code_public/ja4sentinel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(packaging): migrate from fpm to rpmbuild for RPM packaging

Browse Source 
- Replace fpm with native rpmbuild in Dockerfile.package
- Setup proper rpmbuild directory structure (BUILD, RPMS, SOURCES, SPECS)
- Make spec file version dynamic via %{?build_version} macro
- Improve %post script with better systemd detection and error handling
- RPM now correctly uses VERSION build argument

Builds RPM packages for el8, el9, and el10 distributions.

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
This commit is contained in:
Jacquin Antoine
2026-03-01 00:12:44 +01:00
parent d914ba1fa0
commit 0eff3a77c1
2 changed files with 49 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

139
Dockerfile.package
View File

@ -46,7 +46,7 @@ RUN mkdir -p dist && \
./cmd/ja4sentinel ./cmd/ja4sentinel
# ============================================================================= # =============================================================================
# Stage 2: RPM Builder - Build RPM pour CentOS 7, Rocky 8/9/10, AlmaLinux # Stage 2: RPM Builder - Build RPM pour Rocky 8/9/10, AlmaLinux using rpmbuild
# ============================================================================= # =============================================================================
FROM rockylinux:9 AS rpm-builder FROM rockylinux:9 AS rpm-builder
@ -55,122 +55,59 @@ WORKDIR /package
# VERSION must be redeclared for each stage that needs it # VERSION must be redeclared for each stage that needs it
ARG VERSION=1.0.0 ARG VERSION=1.0.0
# Install fpm and rpm tools (Rocky Linux 9) # Install rpm-build tools (Rocky Linux 9)
# fpm does not require libpcap - only needed for building the Go binary
RUN dnf install -y \ RUN dnf install -y \
rpm \ rpm \
rpm-build \ rpm-build \
ruby \
rubygems \
gcc \ gcc \
make \ make \
&& dnf clean all \ && dnf clean all
&& gem install fpm -v 1.16.0 --no-document
# Copy binary from Go builder # Setup rpmbuild directory structure
COPY --from=builder /build/dist/ja4sentinel /tmp/pkgroot/usr/bin/ja4sentinel RUN mkdir -p /root/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
# Copy systemd service and config directly (not from builder)
COPY packaging/systemd/ja4sentinel.service /tmp/pkgroot/usr/lib/systemd/system/ja4sentinel.service
COPY packaging/systemd/config.yml /tmp/pkgroot/etc/ja4sentinel/config.yml.default
COPY packaging/systemd/config.yml /tmp/pkgroot/usr/share/ja4sentinel/config.yml
COPY packaging/rpm/postinst /tmp/scripts/postinst
COPY packaging/rpm/prerm /tmp/scripts/prerm
COPY packaging/rpm/postrm /tmp/scripts/postrm
# Create directories and set permissions # Copy spec file
RUN mkdir -p /tmp/pkgroot/var/lib/ja4sentinel && \ COPY packaging/rpm/ja4sentinel.spec /root/rpmbuild/SPECS/ja4sentinel.spec
mkdir -p /tmp/pkgroot/var/log/ja4sentinel && \
mkdir -p /tmp/pkgroot/var/run/ja4sentinel && \ # Copy binary from Go builder and other files to SOURCES
chmod 755 /tmp/pkgroot/usr/bin/ja4sentinel && \ COPY --from=builder /build/dist/ja4sentinel /root/rpmbuild/SOURCES/ja4sentinel
chmod 644 /tmp/pkgroot/usr/lib/systemd/system/ja4sentinel.service && \ COPY packaging/systemd/ja4sentinel.service /root/rpmbuild/SOURCES/ja4sentinel.service
chmod 640 /tmp/pkgroot/etc/ja4sentinel/config.yml.default && \ COPY packaging/systemd/config.yml /root/rpmbuild/SOURCES/config.yml
chmod 640 /tmp/pkgroot/usr/share/ja4sentinel/config.yml && \
chmod 750 /tmp/pkgroot/var/lib/ja4sentinel && \ # Set permissions
chmod 750 /tmp/pkgroot/var/log/ja4sentinel && \ RUN chmod 755 /root/rpmbuild/SOURCES/ja4sentinel && \
chmod 750 /tmp/pkgroot/var/run/ja4sentinel && \ chmod 644 /root/rpmbuild/SOURCES/ja4sentinel.service && \
chmod 750 /tmp/pkgroot/etc/ja4sentinel && \ chmod 640 /root/rpmbuild/SOURCES/config.yml
chmod 755 /tmp/scripts/*
# Build RPM for Rocky Linux 8 (el8) # Build RPM for Rocky Linux 8 (el8)
# Note: Requires libpcap at runtime # Note: Requires libpcap at runtime
RUN mkdir -p /packages/rpm/el8 && \ RUN rpmbuild --define "_topdir /root/rpmbuild" \
fpm -s dir -t rpm \ --define "dist .el8" \
-n ja4sentinel \ --define "build_version ${VERSION}" \
-v "${VERSION}" \ --target x86_64 \
-C /tmp/pkgroot \ -bb /root/rpmbuild/SPECS/ja4sentinel.spec && \
--architecture "x86_64" \ mkdir -p /packages/rpm/el8 && \
--rpm-dist el8 \ cp /root/rpmbuild/RPMS/x86_64/*.el8.x86_64.rpm /packages/rpm/el8/
--description "JA4 TLS fingerprinting daemon for network monitoring" \
--url "https://github.com/your-repo/ja4sentinel" \
--license "MIT" \
--vendor "JA4Sentinel Team <team@example.com>" \
--depends "systemd" \
--depends "libpcap" \
--after-install /tmp/scripts/postinst \
--before-remove /tmp/scripts/prerm \
--after-remove /tmp/scripts/postrm \
-p /packages/rpm/el8/ja4sentinel-${VERSION}-1.el8.x86_64.rpm \
usr/bin/ja4sentinel \
usr/lib/systemd/system/ja4sentinel.service \
etc/ja4sentinel/config.yml.default \
usr/share/ja4sentinel/config.yml \
var/lib/ja4sentinel \
var/log/ja4sentinel \
var/run/ja4sentinel
# Build RPM for Rocky Linux 9 (el9) # Build RPM for Rocky Linux 9 (el9)
# Note: Requires libpcap at runtime # Note: Requires libpcap at runtime
RUN mkdir -p /packages/rpm/el9 && \ RUN rpmbuild --define "_topdir /root/rpmbuild" \
fpm -s dir -t rpm \ --define "dist .el9" \
-n ja4sentinel \ --define "build_version ${VERSION}" \
-v "${VERSION}" \ --target x86_64 \
-C /tmp/pkgroot \ -bb /root/rpmbuild/SPECS/ja4sentinel.spec && \
--architecture "x86_64" \ mkdir -p /packages/rpm/el9 && \
--rpm-dist el9 \ cp /root/rpmbuild/RPMS/x86_64/*.el9.x86_64.rpm /packages/rpm/el9/
--description "JA4 TLS fingerprinting daemon for network monitoring" \
--url "https://github.com/your-repo/ja4sentinel" \
--license "MIT" \
--vendor "JA4Sentinel Team <team@example.com>" \
--depends "systemd" \
--depends "libpcap" \
--after-install /tmp/scripts/postinst \
--before-remove /tmp/scripts/prerm \
--after-remove /tmp/scripts/postrm \
-p /packages/rpm/el9/ja4sentinel-${VERSION}-1.el9.x86_64.rpm \
usr/bin/ja4sentinel \
usr/lib/systemd/system/ja4sentinel.service \
etc/ja4sentinel/config.yml.default \
usr/share/ja4sentinel/config.yml \
var/lib/ja4sentinel \
var/log/ja4sentinel \
var/run/ja4sentinel
# Build RPM for AlmaLinux 10 (el10) - compatible with Rocky Linux 10 # Build RPM for AlmaLinux 10 (el10) - compatible with Rocky Linux 10
# Note: Requires libpcap at runtime # Note: Requires libpcap at runtime
RUN mkdir -p /packages/rpm/el10 && \ RUN rpmbuild --define "_topdir /root/rpmbuild" \
fpm -s dir -t rpm \ --define "dist .el10" \
-n ja4sentinel \ --define "build_version ${VERSION}" \
-v "${VERSION}" \ --target x86_64 \
-C /tmp/pkgroot \ -bb /root/rpmbuild/SPECS/ja4sentinel.spec && \
--architecture "x86_64" \ mkdir -p /packages/rpm/el10 && \
--rpm-dist el10 \ cp /root/rpmbuild/RPMS/x86_64/*.el10.x86_64.rpm /packages/rpm/el10/
--description "JA4 TLS fingerprinting daemon for network monitoring" \
--url "https://github.com/your-repo/ja4sentinel" \
--license "MIT" \
--vendor "JA4Sentinel Team <team@example.com>" \
--depends "systemd" \
--depends "libpcap" \
--after-install /tmp/scripts/postinst \
--before-remove /tmp/scripts/prerm \
--after-remove /tmp/scripts/postrm \
-p /packages/rpm/el10/ja4sentinel-${VERSION}-1.el10.x86_64.rpm \
usr/bin/ja4sentinel \
usr/lib/systemd/system/ja4sentinel.service \
etc/ja4sentinel/config.yml.default \
usr/share/ja4sentinel/config.yml \
var/lib/ja4sentinel \
var/log/ja4sentinel \
var/run/ja4sentinel
# ============================================================================= # =============================================================================
# Stage 3: Output - Image finale avec les packages RPM # Stage 3: Output - Image finale avec les packages RPM

22
packaging/rpm/ja4sentinel.spec
View File

@ -1,5 +1,5 @@
Name: ja4sentinel Name: ja4sentinel
Version: 1.0.2 Version: %{?build_version}%{!?build_version:1.0.0}
Release: 1%{?dist} Release: 1%{?dist}
Summary: JA4 TLS fingerprinting daemon for network monitoring Summary: JA4 TLS fingerprinting daemon for network monitoring
License: MIT License: MIT
@ -62,25 +62,25 @@ exit 0
%post %post
# Set proper ownership # Set proper ownership
chown -R ja4sentinel:ja4sentinel /var/lib/ja4sentinel chown -R ja4sentinel:ja4sentinel /var/lib/ja4sentinel 2>/dev/null || true
chown -R ja4sentinel:ja4sentinel /var/run/ja4sentinel chown -R ja4sentinel:ja4sentinel /var/run/ja4sentinel 2>/dev/null || true
chown -R ja4sentinel:ja4sentinel /var/log/ja4sentinel chown -R ja4sentinel:ja4sentinel /var/log/ja4sentinel 2>/dev/null || true
chown -R ja4sentinel:ja4sentinel /etc/ja4sentinel chown -R ja4sentinel:ja4sentinel /etc/ja4sentinel 2>/dev/null || true
# Set proper permissions # Set proper permissions
chmod 750 /var/lib/ja4sentinel chmod 750 /var/lib/ja4sentinel 2>/dev/null || true
chmod 750 /var/log/ja4sentinel chmod 750 /var/log/ja4sentinel 2>/dev/null || true
chmod 750 /etc/ja4sentinel chmod 750 /etc/ja4sentinel 2>/dev/null || true
# Install config if not exists # Install config if not exists
if [ ! -f /etc/ja4sentinel/config.yml ]; then if [ ! -f /etc/ja4sentinel/config.yml ]; then
cp /usr/share/ja4sentinel/config.yml /etc/ja4sentinel/config.yml cp /usr/share/ja4sentinel/config.yml /etc/ja4sentinel/config.yml
chown ja4sentinel:ja4sentinel /etc/ja4sentinel/config.yml chown ja4sentinel:ja4sentinel /etc/ja4sentinel/config.yml 2>/dev/null || true
chmod 640 /etc/ja4sentinel/config.yml chmod 640 /etc/ja4sentinel/config.yml
fi fi
# Enable and start service (systemd macro for compatibility) # Reload systemd and enable service (only if systemd is running)
if [ $1 -eq 1 ] && [ -x /bin/systemctl ]; then if [ -x /bin/systemctl ] && [ -d /run/systemd/system ]; then
/bin/systemctl daemon-reload /bin/systemctl daemon-reload
/bin/systemctl enable ja4sentinel.service 2>/dev/null || : /bin/systemctl enable ja4sentinel.service 2>/dev/null || :
/bin/systemctl start ja4sentinel.service 2>/dev/null || : /bin/systemctl start ja4sentinel.service 2>/dev/null || :