Shibboleth Users

Text archives Help

Re: Debian Shibboleth install instructions

Chronological Thread 
  • From: Russ Allbery < >
  • To:
  • Subject: Re: Debian Shibboleth install instructions
  • Date: Wed, 30 Apr 2008 13:01:35 -0700
  • Organization: The Eyrie

Kristof Bajnok
< >
> On Tuesday 29 April 2008, 23.25.08 Russ Allbery wrote:

>> Note that the Debian packages are still 1.3f due purely to my lack of
>> time; upgrading to 1.3.1 (and to XML-Security-C 1.4.0) is on my list
>> and will happen before the lenny release.

> We are currently preparing packages necessary for shibboleth-sp2 on
> Debian. We too would be glad if these could get into Lenny. As a Debian
> developer could you please give us some advice on this?

I'm setting up a Shibboleth packaging team on Alioth, and once I get that
done, I will announce it here. Joining that would be the best way to
start contributing to further packaging and to get those packages into
Debian proper.

I will probably use Git for the VCS for packaging since that's what I'm
now using for all of my packaging and am moving towards for most
everything else, but if that would cause serious hardship for people, I'm
willing to be persuaded to use something less cutting-edge.

> Currently we have packaged xml-security 1.4 and xmltooling and moving
> forward with opensaml and shibboleth.

Well, it's unfortunate that you packaged xml-security-c without even
filing a wishlist bug or checking with me as the existing Debian
maintainer of the package, since that probably ended up being wasted
effort for you. But probably not that much of effort if you reused the
existing packaging.

> Do you know what the status of xml-security-c is? Last official release
> is 1.3.1, though 1.4.0 can be downloaded since October 2007. (They have
> removed the changelog from the source tree which is quite strange...)

1.4.0 will be in Debian before the lenny release, along with updated
opensaml and shibboleth-sp packages built against it. All those packages
will move to Xerces-C 2.8 at the same time (but 3.0 looks premature at
this point). It's fairly high on my list, but below getting the
pkg-shibboleth Alioth group and a mailing list fully set up and converting
my current repositories from Subversion to Git.

I haven't had a lot of time to spend on Shibboleth, but I'm working on
getting everything onto mailing lists and public repositories so that in
the future discussion of the Debian packaging doesn't single-track through
me and can be more collaborative. I'm happy to act as reviewer and
uploader for Debian Shibboleth packages, including for Shibboleth 2.0,
which Stanford will probably be taking a serious look at within six to
nine months.

I would really like to see the IdP packaged for Debian, and that should
now be much easier given Sun's GPL release of Java, which means that one
doesn't have to do the non-free / non-Sun Java implementation dance.

The remaining problem with IdP packaging that I expect will require some
effort to sort out is compliance with Debian's requirements that packages
not include their own copies of shared libraries and instead use the
shared libraries already packaged in Debian, which is a requirement mostly
by the security team to permit sane handling of security vulnerabilities
in packages that are widely shared between many applications. The
impression I had is that this means Debian wants a different style of
packaging of the IdP than the Shibboleth maintainers distribute, and that
will probably require some work to sort through.

Stanford has internal IdP and Switch WAYF packages, but not ones suitable
for upload to Debian yet.

Russ Allbery
( )

Archive powered by MHonArc 2.6.16.

Top of page