I’m running RHEL6, and Apache 2.4.3 (built from source), OpenSSL 1.0.1c (built from source). I would like to use the Shibboleth SP 2.5 for authentication, but haven’t been able to build it successfully. If anyone can help point me in the
right direction / tell me what I’m doing wrong etc. I would be extremely grateful. I think the pre-requisites (log4shib-1.0.5, xerces-c-3.1.1, xml-security-c-1.7.0, xmltooling-1.5.0, opensaml-2.5.0 ) are building ok
(happy to email output offlist – but too big to be accepted by list), but the shibboleth SP make fails with: In file included from mod_shib_20.cpp:68: mod_shib.cpp:118: warning: deprecated conversion from string constant to 'char*' mod_shib.cpp: In member function 'virtual const char* ShibTargetApache::getScheme() const': mod_shib.cpp:385: error: 'ap_http_method' was not declared in this scope mod_shib.cpp: In member function 'virtual std::string ShibTargetApache::getRemoteAddr() const': mod_shib.cpp:417: error: 'struct conn_rec' has no member named 'remote_ip' In file included from mod_shib_20.cpp:68: mod_shib.cpp: In function 'int shib_post_read(request_rec*)': mod_shib.cpp:681: warning: unused variable 'rc' mod_shib.cpp: In member function 'virtual shibsp::AccessControl::aclresult_t htAccessControl::authorized(const shibsp::SPRequest&, const shibsp::Session*) const': mod_shib.cpp:1221: error: 'ap_requires' was not declared in this scope make[2]: *** [mod_shib_20_la-mod_shib_20.lo] Error 1 make[2]: Leaving directory `/usr/local/shib/shibboleth-sp-2.5.0/apache' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/usr/local/shib/shibboleth-sp-2.5.0' make: *** [all] Error 2 The commands I’m running to build it are: #log4shib ./configure --disable-static --disable-doxygen --prefix=/usr/local/shibboleth-sp make make install #xerces ./configure --prefix=/usr/local/shibboleth-sp --disable-netaccessor-libcurl make make install #xmlsec ./configure --without-xalan --disable-static --prefix=/usr/local/shibboleth-sp --with-xerces=/usr/local/shibboleth-sp make make install #xmltooling ./configure --with-log4shib=/usr/local/shibboleth-sp --prefix=/usr/local/shibboleth-sp -C make make install #openSAML ./configure --with-log4shib=/usr/local/shibboleth-sp --prefix=/usr/local/shibboleth-sp -C make make install #shib SP ./configure --with-log4shib=/usr/local/shibboleth-sp --prefix=/usr/local/shibboleth-sp --enable-apache-20 --with-apxs=/usr/local/apache/bin/apxs --with-apr=/usr/local/apache/bin/apr-1-config --with-apu=/usr/local/apache/bin/apu-1-config make Thanks, Paul -- To unsubscribe from this list send an email to [hidden email] |
On 9/12/12 12:01 PM, "Paul Beckett (ITCS)" <[hidden email]> wrote:
>./configure --with-log4shib=/usr/local/shibboleth-sp >--prefix=/usr/local/shibboleth-sp --enable-apache-20 >--with-apxs=/usr/local/apache/bin/apxs >--with-apr=/usr/local/apache/bin/apr-1-config >--with-apu=/usr/local/apache/bin/apu-1-config As a starting point, you're telling it to build for Apache 2.0, not 2.4. Fix that and see what happens. I'd also scour the config log and make sure it's using the Apache dev files you want it to. Probably making sure the built-in httpd-dev module isn't there would be good. As a rule, don't build from source. Install RPMs for everything but the SP part and then use rpmbuild to rebuild the RPM against your Apache. The wiki has some material on that I think, as does the list archive. -- Scott -- To unsubscribe from this list send an email to [hidden email] |
Scott,
Thanks for the reply. Sorry I didn't realise there was an --enable-apache-24, I'd just adapted my configure line from the options in the example on https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPLinuxSourceBuild My apache install is the only copy of Apache on the server. The OS (yum / rpm repo's) of httpd and httpd-devel are not installed. I've re-run the configure with: ./configure --with-log4shib=/usr/local/shibboleth-sp --prefix=/usr/local/shibboleth-sp --with-apr=/usr/local/apache/bin/apr-1-config --with-apu=/usr/local/apache/bin/apu-1-config --with-apxs=/usr/local/apache/bin/apxs --enable-apache-24 --with-openssl=/usr/local/openssl This still fails, concluding with: checking default apache version... configure: error: unusable apache versions: . Try setting --with-apxs The config.log can be viewed at: http://www.uea.ac.uk/~s167/config.log , this seems to contain several errors, but I don't really understand what most of the mean or how I can resolve them. Thanks, Paul >-----Original Message----- >From: [hidden email] [mailto:[hidden email]] >On Behalf Of Cantor, Scott >Sent: Wednesday, September 12, 2012 5:07 PM >To: Shib Users >Subject: Re: difficulty building shibboleth SP from source on RHEL6 for >Apache 2.4 > >On 9/12/12 12:01 PM, "Paul Beckett (ITCS)" <[hidden email]> wrote: >>./configure --with-log4shib=/usr/local/shibboleth-sp >>--prefix=/usr/local/shibboleth-sp --enable-apache-20 >>--with-apxs=/usr/local/apache/bin/apxs >>--with-apr=/usr/local/apache/bin/apr-1-config >>--with-apu=/usr/local/apache/bin/apu-1-config > >As a starting point, you're telling it to build for Apache 2.0, not 2.4. >Fix that and see what happens. I'd also scour the config log and make >sure >it's using the Apache dev files you want it to. Probably making sure the >built-in httpd-dev module isn't there would be good. > >As a rule, don't build from source. Install RPMs for everything but the >SP >part and then use rpmbuild to rebuild the RPM against your Apache. The >wiki has some material on that I think, as does the list archive. > >-- Scott > > >-- >To unsubscribe from this list send an email to users- >[hidden email] To unsubscribe from this list send an email to [hidden email] |
In reply to this post by Cantor, Scott E.
I've also given the RPM and SRPM route (rather than building everything from source) Scott suggested a go too, but the rebuild is failing for me... this is not something I've done before, so sorry if I'm doing something obvious wrong. I've read the wiki page, but have had difficulty finding much about it in the list-archive.
To do this I: - Added RHEL6 repo details. - Ran (multiple yum installs as I kept realising I still needed more bits): yum install log4shib.x86_64 opensaml.x86_64 xerces.x86_64 xml-security.x86_64 xmltooling.x86_64 yum install rpm-build yum install libxerces-c-devel.x86_64 libxml-security-c-devel.x86_64 libxmltooling-devel.x86_64 libsaml-devel.x86_64 yum install xmltooling-schemas.x86_64 yum install opensaml-schemas.x86_64 rpmbuild --rebuild --without builtinapache -D 'shib_options --with-apxs=/usr/local/apache/bin/apxs --enable-apache-24 --with-openssl=/usr/local/openssl' shibboleth-2.5.0-2.1.el6.src.rpm This failed, concluding with: checking if default apache needed... yes checking default apache version... configure: error: unusable apache versions: . Try setting --with-apxs error: Bad exit status from /var/tmp/rpm-tmp.O1w8DW (%build) RPM build errors: line 14: prereq is deprecated: PreReq: xmltooling-schemas(x86-64) >= 1.5.0, opensaml-schemas(x86-64) >= 2.5.0 Bad exit status from /var/tmp/rpm-tmp.O1w8DW (%build) Any help will be greatly appreciated. Thanks, Paul >-----Original Message----- >From: [hidden email] [mailto:[hidden email]] >On Behalf Of Cantor, Scott >Sent: Wednesday, September 12, 2012 5:07 PM >To: Shib Users >Subject: Re: difficulty building shibboleth SP from source on RHEL6 for >Apache 2.4 > >On 9/12/12 12:01 PM, "Paul Beckett (ITCS)" <[hidden email]> wrote: >>./configure --with-log4shib=/usr/local/shibboleth-sp >>--prefix=/usr/local/shibboleth-sp --enable-apache-20 >>--with-apxs=/usr/local/apache/bin/apxs >>--with-apr=/usr/local/apache/bin/apr-1-config >>--with-apu=/usr/local/apache/bin/apu-1-config > >As a starting point, you're telling it to build for Apache 2.0, not 2.4. >Fix that and see what happens. I'd also scour the config log and make >sure >it's using the Apache dev files you want it to. Probably making sure the >built-in httpd-dev module isn't there would be good. > >As a rule, don't build from source. Install RPMs for everything but the >SP >part and then use rpmbuild to rebuild the RPM against your Apache. The >wiki has some material on that I think, as does the list archive. > >-- Scott > > >-- >To unsubscribe from this list send an email to users- >[hidden email] To unsubscribe from this list send an email to [hidden email] |
On 9/13/12 7:12 AM, "Paul Beckett (ITCS)" <[hidden email]> wrote:
>rpmbuild --rebuild --without builtinapache -D 'shib_options >--with-apxs=/usr/local/apache/bin/apxs --enable-apache-24 >--with-openssl=/usr/local/openssl' shibboleth-2.5.0-2.1.el6.src.rpm > >This failed, concluding with: > >checking if default apache needed... yes >checking default apache version... configure: error: unusable apache >versions: . Try setting --with-apxs That's the same error, so that means it's more or less workable. You're using the wrong apxs option, it should be --with-apxs24. I'll review the configure messages to see if they're improvable, or you can file a bug so I remember to check them. I wouldn't really advise using a custom OpenSSL. While that gets you more features it also means you're stuck keeping it up to date. Is there some reason you're doing that? -- Scott -- To unsubscribe from this list send an email to [hidden email] |
I've corrected my rpmbuild to use --with-apxs24:
rpmbuild --rebuild --without builtinapache -D 'shib_options --with-apxs24=/usr/local/apache/bin/apxs --enable-apache-24 --with-openssl=/usr/local/openssl' shibboleth-2.5.0-2.1.el6.src.rpm But it still fails, with a fairly similar error message: checking if default apache needed... yes checking for apxs2... no checking for apxs... /usr/local/apache/bin/apxs checking default apache version... configure: error: unusable apache versions: . Try setting --with-apxs error: Bad exit status from /var/tmp/rpm-tmp.0qfXFV (%build) RPM build errors: line 14: prereq is deprecated: PreReq: xmltooling-schemas(x86-64) >= 1.5.0, opensaml-schemas(x86-64) >= 2.5.0 Bad exit status from /var/tmp/rpm-tmp.0qfXFV (%build) I'm a bit suspicious about "checking if default apache needed... yes", is it trying to use the OS apache (which doesn't exist)? The main reason I built openSSL from source, was so that I could have the newer TLSv1.2 protocols available (which aren't supported in the earlier RHEL6 version). I figured as I was taking the decision to build HTTPD from source (for a number of performance and feature improvements it offered over 2.2) I would have to rebuild that to keep it up-to-date, it didn't seem too much extra effort to have to rebuild openSSL from time to time. Thanks, Paul >That's the same error, so that means it's more or less workable. You're >using the wrong apxs option, it should be --with-apxs24. > >I'll review the configure messages to see if they're improvable, or you >can file a bug so I remember to check them. > >I wouldn't really advise using a custom OpenSSL. While that gets you >more >features it also means you're stuck keeping it up to date. Is there some >reason you're doing that? > >-- Scott To unsubscribe from this list send an email to [hidden email] |
On 9/13/12 9:58 AM, "Paul Beckett (ITCS)" <[hidden email]> wrote:
> >But it still fails, with a fairly similar error message: > >checking if default apache needed... yes >checking for apxs2... no >checking for apxs... /usr/local/apache/bin/apxs >checking default apache version... configure: error: unusable apache >versions: . Try setting --with-apxs >error: Bad exit status from /var/tmp/rpm-tmp.0qfXFV (%build) I'll have to review the script, that doesn't look quite right to me. >I'm a bit suspicious about "checking if default apache needed... yes", is >it trying to use the OS apache (which doesn't exist)? No. >The main reason I built openSSL from source, was so that I could have the >newer TLSv1.2 protocols available (which aren't supported in the earlier >RHEL6 version). Ok. There's not much I can say other than you'll have to file a bug and attach your log (just use the original source build) and I'll review it when I have a chance. If I can find a bug I'll fix it, or I'll mark it invalid and identify the problem. If you post back with a link to a configure log from this set of options then perhaps somebody else might also be able to take a look before I can get to it. -- Scott -- To unsubscribe from this list send an email to [hidden email] |
Thanks for all you time and effort for looking at this. I'll file a bug as you suggest.
In case, anyone else wants to take a look, the config.log output from running the configure with: ./configure --with-apxs24=/usr/local/apache/bin/apxs --enable-apache-24 --with-openssl=/usr/local/openssl is available at: http://www.uea.ac.uk/~s167/config_2.log Thanks, Paul >-----Original Message----- >From: [hidden email] [mailto:[hidden email]] >On Behalf Of Cantor, Scott >Sent: Thursday, September 13, 2012 3:11 PM >To: Shib Users >Subject: Re: difficulty building shibboleth SP from source on RHEL6 for >Apache 2.4 > >On 9/13/12 9:58 AM, "Paul Beckett (ITCS)" <[hidden email]> wrote: >> >>But it still fails, with a fairly similar error message: >> >>checking if default apache needed... yes >>checking for apxs2... no >>checking for apxs... /usr/local/apache/bin/apxs >>checking default apache version... configure: error: unusable apache >>versions: . Try setting --with-apxs >>error: Bad exit status from /var/tmp/rpm-tmp.0qfXFV (%build) > >I'll have to review the script, that doesn't look quite right to me. > >>I'm a bit suspicious about "checking if default apache needed... yes", >is >>it trying to use the OS apache (which doesn't exist)? > >No. > >>The main reason I built openSSL from source, was so that I could have >the >>newer TLSv1.2 protocols available (which aren't supported in the >earlier >>RHEL6 version). > >Ok. > >There's not much I can say other than you'll have to file a bug and >attach >your log (just use the original source build) and I'll review it when I >have a chance. If I can find a bug I'll fix it, or I'll mark it invalid >and identify the problem. > >If you post back with a link to a configure log from this set of options >then perhaps somebody else might also be able to take a look before I >can >get to it. > >-- Scott > > >-- >To unsubscribe from this list send an email to users- >[hidden email] To unsubscribe from this list send an email to [hidden email] |
In reply to this post by Cantor, Scott E.
Looking at the configure script, the section that is failing is:
v=`$httpd -v|$SED -n -e 's/.*Apache\/\.*//p'` case $v in 1.3*) enable_apache_13=yes with_apxs=$xs { $as_echo "$as_me:${as_lineno-$LINENO}: result: 1.3" >&5 $as_echo "1.3" >&6; } ;; 2.0*) enable_apache_20=yes with_apxs2=$xs { $as_echo "$as_me:${as_lineno-$LINENO}: result: 2.0" >&5 $as_echo "2.0" >&6; } ;; 2.2*) enable_apache_22=yes with_apxs22=$xs { $as_echo "$as_me:${as_lineno-$LINENO}: result: 2.2" >&5 $as_echo "2.2" >&6; } ;; *) as_fn_error $? "unusable apache versions: $v. Try setting --with-apxs" "$LINENO" 5 It appears the case statement doesn't support 2.4. Cheers, Paul >-----Original Message----- >From: [hidden email] [mailto:[hidden email]] >On Behalf Of Cantor, Scott >Sent: Thursday, September 13, 2012 3:11 PM >To: Shib Users >Subject: Re: difficulty building shibboleth SP from source on RHEL6 for >Apache 2.4 > >On 9/13/12 9:58 AM, "Paul Beckett (ITCS)" <[hidden email]> wrote: >> >>But it still fails, with a fairly similar error message: >> >>checking if default apache needed... yes >>checking for apxs2... no >>checking for apxs... /usr/local/apache/bin/apxs >>checking default apache version... configure: error: unusable apache >>versions: . Try setting --with-apxs >>error: Bad exit status from /var/tmp/rpm-tmp.0qfXFV (%build) > >I'll have to review the script, that doesn't look quite right to me. > >>I'm a bit suspicious about "checking if default apache needed... yes", >is >>it trying to use the OS apache (which doesn't exist)? > >No. > >>The main reason I built openSSL from source, was so that I could have >the >>newer TLSv1.2 protocols available (which aren't supported in the >earlier >>RHEL6 version). > >Ok. > >There's not much I can say other than you'll have to file a bug and >attach >your log (just use the original source build) and I'll review it when I >have a chance. If I can find a bug I'll fix it, or I'll mark it invalid >and identify the problem. > >If you post back with a link to a configure log from this set of options >then perhaps somebody else might also be able to take a look before I >can >get to it. > >-- Scott > > >-- >To unsubscribe from this list send an email to users- >[hidden email] To unsubscribe from this list send an email to [hidden email] |
On 9/13/12 10:56 AM, "Paul Beckett (ITCS)" <[hidden email]> wrote:
> >It appears the case statement doesn't support 2.4. I commented in the bug, that's just for autodetect. You're not doing that because the enable-apache option is used instead. -- Scott -- To unsubscribe from this list send an email to [hidden email] |
On 9/13/12 11:29 AM, "Cantor, Scott" <[hidden email]> wrote:
>On 9/13/12 10:56 AM, "Paul Beckett (ITCS)" <[hidden email]> wrote: >> >>It appears the case statement doesn't support 2.4. > >I commented in the bug, that's just for autodetect. You're not doing that >because the enable-apache option is used instead. But I think you're right. My sandbox that's working must have worked because I built both the 2.4 module and defaulted to one of the older ones from the Apple install. I would guess fixing the switch statement up should fix it, I'm testing that now. -- Scott -- To unsubscribe from this list send an email to [hidden email] |
Scott,
Have added below message to bug report: SSPCPP-500, but also sending to list for benefit of anyone following this (hope thats ok): Fixing that case statement allowed my configure to proceed further.... however I then encountered another problem: checking for user-specified Apache 2.4 apxs name/location... "/usr/local/apache/bin/apxs" checking to see if Apache 2.4 apxs was located... /usr/local/apache/bin/apxs checking for apr-1-config... ./configure: line 21124: -q: command not found no configure: error: Unable to locate apr-1-config, may need --with-apr1 option. If I further modify the configure script, replacing: 21092 # If we haven't done this work already for Apache 2.2 21093 if test "$WANT_APACHE_22" != "yes" ; then 21094 # APR1 settings with: 21092 # If we haven't done this work already for Apache 2.2 21093 if test "$WANT_APACHE_24" != "yes" ; then 21094 # APR1 settings I've no idea whether this is really ok, but doing so results in my configure completing, although I get scary looking warning: ================================================================== WARNING: You have chosen to compile Apache-2.4 modules with a different compiler than the one used to compile Apache. Current compiler: gcc Apache's compiler: gcc -std=gnu99 This could cause problems. ================================================================== Do you know if this is really likely to be a problem? If so, any idea how I solve it? I can then run the make which results in mod_shib_24.so , which I can successfully include in my Apache config with the LoadModule line. I haven't got as far as trying to configure the Apache to actually use it yet though - so don't know whether it really functions. -- To unsubscribe from this list send an email to [hidden email] |
In reply to this post by Paul Beckett (ITCS)
Paul, I've packaged up the fixed configure script for you into a source
tarball here after marking the bug resolved. http://shibboleth.net/downloads/service-provider/unreleased/ It seems useful to have a place to post fixed sources for critical bugs like that one ahead of getting patch releases done. -- Scott -- To unsubscribe from this list send an email to [hidden email] |
Free forum by Nabble | Edit this page |