code_public/ja4sentinel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
49 Commits 1 Branch 0 Tags
a3f5d9a50c6d2318ca291291662e00d99369bfd3
Commit Graph

4 Commits

Author SHA1 Message Date
Jacquin Antoine
dcd6bd0a94 feat: add systemd sdnotify support (ready, watchdog, stopping)
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Details 
- Add github.com/coreos/go-systemd/v22/daemon dependency
- Signal SdNotifyReady after configuration is loaded
- Start watchdog goroutine that pings systemd every WatchdogSec/2
- Signal SdNotifyStopping during graceful shutdown
- Update systemd unit file:
  - Type=notify (instead of simple)
  - WatchdogSec=30 (auto-restart if service hangs)
  - NotifyAccess=main (only main process can notify)

Benefits:
- systemd knows when service is truly ready
- Automatic detection of hung/frozen service
- Better integration with systemd supervision
- More accurate service status reporting

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-03-01 01:06:20 +01:00
Jacquin Antoine
b137b3df85 fix(packaging): run service as root for packet capture
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Details 
- Change systemd service to run as root instead of ja4sentinel user
- Remove user/group creation from RPM spec (%pre script)
- Update %post to set root:root ownership on directories
- Adjust security hardening for root execution (ProtectSystem=strict)
- Add ReadWritePaths for writable directories

Fixes: systemd error 'Failed at step USER spawning /usr/bin/ja4sentinel: No such process'

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-03-01 00:14:23 +01:00
Jacquin Antoine
86649b1630 feat: generate RPM packages for CentOS 7, Rocky Linux 8/9/10
Some checks failed
Build RPM Package / Build RPM Package (Rocky Linux) (push) Has been cancelled
Details
Build DEB Package / Build DEB Package (Debian/Ubuntu) (push) Has been cancelled
Details 
- Update Dockerfile.package to build RPMs for multiple distributions
  using a unified fpm-based approach
- Add RPM maintainer scripts (postinst, prerm, postrm) for proper
  installation and service management
- Update ja4sentinel.spec for CentOS 7+ compatibility
- Add packaging/systemd/config.yml as default configuration
- Update test-rpm.sh to test installation on all 4 target distributions
- Fix CentOS 7 repository configuration (EOL - vault.centos.org)

Generated RPMs:
- el7: CentOS 7 (libpcap >= 1.4.0)
- el8: Rocky Linux 8 (libpcap >= 1.9.0)
- el9: Rocky Linux 9 (libpcap >= 1.9.0)
- el10: AlmaLinux 10 / Rocky Linux 10 (libpcap >= 1.9.0)

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-02-28 17:02:58 +01:00
Jacquin Antoine
61bf05454e feat: CI/CD pour packages .deb et .rpm + tests d'installation 
Nouveaux workflows GitHub Actions:
- .github/workflows/build-deb.yml : Build et release DEB sur Ubuntu
- .github/workflows/build-rpm.yml : Build et release RPM sur Fedora
- Déclenchement sur tags v*, push main/master, workflow_dispatch
- Upload des artifacts et création automatique de release

Système de build de packages:
- packaging/build-deb.sh : Script de build .deb avec sanitization version
- packaging/build-rpm.sh : Script de build .rpm (via Docker)
- packaging/Dockerfile.deb : Container Ubuntu 22.04 pour build DEB
- packaging/Dockerfile.rpm : Container Go 1.24 + rpm pour build RPM

Fichiers de configuration systemd:
- packaging/systemd/ja4sentinel.service : Unit avec security hardening
  * NoNewPrivileges, ProtectSystem, ProtectHome
  * CAP_NET_RAW, CAP_NET_ADMIN pour packet capture
- packaging/systemd/config.yml : Configuration par défaut

Scripts mainteneur DEB:
- packaging/deb/postinst : Création user/group, dirs, config
- packaging/deb/prerm : Stop service avant upgrade/remove
- packaging/deb/postrm : Cleanup complet en purge

Spec file RPM:
- packaging/rpm/ja4sentinel.spec : Spec complet avec dependencies
  * Requires: systemd, libpcap
  * %pre/%post/%preun/%postun scripts

Tests d'installation dans containers:
- packaging/test/test-deb.sh : Build + test Docker Ubuntu
- packaging/test/test-rpm.sh : Build + test Docker Fedora
- packaging/test/test-install-deb.sh : 11 tests automatisés
- packaging/test/test-install-rpm.sh : 11 tests automatisés
- Dockerfile.deb/rpm : Containers de test dédiés

Makefile:
- package-deb : Build .deb
- package-rpm : Build .rpm via Docker (no-cache)
- package : Build les deux
- test-package-deb : Build + test installation DEB
- test-package-rpm : Build + test installation RPM
- test-package : Test les deux packages

Tests:
-  DEB: 11/11 tests passés (binaire, config, service, user, dirs)
-  RPM: Build réussi (3.3 MB)
- Version sanitization pour git tags (ex: efd4481-dirty → 0.0.0+efd4481-dirty)

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-02-25 21:05:23 +01:00