feat: generate RPM packages for CentOS 7, Rocky Linux 8/9/10

- Update Dockerfile.package to build RPMs for multiple distributions using a unified fpm-based approach - Add RPM maintainer scripts (postinst, prerm, postrm) for proper installation and service management - Update ja4sentinel.spec for CentOS 7+ compatibility - Add packaging/systemd/config.yml as default configuration - Update test-rpm.sh to test installation on all 4 target distributions - Fix CentOS 7 repository configuration (EOL - vault.centos.org) Generated RPMs: - el7: CentOS 7 (libpcap >= 1.4.0) - el8: Rocky Linux 8 (libpcap >= 1.9.0) - el9: Rocky Linux 9 (libpcap >= 1.9.0) - el10: AlmaLinux 10 / Rocky Linux 10 (libpcap >= 1.9.0) Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
2026-02-28 17:02:58 +01:00
parent 27eaa8aa4c
commit 86649b1630
8 changed files with 369 additions and 65 deletions
--- a/Dockerfile.package
+++ b/Dockerfile.package
@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 # =============================================================================
-# ja4sentinel - Dockerfile de packaging unifié (DEB + RPM avec fpm)
+# ja4sentinel - Dockerfile de packaging unifié (DEB + RPM pour CentOS 7, Rocky 8/9/10)
 # =============================================================================

 # =============================================================================
@ -35,9 +35,9 @@ RUN mkdir -p dist && \
    ./cmd/ja4sentinel

 # =============================================================================
-# Stage 2: Package builder - fpm pour DEB et RPM
+# Stage 2: Package builder - fpm pour DEB
 # =============================================================================
-FROM ruby:3.2-bookworm AS package-builder
+FROM ruby:3.2-bookworm AS deb-builder

 WORKDIR /package

@ -48,7 +48,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
    fakeroot \
    libpcap-dev \
    && rm -rf /var/lib/apt/lists/* \
-    && gem install fpm -v 1.16.0
+    && gem install fpm -v 1.16.0 --no-document

 # Copy binary from builder
 COPY --from=builder /build/dist/ja4sentinel /tmp/pkgroot/usr/bin/ja4sentinel
@ -102,14 +102,78 @@ RUN mkdir -p /packages/deb && \
    var/log/ja4sentinel \
    var/run/ja4sentinel

-# Build RPM package
-ARG DIST=el9
-RUN mkdir -p /packages/rpm && \
+# =============================================================================
+# Stage 3: RPM Builder - Universal builder with fpm installed
+# Using ruby:3.2-bookworm as base for fpm, builds all RPM variants
+# =============================================================================
+FROM ruby:3.2-bookworm AS rpm-builder
+
+WORKDIR /package
+
+# Install fpm and rpm tools
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    rpm \
+    rpm-common \
+    && rm -rf /var/lib/apt/lists/* \
+    && gem install fpm -v 1.16.0 --no-document
+
+# Copy binary from Go builder
+COPY --from=builder /build/dist/ja4sentinel /tmp/pkgroot/usr/bin/ja4sentinel
+COPY --from=builder /build/packaging/systemd/ja4sentinel.service /tmp/pkgroot/usr/lib/systemd/system/ja4sentinel.service
+COPY --from=builder /build/packaging/systemd/config.yml /tmp/pkgroot/etc/ja4sentinel/config.yml.default
+COPY --from=builder /build/packaging/systemd/config.yml /tmp/pkgroot/usr/share/ja4sentinel/config.yml
+COPY packaging/rpm/postinst /tmp/scripts/postinst
+COPY packaging/rpm/prerm /tmp/scripts/prerm
+COPY packaging/rpm/postrm /tmp/scripts/postrm
+
+# Create directories and set permissions
+RUN mkdir -p /tmp/pkgroot/var/lib/ja4sentinel && \
+    mkdir -p /tmp/pkgroot/var/log/ja4sentinel && \
+    mkdir -p /tmp/pkgroot/var/run/ja4sentinel && \
+    chmod 755 /tmp/pkgroot/usr/bin/ja4sentinel && \
+    chmod 644 /tmp/pkgroot/usr/lib/systemd/system/ja4sentinel.service && \
+    chmod 640 /tmp/pkgroot/etc/ja4sentinel/config.yml.default && \
+    chmod 640 /tmp/pkgroot/usr/share/ja4sentinel/config.yml && \
+    chmod 750 /tmp/pkgroot/var/lib/ja4sentinel && \
+    chmod 750 /tmp/pkgroot/var/log/ja4sentinel && \
+    chmod 750 /tmp/pkgroot/var/run/ja4sentinel && \
+    chmod 750 /tmp/pkgroot/etc/ja4sentinel && \
+    chmod 755 /tmp/scripts/*
+
+# Build RPM for CentOS 7 (el7)
+ARG VERSION=1.0.0
+RUN mkdir -p /packages/rpm/el7 && \
    fpm -s dir -t rpm \
    -n ja4sentinel \
    -v "${VERSION}" \
    -C /tmp/pkgroot \
    --architecture "x86_64" \
+    --rpm-dist el7 \
+    --description "JA4 TLS fingerprinting daemon for network monitoring" \
+    --url "https://github.com/your-repo/ja4sentinel" \
+    --license "MIT" \
+    --vendor "JA4Sentinel Team <team@example.com>" \
+    --depends "systemd" \
+    --depends "libpcap >= 1.4.0" \
+    --after-install /tmp/scripts/postinst \
+    --before-remove /tmp/scripts/prerm \
+    --after-remove /tmp/scripts/postrm \
+    -p /packages/rpm/el7/ja4sentinel-${VERSION}-1.el7.x86_64.rpm \
+    usr/bin/ja4sentinel \
+    etc/ja4sentinel/config.yml.default \
+    usr/share/ja4sentinel/config.yml \
+    var/lib/ja4sentinel \
+    var/log/ja4sentinel \
+    var/run/ja4sentinel
+
+# Build RPM for Rocky Linux 8 (el8)
+RUN mkdir -p /packages/rpm/el8 && \
+    fpm -s dir -t rpm \
+    -n ja4sentinel \
+    -v "${VERSION}" \
+    -C /tmp/pkgroot \
+    --architecture "x86_64" \
+    --rpm-dist el8 \
    --description "JA4 TLS fingerprinting daemon for network monitoring" \
    --url "https://github.com/your-repo/ja4sentinel" \
    --license "MIT" \
@ -119,7 +183,57 @@ RUN mkdir -p /packages/rpm && \
    --after-install /tmp/scripts/postinst \
    --before-remove /tmp/scripts/prerm \
    --after-remove /tmp/scripts/postrm \
-    -p /packages/rpm/ja4sentinel-${VERSION}-1.x86_64.rpm \
+    -p /packages/rpm/el8/ja4sentinel-${VERSION}-1.el8.x86_64.rpm \
+    usr/bin/ja4sentinel \
+    etc/ja4sentinel/config.yml.default \
+    usr/share/ja4sentinel/config.yml \
+    var/lib/ja4sentinel \
+    var/log/ja4sentinel \
+    var/run/ja4sentinel
+
+# Build RPM for Rocky Linux 9 (el9)
+RUN mkdir -p /packages/rpm/el9 && \
+    fpm -s dir -t rpm \
+    -n ja4sentinel \
+    -v "${VERSION}" \
+    -C /tmp/pkgroot \
+    --architecture "x86_64" \
+    --rpm-dist el9 \
+    --description "JA4 TLS fingerprinting daemon for network monitoring" \
+    --url "https://github.com/your-repo/ja4sentinel" \
+    --license "MIT" \
+    --vendor "JA4Sentinel Team <team@example.com>" \
+    --depends "systemd" \
+    --depends "libpcap >= 1.9.0" \
+    --after-install /tmp/scripts/postinst \
+    --before-remove /tmp/scripts/prerm \
+    --after-remove /tmp/scripts/postrm \
+    -p /packages/rpm/el9/ja4sentinel-${VERSION}-1.el9.x86_64.rpm \
+    usr/bin/ja4sentinel \
+    etc/ja4sentinel/config.yml.default \
+    usr/share/ja4sentinel/config.yml \
+    var/lib/ja4sentinel \
+    var/log/ja4sentinel \
+    var/run/ja4sentinel
+
+# Build RPM for AlmaLinux 10 (el10) - compatible with Rocky Linux 10
+RUN mkdir -p /packages/rpm/el10 && \
+    fpm -s dir -t rpm \
+    -n ja4sentinel \
+    -v "${VERSION}" \
+    -C /tmp/pkgroot \
+    --architecture "x86_64" \
+    --rpm-dist el10 \
+    --description "JA4 TLS fingerprinting daemon for network monitoring" \
+    --url "https://github.com/your-repo/ja4sentinel" \
+    --license "MIT" \
+    --vendor "JA4Sentinel Team <team@example.com>" \
+    --depends "systemd" \
+    --depends "libpcap >= 1.9.0" \
+    --after-install /tmp/scripts/postinst \
+    --before-remove /tmp/scripts/prerm \
+    --after-remove /tmp/scripts/postrm \
+    -p /packages/rpm/el10/ja4sentinel-${VERSION}-1.el10.x86_64.rpm \
    usr/bin/ja4sentinel \
    etc/ja4sentinel/config.yml.default \
    usr/share/ja4sentinel/config.yml \
@ -128,12 +242,15 @@ RUN mkdir -p /packages/rpm && \
    var/run/ja4sentinel

 # =============================================================================
-# Stage 3: Output - Image finale avec les packages
+# Stage 4: Output - Image finale avec les packages
 # =============================================================================
 FROM alpine:latest AS output

 WORKDIR /packages
-COPY --from=package-builder /packages/deb/*.deb /packages/deb/
-COPY --from=package-builder /packages/rpm/*.rpm /packages/rpm/
+COPY --from=deb-builder /packages/deb/*.deb /packages/deb/
+COPY --from=rpm-builder /packages/rpm/el7/*.rpm /packages/rpm/el7/
+COPY --from=rpm-builder /packages/rpm/el8/*.rpm /packages/rpm/el8/
+COPY --from=rpm-builder /packages/rpm/el9/*.rpm /packages/rpm/el9/
+COPY --from=rpm-builder /packages/rpm/el10/*.rpm /packages/rpm/el10/

-CMD ["sh", "-c", "echo '=== DEB Packages ===' && ls -la /packages/deb/ && echo '' && echo '=== RPM Packages ===' && ls -la /packages/rpm/"]
+CMD ["sh", "-c", "echo '=== DEB Packages ===' && ls -la /packages/deb/ && echo '' && echo '=== RPM Packages (el7) ===' && ls -la /packages/rpm/el7/ && echo '' && echo '=== RPM Packages (el8) ===' && ls -la /packages/rpm/el8/ && echo '' && echo '=== RPM Packages (el9) ===' && ls -la /packages/rpm/el9/ && echo '' && echo '=== RPM Packages (el10) ===' && ls -la /packages/rpm/el10/"]
--- a/25
+++ b/25
@ -109,9 +109,28 @@ package-deb:
 	@echo "RPM packages created:"
 	ls -la build/rpm/

-## package-rpm: Build RPM package (requires Docker)
-package-rpm: package-deb
-	@echo "RPM built together with DEB in Dockerfile.package"
+## package-rpm: Build RPM packages for all target distributions (requires Docker)
+package-rpm:
+	mkdir -p build/rpm/el7 build/rpm/el8 build/rpm/el9 build/rpm/el10
+	@echo "Building RPM packages for CentOS 7, Rocky Linux 8/9, AlmaLinux 10..."
+	docker build --target output -t ja4sentinel-rpm-packager:latest \
+		--build-arg VERSION=$(PKG_VERSION) \
+		-f Dockerfile.package .
+	@echo "Extracting RPM packages from Docker image..."
+	@docker run --rm -v $(PWD)/build:/output ja4sentinel-rpm-packager:latest sh -c \
+		'cp -r /packages/rpm/el7 /output/rpm/ && \
+		 cp -r /packages/rpm/el8 /output/rpm/ && \
+		 cp -r /packages/rpm/el9 /output/rpm/ && \
+		 cp -r /packages/rpm/el10 /output/rpm/'
+	@echo "RPM packages created:"
+	@echo "  CentOS 7 (el7):"
+	ls -la build/rpm/el7/ 2>/dev/null || echo "    (no packages)"
+	@echo "  Rocky Linux 8 (el8):"
+	ls -la build/rpm/el8/ 2>/dev/null || echo "    (no packages)"
+	@echo "  Rocky Linux 9 (el9):"
+	ls -la build/rpm/el9/ 2>/dev/null || echo "    (no packages)"
+	@echo "  AlmaLinux/Rocky 10 (el10):"
+	ls -la build/rpm/el10/ 2>/dev/null || echo "    (no packages)"

 ## test-package-deb: Test DEB package installation in Docker
 test-package-deb: package-deb
--- a/packaging/rpm/ja4sentinel.spec
+++ b/packaging/rpm/ja4sentinel.spec
@ -6,11 +6,13 @@ License:        MIT
 URL:            https://github.com/your-repo/ja4sentinel
 BuildArch:      x86_64

-# Rocky Linux / RHEL compatibility
-# Requires EPEL for some dependencies if not in base repos
+# Distribution-agnostic dependencies
+# systemd is available on all target distros (CentOS 7, Rocky 8/9/10)
 Requires:       systemd
-# libpcap is available in base repos for RHEL/CentOS/Rocky 8+
-Requires:       libpcap >= 1.9.0
+# libpcap version varies by distro:
+# - CentOS 7: 1.4.0
+# - Rocky 8/9/10: 1.9.0+
+Requires:       libpcap >= 1.4.0

 %description
 JA4Sentinel is a Go-based tool for capturing network traffic on Linux servers,
@ -24,7 +26,7 @@ Features:
 - IP/TCP metadata enrichment
 - Multiple output formats (stdout, file, UNIX socket)
 - Structured JSON logging for systemd/journald
- Compatible with Rocky Linux, RHEL, CentOS
+- Compatible with CentOS 7, Rocky Linux 8/9/10, RHEL

 %prep
 # No source to unpack, binary is pre-built
@ -52,6 +54,7 @@ install -m 640 %{_sourcedir}/config.yml %{buildroot}/etc/ja4sentinel/config.yml.
 install -m 640 %{_sourcedir}/config.yml %{buildroot}/usr/share/ja4sentinel/config.yml

 %pre
+# Create system user and group (compatible with CentOS 7+)
 getent group ja4sentinel >/dev/null || groupadd -r ja4sentinel
 getent passwd ja4sentinel >/dev/null || \
    useradd -r -g ja4sentinel -d /var/lib/ja4sentinel -s /sbin/nologin \
@ -77,19 +80,19 @@ if [ ! -f /etc/ja4sentinel/config.yml ]; then
    chmod 640 /etc/ja4sentinel/config.yml
 fi

-# Enable service
+# Enable and start service (systemd macro for compatibility)
 if [ $1 -eq 1 ] && [ -x /bin/systemctl ]; then
    /bin/systemctl daemon-reload
-    /bin/systemctl enable ja4sentinel.service
-    /bin/systemctl start ja4sentinel.service
+    /bin/systemctl enable ja4sentinel.service 2>/dev/null || :
+    /bin/systemctl start ja4sentinel.service 2>/dev/null || :
 fi

 %preun
 if [ $1 -eq 0 ]; then
    # Package removal, stop and disable service
    if [ -x /bin/systemctl ]; then
-        /bin/systemctl stop ja4sentinel.service >/dev/null 2>&1 || true
-        /bin/systemctl disable ja4sentinel.service >/dev/null 2>&1 || true
+        /bin/systemctl stop ja4sentinel.service >/dev/null 2>&1 || :
+        /bin/systemctl disable ja4sentinel.service >/dev/null 2>&1 || :
    fi
 fi

@ -113,4 +116,4 @@ fi

 %changelog
 * Wed Feb 25 2026 JA4Sentinel Team <team@example.com> - 1.0.0-1
- Initial package release
+- Initial package release for CentOS 7, Rocky Linux 8/9/10
--- a/packaging/rpm/postinst
+++ b/packaging/rpm/postinst
@ -0,0 +1,45 @@
+#!/bin/bash
+#
+# postinst - Script d'installation post-RPM pour ja4sentinel
+# Compatible CentOS 7, Rocky Linux 8/9/10
+#
+
+set -e
+
+echo "==> ja4sentinel: Running post-installation script..."
+
+# Set proper ownership
+chown -R ja4sentinel:ja4sentinel /var/lib/ja4sentinel 2>/dev/null || true
+chown -R ja4sentinel:ja4sentinel /var/run/ja4sentinel 2>/dev/null || true
+chown -R ja4sentinel:ja4sentinel /var/log/ja4sentinel 2>/dev/null || true
+chown -R ja4sentinel:ja4sentinel /etc/ja4sentinel 2>/dev/null || true
+
+# Set proper permissions
+chmod 750 /var/lib/ja4sentinel 2>/dev/null || true
+chmod 750 /var/log/ja4sentinel 2>/dev/null || true
+chmod 750 /etc/ja4sentinel 2>/dev/null || true
+
+# Install config if not exists
+if [ ! -f /etc/ja4sentinel/config.yml ]; then
+    echo "==> ja4sentinel: Installing default configuration..."
+    cp /usr/share/ja4sentinel/config.yml /etc/ja4sentinel/config.yml
+    chown ja4sentinel:ja4sentinel /etc/ja4sentinel/config.yml 2>/dev/null || true
+    chmod 640 /etc/ja4sentinel/config.yml
+fi
+
+# Reload systemd and enable service (only if systemd is running)
+if [ -x /bin/systemctl ] && [ -d /run/systemd/system ]; then
+    echo "==> ja4sentinel: Reloading systemd daemon..."
+    /bin/systemctl daemon-reload
+    
+    echo "==> ja4sentinel: Enabling ja4sentinel.service..."
+    /bin/systemctl enable ja4sentinel.service 2>/dev/null || :
+    
+    echo "==> ja4sentinel: Starting ja4sentinel.service..."
+    /bin/systemctl start ja4sentinel.service 2>/dev/null || :
+else
+    echo "==> ja4sentinel: systemd not detected (container environment), skipping service management..."
+fi
+
+echo "==> ja4sentinel: Post-installation complete."
+exit 0
--- a/packaging/rpm/postrm
+++ b/packaging/rpm/postrm
@ -0,0 +1,18 @@
+#!/bin/bash
+#
+# postrm - Script de post-désinstallation RPM pour ja4sentinel
+# Compatible CentOS 7, Rocky Linux 8/9/10
+#
+
+set -e
+
+echo "==> ja4sentinel: Running post-removal script..."
+
+# Reload systemd after removal
+if [ -x /bin/systemctl ]; then
+    echo "==> ja4sentinel: Reloading systemd daemon..."
+    /bin/systemctl daemon-reload
+fi
+
+echo "==> ja4sentinel: Post-removal complete."
+exit 0
--- a/packaging/rpm/prerm
+++ b/packaging/rpm/prerm
@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# prerm - Script de pré-désinstallation RPM pour ja4sentinel
+# Compatible CentOS 7, Rocky Linux 8/9/10
+#
+
+set -e
+
+echo "==> ja4sentinel: Running pre-removal script..."
+
+# Stop and disable service before removal
+if [ -x /bin/systemctl ]; then
+    echo "==> ja4sentinel: Stopping ja4sentinel.service..."
+    /bin/systemctl stop ja4sentinel.service >/dev/null 2>&1 || :
+    
+    echo "==> ja4sentinel: Disabling ja4sentinel.service..."
+    /bin/systemctl disable ja4sentinel.service >/dev/null 2>&1 || :
+fi
+
+echo "==> ja4sentinel: Pre-removal complete."
+exit 0
--- a/packaging/systemd/config.yml
+++ b/packaging/systemd/config.yml
@ -1,35 +1,39 @@
-# JA4Sentinel Configuration
-# Default configuration file for ja4sentinel service
+# Default configuration file for ja4sentinel
+# This file is installed as /etc/ja4sentinel/config.yml.default

 core:
-  # Network interface to monitor (use 'ip link' to list available interfaces)
+  # Network interface to capture traffic from
+  # Will be overridden by JA4SENTINEL_INTERFACE env var if set
  interface: eth0
-  
+
  # TCP ports to monitor for TLS handshakes
  listen_ports:
    - 443
    - 8443
-  
-  # Optional BPF filter (leave empty for default port-based filter)
+
+  # Optional BPF filter (leave empty for auto-generated filter based on listen_ports)
  bpf_filter: ""
-  
-  # Timeout in seconds for TLS handshake extraction per flow
+
+  # Timeout in seconds for TLS handshake extraction (default: 30)
  flow_timeout_sec: 30

-# Output configuration - enable one or more outputs
+  # Buffer size for packet channel (default: 1000, increase for high-traffic environments)
+  packet_buffer_size: 1000
+
 outputs:
-  # Log to stdout (captured by journald)
+  # Output to stdout (JSON lines) - disabled by default for production
  - type: stdout
+    enabled: false
+    params: {}
+
+  # Output to file
+  - type: file
    enabled: true
-  
-  # Log to file (optional)
-  # - type: file
-  #   enabled: false
-  #   params:
-  #     path: /var/log/ja4sentinel/ja4.json
-  
-  # Log to UNIX socket (optional, for external processing)
-  # - type: unix_socket
-  #   enabled: false
-  #   params:
-  #     socket_path: /var/run/ja4sentinel/ja4.sock
+    params:
+      path: /var/log/ja4sentinel/ja4.log
+
+  # Output to UNIX socket (for systemd/journald or other consumers)
+  - type: unix_socket
+    enabled: true
+    params:
+      socket_path: /var/run/ja4sentinel.sock
--- a/packaging/test/test-rpm.sh
+++ b/packaging/test/test-rpm.sh
@ -1,6 +1,6 @@
 #!/bin/bash
-# Test RPM package installation in Rocky Linux container
-set -e
+# Test RPM package installation on CentOS 7, Rocky Linux 8/9/10
+# Note: We don't use set -e here because we want to continue testing even if one fails

 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 PROJECT_ROOT="$(dirname "$(dirname "$SCRIPT_DIR")")"
@ -10,25 +10,102 @@ echo "=========================================="
 echo "  Testing RPM Package Installation"
 echo "=========================================="

-# Find the RPM package
-RPM_PACKAGE=$(ls -1 "${BUILD_DIR}"/*.rpm 2>/dev/null | head -1)
-if [ -z "$RPM_PACKAGE" ]; then
-    echo "Error: No .rpm package found in ${BUILD_DIR}"
-    echo "Run 'make package-rpm' first"
-    exit 1
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+# Function to test RPM installation on a specific distribution
+test_rpm_install() {
+    local distro=$1
+    local image=$2
+    local rpm_dir=$3
+    
+    echo ""
+    echo -e "${YELLOW}Testing on ${distro} (${image})...${NC}"
+    
+    # Check if RPM files exist in the directory
+    if [ ! -d "${BUILD_DIR}/${rpm_dir}" ] || [ -z "$(ls -A ${BUILD_DIR}/${rpm_dir}/*.rpm 2>/dev/null)" ]; then
+        echo -e "${RED}  Warning: No RPM packages found in ${BUILD_DIR}/${rpm_dir}${NC}"
+        echo "  Skipping ${distro} test..."
+        return 1
+    fi
+    
+    # Determine package manager and install command
+    # CentOS 7 is EOL, need to configure vault.centos.org
+    local setup_cmd=""
+    local install_cmd=""
+    case "$image" in
+        centos:7)
+            setup_cmd="sed -i 's/mirror.centos.org/vault.centos.org/g' /etc/yum.repos.d/*.repo && sed -i 's/^#.*baseurl=http/baseurl=http/g' /etc/yum.repos.d/*.repo && sed -i 's/^mirrorlist=http/#mirrorlist=http/g' /etc/yum.repos.d/*.repo"
+            install_cmd="${setup_cmd} && yum install -y libpcap && yum install -y /packages/*.rpm"
+            ;;
+        rockylinux:*|almalinux:*)
+            install_cmd="dnf install -y libpcap && dnf install -y /packages/*.rpm"
+            ;;
+        *)
+            install_cmd="dnf install -y libpcap && dnf install -y /packages/*.rpm"
+            ;;
+    esac
+    
+    # Test installation
+    if docker run --rm \
+        -v "${BUILD_DIR}/${rpm_dir}:/packages:ro" \
+        "${image}" \
+        sh -c "${install_cmd}"; then
+        echo -e "  ${GREEN}✓${NC} ${distro}: Installation successful"
+        return 0
+    else
+        echo -e "  ${RED}✗${NC} ${distro}: Installation failed"
+        return 1
+    fi
+}
+
+# Track test results
+TESTS_PASSED=0
+TESTS_FAILED=0
+
+# Test on CentOS 7
+if test_rpm_install "CentOS 7" "centos:7" "el7"; then
+    ((TESTS_PASSED++))
+else
+    ((TESTS_FAILED++))
 fi

-echo "Found package: ${RPM_PACKAGE}"
+# Test on Rocky Linux 8
+if test_rpm_install "Rocky Linux 8" "rockylinux:8" "el8"; then
+    ((TESTS_PASSED++))
+else
+    ((TESTS_FAILED++))
+fi

-# Test installation directly in Rocky Linux container
-echo ""
-echo "Running installation tests in Rocky Linux container..."
-docker run --rm \
-    -v "${BUILD_DIR}:/packages:ro" \
-    rockylinux:8 \
-    sh -c "dnf install -y /packages/*.rpm && echo 'RPM installation successful'"
+# Test on Rocky Linux 9
+if test_rpm_install "Rocky Linux 9" "rockylinux:9" "el9"; then
+    ((TESTS_PASSED++))
+else
+    ((TESTS_FAILED++))
+fi
+
+# Test on AlmaLinux 10 (Rocky Linux 10 compatible)
+if test_rpm_install "AlmaLinux 10" "almalinux:10" "el10"; then
+    ((TESTS_PASSED++))
+else
+    ((TESTS_FAILED++))
+fi

 echo ""
 echo "=========================================="
-echo "  RPM Package Test Complete"
+echo "  Test Summary"
 echo "=========================================="
+echo -e "  Passed: ${GREEN}${TESTS_PASSED}${NC}"
+echo -e "  Failed: ${RED}${TESTS_FAILED}${NC}"
+echo "=========================================="
+
+if [ ${TESTS_FAILED} -gt 0 ]; then
+    echo -e "${RED}Some tests failed!${NC}"
+    exit 1
+else
+    echo -e "${GREEN}All RPM package tests passed!${NC}"
+    exit 0
+fi