feat: generate RPM packages for CentOS 7, Rocky Linux 8/9/10

- Update Dockerfile.package to build RPMs for multiple distributions using a unified fpm-based approach - Add RPM maintainer scripts (postinst, prerm, postrm) for proper installation and service management - Update ja4sentinel.spec for CentOS 7+ compatibility - Add packaging/systemd/config.yml as default configuration - Update test-rpm.sh to test installation on all 4 target distributions - Fix CentOS 7 repository configuration (EOL - vault.centos.org) Generated RPMs: - el7: CentOS 7 (libpcap >= 1.4.0) - el8: Rocky Linux 8 (libpcap >= 1.9.0) - el9: Rocky Linux 9 (libpcap >= 1.9.0) - el10: AlmaLinux 10 / Rocky Linux 10 (libpcap >= 1.9.0) Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
2026-02-28 17:02:58 +01:00
parent 27eaa8aa4c
commit 86649b1630
8 changed files with 369 additions and 65 deletions
--- a/Dockerfile.package
+++ b/Dockerfile.package
@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 # =============================================================================
-# ja4sentinel - Dockerfile de packaging unifié (DEB + RPM avec fpm)
+# ja4sentinel - Dockerfile de packaging unifié (DEB + RPM pour CentOS 7, Rocky 8/9/10)
 # =============================================================================
 # =============================================================================
@ -35,9 +35,9 @@ RUN mkdir -p dist && \
    ./cmd/ja4sentinel
 # =============================================================================
-# Stage 2: Package builder - fpm pour DEB et RPM
+# Stage 2: Package builder - fpm pour DEB
 # =============================================================================
-FROM ruby:3.2-bookworm AS package-builder
+FROM ruby:3.2-bookworm AS deb-builder
 WORKDIR /package
@ -48,7 +48,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
    fakeroot \
    libpcap-dev \
    && rm -rf /var/lib/apt/lists/* \
-    && gem install fpm -v 1.16.0
+    && gem install fpm -v 1.16.0 --no-document
 # Copy binary from builder
 COPY --from=builder /build/dist/ja4sentinel /tmp/pkgroot/usr/bin/ja4sentinel
@ -102,14 +102,78 @@ RUN mkdir -p /packages/deb && \
    var/log/ja4sentinel \
    var/run/ja4sentinel
-# Build RPM package
+# =============================================================================
-ARG DIST=el9
+# Stage 3: RPM Builder - Universal builder with fpm installed
-RUN mkdir -p /packages/rpm && \
+# Using ruby:3.2-bookworm as base for fpm, builds all RPM variants
 # =============================================================================
 FROM ruby:3.2-bookworm AS rpm-builder
 WORKDIR /package
 # Install fpm and rpm tools
 RUN apt-get update && apt-get install -y --no-install-recommends \
    rpm \
    rpm-common \
    && rm -rf /var/lib/apt/lists/* \
    && gem install fpm -v 1.16.0 --no-document
 # Copy binary from Go builder
 COPY --from=builder /build/dist/ja4sentinel /tmp/pkgroot/usr/bin/ja4sentinel
 COPY --from=builder /build/packaging/systemd/ja4sentinel.service /tmp/pkgroot/usr/lib/systemd/system/ja4sentinel.service
 COPY --from=builder /build/packaging/systemd/config.yml /tmp/pkgroot/etc/ja4sentinel/config.yml.default
 COPY --from=builder /build/packaging/systemd/config.yml /tmp/pkgroot/usr/share/ja4sentinel/config.yml
 COPY packaging/rpm/postinst /tmp/scripts/postinst
 COPY packaging/rpm/prerm /tmp/scripts/prerm
 COPY packaging/rpm/postrm /tmp/scripts/postrm
 # Create directories and set permissions
 RUN mkdir -p /tmp/pkgroot/var/lib/ja4sentinel && \
    mkdir -p /tmp/pkgroot/var/log/ja4sentinel && \
    mkdir -p /tmp/pkgroot/var/run/ja4sentinel && \
    chmod 755 /tmp/pkgroot/usr/bin/ja4sentinel && \
    chmod 644 /tmp/pkgroot/usr/lib/systemd/system/ja4sentinel.service && \
    chmod 640 /tmp/pkgroot/etc/ja4sentinel/config.yml.default && \
    chmod 640 /tmp/pkgroot/usr/share/ja4sentinel/config.yml && \
    chmod 750 /tmp/pkgroot/var/lib/ja4sentinel && \
    chmod 750 /tmp/pkgroot/var/log/ja4sentinel && \
    chmod 750 /tmp/pkgroot/var/run/ja4sentinel && \
    chmod 750 /tmp/pkgroot/etc/ja4sentinel && \
    chmod 755 /tmp/scripts/*
 # Build RPM for CentOS 7 (el7)
 ARG VERSION=1.0.0
 RUN mkdir -p /packages/rpm/el7 && \
    fpm -s dir -t rpm \
    -n ja4sentinel \
    -v "${VERSION}" \
    -C /tmp/pkgroot \
    --architecture "x86_64" \
    --rpm-dist el7 \
    --description "JA4 TLS fingerprinting daemon for network monitoring" \
    --url "https://github.com/your-repo/ja4sentinel" \
    --license "MIT" \
    --vendor "JA4Sentinel Team <team@example.com>" \
    --depends "systemd" \
    --depends "libpcap >= 1.4.0" \
    --after-install /tmp/scripts/postinst \
    --before-remove /tmp/scripts/prerm \
    --after-remove /tmp/scripts/postrm \
    -p /packages/rpm/el7/ja4sentinel-${VERSION}-1.el7.x86_64.rpm \
    usr/bin/ja4sentinel \
    etc/ja4sentinel/config.yml.default \
    usr/share/ja4sentinel/config.yml \
    var/lib/ja4sentinel \
    var/log/ja4sentinel \
    var/run/ja4sentinel
 # Build RPM for Rocky Linux 8 (el8)
 RUN mkdir -p /packages/rpm/el8 && \
    fpm -s dir -t rpm \
    -n ja4sentinel \
    -v "${VERSION}" \
    -C /tmp/pkgroot \
    --architecture "x86_64" \
    --rpm-dist el8 \
    --description "JA4 TLS fingerprinting daemon for network monitoring" \
    --url "https://github.com/your-repo/ja4sentinel" \
    --license "MIT" \
@ -119,7 +183,57 @@ RUN mkdir -p /packages/rpm && \
    --after-install /tmp/scripts/postinst \
    --before-remove /tmp/scripts/prerm \
    --after-remove /tmp/scripts/postrm \
-    -p /packages/rpm/ja4sentinel-${VERSION}-1.x86_64.rpm \
+    -p /packages/rpm/el8/ja4sentinel-${VERSION}-1.el8.x86_64.rpm \
    usr/bin/ja4sentinel \
    etc/ja4sentinel/config.yml.default \
    usr/share/ja4sentinel/config.yml \
    var/lib/ja4sentinel \
    var/log/ja4sentinel \
    var/run/ja4sentinel
 # Build RPM for Rocky Linux 9 (el9)
 RUN mkdir -p /packages/rpm/el9 && \
    fpm -s dir -t rpm \
    -n ja4sentinel \
    -v "${VERSION}" \
    -C /tmp/pkgroot \
    --architecture "x86_64" \
    --rpm-dist el9 \
    --description "JA4 TLS fingerprinting daemon for network monitoring" \
    --url "https://github.com/your-repo/ja4sentinel" \
    --license "MIT" \
    --vendor "JA4Sentinel Team <team@example.com>" \
    --depends "systemd" \
    --depends "libpcap >= 1.9.0" \
    --after-install /tmp/scripts/postinst \
    --before-remove /tmp/scripts/prerm \
    --after-remove /tmp/scripts/postrm \
    -p /packages/rpm/el9/ja4sentinel-${VERSION}-1.el9.x86_64.rpm \
    usr/bin/ja4sentinel \
    etc/ja4sentinel/config.yml.default \
    usr/share/ja4sentinel/config.yml \
    var/lib/ja4sentinel \
    var/log/ja4sentinel \
    var/run/ja4sentinel
 # Build RPM for AlmaLinux 10 (el10) - compatible with Rocky Linux 10
 RUN mkdir -p /packages/rpm/el10 && \
    fpm -s dir -t rpm \
    -n ja4sentinel \
    -v "${VERSION}" \
    -C /tmp/pkgroot \
    --architecture "x86_64" \
    --rpm-dist el10 \
    --description "JA4 TLS fingerprinting daemon for network monitoring" \
    --url "https://github.com/your-repo/ja4sentinel" \
    --license "MIT" \
    --vendor "JA4Sentinel Team <team@example.com>" \
    --depends "systemd" \
    --depends "libpcap >= 1.9.0" \
    --after-install /tmp/scripts/postinst \
    --before-remove /tmp/scripts/prerm \
    --after-remove /tmp/scripts/postrm \
    -p /packages/rpm/el10/ja4sentinel-${VERSION}-1.el10.x86_64.rpm \
    usr/bin/ja4sentinel \
    etc/ja4sentinel/config.yml.default \
    usr/share/ja4sentinel/config.yml \
@ -128,12 +242,15 @@ RUN mkdir -p /packages/rpm && \
    var/run/ja4sentinel
 # =============================================================================
-# Stage 3: Output - Image finale avec les packages
+# Stage 4: Output - Image finale avec les packages
 # =============================================================================
 FROM alpine:latest AS output
 WORKDIR /packages
-COPY --from=package-builder /packages/deb/*.deb /packages/deb/
+COPY --from=deb-builder /packages/deb/*.deb /packages/deb/
-COPY --from=package-builder /packages/rpm/*.rpm /packages/rpm/
+COPY --from=rpm-builder /packages/rpm/el7/*.rpm /packages/rpm/el7/
 COPY --from=rpm-builder /packages/rpm/el8/*.rpm /packages/rpm/el8/
 COPY --from=rpm-builder /packages/rpm/el9/*.rpm /packages/rpm/el9/
 COPY --from=rpm-builder /packages/rpm/el10/*.rpm /packages/rpm/el10/
-CMD ["sh", "-c", "echo '=== DEB Packages ===' && ls -la /packages/deb/ && echo '' && echo '=== RPM Packages ===' && ls -la /packages/rpm/"]
+CMD ["sh", "-c", "echo '=== DEB Packages ===' && ls -la /packages/deb/ && echo '' && echo '=== RPM Packages (el7) ===' && ls -la /packages/rpm/el7/ && echo '' && echo '=== RPM Packages (el8) ===' && ls -la /packages/rpm/el8/ && echo '' && echo '=== RPM Packages (el9) ===' && ls -la /packages/rpm/el9/ && echo '' && echo '=== RPM Packages (el10) ===' && ls -la /packages/rpm/el10/"]
--- a/25
+++ b/25
@ -109,9 +109,28 @@ package-deb:
 	@echo "RPM packages created:"
 	ls -la build/rpm/
-## package-rpm: Build RPM package (requires Docker)
+## package-rpm: Build RPM packages for all target distributions (requires Docker)
-package-rpm: package-deb
+package-rpm:
-	@echo "RPM built together with DEB in Dockerfile.package"
+	mkdir -p build/rpm/el7 build/rpm/el8 build/rpm/el9 build/rpm/el10
 	@echo "Building RPM packages for CentOS 7, Rocky Linux 8/9, AlmaLinux 10..."
 	docker build --target output -t ja4sentinel-rpm-packager:latest \
 		--build-arg VERSION=$(PKG_VERSION) \
 		-f Dockerfile.package .
 	@echo "Extracting RPM packages from Docker image..."
 	@docker run --rm -v $(PWD)/build:/output ja4sentinel-rpm-packager:latest sh -c \
 		'cp -r /packages/rpm/el7 /output/rpm/ && \
 		 cp -r /packages/rpm/el8 /output/rpm/ && \
 		 cp -r /packages/rpm/el9 /output/rpm/ && \
 		 cp -r /packages/rpm/el10 /output/rpm/'
 	@echo "RPM packages created:"
 	@echo "  CentOS 7 (el7):"
 	ls -la build/rpm/el7/ 2>/dev/null || echo "    (no packages)"
 	@echo "  Rocky Linux 8 (el8):"
 	ls -la build/rpm/el8/ 2>/dev/null || echo "    (no packages)"
 	@echo "  Rocky Linux 9 (el9):"
 	ls -la build/rpm/el9/ 2>/dev/null || echo "    (no packages)"
 	@echo "  AlmaLinux/Rocky 10 (el10):"
 	ls -la build/rpm/el10/ 2>/dev/null || echo "    (no packages)"
 ## test-package-deb: Test DEB package installation in Docker
 test-package-deb: package-deb
--- a/packaging/rpm/ja4sentinel.spec
+++ b/packaging/rpm/ja4sentinel.spec
@ -6,11 +6,13 @@ License:        MIT
 URL:            https://github.com/your-repo/ja4sentinel
 BuildArch:      x86_64
-# Rocky Linux / RHEL compatibility
+# Distribution-agnostic dependencies
-# Requires EPEL for some dependencies if not in base repos
+# systemd is available on all target distros (CentOS 7, Rocky 8/9/10)
 Requires:       systemd
-# libpcap is available in base repos for RHEL/CentOS/Rocky 8+
+# libpcap version varies by distro:
-Requires:       libpcap >= 1.9.0
+# - CentOS 7: 1.4.0
 # - Rocky 8/9/10: 1.9.0+
 Requires:       libpcap >= 1.4.0
 %description
 JA4Sentinel is a Go-based tool for capturing network traffic on Linux servers,
@ -24,7 +26,7 @@ Features:
 - IP/TCP metadata enrichment
 - Multiple output formats (stdout, file, UNIX socket)
 - Structured JSON logging for systemd/journald
- Compatible with Rocky Linux, RHEL, CentOS
+- Compatible with CentOS 7, Rocky Linux 8/9/10, RHEL
 %prep
 # No source to unpack, binary is pre-built
@ -52,6 +54,7 @@ install -m 640 %{_sourcedir}/config.yml %{buildroot}/etc/ja4sentinel/config.yml.
 install -m 640 %{_sourcedir}/config.yml %{buildroot}/usr/share/ja4sentinel/config.yml
 %pre
 # Create system user and group (compatible with CentOS 7+)
 getent group ja4sentinel >/dev/null || groupadd -r ja4sentinel
 getent passwd ja4sentinel >/dev/null || \
    useradd -r -g ja4sentinel -d /var/lib/ja4sentinel -s /sbin/nologin \
@ -77,19 +80,19 @@ if [ ! -f /etc/ja4sentinel/config.yml ]; then
    chmod 640 /etc/ja4sentinel/config.yml
 fi
-# Enable service
+# Enable and start service (systemd macro for compatibility)
 if [ $1 -eq 1 ] && [ -x /bin/systemctl ]; then
    /bin/systemctl daemon-reload
-    /bin/systemctl enable ja4sentinel.service
+    /bin/systemctl enable ja4sentinel.service 2>/dev/null || :
-    /bin/systemctl start ja4sentinel.service
+    /bin/systemctl start ja4sentinel.service 2>/dev/null || :
 fi
 %preun
 if [ $1 -eq 0 ]; then
    # Package removal, stop and disable service
    if [ -x /bin/systemctl ]; then
-        /bin/systemctl stop ja4sentinel.service >/dev/null 2>&1 || true
+        /bin/systemctl stop ja4sentinel.service >/dev/null 2>&1 || :
-        /bin/systemctl disable ja4sentinel.service >/dev/null 2>&1 || true
+        /bin/systemctl disable ja4sentinel.service >/dev/null 2>&1 || :
    fi
 fi
@ -113,4 +116,4 @@ fi
 %changelog
 * Wed Feb 25 2026 JA4Sentinel Team <team@example.com> - 1.0.0-1
- Initial package release
+- Initial package release for CentOS 7, Rocky Linux 8/9/10
--- a/packaging/rpm/postinst
+++ b/packaging/rpm/postinst
@ -0,0 +1,45 @@
 #!/bin/bash
 #
 # postinst - Script d'installation post-RPM pour ja4sentinel
 # Compatible CentOS 7, Rocky Linux 8/9/10
 #
 set -e
 echo "==> ja4sentinel: Running post-installation script..."
 # Set proper ownership
 chown -R ja4sentinel:ja4sentinel /var/lib/ja4sentinel 2>/dev/null || true
 chown -R ja4sentinel:ja4sentinel /var/run/ja4sentinel 2>/dev/null || true
 chown -R ja4sentinel:ja4sentinel /var/log/ja4sentinel 2>/dev/null || true
 chown -R ja4sentinel:ja4sentinel /etc/ja4sentinel 2>/dev/null || true
 # Set proper permissions
 chmod 750 /var/lib/ja4sentinel 2>/dev/null || true
 chmod 750 /var/log/ja4sentinel 2>/dev/null || true
 chmod 750 /etc/ja4sentinel 2>/dev/null || true
 # Install config if not exists
 if [ ! -f /etc/ja4sentinel/config.yml ]; then
    echo "==> ja4sentinel: Installing default configuration..."
    cp /usr/share/ja4sentinel/config.yml /etc/ja4sentinel/config.yml
    chown ja4sentinel:ja4sentinel /etc/ja4sentinel/config.yml 2>/dev/null || true
    chmod 640 /etc/ja4sentinel/config.yml
 fi
 # Reload systemd and enable service (only if systemd is running)
 if [ -x /bin/systemctl ] && [ -d /run/systemd/system ]; then
    echo "==> ja4sentinel: Reloading systemd daemon..."
    /bin/systemctl daemon-reload
    echo "==> ja4sentinel: Enabling ja4sentinel.service..."
    /bin/systemctl enable ja4sentinel.service 2>/dev/null || :
    echo "==> ja4sentinel: Starting ja4sentinel.service..."
    /bin/systemctl start ja4sentinel.service 2>/dev/null || :
 else
    echo "==> ja4sentinel: systemd not detected (container environment), skipping service management..."
 fi
 echo "==> ja4sentinel: Post-installation complete."
 exit 0
--- a/packaging/rpm/postrm
+++ b/packaging/rpm/postrm
@ -0,0 +1,18 @@
 #!/bin/bash
 #
 # postrm - Script de post-désinstallation RPM pour ja4sentinel
 # Compatible CentOS 7, Rocky Linux 8/9/10
 #
 set -e
 echo "==> ja4sentinel: Running post-removal script..."
 # Reload systemd after removal
 if [ -x /bin/systemctl ]; then
    echo "==> ja4sentinel: Reloading systemd daemon..."
    /bin/systemctl daemon-reload
 fi
 echo "==> ja4sentinel: Post-removal complete."
 exit 0
--- a/packaging/rpm/prerm
+++ b/packaging/rpm/prerm
@ -0,0 +1,21 @@
 #!/bin/bash
 #
 # prerm - Script de pré-désinstallation RPM pour ja4sentinel
 # Compatible CentOS 7, Rocky Linux 8/9/10
 #
 set -e
 echo "==> ja4sentinel: Running pre-removal script..."
 # Stop and disable service before removal
 if [ -x /bin/systemctl ]; then
    echo "==> ja4sentinel: Stopping ja4sentinel.service..."
    /bin/systemctl stop ja4sentinel.service >/dev/null 2>&1 || :
    echo "==> ja4sentinel: Disabling ja4sentinel.service..."
    /bin/systemctl disable ja4sentinel.service >/dev/null 2>&1 || :
 fi
 echo "==> ja4sentinel: Pre-removal complete."
 exit 0
--- a/packaging/systemd/config.yml
+++ b/packaging/systemd/config.yml
@ -1,35 +1,39 @@
-# JA4Sentinel Configuration
+# Default configuration file for ja4sentinel
-# Default configuration file for ja4sentinel service
+# This file is installed as /etc/ja4sentinel/config.yml.default
 core:
-  # Network interface to monitor (use 'ip link' to list available interfaces)
+  # Network interface to capture traffic from
  # Will be overridden by JA4SENTINEL_INTERFACE env var if set
  interface: eth0
-  
+
  # TCP ports to monitor for TLS handshakes
  listen_ports:
    - 443
    - 8443
-  
+
-  # Optional BPF filter (leave empty for default port-based filter)
+  # Optional BPF filter (leave empty for auto-generated filter based on listen_ports)
  bpf_filter: ""
-  
+
-  # Timeout in seconds for TLS handshake extraction per flow
+  # Timeout in seconds for TLS handshake extraction (default: 30)
  flow_timeout_sec: 30
-# Output configuration - enable one or more outputs
+  # Buffer size for packet channel (default: 1000, increase for high-traffic environments)
  packet_buffer_size: 1000
 outputs:
-  # Log to stdout (captured by journald)
+  # Output to stdout (JSON lines) - disabled by default for production
  - type: stdout
    enabled: false
    params: {}
  # Output to file
  - type: file
    enabled: true
-  
+    params:
-  # Log to file (optional)
+      path: /var/log/ja4sentinel/ja4.log
-  # - type: file
+
-  #   enabled: false
+  # Output to UNIX socket (for systemd/journald or other consumers)
-  #   params:
+  - type: unix_socket
-  #     path: /var/log/ja4sentinel/ja4.json
+    enabled: true
-  
+    params:
-  # Log to UNIX socket (optional, for external processing)
+      socket_path: /var/run/ja4sentinel.sock
  # - type: unix_socket
  #   enabled: false
  #   params:
  #     socket_path: /var/run/ja4sentinel/ja4.sock
--- a/packaging/test/test-rpm.sh
+++ b/packaging/test/test-rpm.sh
@ -1,6 +1,6 @@
 #!/bin/bash
-# Test RPM package installation in Rocky Linux container
+# Test RPM package installation on CentOS 7, Rocky Linux 8/9/10
-set -e
+# Note: We don't use set -e here because we want to continue testing even if one fails
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 PROJECT_ROOT="$(dirname "$(dirname "$SCRIPT_DIR")")"
@ -10,25 +10,102 @@ echo "=========================================="
 echo "  Testing RPM Package Installation"
 echo "=========================================="
-# Find the RPM package
+# Colors for output
-RPM_PACKAGE=$(ls -1 "${BUILD_DIR}"/*.rpm 2>/dev/null | head -1)
+RED='\033[0;31m'
-if [ -z "$RPM_PACKAGE" ]; then
+GREEN='\033[0;32m'
-    echo "Error: No .rpm package found in ${BUILD_DIR}"
+YELLOW='\033[1;33m'
-    echo "Run 'make package-rpm' first"
+NC='\033[0m' # No Color
-    exit 1
+
 # Function to test RPM installation on a specific distribution
 test_rpm_install() {
    local distro=$1
    local image=$2
    local rpm_dir=$3
    echo ""
    echo -e "${YELLOW}Testing on ${distro} (${image})...${NC}"
    # Check if RPM files exist in the directory
    if [ ! -d "${BUILD_DIR}/${rpm_dir}" ] || [ -z "$(ls -A ${BUILD_DIR}/${rpm_dir}/*.rpm 2>/dev/null)" ]; then
        echo -e "${RED}  Warning: No RPM packages found in ${BUILD_DIR}/${rpm_dir}${NC}"
        echo "  Skipping ${distro} test..."
        return 1
    fi
    # Determine package manager and install command
    # CentOS 7 is EOL, need to configure vault.centos.org
    local setup_cmd=""
    local install_cmd=""
    case "$image" in
        centos:7)
            setup_cmd="sed -i 's/mirror.centos.org/vault.centos.org/g' /etc/yum.repos.d/*.repo && sed -i 's/^#.*baseurl=http/baseurl=http/g' /etc/yum.repos.d/*.repo && sed -i 's/^mirrorlist=http/#mirrorlist=http/g' /etc/yum.repos.d/*.repo"
            install_cmd="${setup_cmd} && yum install -y libpcap && yum install -y /packages/*.rpm"
            ;;
        rockylinux:*|almalinux:*)
            install_cmd="dnf install -y libpcap && dnf install -y /packages/*.rpm"
            ;;
        *)
            install_cmd="dnf install -y libpcap && dnf install -y /packages/*.rpm"
            ;;
    esac
    # Test installation
    if docker run --rm \
        -v "${BUILD_DIR}/${rpm_dir}:/packages:ro" \
        "${image}" \
        sh -c "${install_cmd}"; then
        echo -e "  ${GREEN}✓${NC} ${distro}: Installation successful"
        return 0
    else
        echo -e "  ${RED}✗${NC} ${distro}: Installation failed"
        return 1
    fi
 }
 # Track test results
 TESTS_PASSED=0
 TESTS_FAILED=0
 # Test on CentOS 7
 if test_rpm_install "CentOS 7" "centos:7" "el7"; then
    ((TESTS_PASSED++))
 else
    ((TESTS_FAILED++))
 fi
-echo "Found package: ${RPM_PACKAGE}"
+# Test on Rocky Linux 8
 if test_rpm_install "Rocky Linux 8" "rockylinux:8" "el8"; then
    ((TESTS_PASSED++))
 else
    ((TESTS_FAILED++))
 fi
-# Test installation directly in Rocky Linux container
+# Test on Rocky Linux 9
-echo ""
+if test_rpm_install "Rocky Linux 9" "rockylinux:9" "el9"; then
-echo "Running installation tests in Rocky Linux container..."
+    ((TESTS_PASSED++))
-docker run --rm \
+else
-    -v "${BUILD_DIR}:/packages:ro" \
+    ((TESTS_FAILED++))
-    rockylinux:8 \
+fi
-    sh -c "dnf install -y /packages/*.rpm && echo 'RPM installation successful'"
+
 # Test on AlmaLinux 10 (Rocky Linux 10 compatible)
 if test_rpm_install "AlmaLinux 10" "almalinux:10" "el10"; then
    ((TESTS_PASSED++))
 else
    ((TESTS_FAILED++))
 fi
 echo ""
 echo "=========================================="
-echo "  RPM Package Test Complete"
+echo "  Test Summary"
 echo "=========================================="
 echo -e "  Passed: ${GREEN}${TESTS_PASSED}${NC}"
 echo -e "  Failed: ${RED}${TESTS_FAILED}${NC}"
 echo "=========================================="
 if [ ${TESTS_FAILED} -gt 0 ]; then
    echo -e "${RED}Some tests failed!${NC}"
    exit 1
 else
    echo -e "${GREEN}All RPM package tests passed!${NC}"
    exit 0
 fi