204 lines
6.5 KiB
RPMSpec
204 lines
6.5 KiB
RPMSpec
%global _hardened_build 1
|
|
|
|
Name: linux-hello
|
|
Version: 0.1.0
|
|
Release: 1%{?dist}
|
|
Summary: Face authentication for Linux
|
|
|
|
License: GPL-3.0-or-later
|
|
URL: https://github.com/linux-hello/linux-hello
|
|
Source0: %{name}-%{version}.tar.gz
|
|
|
|
BuildRequires: rust >= 1.75
|
|
BuildRequires: cargo
|
|
BuildRequires: gcc
|
|
BuildRequires: pam-devel
|
|
BuildRequires: libv4l-devel
|
|
BuildRequires: tpm2-tss-devel
|
|
BuildRequires: openssl-devel
|
|
BuildRequires: clang-devel
|
|
BuildRequires: systemd-rpm-macros
|
|
|
|
# Main package is a metapackage
|
|
Requires: %{name}-cli = %{version}-%{release}
|
|
Requires: %{name}-daemon = %{version}-%{release}
|
|
Recommends: pam-%{name} = %{version}-%{release}
|
|
|
|
%description
|
|
Linux Hello provides Windows Hello-style face authentication for Linux
|
|
systems. It supports infrared cameras, TPM-backed template encryption,
|
|
and anti-spoofing with liveness detection.
|
|
|
|
This metapackage installs the CLI tool and daemon.
|
|
|
|
#---------------------------------------------------------------------------
|
|
%package cli
|
|
Summary: Face authentication for Linux - CLI tool
|
|
Requires: %{name}-daemon = %{version}-%{release}
|
|
|
|
%description cli
|
|
Linux Hello provides Windows Hello-style face authentication for Linux
|
|
systems. This package contains the command-line interface for enrolling
|
|
faces, managing templates, and testing authentication.
|
|
|
|
#---------------------------------------------------------------------------
|
|
%package daemon
|
|
Summary: Face authentication for Linux - daemon
|
|
Requires(pre): shadow-utils
|
|
%{?systemd_requires}
|
|
|
|
%description daemon
|
|
Linux Hello provides Windows Hello-style face authentication for Linux
|
|
systems. This package contains the background daemon that handles
|
|
camera access, face detection, and template matching.
|
|
|
|
The daemon runs as a systemd service and communicates with the CLI
|
|
and PAM module via Unix socket.
|
|
|
|
#---------------------------------------------------------------------------
|
|
%package -n pam-%{name}
|
|
Summary: Face authentication for Linux - PAM module
|
|
Requires: pam
|
|
Requires: %{name}-daemon = %{version}-%{release}
|
|
|
|
%description -n pam-%{name}
|
|
Linux Hello provides Windows Hello-style face authentication for Linux
|
|
systems. This package contains the PAM module that integrates face
|
|
authentication with system login, sudo, and other PAM-aware applications.
|
|
|
|
WARNING: After installation, you must manually configure PAM to use
|
|
this module. A template configuration is provided at
|
|
/usr/share/doc/pam-linux-hello/pam-config.example
|
|
|
|
Incorrect PAM configuration may lock you out of your system!
|
|
|
|
#---------------------------------------------------------------------------
|
|
%prep
|
|
%autosetup -n %{name}-%{version}
|
|
|
|
%build
|
|
# Build Rust components
|
|
export CARGO_HOME="$PWD/.cargo"
|
|
cargo build --release \
|
|
--package linux-hello-daemon \
|
|
--package linux-hello-cli
|
|
|
|
# Build PAM module
|
|
%make_build -C pam-module CFLAGS="%{optflags} -fPIC" LDFLAGS="%{build_ldflags}"
|
|
|
|
%install
|
|
# Install daemon binary
|
|
install -D -m 755 target/release/linux-hello-daemon \
|
|
%{buildroot}%{_libexecdir}/linux-hello-daemon
|
|
|
|
# Install CLI binary
|
|
install -D -m 755 target/release/linux-hello \
|
|
%{buildroot}%{_bindir}/linux-hello
|
|
|
|
# Install PAM module (architecture-specific path)
|
|
install -D -m 755 pam-module/pam_linux_hello.so \
|
|
%{buildroot}%{_libdir}/security/pam_linux_hello.so
|
|
|
|
# Install configuration
|
|
install -D -m 644 dist/config.toml \
|
|
%{buildroot}%{_sysconfdir}/linux-hello/config.toml
|
|
|
|
# Install systemd service
|
|
install -D -m 644 dist/linux-hello.service \
|
|
%{buildroot}%{_unitdir}/linux-hello.service
|
|
|
|
# Install PAM configuration template
|
|
install -D -m 644 debian/pam-config.example \
|
|
%{buildroot}%{_docdir}/pam-%{name}/pam-config.example
|
|
|
|
# Create state directory
|
|
install -d -m 750 %{buildroot}%{_sharedstatedir}/linux-hello
|
|
install -d -m 750 %{buildroot}%{_sharedstatedir}/linux-hello/templates
|
|
|
|
# Create runtime directory placeholder (actual dir created by tmpfiles)
|
|
install -D -m 644 /dev/null %{buildroot}%{_tmpfilesdir}/%{name}.conf
|
|
cat > %{buildroot}%{_tmpfilesdir}/%{name}.conf << 'EOF'
|
|
# linux-hello runtime directory
|
|
d /run/linux-hello 0750 root linux-hello -
|
|
EOF
|
|
|
|
%check
|
|
# Run tests (skip hardware-dependent tests)
|
|
export CARGO_HOME="$PWD/.cargo"
|
|
cargo test --release \
|
|
--package linux-hello-common \
|
|
-- --skip integration || true
|
|
|
|
#---------------------------------------------------------------------------
|
|
%pre daemon
|
|
# Create linux-hello system user
|
|
getent group linux-hello >/dev/null || groupadd -r linux-hello
|
|
getent passwd linux-hello >/dev/null || \
|
|
useradd -r -g linux-hello -d %{_sharedstatedir}/linux-hello \
|
|
-s /sbin/nologin -c "Linux Hello Face Authentication" linux-hello
|
|
|
|
# Add to video group for camera access
|
|
usermod -a -G video linux-hello 2>/dev/null || :
|
|
# Add to tss group for TPM access
|
|
getent group tss >/dev/null && usermod -a -G tss linux-hello 2>/dev/null || :
|
|
|
|
%post daemon
|
|
%systemd_post linux-hello.service
|
|
|
|
# Set permissions on state directory
|
|
chown root:linux-hello %{_sharedstatedir}/linux-hello
|
|
chmod 0750 %{_sharedstatedir}/linux-hello
|
|
chown root:linux-hello %{_sharedstatedir}/linux-hello/templates
|
|
chmod 0750 %{_sharedstatedir}/linux-hello/templates
|
|
|
|
# Create runtime directory
|
|
systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf || :
|
|
|
|
%preun daemon
|
|
%systemd_preun linux-hello.service
|
|
|
|
%postun daemon
|
|
%systemd_postun_with_restart linux-hello.service
|
|
|
|
# Clean up on complete removal
|
|
if [ $1 -eq 0 ]; then
|
|
# Remove runtime directory
|
|
rm -rf /run/linux-hello 2>/dev/null || :
|
|
fi
|
|
|
|
#---------------------------------------------------------------------------
|
|
%files
|
|
# Metapackage - no files
|
|
|
|
%files cli
|
|
%license LICENSE
|
|
%doc README.md
|
|
%{_bindir}/linux-hello
|
|
|
|
%files daemon
|
|
%license LICENSE
|
|
%doc README.md
|
|
%{_libexecdir}/linux-hello-daemon
|
|
%{_unitdir}/linux-hello.service
|
|
%{_tmpfilesdir}/%{name}.conf
|
|
%dir %{_sysconfdir}/linux-hello
|
|
%config(noreplace) %{_sysconfdir}/linux-hello/config.toml
|
|
%dir %attr(0750,root,linux-hello) %{_sharedstatedir}/linux-hello
|
|
%dir %attr(0750,root,linux-hello) %{_sharedstatedir}/linux-hello/templates
|
|
|
|
%files -n pam-%{name}
|
|
%license LICENSE
|
|
%doc README.md
|
|
%doc %{_docdir}/pam-%{name}/pam-config.example
|
|
%{_libdir}/security/pam_linux_hello.so
|
|
|
|
#---------------------------------------------------------------------------
|
|
%changelog
|
|
* Wed Jan 15 2025 Linux Hello Contributors <linux-hello@example.org> - 0.1.0-1
|
|
- Initial release
|
|
- Face authentication daemon with IR camera support
|
|
- TPM-backed template encryption
|
|
- Anti-spoofing with liveness detection
|
|
- PAM module for system integration
|
|
- CLI for face enrollment and management
|