feat: CI/CD pour packages .deb et .rpm + tests d'installation
Nouveaux workflows GitHub Actions: - .github/workflows/build-deb.yml : Build et release DEB sur Ubuntu - .github/workflows/build-rpm.yml : Build et release RPM sur Fedora - Déclenchement sur tags v*, push main/master, workflow_dispatch - Upload des artifacts et création automatique de release Système de build de packages: - packaging/build-deb.sh : Script de build .deb avec sanitization version - packaging/build-rpm.sh : Script de build .rpm (via Docker) - packaging/Dockerfile.deb : Container Ubuntu 22.04 pour build DEB - packaging/Dockerfile.rpm : Container Go 1.24 + rpm pour build RPM Fichiers de configuration systemd: - packaging/systemd/ja4sentinel.service : Unit avec security hardening * NoNewPrivileges, ProtectSystem, ProtectHome * CAP_NET_RAW, CAP_NET_ADMIN pour packet capture - packaging/systemd/config.yml : Configuration par défaut Scripts mainteneur DEB: - packaging/deb/postinst : Création user/group, dirs, config - packaging/deb/prerm : Stop service avant upgrade/remove - packaging/deb/postrm : Cleanup complet en purge Spec file RPM: - packaging/rpm/ja4sentinel.spec : Spec complet avec dependencies * Requires: systemd, libpcap * %pre/%post/%preun/%postun scripts Tests d'installation dans containers: - packaging/test/test-deb.sh : Build + test Docker Ubuntu - packaging/test/test-rpm.sh : Build + test Docker Fedora - packaging/test/test-install-deb.sh : 11 tests automatisés - packaging/test/test-install-rpm.sh : 11 tests automatisés - Dockerfile.deb/rpm : Containers de test dédiés Makefile: - package-deb : Build .deb - package-rpm : Build .rpm via Docker (no-cache) - package : Build les deux - test-package-deb : Build + test installation DEB - test-package-rpm : Build + test installation RPM - test-package : Test les deux packages Tests: - ✅ DEB: 11/11 tests passés (binaire, config, service, user, dirs) - ✅ RPM: Build réussi (3.3 MB) - Version sanitization pour git tags (ex: efd4481-dirty → 0.0.0+efd4481-dirty) Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
This commit is contained in:
Jacquin Antoine
35
packaging/systemd/config.yml
Normal file
35
packaging/systemd/config.yml
Normal file
@ -0,0 +1,35 @@
|
||||
# JA4Sentinel Configuration
|
||||
# Default configuration file for ja4sentinel service
|
||||
|
||||
core:
|
||||
# Network interface to monitor (use 'ip link' to list available interfaces)
|
||||
interface: eth0
|
||||
|
||||
# TCP ports to monitor for TLS handshakes
|
||||
listen_ports:
|
||||
- 443
|
||||
- 8443
|
||||
|
||||
# Optional BPF filter (leave empty for default port-based filter)
|
||||
bpf_filter: ""
|
||||
|
||||
# Timeout in seconds for TLS handshake extraction per flow
|
||||
flow_timeout_sec: 30
|
||||
|
||||
# Output configuration - enable one or more outputs
|
||||
outputs:
|
||||
# Log to stdout (captured by journald)
|
||||
- type: stdout
|
||||
enabled: true
|
||||
|
||||
# Log to file (optional)
|
||||
# - type: file
|
||||
# enabled: false
|
||||
# params:
|
||||
# path: /var/log/ja4sentinel/ja4.json
|
||||
|
||||
# Log to UNIX socket (optional, for external processing)
|
||||
# - type: unix_socket
|
||||
# enabled: false
|
||||
# params:
|
||||
# socket_path: /var/run/ja4sentinel/ja4.sock
|
||||
Reference in New Issue
Block a user