Skip to content

Home

Jump to bottom
Derek Simmel edited this page Dec 14, 2017 · 6 revisions

Welcome to the duo_unix_psc wiki!

Example: Apply duo_unix-1.10.0-psc.patch to duo_unix-1.10.0 source

The following example illustrates application of the duo_unix-1.10.0-psc.patch file to the duo_unix-1.10.0 source on a CentOS 7.x host. You will need to adapt the commands, paths to files, and configuration options to suit your needs and environment.

(i) Make a directory in which to patch and build the source:

$ mkdir -p /tmp/duo/src

(ii) Retrieve the duo_unix-1.10.0.tar.gz source code tarball and verify its SHA1 checksum (listed at https://duo.com/docs/checksums#duounix):

$ cd /tmp/duo/src
$ wget -q https://dl.duosecurity.com/duo_unix-1.10.0.tar.gz
$ sha1sum duo_unix-1.10.0.tar.gz
8041290cfc445fa68a430f6d80832bcf9e4e05b6  duo_unix-1.10.0.tar.gz

(iii) Retrieve the duo_unix-1.10.0-psc.patch file and verify its GnuPG signature:

$ wget -q https://raw.githubusercontent.com/pscedu/duo_unix_psc/master/duo_unix-1.10.0-psc.patch
$ wget -q https://raw.githubusercontent.com/pscedu/duo_unix_psc/master/duo_unix-1.10.0-psc.patch.asc
$ gpg2 --verify duo_unix-1.10.0-psc.patch.asc
gpg: Signature made Thu 06 Jul 2017 07:52:05 PM EDT using RSA key ID 72B3F1F2
gpg: Good signature from "Derek Simmel (2016-07-26) <dsimmel@psc.edu>"
gpg:                 aka "[jpeg image of size 18689]"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: EBCA 75E3 09D5 9A36 6AE0  8F4E 3B6F D8C6 72B3 F1F2

(iv) Extract the duo_unix-1.10.0.tar.gz tarball and apply the patch:

$ tar zxf duo_unix-1.10.0.tar.gz
$ patch -p0 <duo_unix-1.10.0-psc.patch
patching file duo_unix-1.10.0/CHANGES
patching file duo_unix-1.10.0/lib/util.c
patching file duo_unix-1.10.0/lib/util.h
patching file duo_unix-1.10.0/pam_duo/pam_duo.8
patching file duo_unix-1.10.0/pam_duo/pam_duo.c

(v) Configure and build the patched duo_unix software:

Check the `configure` options:

$ cd duo_unix-1.10.0
$ ./configure --help
  • The prefix parameter defines where most of the software should be installed (default: /usr/local).
  • The sysconfdir parameter defines where the security-sensitive DUO configuration files should go (default: /etc/duo).
  • The with-pam parameter defines where the DUO Linux-PAM modules should be installed (default: /lib64/security).
$ ./configure --prefix=/opt/duo --sysconfdir=/opt/duo/etc --with-pam=/opt/duo/pam
...
$ make
...
$ sudo make install
Clone this wiki locally