# syntax=docker/dockerfile:1 # ============================================================================= # ja4sentinel - Dockerfile de packaging unifié (DEB + RPM pour CentOS 7, Rocky 8/9/10) # ============================================================================= # ============================================================================= # Stage 1: Builder - Compilation du binaire Go # ============================================================================= FROM golang:1.24-bookworm AS builder WORKDIR /build # Install dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ git \ libpcap-dev \ && rm -rf /var/lib/apt/lists/* # Copy go mod files COPY go.mod go.sum ./ RUN go mod download # Copy source code COPY . . # Build binary for Linux ARG VERSION=1.0.0 ARG BUILD_TIME="" ARG GIT_COMMIT="" RUN mkdir -p dist && \ CGO_ENABLED=1 GOOS=linux GOARCH=amd64 \ go build -buildvcs=false \ -ldflags "-X main.Version=${VERSION} -X main.BuildTime=${BUILD_TIME} -X main.GitCommit=${GIT_COMMIT}" \ -o dist/ja4sentinel \ ./cmd/ja4sentinel # ============================================================================= # Stage 2: Package builder - fpm pour DEB # ============================================================================= FROM ruby:3.2-bookworm AS deb-builder WORKDIR /package # Install fpm and dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ rpm \ dpkg-dev \ fakeroot \ libpcap-dev \ && rm -rf /var/lib/apt/lists/* \ && gem install fpm -v 1.16.0 --no-document # Copy binary from builder COPY --from=builder /build/dist/ja4sentinel /tmp/pkgroot/usr/bin/ja4sentinel COPY --from=builder /build/packaging/systemd/ja4sentinel.service /tmp/pkgroot/usr/lib/systemd/system/ja4sentinel.service COPY --from=builder /build/packaging/systemd/config.yml /tmp/pkgroot/etc/ja4sentinel/config.yml.default COPY --from=builder /build/packaging/systemd/config.yml /tmp/pkgroot/usr/share/ja4sentinel/config.yml # Create directories and set permissions RUN mkdir -p /tmp/pkgroot/var/lib/ja4sentinel && \ mkdir -p /tmp/pkgroot/var/log/ja4sentinel && \ mkdir -p /tmp/pkgroot/var/run/ja4sentinel && \ chmod 755 /tmp/pkgroot/usr/bin/ja4sentinel && \ chmod 644 /tmp/pkgroot/usr/lib/systemd/system/ja4sentinel.service && \ chmod 640 /tmp/pkgroot/etc/ja4sentinel/config.yml.default && \ chmod 640 /tmp/pkgroot/usr/share/ja4sentinel/config.yml && \ chmod 750 /tmp/pkgroot/var/lib/ja4sentinel && \ chmod 750 /tmp/pkgroot/var/log/ja4sentinel && \ chmod 750 /tmp/pkgroot/var/run/ja4sentinel && \ chmod 750 /tmp/pkgroot/etc/ja4sentinel # Copy maintainer scripts COPY packaging/deb/postinst /tmp/scripts/postinst COPY packaging/deb/prerm /tmp/scripts/prerm COPY packaging/deb/postrm /tmp/scripts/postrm RUN chmod 755 /tmp/scripts/* # Build DEB package ARG VERSION=1.0.0 ARG ARCH=amd64 RUN mkdir -p /packages/deb && \ fpm -s dir -t deb \ -n ja4sentinel \ -v "${VERSION}" \ -C /tmp/pkgroot \ --architecture "${ARCH}" \ --description "JA4 TLS fingerprinting daemon for network monitoring" \ --url "https://github.com/your-repo/ja4sentinel" \ --license "MIT" \ --vendor "JA4Sentinel Team " \ --maintainer "JA4Sentinel Team " \ --depends "systemd" \ --depends "libpcap0.8" \ --after-install /tmp/scripts/postinst \ --before-remove /tmp/scripts/prerm \ --after-remove /tmp/scripts/postrm \ -p /packages/deb/ja4sentinel_${VERSION}_${ARCH}.deb \ usr/bin/ja4sentinel \ etc/ja4sentinel/config.yml.default \ usr/share/ja4sentinel/config.yml \ var/lib/ja4sentinel \ var/log/ja4sentinel \ var/run/ja4sentinel # ============================================================================= # Stage 3: RPM Builder - Universal builder with fpm installed # Using ruby:3.2-bookworm as base for fpm, builds all RPM variants # ============================================================================= FROM ruby:3.2-bookworm AS rpm-builder WORKDIR /package # Install fpm and rpm tools RUN apt-get update && apt-get install -y --no-install-recommends \ rpm \ rpm-common \ && rm -rf /var/lib/apt/lists/* \ && gem install fpm -v 1.16.0 --no-document # Copy binary from Go builder COPY --from=builder /build/dist/ja4sentinel /tmp/pkgroot/usr/bin/ja4sentinel COPY --from=builder /build/packaging/systemd/ja4sentinel.service /tmp/pkgroot/usr/lib/systemd/system/ja4sentinel.service COPY --from=builder /build/packaging/systemd/config.yml /tmp/pkgroot/etc/ja4sentinel/config.yml.default COPY --from=builder /build/packaging/systemd/config.yml /tmp/pkgroot/usr/share/ja4sentinel/config.yml COPY packaging/rpm/postinst /tmp/scripts/postinst COPY packaging/rpm/prerm /tmp/scripts/prerm COPY packaging/rpm/postrm /tmp/scripts/postrm # Create directories and set permissions RUN mkdir -p /tmp/pkgroot/var/lib/ja4sentinel && \ mkdir -p /tmp/pkgroot/var/log/ja4sentinel && \ mkdir -p /tmp/pkgroot/var/run/ja4sentinel && \ chmod 755 /tmp/pkgroot/usr/bin/ja4sentinel && \ chmod 644 /tmp/pkgroot/usr/lib/systemd/system/ja4sentinel.service && \ chmod 640 /tmp/pkgroot/etc/ja4sentinel/config.yml.default && \ chmod 640 /tmp/pkgroot/usr/share/ja4sentinel/config.yml && \ chmod 750 /tmp/pkgroot/var/lib/ja4sentinel && \ chmod 750 /tmp/pkgroot/var/log/ja4sentinel && \ chmod 750 /tmp/pkgroot/var/run/ja4sentinel && \ chmod 750 /tmp/pkgroot/etc/ja4sentinel && \ chmod 755 /tmp/scripts/* # Build RPM for CentOS 7 (el7) ARG VERSION=1.0.0 RUN mkdir -p /packages/rpm/el7 && \ fpm -s dir -t rpm \ -n ja4sentinel \ -v "${VERSION}" \ -C /tmp/pkgroot \ --architecture "x86_64" \ --rpm-dist el7 \ --description "JA4 TLS fingerprinting daemon for network monitoring" \ --url "https://github.com/your-repo/ja4sentinel" \ --license "MIT" \ --vendor "JA4Sentinel Team " \ --depends "systemd" \ --depends "libpcap >= 1.4.0" \ --after-install /tmp/scripts/postinst \ --before-remove /tmp/scripts/prerm \ --after-remove /tmp/scripts/postrm \ -p /packages/rpm/el7/ja4sentinel-${VERSION}-1.el7.x86_64.rpm \ usr/bin/ja4sentinel \ etc/ja4sentinel/config.yml.default \ usr/share/ja4sentinel/config.yml \ var/lib/ja4sentinel \ var/log/ja4sentinel \ var/run/ja4sentinel # Build RPM for Rocky Linux 8 (el8) RUN mkdir -p /packages/rpm/el8 && \ fpm -s dir -t rpm \ -n ja4sentinel \ -v "${VERSION}" \ -C /tmp/pkgroot \ --architecture "x86_64" \ --rpm-dist el8 \ --description "JA4 TLS fingerprinting daemon for network monitoring" \ --url "https://github.com/your-repo/ja4sentinel" \ --license "MIT" \ --vendor "JA4Sentinel Team " \ --depends "systemd" \ --depends "libpcap >= 1.9.0" \ --after-install /tmp/scripts/postinst \ --before-remove /tmp/scripts/prerm \ --after-remove /tmp/scripts/postrm \ -p /packages/rpm/el8/ja4sentinel-${VERSION}-1.el8.x86_64.rpm \ usr/bin/ja4sentinel \ etc/ja4sentinel/config.yml.default \ usr/share/ja4sentinel/config.yml \ var/lib/ja4sentinel \ var/log/ja4sentinel \ var/run/ja4sentinel # Build RPM for Rocky Linux 9 (el9) RUN mkdir -p /packages/rpm/el9 && \ fpm -s dir -t rpm \ -n ja4sentinel \ -v "${VERSION}" \ -C /tmp/pkgroot \ --architecture "x86_64" \ --rpm-dist el9 \ --description "JA4 TLS fingerprinting daemon for network monitoring" \ --url "https://github.com/your-repo/ja4sentinel" \ --license "MIT" \ --vendor "JA4Sentinel Team " \ --depends "systemd" \ --depends "libpcap >= 1.9.0" \ --after-install /tmp/scripts/postinst \ --before-remove /tmp/scripts/prerm \ --after-remove /tmp/scripts/postrm \ -p /packages/rpm/el9/ja4sentinel-${VERSION}-1.el9.x86_64.rpm \ usr/bin/ja4sentinel \ etc/ja4sentinel/config.yml.default \ usr/share/ja4sentinel/config.yml \ var/lib/ja4sentinel \ var/log/ja4sentinel \ var/run/ja4sentinel # Build RPM for AlmaLinux 10 (el10) - compatible with Rocky Linux 10 RUN mkdir -p /packages/rpm/el10 && \ fpm -s dir -t rpm \ -n ja4sentinel \ -v "${VERSION}" \ -C /tmp/pkgroot \ --architecture "x86_64" \ --rpm-dist el10 \ --description "JA4 TLS fingerprinting daemon for network monitoring" \ --url "https://github.com/your-repo/ja4sentinel" \ --license "MIT" \ --vendor "JA4Sentinel Team " \ --depends "systemd" \ --depends "libpcap >= 1.9.0" \ --after-install /tmp/scripts/postinst \ --before-remove /tmp/scripts/prerm \ --after-remove /tmp/scripts/postrm \ -p /packages/rpm/el10/ja4sentinel-${VERSION}-1.el10.x86_64.rpm \ usr/bin/ja4sentinel \ etc/ja4sentinel/config.yml.default \ usr/share/ja4sentinel/config.yml \ var/lib/ja4sentinel \ var/log/ja4sentinel \ var/run/ja4sentinel # ============================================================================= # Stage 4: Output - Image finale avec les packages # ============================================================================= FROM alpine:latest AS output WORKDIR /packages COPY --from=deb-builder /packages/deb/*.deb /packages/deb/ COPY --from=rpm-builder /packages/rpm/el7/*.rpm /packages/rpm/el7/ COPY --from=rpm-builder /packages/rpm/el8/*.rpm /packages/rpm/el8/ COPY --from=rpm-builder /packages/rpm/el9/*.rpm /packages/rpm/el9/ COPY --from=rpm-builder /packages/rpm/el10/*.rpm /packages/rpm/el10/ CMD ["sh", "-c", "echo '=== DEB Packages ===' && ls -la /packages/deb/ && echo '' && echo '=== RPM Packages (el7) ===' && ls -la /packages/rpm/el7/ && echo '' && echo '=== RPM Packages (el8) ===' && ls -la /packages/rpm/el8/ && echo '' && echo '=== RPM Packages (el9) ===' && ls -la /packages/rpm/el9/ && echo '' && echo '=== RPM Packages (el10) ===' && ls -la /packages/rpm/el10/"]