#!/bin/bash # Build script for .deb package # Usage: ./build-deb.sh [version] [architecture] set -e # Sanitize version for Debian package (must start with digit) VERSION="${1:-1.0.0}" ARCH="${2:-amd64}" PACKAGE_NAME="ja4sentinel" # Convert git version to Debian-compatible format # e.g., "v1.0.0" -> "1.0.0", "efd4481-dirty" -> "0.0.0+efd4481" if [[ "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+ ]]; then # Already a valid semver DEB_VERSION="$VERSION" elif [[ "$VERSION" =~ ^v([0-9]+\.[0-9]+\.[0-9]+) ]]; then # v-prefixed semver DEB_VERSION="${BASH_REMATCH[1]}" else # Git hash or other format -> use 0.0.0+ DEB_VERSION="0.0.0+${VERSION//[^a-zA-Z0-9+.-]/_}" fi echo "=== Building ${PACKAGE_NAME} ${DEB_VERSION} for ${ARCH} ===" # Directories SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_ROOT="$(dirname "$SCRIPT_DIR")" BUILD_DIR="${PROJECT_ROOT}/build/deb" PACKAGE_DIR="${BUILD_DIR}/${PACKAGE_NAME}_${DEB_VERSION}_${ARCH}" # Clean and create build directory rm -rf "${BUILD_DIR}" mkdir -p "${PACKAGE_DIR}" # Create package structure mkdir -p "${PACKAGE_DIR}/usr/bin" mkdir -p "${PACKAGE_DIR}/etc/ja4sentinel" mkdir -p "${PACKAGE_DIR}/var/lib/ja4sentinel" mkdir -p "${PACKAGE_DIR}/var/log/ja4sentinel" mkdir -p "${PACKAGE_DIR}/var/run/ja4sentinel" mkdir -p "${PACKAGE_DIR}/usr/lib/systemd/system" mkdir -p "${PACKAGE_DIR}/usr/share/ja4sentinel" mkdir -p "${PACKAGE_DIR}/DEBIAN" # Copy binary (build if not exists) if [ ! -f "${PROJECT_ROOT}/dist/ja4sentinel-linux-amd64" ]; then echo "Building binary..." cd "${PROJECT_ROOT}" make build-linux fi cp "${PROJECT_ROOT}/dist/ja4sentinel-linux-amd64" "${PACKAGE_DIR}/usr/bin/ja4sentinel" chmod 755 "${PACKAGE_DIR}/usr/bin/ja4sentinel" # Copy systemd service cp "${SCRIPT_DIR}/systemd/ja4sentinel.service" "${PACKAGE_DIR}/usr/lib/systemd/system/ja4sentinel.service" chmod 644 "${PACKAGE_DIR}/usr/lib/systemd/system/ja4sentinel.service" # Copy default config cp "${SCRIPT_DIR}/systemd/config.yml" "${PACKAGE_DIR}/etc/ja4sentinel/config.yml.default" cp "${SCRIPT_DIR}/systemd/config.yml" "${PACKAGE_DIR}/usr/share/ja4sentinel/config.yml" chmod 640 "${PACKAGE_DIR}/etc/ja4sentinel/config.yml.default" chmod 640 "${PACKAGE_DIR}/usr/share/ja4sentinel/config.yml" # Copy maintainer scripts cp "${SCRIPT_DIR}/deb/postinst" "${PACKAGE_DIR}/DEBIAN/postinst" cp "${SCRIPT_DIR}/deb/prerm" "${PACKAGE_DIR}/DEBIAN/prerm" cp "${SCRIPT_DIR}/deb/postrm" "${PACKAGE_DIR}/DEBIAN/postrm" chmod 755 "${PACKAGE_DIR}/DEBIAN/postinst" chmod 755 "${PACKAGE_DIR}/DEBIAN/prerm" chmod 755 "${PACKAGE_DIR}/DEBIAN/postrm" # Create control file cat > "${PACKAGE_DIR}/DEBIAN/control" << EOF Package: ${PACKAGE_NAME} Version: ${DEB_VERSION} Section: net Priority: optional Architecture: ${ARCH} Depends: systemd, libpcap0.8 Maintainer: JA4Sentinel Team Description: JA4 TLS fingerprinting daemon JA4Sentinel is a Go-based tool for capturing network traffic on Linux servers, extracting client-side TLS handshakes, generating JA4 signatures, enriching with IP/TCP metadata, and logging results to configurable outputs. . Features: - Network packet capture with BPF filters - TLS ClientHello extraction - JA4/JA3 fingerprint generation - IP/TCP metadata enrichment - Multiple output formats (stdout, file, UNIX socket) - Structured JSON logging for systemd/journald Homepage: https://github.com/your-repo/ja4sentinel EOF # Create conffiles echo "/etc/ja4sentinel/config.yml.default" > "${PACKAGE_DIR}/DEBIAN/conffiles" # Build the package echo "Building .deb package..." cd "${BUILD_DIR}" dpkg-deb --build "${PACKAGE_NAME}_${DEB_VERSION}_${ARCH}" # Calculate checksum cd "${BUILD_DIR}" sha256sum "${PACKAGE_NAME}_${DEB_VERSION}_${ARCH}.deb" > "${PACKAGE_NAME}_${DEB_VERSION}_${ARCH}.deb.sha256" echo "" echo "=== Build complete ===" echo "Package: ${BUILD_DIR}/${PACKAGE_NAME}_${DEB_VERSION}_${ARCH}.deb" echo "Checksum: $(cat ${PACKAGE_NAME}_${DEB_VERSION}_${ARCH}.deb.sha256)"