Unable to install shibboleth.x86_64 on AWS EC2 instance

Sat Sep 8 20:17:42 EDT 2018

I think I have a successful build on Amazon Linux 2018-03 too(it was indeed
just too small a VM).  I had to explicitly point out the newly built
libcurl:

export PKG_CONFIG_PATH=/opt/shibboleth/lib64/pkgconfig/

which was bizarre and I'm not confident it was necessary although retesting
the edited Wiki on a clean machine demonstrated it seemed to be, and the
/etc/httpd configuration style is novel, so to actually load the newly
built module, you'll need to copy or symlink the apache24.conf file that
comes with Shibboleth:

ln -s /etc/shibboleth/apache24.config /etc/httpd/conf.modules.d/shib.conf

Amazon Linux 2 doesn't have as many irregularities.  Either way, the SRPM
page of the Wiki has been heavily updated, and if you rerun the commands,
noting the comments, it should overwrite the older versions it was pulling
and include the additional things necessary for Shibboleth SP 3 to work on
Amazon Linux 2018-03.

https://wiki.shibboleth.net/confluence/display/SP3/SRPMBuild

Hope this is helpful,
Nate.

On Sat, Sep 8, 2018 at 9:34 PM, Nate Klingenstein <ndk at sudonym.me> wrote:

> Ron,
>
> Okay, I got it to build and load the module fine on Amazon Linux 2 and you
> don't need any special apxs directives.  I've verified that shibd runs,
> /Shibboleth.sso/Status reports OK, and I can auto-generate metadata.  You
> will need to install libmemcached-devel too.  It's otherwise like a
> standard SRPM build.
>
> I'll try on 2018-03 again now.  I suspect I just had too small a VM and it
> was running out of memory during the build process.  I couldn't even run
> top in parallel.  If it works, I'll update the Wiki page.
>
> Thanks,
> Nate.
>
>
> On Sat, Sep 8, 2018 at 7:35 PM, Nate Klingenstein <ndk at sudonym.me> wrote:
>
>> Ron,
>>
>> tl;dr: packaging is purgatory
>>
>> First, I'm not sure which Amazon Linux you're using.  With 2018-3, using
>> the new releases, I was able to get to the point of building OpenSAML, but
>> it failed to compile the SubjectConfirmation part of the SAML 2 assertion
>> implementation.  With Amazon Linux 2, I'm getting rpmbuild using a
>> different path(home directory instead of /usr/src/rpm) among other things.
>>
>> The example on the webpage is not actively maintained and it's pretty
>> outdated, so you can't use it with a literal copy/paste.  It's also trying
>> to pull older releases of many of the dependencies, including xmltooling
>> and opensaml.  The spec file for the Shibboleth package is just the point
>> where you are discovering that you built and installed versions that are
>> too old.
>>
>> %if 0%{?rhel} >= 6 || 0%{?centos_version} >= 600 || 0%{?amzn} >= 1
>> PreReq:         xmltooling-schemas%{?_isa} >= 3.0.0,
>> opensaml-schemas%{?_isa} >= 3.0.0
>> %else
>>
>> I'll spend some time playing around on Amazon Linux 2 today to see if I
>> can get it to build, but it's going to take me awhile.  I'll respond again
>> to this message later.  I may not be able to resolve it myself, but we'll
>> see.
>>
>> Thanks,
>> Nate.
>>
>>
>> On Sat, Sep 8, 2018 at 6:46 AM, Ron Harris <neo204011 at gmail.com> wrote:
>>
>>> Thanks Nate for reply.
>>>
>>> I somewhat understood what was incorrect.
>>> I followed the sets mentioned in example "Amazon Linux with Apache 2.4"
>>>
>>> when I run this command
>>> "sudo rpmbuild --rebuild --without builtinapache -D 'shib_options
>>> -with-apxs24=/usr/bin/apxs -with-apr1=/usr/bin/apr-1-config
>>> -enable-apache-24' shibboleth*"
>>>
>>> I am getting below error:
>>> RPM build errors:
>>>     line 14: prereq is deprecated: PreReq:
>>> xmltooling-schemas(x86-64) >= 3.0.0, opensaml-schemas(x86-64) >= 3.0.0
>>>     Bad exit status from /var/tmp/rpm-tmp.IRbIyP (%build)
>>>
>>> Thanks
>>>
>>>
>>> On Sat, Sep 8, 2018 at 12:28 AM Nate Klingenstein <ndk at sudonym.me>
>>> wrote:
>>>
>>>> Ron,
>>>>
>>>> Your install command is trying to pull from the default pre-configured
>>>> yum repos rather than installing the locally rebuilt RPM's.  Try
>>>> localinstall with your RPM's instead as in the example shown on the page or
>>>> using a Linux distribution that already has prebuilt RPM's in a repository
>>>> you can add to /etc/yum.repos.d/.
>>>>
>>>> https://wiki.shibboleth.net/confluence/display/SP3/SRPMBuild
>>>>
>>>> Take care,
>>>> Nate.
>>>>
>>>>
>>>> On Fri, Sep 7, 2018 at 6:33 PM, Ron Harris <neo204011 at gmail.com> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> I have previously configured Shibboleth on EC2 instance, but today
>>>>> trying to install on new server, I am facing some issue.
>>>>>
>>>>> I am referring to the following link:
>>>>> https://wiki.shibboleth.net/confluence/display/SP3/SRPMBuild
>>>>>
>>>>> When I run the command:
>>>>> sudo yum install log4shib xerces-c xml-security-c curl-openssl
>>>>> xmltooling opensaml shibboleth
>>>>>
>>>>> I am getting below message:
>>>>>
>>>>> Loaded plugins: priorities, update-motd, upgrade-helper
>>>>> amzn-main
>>>>>                                       amzn-updates
>>>>>                                                                       No
>>>>> package log4shib available.
>>>>> No package xerces-c available.
>>>>> No package xml-security-c available.
>>>>> No package xmltooling available.
>>>>> No package opensaml available.
>>>>> No package shibboleth available.
>>>>> Nothing to do
>>>>>
>>>>> Can you please help me understand what I maybe missing.
>>>>>
>>>>> Thanks
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> For Consortium Member technical support, see
>>>>> https://wiki.shibboleth.net/confluence/x/coFAAg
>>>>> To unsubscribe from this list send an email to
>>>>> users-unsubscribe at shibboleth.net
>>>>>
>>>>
>>>> --
>>>> For Consortium Member technical support, see
>>>> https://wiki.shibboleth.net/confluence/x/coFAAg
>>>> To unsubscribe from this list send an email to
>>>> users-unsubscribe at shibboleth.net
>>>
>>>
>>> --
>>> For Consortium Member technical support, see
>>> https://wiki.shibboleth.net/confluence/x/coFAAg
>>> To unsubscribe from this list send an email to
>>> users-unsubscribe at shibboleth.net
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180909/ee45f348/attachment.html>