diff --git a/packages.yml b/packages.yml
index d65db58ec54034877dcf1b5a0a4dcc0c3095fb82..2c3b4d5d867d1fdfccc3258beada0895afc0ddfa 100644
--- a/packages.yml
+++ b/packages.yml
@@ -3,6 +3,16 @@ maintainer:
mail: admin@fsmpi.rwth-aachen.de
packages:
- name: adcli
- patch_dir: patches/adcli
version: 0.8.2-1.1-fsmpi
changelog: Apply the unreleased upstream-patches, fixing RT#100
+ additional_content:
+ - patch_dir: patches/adcli
+ target_dir: debian
+ - name: nginx
+ patch_dir: patches/nginx
+ changelog: Add libnginx-mod-http-shibboleth
+ additional_content:
+ - git_url: "https://github.com/nginx-shib/nginx-http-shibboleth.git"
+ target_dir: debian/modules
+ - target_dir: debian
+ patch_dir: patches/nginx
diff --git a/patches/nginx/00-add-module.patch b/patches/nginx/00-add-module.patch
new file mode 100644
index 0000000000000000000000000000000000000000..0afe8bd0b92a18d97522674be575a4717b7f7225
--- /dev/null
+++ b/patches/nginx/00-add-module.patch
@@ -0,0 +1,72 @@
+diff -Naur debian/control debian/control
+--- debian/control 2018-03-26 20:56:56.476543112 +0200
++++ debian/control 2018-03-26 21:01:51.812104005 +0200
+@@ -71,6 +71,7 @@
+ Package: nginx-full
+ Architecture: any
+ Depends: libnginx-mod-http-auth-pam (= ${binary:Version}),
++ libnginx-mod-http-shibboleth (= ${binary:Version}),
+ libnginx-mod-http-dav-ext (= ${binary:Version}),
+ libnginx-mod-http-echo (= ${binary:Version}),
+ libnginx-mod-http-geoip (= ${binary:Version}),
+@@ -142,6 +143,7 @@
+ Architecture: any
+ Priority: extra
+ Depends: libnginx-mod-http-auth-pam (= ${binary:Version}),
++ libnginx-mod-http-shibboleth (= ${binary:Version}),
+ libnginx-mod-http-cache-purge (= ${binary:Version}),
+ libnginx-mod-http-dav-ext (= ${binary:Version}),
+ libnginx-mod-http-echo (= ${binary:Version}),
+@@ -259,6 +261,20 @@
+ The module uses PAM as a backend for simple http authentication. It
+ also allows setting the pam service name to allow more fine grained control.
+
++Package: libnginx-mod-http-shibboleth
++Architecture: any
++Depends: ${misc:Depends}, ${shlibs:Depends}
++Description: Shibboleth authentication module for Nginx
++ The nginx_http_shibboleth module enables authentication using Shibboleth.
++ .
++ This module allows Nginx to work with Shibboleth, by way of Shibboleth's
++ FastCGI authorizer. This module requires specific configuration in order
++ to work correctly, as well as Shibboleth's FastCGI authorizer application
++ available on the system. It aims to be similar to parts of Apache's
++ mod_shib, though Shibboleth authorisation and authentication settings
++ are configured via shibboleth2.xml rather than in the web server
++ configuration.
++
+ Package: libnginx-mod-http-lua
+ Architecture: any
+ Depends: libnginx-mod-http-ndk (= ${binary:Version}),
+diff -Naur debian/libnginx-mod.conf/mod-http-shibboleth.conf debian/libnginx-mod.conf/mod-http-shibboleth.conf
+--- debian/libnginx-mod.conf/mod-http-shibboleth.conf 1970-01-01 01:00:00.000000000 +0100
++++ debian/libnginx-mod.conf/mod-http-shibboleth.conf 2018-03-26 21:04:54.131246344 +0200
+@@ -0,0 +1 @@
++load_module modules/ngx_http_shibboleth_module.so;
+diff -Naur debian/rules debian/rules
+--- debian/rules 2018-03-26 20:56:56.604548119 +0200
++++ debian/rules 2018-03-26 21:03:00.054777450 +0200
+@@ -13,6 +13,7 @@
+ FLAVOURS := full light extras
+ DYN_MODS := \
+ http-auth-pam \
++ http-shibboleth \
+ http-cache-purge \
+ http-dav-ext \
+ http-echo \
+@@ -103,6 +104,7 @@
+ --with-mail=dynamic \
+ --with-mail_ssl_module \
+ --add-dynamic-module=$(MODULESDIR)/nginx-auth-pam \
++ --add-dynamic-module=$(MODULESDIR)/nginx-http-shibboleth \
+ --add-dynamic-module=$(MODULESDIR)/nginx-dav-ext-module \
+ --add-dynamic-module=$(MODULESDIR)/nginx-echo \
+ --add-dynamic-module=$(MODULESDIR)/nginx-upstream-fair \
+@@ -128,6 +130,7 @@
+ --with-stream_ssl_module \
+ --add-dynamic-module=$(MODULESDIR)/headers-more-nginx-module \
+ --add-dynamic-module=$(MODULESDIR)/nginx-auth-pam \
++ --add-dynamic-module=$(MODULESDIR)/nginx-http-shibboleth \
+ --add-dynamic-module=$(MODULESDIR)/nginx-cache-purge \
+ --add-dynamic-module=$(MODULESDIR)/nginx-dav-ext-module \
+ --add-dynamic-module=$(MODULESDIR)/nginx-development-kit \
diff --git a/scripts/build.py b/scripts/build.py
index 829e874e37112096c4fbb4d7048e8e33a5f8bebc..d47507442f87f5f723d8233099c04f7ac3d2f509 100755
--- a/scripts/build.py
+++ b/scripts/build.py
@@ -34,10 +34,16 @@ def run_checked(command, **kwargs):
print(error.stdout)
print(error.stderr)
raise
-
+
+
+def apply_patches(abs_patch_dir):
+ for patch in sorted(os.listdir(abs_patch_dir)):
+ patch_file = os.path.join(abs_patch_dir, patch)
+ run_checked(["quilt", "import", patch_file])
+
def build_package(repo_dir, package_dir, name,
- patch_dir=None, version=None, changelog=None):
+ patch_dir=None, version=None, changelog=None, additional_content=None):
with tempfile.TemporaryDirectory(dir=os.path.abspath(".")) as tempdir:
os.chdir(tempdir)
result = run_checked(["apt-get", "source", name])
@@ -57,13 +63,20 @@ def build_package(repo_dir, package_dir, name,
"Extracted package {} is not expected package {}".format(
pkg_name, name))
- debian_workdir = os.path.join(tempdir, pkg_dir, "debian")
- os.chdir(debian_workdir)
- if patch_dir is not None:
- abs_patch_dir = os.path.join(repo_dir, patch_dir)
- for patch in sorted(os.listdir(abs_patch_dir)):
- patch_file = os.path.join(abs_patch_dir, patch)
- run_checked(["quilt", "import", patch_file])
+ workdir = os.path.join(tempdir, pkg_dir)
+ os.chdir(workdir)
+
+ if additional_content is not None:
+ os.chdir(workdir)
+ for content in additional_content:
+ os.chdir(additional_content["target_dir"])
+ if "patch_dir" in content:
+ abs_patch_dir = os.path.join(
+ repo_dir, content["patch_dir"])
+ apply_patches(abs_patch_dir)
+ elif "git_url" in content:
+ run_checked(["git", "clone", content["git_url"]])
+
command = ["debchange", "--preserve"]
if version is None:
@@ -113,6 +126,7 @@ def main():
build_package(repo_dir=repo_dir, package_dir=package_dir, **package)
os.chdir(repo_dir)
+ print(os.listdir(package_dir))
if __name__ == "__main__":
main()