# syntax=docker/dockerfile:1 # ============================================================================= # ja4sentinel - Dockerfile de packaging unifié (DEB + RPM avec fpm) # ============================================================================= # ============================================================================= # Stage 1: Builder - Compilation du binaire Go # ============================================================================= FROM golang:1.24-bookworm AS builder WORKDIR /build # Install dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ git \ libpcap-dev \ && rm -rf /var/lib/apt/lists/* # Copy go mod files COPY go.mod go.sum ./ RUN go mod download # Copy source code COPY . . # Build binary for Linux ARG VERSION=1.0.0 ARG BUILD_TIME="" ARG GIT_COMMIT="" RUN mkdir -p dist && \ CGO_ENABLED=1 GOOS=linux GOARCH=amd64 \ go build -buildvcs=false \ -ldflags "-X main.Version=${VERSION} -X main.BuildTime=${BUILD_TIME} -X main.GitCommit=${GIT_COMMIT}" \ -o dist/ja4sentinel \ ./cmd/ja4sentinel # ============================================================================= # Stage 2: Package builder - fpm pour DEB et RPM # ============================================================================= FROM ruby:3.2-bookworm AS package-builder WORKDIR /package # Install fpm and dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ rpm \ dpkg-dev \ fakeroot \ libpcap-dev \ && rm -rf /var/lib/apt/lists/* \ && gem install fpm -v 1.16.0 # Copy binary from builder COPY --from=builder /build/dist/ja4sentinel /tmp/pkgroot/usr/bin/ja4sentinel COPY --from=builder /build/packaging/systemd/ja4sentinel.service /tmp/pkgroot/usr/lib/systemd/system/ja4sentinel.service COPY --from=builder /build/packaging/systemd/config.yml /tmp/pkgroot/etc/ja4sentinel/config.yml.default COPY --from=builder /build/packaging/systemd/config.yml /tmp/pkgroot/usr/share/ja4sentinel/config.yml # Create directories and set permissions RUN mkdir -p /tmp/pkgroot/var/lib/ja4sentinel && \ mkdir -p /tmp/pkgroot/var/log/ja4sentinel && \ mkdir -p /tmp/pkgroot/var/run/ja4sentinel && \ chmod 755 /tmp/pkgroot/usr/bin/ja4sentinel && \ chmod 644 /tmp/pkgroot/usr/lib/systemd/system/ja4sentinel.service && \ chmod 640 /tmp/pkgroot/etc/ja4sentinel/config.yml.default && \ chmod 640 /tmp/pkgroot/usr/share/ja4sentinel/config.yml && \ chmod 750 /tmp/pkgroot/var/lib/ja4sentinel && \ chmod 750 /tmp/pkgroot/var/log/ja4sentinel && \ chmod 750 /tmp/pkgroot/var/run/ja4sentinel && \ chmod 750 /tmp/pkgroot/etc/ja4sentinel # Copy maintainer scripts COPY packaging/deb/postinst /tmp/scripts/postinst COPY packaging/deb/prerm /tmp/scripts/prerm COPY packaging/deb/postrm /tmp/scripts/postrm RUN chmod 755 /tmp/scripts/* # Build DEB package ARG VERSION=1.0.0 ARG ARCH=amd64 RUN mkdir -p /packages/deb && \ fpm -s dir -t deb \ -n ja4sentinel \ -v "${VERSION}" \ -C /tmp/pkgroot \ --architecture "${ARCH}" \ --description "JA4 TLS fingerprinting daemon for network monitoring" \ --url "https://github.com/your-repo/ja4sentinel" \ --license "MIT" \ --vendor "JA4Sentinel Team " \ --maintainer "JA4Sentinel Team " \ --depends "systemd" \ --depends "libpcap0.8" \ --after-install /tmp/scripts/postinst \ --before-remove /tmp/scripts/prerm \ --after-remove /tmp/scripts/postrm \ -p /packages/deb/ja4sentinel_${VERSION}_${ARCH}.deb \ usr/bin/ja4sentinel \ etc/ja4sentinel/config.yml.default \ usr/share/ja4sentinel/config.yml \ var/lib/ja4sentinel \ var/log/ja4sentinel \ var/run/ja4sentinel # Build RPM package ARG DIST=el9 RUN mkdir -p /packages/rpm && \ fpm -s dir -t rpm \ -n ja4sentinel \ -v "${VERSION}" \ -C /tmp/pkgroot \ --architecture "x86_64" \ --description "JA4 TLS fingerprinting daemon for network monitoring" \ --url "https://github.com/your-repo/ja4sentinel" \ --license "MIT" \ --vendor "JA4Sentinel Team " \ --depends "systemd" \ --depends "libpcap >= 1.9.0" \ --after-install /tmp/scripts/postinst \ --before-remove /tmp/scripts/prerm \ --after-remove /tmp/scripts/postrm \ -p /packages/rpm/ja4sentinel-${VERSION}-1.x86_64.rpm \ usr/bin/ja4sentinel \ etc/ja4sentinel/config.yml.default \ usr/share/ja4sentinel/config.yml \ var/lib/ja4sentinel \ var/log/ja4sentinel \ var/run/ja4sentinel # ============================================================================= # Stage 3: Output - Image finale avec les packages # ============================================================================= FROM alpine:latest AS output WORKDIR /packages COPY --from=package-builder /packages/deb/*.deb /packages/deb/ COPY --from=package-builder /packages/rpm/*.rpm /packages/rpm/ CMD ["sh", "-c", "echo '=== DEB Packages ===' && ls -la /packages/deb/ && echo '' && echo '=== RPM Packages ===' && ls -la /packages/rpm/"]