pam-ssh-agent 0.9.1

A PAM module that authenticates using the ssh-agent.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336

### *** pam_ssh_agent
###
### This is a "complex" spec file which deals with the situation that several for building
###  required rust-*-devel RPMs are (still) not available on Fedora/Enterprise Linux
###  Fedora Linux provides more, Enterprise Linux (EPEL) less out-of-the-box
###
### Tested on Fedora Linux 43, 43 and Enterprise Linux 10
###
### see also:
###  - https://github.com/nresare/pam-ssh-agent
###  - description (below)
###
### Step 1: download required packages and store to ~/rpmbuild/SOURCES
### $ rpmbuild -bp --undefine=_disable_source_fetch pam_ssh_agent.spec
###
### Step 2: install required build dependencies, get list of required packages
### $ rpmbuild -bb pam_ssh_agent.spec 2>&1 | awk '$0 ~ "is needed" { print $1 }' | xargs echo "dnf install"
###
### Step 3: install required build dependencies, get list of required packages
### $ sudo dnf install ...
###
### Step 4: rebuild
### $ rpmbuild -bb pam_ssh_agent.spec
###
### Alternative
### Step 1: create source RPM package by
### $ rpmbuild -bs --undefine=_disable_source_fetch pam_ssh_agent.spec
###
### Step 2: rebuild
### $ rpmbuild --rebuild pam_ssh_agent-<VERSION>.src.rpm
###
### In case RPM should be built on a special git commit, add
###  ... -D "gitcommit <commit-hash>"


%if 0%{?gitcommit:1}
%global shortcommit %(c=%{gitcommit}; echo ${c:0:7})
%define build_timestamp %(date +"%Y%m%d")
%global gittag .%{build_timestamp}git%{shortcommit}
%endif

# Generated by rust2rpm 27
%bcond check 1

# prevent library files from being installed
%global cargo_install_lib 0


## define versions of built-in dependencies
# Fedora <= 43 + EL <= 10
%define         pam_bindings            0.1.1
%define         ssh_agent_client_rs     1.0.0
%define         uzers                   0.12.1

# EL <= 10
%define         ssh_key                 0.6.7
%define         ssh_encoding            0.2.0
%define         ssh_cipher              0.2.0
%define         ed25519_dalek           2.1.1
%define         curve25519_dalek        4.1.3
%define         curve25519_dalek_derive 0.1.1
%define         p256                    0.13.2
%define         p521                    0.13.3

%if 0%{?fedora} <= 43 || 0%{?rhel} <= 10
%define         b_pam_bindings            1
%define         b_ssh_agent_client_rs     1
%endif

%if 0%{?rhel} && 0%{?rhel} <= 10
%define         b_ssh_key                 1
%define         b_ssh_encoding            1
%define         b_ssh_cipher              1
%define         b_ed25519_dalek           1
%define         b_curve25519_dalek        1
%define         b_curve25519_dalek_derive 1
%define         b_p256                    1
%define         b_p521                    1
%define         b_uzers                   1
%endif


Name:           pam_ssh_agent
Version:        0.9.0
Release:        1%{?gittag}%{?dist}
Summary:        PAM module for ssh-agent based authentication

SourceLicense:  MIT
License:        Apache-2.0 or MIT

URL:            https://github.com/nresare/pam-ssh-agent
%if 0%{?gitcommit:1}
Source0:        https://github.com/nresare/pam-ssh-agent/archive/%{gitcommit}/%{name}-%{gitcommit}.tar.gz
%else
Source0:        https://github.com/nresare/pam-ssh-agent/archive/v%{version}/%{name}-%{version}.tar.gz
%endif

BuildRequires:  pam-devel

Source10:       https://static.crates.io/crates/pam-bindings/pam-bindings-%{pam_bindings}.crate
Source11:       https://static.crates.io/crates/ssh-agent-client-rs/ssh-agent-client-rs-%{ssh_agent_client_rs}.crate
Source12:       https://static.crates.io/crates/ssh-key/ssh-key-%{ssh_key}.crate
Source13:       https://static.crates.io/crates/ssh-encoding/ssh-encoding-%{ssh_encoding}.crate
Source14:       https://static.crates.io/crates/ssh-cipher/ssh-cipher-%{ssh_cipher}.crate
Source15:       https://static.crates.io/crates/ed25519-dalek/ed25519-dalek-%{ed25519_dalek}.crate
Source16:       https://static.crates.io/crates/p256/p256-%{p256}.crate
Source17:       https://static.crates.io/crates/p521/p521-%{p521}.crate
Source18:       https://static.crates.io/crates/curve25519-dalek/curve25519-dalek-%{curve25519_dalek}.crate
Source19:       https://static.crates.io/crates/curve25519-dalek-derive/curve25519-dalek-derive-%{curve25519_dalek_derive}.crate
Source22:       https://static.crates.io/crates/uzers/uzers-%{uzers}.crate

# built-in dependencies
%if 0%{?b_pam_bindings}
%define         has_bundles 1
Provides:       bundled(crate(pam-binding+default)) = %{pam_bindings}
%else
BuildRequires:  rust-pam-bindings+default-devel
%endif

%if 0%{?b_ssh_agent_client_rs}
%define         has_bundles 1
Provides:       bundled(crate(ssh-agent-client-rs+default)) = %{ssh_agent_client_rs}
BuildRequires:  rust-bytes-devel
BuildRequires:  rust-thiserror-devel
%else
BuildRequires:  rust-ssh-agent-client-rs+default-devel
%endif

%if 0%{?b_ssh_key}
%define         has_bundles 1
Provides:       bundled(crate(ssh-key+default)) = %{ssh_key}
Provides:       bundled(crate(ssh-key+crypto)) = %{ssh_key}
BuildRequires:  rust-num-bigint-dig-devel
BuildRequires:  rust-p384-devel
BuildRequires:  rust-rsa-devel
BuildRequires:  rust-sha2-devel
BuildRequires:  rust-cipher-devel
%else
BuildRequires:  rust-ssh-key+default-devel >= %{ssh_key}
BuildRequires:  rust-ssh-key+crypto-devel >= %{ssh_key}
%endif

%if 0%{?b_ssh_encoding}
%define         has_bundles 1
Provides:       bundled(crate(ssh-encoding+default)) = %{ssh_encoding}
BuildRequires:  rust-pem-rfc7468-devel
%else
BuildRequires:  rust-ssh-encoding+default-devel
%endif

%if 0%{?b_ssh_cipher}
%define         has_bundles 1
Provides:       bundled(crate(ssh-cipher+default)) = %{ssh_cipher}
%else
BuildRequires:  rust-ssh-cipher+default-devel
%endif

%if 0%{?b_ed25519_dalek}
%define         has_bundles 1
Provides:       bundled(crate(ed25519-dalek)) = %{ed25519_dalek}
BuildRequires:  rust-ed25519-devel
%else
BuildRequires:  rust-ed25519-dalek-devel
%endif

%if 0%{?b_p256}
%define         has_bundles 1
Provides:       bundled(crate(p256)) = %{p256}
BuildRequires:  rust-ecdsa-devel
BuildRequires:  rust-rfc6979-devel
%else
BuildRequires:  rust-p256-devel
%endif

%if 0%{?b_p521}
%define         has_bundles 1
Provides:       bundled(crate(p521)) = %{p521}
%else
BuildRequires:  rust-p521-devel
%endif

%if 0%{?b_curve25519_dalek}
%define         has_bundles 1
Provides:       bundled(crate(curve25519-dalek)) = %{curve25519_dalek}
BuildRequires:  rust-rustc_version-devel
BuildRequires:  rust-fiat-crypto-devel
%else
BuildRequires:  rust-curve25519-dalek-devel
%endif

%if 0%{?b_curve25519_dalek_derive}
%define         has_bundles 1
Provides:       bundled(crate(curve25519-dalek-derive)) = %{curve25519_dalek_derive}
%else
BuildRequires:  rust-curve25519-dalek-derive-devel
%endif

%if 0%{?b_uzers}
%define         has_bundles 1
Provides:       bundled(crate(uzers)) = %{uzers}
%else
BuildRequires:  rust-uzers-devel
%endif

BuildRequires:  cargo-rpm-macros >= 26

## from Cargo.toml
BuildRequires:  rust-anyhow+default-devel
BuildRequires:  rust-getrandom0.2+default-devel
BuildRequires:  rust-signature+default-devel
BuildRequires:  rust-syslog-devel
BuildRequires:  rust-getrandom-devel


%global _description %{expand:
%{summary}.}

%description %{_description}


%prep
%if 0%{?gitcommit:1}
%autosetup -n pam-ssh-agent-%{gitcommit}
%else
%autosetup -n pam-ssh-agent-%{version} -p1
%endif

# built-in dependencies
%if 0%{?b_pam_bindings}
%{__tar} xzf %{SOURCE10}
%{__sed} -i 's/\(pam-bindings\) = .*/\1 = { path = "pam-bindings-%{pam_bindings}" }/' Cargo.toml
%endif

%if 0%{?b_ssh_agent_client_rs}
%{__tar} xzf %{SOURCE11}
%{__sed} -i 's/\(ssh-agent-client-rs\) = .*/\1 = { path = "ssh-agent-client-rs-%{ssh_agent_client_rs}" }/' Cargo.toml
# remove "windows" related interprocess dependency
%{__sed} -i -e '/dependencies.interprocess/,+2d' ssh-agent-client-rs-%{ssh_agent_client_rs}/Cargo.toml
%endif

%if 0%{?b_ssh_key}
%{__tar} xzf %{SOURCE12}
%{__sed} -i 's/\(ssh-key\) = .*/\1 = { path = "ssh-key-%{ssh_key}", features = ["crypto"] }/' Cargo.toml
%{__sed} -i 's/\(dependencies.ssh-key\]\)/\1\npath = "..\/ssh-key-%{ssh_key}"/' ssh-agent-client-rs-%{ssh_agent_client_rs}/Cargo.toml
%endif

%if 0%{?b_ed25519_dalek}
%{__tar} xzf %{SOURCE15}
%{__sed} -i 's/\(dependencies.ed25519-dalek\]\)/\1\npath = "..\/ed25519-dalek-%{ed25519_dalek}"/' ssh-key-%{ssh_key}/Cargo.toml
%endif

%if 0%{?b_ssh_cipher}
%{__tar} xzf %{SOURCE14}
%{__sed} -i 's/\(dependencies.cipher\]\)/\1\npath = "..\/ssh-cipher-%{ssh_cipher}"/' ssh-key-%{ssh_key}/Cargo.toml
%endif

%if 0%{?b_ssh_encoding}
%{__tar} xzf %{SOURCE13}
%{__sed} -i 's/\(dependencies.ssh-encoding\]\)/\1\npath = "..\/ssh-encoding-%{ssh_encoding}"/' ssh-agent-client-rs-%{ssh_agent_client_rs}/Cargo.toml
%{__sed} -i 's/\(dependencies.encoding\]\)/\1\npath = "..\/ssh-encoding-%{ssh_encoding}"/' ssh-key-%{ssh_key}/Cargo.toml
%{__sed} -i 's/\(dependencies.encoding\]\)/\1\npath = "..\/ssh-encoding-%{ssh_encoding}"/' ssh-cipher-%{ssh_cipher}/Cargo.toml
%endif

%if 0%{?b_p256}
%{__tar} xzf %{SOURCE16}
%{__sed} -i 's/\(dependencies.p256\]\)/\1\npath = "..\/p256-%{p256}"/' ssh-key-%{ssh_key}/Cargo.toml
%endif

%if 0%{?b_p521}
%{__tar} xzf %{SOURCE17}
%{__sed} -i 's/\(dependencies.p521\]\)/\1\npath = "..\/p521-%{p521}"/' ssh-key-%{ssh_key}/Cargo.toml
%endif

%if 0%{?b_curve25519_dalek}
%{__tar} xzf %{SOURCE18}
%{__sed} -i 's/\(dependencies.curve25519-dalek\]\)/\1\npath = "..\/curve25519-dalek-%{curve25519_dalek}"/' ed25519-dalek-%{ed25519_dalek}/Cargo.toml
%endif

%if 0%{?b_curve25519_dalek_derive}
%{__tar} xzf %{SOURCE19}
%{__sed} -i 's/\(dependencies.curve25519-dalek-derive\]\)/\1\npath = "..\/curve25519-dalek-derive-%{curve25519_dalek_derive}"/' curve25519-dalek-%{curve25519_dalek}/Cargo.toml
%endif

%if 0%{?b_uzers}
%{__tar} xzf %{SOURCE22}
%{__sed} -i 's/\(uzers\) = .*/\1 = { path = "uzers-%{uzers}" }/' Cargo.toml
%endif

%cargo_prep


%generate_buildrequires
%if 0%{has_bundles}
%else
%cargo_generate_buildrequires
%endif


%build
%cargo_build
%{cargo_license_summary}


%install
install -d -m 755 %{buildroot}%{_libdir}/security
install -m 755 target/release/libpam_ssh_agent.so %{buildroot}%{_libdir}/security


%check
%if %{with check}
%cargo_test
%endif


%files
%doc README.md
%{_libdir}/security/libpam_ssh_agent.so


%changelog
* Thu May 15 2025 Peter Bieringer <pb@bieringer.de> - 0.9.0-1
- Upstream 0.9.0
- Update bundled ssh_agent_client_rs 0.9.1->1.0.0
- Update for EL10 ssh_key 0.6.5->0.6.7
- Add for EL10 uzers=0.12.1
- Add support for build on git commits
- Add additional required build dependencies

* Thu May 15 2025 Peter Bieringer <pb@bieringer.de> - 0.5.1-3
- Unconditionally package all sources to avoid issues with copr builds

* Tue May 13 2025 Peter Bieringer <pb@bieringer.de> - 0.5.1-2
- Add support for EL10 by conditional bundling of ssh_key=0.6.5 ssh-encoding=0.2.0 ssh-cipher=0.2.0 ed25519-dalek=2.1.1 curve25519-dalek=4.1.3 curve25519-dalek-derive=0.1.1 p256=0.13.2 p521=0.13.3

* Mon May 12 2025 Peter Bieringer <pb@bieringer.de> - 0.5.1-1
- Upstream 0.5.1 incl. bundled pam-bindings=0.1.1 and ssh-agent-client-rs=0.9.1