fix(ja4ebpf): split bpf2go generate into Ja4Tc + Ja4Ssl, fix RPM systemd-rpm-macros

- Use two separate //go:generate directives (Ja4Tc for tc_capture.c, Ja4Ssl
  for uprobe_ssl.c) to avoid duplicate LICENSE symbol and multi-file clang issue
- Update loader.go to hold tcObjs/sslObjs separately with correct field names:
  UprobeSslSetFd, UprobeSslReadEntry, UretprobeSslReadExit,
  KprobeAccept4Entry, KretprobeAccept4Exit
- Add systemd-rpm-macros to all three RPM build stages (el8/el9/el10)
  so that %{_unitdir} macro resolves correctly
- RPMs now build successfully for el8, el9, el10

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

tests/integration/hitch-varnish/platform/entrypoint.sh

@@ -0,0 +1,120 @@
+#!/usr/bin/env bash
+# =============================================================================
+# Entrypoint — stack hitch + varnish + backend HTTP + ja4ebpf
+# Ordre : backend → varnish → hitch → ja4ebpf
+# =============================================================================
+set -eo pipefail
+
+log() { echo "[entrypoint:hitch-varnish] $(date +%H:%M:%S) $*"; }
+
+BACKEND_PID="" VARNISH_PID="" HITCH_PID="" JA4EBPF_PID=""
+
+cleanup() {
+    log "Arrêt des processus…"
+    for pid in "$JA4EBPF_PID" "$HITCH_PID" "$VARNISH_PID" "$BACKEND_PID"; do
+        [ -n "$pid" ] && kill "$pid" 2>/dev/null || true
+    done
+    wait 2>/dev/null || true
+}
+trap cleanup EXIT SIGTERM SIGINT
+
+# ── 1. Backend HTTP simple (port 8080) ────────────────────────────────────────
+log "Démarrage du backend HTTP (port 8080)…"
+python3 -c "
+import http.server, socketserver, json
+
+class H(http.server.BaseHTTPRequestHandler):
+    def log_message(self, *a): pass
+    def do_GET(self):
+        body = json.dumps({'status':'ok','backend':'hitch-varnish','path':self.path}).encode()
+        self.send_response(200)
+        self.send_header('Content-Type','application/json')
+        self.send_header('Content-Length', len(body))
+        self.end_headers()
+        self.wfile.write(body)
+    def do_POST(self):
+        n = int(self.headers.get('Content-Length',0))
+        self.rfile.read(n)
+        body = b'{\"result\":\"accepted\"}'
+        self.send_response(200)
+        self.send_header('Content-Type','application/json')
+        self.send_header('Content-Length', len(body))
+        self.end_headers()
+        self.wfile.write(body)
+
+with socketserver.TCPServer(('127.0.0.1', 8080), H) as s:
+    s.serve_forever()
+" &
+BACKEND_PID=$!
+sleep 1
+log "Backend démarré (PID $BACKEND_PID)"
+
+# ── 2. Démarrage de Varnish (port 6081, avec PROXY protocol activé) ───────────
+# L'option "-a 127.0.0.1:6081,PROXY" indique à Varnish d'accepter le PROXY header
+# envoyé par hitch pour récupérer la vraie IP du client.
+log "Démarrage de Varnish (port 6081, PROXY protocol)…"
+varnishd \
+    -F \
+    -f /etc/varnish/default.vcl \
+    -a "127.0.0.1:6081,PROXY" \
+    -s malloc,64m \
+    -T 127.0.0.1:6082 &
+VARNISH_PID=$!
+
+for i in $(seq 1 30); do
+    if varnishadm -T 127.0.0.1:6082 status 2>/dev/null | grep -q "Child in state running"; then
+        log "Varnish opérationnel (PID $VARNISH_PID)"; break
+    fi
+    sleep 0.5
+done
+
+# ── 3. Démarrage de hitch (port 443) ──────────────────────────────────────────
+log "Démarrage de hitch (port 443, TLS + PROXY protocol)…"
+hitch --config=/etc/hitch/hitch.conf &
+HITCH_PID=$!
+
+# Attendre que hitch soit opérationnel (accepte les connexions TLS)
+for i in $(seq 1 20); do
+    if curl -skf https://127.0.0.1/health >/dev/null 2>&1; then
+        log "hitch opérationnel (PID $HITCH_PID)"; break
+    fi
+    sleep 0.5
+done
+
+# Exposition d'un port HTTP 80 simple pour le healthcheck Docker
+# (hitch gère uniquement HTTPS — on ajoute un mini-serveur HTTP pour /health)
+python3 -c "
+import http.server, socketserver, json
+
+class H(http.server.BaseHTTPRequestHandler):
+    def log_message(self, *a): pass
+    def do_GET(self):
+        body = json.dumps({'status':'ok','stack':'hitch-varnish'}).encode()
+        self.send_response(200)
+        self.send_header('Content-Type','application/json')
+        self.send_header('Content-Length',len(body))
+        self.end_headers()
+        self.wfile.write(body)
+
+with socketserver.TCPServer(('0.0.0.0',80), H) as s:
+    s.serve_forever()
+" &
+
+# ── 4. Démarrage de ja4ebpf ───────────────────────────────────────────────────
+log "Démarrage de ja4ebpf (uprobes hitch/libssl + hook TC eth0)…"
+ja4ebpf -config /etc/ja4ebpf/config.yml &
+JA4EBPF_PID=$!
+
+log "Stack complète — backend=$BACKEND_PID varnish=$VARNISH_PID hitch=$HITCH_PID ja4ebpf=$JA4EBPF_PID"
+
+# ── 5. Supervision ────────────────────────────────────────────────────────────
+while true; do
+    for pid_var in BACKEND_PID VARNISH_PID HITCH_PID JA4EBPF_PID; do
+        pid="${!pid_var}"
+        if [ -n "$pid" ] && ! kill -0 "$pid" 2>/dev/null; then
+            log "$pid_var (PID $pid) s'est arrêté — fin"
+            exit 1
+        fi
+    done
+    sleep 2
+done