Files
Linux-Hello/rpm/linux-hello.spec
2026-01-15 22:40:51 +01:00

204 lines
6.5 KiB
RPMSpec

%global _hardened_build 1
Name: linux-hello
Version: 0.1.0
Release: 1%{?dist}
Summary: Face authentication for Linux
License: GPL-3.0-or-later
URL: https://github.com/linux-hello/linux-hello
Source0: %{name}-%{version}.tar.gz
BuildRequires: rust >= 1.75
BuildRequires: cargo
BuildRequires: gcc
BuildRequires: pam-devel
BuildRequires: libv4l-devel
BuildRequires: tpm2-tss-devel
BuildRequires: openssl-devel
BuildRequires: clang-devel
BuildRequires: systemd-rpm-macros
# Main package is a metapackage
Requires: %{name}-cli = %{version}-%{release}
Requires: %{name}-daemon = %{version}-%{release}
Recommends: pam-%{name} = %{version}-%{release}
%description
Linux Hello provides Windows Hello-style face authentication for Linux
systems. It supports infrared cameras, TPM-backed template encryption,
and anti-spoofing with liveness detection.
This metapackage installs the CLI tool and daemon.
#---------------------------------------------------------------------------
%package cli
Summary: Face authentication for Linux - CLI tool
Requires: %{name}-daemon = %{version}-%{release}
%description cli
Linux Hello provides Windows Hello-style face authentication for Linux
systems. This package contains the command-line interface for enrolling
faces, managing templates, and testing authentication.
#---------------------------------------------------------------------------
%package daemon
Summary: Face authentication for Linux - daemon
Requires(pre): shadow-utils
%{?systemd_requires}
%description daemon
Linux Hello provides Windows Hello-style face authentication for Linux
systems. This package contains the background daemon that handles
camera access, face detection, and template matching.
The daemon runs as a systemd service and communicates with the CLI
and PAM module via Unix socket.
#---------------------------------------------------------------------------
%package -n pam-%{name}
Summary: Face authentication for Linux - PAM module
Requires: pam
Requires: %{name}-daemon = %{version}-%{release}
%description -n pam-%{name}
Linux Hello provides Windows Hello-style face authentication for Linux
systems. This package contains the PAM module that integrates face
authentication with system login, sudo, and other PAM-aware applications.
WARNING: After installation, you must manually configure PAM to use
this module. A template configuration is provided at
/usr/share/doc/pam-linux-hello/pam-config.example
Incorrect PAM configuration may lock you out of your system!
#---------------------------------------------------------------------------
%prep
%autosetup -n %{name}-%{version}
%build
# Build Rust components
export CARGO_HOME="$PWD/.cargo"
cargo build --release \
--package linux-hello-daemon \
--package linux-hello-cli
# Build PAM module
%make_build -C pam-module CFLAGS="%{optflags} -fPIC" LDFLAGS="%{build_ldflags}"
%install
# Install daemon binary
install -D -m 755 target/release/linux-hello-daemon \
%{buildroot}%{_libexecdir}/linux-hello-daemon
# Install CLI binary
install -D -m 755 target/release/linux-hello \
%{buildroot}%{_bindir}/linux-hello
# Install PAM module (architecture-specific path)
install -D -m 755 pam-module/pam_linux_hello.so \
%{buildroot}%{_libdir}/security/pam_linux_hello.so
# Install configuration
install -D -m 644 dist/config.toml \
%{buildroot}%{_sysconfdir}/linux-hello/config.toml
# Install systemd service
install -D -m 644 dist/linux-hello.service \
%{buildroot}%{_unitdir}/linux-hello.service
# Install PAM configuration template
install -D -m 644 debian/pam-config.example \
%{buildroot}%{_docdir}/pam-%{name}/pam-config.example
# Create state directory
install -d -m 750 %{buildroot}%{_sharedstatedir}/linux-hello
install -d -m 750 %{buildroot}%{_sharedstatedir}/linux-hello/templates
# Create runtime directory placeholder (actual dir created by tmpfiles)
install -D -m 644 /dev/null %{buildroot}%{_tmpfilesdir}/%{name}.conf
cat > %{buildroot}%{_tmpfilesdir}/%{name}.conf << 'EOF'
# linux-hello runtime directory
d /run/linux-hello 0750 root linux-hello -
EOF
%check
# Run tests (skip hardware-dependent tests)
export CARGO_HOME="$PWD/.cargo"
cargo test --release \
--package linux-hello-common \
-- --skip integration || true
#---------------------------------------------------------------------------
%pre daemon
# Create linux-hello system user
getent group linux-hello >/dev/null || groupadd -r linux-hello
getent passwd linux-hello >/dev/null || \
useradd -r -g linux-hello -d %{_sharedstatedir}/linux-hello \
-s /sbin/nologin -c "Linux Hello Face Authentication" linux-hello
# Add to video group for camera access
usermod -a -G video linux-hello 2>/dev/null || :
# Add to tss group for TPM access
getent group tss >/dev/null && usermod -a -G tss linux-hello 2>/dev/null || :
%post daemon
%systemd_post linux-hello.service
# Set permissions on state directory
chown root:linux-hello %{_sharedstatedir}/linux-hello
chmod 0750 %{_sharedstatedir}/linux-hello
chown root:linux-hello %{_sharedstatedir}/linux-hello/templates
chmod 0750 %{_sharedstatedir}/linux-hello/templates
# Create runtime directory
systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf || :
%preun daemon
%systemd_preun linux-hello.service
%postun daemon
%systemd_postun_with_restart linux-hello.service
# Clean up on complete removal
if [ $1 -eq 0 ]; then
# Remove runtime directory
rm -rf /run/linux-hello 2>/dev/null || :
fi
#---------------------------------------------------------------------------
%files
# Metapackage - no files
%files cli
%license LICENSE
%doc README.md
%{_bindir}/linux-hello
%files daemon
%license LICENSE
%doc README.md
%{_libexecdir}/linux-hello-daemon
%{_unitdir}/linux-hello.service
%{_tmpfilesdir}/%{name}.conf
%dir %{_sysconfdir}/linux-hello
%config(noreplace) %{_sysconfdir}/linux-hello/config.toml
%dir %attr(0750,root,linux-hello) %{_sharedstatedir}/linux-hello
%dir %attr(0750,root,linux-hello) %{_sharedstatedir}/linux-hello/templates
%files -n pam-%{name}
%license LICENSE
%doc README.md
%doc %{_docdir}/pam-%{name}/pam-config.example
%{_libdir}/security/pam_linux_hello.so
#---------------------------------------------------------------------------
%changelog
* Wed Jan 15 2025 Linux Hello Contributors <linux-hello@example.org> - 0.1.0-1
- Initial release
- Face authentication daemon with IR camera support
- TPM-backed template encryption
- Anti-spoofing with liveness detection
- PAM module for system integration
- CLI for face enrollment and management