# syntax=docker/dockerfile:1 # ============================================================================= # ja4sentinel - Dockerfile de packaging RPM (Rocky 8/9/10, AlmaLinux) # CentOS 7 support removed - minimum Rocky Linux 8 # ============================================================================= # ============================================================================= # Stage 1: Builder - Compilation du binaire Go sur Rocky Linux 9 # Using Rocky Linux 9 as builder ensures binary compatibility across all RHEL-based distros # ============================================================================= FROM rockylinux:9 AS builder WORKDIR /build # Install dependencies (Go + libpcap for packet capture) # CRB (CodeReady Builder) repository is required for libpcap-devel RUN dnf install -y epel-release && \ dnf config-manager --set-enabled crb && \ dnf install -y \ golang \ git \ libpcap-devel \ gcc \ make \ && dnf clean all # Copy go mod files COPY go.mod go.sum ./ # Download dependencies RUN go mod download # Copy source code COPY . . # Build binary for Linux # Binary will be dynamically linked but compatible with all RHEL-based distros ARG VERSION=1.0.0 ARG BUILD_TIME="" ARG GIT_COMMIT="" RUN mkdir -p dist && \ CGO_ENABLED=1 GOOS=linux GOARCH=amd64 \ go build -buildvcs=false \ -ldflags "-X main.Version=${VERSION} -X main.BuildTime=${BUILD_TIME} -X main.GitCommit=${GIT_COMMIT}" \ -o dist/ja4sentinel \ ./cmd/ja4sentinel # ============================================================================= # Stage 2: RPM Builder - Build RPM pour CentOS 7, Rocky 8/9/10, AlmaLinux # ============================================================================= FROM rockylinux:9 AS rpm-builder WORKDIR /package # VERSION must be redeclared for each stage that needs it ARG VERSION=1.0.0 # Install fpm and rpm tools (Rocky Linux 9) # fpm does not require libpcap - only needed for building the Go binary RUN dnf install -y \ rpm \ rpm-build \ ruby \ rubygems \ gcc \ make \ && dnf clean all \ && gem install fpm -v 1.16.0 --no-document # Copy binary from Go builder COPY --from=builder /build/dist/ja4sentinel /tmp/pkgroot/usr/bin/ja4sentinel # Copy systemd service and config directly (not from builder) COPY packaging/systemd/ja4sentinel.service /tmp/pkgroot/usr/lib/systemd/system/ja4sentinel.service COPY packaging/systemd/config.yml /tmp/pkgroot/etc/ja4sentinel/config.yml.default COPY packaging/systemd/config.yml /tmp/pkgroot/usr/share/ja4sentinel/config.yml COPY packaging/rpm/postinst /tmp/scripts/postinst COPY packaging/rpm/prerm /tmp/scripts/prerm COPY packaging/rpm/postrm /tmp/scripts/postrm # Create directories and set permissions RUN mkdir -p /tmp/pkgroot/var/lib/ja4sentinel && \ mkdir -p /tmp/pkgroot/var/log/ja4sentinel && \ mkdir -p /tmp/pkgroot/var/run/ja4sentinel && \ chmod 755 /tmp/pkgroot/usr/bin/ja4sentinel && \ chmod 644 /tmp/pkgroot/usr/lib/systemd/system/ja4sentinel.service && \ chmod 640 /tmp/pkgroot/etc/ja4sentinel/config.yml.default && \ chmod 640 /tmp/pkgroot/usr/share/ja4sentinel/config.yml && \ chmod 750 /tmp/pkgroot/var/lib/ja4sentinel && \ chmod 750 /tmp/pkgroot/var/log/ja4sentinel && \ chmod 750 /tmp/pkgroot/var/run/ja4sentinel && \ chmod 750 /tmp/pkgroot/etc/ja4sentinel && \ chmod 755 /tmp/scripts/* # Build RPM for Rocky Linux 8 (el8) # Note: Requires libpcap at runtime RUN mkdir -p /packages/rpm/el8 && \ fpm -s dir -t rpm \ -n ja4sentinel \ -v "${VERSION}" \ -C /tmp/pkgroot \ --architecture "x86_64" \ --rpm-dist el8 \ --description "JA4 TLS fingerprinting daemon for network monitoring" \ --url "https://github.com/your-repo/ja4sentinel" \ --license "MIT" \ --vendor "JA4Sentinel Team " \ --depends "systemd" \ --depends "libpcap" \ --after-install /tmp/scripts/postinst \ --before-remove /tmp/scripts/prerm \ --after-remove /tmp/scripts/postrm \ -p /packages/rpm/el8/ja4sentinel-${VERSION}-1.el8.x86_64.rpm \ usr/bin/ja4sentinel \ usr/lib/systemd/system/ja4sentinel.service \ etc/ja4sentinel/config.yml.default \ usr/share/ja4sentinel/config.yml \ var/lib/ja4sentinel \ var/log/ja4sentinel \ var/run/ja4sentinel # Build RPM for Rocky Linux 9 (el9) # Note: Requires libpcap at runtime RUN mkdir -p /packages/rpm/el9 && \ fpm -s dir -t rpm \ -n ja4sentinel \ -v "${VERSION}" \ -C /tmp/pkgroot \ --architecture "x86_64" \ --rpm-dist el9 \ --description "JA4 TLS fingerprinting daemon for network monitoring" \ --url "https://github.com/your-repo/ja4sentinel" \ --license "MIT" \ --vendor "JA4Sentinel Team " \ --depends "systemd" \ --depends "libpcap" \ --after-install /tmp/scripts/postinst \ --before-remove /tmp/scripts/prerm \ --after-remove /tmp/scripts/postrm \ -p /packages/rpm/el9/ja4sentinel-${VERSION}-1.el9.x86_64.rpm \ usr/bin/ja4sentinel \ usr/lib/systemd/system/ja4sentinel.service \ etc/ja4sentinel/config.yml.default \ usr/share/ja4sentinel/config.yml \ var/lib/ja4sentinel \ var/log/ja4sentinel \ var/run/ja4sentinel # Build RPM for AlmaLinux 10 (el10) - compatible with Rocky Linux 10 # Note: Requires libpcap at runtime RUN mkdir -p /packages/rpm/el10 && \ fpm -s dir -t rpm \ -n ja4sentinel \ -v "${VERSION}" \ -C /tmp/pkgroot \ --architecture "x86_64" \ --rpm-dist el10 \ --description "JA4 TLS fingerprinting daemon for network monitoring" \ --url "https://github.com/your-repo/ja4sentinel" \ --license "MIT" \ --vendor "JA4Sentinel Team " \ --depends "systemd" \ --depends "libpcap" \ --after-install /tmp/scripts/postinst \ --before-remove /tmp/scripts/prerm \ --after-remove /tmp/scripts/postrm \ -p /packages/rpm/el10/ja4sentinel-${VERSION}-1.el10.x86_64.rpm \ usr/bin/ja4sentinel \ usr/lib/systemd/system/ja4sentinel.service \ etc/ja4sentinel/config.yml.default \ usr/share/ja4sentinel/config.yml \ var/lib/ja4sentinel \ var/log/ja4sentinel \ var/run/ja4sentinel # ============================================================================= # Stage 3: Output - Image finale avec les packages RPM # ============================================================================= FROM alpine:latest AS output WORKDIR /packages COPY --from=rpm-builder /packages/rpm/el8/*.rpm /packages/rpm/el8/ COPY --from=rpm-builder /packages/rpm/el9/*.rpm /packages/rpm/el9/ COPY --from=rpm-builder /packages/rpm/el10/*.rpm /packages/rpm/el10/ CMD ["sh", "-c", "echo '=== RPM Packages (el8 - Rocky 8) ===' && ls -la /packages/rpm/el8/ && echo '' && echo '=== RPM Packages (el9 - Rocky 9) ===' && ls -la /packages/rpm/el9/ && echo '' && echo '=== RPM Packages (el10 - Alma/Rocky 10) ===' && ls -la /packages/rpm/el10/"]