Csillag Tamas <csta...@digitus.itk.ppke.hu> writes: > I told them that I operate a Shibboleth identity provider at work (a > Hungarian University) and if needed I can help them. One of them (sorry > I do not remember the name) told me that currently the blocker is that > the identity provider (which is written in java) is not available in > Debian, only the service provider which is an apache module. They told > me to talk to java packagers about that. (If it becomes available they > will request a backport and we can move on.)
> I talked to Sylvestre Ledru (I hope I get the name right) and he said > he does not know any specific problems with it and told me to just > mail the java list (so here I am :). > I also cc the shibboleth packagers > (http://wiki.debian.org/Teams/DebianShibboleth) There are multiple problems with packaging the Shibboleth IdP. We have an internal (out of date) package that we use at Stanford, but it's not close to suitable for Debian. The problems include: * The Shibboleth IdP, like a lot of Java software, relies on lots of supporting Java libraries. All of those libraries need to be separately packaged for Debian for Debian-acceptable official packages of the IdP, similar to how xml-security-c, opensaml2, and xmltooling were packaged for the SP. However, this is more complex in the Java world, since Java developers are used to just distributing byte code and often don't have much experience working with packagers who expect to rebuild from source. * Source is not a common distribution format for the IdP, and the current distribution isn't really designed to be packager-friendly (because so far as I know no one has really worked on that before), so substantial work needs to be done on figuring out how to build it from source and put it into a form that works well with a Debian pacakge. * Debian in general lacks a policy on how to handle packaged Java web applications and their interactions with web application containers like Tomcat and Jetty. I made a preliminary proposal about how that could work, but haven't had time to pursue it further. Full Debian-acceptable packages of the IdP will be a substantial amount of work. My guess is something on the order of 100 hours of work with someone with prior Debian Java packaging expertise, with possible unforseen issues around licensing or difficulty building underlying Java libraries from source that could require even more work. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-java-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87vcuovrhw....@windlord.stanford.edu
