Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

Please note that these instructions are for the 1.3 SP only; new deployments should use version 2.x. Please see https://spaces.internet2.edu/display/SHIB2/NativeSPSolarisInstallImage Removed for help on building 2.x for Solaris.

...

  • Download and extract the various source tarballs from http://shibboleth.internet2.edu/downloads/
  • To use the Sun compiler instead of gcc, set the CC and CXX environment variables to cc and CC, respectively.  For gcc, set the values to gcc and g++, respectively.
  • Set the OPENSSL environment variable for the build.  Initially I tried /usr/sfw for this, which has the stock Solaris 10 OpenSSL; while things built OK with this setting, the resulting Apache module did not work, probably because mod_ssl had been built against the Athena OpenSSL.  I then set the variable to point at the Athena version (i.e. /usr/athena).  NOTE: To build against a different openssl from the one that the pkg-config program in your PATH will know about, also set the PKG_CONFIG_PATH variable accordingly, i.e. to $OPENSSL/lib/pkgconfig.  NOTE: If you build openssl using the compiler in SunStudio 11 (by default its build system will use the Sun compiler if present), a bug in the compiler causes flawed code to be produced,  which is manifested by the failure of "gmake test".  The bug is fixed in patch 120760 (revision 05 or higher); a workaround is to add the flag  "-W2,-Rloop_reform" after "-xdepend" in the settings for solaris-sparcv9-cc in the Configure script.  Patch 120760 was applied to the sunsoft locker's version of Studio 11 as of 4/10/07, so builds compiled after that date using the locker should be OK.
  • Set the umask to 022; if the umask is restrictive (e.g. 077), some directories will be created so that Apache cannot access them (see below).
  • For curl:
    • ./configure --disable-static --without-ca-bundle --enable-thread --prefix=/usr/local/shibboleth
    • gmake
    • gmake install
  • For log4cpp:
    • ./configure --disable-static --disable-doxygen --prefix=/usr/local/shibboleth
    • gmake
    • gmake install
  • For xerces-c (see http://xml.apache.org/xerces-c/build.html):
    • Set the XERCESCROOT environment variable to the top of the source tree, as unpacked from the tar file, e.g. /usr/local/build/xerces-c-src_2_6_1
    • cd $XERCESCROOT/src/xercesc
    • ./runConfigure -p solaris -c $CC -x $CXX -r pthread -b 32 -P /usr/local/shibboleth
    • gmake
    • gmake install
  • For xml-security-c:
    • Download version 1.2.1 from http://xml.apache.org/security/dist/c-library/.  Note that 1.3.1 is the latest version, but we encountered problems with this version after enabling signed assertions on the IdP -- the validation of the assertion fails.  The binaries from internet2 use 1.2.1.  Unfortunately, 1.2.1's build system has problems on Solaris, particularly when using Sun's compiler, so you have to resort to some hackery to get it to build; http://www.switch.ch/aai/docs/shibboleth/SWITCH/1.3/sp/install-sp-1.3-solaris.html#shibboleth-spImage Removed was a useful guide for much of this.
    • cd src
    • ZEST:patch the configure script to use the correct optimization option, and to correctly specify the library search path to find the OpenSSL crypto library
    • ZEST:patch enc/XSECCryptoX509.cpp so that it compiles using the Sun C++ compiler
    • LDFLAGS="-L$OPENSSL/lib -lCrun" ./configure --without-xalan --prefix=/usr/local/shibboleth    # maybe also specify --with-xerces instead of using environment variable?
    • gmake
    • gmake install
  • For opensaml (see note above concerning openssl location though):
    • ./configure --prefix=/usr/local/shibboleth --with-curl=/usr/local --with-log4cpp=/usr/local/shibboleth --with-openssl=/usr/sfw -C
    • gmake
    • gmake install
  • For shibboleth-sp (finally):
    • ./configure --with-saml=/usr/local/shibboleth --with-log4cpp=/usr/local/shibboleth --enable-apache-13 --with-apxs=/usr/apache-1.3/bin/apxs --prefix=/usr/local/shibboleth -C
      (For Apache 2.2, and presumably 2.0 as well, also specify the path to apr-1-config, e.g. "--with-apr1=/usr/local/apache2/bin/apr-1-config", and change the --enable-apache option accordingly.  When using Sun's compiler, also specify "CXXFLAGS='-library=Cstd,Crun' LDFLAGS=-lz", per the Solaris build notes on the Shibboleth wiki).
    • gmake
      This builds successfully, but gets lots of warnings about the -pthread option not being recognized in gcc; doc/INSTALL.txt says you can set CFLAGS in the environment before running configure (i.e. to use -pthreads).
    • gmake install

...