fix(rpm): standardize systemd scriptlets and unit installation paths
- Add BuildRequires: systemd-rpm-macros to sentinel and correlator specs
- Replace manual systemctl calls with %systemd_post, %systemd_preun,
%systemd_postun_with_restart macros (handles daemon-reload, stop/disable,
try-restart on upgrade correctly and is a no-op in containers)
- ja4sentinel.spec: use %{_unitdir} macro instead of hardcoded path
(/usr/lib/systemd/system); remove cross-service /var/run/logcorrelator
from %files and %post (owned by logcorrelator package, not sentinel)
- logcorrelator.spec: move unit from /etc/systemd/system (admin namespace)
to %{_unitdir} (/usr/lib/systemd/system) — correct packaging location;
move user/group creation from %post to %pre so file ownership is valid
during RPM install phase; add Requires(pre): shadow-utils; fix bare
directory entries in %files with %dir macro; add version fallback macro
so spec is buildable without --define version
- test-rpm.sh: auto-build RPM via Dockerfile.package if dist/rpm/ is
empty; update service file path check to /usr/lib/systemd/system/
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
toto
@ -13,10 +13,13 @@ Summary: JA4 TLS fingerprinting daemon for network monitoring
|
||||
License: MIT
|
||||
URL: https://github.com/your-repo/ja4sentinel
|
||||
BuildArch: x86_64
|
||||
BuildRequires: systemd-rpm-macros
|
||||
|
||||
# Distribution-agnostic dependencies
|
||||
# systemd is available on all target distros (Rocky 8/9/10, AlmaLinux)
|
||||
Requires: systemd
|
||||
Requires: systemd
|
||||
Requires(post): systemd
|
||||
Requires(preun): systemd
|
||||
Requires(postun): systemd
|
||||
# libpcap is required for packet capture (dynamically linked)
|
||||
# Version varies by distro: Rocky 8/9/10 (1.9.0+)
|
||||
Requires: libpcap >= 1.9.0
|
||||
@ -55,7 +58,7 @@ mkdir -p %{buildroot}/usr/share/ja4sentinel
|
||||
install -m 755 %{_sourcedir}/ja4sentinel %{buildroot}/usr/bin/ja4sentinel
|
||||
|
||||
# Install systemd service
|
||||
install -m 644 %{_sourcedir}/ja4sentinel.service %{buildroot}/usr/lib/systemd/system/ja4sentinel.service
|
||||
install -m 644 %{_sourcedir}/ja4sentinel.service %{buildroot}%{_unitdir}/ja4sentinel.service
|
||||
|
||||
# Install logrotate configuration
|
||||
install -m 644 %{_sourcedir}/logrotate/ja4sentinel %{buildroot}/etc/logrotate.d/ja4sentinel
|
||||
@ -69,9 +72,16 @@ install -m 640 %{_sourcedir}/config.yml %{buildroot}/usr/share/ja4sentinel/confi
|
||||
exit 0
|
||||
|
||||
%post
|
||||
# Use standard systemd RPM macros (handles daemon-reload, preset, no-op in containers)
|
||||
%systemd_post ja4sentinel.service
|
||||
# Explicitly enable+start on fresh install — this is a security daemon, auto-start is expected
|
||||
if [ $1 -eq 1 ] && [ -x /usr/bin/systemctl ] && [ -d /run/systemd/system ]; then
|
||||
/usr/bin/systemctl enable ja4sentinel.service 2>/dev/null || :
|
||||
/usr/bin/systemctl start ja4sentinel.service 2>/dev/null || :
|
||||
fi
|
||||
|
||||
# Set proper ownership (root:root for packet capture)
|
||||
chown -R root:root /var/lib/ja4sentinel 2>/dev/null || true
|
||||
chown -R root:root /var/run/logcorrelator 2>/dev/null || true
|
||||
chown -R root:root /var/log/ja4sentinel 2>/dev/null || true
|
||||
chown -R root:root /etc/ja4sentinel 2>/dev/null || true
|
||||
|
||||
@ -86,40 +96,21 @@ if [ ! -f /etc/ja4sentinel/config.yml ]; then
|
||||
chmod 640 /etc/ja4sentinel/config.yml
|
||||
fi
|
||||
|
||||
# Reload systemd and enable service (only if systemd is running)
|
||||
if [ -x /bin/systemctl ] && [ -d /run/systemd/system ]; then
|
||||
/bin/systemctl daemon-reload
|
||||
/bin/systemctl enable ja4sentinel.service 2>/dev/null || :
|
||||
/bin/systemctl start ja4sentinel.service 2>/dev/null || :
|
||||
fi
|
||||
|
||||
%preun
|
||||
if [ $1 -eq 0 ]; then
|
||||
# Package removal, stop and disable service
|
||||
if [ -x /bin/systemctl ]; then
|
||||
/bin/systemctl stop ja4sentinel.service >/dev/null 2>&1 || :
|
||||
/bin/systemctl disable ja4sentinel.service >/dev/null 2>&1 || :
|
||||
fi
|
||||
fi
|
||||
%systemd_preun ja4sentinel.service
|
||||
|
||||
%postun
|
||||
if [ $1 -eq 0 ]; then
|
||||
# Package removal, reload systemd
|
||||
if [ -x /bin/systemctl ]; then
|
||||
/bin/systemctl daemon-reload
|
||||
fi
|
||||
fi
|
||||
%systemd_postun_with_restart ja4sentinel.service
|
||||
|
||||
%files
|
||||
/usr/bin/ja4sentinel
|
||||
/usr/lib/systemd/system/ja4sentinel.service
|
||||
%{_unitdir}/ja4sentinel.service
|
||||
/etc/logrotate.d/ja4sentinel
|
||||
/usr/share/ja4sentinel/config.yml
|
||||
%config(noreplace) /etc/ja4sentinel/config.yml.default
|
||||
%dir /etc/ja4sentinel
|
||||
%dir /var/lib/ja4sentinel
|
||||
%dir /var/log/ja4sentinel
|
||||
%dir /var/run/logcorrelator
|
||||
|
||||
%changelog
|
||||
|
||||
|
||||
Reference in New Issue
Block a user