Bug#740603: /etc/shibboleth not created when not using libapache2-mod-shib2
Cantor, Scott
cantor.2 at osu.edu
Mon Mar 17 03:59:29 UTC 2014
On 3/16/14, 11:50 PM, "Russ Allbery" <rra at debian.org> wrote:
>
>If the plugins that come with Shibboleth 2.4 (libshibsp5, IIRC) are not
>guaranteed to work with Shibboleth 2.5 (libshibsp6), then the way they're
>packaged right now only works because they're with the only client that
>can currently use them in Debian. If I break them off into a separate
>package, I need to make sure that you either can't get mismatches (the
>plugins for libshibsp5 installed but libshibsp6 installed) or that the
>plugins are part of the library packages themselves. The latter would be
>my preference, but the current problem with *that* is that the plugins are
>in /usr/lib/$arch/shibboleth directly. If I put that into the library
>packages, that means libshibsp5 and libshibsp6 can't be installed
>simultaneously, which Debian requires so that it's possible to upgrade
>shared libraries without undue pain.
Yeah, I get it, and yes, they are linked directly to specific ABIs. If the
ABI changes, that's when the SONAME changes on libshibsp or the others.
The intent is that they're part of Shibboleth proper, rather than part of
the library package, in the sense that two versions of libshibsp should
work side by side but two versions of the SP as a whole don't.
The location was derived from the Red Hat convention for Apache modules,
which I'm not defending, just explaining. The file system standards don't
really address plugins that I'm aware of.
>Does that make sense? And if so, would it be easy for me to move the
>plugins to such a directory in some way? I'd need to make sure that the
>library knew where to load them from, of course. It's not immediately
>obvious to me how, although I'm guessing it's related to SHIBSP_LIBDIR.
Yeah it is, so I suppose there's probably a way to get that into the build
such that each updated build would have a version-specific location to
auto-resolve plugins from. I don't test that all very much, similarly to
how building Kerberos in non-default ways makes for an interesting
experience.
On Red Hat, the files are part of the main "binary" package that doesn't
support side-by-side installation.
Would it be possible to have a shibboleth-sp2-<something> package for
shibd and those plugins that would be one version at a time?
-- Scott
More information about the Pkg-shibboleth-devel
mailing list