[SCM] Debian packaging for the 2.0 Apache Shibboleth SP branch, master, updated. debian/2.3.1+dfsg-2-34-ge58ce73

Russ Allbery rra at debian.org
Thu Apr 7 05:05:58 UTC 2011 

The following commit has been merged in the master branch:
commit e58ce7386bcb0eb42ea4721f632fac43d9517fa6
Author: Russ Allbery <rra at debian.org>
Date:   Wed Apr 6 22:05:39 2011 -0700

    Update Debian man pages for upstream utility changes

diff --git a/debian/changelog b/debian/changelog
index 7b74003..1184918 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -33,6 +33,7 @@ shibboleth-sp2 (2.4.2+dfsg-1) UNRELEASED; urgency=low
     - Add error information to attribute ResolutionContext
     - Multiple bug fixes
   * Change package names for the upstream SONAME change.
+  * Update Debian man pages for upstream utility changes.
   * Build-depend on xmltooling 1.4 or later and OpenSAML 2.4 or later, and
     also update schema and development package dependencies.
   * Force build dependency on xml-security-c 1.6 or later for consistent
diff --git a/debian/man-pages/shib-keygen.pod b/debian/man-pages/shib-keygen.pod
index 078e060..7399e16 100644
--- a/debian/man-pages/shib-keygen.pod
+++ b/debian/man-pages/shib-keygen.pod
@@ -4,8 +4,8 @@ shib-keygen - Generate a key pair for a Shibboleth SP
 
 =head1 SYNOPSIS
 
-B<shib-keygen> [B<-bf>] [B<-e> I<entity-id>] [B<-h> I<hostname>]
-    [B<-y> I<years>]
+B<shib-keygen> [B<-bf>] [B<-e> I<entity-id>] [B<-g> I<group>]
+    [B<-h> I<hostname>] [B<-o> I<output-dir>] [B<-u> I<user>] [B<-y> I<years>]
 
 =head1 DESCRIPTION
 
@@ -13,7 +13,7 @@ Generate a self-signed X.509 certificate for a Shibboleth SP.  By default,
 the certificate will be for the local fully-qualified (as returned by
 C<hostname --fqdn>) hostname.  An entity ID can be specified with the
 B<-e> flag.  The B<openssl> command-line client is used to generate the
-key pair.  The public certificate will be created in
+key pair.  By default, the public certificate will be created in
 F</etc/shibboleth/sp-cert.pem> and the private key in
 F</etc/shibboleth/sp-key.pem>.
 
@@ -38,12 +38,29 @@ before generating a new certificate.  Without this option, if those files
 already exist, B<shib-keygen> prints an error and exits rather than
 overwriting them.
 
+=item B<-g> I<group>
+
+After generating the key and certificate, change the group ownership of
+the key file to this group.  By default, the group used is C<_shibd>.
+
 =item B<-h> I<hostname>
 
 Specify the fully-qualified domain name for which to generate a
 certificate.  If this option isn't given, the hostname defaults to the
 result of C<hostname --fqdn>.
 
+=item B<-o> I<output-dir>
+
+Store F<sp-cert.pem> and F<sp-key.pem> in the directory I<output-dir>
+rather than the default of F</etc/shibboleth>.
+
+=item B<-u> I<user>
+
+After generating the key and certificate, change the ownership of the key
+file to this user.  This is used to allow the key to be read by a non-root
+user so that B<shibd> can be run as a non-root user.  By default, the
+key is owned by C<_shibd>.
+
 =item B<-y> I<years>
 
 The number of years for which the certificate should be valid.  The
@@ -63,21 +80,25 @@ and deleted afterwards.
 
 =item F</etc/shibboelth/sp-cert.pem>
 
-The public certificate created by this script.
+The default location of the public certificate created by this script.
 
 =item F</etc/shibboleth/sp-key.pem>
 
-The private key for the certificate created by this script.
+The default location of the private key for the certificate created by
+this script.
 
 =back
 
+These three files are stored in the directory given with B<-o> instead, if
+that option is given.
+
 =head1 AUTHOR
 
 This manual page was written by Russ Allbery for Debian GNU/Linux.
 
 =head1 COPYRIGHT
 
-Copyright 2008 Russ Allbery.  This manual page is hereby placed into the
-public domain by its author.
+Copyright 2008, 2011 Russ Allbery.  This manual page is hereby placed into
+the public domain by its author.
 
 =cut
diff --git a/debian/man-pages/shib-metagen.pod b/debian/man-pages/shib-metagen.pod
index 3da2cae..d3fcbc7 100644
--- a/debian/man-pages/shib-metagen.pod
+++ b/debian/man-pages/shib-metagen.pod
@@ -4,11 +4,12 @@ shib-metagen - Generate metadata for a Shibboleth SP
 
 =head1 SYNOPSIS
 
-B<shib-metagen> [B<-c> I<cert> [B<-c> I<cert> ...]] [B<-e> I<entity-id>]
+B<shib-metagen> [B<-12ADLNO>] [B<-c> I<cert> [B<-c> I<cert> ...]]
+    [B<-e> I<entity-id>] [B<-f> I<format> [B<-f> I<format> ...]]
     [B<-h> I<host> [B<-h> I<host> ...]] [B<-n> I<host> [B<-n> I<host> ...]]
     [B<-o> I<organization>] [B<-a> I<admin> [B<-a> I<admin> ...]]
     [B<-s> I<support> [B<-s> I<support> ...]]
-    [B<-t> I<tech> [B<-t> I<tech> ...]]
+    [B<-t> I<tech> [B<-t> I<tech> ...]] [B<-u> I<url>]
 
 =head1 DESCRIPTION
 
@@ -23,6 +24,20 @@ can be given multiple times.
 
 =over 4
 
+=item B<-1>
+
+Generate SAML 1.0 metadata.  The default, if neither B<-1> nor B<-2> is
+given, is to generate metadata for both SAML 1.0 and SAML 2.0.
+
+=item B<-2>
+
+Generate SAML 2.0 metadata.  The default, if neither B<-1> nor B<-2> is
+given, is to generate metadata for both SAML 1.0 and SAML 2.0.
+
+=item B<-A>
+
+Include artifact metadata.
+
 =item B<-a> I<admin>
 
 An administrative contact for this Shibboleth SP.  This option may be
@@ -38,13 +53,23 @@ option may be given multiple times to specify multiple certificates.  If
 it is not given, the default certificate is F<sp-cert.pem> in the current
 working directory.
 
+=item B<-D>
+
+Include discovery service information in the metadata.  By default,
+discovery service information is not included.
+
 =item B<-e> I<entity-id>
 
 The entity ID for this SP.  This must be a unique identifier for this SP
-and must be a URL.  If B<-o> is given, it is used as the URL for the
-organization running this Shibboleth SP.  If it is not specified, it
-defaults to C<https://I<host>/shibboleth> where I<host> is the argument to
-the first B<-h> option.
+and must be a URL.  If B<-o> is given and B<-u> is not given, I<entity-id>
+is used as the URL for the organization running this Shibboleth SP.  If it
+is not specified, it defaults to C<https://I<host>/shibboleth> where
+I<host> is the argument to the first B<-h> option.
+
+=item B<-f> I<format>
+
+Include this NameIDFormat in the metadata.  This option may be given more
+than once.
 
 =item B<-h> I<host>
 
@@ -53,6 +78,16 @@ B<-n> must be specified at least once.  It should be repeated for every
 virtual host that responds to the Shibboleth protocol.  B<-h> should be
 used for hostnames or virtual hosts that use SSL.
 
+=item B<-L>
+
+Include Single Logout information in the metadata.  This is not included
+by default.
+
+=item B<-N>
+
+Include NameID management information in the metadata.  This is not
+included by default.
+
 =item B<-n> I<host>
 
 A hostname for this SP (possibly a virtual host).  Either this option or
@@ -61,6 +96,11 @@ virtual host that responds to the Shibboleth protocol.  B<-n> should be
 used for hostnames or virtual hosts that do not use SSL to protect the
 Shibboleth communication.
 
+=item B<-O>
+
+Include XML namespace declarations in the generated metadata.  This is the
+default.
+
 =item B<-o> I<organization>
 
 The name of the organization that runs this Shibboleth SP.  This option
@@ -85,6 +125,13 @@ multiple times to list multiple contacts.  I<tech> should be in the form
 C<I<first>/I<last>/I<email>> where I<first> is the given name and I<last>
 is the surname.
 
+=item B<-u> I<url>
+
+Sets the URL for the organization.  This information is only used if the
+B<-o> option is also given to specify the name of the organization.  If
+B<-o> is given and B<-u> is not given, the entity ID (set with B<-e>) is
+used as the organization URL.
+
 =back
 
 =head1 AUTHOR
@@ -93,7 +140,7 @@ This manual page was written by Russ Allbery for Debian GNU/Linux.
 
 =head1 COPYRIGHT
 
-Copyright 2009 Russ Allbery.  This manual page is hereby placed into the
-public domain by its author.
+Copyright 2009, 2011 Russ Allbery.  This manual page is hereby placed into
+the public domain by its author.
 
 =cut
diff --git a/debian/man-pages/shibd.pod b/debian/man-pages/shibd.pod
index 3769121..01c71ed 100644
--- a/debian/man-pages/shibd.pod
+++ b/debian/man-pages/shibd.pod
@@ -64,7 +64,7 @@ Prints out the version string.
 =item B<-x> I<pathname>
 
 Specifies the XML schema catalog to use. Defaults to
-/usr/share/xml/shibboleth/catalog.xml.
+F</usr/share/xml/shibboleth/catalog.xml>.
 
 =back
 

-- 
Debian packaging for the 2.0 Apache Shibboleth SP

More information about the Pkg-shibboleth-devel mailing list