From 20eb69e2c57a29ed411d02d6fc27a559270db6c7 Mon Sep 17 00:00:00 2001 From: John Dennis Date: Apr 19 2018 23:11:22 +0000 Subject: Upgrade to new upstream release Add README.redhat.rst doc explaining packaging of this module. --- diff --git a/.gitignore b/.gitignore index 2d82901..7b0a11c 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,4 @@ /mod_auth_mellon-0.11.0.tar.gz /mod_auth_mellon-0.12.0.tar.gz /mod_auth_mellon-0.13.1.tar.gz +/mod_auth_mellon-0.14.0.tar.gz diff --git a/README.redhat.rst b/README.redhat.rst new file mode 100644 index 0000000..a834aae --- /dev/null +++ b/README.redhat.rst @@ -0,0 +1,83 @@ +Red Hat Specific mod_auth_mellon Information +============================================ + +This README contains information specific to Red Hat's distribution of +``mod_auth_mellon``. + +Diagnostic Logging +------------------ + +Diagnostic logging can be used to collect run time information to help +diagnose problems with your ``mod_auth_mellon`` deployment. Please see +the "Mellon Diagnostics" section in the Mellon User Guide for more +details. + +How to enable diagnostic logging on Red Hat systems +``````````````````````````````````````````````````` + +Diagnostic logging adds overhead to the execution of +``mod_auth_mellon``. The code to emit diagnostic logging must be +compiled into ``mod_auth_mellon`` at build time. In addition the +diagnostic log file may contain security sensitive information which +should not normally be written to a log file. If you have a +version of ``mod_auth_mellon`` which was built with diagnostics you +can disable diagnostic logging via the ``MellonDiagnosticsEnable`` +configuration directive. However given human nature the potential to +enable diagnostic logging while resolving a problem and then forget to +disable it is not a situation that should exist by default. Therefore +given the overhead consideration and the desire to avoid enabling +diagnostic logging by mistake the Red Hat ``mod_auth_mellon`` RPM's +ship with two versions of the ``mod_auth_mellon`` Apache module. + +1. The ``mod_auth_mellon`` RPM contains the normal Apache module + ``/usr/lib*/httpd/modules/mod_auth_mellon.so`` + +2. The ``mod_auth_mellon-diagnostics`` RPM contains the diagnostic + version of the Apache module + ``/usr/lib*/httpd/modules/mod_auth_mellon-diagnostics.so`` + +Because each version of the module has a different name both the +normal and diagnostic modules can be installed simultaneously without +conflict. But Apache will only load one of the two modules. Which +module is loaded is controlled by the +``/etc/httpd/conf.modules.d/10-auth_mellon.conf`` config file which +has a line in it which looks like this:: + + LoadModule auth_mellon_module modules/mod_auth_mellon.so + +To load the diagnostics version of the module you need to change the +module name so it looks like this:: + + LoadModule auth_mellon_module modules/mod_auth_mellon-diagnostics.so + +**Don't forget to change it back again when you're done debugging.** + +You'll also need to enable the collection of diagnostic information, +do this by adding this directive at the top of your Mellon conf.d +config file or inside your virtual host config (diagnostics are per +server instance):: + + MellonDiagnosticsEnable On + +.. NOTE:: + Some versions of the Mellon User Guide have a typo in the name of + this directive, it incorrectly uses ``MellonDiagnosticEnable`` + instead of ``MellonDiagnosticsEnable``. The difference is + Diagnostics is plural. + +The Apache ``error_log`` will contain a message indicating how it +processed the ``MellonDiagnosticsEnable`` directive. If you loaded the +standard module without diagnostics you'll see a message like this:: + + MellonDiagnosticsEnable has no effect because Mellon was not + compiled with diagnostics enabled, use + ./configure --enable-diagnostics at build time to turn this + feature on. + +If you've loaded the diagnostics version of the module you'll see a +message in the ``error_log`` like this:: + + mellon diagnostics enabled for virtual server *:443 + (/etc/httpd/conf.d/my_server.conf:7) + ServerName=https://my_server.example.com:443, diagnostics + filename=logs/mellon_diagnostics diff --git a/mod_auth_mellon.spec b/mod_auth_mellon.spec index 5acf5d0..ec1aeab 100644 --- a/mod_auth_mellon.spec +++ b/mod_auth_mellon.spec @@ -1,13 +1,14 @@ Summary: A SAML 2.0 authentication module for the Apache Httpd Server Name: mod_auth_mellon -Version: 0.13.1 -Release: 2%{?dist} +Version: 0.14.0 +Release: 1%{?dist} Group: System Environment/Daemons Source0: https://github.com/UNINETT/mod_auth_mellon/releases/download/v%{version}/%{name}-%{version}.tar.gz Source1: auth_mellon.conf Source2: 10-auth_mellon.conf Source3: mod_auth_mellon.conf Source4: mellon_create_metadata.sh +Source5: README.redhat.rst License: GPLv2+ BuildRequires: curl-devel BuildRequires: glib2-devel @@ -15,8 +16,9 @@ BuildRequires: httpd-devel BuildRequires: lasso-devel >= 2.5.0 BuildRequires: openssl-devel BuildRequires: xmlsec1-devel +BuildRequires: rubygem-asciidoctor Requires: httpd-mmn = %{_httpd_mmn} -Requires: lasso >= 2.5.0 +Requires: lasso >= 2.5.1 Url: https://github.com/UNINETT/mod_auth_mellon @@ -30,13 +32,22 @@ received in assertions generated by a IdP server. %build export APXS=%{_httpd_apxs} +%configure --enable-diagnostics +make clean +make %{?_smp_mflags} +cp .libs/%{name}.so %{name}-diagnostics.so + %configure make %{?_smp_mflags} +pushd doc/user_guide +asciidoctor -a data-uri mellon_user_guide.adoc +popd %install # install module mkdir -p %{buildroot}%{_httpd_moddir} install -m 755 .libs/%{name}.so %{buildroot}%{_httpd_moddir} +install -m 755 %{name}-diagnostics.so %{buildroot}%{_httpd_moddir} # install module configuration mkdir -p %{buildroot}%{_httpd_confdir} @@ -52,6 +63,26 @@ mkdir -p %{buildroot}/run/%{name} mkdir -p %{buildroot}/%{_libexecdir}/%{name} install -m 755 %{SOURCE4} %{buildroot}/%{_libexecdir}/%{name} +#install documentation +mkdir -p %{buildroot}/%{_pkgdocdir} + +# install Red Hat README +install %{SOURCE5} %{buildroot}/%{_pkgdocdir} + +# install user guide +cp -r doc/user_guide %{buildroot}/%{_pkgdocdir} + +%package diagnostics +Summary: Build of mod_auth_mellon with diagnostic logging +Requires: %{name} = %{version}-%{release} + +%description diagnostics +Build of mod_auth_mellon with diagnostic logging. See README.redhat.rst +in the doc directory for instructions on using the diagnostics build. + +%files diagnostics +%{_httpd_moddir}/%{name}-diagnostics.so + %files %defattr(-,root,root) %if 0%{?rhel} && 0%{?rhel} < 7 @@ -59,7 +90,9 @@ install -m 755 %{SOURCE4} %{buildroot}/%{_libexecdir}/%{name} %else %license COPYING %endif -%doc README NEWS ECP.rst +%doc README.md NEWS ECP.rst +%doc %{_pkgdocdir}/README.redhat.rst +%doc %{_pkgdocdir}/user_guide %config(noreplace) %{_httpd_modconfdir}/10-auth_mellon.conf %config(noreplace) %{_httpd_confdir}/auth_mellon.conf %{_httpd_moddir}/mod_auth_mellon.so @@ -68,6 +101,10 @@ install -m 755 %{SOURCE4} %{buildroot}/%{_libexecdir}/%{name} %dir /run/%{name}/ %changelog +* Thu Apr 19 2018 John Dennis - 0.14.0-1 +- Upgrade to new upstream release +- Add README.redhat.rst doc explaining packaging of this module. + * Thu Feb 08 2018 Fedora Release Engineering - 0.13.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild diff --git a/sources b/sources index 25038ea..6fed013 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (mod_auth_mellon-0.13.1.tar.gz) = ad0479be8aa94404a832d11f7ead1f704d86cab2f11aa6f90b895be9b4028026f15ec8ee85260ca76f4a001c115ff14b4b7c9e8da74676a1f0295f6c2f0a1341 +SHA512 (mod_auth_mellon-0.14.0.tar.gz) = db1bf70c234fe89914b1bb34fc6afb5b901193a8c8c7e9946485a3e20a7d129c36427717eab53764edf5a5cff5c45dfe412e400cb1f50c49ef24dbbfd6ecbf25