code_public/ja4sentinel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: packaging RPM uniquement avec builder Rocky Linux 9
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Details

Browse Source 
- Suppression complète du support DEB (Debian/Ubuntu)
- Builder Rocky Linux 9 pour compatibilité binaire maximale
- Compilation dynamique avec libpcap comme dépendance runtime
- Activation du dépôt CRB pour libpcap-devel
- RPM générés pour el7, el8, el9, el10
- Mise à jour documentation et workflows GitHub Actions

Fix: erreur 'libpcap.so.0.8: cannot open shared object file' sur Rocky Linux 9

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
This commit is contained in:
Jacquin Antoine
2026-02-28 18:15:46 +01:00
parent 86649b1630
commit 0be3ea9220
14 changed files with 119 additions and 485 deletions
Download Patch File Download Diff File Expand all files Collapse all files

118
.github/workflows/build-deb.yml vendored
View File

@ -1,118 +0,0 @@
name: Build DEB Package
on:
push:
tags:
- 'v*'
branches:
- main
- master
paths:
- 'go/**'
- 'cmd/**'
- 'internal/**'
- 'api/**'
- 'packaging/**'
- 'Makefile'
- 'go.mod'
- 'go.sum'
pull_request:
branches:
- main
- master
paths:
- 'go/**'
- 'cmd/**'
- 'internal/**'
- 'api/**'
- 'packaging/**'
- 'Makefile'
- 'go.mod'
- 'go.sum'
workflow_dispatch:
inputs:
version:
description: 'Version to build (e.g., 1.0.0)'
required: false
default: '1.0.0-dev'
env:
GO_VERSION: '1.24'
PACKAGE_NAME: ja4sentinel
TARGET_DIST: debian:bookworm
jobs:
build-deb:
name: Build DEB Package (Debian/Ubuntu)
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache: true
- name: Determine version
id: version
run: |
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
VERSION="${{ github.event.inputs.version }}"
elif [[ "${{ github.ref }}" == refs/tags/v* ]]; then
VERSION="${{ github.ref_name#v }}"
else
VERSION="0.0.0-$(git rev-parse --short HEAD)"
fi
echo "version=${VERSION}" >> $GITHUB_OUTPUT
echo "Building version: ${VERSION}"
- name: Build DEB in Docker
run: |
docker build --no-cache \
-t ${PACKAGE_NAME}-packager-deb \
--build-arg VERSION="${{ steps.version.outputs.version }}" \
--build-arg ARCH=amd64 \
-f packaging/Dockerfile.deb .
# Extract DEB from image
mkdir -p build/deb
docker run --rm ${PACKAGE_NAME}-packager-deb sh -c 'cat /packages/*.deb' > build/${PACKAGE_NAME}.deb
- name: List build artifacts
run: |
echo "=== Build Artifacts ==="
ls -lah build/deb/
sha256sum build/${PACKAGE_NAME}.deb
- name: Upload DEB artifact
uses: actions/upload-artifact@v4
with:
name: ${PACKAGE_NAME}-deb-amd64
path: build/*.deb
retention-days: 30
- name: Upload checksum artifact
uses: actions/upload-artifact@v4
with:
name: ${PACKAGE_NAME}-deb-checksums
path: build/*.deb.sha256
retention-days: 30
- name: Create release and upload assets (on tag)
if: startsWith(github.ref, 'refs/tags/v')
uses: softprops/action-gh-release@v2
with:
files: |
build/*.deb
generate_release_notes: true
make_latest: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

55
.github/workflows/build-rpm.yml vendored
View File

@ -16,6 +16,7 @@ on:
- 'Makefile' - 'Makefile'
- 'go.mod' - 'go.mod'
- 'go.sum' - 'go.sum'
- 'Dockerfile.package'
pull_request: pull_request:
branches: branches:
- main - main
@ -29,6 +30,7 @@ on:
- 'Makefile' - 'Makefile'
- 'go.mod' - 'go.mod'
- 'go.sum' - 'go.sum'
- 'Dockerfile.package'
workflow_dispatch: workflow_dispatch:
inputs: inputs:
version: version:
@ -39,11 +41,10 @@ on:
env: env:
GO_VERSION: '1.24' GO_VERSION: '1.24'
PACKAGE_NAME: ja4sentinel PACKAGE_NAME: ja4sentinel
TARGET_DIST: rockylinux:9
jobs: jobs:
build-rpm: build-rpm:
name: Build RPM Package (Rocky Linux) name: Build RPM Packages (CentOS 7, Rocky 8/9/10)
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
contents: write contents: write
@ -55,12 +56,6 @@ jobs:
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache: true
- name: Determine version - name: Determine version
id: version id: version
run: | run: |
@ -74,36 +69,49 @@ jobs:
echo "version=${VERSION}" >> $GITHUB_OUTPUT echo "version=${VERSION}" >> $GITHUB_OUTPUT
echo "Building version: ${VERSION}" echo "Building version: ${VERSION}"
- name: Build RPM in Docker - name: Build RPM packages in Docker
run: | run: |
docker build --no-cache \ docker build --no-cache \
-t ${PACKAGE_NAME}-packager-rpm \ -t ${PACKAGE_NAME}-packager \
--build-arg VERSION="${{ steps.version.outputs.version }}" \ --build-arg VERSION="${{ steps.version.outputs.version }}" \
--build-arg ARCH=x86_64 \ -f Dockerfile.package .
-f packaging/Dockerfile.rpm .
# Extract RPM packages from image
# Extract RPM from image mkdir -p build/rpm/el7 build/rpm/el8 build/rpm/el9 build/rpm/el10
mkdir -p build/rpm docker run --rm -v $(pwd)/build:/output ${PACKAGE_NAME}-packager sh -c \
docker run --rm ${PACKAGE_NAME}-packager-rpm sh -c 'cat /packages/*.rpm' > build/${PACKAGE_NAME}.rpm 'cp -r /packages/rpm/el7 /output/rpm/ && \
cp -r /packages/rpm/el8 /output/rpm/ && \
cp -r /packages/rpm/el9 /output/rpm/ && \
cp -r /packages/rpm/el10 /output/rpm/'
- name: List build artifacts - name: List build artifacts
run: | run: |
echo "=== Build Artifacts ===" echo "=== Build Artifacts ==="
ls -lah build/rpm/ echo "CentOS 7 (el7):"
sha256sum build/${PACKAGE_NAME}.rpm ls -lah build/rpm/el7/ || echo " (no packages)"
echo "Rocky Linux 8 (el8):"
ls -lah build/rpm/el8/ || echo " (no packages)"
echo "Rocky Linux 9 (el9):"
ls -lah build/rpm/el9/ || echo " (no packages)"
echo "AlmaLinux/Rocky 10 (el10):"
ls -lah build/rpm/el10/ || echo " (no packages)"
# Generate checksums
find build/rpm -name "*.rpm" -exec sha256sum {} \; > build/rpm/checksums.txt
cat build/rpm/checksums.txt
- name: Upload RPM artifact - name: Upload RPM artifacts
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@v4
with: with:
name: ${PACKAGE_NAME}-rpm-x86_64 name: ${PACKAGE_NAME}-rpm-x86_64
path: build/*.rpm path: build/rpm/**/*.rpm
retention-days: 30 retention-days: 30
- name: Upload checksum artifact - name: Upload checksum artifact
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@v4
with: with:
name: ${PACKAGE_NAME}-rpm-checksums name: ${PACKAGE_NAME}-rpm-checksums
path: build/*.rpm.sha256 path: build/rpm/checksums.txt
retention-days: 30 retention-days: 30
- name: Create release and upload assets (on tag) - name: Create release and upload assets (on tag)
@ -111,7 +119,10 @@ jobs:
uses: softprops/action-gh-release@v2 uses: softprops/action-gh-release@v2
with: with:
files: | files: |
build/*.rpm build/rpm/el7/*.rpm
build/rpm/el8/*.rpm
build/rpm/el9/*.rpm
build/rpm/el10/*.rpm
generate_release_notes: true generate_release_notes: true
make_latest: true make_latest: true
env: env:

1
.gitignore vendored
View File

@ -49,7 +49,6 @@ config.yml
test-results/ test-results/
# Test artifacts # Test artifacts
packaging/test/*.deb
packaging/test/*.rpm packaging/test/*.rpm
# Binary (root level only) # Binary (root level only)

9
Dockerfile
View File

@ -24,22 +24,23 @@ RUN go mod download || true
# Copy source code # Copy source code
COPY . . COPY . .
# Build binary # Build binary with static libpcap linking
ARG VERSION=dev ARG VERSION=dev
ARG BUILD_TIME=unknown ARG BUILD_TIME=unknown
ARG GIT_COMMIT=unknown ARG GIT_COMMIT=unknown
RUN mkdir -p dist && \ RUN mkdir -p dist && \
CGO_ENABLED=1 GOOS=linux go build -buildvcs=false \ CGO_ENABLED=1 GOOS=linux GOARCH=amd64 \
CGO_LDFLAGS="-Wl,-Bstatic -lpcap -Wl,-Bdynamic" \
go build -buildvcs=false \
-ldflags "-X main.Version=${VERSION} -X main.BuildTime=${BUILD_TIME} -X main.GitCommit=${GIT_COMMIT}" \ -ldflags "-X main.Version=${VERSION} -X main.BuildTime=${BUILD_TIME} -X main.GitCommit=${GIT_COMMIT}" \
-o dist/ja4sentinel ./cmd/ja4sentinel -o dist/ja4sentinel ./cmd/ja4sentinel
# Runtime stage # Runtime stage
FROM alpine:latest FROM alpine:latest
# Install runtime dependencies (libpcap for packet capture) # Install runtime dependencies (no libpcap needed - statically linked)
RUN apk add --no-cache \ RUN apk add --no-cache \
libpcap \
ca-certificates ca-certificates
# Create non-root user for security # Create non-root user for security

127
Dockerfile.package
View File

@ -1,29 +1,39 @@
# syntax=docker/dockerfile:1 # syntax=docker/dockerfile:1
# ============================================================================= # =============================================================================
# ja4sentinel - Dockerfile de packaging unifié (DEB + RPM pour CentOS 7, Rocky 8/9/10) # ja4sentinel - Dockerfile de packaging RPM (CentOS 7, Rocky 8/9/10, AlmaLinux)
# ============================================================================= # =============================================================================
# ============================================================================= # =============================================================================
# Stage 1: Builder - Compilation du binaire Go # Stage 1: Builder - Compilation du binaire Go sur Rocky Linux 9
# Using Rocky Linux 9 as builder ensures binary compatibility across all RHEL-based distros
# ============================================================================= # =============================================================================
FROM golang:1.24-bookworm AS builder FROM rockylinux:9 AS builder
WORKDIR /build WORKDIR /build
# Install dependencies # Install dependencies (Go + libpcap for packet capture)
RUN apt-get update && apt-get install -y --no-install-recommends \ # CRB (CodeReady Builder) repository is required for libpcap-devel
RUN dnf install -y epel-release && \
dnf config-manager --set-enabled crb && \
dnf install -y \
golang \
git \ git \
libpcap-dev \ libpcap-devel \
&& rm -rf /var/lib/apt/lists/* gcc \
make \
&& dnf clean all
# Copy go mod files # Copy go mod files
COPY go.mod go.sum ./ COPY go.mod go.sum ./
# Download dependencies
RUN go mod download RUN go mod download
# Copy source code # Copy source code
COPY . . COPY . .
# Build binary for Linux # Build binary for Linux
# Binary will be dynamically linked but compatible with all RHEL-based distros
ARG VERSION=1.0.0 ARG VERSION=1.0.0
ARG BUILD_TIME="" ARG BUILD_TIME=""
ARG GIT_COMMIT="" ARG GIT_COMMIT=""
@ -35,86 +45,22 @@ RUN mkdir -p dist && \
./cmd/ja4sentinel ./cmd/ja4sentinel
# ============================================================================= # =============================================================================
# Stage 2: Package builder - fpm pour DEB # Stage 2: RPM Builder - Build RPM pour CentOS 7, Rocky 8/9/10, AlmaLinux
# ============================================================================= # =============================================================================
FROM ruby:3.2-bookworm AS deb-builder FROM rockylinux:9 AS rpm-builder
WORKDIR /package WORKDIR /package
# Install fpm and dependencies # Install fpm and rpm tools (Rocky Linux 9)
RUN apt-get update && apt-get install -y --no-install-recommends \ # fpm does not require libpcap - only needed for building the Go binary
RUN dnf install -y \
rpm \ rpm \
dpkg-dev \ rpm-build \
fakeroot \ ruby \
libpcap-dev \ rubygems \
&& rm -rf /var/lib/apt/lists/* \ gcc \
&& gem install fpm -v 1.16.0 --no-document make \
&& dnf clean all \
# Copy binary from builder
COPY --from=builder /build/dist/ja4sentinel /tmp/pkgroot/usr/bin/ja4sentinel
COPY --from=builder /build/packaging/systemd/ja4sentinel.service /tmp/pkgroot/usr/lib/systemd/system/ja4sentinel.service
COPY --from=builder /build/packaging/systemd/config.yml /tmp/pkgroot/etc/ja4sentinel/config.yml.default
COPY --from=builder /build/packaging/systemd/config.yml /tmp/pkgroot/usr/share/ja4sentinel/config.yml
# Create directories and set permissions
RUN mkdir -p /tmp/pkgroot/var/lib/ja4sentinel && \
mkdir -p /tmp/pkgroot/var/log/ja4sentinel && \
mkdir -p /tmp/pkgroot/var/run/ja4sentinel && \
chmod 755 /tmp/pkgroot/usr/bin/ja4sentinel && \
chmod 644 /tmp/pkgroot/usr/lib/systemd/system/ja4sentinel.service && \
chmod 640 /tmp/pkgroot/etc/ja4sentinel/config.yml.default && \
chmod 640 /tmp/pkgroot/usr/share/ja4sentinel/config.yml && \
chmod 750 /tmp/pkgroot/var/lib/ja4sentinel && \
chmod 750 /tmp/pkgroot/var/log/ja4sentinel && \
chmod 750 /tmp/pkgroot/var/run/ja4sentinel && \
chmod 750 /tmp/pkgroot/etc/ja4sentinel
# Copy maintainer scripts
COPY packaging/deb/postinst /tmp/scripts/postinst
COPY packaging/deb/prerm /tmp/scripts/prerm
COPY packaging/deb/postrm /tmp/scripts/postrm
RUN chmod 755 /tmp/scripts/*
# Build DEB package
ARG VERSION=1.0.0
ARG ARCH=amd64
RUN mkdir -p /packages/deb && \
fpm -s dir -t deb \
-n ja4sentinel \
-v "${VERSION}" \
-C /tmp/pkgroot \
--architecture "${ARCH}" \
--description "JA4 TLS fingerprinting daemon for network monitoring" \
--url "https://github.com/your-repo/ja4sentinel" \
--license "MIT" \
--vendor "JA4Sentinel Team <team@example.com>" \
--maintainer "JA4Sentinel Team <team@example.com>" \
--depends "systemd" \
--depends "libpcap0.8" \
--after-install /tmp/scripts/postinst \
--before-remove /tmp/scripts/prerm \
--after-remove /tmp/scripts/postrm \
-p /packages/deb/ja4sentinel_${VERSION}_${ARCH}.deb \
usr/bin/ja4sentinel \
etc/ja4sentinel/config.yml.default \
usr/share/ja4sentinel/config.yml \
var/lib/ja4sentinel \
var/log/ja4sentinel \
var/run/ja4sentinel
# =============================================================================
# Stage 3: RPM Builder - Universal builder with fpm installed
# Using ruby:3.2-bookworm as base for fpm, builds all RPM variants
# =============================================================================
FROM ruby:3.2-bookworm AS rpm-builder
WORKDIR /package
# Install fpm and rpm tools
RUN apt-get update && apt-get install -y --no-install-recommends \
rpm \
rpm-common \
&& rm -rf /var/lib/apt/lists/* \
&& gem install fpm -v 1.16.0 --no-document && gem install fpm -v 1.16.0 --no-document
# Copy binary from Go builder # Copy binary from Go builder
@ -141,6 +87,7 @@ RUN mkdir -p /tmp/pkgroot/var/lib/ja4sentinel && \
chmod 755 /tmp/scripts/* chmod 755 /tmp/scripts/*
# Build RPM for CentOS 7 (el7) # Build RPM for CentOS 7 (el7)
# Note: Requires libpcap at runtime
ARG VERSION=1.0.0 ARG VERSION=1.0.0
RUN mkdir -p /packages/rpm/el7 && \ RUN mkdir -p /packages/rpm/el7 && \
fpm -s dir -t rpm \ fpm -s dir -t rpm \
@ -154,7 +101,7 @@ RUN mkdir -p /packages/rpm/el7 && \
--license "MIT" \ --license "MIT" \
--vendor "JA4Sentinel Team <team@example.com>" \ --vendor "JA4Sentinel Team <team@example.com>" \
--depends "systemd" \ --depends "systemd" \
--depends "libpcap >= 1.4.0" \ --depends "libpcap" \
--after-install /tmp/scripts/postinst \ --after-install /tmp/scripts/postinst \
--before-remove /tmp/scripts/prerm \ --before-remove /tmp/scripts/prerm \
--after-remove /tmp/scripts/postrm \ --after-remove /tmp/scripts/postrm \
@ -167,6 +114,7 @@ RUN mkdir -p /packages/rpm/el7 && \
var/run/ja4sentinel var/run/ja4sentinel
# Build RPM for Rocky Linux 8 (el8) # Build RPM for Rocky Linux 8 (el8)
# Note: Requires libpcap at runtime
RUN mkdir -p /packages/rpm/el8 && \ RUN mkdir -p /packages/rpm/el8 && \
fpm -s dir -t rpm \ fpm -s dir -t rpm \
-n ja4sentinel \ -n ja4sentinel \
@ -179,7 +127,7 @@ RUN mkdir -p /packages/rpm/el8 && \
--license "MIT" \ --license "MIT" \
--vendor "JA4Sentinel Team <team@example.com>" \ --vendor "JA4Sentinel Team <team@example.com>" \
--depends "systemd" \ --depends "systemd" \
--depends "libpcap >= 1.9.0" \ --depends "libpcap" \
--after-install /tmp/scripts/postinst \ --after-install /tmp/scripts/postinst \
--before-remove /tmp/scripts/prerm \ --before-remove /tmp/scripts/prerm \
--after-remove /tmp/scripts/postrm \ --after-remove /tmp/scripts/postrm \
@ -192,6 +140,7 @@ RUN mkdir -p /packages/rpm/el8 && \
var/run/ja4sentinel var/run/ja4sentinel
# Build RPM for Rocky Linux 9 (el9) # Build RPM for Rocky Linux 9 (el9)
# Note: Requires libpcap at runtime
RUN mkdir -p /packages/rpm/el9 && \ RUN mkdir -p /packages/rpm/el9 && \
fpm -s dir -t rpm \ fpm -s dir -t rpm \
-n ja4sentinel \ -n ja4sentinel \
@ -204,7 +153,7 @@ RUN mkdir -p /packages/rpm/el9 && \
--license "MIT" \ --license "MIT" \
--vendor "JA4Sentinel Team <team@example.com>" \ --vendor "JA4Sentinel Team <team@example.com>" \
--depends "systemd" \ --depends "systemd" \
--depends "libpcap >= 1.9.0" \ --depends "libpcap" \
--after-install /tmp/scripts/postinst \ --after-install /tmp/scripts/postinst \
--before-remove /tmp/scripts/prerm \ --before-remove /tmp/scripts/prerm \
--after-remove /tmp/scripts/postrm \ --after-remove /tmp/scripts/postrm \
@ -217,6 +166,7 @@ RUN mkdir -p /packages/rpm/el9 && \
var/run/ja4sentinel var/run/ja4sentinel
# Build RPM for AlmaLinux 10 (el10) - compatible with Rocky Linux 10 # Build RPM for AlmaLinux 10 (el10) - compatible with Rocky Linux 10
# Note: Requires libpcap at runtime
RUN mkdir -p /packages/rpm/el10 && \ RUN mkdir -p /packages/rpm/el10 && \
fpm -s dir -t rpm \ fpm -s dir -t rpm \
-n ja4sentinel \ -n ja4sentinel \
@ -229,7 +179,7 @@ RUN mkdir -p /packages/rpm/el10 && \
--license "MIT" \ --license "MIT" \
--vendor "JA4Sentinel Team <team@example.com>" \ --vendor "JA4Sentinel Team <team@example.com>" \
--depends "systemd" \ --depends "systemd" \
--depends "libpcap >= 1.9.0" \ --depends "libpcap" \
--after-install /tmp/scripts/postinst \ --after-install /tmp/scripts/postinst \
--before-remove /tmp/scripts/prerm \ --before-remove /tmp/scripts/prerm \
--after-remove /tmp/scripts/postrm \ --after-remove /tmp/scripts/postrm \
@ -242,15 +192,14 @@ RUN mkdir -p /packages/rpm/el10 && \
var/run/ja4sentinel var/run/ja4sentinel
# ============================================================================= # =============================================================================
# Stage 4: Output - Image finale avec les packages # Stage 3: Output - Image finale avec les packages RPM
# ============================================================================= # =============================================================================
FROM alpine:latest AS output FROM alpine:latest AS output
WORKDIR /packages WORKDIR /packages
COPY --from=deb-builder /packages/deb/*.deb /packages/deb/
COPY --from=rpm-builder /packages/rpm/el7/*.rpm /packages/rpm/el7/ COPY --from=rpm-builder /packages/rpm/el7/*.rpm /packages/rpm/el7/
COPY --from=rpm-builder /packages/rpm/el8/*.rpm /packages/rpm/el8/ COPY --from=rpm-builder /packages/rpm/el8/*.rpm /packages/rpm/el8/
COPY --from=rpm-builder /packages/rpm/el9/*.rpm /packages/rpm/el9/ COPY --from=rpm-builder /packages/rpm/el9/*.rpm /packages/rpm/el9/
COPY --from=rpm-builder /packages/rpm/el10/*.rpm /packages/rpm/el10/ COPY --from=rpm-builder /packages/rpm/el10/*.rpm /packages/rpm/el10/
CMD ["sh", "-c", "echo '=== DEB Packages ===' && ls -la /packages/deb/ && echo '' && echo '=== RPM Packages (el7) ===' && ls -la /packages/rpm/el7/ && echo '' && echo '=== RPM Packages (el8) ===' && ls -la /packages/rpm/el8/ && echo '' && echo '=== RPM Packages (el9) ===' && ls -la /packages/rpm/el9/ && echo '' && echo '=== RPM Packages (el10) ===' && ls -la /packages/rpm/el10/"] CMD ["sh", "-c", "echo '=== RPM Packages (el7 - CentOS 7) ===' && ls -la /packages/rpm/el7/ && echo '' && echo '=== RPM Packages (el8 - Rocky 8) ===' && ls -la /packages/rpm/el8/ && echo '' && echo '=== RPM Packages (el9 - Rocky 9) ===' && ls -la /packages/rpm/el9/ && echo '' && echo '=== RPM Packages (el10 - Alma/Rocky 10) ===' && ls -la /packages/rpm/el10/"]

30
Makefile
View File

@ -1,4 +1,4 @@
.PHONY: build build-docker test test-docker test-integration lint clean help docker-build-dev docker-build-runtime package package-deb package-rpm .PHONY: build build-docker test test-docker test-integration lint clean help docker-build-dev docker-build-runtime package package-rpm
# Docker parameters # Docker parameters
DOCKER=docker DOCKER=docker
@ -90,24 +90,8 @@ lint: docker-build-dev
fmt: fmt:
gofmt -w . gofmt -w .
## package: Build all packages (deb + rpm) ## package: Build RPM packages for all target distributions
package: package-deb package-rpm package: package-rpm
## package-deb: Build DEB package (requires Docker)
package-deb:
mkdir -p build/deb build/rpm
docker build --target output -t ja4sentinel-packager:latest \
--build-arg VERSION=$(PKG_VERSION) \
-f Dockerfile.package .
@echo "Extracting packages from Docker image..."
@docker run --rm ja4sentinel-packager:latest sh -c 'cp /packages/deb/*.deb /tmp/' && \
docker cp $$(docker create ja4sentinel-packager:latest):/packages/deb/. build/deb/ && \
docker cp $$(docker create ja4sentinel-packager:latest):/packages/rpm/. build/rpm/ || \
docker run --rm -v $(PWD)/build:/output ja4sentinel-packager:latest sh -c 'cp -r /packages/deb /output/ && cp -r /packages/rpm /output/'
@echo "DEB packages created:"
ls -la build/deb/
@echo "RPM packages created:"
ls -la build/rpm/
## package-rpm: Build RPM packages for all target distributions (requires Docker) ## package-rpm: Build RPM packages for all target distributions (requires Docker)
package-rpm: package-rpm:
@ -132,16 +116,12 @@ package-rpm:
@echo " AlmaLinux/Rocky 10 (el10):" @echo " AlmaLinux/Rocky 10 (el10):"
ls -la build/rpm/el10/ 2>/dev/null || echo " (no packages)" ls -la build/rpm/el10/ 2>/dev/null || echo " (no packages)"
## test-package-deb: Test DEB package installation in Docker
test-package-deb: package-deb
./packaging/test/test-deb.sh
## test-package-rpm: Test RPM package installation in Docker ## test-package-rpm: Test RPM package installation in Docker
test-package-rpm: package-rpm test-package-rpm: package-rpm
./packaging/test/test-rpm.sh ./packaging/test/test-rpm.sh
## test-package: Test all packages installation ## test-package: Test RPM package installation
test-package: test-package-deb test-package-rpm test-package: test-package-rpm
## ci: Full CI pipeline (tests, build, packages, package tests) ## ci: Full CI pipeline (tests, build, packages, package tests)
ci: ci-test ci-build ci-package ci-package-test ci: ci-test ci-build ci-package ci-package-test

27
README.md
View File

@ -39,12 +39,17 @@ Outil Go pour capturer le trafic réseau sur un serveur Linux, extraire les hand
### Prérequis ### Prérequis
- Go 1.24+ - Go 1.24+
- libpcap-dev (pour la capture réseau) - libpcap-dev (pour la compilation)
- Docker (pour les tests et le déploiement) - Docker (pour les tests et le déploiement)
### Note sur libpcap
**Le binaire est compilé sur Rocky Linux 9** pour une compatibilité maximale avec toutes les distributions RHEL/CentOS/Rocky/AlmaLinux.
libpcap est requis à l'exécution et sera installé automatiquement par le gestionnaire de packages.
### Packages système ### Packages système
#### Rocky Linux / RHEL (.rpm) #### Rocky Linux / RHEL / CentOS / AlmaLinux (.rpm)
```bash ```bash
# Télécharger le package # Télécharger le package
@ -61,20 +66,12 @@ sudo systemctl start ja4sentinel
sudo systemctl status ja4sentinel sudo systemctl status ja4sentinel
``` ```
#### Debian / Ubuntu (.deb) #### Distributions supportées
```bash - CentOS 7
# Télécharger le package - Rocky Linux 8, 9, 10
wget https://github.com/your-repo/ja4sentinel/releases/latest/download/ja4sentinel.deb - AlmaLinux 8, 9, 10
- RHEL 7, 8, 9, 10
# Installer
sudo dpkg -i ja4sentinel.deb
sudo apt-get install -f # Installer les dépendances
# Activer le service
sudo systemctl enable ja4sentinel
sudo systemctl start ja4sentinel
```
## Configuration ## Configuration

48
architecture.yml
View File

@ -577,35 +577,40 @@ dev_tools:
packaging: packaging:
description: > description: >
ja4sentinel est distribué sous forme de packages .deb (Debian/Ubuntu) et ja4sentinel est distribué sous forme de packages .rpm (Rocky Linux/RHEL/CentOS/AlmaLinux),
.rpm (Rocky Linux/RHEL/CentOS), construits intégralement dans Docker avec fpm. construits intégralement dans Docker avec fpm. Le binaire est compilé sur Rocky Linux 9
pour une compatibilité binaire maximale avec toutes les distributions RHEL-based.
formats: formats:
- deb
- rpm - rpm
target_distros: target_distros:
deb:
- debian-12+
- ubuntu-22.04+
rpm: rpm:
- centos-7
- rocky-linux-8+ - rocky-linux-8+
- rocky-linux-9+ - rocky-linux-9+
- rocky-linux-10+
- almalinux-8+
- almalinux-9+
- almalinux-10+
- rhel-7+
- rhel-8+ - rhel-8+
- rhel-9+ - rhel-9+
- rhel-10+
tool: fpm tool: fpm
build_pipeline: build_pipeline:
dockerfile: Dockerfile.package dockerfile: Dockerfile.package
stages: stages:
- name: builder - name: builder
description: > description: >
Compilation du binaire Go avec CGO_ENABLED=1 pour libpcap. Compilation du binaire Go sur Rocky Linux 9 avec CGO_ENABLED=1.
GOOS=linux GOARCH=amd64 pour un binaire statique. GOOS=linux GOARCH=amd64 pour un binaire compatible x86_64.
- name: package_builder Le binaire est dynamiquement lié à libpcap pour une compatibilité maximale.
- name: rpm_builder
description: > description: >
Installation de fpm, rpm, dpkg-dev. Création de l'arborescence Image Rocky Linux 9 avec fpm, rpm-build, ruby. Création de l'arborescence
et exécution de fpm pour générer DEB et RPM. et exécution de fpm pour générer les RPM pour el7, el8, el9, el10.
- name: output - name: output
description: > description: >
Image Alpine minimale contenant les packages dans /packages/deb et /packages/rpm. Image Alpine minimale contenant les packages RPM dans /packages/rpm/el{7,8,9,10}.
files: files:
binary: binary:
source: dist/ja4sentinel-linux-amd64 source: dist/ja4sentinel-linux-amd64
@ -633,26 +638,17 @@ packaging:
- path: /etc/ja4sentinel - path: /etc/ja4sentinel
mode: "0750" mode: "0750"
maintainer_scripts: maintainer_scripts:
deb:
postinst: packaging/deb/postinst
prerm: packaging/deb/prerm
postrm: packaging/deb/postrm
rpm: rpm:
post: packaging/deb/postinst postinst: packaging/rpm/postinst
preun: packaging/deb/prerm prerm: packaging/rpm/prerm
postun: packaging/deb/postrm postrm: packaging/rpm/postrm
dependencies: dependencies:
deb:
- systemd
- libpcap0.8
rpm: rpm:
- systemd - systemd
- libpcap >= 1.9.0 - libpcap >= 1.4.0
verify: verify:
deb:
command: docker run --rm -v $(pwd)/build/deb:/packages debian:latest sh -c "apt-get update && apt-get install -y /packages/*.deb"
rpm: rpm:
command: docker run --rm -v $(pwd)/build/rpm:/packages rockylinux:8 sh -c "dnf install -y /packages/*.rpm" command: docker run --rm -v $(pwd)/build/rpm:/packages rockylinux:9 sh -c "dnf install -y /packages/*.rpm"
service: service:
systemd: systemd:

66
packaging/deb/postinst
View File

@ -1,66 +0,0 @@
#!/bin/bash
set -e
# postinst script for ja4sentinel .deb package
case "$1" in
configure)
# Create ja4sentinel user and group if they don't exist
if ! getent group ja4sentinel > /dev/null 2>&1; then
groupadd --system ja4sentinel
fi
if ! getent passwd ja4sentinel > /dev/null 2>&1; then
useradd --system \
--gid ja4sentinel \
--home-dir /var/lib/ja4sentinel \
--no-create-home \
--shell /usr/sbin/nologin \
ja4sentinel
fi
# Create necessary directories
mkdir -p /var/lib/ja4sentinel
mkdir -p /var/run/ja4sentinel
mkdir -p /var/log/ja4sentinel
mkdir -p /etc/ja4sentinel
# Set proper ownership
chown -R ja4sentinel:ja4sentinel /var/lib/ja4sentinel
chown -R ja4sentinel:ja4sentinel /var/run/ja4sentinel
chown -R ja4sentinel:ja4sentinel /var/log/ja4sentinel
chown -R ja4sentinel:ja4sentinel /etc/ja4sentinel
# Set proper permissions
chmod 750 /var/lib/ja4sentinel
chmod 750 /var/log/ja4sentinel
chmod 750 /etc/ja4sentinel
# Install default config if it doesn't exist
if [ ! -f /etc/ja4sentinel/config.yml ]; then
cp /usr/share/ja4sentinel/config.yml /etc/ja4sentinel/config.yml
chown ja4sentinel:ja4sentinel /etc/ja4sentinel/config.yml
chmod 640 /etc/ja4sentinel/config.yml
fi
# Enable and start the service (if running in a real system, not container)
if [ -x /bin/systemctl ] && [ -d /run/systemd/system ]; then
systemctl daemon-reload
systemctl enable ja4sentinel.service
if ! systemctl is-active --quiet ja4sentinel.service; then
systemctl start ja4sentinel.service
fi
fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
# On abort, do nothing special
;;
*)
echo "postinst called with unknown argument '$1'" >&2
exit 1
;;
esac
exit 0

52
packaging/deb/postrm
View File

@ -1,52 +0,0 @@
#!/bin/bash
set -e
# postrm script for ja4sentinel .deb package
case "$1" in
remove)
# On remove, leave config and data files
;;
purge)
# On purge, remove everything
# Stop service if running
if [ -x /bin/systemctl ] && [ -d /run/systemd/system ]; then
systemctl stop ja4sentinel.service 2>/dev/null || true
systemctl disable ja4sentinel.service 2>/dev/null || true
systemctl daemon-reload
fi
# Remove configuration
rm -rf /etc/ja4sentinel
# Remove data and logs
rm -rf /var/lib/ja4sentinel
rm -rf /var/log/ja4sentinel
rm -rf /var/run/ja4sentinel
# Remove user and group
if getent passwd ja4sentinel > /dev/null 2>&1; then
userdel ja4sentinel 2>/dev/null || true
fi
if getent group ja4sentinel > /dev/null 2>&1; then
groupdel ja4sentinel 2>/dev/null || true
fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
# On abort, restart the service
if [ -x /bin/systemctl ] && [ -d /run/systemd/system ]; then
systemctl start ja4sentinel.service 2>/dev/null || true
fi
;;
*)
echo "postrm called with unknown argument '$1'" >&2
exit 1
;;
esac
exit 0

29
packaging/deb/prerm
View File

@ -1,29 +0,0 @@
#!/bin/bash
set -e
# prerm script for ja4sentinel .deb package
case "$1" in
remove|deconfigure)
# Stop and disable the service
if [ -x /bin/systemctl ] && [ -d /run/systemd/system ]; then
systemctl stop ja4sentinel.service 2>/dev/null || true
systemctl disable ja4sentinel.service 2>/dev/null || true
systemctl daemon-reload
fi
;;
upgrade)
# On upgrade, just stop the service (will be restarted by postinst)
if [ -x /bin/systemctl ] && [ -d /run/systemd/system ]; then
systemctl stop ja4sentinel.service 2>/dev/null || true
fi
;;
*)
echo "prerm called with unknown argument '$1'" >&2
exit 1
;;
esac
exit 0

5
packaging/rpm/ja4sentinel.spec
View File

@ -9,9 +9,8 @@ BuildArch: x86_64
# Distribution-agnostic dependencies # Distribution-agnostic dependencies
# systemd is available on all target distros (CentOS 7, Rocky 8/9/10) # systemd is available on all target distros (CentOS 7, Rocky 8/9/10)
Requires: systemd Requires: systemd
# libpcap version varies by distro: # libpcap is required for packet capture (dynamically linked)
# - CentOS 7: 1.4.0 # Version varies by distro: CentOS 7 (1.4.0), Rocky 8/9/10 (1.9.0+)
# - Rocky 8/9/10: 1.9.0+
Requires: libpcap >= 1.4.0 Requires: libpcap >= 1.4.0
%description %description

34
packaging/test/test-deb.sh
View File

@ -1,34 +0,0 @@
#!/bin/bash
# Test DEB package installation in Debian/Ubuntu container
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(dirname "$(dirname "$SCRIPT_DIR")")"
BUILD_DIR="${PROJECT_ROOT}/build/deb"
echo "=========================================="
echo " Testing DEB Package Installation"
echo "=========================================="
# Find the DEB package
DEB_PACKAGE=$(ls -1 "${BUILD_DIR}"/*.deb 2>/dev/null | head -1)
if [ -z "$DEB_PACKAGE" ]; then
echo "Error: No .deb package found in ${BUILD_DIR}"
echo "Run 'make package-deb' first"
exit 1
fi
echo "Found package: ${DEB_PACKAGE}"
# Test installation directly in Debian container
echo ""
echo "Running installation tests in Debian container..."
docker run --rm \
-v "${BUILD_DIR}:/packages:ro" \
debian:latest \
sh -c "apt-get update && apt-get install -y /packages/*.deb && echo 'DEB installation successful'"
echo ""
echo "=========================================="
echo " DEB Package Test Complete"
echo "=========================================="

3
packaging/test/test-rpm.sh
View File

@ -33,11 +33,12 @@ test_rpm_install() {
fi fi
# Determine package manager and install command # Determine package manager and install command
# CentOS 7 is EOL, need to configure vault.centos.org # Note: libpcap is required at runtime (dynamically linked)
local setup_cmd="" local setup_cmd=""
local install_cmd="" local install_cmd=""
case "$image" in case "$image" in
centos:7) centos:7)
# CentOS 7 is EOL, need to configure vault.centos.org
setup_cmd="sed -i 's/mirror.centos.org/vault.centos.org/g' /etc/yum.repos.d/*.repo && sed -i 's/^#.*baseurl=http/baseurl=http/g' /etc/yum.repos.d/*.repo && sed -i 's/^mirrorlist=http/#mirrorlist=http/g' /etc/yum.repos.d/*.repo" setup_cmd="sed -i 's/mirror.centos.org/vault.centos.org/g' /etc/yum.repos.d/*.repo && sed -i 's/^#.*baseurl=http/baseurl=http/g' /etc/yum.repos.d/*.repo && sed -i 's/^mirrorlist=http/#mirrorlist=http/g' /etc/yum.repos.d/*.repo"
install_cmd="${setup_cmd} && yum install -y libpcap && yum install -y /packages/*.rpm" install_cmd="${setup_cmd} && yum install -y libpcap && yum install -y /packages/*.rpm"
;; ;;