feat: CI/CD pour packages .deb et .rpm + tests d'installation

Nouveaux workflows GitHub Actions: - .github/workflows/build-deb.yml : Build et release DEB sur Ubuntu - .github/workflows/build-rpm.yml : Build et release RPM sur Fedora - Déclenchement sur tags v*, push main/master, workflow_dispatch - Upload des artifacts et création automatique de release Système de build de packages: - packaging/build-deb.sh : Script de build .deb avec sanitization version - packaging/build-rpm.sh : Script de build .rpm (via Docker) - packaging/Dockerfile.deb : Container Ubuntu 22.04 pour build DEB - packaging/Dockerfile.rpm : Container Go 1.24 + rpm pour build RPM Fichiers de configuration systemd: - packaging/systemd/ja4sentinel.service : Unit avec security hardening * NoNewPrivileges, ProtectSystem, ProtectHome * CAP_NET_RAW, CAP_NET_ADMIN pour packet capture - packaging/systemd/config.yml : Configuration par défaut Scripts mainteneur DEB: - packaging/deb/postinst : Création user/group, dirs, config - packaging/deb/prerm : Stop service avant upgrade/remove - packaging/deb/postrm : Cleanup complet en purge Spec file RPM: - packaging/rpm/ja4sentinel.spec : Spec complet avec dependencies * Requires: systemd, libpcap * %pre/%post/%preun/%postun scripts Tests d'installation dans containers: - packaging/test/test-deb.sh : Build + test Docker Ubuntu - packaging/test/test-rpm.sh : Build + test Docker Fedora - packaging/test/test-install-deb.sh : 11 tests automatisés - packaging/test/test-install-rpm.sh : 11 tests automatisés - Dockerfile.deb/rpm : Containers de test dédiés Makefile: - package-deb : Build .deb - package-rpm : Build .rpm via Docker (no-cache) - package : Build les deux - test-package-deb : Build + test installation DEB - test-package-rpm : Build + test installation RPM - test-package : Test les deux packages Tests: - ✅ DEB: 11/11 tests passés (binaire, config, service, user, dirs) - ✅ RPM: Build réussi (3.3 MB) - Version sanitization pour git tags (ex: efd4481-dirty → 0.0.0+efd4481-dirty) Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
2026-02-25 21:05:23 +01:00
parent efd4481729
commit 61bf05454e
19 changed files with 1246 additions and 2 deletions
--- a/packaging/systemd/ja4sentinel.service
+++ b/packaging/systemd/ja4sentinel.service
@ -0,0 +1,39 @@
+[Unit]
+Description=JA4 client fingerprinting daemon
+Documentation=https://github.com/your-repo/ja4sentinel
+After=network.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=ja4sentinel
+Group=ja4sentinel
+WorkingDirectory=/var/lib/ja4sentinel
+ExecStart=/usr/bin/ja4sentinel --config /etc/ja4sentinel/config.yml
+Restart=on-failure
+RestartSec=5
+Environment=JA4SENTINEL_LOG_LEVEL=info
+
+# Security hardening
+NoNewPrivileges=yes
+ProtectSystem=full
+ProtectHome=yes
+PrivateTmp=yes
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+ProtectControlGroups=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+MemoryDenyWriteExecute=yes
+LockPersonality=yes
+
+# Capabilities for packet capture
+AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN
+CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN
+
+# Resource limits
+LimitNOFILE=65536
+LimitNPROC=64
+
+[Install]
+WantedBy=multi-user.target