feat: generate RPM packages for CentOS 7, Rocky Linux 8/9/10

- Update Dockerfile.package to build RPMs for multiple distributions
  using a unified fpm-based approach
- Add RPM maintainer scripts (postinst, prerm, postrm) for proper
  installation and service management
- Update ja4sentinel.spec for CentOS 7+ compatibility
- Add packaging/systemd/config.yml as default configuration
- Update test-rpm.sh to test installation on all 4 target distributions
- Fix CentOS 7 repository configuration (EOL - vault.centos.org)

Generated RPMs:
- el7: CentOS 7 (libpcap >= 1.4.0)
- el8: Rocky Linux 8 (libpcap >= 1.9.0)
- el9: Rocky Linux 9 (libpcap >= 1.9.0)
- el10: AlmaLinux 10 / Rocky Linux 10 (libpcap >= 1.9.0)

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>

packaging/rpm/ja4sentinel.spec

@@ -6,11 +6,13 @@ License:        MIT
 URL:            https://github.com/your-repo/ja4sentinel
 BuildArch:      x86_64
 
-# Rocky Linux / RHEL compatibility
-# Requires EPEL for some dependencies if not in base repos
+# Distribution-agnostic dependencies
+# systemd is available on all target distros (CentOS 7, Rocky 8/9/10)
 Requires:       systemd
-# libpcap is available in base repos for RHEL/CentOS/Rocky 8+
-Requires:       libpcap >= 1.9.0
+# libpcap version varies by distro:
+# - CentOS 7: 1.4.0
+# - Rocky 8/9/10: 1.9.0+
+Requires:       libpcap >= 1.4.0
 
 %description
 JA4Sentinel is a Go-based tool for capturing network traffic on Linux servers,
@@ -24,7 +26,7 @@ Features:
 - IP/TCP metadata enrichment
 - Multiple output formats (stdout, file, UNIX socket)
 - Structured JSON logging for systemd/journald
-- Compatible with Rocky Linux, RHEL, CentOS
+- Compatible with CentOS 7, Rocky Linux 8/9/10, RHEL
 
 %prep
 # No source to unpack, binary is pre-built
@@ -52,6 +54,7 @@ install -m 640 %{_sourcedir}/config.yml %{buildroot}/etc/ja4sentinel/config.yml.
 install -m 640 %{_sourcedir}/config.yml %{buildroot}/usr/share/ja4sentinel/config.yml
 
 %pre
+# Create system user and group (compatible with CentOS 7+)
 getent group ja4sentinel >/dev/null || groupadd -r ja4sentinel
 getent passwd ja4sentinel >/dev/null || \
     useradd -r -g ja4sentinel -d /var/lib/ja4sentinel -s /sbin/nologin \
@@ -77,19 +80,19 @@ if [ ! -f /etc/ja4sentinel/config.yml ]; then
     chmod 640 /etc/ja4sentinel/config.yml
 fi
 
-# Enable service
+# Enable and start service (systemd macro for compatibility)
 if [ $1 -eq 1 ] && [ -x /bin/systemctl ]; then
     /bin/systemctl daemon-reload
-    /bin/systemctl enable ja4sentinel.service
-    /bin/systemctl start ja4sentinel.service
+    /bin/systemctl enable ja4sentinel.service 2>/dev/null || :
+    /bin/systemctl start ja4sentinel.service 2>/dev/null || :
 fi
 
 %preun
 if [ $1 -eq 0 ]; then
     # Package removal, stop and disable service
     if [ -x /bin/systemctl ]; then
-        /bin/systemctl stop ja4sentinel.service >/dev/null 2>&1 || true
-        /bin/systemctl disable ja4sentinel.service >/dev/null 2>&1 || true
+        /bin/systemctl stop ja4sentinel.service >/dev/null 2>&1 || :
+        /bin/systemctl disable ja4sentinel.service >/dev/null 2>&1 || :
     fi
 fi
 
@@ -113,4 +116,4 @@ fi
 
 %changelog
 * Wed Feb 25 2026 JA4Sentinel Team <team@example.com> - 1.0.0-1
-- Initial package release
+- Initial package release for CentOS 7, Rocky Linux 8/9/10

packaging/rpm/postinst

@@ -0,0 +1,45 @@
+#!/bin/bash
+#
+# postinst - Script d'installation post-RPM pour ja4sentinel
+# Compatible CentOS 7, Rocky Linux 8/9/10
+#
+
+set -e
+
+echo "==> ja4sentinel: Running post-installation script..."
+
+# Set proper ownership
+chown -R ja4sentinel:ja4sentinel /var/lib/ja4sentinel 2>/dev/null || true
+chown -R ja4sentinel:ja4sentinel /var/run/ja4sentinel 2>/dev/null || true
+chown -R ja4sentinel:ja4sentinel /var/log/ja4sentinel 2>/dev/null || true
+chown -R ja4sentinel:ja4sentinel /etc/ja4sentinel 2>/dev/null || true
+
+# Set proper permissions
+chmod 750 /var/lib/ja4sentinel 2>/dev/null || true
+chmod 750 /var/log/ja4sentinel 2>/dev/null || true
+chmod 750 /etc/ja4sentinel 2>/dev/null || true
+
+# Install config if not exists
+if [ ! -f /etc/ja4sentinel/config.yml ]; then
+    echo "==> ja4sentinel: Installing default configuration..."
+    cp /usr/share/ja4sentinel/config.yml /etc/ja4sentinel/config.yml
+    chown ja4sentinel:ja4sentinel /etc/ja4sentinel/config.yml 2>/dev/null || true
+    chmod 640 /etc/ja4sentinel/config.yml
+fi
+
+# Reload systemd and enable service (only if systemd is running)
+if [ -x /bin/systemctl ] && [ -d /run/systemd/system ]; then
+    echo "==> ja4sentinel: Reloading systemd daemon..."
+    /bin/systemctl daemon-reload
+    
+    echo "==> ja4sentinel: Enabling ja4sentinel.service..."
+    /bin/systemctl enable ja4sentinel.service 2>/dev/null || :
+    
+    echo "==> ja4sentinel: Starting ja4sentinel.service..."
+    /bin/systemctl start ja4sentinel.service 2>/dev/null || :
+else
+    echo "==> ja4sentinel: systemd not detected (container environment), skipping service management..."
+fi
+
+echo "==> ja4sentinel: Post-installation complete."
+exit 0

packaging/rpm/postrm

@@ -0,0 +1,18 @@
+#!/bin/bash
+#
+# postrm - Script de post-désinstallation RPM pour ja4sentinel
+# Compatible CentOS 7, Rocky Linux 8/9/10
+#
+
+set -e
+
+echo "==> ja4sentinel: Running post-removal script..."
+
+# Reload systemd after removal
+if [ -x /bin/systemctl ]; then
+    echo "==> ja4sentinel: Reloading systemd daemon..."
+    /bin/systemctl daemon-reload
+fi
+
+echo "==> ja4sentinel: Post-removal complete."
+exit 0

packaging/rpm/prerm

@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# prerm - Script de pré-désinstallation RPM pour ja4sentinel
+# Compatible CentOS 7, Rocky Linux 8/9/10
+#
+
+set -e
+
+echo "==> ja4sentinel: Running pre-removal script..."
+
+# Stop and disable service before removal
+if [ -x /bin/systemctl ]; then
+    echo "==> ja4sentinel: Stopping ja4sentinel.service..."
+    /bin/systemctl stop ja4sentinel.service >/dev/null 2>&1 || :
+    
+    echo "==> ja4sentinel: Disabling ja4sentinel.service..."
+    /bin/systemctl disable ja4sentinel.service >/dev/null 2>&1 || :
+fi
+
+echo "==> ja4sentinel: Pre-removal complete."
+exit 0

packaging/systemd/config.yml

@@ -1,35 +1,39 @@
-# JA4Sentinel Configuration
-# Default configuration file for ja4sentinel service
+# Default configuration file for ja4sentinel
+# This file is installed as /etc/ja4sentinel/config.yml.default
 
 core:
-  # Network interface to monitor (use 'ip link' to list available interfaces)
+  # Network interface to capture traffic from
+  # Will be overridden by JA4SENTINEL_INTERFACE env var if set
   interface: eth0
-  
+
   # TCP ports to monitor for TLS handshakes
   listen_ports:
     - 443
     - 8443
-  
-  # Optional BPF filter (leave empty for default port-based filter)
+
+  # Optional BPF filter (leave empty for auto-generated filter based on listen_ports)
   bpf_filter: ""
-  
-  # Timeout in seconds for TLS handshake extraction per flow
+
+  # Timeout in seconds for TLS handshake extraction (default: 30)
   flow_timeout_sec: 30
 
-# Output configuration - enable one or more outputs
+  # Buffer size for packet channel (default: 1000, increase for high-traffic environments)
+  packet_buffer_size: 1000
+
 outputs:
-  # Log to stdout (captured by journald)
+  # Output to stdout (JSON lines) - disabled by default for production
   - type: stdout
+    enabled: false
+    params: {}
+
+  # Output to file
+  - type: file
     enabled: true
-  
-  # Log to file (optional)
-  # - type: file
-  #   enabled: false
-  #   params:
-  #     path: /var/log/ja4sentinel/ja4.json
-  
-  # Log to UNIX socket (optional, for external processing)
-  # - type: unix_socket
-  #   enabled: false
-  #   params:
-  #     socket_path: /var/run/ja4sentinel/ja4.sock
+    params:
+      path: /var/log/ja4sentinel/ja4.log
+
+  # Output to UNIX socket (for systemd/journald or other consumers)
+  - type: unix_socket
+    enabled: true
+    params:
+      socket_path: /var/run/ja4sentinel.sock

packaging/test/test-rpm.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
-# Test RPM package installation in Rocky Linux container
-set -e
+# Test RPM package installation on CentOS 7, Rocky Linux 8/9/10
+# Note: We don't use set -e here because we want to continue testing even if one fails
 
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 PROJECT_ROOT="$(dirname "$(dirname "$SCRIPT_DIR")")"
@@ -10,25 +10,102 @@ echo "=========================================="
 echo "  Testing RPM Package Installation"
 echo "=========================================="
 
-# Find the RPM package
-RPM_PACKAGE=$(ls -1 "${BUILD_DIR}"/*.rpm 2>/dev/null | head -1)
-if [ -z "$RPM_PACKAGE" ]; then
-    echo "Error: No .rpm package found in ${BUILD_DIR}"
-    echo "Run 'make package-rpm' first"
-    exit 1
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+# Function to test RPM installation on a specific distribution
+test_rpm_install() {
+    local distro=$1
+    local image=$2
+    local rpm_dir=$3
+    
+    echo ""
+    echo -e "${YELLOW}Testing on ${distro} (${image})...${NC}"
+    
+    # Check if RPM files exist in the directory
+    if [ ! -d "${BUILD_DIR}/${rpm_dir}" ] || [ -z "$(ls -A ${BUILD_DIR}/${rpm_dir}/*.rpm 2>/dev/null)" ]; then
+        echo -e "${RED}  Warning: No RPM packages found in ${BUILD_DIR}/${rpm_dir}${NC}"
+        echo "  Skipping ${distro} test..."
+        return 1
+    fi
+    
+    # Determine package manager and install command
+    # CentOS 7 is EOL, need to configure vault.centos.org
+    local setup_cmd=""
+    local install_cmd=""
+    case "$image" in
+        centos:7)
+            setup_cmd="sed -i 's/mirror.centos.org/vault.centos.org/g' /etc/yum.repos.d/*.repo && sed -i 's/^#.*baseurl=http/baseurl=http/g' /etc/yum.repos.d/*.repo && sed -i 's/^mirrorlist=http/#mirrorlist=http/g' /etc/yum.repos.d/*.repo"
+            install_cmd="${setup_cmd} && yum install -y libpcap && yum install -y /packages/*.rpm"
+            ;;
+        rockylinux:*|almalinux:*)
+            install_cmd="dnf install -y libpcap && dnf install -y /packages/*.rpm"
+            ;;
+        *)
+            install_cmd="dnf install -y libpcap && dnf install -y /packages/*.rpm"
+            ;;
+    esac
+    
+    # Test installation
+    if docker run --rm \
+        -v "${BUILD_DIR}/${rpm_dir}:/packages:ro" \
+        "${image}" \
+        sh -c "${install_cmd}"; then
+        echo -e "  ${GREEN}✓${NC} ${distro}: Installation successful"
+        return 0
+    else
+        echo -e "  ${RED}✗${NC} ${distro}: Installation failed"
+        return 1
+    fi
+}
+
+# Track test results
+TESTS_PASSED=0
+TESTS_FAILED=0
+
+# Test on CentOS 7
+if test_rpm_install "CentOS 7" "centos:7" "el7"; then
+    ((TESTS_PASSED++))
+else
+    ((TESTS_FAILED++))
 fi
 
-echo "Found package: ${RPM_PACKAGE}"
+# Test on Rocky Linux 8
+if test_rpm_install "Rocky Linux 8" "rockylinux:8" "el8"; then
+    ((TESTS_PASSED++))
+else
+    ((TESTS_FAILED++))
+fi
 
-# Test installation directly in Rocky Linux container
-echo ""
-echo "Running installation tests in Rocky Linux container..."
-docker run --rm \
-    -v "${BUILD_DIR}:/packages:ro" \
-    rockylinux:8 \
-    sh -c "dnf install -y /packages/*.rpm && echo 'RPM installation successful'"
+# Test on Rocky Linux 9
+if test_rpm_install "Rocky Linux 9" "rockylinux:9" "el9"; then
+    ((TESTS_PASSED++))
+else
+    ((TESTS_FAILED++))
+fi
+
+# Test on AlmaLinux 10 (Rocky Linux 10 compatible)
+if test_rpm_install "AlmaLinux 10" "almalinux:10" "el10"; then
+    ((TESTS_PASSED++))
+else
+    ((TESTS_FAILED++))
+fi
 
 echo ""
 echo "=========================================="
-echo "  RPM Package Test Complete"
+echo "  Test Summary"
 echo "=========================================="
+echo -e "  Passed: ${GREEN}${TESTS_PASSED}${NC}"
+echo -e "  Failed: ${RED}${TESTS_FAILED}${NC}"
+echo "=========================================="
+
+if [ ${TESTS_FAILED} -gt 0 ]; then
+    echo -e "${RED}Some tests failed!${NC}"
+    exit 1
+else
+    echo -e "${GREEN}All RPM package tests passed!${NC}"
+    exit 0
+fi