feat: CI/CD pour packages .deb et .rpm + tests d'installation

Nouveaux workflows GitHub Actions:
- .github/workflows/build-deb.yml : Build et release DEB sur Ubuntu
- .github/workflows/build-rpm.yml : Build et release RPM sur Fedora
- Déclenchement sur tags v*, push main/master, workflow_dispatch
- Upload des artifacts et création automatique de release

Système de build de packages:
- packaging/build-deb.sh : Script de build .deb avec sanitization version
- packaging/build-rpm.sh : Script de build .rpm (via Docker)
- packaging/Dockerfile.deb : Container Ubuntu 22.04 pour build DEB
- packaging/Dockerfile.rpm : Container Go 1.24 + rpm pour build RPM

Fichiers de configuration systemd:
- packaging/systemd/ja4sentinel.service : Unit avec security hardening
  * NoNewPrivileges, ProtectSystem, ProtectHome
  * CAP_NET_RAW, CAP_NET_ADMIN pour packet capture
- packaging/systemd/config.yml : Configuration par défaut

Scripts mainteneur DEB:
- packaging/deb/postinst : Création user/group, dirs, config
- packaging/deb/prerm : Stop service avant upgrade/remove
- packaging/deb/postrm : Cleanup complet en purge

Spec file RPM:
- packaging/rpm/ja4sentinel.spec : Spec complet avec dependencies
  * Requires: systemd, libpcap
  * %pre/%post/%preun/%postun scripts

Tests d'installation dans containers:
- packaging/test/test-deb.sh : Build + test Docker Ubuntu
- packaging/test/test-rpm.sh : Build + test Docker Fedora
- packaging/test/test-install-deb.sh : 11 tests automatisés
- packaging/test/test-install-rpm.sh : 11 tests automatisés
- Dockerfile.deb/rpm : Containers de test dédiés

Makefile:
- package-deb : Build .deb
- package-rpm : Build .rpm via Docker (no-cache)
- package : Build les deux
- test-package-deb : Build + test installation DEB
- test-package-rpm : Build + test installation RPM
- test-package : Test les deux packages

Tests:
- ✅ DEB: 11/11 tests passés (binaire, config, service, user, dirs)
- ✅ RPM: Build réussi (3.3 MB)
- Version sanitization pour git tags (ex: efd4481-dirty → 0.0.0+efd4481-dirty)

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>

packaging/rpm/ja4sentinel.spec

@@ -0,0 +1,113 @@
+Name:           ja4sentinel
+Version:        1.0.0
+Release:        1%{?dist}
+Summary:        JA4 TLS fingerprinting daemon for network monitoring
+License:        MIT
+URL:            https://github.com/your-repo/ja4sentinel
+BuildArch:      x86_64
+
+# Runtime dependencies
+Requires:       systemd
+Requires:       libpcap
+
+%description
+JA4Sentinel is a Go-based tool for capturing network traffic on Linux servers,
+extracting client-side TLS handshakes, generating JA4 signatures, enriching
+with IP/TCP metadata, and logging results to configurable outputs.
+
+Features:
+- Network packet capture with BPF filters
+- TLS ClientHello extraction
+- JA4/JA3 fingerprint generation
+- IP/TCP metadata enrichment
+- Multiple output formats (stdout, file, UNIX socket)
+- Structured JSON logging for systemd/journald
+
+%prep
+# No source to unpack, binary is pre-built
+
+%build
+# No build needed, binary is pre-built
+
+%install
+mkdir -p %{buildroot}/usr/bin
+mkdir -p %{buildroot}/etc/ja4sentinel
+mkdir -p %{buildroot}/var/lib/ja4sentinel
+mkdir -p %{buildroot}/var/log/ja4sentinel
+mkdir -p %{buildroot}/var/run/ja4sentinel
+mkdir -p %{buildroot}/usr/lib/systemd/system
+mkdir -p %{buildroot}/usr/share/ja4sentinel
+
+# Install binary
+install -m 755 %{_sourcedir}/ja4sentinel %{buildroot}/usr/bin/ja4sentinel
+
+# Install systemd service
+install -m 644 %{_sourcedir}/ja4sentinel.service %{buildroot}/usr/lib/systemd/system/ja4sentinel.service
+
+# Install default config
+install -m 640 %{_sourcedir}/config.yml %{buildroot}/etc/ja4sentinel/config.yml.default
+install -m 640 %{_sourcedir}/config.yml %{buildroot}/usr/share/ja4sentinel/config.yml
+
+%pre
+getent group ja4sentinel >/dev/null || groupadd -r ja4sentinel
+getent passwd ja4sentinel >/dev/null || \
+    useradd -r -g ja4sentinel -d /var/lib/ja4sentinel -s /sbin/nologin \
+    -c "JA4Sentinel Service User" ja4sentinel
+exit 0
+
+%post
+# Set proper ownership
+chown -R ja4sentinel:ja4sentinel /var/lib/ja4sentinel
+chown -R ja4sentinel:ja4sentinel /var/run/ja4sentinel
+chown -R ja4sentinel:ja4sentinel /var/log/ja4sentinel
+chown -R ja4sentinel:ja4sentinel /etc/ja4sentinel
+
+# Set proper permissions
+chmod 750 /var/lib/ja4sentinel
+chmod 750 /var/log/ja4sentinel
+chmod 750 /etc/ja4sentinel
+
+# Install config if not exists
+if [ ! -f /etc/ja4sentinel/config.yml ]; then
+    cp /usr/share/ja4sentinel/config.yml /etc/ja4sentinel/config.yml
+    chown ja4sentinel:ja4sentinel /etc/ja4sentinel/config.yml
+    chmod 640 /etc/ja4sentinel/config.yml
+fi
+
+# Enable service
+if [ $1 -eq 1 ] && [ -x /bin/systemctl ]; then
+    /bin/systemctl daemon-reload
+    /bin/systemctl enable ja4sentinel.service
+    /bin/systemctl start ja4sentinel.service
+fi
+
+%preun
+if [ $1 -eq 0 ]; then
+    # Package removal, stop and disable service
+    if [ -x /bin/systemctl ]; then
+        /bin/systemctl stop ja4sentinel.service >/dev/null 2>&1 || true
+        /bin/systemctl disable ja4sentinel.service >/dev/null 2>&1 || true
+    fi
+fi
+
+%postun
+if [ $1 -eq 0 ]; then
+    # Package removal, reload systemd
+    if [ -x /bin/systemctl ]; then
+        /bin/systemctl daemon-reload
+    fi
+fi
+
+%files
+/usr/bin/ja4sentinel
+/usr/lib/systemd/system/ja4sentinel.service
+/usr/share/ja4sentinel/config.yml
+%config(noreplace) /etc/ja4sentinel/config.yml.default
+%dir /etc/ja4sentinel
+%dir /var/lib/ja4sentinel
+%dir /var/log/ja4sentinel
+%dir /var/run/ja4sentinel
+
+%changelog
+* Wed Feb 25 2026 JA4Sentinel Team <team@example.com> - 1.0.0-1
+- Initial package release