feat: CI/CD pour packages .deb et .rpm + tests d'installation
Nouveaux workflows GitHub Actions: - .github/workflows/build-deb.yml : Build et release DEB sur Ubuntu - .github/workflows/build-rpm.yml : Build et release RPM sur Fedora - Déclenchement sur tags v*, push main/master, workflow_dispatch - Upload des artifacts et création automatique de release Système de build de packages: - packaging/build-deb.sh : Script de build .deb avec sanitization version - packaging/build-rpm.sh : Script de build .rpm (via Docker) - packaging/Dockerfile.deb : Container Ubuntu 22.04 pour build DEB - packaging/Dockerfile.rpm : Container Go 1.24 + rpm pour build RPM Fichiers de configuration systemd: - packaging/systemd/ja4sentinel.service : Unit avec security hardening * NoNewPrivileges, ProtectSystem, ProtectHome * CAP_NET_RAW, CAP_NET_ADMIN pour packet capture - packaging/systemd/config.yml : Configuration par défaut Scripts mainteneur DEB: - packaging/deb/postinst : Création user/group, dirs, config - packaging/deb/prerm : Stop service avant upgrade/remove - packaging/deb/postrm : Cleanup complet en purge Spec file RPM: - packaging/rpm/ja4sentinel.spec : Spec complet avec dependencies * Requires: systemd, libpcap * %pre/%post/%preun/%postun scripts Tests d'installation dans containers: - packaging/test/test-deb.sh : Build + test Docker Ubuntu - packaging/test/test-rpm.sh : Build + test Docker Fedora - packaging/test/test-install-deb.sh : 11 tests automatisés - packaging/test/test-install-rpm.sh : 11 tests automatisés - Dockerfile.deb/rpm : Containers de test dédiés Makefile: - package-deb : Build .deb - package-rpm : Build .rpm via Docker (no-cache) - package : Build les deux - test-package-deb : Build + test installation DEB - test-package-rpm : Build + test installation RPM - test-package : Test les deux packages Tests: - ✅ DEB: 11/11 tests passés (binaire, config, service, user, dirs) - ✅ RPM: Build réussi (3.3 MB) - Version sanitization pour git tags (ex: efd4481-dirty → 0.0.0+efd4481-dirty) Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
This commit is contained in:
Jacquin Antoine
113
packaging/build-deb.sh
Executable file
113
packaging/build-deb.sh
Executable file
@ -0,0 +1,113 @@
|
||||
#!/bin/bash
|
||||
# Build script for .deb package
|
||||
# Usage: ./build-deb.sh [version] [architecture]
|
||||
|
||||
set -e
|
||||
|
||||
# Sanitize version for Debian package (must start with digit)
|
||||
VERSION="${1:-1.0.0}"
|
||||
ARCH="${2:-amd64}"
|
||||
PACKAGE_NAME="ja4sentinel"
|
||||
|
||||
# Convert git version to Debian-compatible format
|
||||
# e.g., "v1.0.0" -> "1.0.0", "efd4481-dirty" -> "0.0.0+efd4481"
|
||||
if [[ "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+ ]]; then
|
||||
# Already a valid semver
|
||||
DEB_VERSION="$VERSION"
|
||||
elif [[ "$VERSION" =~ ^v([0-9]+\.[0-9]+\.[0-9]+) ]]; then
|
||||
# v-prefixed semver
|
||||
DEB_VERSION="${BASH_REMATCH[1]}"
|
||||
else
|
||||
# Git hash or other format -> use 0.0.0+<hash>
|
||||
DEB_VERSION="0.0.0+${VERSION//[^a-zA-Z0-9+.-]/_}"
|
||||
fi
|
||||
|
||||
echo "=== Building ${PACKAGE_NAME} ${DEB_VERSION} for ${ARCH} ==="
|
||||
|
||||
# Directories
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
|
||||
BUILD_DIR="${PROJECT_ROOT}/build/deb"
|
||||
PACKAGE_DIR="${BUILD_DIR}/${PACKAGE_NAME}_${DEB_VERSION}_${ARCH}"
|
||||
|
||||
# Clean and create build directory
|
||||
rm -rf "${BUILD_DIR}"
|
||||
mkdir -p "${PACKAGE_DIR}"
|
||||
|
||||
# Create package structure
|
||||
mkdir -p "${PACKAGE_DIR}/usr/bin"
|
||||
mkdir -p "${PACKAGE_DIR}/etc/ja4sentinel"
|
||||
mkdir -p "${PACKAGE_DIR}/var/lib/ja4sentinel"
|
||||
mkdir -p "${PACKAGE_DIR}/var/log/ja4sentinel"
|
||||
mkdir -p "${PACKAGE_DIR}/var/run/ja4sentinel"
|
||||
mkdir -p "${PACKAGE_DIR}/usr/lib/systemd/system"
|
||||
mkdir -p "${PACKAGE_DIR}/usr/share/ja4sentinel"
|
||||
mkdir -p "${PACKAGE_DIR}/DEBIAN"
|
||||
|
||||
# Copy binary (build if not exists)
|
||||
if [ ! -f "${PROJECT_ROOT}/dist/ja4sentinel-linux-amd64" ]; then
|
||||
echo "Building binary..."
|
||||
cd "${PROJECT_ROOT}"
|
||||
make build-linux
|
||||
fi
|
||||
cp "${PROJECT_ROOT}/dist/ja4sentinel-linux-amd64" "${PACKAGE_DIR}/usr/bin/ja4sentinel"
|
||||
chmod 755 "${PACKAGE_DIR}/usr/bin/ja4sentinel"
|
||||
|
||||
# Copy systemd service
|
||||
cp "${SCRIPT_DIR}/systemd/ja4sentinel.service" "${PACKAGE_DIR}/usr/lib/systemd/system/ja4sentinel.service"
|
||||
chmod 644 "${PACKAGE_DIR}/usr/lib/systemd/system/ja4sentinel.service"
|
||||
|
||||
# Copy default config
|
||||
cp "${SCRIPT_DIR}/systemd/config.yml" "${PACKAGE_DIR}/etc/ja4sentinel/config.yml.default"
|
||||
cp "${SCRIPT_DIR}/systemd/config.yml" "${PACKAGE_DIR}/usr/share/ja4sentinel/config.yml"
|
||||
chmod 640 "${PACKAGE_DIR}/etc/ja4sentinel/config.yml.default"
|
||||
chmod 640 "${PACKAGE_DIR}/usr/share/ja4sentinel/config.yml"
|
||||
|
||||
# Copy maintainer scripts
|
||||
cp "${SCRIPT_DIR}/deb/postinst" "${PACKAGE_DIR}/DEBIAN/postinst"
|
||||
cp "${SCRIPT_DIR}/deb/prerm" "${PACKAGE_DIR}/DEBIAN/prerm"
|
||||
cp "${SCRIPT_DIR}/deb/postrm" "${PACKAGE_DIR}/DEBIAN/postrm"
|
||||
chmod 755 "${PACKAGE_DIR}/DEBIAN/postinst"
|
||||
chmod 755 "${PACKAGE_DIR}/DEBIAN/prerm"
|
||||
chmod 755 "${PACKAGE_DIR}/DEBIAN/postrm"
|
||||
|
||||
# Create control file
|
||||
cat > "${PACKAGE_DIR}/DEBIAN/control" << EOF
|
||||
Package: ${PACKAGE_NAME}
|
||||
Version: ${DEB_VERSION}
|
||||
Section: net
|
||||
Priority: optional
|
||||
Architecture: ${ARCH}
|
||||
Depends: systemd, libpcap0.8
|
||||
Maintainer: JA4Sentinel Team <team@example.com>
|
||||
Description: JA4 TLS fingerprinting daemon
|
||||
JA4Sentinel is a Go-based tool for capturing network traffic on Linux servers,
|
||||
extracting client-side TLS handshakes, generating JA4 signatures, enriching
|
||||
with IP/TCP metadata, and logging results to configurable outputs.
|
||||
.
|
||||
Features:
|
||||
- Network packet capture with BPF filters
|
||||
- TLS ClientHello extraction
|
||||
- JA4/JA3 fingerprint generation
|
||||
- IP/TCP metadata enrichment
|
||||
- Multiple output formats (stdout, file, UNIX socket)
|
||||
- Structured JSON logging for systemd/journald
|
||||
Homepage: https://github.com/your-repo/ja4sentinel
|
||||
EOF
|
||||
|
||||
# Create conffiles
|
||||
echo "/etc/ja4sentinel/config.yml.default" > "${PACKAGE_DIR}/DEBIAN/conffiles"
|
||||
|
||||
# Build the package
|
||||
echo "Building .deb package..."
|
||||
cd "${BUILD_DIR}"
|
||||
dpkg-deb --build "${PACKAGE_NAME}_${DEB_VERSION}_${ARCH}"
|
||||
|
||||
# Calculate checksum
|
||||
cd "${BUILD_DIR}"
|
||||
sha256sum "${PACKAGE_NAME}_${DEB_VERSION}_${ARCH}.deb" > "${PACKAGE_NAME}_${DEB_VERSION}_${ARCH}.deb.sha256"
|
||||
|
||||
echo ""
|
||||
echo "=== Build complete ==="
|
||||
echo "Package: ${BUILD_DIR}/${PACKAGE_NAME}_${DEB_VERSION}_${ARCH}.deb"
|
||||
echo "Checksum: $(cat ${PACKAGE_NAME}_${DEB_VERSION}_${ARCH}.deb.sha256)"
|
||||
Reference in New Issue
Block a user