957918c565
- Dockerfile.package: migre go-builder de golang:bookworm (Debian) vers
rockylinux:9, installe Go depuis le tarball officiel, remplace apt par
dnf (clang llvm libbpf-devel bpftool)
- Suppression du champ 'correlated' de l'agent ja4ebpf : avec eBPF/XDP,
la corrélation L3/L4↔L7 est toujours implicite par présence des champs.
Supprimé de : session.go, manager.go, main.go (x5), clickhouse.go
- Thèse (6 corrections listées + cohérence correlated) :
1. §3.5 + §3.9.1 : SSL_read retourne des octets bruts sans respecter les
frontières H2 → buffer circulaire de réassemblage en Go userspace
2. §3.1 : supprimé libpcap + CAP_NET_RAW, remplacé par définition uprobe
3. §4 + §7 : compte exact 96 features en 8 familles (Famille 1–8),
supprimé taxonomie F1–F11 obsolète, tous les totaux mis à jour
4. §2.4 + §8 : remplacé 7 fausses URLs arXiv par [Référence à vérifier]
5. §4 Famille 2 : ja4_drift_ratio → renvoi à Famille 8 (définition complète)
6. §6.4 : ajouté limite 'Overhead de l'uprobe SSL_read'
+ §3.6 : supprimé correlated=0/1 du texte architectural
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
118 lines
5.1 KiB
Docker
118 lines
5.1 KiB
Docker
# =============================================================================
|
|
# Dockerfile.package — Build multi-distro du RPM ja4ebpf
|
|
#
|
|
# Cible : RHEL/CentOS/Rocky/AlmaLinux 8, 9 et 10.
|
|
# Le BTF natif (/sys/kernel/btf/vmlinux) est disponible sur tous ces kernels.
|
|
#
|
|
# Stages :
|
|
# go-builder : compile le binaire Go statique (clang + bpf2go + go build)
|
|
# rpm-el8 : assemble le RPM pour el8 (AlmaLinux 8 / RHEL 8)
|
|
# rpm-el9 : assemble le RPM pour el9 (Rocky Linux 9 / RHEL 9)
|
|
# rpm-el10 : assemble le RPM pour el10 (AlmaLinux 10)
|
|
# output : collecte tous les RPMs dans /output
|
|
#
|
|
# Usage :
|
|
# docker build -f services/ja4ebpf/Dockerfile.package \
|
|
# --build-arg BUILD_VERSION=1.2.3 \
|
|
# -t ja4ebpf:package \
|
|
# .
|
|
# docker run --rm -v $(pwd)/dist:/dist ja4ebpf:package
|
|
# =============================================================================
|
|
|
|
ARG BUILD_VERSION=dev
|
|
ARG GO_VERSION=1.24
|
|
|
|
# ── Stage 1 : compilation Go ──────────────────────────────────────────────
|
|
FROM rockylinux:9 AS go-builder
|
|
|
|
ARG BUILD_VERSION
|
|
ARG GO_VERSION
|
|
clang llvm libbpf-devel bpftool \
|
|
curl tar gzip && \
|
|
dnf clean all
|
|
|
|
RUN curl -fsSL https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz \
|
|
| tar -C /usr/local -xz
|
|
|
|
ENV PATH="/usr/local/go/bin:${PATH}" \
|
|
GOPATH=/go
|
|
|
|
WORKDIR /build
|
|
|
|
COPY services/ja4ebpf/go.mod services/ja4ebpf/go.sum* ./services/ja4ebpf/
|
|
|
|
RUN cd services/ja4ebpf && go mod download 2>/dev/null || go get ./...
|
|
|
|
COPY services/ja4ebpf/ ./services/ja4ebpf/
|
|
|
|
WORKDIR /build/services/ja4ebpf
|
|
|
|
# Génération des bindings eBPF (C → bytecode embarqué en Go)
|
|
RUN GOWORK=off go generate ./internal/loader/
|
|
|
|
# Compilation statique
|
|
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 \
|
|
go build \
|
|
-ldflags="-s -w -X main.version=${BUILD_VERSION} -extldflags=-static" \
|
|
-o /out/ja4ebpf \
|
|
./cmd/ja4ebpf/
|
|
|
|
# ── Stage 2 : RPM pour el8 ───────────────────────────────────────────────
|
|
FROM almalinux:8 AS rpm-el8
|
|
RUN dnf install -y rpm-build rpmdevtools systemd-rpm-macros && dnf clean all && rpmdev-setuptree
|
|
|
|
COPY --from=go-builder /out/ja4ebpf /root/rpmbuild/SOURCES/ja4ebpf
|
|
COPY services/ja4ebpf/packaging/systemd/ja4ebpf.service /root/rpmbuild/SOURCES/ja4ebpf.service
|
|
COPY services/ja4ebpf/config.yml.example /root/rpmbuild/SOURCES/config.yml.example
|
|
COPY services/ja4ebpf/packaging/rpm/ja4ebpf.spec /root/rpmbuild/SPECS/ja4ebpf.spec
|
|
|
|
ARG BUILD_VERSION=dev
|
|
RUN rpmbuild -bb \
|
|
--define "build_version ${BUILD_VERSION}" \
|
|
--define "dist .el8" \
|
|
/root/rpmbuild/SPECS/ja4ebpf.spec && \
|
|
mkdir -p /rpms && find /root/rpmbuild/RPMS -name '*.rpm' -exec cp {} /rpms/ \;
|
|
|
|
# ── Stage 3 : RPM pour el9 ───────────────────────────────────────────────
|
|
FROM rockylinux:9 AS rpm-el9
|
|
RUN dnf install -y rpm-build rpmdevtools systemd-rpm-macros && dnf clean all && rpmdev-setuptree
|
|
|
|
COPY --from=go-builder /out/ja4ebpf /root/rpmbuild/SOURCES/ja4ebpf
|
|
COPY services/ja4ebpf/packaging/systemd/ja4ebpf.service /root/rpmbuild/SOURCES/ja4ebpf.service
|
|
COPY services/ja4ebpf/config.yml.example /root/rpmbuild/SOURCES/config.yml.example
|
|
COPY services/ja4ebpf/packaging/rpm/ja4ebpf.spec /root/rpmbuild/SPECS/ja4ebpf.spec
|
|
|
|
ARG BUILD_VERSION=dev
|
|
RUN rpmbuild -bb \
|
|
--define "build_version ${BUILD_VERSION}" \
|
|
--define "dist .el9" \
|
|
/root/rpmbuild/SPECS/ja4ebpf.spec && \
|
|
mkdir -p /rpms && find /root/rpmbuild/RPMS -name '*.rpm' -exec cp {} /rpms/ \;
|
|
|
|
# ── Stage 4 : RPM pour el10 ──────────────────────────────────────────────
|
|
FROM almalinux:10 AS rpm-el10
|
|
RUN dnf install -y rpm-build rpmdevtools systemd-rpm-macros && dnf clean all && rpmdev-setuptree
|
|
|
|
COPY --from=go-builder /out/ja4ebpf /root/rpmbuild/SOURCES/ja4ebpf
|
|
COPY services/ja4ebpf/packaging/systemd/ja4ebpf.service /root/rpmbuild/SOURCES/ja4ebpf.service
|
|
COPY services/ja4ebpf/config.yml.example /root/rpmbuild/SOURCES/config.yml.example
|
|
COPY services/ja4ebpf/packaging/rpm/ja4ebpf.spec /root/rpmbuild/SPECS/ja4ebpf.spec
|
|
|
|
ARG BUILD_VERSION=dev
|
|
RUN rpmbuild -bb \
|
|
--define "build_version ${BUILD_VERSION}" \
|
|
--define "dist .el10" \
|
|
/root/rpmbuild/SPECS/ja4ebpf.spec && \
|
|
mkdir -p /rpms && find /root/rpmbuild/RPMS -name '*.rpm' -exec cp {} /rpms/ \;
|
|
|
|
# ── Stage final : collecte de tous les RPMs ───────────────────────────────
|
|
FROM alpine:3.19 AS output
|
|
|
|
COPY --from=rpm-el8 /rpms/ /output/el8/
|
|
COPY --from=rpm-el9 /rpms/ /output/el9/
|
|
COPY --from=rpm-el10 /rpms/ /output/el10/
|
|
|
|
RUN echo "=== RPMs produits ===" && find /output -name '*.rpm' | sort
|
|
|
|
CMD ["/bin/sh", "-c", "cp -rv /output/. /dist/ && echo 'RPMs copiés dans /dist/'"]
|