%global _hardened_build 1 Name: duo_unix Version: 1.12.0 Release: 1%{?dist} Summary: Duo two-factor authentication for UNIX systems License: GPLv2 URL: http://www.duosecurity.com/ Source0: https://dl.duosecurity.com/%{name}-%{version}.tar.gz Requires: openssl Requires: pam Requires: %{name}-doc = %{version}-%{release} BuildRequires: clang BuildRequires: openssl-devel >= 1.0.1e BuildRequires: pam-devel BuildRequires: pkgconfig %description Duo provides simple two-factor authentication as a service via: 1. Phone callback 2. SMS-delivered one-time passcode 3. Duo mobile app to generate one-time passcode 4. Duo mobile app for smartphone push authentication 5. Duo hardware token to generate one-time passcode This package allows an admin (or ordinary user) to quickly add Duo authentication to any UNIX login without setting up secondary user accounts, directory synchronization, servers, or hardware. %package -n %{name}-doc Summary: Documentation and license files for %{name} %description -n %{name}-doc Documentation and license files for %{name} %package -n pam_duo Summary: A PAM module for duo authentication Requires: %{name}-doc = %{version}-%{release} %description -n pam_duo A PAM module for duo authentication %package -n %{name}-devel Summary: Development files and documentation for duo_unix Requires: %{name}%{?_isa} = %{version}-%{release} Requires: pam_duo%{?_isa} = %{version}-%{release} %description -n %{name}-devel Development files and documentation for duo_unix %prep %setup -q %build %configure --with-pam=%{_libdir}/security \ --prefix=%{_prefix} \ --sysconfdir=%{_sysconfdir}/duo \ --includedir=%{_includedir}/duo make %{?_smp_mflags} %install make install DESTDIR=%{buildroot} /bin/rm %{buildroot}%{_defaultdocdir}/%{name}/LICENSE %files %dir %{_sysconfdir}/duo # This generates a non-readable rpmlint error, but this permission set is # required for security. The Duo secrets are set in this file and allowing # broader access risks exposing the secrets to other users on the system. # sshd is the owner here since that user will run login_duo for SSH connections # (the typical case) and this allows read access if capabilities aren't # correctly set. %attr(0600, sshd, root) %config(noreplace) %{_sysconfdir}/duo/login_duo.conf %attr(0755, root, root) %caps(cap_dac_read_search=ep) %{_sbindir}/login_duo # This will generate no-manual-page-for-binary but Duo does not provide any # manual page. This is intended to be run when seeking support from Duo. %{_sbindir}/duo_unix_support.sh %{_mandir}/man8/login_duo.8.gz %files -n pam_duo %dir %{_sysconfdir}/duo %dir %{_libdir}/security %{_libdir}/security/pam_duo.so # This generates a non-readable rpmlint error, but this permission set is # required for security. The Duo secrets are set in this file and allowing # broader access risks exposing the secrets to other users on the system. %config(noreplace) %attr(0600, root, root) %{_sysconfdir}/duo/pam_duo.conf %{_mandir}/man8/pam_duo.8.gz %files -n %{name}-doc %dir %{_defaultdocdir}/%{name} %dir %{_defaultdocdir}/%{name}/duo_unix_support %license LICENSE %{_defaultdocdir}/%{name}/duo_unix_support/README.md %{_defaultdocdir}/%{name}/AUTHORS %{_defaultdocdir}/%{name}/CHANGES %{_defaultdocdir}/%{name}/README.md %{_defaultdocdir}/%{name}/CONTRIBUTING.md %files -n %{name}-devel %exclude %{_includedir}/duo/unity.h %exclude %{_includedir}/duo/duo_private.h %exclude %{_includedir}/duo/common_ini_test.h %dir %{_includedir}/duo %{_includedir}/duo/duo.h %{_includedir}/duo/util.h %{_includedir}/duo/shell.h %{_libdir}/pkgconfig/libduo.pc %{_mandir}/man3/duo.3.gz %{_libdir}/security/pam_duo.la %changelog * Thu May 5 2022 Joel Goguen 1.12.0-1 - Initial Fedora package