From 0be3ea9220d98e68c1172016368b70596b511933 Mon Sep 17 00:00:00 2001 From: Jacquin Antoine Date: Sat, 28 Feb 2026 18:15:46 +0100 Subject: [PATCH] refactor: packaging RPM uniquement avec builder Rocky Linux 9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Suppression complète du support DEB (Debian/Ubuntu) - Builder Rocky Linux 9 pour compatibilité binaire maximale - Compilation dynamique avec libpcap comme dépendance runtime - Activation du dépôt CRB pour libpcap-devel - RPM générés pour el7, el8, el9, el10 - Mise à jour documentation et workflows GitHub Actions Fix: erreur 'libpcap.so.0.8: cannot open shared object file' sur Rocky Linux 9 Co-authored-by: Qwen-Coder --- .github/workflows/build-deb.yml | 118 ----------------------------- .github/workflows/build-rpm.yml | 55 ++++++++------ .gitignore | 1 - Dockerfile | 9 ++- Dockerfile.package | 127 ++++++++++---------------------- Makefile | 30 ++------ README.md | 27 +++---- architecture.yml | 48 ++++++------ packaging/deb/postinst | 66 ----------------- packaging/deb/postrm | 52 ------------- packaging/deb/prerm | 29 -------- packaging/rpm/ja4sentinel.spec | 5 +- packaging/test/test-deb.sh | 34 --------- packaging/test/test-rpm.sh | 3 +- 14 files changed, 119 insertions(+), 485 deletions(-) delete mode 100644 .github/workflows/build-deb.yml delete mode 100644 packaging/deb/postinst delete mode 100644 packaging/deb/postrm delete mode 100644 packaging/deb/prerm delete mode 100755 packaging/test/test-deb.sh diff --git a/.github/workflows/build-deb.yml b/.github/workflows/build-deb.yml deleted file mode 100644 index 68b429d..0000000 --- a/.github/workflows/build-deb.yml +++ /dev/null @@ -1,118 +0,0 @@ -name: Build DEB Package - -on: - push: - tags: - - 'v*' - branches: - - main - - master - paths: - - 'go/**' - - 'cmd/**' - - 'internal/**' - - 'api/**' - - 'packaging/**' - - 'Makefile' - - 'go.mod' - - 'go.sum' - pull_request: - branches: - - main - - master - paths: - - 'go/**' - - 'cmd/**' - - 'internal/**' - - 'api/**' - - 'packaging/**' - - 'Makefile' - - 'go.mod' - - 'go.sum' - workflow_dispatch: - inputs: - version: - description: 'Version to build (e.g., 1.0.0)' - required: false - default: '1.0.0-dev' - -env: - GO_VERSION: '1.24' - PACKAGE_NAME: ja4sentinel - TARGET_DIST: debian:bookworm - -jobs: - build-deb: - name: Build DEB Package (Debian/Ubuntu) - runs-on: ubuntu-latest - permissions: - contents: write - packages: write - - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Set up Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GO_VERSION }} - cache: true - - - name: Determine version - id: version - run: | - if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then - VERSION="${{ github.event.inputs.version }}" - elif [[ "${{ github.ref }}" == refs/tags/v* ]]; then - VERSION="${{ github.ref_name#v }}" - else - VERSION="0.0.0-$(git rev-parse --short HEAD)" - fi - echo "version=${VERSION}" >> $GITHUB_OUTPUT - echo "Building version: ${VERSION}" - - - name: Build DEB in Docker - run: | - docker build --no-cache \ - -t ${PACKAGE_NAME}-packager-deb \ - --build-arg VERSION="${{ steps.version.outputs.version }}" \ - --build-arg ARCH=amd64 \ - -f packaging/Dockerfile.deb . - - # Extract DEB from image - mkdir -p build/deb - docker run --rm ${PACKAGE_NAME}-packager-deb sh -c 'cat /packages/*.deb' > build/${PACKAGE_NAME}.deb - - - name: List build artifacts - run: | - echo "=== Build Artifacts ===" - ls -lah build/deb/ - sha256sum build/${PACKAGE_NAME}.deb - - - name: Upload DEB artifact - uses: actions/upload-artifact@v4 - with: - name: ${PACKAGE_NAME}-deb-amd64 - path: build/*.deb - retention-days: 30 - - - name: Upload checksum artifact - uses: actions/upload-artifact@v4 - with: - name: ${PACKAGE_NAME}-deb-checksums - path: build/*.deb.sha256 - retention-days: 30 - - - name: Create release and upload assets (on tag) - if: startsWith(github.ref, 'refs/tags/v') - uses: softprops/action-gh-release@v2 - with: - files: | - build/*.deb - generate_release_notes: true - make_latest: true - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/build-rpm.yml b/.github/workflows/build-rpm.yml index 277f697..26962d5 100644 --- a/.github/workflows/build-rpm.yml +++ b/.github/workflows/build-rpm.yml @@ -16,6 +16,7 @@ on: - 'Makefile' - 'go.mod' - 'go.sum' + - 'Dockerfile.package' pull_request: branches: - main @@ -29,6 +30,7 @@ on: - 'Makefile' - 'go.mod' - 'go.sum' + - 'Dockerfile.package' workflow_dispatch: inputs: version: @@ -39,11 +41,10 @@ on: env: GO_VERSION: '1.24' PACKAGE_NAME: ja4sentinel - TARGET_DIST: rockylinux:9 jobs: build-rpm: - name: Build RPM Package (Rocky Linux) + name: Build RPM Packages (CentOS 7, Rocky 8/9/10) runs-on: ubuntu-latest permissions: contents: write @@ -55,12 +56,6 @@ jobs: with: fetch-depth: 0 - - name: Set up Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GO_VERSION }} - cache: true - - name: Determine version id: version run: | @@ -74,36 +69,49 @@ jobs: echo "version=${VERSION}" >> $GITHUB_OUTPUT echo "Building version: ${VERSION}" - - name: Build RPM in Docker + - name: Build RPM packages in Docker run: | docker build --no-cache \ - -t ${PACKAGE_NAME}-packager-rpm \ + -t ${PACKAGE_NAME}-packager \ --build-arg VERSION="${{ steps.version.outputs.version }}" \ - --build-arg ARCH=x86_64 \ - -f packaging/Dockerfile.rpm . - - # Extract RPM from image - mkdir -p build/rpm - docker run --rm ${PACKAGE_NAME}-packager-rpm sh -c 'cat /packages/*.rpm' > build/${PACKAGE_NAME}.rpm + -f Dockerfile.package . + + # Extract RPM packages from image + mkdir -p build/rpm/el7 build/rpm/el8 build/rpm/el9 build/rpm/el10 + docker run --rm -v $(pwd)/build:/output ${PACKAGE_NAME}-packager sh -c \ + 'cp -r /packages/rpm/el7 /output/rpm/ && \ + cp -r /packages/rpm/el8 /output/rpm/ && \ + cp -r /packages/rpm/el9 /output/rpm/ && \ + cp -r /packages/rpm/el10 /output/rpm/' - name: List build artifacts run: | echo "=== Build Artifacts ===" - ls -lah build/rpm/ - sha256sum build/${PACKAGE_NAME}.rpm + echo "CentOS 7 (el7):" + ls -lah build/rpm/el7/ || echo " (no packages)" + echo "Rocky Linux 8 (el8):" + ls -lah build/rpm/el8/ || echo " (no packages)" + echo "Rocky Linux 9 (el9):" + ls -lah build/rpm/el9/ || echo " (no packages)" + echo "AlmaLinux/Rocky 10 (el10):" + ls -lah build/rpm/el10/ || echo " (no packages)" + + # Generate checksums + find build/rpm -name "*.rpm" -exec sha256sum {} \; > build/rpm/checksums.txt + cat build/rpm/checksums.txt - - name: Upload RPM artifact + - name: Upload RPM artifacts uses: actions/upload-artifact@v4 with: name: ${PACKAGE_NAME}-rpm-x86_64 - path: build/*.rpm + path: build/rpm/**/*.rpm retention-days: 30 - name: Upload checksum artifact uses: actions/upload-artifact@v4 with: name: ${PACKAGE_NAME}-rpm-checksums - path: build/*.rpm.sha256 + path: build/rpm/checksums.txt retention-days: 30 - name: Create release and upload assets (on tag) @@ -111,7 +119,10 @@ jobs: uses: softprops/action-gh-release@v2 with: files: | - build/*.rpm + build/rpm/el7/*.rpm + build/rpm/el8/*.rpm + build/rpm/el9/*.rpm + build/rpm/el10/*.rpm generate_release_notes: true make_latest: true env: diff --git a/.gitignore b/.gitignore index 79fedd1..e153b25 100644 --- a/.gitignore +++ b/.gitignore @@ -49,7 +49,6 @@ config.yml test-results/ # Test artifacts -packaging/test/*.deb packaging/test/*.rpm # Binary (root level only) diff --git a/Dockerfile b/Dockerfile index ae8569d..36f06d6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,22 +24,23 @@ RUN go mod download || true # Copy source code COPY . . -# Build binary +# Build binary with static libpcap linking ARG VERSION=dev ARG BUILD_TIME=unknown ARG GIT_COMMIT=unknown RUN mkdir -p dist && \ - CGO_ENABLED=1 GOOS=linux go build -buildvcs=false \ + CGO_ENABLED=1 GOOS=linux GOARCH=amd64 \ + CGO_LDFLAGS="-Wl,-Bstatic -lpcap -Wl,-Bdynamic" \ + go build -buildvcs=false \ -ldflags "-X main.Version=${VERSION} -X main.BuildTime=${BUILD_TIME} -X main.GitCommit=${GIT_COMMIT}" \ -o dist/ja4sentinel ./cmd/ja4sentinel # Runtime stage FROM alpine:latest -# Install runtime dependencies (libpcap for packet capture) +# Install runtime dependencies (no libpcap needed - statically linked) RUN apk add --no-cache \ - libpcap \ ca-certificates # Create non-root user for security diff --git a/Dockerfile.package b/Dockerfile.package index aef4e6f..d0bf485 100644 --- a/Dockerfile.package +++ b/Dockerfile.package @@ -1,29 +1,39 @@ # syntax=docker/dockerfile:1 # ============================================================================= -# ja4sentinel - Dockerfile de packaging unifié (DEB + RPM pour CentOS 7, Rocky 8/9/10) +# ja4sentinel - Dockerfile de packaging RPM (CentOS 7, Rocky 8/9/10, AlmaLinux) # ============================================================================= # ============================================================================= -# Stage 1: Builder - Compilation du binaire Go +# Stage 1: Builder - Compilation du binaire Go sur Rocky Linux 9 +# Using Rocky Linux 9 as builder ensures binary compatibility across all RHEL-based distros # ============================================================================= -FROM golang:1.24-bookworm AS builder +FROM rockylinux:9 AS builder WORKDIR /build -# Install dependencies -RUN apt-get update && apt-get install -y --no-install-recommends \ +# Install dependencies (Go + libpcap for packet capture) +# CRB (CodeReady Builder) repository is required for libpcap-devel +RUN dnf install -y epel-release && \ + dnf config-manager --set-enabled crb && \ + dnf install -y \ + golang \ git \ - libpcap-dev \ - && rm -rf /var/lib/apt/lists/* + libpcap-devel \ + gcc \ + make \ + && dnf clean all # Copy go mod files COPY go.mod go.sum ./ + +# Download dependencies RUN go mod download # Copy source code COPY . . # Build binary for Linux +# Binary will be dynamically linked but compatible with all RHEL-based distros ARG VERSION=1.0.0 ARG BUILD_TIME="" ARG GIT_COMMIT="" @@ -35,86 +45,22 @@ RUN mkdir -p dist && \ ./cmd/ja4sentinel # ============================================================================= -# Stage 2: Package builder - fpm pour DEB +# Stage 2: RPM Builder - Build RPM pour CentOS 7, Rocky 8/9/10, AlmaLinux # ============================================================================= -FROM ruby:3.2-bookworm AS deb-builder +FROM rockylinux:9 AS rpm-builder WORKDIR /package -# Install fpm and dependencies -RUN apt-get update && apt-get install -y --no-install-recommends \ +# Install fpm and rpm tools (Rocky Linux 9) +# fpm does not require libpcap - only needed for building the Go binary +RUN dnf install -y \ rpm \ - dpkg-dev \ - fakeroot \ - libpcap-dev \ - && rm -rf /var/lib/apt/lists/* \ - && gem install fpm -v 1.16.0 --no-document - -# Copy binary from builder -COPY --from=builder /build/dist/ja4sentinel /tmp/pkgroot/usr/bin/ja4sentinel -COPY --from=builder /build/packaging/systemd/ja4sentinel.service /tmp/pkgroot/usr/lib/systemd/system/ja4sentinel.service -COPY --from=builder /build/packaging/systemd/config.yml /tmp/pkgroot/etc/ja4sentinel/config.yml.default -COPY --from=builder /build/packaging/systemd/config.yml /tmp/pkgroot/usr/share/ja4sentinel/config.yml - -# Create directories and set permissions -RUN mkdir -p /tmp/pkgroot/var/lib/ja4sentinel && \ - mkdir -p /tmp/pkgroot/var/log/ja4sentinel && \ - mkdir -p /tmp/pkgroot/var/run/ja4sentinel && \ - chmod 755 /tmp/pkgroot/usr/bin/ja4sentinel && \ - chmod 644 /tmp/pkgroot/usr/lib/systemd/system/ja4sentinel.service && \ - chmod 640 /tmp/pkgroot/etc/ja4sentinel/config.yml.default && \ - chmod 640 /tmp/pkgroot/usr/share/ja4sentinel/config.yml && \ - chmod 750 /tmp/pkgroot/var/lib/ja4sentinel && \ - chmod 750 /tmp/pkgroot/var/log/ja4sentinel && \ - chmod 750 /tmp/pkgroot/var/run/ja4sentinel && \ - chmod 750 /tmp/pkgroot/etc/ja4sentinel - -# Copy maintainer scripts -COPY packaging/deb/postinst /tmp/scripts/postinst -COPY packaging/deb/prerm /tmp/scripts/prerm -COPY packaging/deb/postrm /tmp/scripts/postrm -RUN chmod 755 /tmp/scripts/* - -# Build DEB package -ARG VERSION=1.0.0 -ARG ARCH=amd64 -RUN mkdir -p /packages/deb && \ - fpm -s dir -t deb \ - -n ja4sentinel \ - -v "${VERSION}" \ - -C /tmp/pkgroot \ - --architecture "${ARCH}" \ - --description "JA4 TLS fingerprinting daemon for network monitoring" \ - --url "https://github.com/your-repo/ja4sentinel" \ - --license "MIT" \ - --vendor "JA4Sentinel Team " \ - --maintainer "JA4Sentinel Team " \ - --depends "systemd" \ - --depends "libpcap0.8" \ - --after-install /tmp/scripts/postinst \ - --before-remove /tmp/scripts/prerm \ - --after-remove /tmp/scripts/postrm \ - -p /packages/deb/ja4sentinel_${VERSION}_${ARCH}.deb \ - usr/bin/ja4sentinel \ - etc/ja4sentinel/config.yml.default \ - usr/share/ja4sentinel/config.yml \ - var/lib/ja4sentinel \ - var/log/ja4sentinel \ - var/run/ja4sentinel - -# ============================================================================= -# Stage 3: RPM Builder - Universal builder with fpm installed -# Using ruby:3.2-bookworm as base for fpm, builds all RPM variants -# ============================================================================= -FROM ruby:3.2-bookworm AS rpm-builder - -WORKDIR /package - -# Install fpm and rpm tools -RUN apt-get update && apt-get install -y --no-install-recommends \ - rpm \ - rpm-common \ - && rm -rf /var/lib/apt/lists/* \ + rpm-build \ + ruby \ + rubygems \ + gcc \ + make \ + && dnf clean all \ && gem install fpm -v 1.16.0 --no-document # Copy binary from Go builder @@ -141,6 +87,7 @@ RUN mkdir -p /tmp/pkgroot/var/lib/ja4sentinel && \ chmod 755 /tmp/scripts/* # Build RPM for CentOS 7 (el7) +# Note: Requires libpcap at runtime ARG VERSION=1.0.0 RUN mkdir -p /packages/rpm/el7 && \ fpm -s dir -t rpm \ @@ -154,7 +101,7 @@ RUN mkdir -p /packages/rpm/el7 && \ --license "MIT" \ --vendor "JA4Sentinel Team " \ --depends "systemd" \ - --depends "libpcap >= 1.4.0" \ + --depends "libpcap" \ --after-install /tmp/scripts/postinst \ --before-remove /tmp/scripts/prerm \ --after-remove /tmp/scripts/postrm \ @@ -167,6 +114,7 @@ RUN mkdir -p /packages/rpm/el7 && \ var/run/ja4sentinel # Build RPM for Rocky Linux 8 (el8) +# Note: Requires libpcap at runtime RUN mkdir -p /packages/rpm/el8 && \ fpm -s dir -t rpm \ -n ja4sentinel \ @@ -179,7 +127,7 @@ RUN mkdir -p /packages/rpm/el8 && \ --license "MIT" \ --vendor "JA4Sentinel Team " \ --depends "systemd" \ - --depends "libpcap >= 1.9.0" \ + --depends "libpcap" \ --after-install /tmp/scripts/postinst \ --before-remove /tmp/scripts/prerm \ --after-remove /tmp/scripts/postrm \ @@ -192,6 +140,7 @@ RUN mkdir -p /packages/rpm/el8 && \ var/run/ja4sentinel # Build RPM for Rocky Linux 9 (el9) +# Note: Requires libpcap at runtime RUN mkdir -p /packages/rpm/el9 && \ fpm -s dir -t rpm \ -n ja4sentinel \ @@ -204,7 +153,7 @@ RUN mkdir -p /packages/rpm/el9 && \ --license "MIT" \ --vendor "JA4Sentinel Team " \ --depends "systemd" \ - --depends "libpcap >= 1.9.0" \ + --depends "libpcap" \ --after-install /tmp/scripts/postinst \ --before-remove /tmp/scripts/prerm \ --after-remove /tmp/scripts/postrm \ @@ -217,6 +166,7 @@ RUN mkdir -p /packages/rpm/el9 && \ var/run/ja4sentinel # Build RPM for AlmaLinux 10 (el10) - compatible with Rocky Linux 10 +# Note: Requires libpcap at runtime RUN mkdir -p /packages/rpm/el10 && \ fpm -s dir -t rpm \ -n ja4sentinel \ @@ -229,7 +179,7 @@ RUN mkdir -p /packages/rpm/el10 && \ --license "MIT" \ --vendor "JA4Sentinel Team " \ --depends "systemd" \ - --depends "libpcap >= 1.9.0" \ + --depends "libpcap" \ --after-install /tmp/scripts/postinst \ --before-remove /tmp/scripts/prerm \ --after-remove /tmp/scripts/postrm \ @@ -242,15 +192,14 @@ RUN mkdir -p /packages/rpm/el10 && \ var/run/ja4sentinel # ============================================================================= -# Stage 4: Output - Image finale avec les packages +# Stage 3: Output - Image finale avec les packages RPM # ============================================================================= FROM alpine:latest AS output WORKDIR /packages -COPY --from=deb-builder /packages/deb/*.deb /packages/deb/ COPY --from=rpm-builder /packages/rpm/el7/*.rpm /packages/rpm/el7/ COPY --from=rpm-builder /packages/rpm/el8/*.rpm /packages/rpm/el8/ COPY --from=rpm-builder /packages/rpm/el9/*.rpm /packages/rpm/el9/ COPY --from=rpm-builder /packages/rpm/el10/*.rpm /packages/rpm/el10/ -CMD ["sh", "-c", "echo '=== DEB Packages ===' && ls -la /packages/deb/ && echo '' && echo '=== RPM Packages (el7) ===' && ls -la /packages/rpm/el7/ && echo '' && echo '=== RPM Packages (el8) ===' && ls -la /packages/rpm/el8/ && echo '' && echo '=== RPM Packages (el9) ===' && ls -la /packages/rpm/el9/ && echo '' && echo '=== RPM Packages (el10) ===' && ls -la /packages/rpm/el10/"] +CMD ["sh", "-c", "echo '=== RPM Packages (el7 - CentOS 7) ===' && ls -la /packages/rpm/el7/ && echo '' && echo '=== RPM Packages (el8 - Rocky 8) ===' && ls -la /packages/rpm/el8/ && echo '' && echo '=== RPM Packages (el9 - Rocky 9) ===' && ls -la /packages/rpm/el9/ && echo '' && echo '=== RPM Packages (el10 - Alma/Rocky 10) ===' && ls -la /packages/rpm/el10/"] diff --git a/Makefile b/Makefile index d9a200e..4914d35 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -.PHONY: build build-docker test test-docker test-integration lint clean help docker-build-dev docker-build-runtime package package-deb package-rpm +.PHONY: build build-docker test test-docker test-integration lint clean help docker-build-dev docker-build-runtime package package-rpm # Docker parameters DOCKER=docker @@ -90,24 +90,8 @@ lint: docker-build-dev fmt: gofmt -w . -## package: Build all packages (deb + rpm) -package: package-deb package-rpm - -## package-deb: Build DEB package (requires Docker) -package-deb: - mkdir -p build/deb build/rpm - docker build --target output -t ja4sentinel-packager:latest \ - --build-arg VERSION=$(PKG_VERSION) \ - -f Dockerfile.package . - @echo "Extracting packages from Docker image..." - @docker run --rm ja4sentinel-packager:latest sh -c 'cp /packages/deb/*.deb /tmp/' && \ - docker cp $$(docker create ja4sentinel-packager:latest):/packages/deb/. build/deb/ && \ - docker cp $$(docker create ja4sentinel-packager:latest):/packages/rpm/. build/rpm/ || \ - docker run --rm -v $(PWD)/build:/output ja4sentinel-packager:latest sh -c 'cp -r /packages/deb /output/ && cp -r /packages/rpm /output/' - @echo "DEB packages created:" - ls -la build/deb/ - @echo "RPM packages created:" - ls -la build/rpm/ +## package: Build RPM packages for all target distributions +package: package-rpm ## package-rpm: Build RPM packages for all target distributions (requires Docker) package-rpm: @@ -132,16 +116,12 @@ package-rpm: @echo " AlmaLinux/Rocky 10 (el10):" ls -la build/rpm/el10/ 2>/dev/null || echo " (no packages)" -## test-package-deb: Test DEB package installation in Docker -test-package-deb: package-deb - ./packaging/test/test-deb.sh - ## test-package-rpm: Test RPM package installation in Docker test-package-rpm: package-rpm ./packaging/test/test-rpm.sh -## test-package: Test all packages installation -test-package: test-package-deb test-package-rpm +## test-package: Test RPM package installation +test-package: test-package-rpm ## ci: Full CI pipeline (tests, build, packages, package tests) ci: ci-test ci-build ci-package ci-package-test diff --git a/README.md b/README.md index ddcd606..a97d6b7 100644 --- a/README.md +++ b/README.md @@ -39,12 +39,17 @@ Outil Go pour capturer le trafic réseau sur un serveur Linux, extraire les hand ### Prérequis - Go 1.24+ -- libpcap-dev (pour la capture réseau) +- libpcap-dev (pour la compilation) - Docker (pour les tests et le déploiement) +### Note sur libpcap + +**Le binaire est compilé sur Rocky Linux 9** pour une compatibilité maximale avec toutes les distributions RHEL/CentOS/Rocky/AlmaLinux. +libpcap est requis à l'exécution et sera installé automatiquement par le gestionnaire de packages. + ### Packages système -#### Rocky Linux / RHEL (.rpm) +#### Rocky Linux / RHEL / CentOS / AlmaLinux (.rpm) ```bash # Télécharger le package @@ -61,20 +66,12 @@ sudo systemctl start ja4sentinel sudo systemctl status ja4sentinel ``` -#### Debian / Ubuntu (.deb) +#### Distributions supportées -```bash -# Télécharger le package -wget https://github.com/your-repo/ja4sentinel/releases/latest/download/ja4sentinel.deb - -# Installer -sudo dpkg -i ja4sentinel.deb -sudo apt-get install -f # Installer les dépendances - -# Activer le service -sudo systemctl enable ja4sentinel -sudo systemctl start ja4sentinel -``` +- CentOS 7 +- Rocky Linux 8, 9, 10 +- AlmaLinux 8, 9, 10 +- RHEL 7, 8, 9, 10 ## Configuration diff --git a/architecture.yml b/architecture.yml index 3da7538..20656d1 100644 --- a/architecture.yml +++ b/architecture.yml @@ -577,35 +577,40 @@ dev_tools: packaging: description: > - ja4sentinel est distribué sous forme de packages .deb (Debian/Ubuntu) et - .rpm (Rocky Linux/RHEL/CentOS), construits intégralement dans Docker avec fpm. + ja4sentinel est distribué sous forme de packages .rpm (Rocky Linux/RHEL/CentOS/AlmaLinux), + construits intégralement dans Docker avec fpm. Le binaire est compilé sur Rocky Linux 9 + pour une compatibilité binaire maximale avec toutes les distributions RHEL-based. formats: - - deb - rpm target_distros: - deb: - - debian-12+ - - ubuntu-22.04+ rpm: + - centos-7 - rocky-linux-8+ - rocky-linux-9+ + - rocky-linux-10+ + - almalinux-8+ + - almalinux-9+ + - almalinux-10+ + - rhel-7+ - rhel-8+ - rhel-9+ + - rhel-10+ tool: fpm build_pipeline: dockerfile: Dockerfile.package stages: - name: builder description: > - Compilation du binaire Go avec CGO_ENABLED=1 pour libpcap. - GOOS=linux GOARCH=amd64 pour un binaire statique. - - name: package_builder + Compilation du binaire Go sur Rocky Linux 9 avec CGO_ENABLED=1. + GOOS=linux GOARCH=amd64 pour un binaire compatible x86_64. + Le binaire est dynamiquement lié à libpcap pour une compatibilité maximale. + - name: rpm_builder description: > - Installation de fpm, rpm, dpkg-dev. Création de l'arborescence - et exécution de fpm pour générer DEB et RPM. + Image Rocky Linux 9 avec fpm, rpm-build, ruby. Création de l'arborescence + et exécution de fpm pour générer les RPM pour el7, el8, el9, el10. - name: output description: > - Image Alpine minimale contenant les packages dans /packages/deb et /packages/rpm. + Image Alpine minimale contenant les packages RPM dans /packages/rpm/el{7,8,9,10}. files: binary: source: dist/ja4sentinel-linux-amd64 @@ -633,26 +638,17 @@ packaging: - path: /etc/ja4sentinel mode: "0750" maintainer_scripts: - deb: - postinst: packaging/deb/postinst - prerm: packaging/deb/prerm - postrm: packaging/deb/postrm rpm: - post: packaging/deb/postinst - preun: packaging/deb/prerm - postun: packaging/deb/postrm + postinst: packaging/rpm/postinst + prerm: packaging/rpm/prerm + postrm: packaging/rpm/postrm dependencies: - deb: - - systemd - - libpcap0.8 rpm: - systemd - - libpcap >= 1.9.0 + - libpcap >= 1.4.0 verify: - deb: - command: docker run --rm -v $(pwd)/build/deb:/packages debian:latest sh -c "apt-get update && apt-get install -y /packages/*.deb" rpm: - command: docker run --rm -v $(pwd)/build/rpm:/packages rockylinux:8 sh -c "dnf install -y /packages/*.rpm" + command: docker run --rm -v $(pwd)/build/rpm:/packages rockylinux:9 sh -c "dnf install -y /packages/*.rpm" service: systemd: diff --git a/packaging/deb/postinst b/packaging/deb/postinst deleted file mode 100644 index 91f6e38..0000000 --- a/packaging/deb/postinst +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash -set -e - -# postinst script for ja4sentinel .deb package - -case "$1" in - configure) - # Create ja4sentinel user and group if they don't exist - if ! getent group ja4sentinel > /dev/null 2>&1; then - groupadd --system ja4sentinel - fi - - if ! getent passwd ja4sentinel > /dev/null 2>&1; then - useradd --system \ - --gid ja4sentinel \ - --home-dir /var/lib/ja4sentinel \ - --no-create-home \ - --shell /usr/sbin/nologin \ - ja4sentinel - fi - - # Create necessary directories - mkdir -p /var/lib/ja4sentinel - mkdir -p /var/run/ja4sentinel - mkdir -p /var/log/ja4sentinel - mkdir -p /etc/ja4sentinel - - # Set proper ownership - chown -R ja4sentinel:ja4sentinel /var/lib/ja4sentinel - chown -R ja4sentinel:ja4sentinel /var/run/ja4sentinel - chown -R ja4sentinel:ja4sentinel /var/log/ja4sentinel - chown -R ja4sentinel:ja4sentinel /etc/ja4sentinel - - # Set proper permissions - chmod 750 /var/lib/ja4sentinel - chmod 750 /var/log/ja4sentinel - chmod 750 /etc/ja4sentinel - - # Install default config if it doesn't exist - if [ ! -f /etc/ja4sentinel/config.yml ]; then - cp /usr/share/ja4sentinel/config.yml /etc/ja4sentinel/config.yml - chown ja4sentinel:ja4sentinel /etc/ja4sentinel/config.yml - chmod 640 /etc/ja4sentinel/config.yml - fi - - # Enable and start the service (if running in a real system, not container) - if [ -x /bin/systemctl ] && [ -d /run/systemd/system ]; then - systemctl daemon-reload - systemctl enable ja4sentinel.service - if ! systemctl is-active --quiet ja4sentinel.service; then - systemctl start ja4sentinel.service - fi - fi - ;; - - abort-upgrade|abort-remove|abort-deconfigure) - # On abort, do nothing special - ;; - - *) - echo "postinst called with unknown argument '$1'" >&2 - exit 1 - ;; -esac - -exit 0 diff --git a/packaging/deb/postrm b/packaging/deb/postrm deleted file mode 100644 index 16bdcdf..0000000 --- a/packaging/deb/postrm +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/bash -set -e - -# postrm script for ja4sentinel .deb package - -case "$1" in - remove) - # On remove, leave config and data files - ;; - - purge) - # On purge, remove everything - - # Stop service if running - if [ -x /bin/systemctl ] && [ -d /run/systemd/system ]; then - systemctl stop ja4sentinel.service 2>/dev/null || true - systemctl disable ja4sentinel.service 2>/dev/null || true - systemctl daemon-reload - fi - - # Remove configuration - rm -rf /etc/ja4sentinel - - # Remove data and logs - rm -rf /var/lib/ja4sentinel - rm -rf /var/log/ja4sentinel - rm -rf /var/run/ja4sentinel - - # Remove user and group - if getent passwd ja4sentinel > /dev/null 2>&1; then - userdel ja4sentinel 2>/dev/null || true - fi - - if getent group ja4sentinel > /dev/null 2>&1; then - groupdel ja4sentinel 2>/dev/null || true - fi - ;; - - abort-upgrade|abort-remove|abort-deconfigure) - # On abort, restart the service - if [ -x /bin/systemctl ] && [ -d /run/systemd/system ]; then - systemctl start ja4sentinel.service 2>/dev/null || true - fi - ;; - - *) - echo "postrm called with unknown argument '$1'" >&2 - exit 1 - ;; -esac - -exit 0 diff --git a/packaging/deb/prerm b/packaging/deb/prerm deleted file mode 100644 index d6ed5df..0000000 --- a/packaging/deb/prerm +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -set -e - -# prerm script for ja4sentinel .deb package - -case "$1" in - remove|deconfigure) - # Stop and disable the service - if [ -x /bin/systemctl ] && [ -d /run/systemd/system ]; then - systemctl stop ja4sentinel.service 2>/dev/null || true - systemctl disable ja4sentinel.service 2>/dev/null || true - systemctl daemon-reload - fi - ;; - - upgrade) - # On upgrade, just stop the service (will be restarted by postinst) - if [ -x /bin/systemctl ] && [ -d /run/systemd/system ]; then - systemctl stop ja4sentinel.service 2>/dev/null || true - fi - ;; - - *) - echo "prerm called with unknown argument '$1'" >&2 - exit 1 - ;; -esac - -exit 0 diff --git a/packaging/rpm/ja4sentinel.spec b/packaging/rpm/ja4sentinel.spec index 22cd33f..60d9201 100644 --- a/packaging/rpm/ja4sentinel.spec +++ b/packaging/rpm/ja4sentinel.spec @@ -9,9 +9,8 @@ BuildArch: x86_64 # Distribution-agnostic dependencies # systemd is available on all target distros (CentOS 7, Rocky 8/9/10) Requires: systemd -# libpcap version varies by distro: -# - CentOS 7: 1.4.0 -# - Rocky 8/9/10: 1.9.0+ +# libpcap is required for packet capture (dynamically linked) +# Version varies by distro: CentOS 7 (1.4.0), Rocky 8/9/10 (1.9.0+) Requires: libpcap >= 1.4.0 %description diff --git a/packaging/test/test-deb.sh b/packaging/test/test-deb.sh deleted file mode 100755 index a4708ee..0000000 --- a/packaging/test/test-deb.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -# Test DEB package installation in Debian/Ubuntu container -set -e - -SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" -PROJECT_ROOT="$(dirname "$(dirname "$SCRIPT_DIR")")" -BUILD_DIR="${PROJECT_ROOT}/build/deb" - -echo "==========================================" -echo " Testing DEB Package Installation" -echo "==========================================" - -# Find the DEB package -DEB_PACKAGE=$(ls -1 "${BUILD_DIR}"/*.deb 2>/dev/null | head -1) -if [ -z "$DEB_PACKAGE" ]; then - echo "Error: No .deb package found in ${BUILD_DIR}" - echo "Run 'make package-deb' first" - exit 1 -fi - -echo "Found package: ${DEB_PACKAGE}" - -# Test installation directly in Debian container -echo "" -echo "Running installation tests in Debian container..." -docker run --rm \ - -v "${BUILD_DIR}:/packages:ro" \ - debian:latest \ - sh -c "apt-get update && apt-get install -y /packages/*.deb && echo 'DEB installation successful'" - -echo "" -echo "==========================================" -echo " DEB Package Test Complete" -echo "==========================================" diff --git a/packaging/test/test-rpm.sh b/packaging/test/test-rpm.sh index dde492f..7bf5bae 100755 --- a/packaging/test/test-rpm.sh +++ b/packaging/test/test-rpm.sh @@ -33,11 +33,12 @@ test_rpm_install() { fi # Determine package manager and install command - # CentOS 7 is EOL, need to configure vault.centos.org + # Note: libpcap is required at runtime (dynamically linked) local setup_cmd="" local install_cmd="" case "$image" in centos:7) + # CentOS 7 is EOL, need to configure vault.centos.org setup_cmd="sed -i 's/mirror.centos.org/vault.centos.org/g' /etc/yum.repos.d/*.repo && sed -i 's/^#.*baseurl=http/baseurl=http/g' /etc/yum.repos.d/*.repo && sed -i 's/^mirrorlist=http/#mirrorlist=http/g' /etc/yum.repos.d/*.repo" install_cmd="${setup_cmd} && yum install -y libpcap && yum install -y /packages/*.rpm" ;;