code_public/ja4sentinel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: packaging RPM uniquement avec builder Rocky Linux 9
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Details

Browse Source 
- Suppression complète du support DEB (Debian/Ubuntu)
- Builder Rocky Linux 9 pour compatibilité binaire maximale
- Compilation dynamique avec libpcap comme dépendance runtime
- Activation du dépôt CRB pour libpcap-devel
- RPM générés pour el7, el8, el9, el10
- Mise à jour documentation et workflows GitHub Actions

Fix: erreur 'libpcap.so.0.8: cannot open shared object file' sur Rocky Linux 9

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
This commit is contained in:
Jacquin Antoine
2026-02-28 18:15:46 +01:00
parent 86649b1630
commit 0be3ea9220
14 changed files with 119 additions and 485 deletions
Download Patch File Download Diff File Expand all files Collapse all files

118
.github/workflows/build-deb.yml vendored
View File

@ -1,118 +0,0 @@
name: Build DEB Package
on:
push:
tags:
- 'v*'
branches:
- main
- master
paths:
- 'go/**'
- 'cmd/**'
- 'internal/**'
- 'api/**'
- 'packaging/**'
- 'Makefile'
- 'go.mod'
- 'go.sum'
pull_request:
branches:
- main
- master
paths:
- 'go/**'
- 'cmd/**'
- 'internal/**'
- 'api/**'
- 'packaging/**'
- 'Makefile'
- 'go.mod'
- 'go.sum'
workflow_dispatch:
inputs:
version:
description: 'Version to build (e.g., 1.0.0)'
required: false
default: '1.0.0-dev'
env:
GO_VERSION: '1.24'
PACKAGE_NAME: ja4sentinel
TARGET_DIST: debian:bookworm
jobs:
build-deb:
name: Build DEB Package (Debian/Ubuntu)
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache: true
- name: Determine version
id: version
run: |
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
VERSION="${{ github.event.inputs.version }}"
elif [[ "${{ github.ref }}" == refs/tags/v* ]]; then
VERSION="${{ github.ref_name#v }}"
else
VERSION="0.0.0-$(git rev-parse --short HEAD)"
fi
echo "version=${VERSION}" >> $GITHUB_OUTPUT
echo "Building version: ${VERSION}"
- name: Build DEB in Docker
run: |
docker build --no-cache \
-t ${PACKAGE_NAME}-packager-deb \
--build-arg VERSION="${{ steps.version.outputs.version }}" \
--build-arg ARCH=amd64 \
-f packaging/Dockerfile.deb .
# Extract DEB from image
mkdir -p build/deb
docker run --rm ${PACKAGE_NAME}-packager-deb sh -c 'cat /packages/*.deb' > build/${PACKAGE_NAME}.deb
- name: List build artifacts
run: |
echo "=== Build Artifacts ==="
ls -lah build/deb/
sha256sum build/${PACKAGE_NAME}.deb
- name: Upload DEB artifact
uses: actions/upload-artifact@v4
with:
name: ${PACKAGE_NAME}-deb-amd64
path: build/*.deb
retention-days: 30
- name: Upload checksum artifact
uses: actions/upload-artifact@v4
with:
name: ${PACKAGE_NAME}-deb-checksums
path: build/*.deb.sha256
retention-days: 30
- name: Create release and upload assets (on tag)
if: startsWith(github.ref, 'refs/tags/v')
uses: softprops/action-gh-release@v2
with:
files: |
build/*.deb
generate_release_notes: true
make_latest: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

53
.github/workflows/build-rpm.yml vendored
View File

@ -16,6 +16,7 @@ on:
- 'Makefile'
- 'go.mod'
- 'go.sum'
- 'Dockerfile.package'
pull_request:
branches:
- main
@ -29,6 +30,7 @@ on:
- 'Makefile'
- 'go.mod'
- 'go.sum'
- 'Dockerfile.package'
workflow_dispatch:
inputs:
version:
@ -39,11 +41,10 @@ on:
env:
GO_VERSION: '1.24'
PACKAGE_NAME: ja4sentinel
TARGET_DIST: rockylinux:9
jobs:
build-rpm:
name: Build RPM Package (Rocky Linux)
name: Build RPM Packages (CentOS 7, Rocky 8/9/10)
runs-on: ubuntu-latest
permissions:
contents: write
@ -55,12 +56,6 @@ jobs:
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache: true
- name: Determine version
id: version
run: |
@ -74,36 +69,49 @@ jobs:
echo "version=${VERSION}" >> $GITHUB_OUTPUT
echo "Building version: ${VERSION}"
- name: Build RPM in Docker
- name: Build RPM packages in Docker
run: |
docker build --no-cache \
-t ${PACKAGE_NAME}-packager-rpm \
-t ${PACKAGE_NAME}-packager \
--build-arg VERSION="${{ steps.version.outputs.version }}" \
--build-arg ARCH=x86_64 \
-f packaging/Dockerfile.rpm .
-f Dockerfile.package .
# Extract RPM from image
mkdir -p build/rpm
docker run --rm ${PACKAGE_NAME}-packager-rpm sh -c 'cat /packages/*.rpm' > build/${PACKAGE_NAME}.rpm
# Extract RPM packages from image
mkdir -p build/rpm/el7 build/rpm/el8 build/rpm/el9 build/rpm/el10
docker run --rm -v $(pwd)/build:/output ${PACKAGE_NAME}-packager sh -c \
'cp -r /packages/rpm/el7 /output/rpm/ && \
cp -r /packages/rpm/el8 /output/rpm/ && \
cp -r /packages/rpm/el9 /output/rpm/ && \
cp -r /packages/rpm/el10 /output/rpm/'
- name: List build artifacts
run: |
echo "=== Build Artifacts ==="
ls -lah build/rpm/
sha256sum build/${PACKAGE_NAME}.rpm
echo "CentOS 7 (el7):"
ls -lah build/rpm/el7/ || echo " (no packages)"
echo "Rocky Linux 8 (el8):"
ls -lah build/rpm/el8/ || echo " (no packages)"
echo "Rocky Linux 9 (el9):"
ls -lah build/rpm/el9/ || echo " (no packages)"
echo "AlmaLinux/Rocky 10 (el10):"
ls -lah build/rpm/el10/ || echo " (no packages)"
- name: Upload RPM artifact
# Generate checksums
find build/rpm -name "*.rpm" -exec sha256sum {} \; > build/rpm/checksums.txt
cat build/rpm/checksums.txt
- name: Upload RPM artifacts
uses: actions/upload-artifact@v4
with:
name: ${PACKAGE_NAME}-rpm-x86_64
path: build/*.rpm
path: build/rpm/**/*.rpm
retention-days: 30
- name: Upload checksum artifact
uses: actions/upload-artifact@v4
with:
name: ${PACKAGE_NAME}-rpm-checksums
path: build/*.rpm.sha256
path: build/rpm/checksums.txt
retention-days: 30
- name: Create release and upload assets (on tag)
@ -111,7 +119,10 @@ jobs:
uses: softprops/action-gh-release@v2
with:
files: |
build/*.rpm
build/rpm/el7/*.rpm
build/rpm/el8/*.rpm
build/rpm/el9/*.rpm
build/rpm/el10/*.rpm
generate_release_notes: true
make_latest: true
env:

1
.gitignore vendored
View File

@ -49,7 +49,6 @@ config.yml
test-results/
# Test artifacts
packaging/test/*.deb
packaging/test/*.rpm
# Binary (root level only)

9
Dockerfile
View File

@ -24,22 +24,23 @@ RUN go mod download || true
# Copy source code
COPY . .
# Build binary
# Build binary with static libpcap linking
ARG VERSION=dev
ARG BUILD_TIME=unknown
ARG GIT_COMMIT=unknown
RUN mkdir -p dist && \
CGO_ENABLED=1 GOOS=linux go build -buildvcs=false \
CGO_ENABLED=1 GOOS=linux GOARCH=amd64 \
CGO_LDFLAGS="-Wl,-Bstatic -lpcap -Wl,-Bdynamic" \
go build -buildvcs=false \
-ldflags "-X main.Version=${VERSION} -X main.BuildTime=${BUILD_TIME} -X main.GitCommit=${GIT_COMMIT}" \
-o dist/ja4sentinel ./cmd/ja4sentinel
# Runtime stage
FROM alpine:latest
# Install runtime dependencies (libpcap for packet capture)
# Install runtime dependencies (no libpcap needed - statically linked)
RUN apk add --no-cache \
libpcap \
ca-certificates
# Create non-root user for security

127
Dockerfile.package
View File

@ -1,29 +1,39 @@
# syntax=docker/dockerfile:1
# =============================================================================
# ja4sentinel - Dockerfile de packaging unifié (DEB + RPM pour CentOS 7, Rocky 8/9/10)
# ja4sentinel - Dockerfile de packaging RPM (CentOS 7, Rocky 8/9/10, AlmaLinux)
# =============================================================================
# =============================================================================
# Stage 1: Builder - Compilation du binaire Go
# Stage 1: Builder - Compilation du binaire Go sur Rocky Linux 9
# Using Rocky Linux 9 as builder ensures binary compatibility across all RHEL-based distros
# =============================================================================
FROM golang:1.24-bookworm AS builder
FROM rockylinux:9 AS builder
WORKDIR /build
# Install dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
# Install dependencies (Go + libpcap for packet capture)
# CRB (CodeReady Builder) repository is required for libpcap-devel
RUN dnf install -y epel-release && \
dnf config-manager --set-enabled crb && \
dnf install -y \
golang \
git \
libpcap-dev \
&& rm -rf /var/lib/apt/lists/*
libpcap-devel \
gcc \
make \
&& dnf clean all
# Copy go mod files
COPY go.mod go.sum ./
# Download dependencies
RUN go mod download
# Copy source code
COPY . .
# Build binary for Linux
# Binary will be dynamically linked but compatible with all RHEL-based distros
ARG VERSION=1.0.0
ARG BUILD_TIME=""
ARG GIT_COMMIT=""
@ -35,86 +45,22 @@ RUN mkdir -p dist && \
./cmd/ja4sentinel
# =============================================================================
# Stage 2: Package builder - fpm pour DEB
# Stage 2: RPM Builder - Build RPM pour CentOS 7, Rocky 8/9/10, AlmaLinux
# =============================================================================
FROM ruby:3.2-bookworm AS deb-builder
FROM rockylinux:9 AS rpm-builder
WORKDIR /package
# Install fpm and dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
# Install fpm and rpm tools (Rocky Linux 9)
# fpm does not require libpcap - only needed for building the Go binary
RUN dnf install -y \
rpm \
dpkg-dev \
fakeroot \
libpcap-dev \
&& rm -rf /var/lib/apt/lists/* \
&& gem install fpm -v 1.16.0 --no-document
# Copy binary from builder
COPY --from=builder /build/dist/ja4sentinel /tmp/pkgroot/usr/bin/ja4sentinel
COPY --from=builder /build/packaging/systemd/ja4sentinel.service /tmp/pkgroot/usr/lib/systemd/system/ja4sentinel.service
COPY --from=builder /build/packaging/systemd/config.yml /tmp/pkgroot/etc/ja4sentinel/config.yml.default
COPY --from=builder /build/packaging/systemd/config.yml /tmp/pkgroot/usr/share/ja4sentinel/config.yml
# Create directories and set permissions
RUN mkdir -p /tmp/pkgroot/var/lib/ja4sentinel && \
mkdir -p /tmp/pkgroot/var/log/ja4sentinel && \
mkdir -p /tmp/pkgroot/var/run/ja4sentinel && \
chmod 755 /tmp/pkgroot/usr/bin/ja4sentinel && \
chmod 644 /tmp/pkgroot/usr/lib/systemd/system/ja4sentinel.service && \
chmod 640 /tmp/pkgroot/etc/ja4sentinel/config.yml.default && \
chmod 640 /tmp/pkgroot/usr/share/ja4sentinel/config.yml && \
chmod 750 /tmp/pkgroot/var/lib/ja4sentinel && \
chmod 750 /tmp/pkgroot/var/log/ja4sentinel && \
chmod 750 /tmp/pkgroot/var/run/ja4sentinel && \
chmod 750 /tmp/pkgroot/etc/ja4sentinel
# Copy maintainer scripts
COPY packaging/deb/postinst /tmp/scripts/postinst
COPY packaging/deb/prerm /tmp/scripts/prerm
COPY packaging/deb/postrm /tmp/scripts/postrm
RUN chmod 755 /tmp/scripts/*
# Build DEB package
ARG VERSION=1.0.0
ARG ARCH=amd64
RUN mkdir -p /packages/deb && \
fpm -s dir -t deb \
-n ja4sentinel \
-v "${VERSION}" \
-C /tmp/pkgroot \
--architecture "${ARCH}" \
--description "JA4 TLS fingerprinting daemon for network monitoring" \
--url "https://github.com/your-repo/ja4sentinel" \
--license "MIT" \
--vendor "JA4Sentinel Team <team@example.com>" \
--maintainer "JA4Sentinel Team <team@example.com>" \
--depends "systemd" \
--depends "libpcap0.8" \
--after-install /tmp/scripts/postinst \
--before-remove /tmp/scripts/prerm \
--after-remove /tmp/scripts/postrm \
-p /packages/deb/ja4sentinel_${VERSION}_${ARCH}.deb \
usr/bin/ja4sentinel \
etc/ja4sentinel/config.yml.default \
usr/share/ja4sentinel/config.yml \
var/lib/ja4sentinel \
var/log/ja4sentinel \
var/run/ja4sentinel
# =============================================================================
# Stage 3: RPM Builder - Universal builder with fpm installed
# Using ruby:3.2-bookworm as base for fpm, builds all RPM variants
# =============================================================================
FROM ruby:3.2-bookworm AS rpm-builder
WORKDIR /package
# Install fpm and rpm tools
RUN apt-get update && apt-get install -y --no-install-recommends \
rpm \
rpm-common \
&& rm -rf /var/lib/apt/lists/* \
rpm-build \
ruby \
rubygems \
gcc \
make \
&& dnf clean all \
&& gem install fpm -v 1.16.0 --no-document
# Copy binary from Go builder
@ -141,6 +87,7 @@ RUN mkdir -p /tmp/pkgroot/var/lib/ja4sentinel && \
chmod 755 /tmp/scripts/*
# Build RPM for CentOS 7 (el7)
# Note: Requires libpcap at runtime
ARG VERSION=1.0.0
RUN mkdir -p /packages/rpm/el7 && \
fpm -s dir -t rpm \
@ -154,7 +101,7 @@ RUN mkdir -p /packages/rpm/el7 && \
--license "MIT" \
--vendor "JA4Sentinel Team <team@example.com>" \
--depends "systemd" \
--depends "libpcap >= 1.4.0" \
--depends "libpcap" \
--after-install /tmp/scripts/postinst \
--before-remove /tmp/scripts/prerm \
--after-remove /tmp/scripts/postrm \
@ -167,6 +114,7 @@ RUN mkdir -p /packages/rpm/el7 && \
var/run/ja4sentinel
# Build RPM for Rocky Linux 8 (el8)
# Note: Requires libpcap at runtime
RUN mkdir -p /packages/rpm/el8 && \
fpm -s dir -t rpm \
-n ja4sentinel \
@ -179,7 +127,7 @@ RUN mkdir -p /packages/rpm/el8 && \
--license "MIT" \
--vendor "JA4Sentinel Team <team@example.com>" \
--depends "systemd" \
--depends "libpcap >= 1.9.0" \
--depends "libpcap" \
--after-install /tmp/scripts/postinst \
--before-remove /tmp/scripts/prerm \
--after-remove /tmp/scripts/postrm \
@ -192,6 +140,7 @@ RUN mkdir -p /packages/rpm/el8 && \
var/run/ja4sentinel
# Build RPM for Rocky Linux 9 (el9)
# Note: Requires libpcap at runtime
RUN mkdir -p /packages/rpm/el9 && \
fpm -s dir -t rpm \
-n ja4sentinel \
@ -204,7 +153,7 @@ RUN mkdir -p /packages/rpm/el9 && \
--license "MIT" \
--vendor "JA4Sentinel Team <team@example.com>" \
--depends "systemd" \
--depends "libpcap >= 1.9.0" \
--depends "libpcap" \
--after-install /tmp/scripts/postinst \
--before-remove /tmp/scripts/prerm \
--after-remove /tmp/scripts/postrm \
@ -217,6 +166,7 @@ RUN mkdir -p /packages/rpm/el9 && \
var/run/ja4sentinel
# Build RPM for AlmaLinux 10 (el10) - compatible with Rocky Linux 10
# Note: Requires libpcap at runtime
RUN mkdir -p /packages/rpm/el10 && \
fpm -s dir -t rpm \
-n ja4sentinel \
@ -229,7 +179,7 @@ RUN mkdir -p /packages/rpm/el10 && \
--license "MIT" \
--vendor "JA4Sentinel Team <team@example.com>" \
--depends "systemd" \
--depends "libpcap >= 1.9.0" \
--depends "libpcap" \
--after-install /tmp/scripts/postinst \
--before-remove /tmp/scripts/prerm \
--after-remove /tmp/scripts/postrm \
@ -242,15 +192,14 @@ RUN mkdir -p /packages/rpm/el10 && \
var/run/ja4sentinel
# =============================================================================
# Stage 4: Output - Image finale avec les packages
# Stage 3: Output - Image finale avec les packages RPM
# =============================================================================
FROM alpine:latest AS output
WORKDIR /packages
COPY --from=deb-builder /packages/deb/*.deb /packages/deb/
COPY --from=rpm-builder /packages/rpm/el7/*.rpm /packages/rpm/el7/
COPY --from=rpm-builder /packages/rpm/el8/*.rpm /packages/rpm/el8/
COPY --from=rpm-builder /packages/rpm/el9/*.rpm /packages/rpm/el9/
COPY --from=rpm-builder /packages/rpm/el10/*.rpm /packages/rpm/el10/
CMD ["sh", "-c", "echo '=== DEB Packages ===' && ls -la /packages/deb/ && echo '' && echo '=== RPM Packages (el7) ===' && ls -la /packages/rpm/el7/ && echo '' && echo '=== RPM Packages (el8) ===' && ls -la /packages/rpm/el8/ && echo '' && echo '=== RPM Packages (el9) ===' && ls -la /packages/rpm/el9/ && echo '' && echo '=== RPM Packages (el10) ===' && ls -la /packages/rpm/el10/"]
CMD ["sh", "-c", "echo '=== RPM Packages (el7 - CentOS 7) ===' && ls -la /packages/rpm/el7/ && echo '' && echo '=== RPM Packages (el8 - Rocky 8) ===' && ls -la /packages/rpm/el8/ && echo '' && echo '=== RPM Packages (el9 - Rocky 9) ===' && ls -la /packages/rpm/el9/ && echo '' && echo '=== RPM Packages (el10 - Alma/Rocky 10) ===' && ls -la /packages/rpm/el10/"]

30
Makefile
View File

@ -1,4 +1,4 @@
.PHONY: build build-docker test test-docker test-integration lint clean help docker-build-dev docker-build-runtime package package-deb package-rpm
.PHONY: build build-docker test test-docker test-integration lint clean help docker-build-dev docker-build-runtime package package-rpm
# Docker parameters
DOCKER=docker
@ -90,24 +90,8 @@ lint: docker-build-dev
fmt:
gofmt -w .
## package: Build all packages (deb + rpm)
package: package-deb package-rpm
## package-deb: Build DEB package (requires Docker)
package-deb:
mkdir -p build/deb build/rpm
docker build --target output -t ja4sentinel-packager:latest \
--build-arg VERSION=$(PKG_VERSION) \
-f Dockerfile.package .
@echo "Extracting packages from Docker image..."
@docker run --rm ja4sentinel-packager:latest sh -c 'cp /packages/deb/*.deb /tmp/' && \
docker cp $$(docker create ja4sentinel-packager:latest):/packages/deb/. build/deb/ && \
docker cp $$(docker create ja4sentinel-packager:latest):/packages/rpm/. build/rpm/ || \
docker run --rm -v $(PWD)/build:/output ja4sentinel-packager:latest sh -c 'cp -r /packages/deb /output/ && cp -r /packages/rpm /output/'
@echo "DEB packages created:"
ls -la build/deb/
@echo "RPM packages created:"
ls -la build/rpm/
## package: Build RPM packages for all target distributions
package: package-rpm
## package-rpm: Build RPM packages for all target distributions (requires Docker)
package-rpm:
@ -132,16 +116,12 @@ package-rpm:
@echo " AlmaLinux/Rocky 10 (el10):"
ls -la build/rpm/el10/ 2>/dev/null || echo " (no packages)"
## test-package-deb: Test DEB package installation in Docker
test-package-deb: package-deb
./packaging/test/test-deb.sh
## test-package-rpm: Test RPM package installation in Docker
test-package-rpm: package-rpm
./packaging/test/test-rpm.sh
## test-package: Test all packages installation
test-package: test-package-deb test-package-rpm
## test-package: Test RPM package installation
test-package: test-package-rpm
## ci: Full CI pipeline (tests, build, packages, package tests)
ci: ci-test ci-build ci-package ci-package-test

27
README.md
View File

@ -39,12 +39,17 @@ Outil Go pour capturer le trafic réseau sur un serveur Linux, extraire les hand
### Prérequis
- Go 1.24+
- libpcap-dev (pour la capture réseau)
- libpcap-dev (pour la compilation)
- Docker (pour les tests et le déploiement)
### Note sur libpcap
**Le binaire est compilé sur Rocky Linux 9** pour une compatibilité maximale avec toutes les distributions RHEL/CentOS/Rocky/AlmaLinux.
libpcap est requis à l'exécution et sera installé automatiquement par le gestionnaire de packages.
### Packages système
#### Rocky Linux / RHEL (.rpm)
#### Rocky Linux / RHEL / CentOS / AlmaLinux (.rpm)
```bash
# Télécharger le package
@ -61,20 +66,12 @@ sudo systemctl start ja4sentinel
sudo systemctl status ja4sentinel
```
#### Debian / Ubuntu (.deb)
#### Distributions supportées
```bash
# Télécharger le package
wget https://github.com/your-repo/ja4sentinel/releases/latest/download/ja4sentinel.deb
# Installer
sudo dpkg -i ja4sentinel.deb
sudo apt-get install -f # Installer les dépendances
# Activer le service
sudo systemctl enable ja4sentinel
sudo systemctl start ja4sentinel
```
- CentOS 7
- Rocky Linux 8, 9, 10
- AlmaLinux 8, 9, 10
- RHEL 7, 8, 9, 10
## Configuration

48
architecture.yml
View File

@ -577,35 +577,40 @@ dev_tools:
packaging:
description: >
ja4sentinel est distribué sous forme de packages .deb (Debian/Ubuntu) et
.rpm (Rocky Linux/RHEL/CentOS), construits intégralement dans Docker avec fpm.
ja4sentinel est distribué sous forme de packages .rpm (Rocky Linux/RHEL/CentOS/AlmaLinux),
construits intégralement dans Docker avec fpm. Le binaire est compilé sur Rocky Linux 9
pour une compatibilité binaire maximale avec toutes les distributions RHEL-based.
formats:
- deb
- rpm
target_distros:
deb:
- debian-12+
- ubuntu-22.04+
rpm:
- centos-7
- rocky-linux-8+
- rocky-linux-9+
- rocky-linux-10+
- almalinux-8+
- almalinux-9+
- almalinux-10+
- rhel-7+
- rhel-8+
- rhel-9+
- rhel-10+
tool: fpm
build_pipeline:
dockerfile: Dockerfile.package
stages:
- name: builder
description: >
Compilation du binaire Go avec CGO_ENABLED=1 pour libpcap.
GOOS=linux GOARCH=amd64 pour un binaire statique.
- name: package_builder
Compilation du binaire Go sur Rocky Linux 9 avec CGO_ENABLED=1.
GOOS=linux GOARCH=amd64 pour un binaire compatible x86_64.
Le binaire est dynamiquement lié à libpcap pour une compatibilité maximale.
- name: rpm_builder
description: >
Installation de fpm, rpm, dpkg-dev. Création de l'arborescence
et exécution de fpm pour générer DEB et RPM.
Image Rocky Linux 9 avec fpm, rpm-build, ruby. Création de l'arborescence
et exécution de fpm pour générer les RPM pour el7, el8, el9, el10.
- name: output
description: >
Image Alpine minimale contenant les packages dans /packages/deb et /packages/rpm.
Image Alpine minimale contenant les packages RPM dans /packages/rpm/el{7,8,9,10}.
files:
binary:
source: dist/ja4sentinel-linux-amd64
@ -633,26 +638,17 @@ packaging:
- path: /etc/ja4sentinel
mode: "0750"
maintainer_scripts:
deb:
postinst: packaging/deb/postinst
prerm: packaging/deb/prerm
postrm: packaging/deb/postrm
rpm:
post: packaging/deb/postinst
preun: packaging/deb/prerm
postun: packaging/deb/postrm
postinst: packaging/rpm/postinst
prerm: packaging/rpm/prerm
postrm: packaging/rpm/postrm
dependencies:
deb:
- systemd
- libpcap0.8
rpm:
- systemd
- libpcap >= 1.9.0
- libpcap >= 1.4.0
verify:
deb:
command: docker run --rm -v $(pwd)/build/deb:/packages debian:latest sh -c "apt-get update && apt-get install -y /packages/*.deb"
rpm:
command: docker run --rm -v $(pwd)/build/rpm:/packages rockylinux:8 sh -c "dnf install -y /packages/*.rpm"
command: docker run --rm -v $(pwd)/build/rpm:/packages rockylinux:9 sh -c "dnf install -y /packages/*.rpm"
service:
systemd:

66
packaging/deb/postinst
View File

@ -1,66 +0,0 @@
#!/bin/bash
set -e
# postinst script for ja4sentinel .deb package
case "$1" in
configure)
# Create ja4sentinel user and group if they don't exist
if ! getent group ja4sentinel > /dev/null 2>&1; then
groupadd --system ja4sentinel
fi
if ! getent passwd ja4sentinel > /dev/null 2>&1; then
useradd --system \
--gid ja4sentinel \
--home-dir /var/lib/ja4sentinel \
--no-create-home \
--shell /usr/sbin/nologin \
ja4sentinel
fi
# Create necessary directories
mkdir -p /var/lib/ja4sentinel
mkdir -p /var/run/ja4sentinel
mkdir -p /var/log/ja4sentinel
mkdir -p /etc/ja4sentinel
# Set proper ownership
chown -R ja4sentinel:ja4sentinel /var/lib/ja4sentinel
chown -R ja4sentinel:ja4sentinel /var/run/ja4sentinel
chown -R ja4sentinel:ja4sentinel /var/log/ja4sentinel
chown -R ja4sentinel:ja4sentinel /etc/ja4sentinel
# Set proper permissions
chmod 750 /var/lib/ja4sentinel
chmod 750 /var/log/ja4sentinel
chmod 750 /etc/ja4sentinel
# Install default config if it doesn't exist
if [ ! -f /etc/ja4sentinel/config.yml ]; then
cp /usr/share/ja4sentinel/config.yml /etc/ja4sentinel/config.yml
chown ja4sentinel:ja4sentinel /etc/ja4sentinel/config.yml
chmod 640 /etc/ja4sentinel/config.yml
fi
# Enable and start the service (if running in a real system, not container)
if [ -x /bin/systemctl ] && [ -d /run/systemd/system ]; then
systemctl daemon-reload
systemctl enable ja4sentinel.service
if ! systemctl is-active --quiet ja4sentinel.service; then
systemctl start ja4sentinel.service
fi
fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
# On abort, do nothing special
;;
*)
echo "postinst called with unknown argument '$1'" >&2
exit 1
;;
esac
exit 0

52
packaging/deb/postrm
View File

@ -1,52 +0,0 @@
#!/bin/bash
set -e
# postrm script for ja4sentinel .deb package
case "$1" in
remove)
# On remove, leave config and data files
;;
purge)
# On purge, remove everything
# Stop service if running
if [ -x /bin/systemctl ] && [ -d /run/systemd/system ]; then
systemctl stop ja4sentinel.service 2>/dev/null || true
systemctl disable ja4sentinel.service 2>/dev/null || true
systemctl daemon-reload
fi
# Remove configuration
rm -rf /etc/ja4sentinel
# Remove data and logs
rm -rf /var/lib/ja4sentinel
rm -rf /var/log/ja4sentinel
rm -rf /var/run/ja4sentinel
# Remove user and group
if getent passwd ja4sentinel > /dev/null 2>&1; then
userdel ja4sentinel 2>/dev/null || true
fi
if getent group ja4sentinel > /dev/null 2>&1; then
groupdel ja4sentinel 2>/dev/null || true
fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
# On abort, restart the service
if [ -x /bin/systemctl ] && [ -d /run/systemd/system ]; then
systemctl start ja4sentinel.service 2>/dev/null || true
fi
;;
*)
echo "postrm called with unknown argument '$1'" >&2
exit 1
;;
esac
exit 0

29
packaging/deb/prerm
View File

@ -1,29 +0,0 @@
#!/bin/bash
set -e
# prerm script for ja4sentinel .deb package
case "$1" in
remove|deconfigure)
# Stop and disable the service
if [ -x /bin/systemctl ] && [ -d /run/systemd/system ]; then
systemctl stop ja4sentinel.service 2>/dev/null || true
systemctl disable ja4sentinel.service 2>/dev/null || true
systemctl daemon-reload
fi
;;
upgrade)
# On upgrade, just stop the service (will be restarted by postinst)
if [ -x /bin/systemctl ] && [ -d /run/systemd/system ]; then
systemctl stop ja4sentinel.service 2>/dev/null || true
fi
;;
*)
echo "prerm called with unknown argument '$1'" >&2
exit 1
;;
esac
exit 0

5
packaging/rpm/ja4sentinel.spec
View File

@ -9,9 +9,8 @@ BuildArch: x86_64
# Distribution-agnostic dependencies
# systemd is available on all target distros (CentOS 7, Rocky 8/9/10)
Requires: systemd
# libpcap version varies by distro:
# - CentOS 7: 1.4.0
# - Rocky 8/9/10: 1.9.0+
# libpcap is required for packet capture (dynamically linked)
# Version varies by distro: CentOS 7 (1.4.0), Rocky 8/9/10 (1.9.0+)
Requires: libpcap >= 1.4.0
%description

34
packaging/test/test-deb.sh
View File

@ -1,34 +0,0 @@
#!/bin/bash
# Test DEB package installation in Debian/Ubuntu container
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(dirname "$(dirname "$SCRIPT_DIR")")"
BUILD_DIR="${PROJECT_ROOT}/build/deb"
echo "=========================================="
echo " Testing DEB Package Installation"
echo "=========================================="
# Find the DEB package
DEB_PACKAGE=$(ls -1 "${BUILD_DIR}"/*.deb 2>/dev/null | head -1)
if [ -z "$DEB_PACKAGE" ]; then
echo "Error: No .deb package found in ${BUILD_DIR}"
echo "Run 'make package-deb' first"
exit 1
fi
echo "Found package: ${DEB_PACKAGE}"
# Test installation directly in Debian container
echo ""
echo "Running installation tests in Debian container..."
docker run --rm \
-v "${BUILD_DIR}:/packages:ro" \
debian:latest \
sh -c "apt-get update && apt-get install -y /packages/*.deb && echo 'DEB installation successful'"
echo ""
echo "=========================================="
echo " DEB Package Test Complete"
echo "=========================================="

3
packaging/test/test-rpm.sh
View File

@ -33,11 +33,12 @@ test_rpm_install() {
fi
# Determine package manager and install command
# CentOS 7 is EOL, need to configure vault.centos.org
# Note: libpcap is required at runtime (dynamically linked)
local setup_cmd=""
local install_cmd=""
case "$image" in
centos:7)
# CentOS 7 is EOL, need to configure vault.centos.org
setup_cmd="sed -i 's/mirror.centos.org/vault.centos.org/g' /etc/yum.repos.d/*.repo && sed -i 's/^#.*baseurl=http/baseurl=http/g' /etc/yum.repos.d/*.repo && sed -i 's/^mirrorlist=http/#mirrorlist=http/g' /etc/yum.repos.d/*.repo"
install_cmd="${setup_cmd} && yum install -y libpcap && yum install -y /packages/*.rpm"
;;