Comment #9 from Victoriano Giralt victoriano@uma.es --- If you try to install the .f16.srpm on a CentOS 5.8 system, you will get an error about md5 sum mismatch for the SimpleSAMLphp source tarball, like this:
rpm -Uvh simplesamlphp-1.10.0-1.fc16.src.rpm 1:simplesamlphp warning: user fkooman does not exist - using root warning: group fkooman does not exist - using root ########################################### [100%] error: unpacking of archive failed on file /home/devel/redhat/SOURCES/simplesamlphp-1.10.0.tar.gz;507019e2: cpio: MD5 sum mismatch
The fix is simple: - Get the tarball from upstream: http://simplesamlphp.googlecode.com/files/simplesamlphp-%%7Bversion%7D.tar.g... - Get the .spec from its "home": http://fkooman.fedorapeople.org/simplesamlphp/simplesamlphp.spec - Get simplesamlphp-httpd-conf, I did it installing the f16.srpm on a Fedora 16
Build normaly: rpmbuild -ba simplesamlphp.spec
You obtain valid .rpm AND .srpm for el5.
https://bugzilla.redhat.com/show_bug.cgi?id=800867
--- Comment #10 from Victoriano Giralt victoriano@uma.es --- I forgot. If you do not want to go all the way, just grab my .srpm from: http://v.uma.es/simplesamlphp-1.10.0-1.el5.src.rpm
Product: Fedora https://bugzilla.redhat.com/show_bug.cgi?id=800867
Jason Tibbitts tibbs@math.uh.edu changed:
What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(fkooman@tuxed.net | |)
https://bugzilla.redhat.com/show_bug.cgi?id=800867
François Kooman fkooman@tuxed.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(fkooman@tuxed.net | |) |
--- Comment #11 from François Kooman fkooman@tuxed.net --- I upgraded the spec to simpleSAMLphp 1.11.0
http://fkooman.fedorapeople.org/simplesamlphp/simplesamlphp.spec http://fkooman.fedorapeople.org/simplesamlphp/http://fkooman.fedorapeople.or...
This version also requires the updated php-xmlseclibs as it adds some additional signature methods: http://fkooman.fedorapeople.org/php-xmlseclibs/php-xmlseclibs-1.3.0-2.fc18.s...
I've been using this package for quite some time now, both as an IdP and SP, so it works great. Version 1.11.0 also makes it possible to enable modules using the configuration file instead of creating an "enable" file in the /usr/share/simplesamlphp/modules/<module name> directory.
https://bugzilla.redhat.com/show_bug.cgi?id=800867
--- Comment #12 from François Kooman fkooman@tuxed.net --- The URL of the SRPM is actually:
http://fkooman.fedorapeople.org/simplesamlphp/simplesamlphp-1.11.0-1.fc18.sr...
https://bugzilla.redhat.com/show_bug.cgi?id=800867
Jason Tibbitts tibbs@math.uh.edu changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| |NotReady
--- Comment #13 from Jason Tibbitts tibbs@math.uh.edu --- I guess you would need to open a review ticket for php-xmlseclibs and have this ticket depend on that one; as it is, this package is not reviewable as it cannot be installed due to the missing dependency.
Marking as NotReady, please clear the whiteboard if this becomes reviewable in the future.
https://bugzilla.redhat.com/show_bug.cgi?id=800867
François Kooman fkooman@tuxed.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |974492
https://bugzilla.redhat.com/show_bug.cgi?id=800867
François Kooman fkooman@tuxed.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|NotReady |
https://bugzilla.redhat.com/show_bug.cgi?id=800867
Bug 800867 depends on bug 974492, which changed state.
Bug 974492 Summary: Review Request: php-xmlseclibs - PHP library for XML Security https://bugzilla.redhat.com/show_bug.cgi?id=974492
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=800867
François Kooman fkooman@tuxed.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |NOTABUG Last Closed| |2016-07-19 05:31:37
https://bugzilla.redhat.com/show_bug.cgi?id=800867
--- Comment #14 from François Kooman fkooman@tuxed.net --- I am no longer interested in packaging this. Shawn Iwinski wants to open a new ticket once his COPR packages are ready. See https://copr.fedorainfracloud.org/coprs/siwinski/simplesamlphp/
package-review@lists.fedoraproject.org