Updated Debian Shibboleth packages

Russ Allbery rra at stanford.edu
Mon Nov 16 21:39:46 UTC 2009

The update process for Shibboleth 2.x packages in the official Debian
archives is running slow at the moment due to work on the Debian package
processing software and due to the trickiness of backporting the fix to
the version that released with lenny, so while that's going on, I've made
fixed Shibboleth 2.x packages available via my personal repository.

To install the current Shibboleth 2.x package set in Debian stable
(lenny), add the following to your /etc/apt/sources.list file:

    deb http://archives.eyrie.org/debian lenny main
    deb http://www.backports.org/debian lenny-backports main

The second is needed for the backport of XML-Security-C.  Also add to

    Package: *
    Pin: release a=lenny-backports
    Pin-Priority: 200

if you haven't already configured your system for the backports
repository.  This will prevent you from installing backported packages
unless they're explicitly installed or needed for other dependencies.

To get signature validation for packages from these archives, install the
packages eyrie-keyring and debian-backports-keyring.  If you want stronger
validation of the new keys than leap-of-faith installation of a package
from the archives, see:


respectively for the public keys, which are signed by keys in the strong
PGP web of trust and can be manually verified.

To install the current Shibboleth 2.x package set for Debian unstable or
testing, you only need to add:

    deb http://archives.eyrie.org/debian unstable main

to your /etc/apt/sources.list, since everything else is already in

The packages will be removed from my personal repository once they've been
accepted into Debian unstable and into backports.org.

I'm currently working on new Shibboleth 1.x packages for lenny and etch.
(Shibboleth 1.x is no longer available from Debian unstable or testing and
will not be included in the squeeze release.)

These packages are not tested on Ubuntu, but will probably work there as
well, provided that you pick packages that roughly match the age of your
Ubuntu release in terms of what other packages it contains.  However, if
you want to run Shibboleth servers on Ubuntu and stay current on security
patches, you will probably have to pay close attention to the Debian
packages and possibly file bugs with Launchpad to get package updates into
universe.  I do not use Ubuntu on web servers and hence do not do this
work myself.

As always, Debian packaging of Shibboleth is discussed on the
pkg-shibboleth-devel at lists.alioth.debian.org mailing list.  All interested
parties are invited and encouraged to join via:


Please let me know if you have any problems.

Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

More information about the Pkg-shibboleth-devel mailing list