-
Notifications
You must be signed in to change notification settings - Fork 0
Home
Derek Simmel edited this page Dec 14, 2017
·
6 revisions
Welcome to the duo_unix_psc wiki!
The following example illustrates application of the duo_unix-1.10.0-psc.patch file to the duo_unix-1.10.0 source on a CentOS 7.x host. You will need to adapt the commands, paths to files, and configuration options to suit your needs and environment.
(i) Make a directory in which to patch and build the source:
$ mkdir -p /tmp/duo/src
(ii) Retrieve the duo_unix-1.10.0.tar.gz source code tarball and verify its SHA1 checksum (listed at https://duo.com/docs/checksums#duounix):
$ cd /tmp/duo/src $ wget -q https://dl.duosecurity.com/duo_unix-1.10.0.tar.gz $ sha1sum duo_unix-1.10.0.tar.gz 8041290cfc445fa68a430f6d80832bcf9e4e05b6 duo_unix-1.10.0.tar.gz
(iii) Retrieve the duo_unix-1.10.0-psc.patch file and verify its GnuPG signature:
$ wget -q https://raw.githubusercontent.com/pscedu/duo_unix_psc/master/duo_unix-1.10.0-psc.patch $ wget -q https://raw.githubusercontent.com/pscedu/duo_unix_psc/master/duo_unix-1.10.0-psc.patch.asc $ gpg2 --verify duo_unix-1.10.0-psc.patch.asc gpg: Signature made Thu 06 Jul 2017 07:52:05 PM EDT using RSA key ID 72B3F1F2 gpg: Good signature from "Derek Simmel (2016-07-26) <dsimmel@psc.edu>" gpg: aka "[jpeg image of size 18689]" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: EBCA 75E3 09D5 9A36 6AE0 8F4E 3B6F D8C6 72B3 F1F2
(iv) Extract the duo_unix-1.10.0.tar.gz tarball and apply the patch:
$ tar zxf duo_unix-1.10.0.tar.gz $ patch -p0 <duo_unix-1.10.0-psc.patch patching file duo_unix-1.10.0/CHANGES patching file duo_unix-1.10.0/lib/util.c patching file duo_unix-1.10.0/lib/util.h patching file duo_unix-1.10.0/pam_duo/pam_duo.8 patching file duo_unix-1.10.0/pam_duo/pam_duo.c
(v) Configure and build the patched duo_unix software:
Check the `configure` options:
$ cd duo_unix-1.10.0 $ ./configure --help
- The prefix parameter defines where most of the software should be installed (default: /usr/local).
- The sysconfdir parameter defines where the security-sensitive DUO configuration files should go (default: /etc/duo).
- The with-pam parameter defines where the DUO Linux-PAM modules should be installed (default: /lib64/security).
$ ./configure --prefix=/opt/duo --sysconfdir=/opt/duo/etc --with-pam=/opt/duo/pam ... $ make ... $ sudo make install