%global debug_package %{nil}
%global real_version   1.2.0-rc2
%global agent_name     ssh-agent.rs
%global agent_commit   802b94ccf2e00ac33a3863300d0769f02b62d807

Name:           pam_rssh
Version:        1.2.0~rc2
Release:        1%{?dist}
Summary:        Remote sudo authenticated via ssh-agent

License:        MIT
URL:            https://github.com/z4yx/%{name}
Source0:        https://github.com/z4yx/%{name}/archive/refs/tags/v%{real_version}.tar.gz
Source1:        https://github.com/z4yx/%{agent_name}/archive/%{agent_commit}.tar.gz

BuildRequires:  cargo
BuildRequires:  rust
BuildRequires:  openssl-devel
BuildRequires:  pam-devel

%description
This PAM module provides ssh-agent based authentication.
The primary design goal is to avoid typing password when you sudo on remote servers.
Instead, you can simply touch your hardware security key (e.g. Yubikey/Canokey)
to fulfill user verification. The process is done by forwarding
the remote authentication request to client-side ssh-agent as a signature request.

This project is developed in Rust language to minimize security flaws.

%prep
%setup -n %{name}-%{real_version}
tar -xf %{_sourcedir}/%{agent_commit}.tar.gz
rmdir dep/%{agent_name}
mv %{agent_name}-%{agent_commit} dep/%{agent_name}

%build
cargo build --release --locked

%install
mkdir -p %{buildroot}%{_libdir}/security/
install -Dpm 0755 target/release/libpam_rssh.so -t %{buildroot}%{_libdir}/security/

%files
%license LICENSE
%doc README.md
%{_libdir}/security/libpam_rssh.so

%changelog
* Sat Mar 29 2025 Andrey Brusnik <dev@shdwchn.io> - 1.2.0~rc2-1
- feat: Add pam_rssh package