ja4sentinel/Dockerfile.package

# syntax=docker/dockerfile:1
# =============================================================================
# ja4sentinel - Dockerfile de packaging RPM (CentOS 7, Rocky 8/9/10, AlmaLinux)
# =============================================================================

# =============================================================================
# Stage 1: Builder - Compilation du binaire Go sur Rocky Linux 9
# Using Rocky Linux 9 as builder ensures binary compatibility across all RHEL-based distros
# =============================================================================
FROM rockylinux:9 AS builder

WORKDIR /build

# Install dependencies (Go + libpcap for packet capture)
# CRB (CodeReady Builder) repository is required for libpcap-devel
RUN dnf install -y epel-release && \
    dnf config-manager --set-enabled crb && \
    dnf install -y \
    golang \
    git \
    libpcap-devel \
    gcc \
    make \
    && dnf clean all

# Copy go mod files
COPY go.mod go.sum ./

# Download dependencies
RUN go mod download

# Copy source code
COPY . .

# Build binary for Linux
# Binary will be dynamically linked but compatible with all RHEL-based distros
ARG VERSION=1.0.0
ARG BUILD_TIME=""
ARG GIT_COMMIT=""
RUN mkdir -p dist && \
    CGO_ENABLED=1 GOOS=linux GOARCH=amd64 \
    go build -buildvcs=false \
    -ldflags "-X main.Version=${VERSION} -X main.BuildTime=${BUILD_TIME} -X main.GitCommit=${GIT_COMMIT}" \
    -o dist/ja4sentinel \
    ./cmd/ja4sentinel

# =============================================================================
# Stage 2: RPM Builder - Build RPM pour CentOS 7, Rocky 8/9/10, AlmaLinux
# =============================================================================
FROM rockylinux:9 AS rpm-builder

WORKDIR /package

# Install fpm and rpm tools (Rocky Linux 9)
# fpm does not require libpcap - only needed for building the Go binary
RUN dnf install -y \
    rpm \
    rpm-build \
    ruby \
    rubygems \
    gcc \
    make \
    && dnf clean all \
    && gem install fpm -v 1.16.0 --no-document

# Copy binary from Go builder
COPY --from=builder /build/dist/ja4sentinel /tmp/pkgroot/usr/bin/ja4sentinel
# Copy systemd service and config directly (not from builder)
COPY packaging/systemd/ja4sentinel.service /tmp/pkgroot/usr/lib/systemd/system/ja4sentinel.service
COPY packaging/systemd/config.yml /tmp/pkgroot/etc/ja4sentinel/config.yml.default
COPY packaging/systemd/config.yml /tmp/pkgroot/usr/share/ja4sentinel/config.yml
COPY packaging/rpm/postinst /tmp/scripts/postinst
COPY packaging/rpm/prerm /tmp/scripts/prerm
COPY packaging/rpm/postrm /tmp/scripts/postrm

# Create directories and set permissions
RUN mkdir -p /tmp/pkgroot/var/lib/ja4sentinel && \
    mkdir -p /tmp/pkgroot/var/log/ja4sentinel && \
    mkdir -p /tmp/pkgroot/var/run/ja4sentinel && \
    chmod 755 /tmp/pkgroot/usr/bin/ja4sentinel && \
    chmod 644 /tmp/pkgroot/usr/lib/systemd/system/ja4sentinel.service && \
    chmod 640 /tmp/pkgroot/etc/ja4sentinel/config.yml.default && \
    chmod 640 /tmp/pkgroot/usr/share/ja4sentinel/config.yml && \
    chmod 750 /tmp/pkgroot/var/lib/ja4sentinel && \
    chmod 750 /tmp/pkgroot/var/log/ja4sentinel && \
    chmod 750 /tmp/pkgroot/var/run/ja4sentinel && \
    chmod 750 /tmp/pkgroot/etc/ja4sentinel && \
    chmod 755 /tmp/scripts/*

# Build RPM for CentOS 7 (el7)
# Note: Requires libpcap at runtime
ARG VERSION=1.0.0
RUN mkdir -p /packages/rpm/el7 && \
    fpm -s dir -t rpm \
    -n ja4sentinel \
    -v "${VERSION}" \
    -C /tmp/pkgroot \
    --architecture "x86_64" \
    --rpm-dist el7 \
    --description "JA4 TLS fingerprinting daemon for network monitoring" \
    --url "https://github.com/your-repo/ja4sentinel" \
    --license "MIT" \
    --vendor "JA4Sentinel Team <team@example.com>" \
    --depends "systemd" \
    --depends "libpcap" \
    --after-install /tmp/scripts/postinst \
    --before-remove /tmp/scripts/prerm \
    --after-remove /tmp/scripts/postrm \
    -p /packages/rpm/el7/ja4sentinel-${VERSION}-1.el7.x86_64.rpm \
    usr/bin/ja4sentinel \
    usr/lib/systemd/system/ja4sentinel.service \
    etc/ja4sentinel/config.yml.default \
    usr/share/ja4sentinel/config.yml \
    var/lib/ja4sentinel \
    var/log/ja4sentinel \
    var/run/ja4sentinel

# Build RPM for Rocky Linux 8 (el8)
# Note: Requires libpcap at runtime
RUN mkdir -p /packages/rpm/el8 && \
    fpm -s dir -t rpm \
    -n ja4sentinel \
    -v "${VERSION}" \
    -C /tmp/pkgroot \
    --architecture "x86_64" \
    --rpm-dist el8 \
    --description "JA4 TLS fingerprinting daemon for network monitoring" \
    --url "https://github.com/your-repo/ja4sentinel" \
    --license "MIT" \
    --vendor "JA4Sentinel Team <team@example.com>" \
    --depends "systemd" \
    --depends "libpcap" \
    --after-install /tmp/scripts/postinst \
    --before-remove /tmp/scripts/prerm \
    --after-remove /tmp/scripts/postrm \
    -p /packages/rpm/el8/ja4sentinel-${VERSION}-1.el8.x86_64.rpm \
    usr/bin/ja4sentinel \
    usr/lib/systemd/system/ja4sentinel.service \
    etc/ja4sentinel/config.yml.default \
    usr/share/ja4sentinel/config.yml \
    var/lib/ja4sentinel \
    var/log/ja4sentinel \
    var/run/ja4sentinel

# Build RPM for Rocky Linux 9 (el9)
# Note: Requires libpcap at runtime
RUN mkdir -p /packages/rpm/el9 && \
    fpm -s dir -t rpm \
    -n ja4sentinel \
    -v "${VERSION}" \
    -C /tmp/pkgroot \
    --architecture "x86_64" \
    --rpm-dist el9 \
    --description "JA4 TLS fingerprinting daemon for network monitoring" \
    --url "https://github.com/your-repo/ja4sentinel" \
    --license "MIT" \
    --vendor "JA4Sentinel Team <team@example.com>" \
    --depends "systemd" \
    --depends "libpcap" \
    --after-install /tmp/scripts/postinst \
    --before-remove /tmp/scripts/prerm \
    --after-remove /tmp/scripts/postrm \
    -p /packages/rpm/el9/ja4sentinel-${VERSION}-1.el9.x86_64.rpm \
    usr/bin/ja4sentinel \
    usr/lib/systemd/system/ja4sentinel.service \
    etc/ja4sentinel/config.yml.default \
    usr/share/ja4sentinel/config.yml \
    var/lib/ja4sentinel \
    var/log/ja4sentinel \
    var/run/ja4sentinel

# Build RPM for AlmaLinux 10 (el10) - compatible with Rocky Linux 10
# Note: Requires libpcap at runtime
RUN mkdir -p /packages/rpm/el10 && \
    fpm -s dir -t rpm \
    -n ja4sentinel \
    -v "${VERSION}" \
    -C /tmp/pkgroot \
    --architecture "x86_64" \
    --rpm-dist el10 \
    --description "JA4 TLS fingerprinting daemon for network monitoring" \
    --url "https://github.com/your-repo/ja4sentinel" \
    --license "MIT" \
    --vendor "JA4Sentinel Team <team@example.com>" \
    --depends "systemd" \
    --depends "libpcap" \
    --after-install /tmp/scripts/postinst \
    --before-remove /tmp/scripts/prerm \
    --after-remove /tmp/scripts/postrm \
    -p /packages/rpm/el10/ja4sentinel-${VERSION}-1.el10.x86_64.rpm \
    usr/bin/ja4sentinel \
    usr/lib/systemd/system/ja4sentinel.service \
    etc/ja4sentinel/config.yml.default \
    usr/share/ja4sentinel/config.yml \
    var/lib/ja4sentinel \
    var/log/ja4sentinel \
    var/run/ja4sentinel

# =============================================================================
# Stage 3: Output - Image finale avec les packages RPM
# =============================================================================
FROM alpine:latest AS output

WORKDIR /packages
COPY --from=rpm-builder /packages/rpm/el7/*.rpm /packages/rpm/el7/
COPY --from=rpm-builder /packages/rpm/el8/*.rpm /packages/rpm/el8/
COPY --from=rpm-builder /packages/rpm/el9/*.rpm /packages/rpm/el9/
COPY --from=rpm-builder /packages/rpm/el10/*.rpm /packages/rpm/el10/

CMD ["sh", "-c", "echo '=== RPM Packages (el7 - CentOS 7) ===' && ls -la /packages/rpm/el7/ && echo '' && echo '=== RPM Packages (el8 - Rocky 8) ===' && ls -la /packages/rpm/el8/ && echo '' && echo '=== RPM Packages (el9 - Rocky 9) ===' && ls -la /packages/rpm/el9/ && echo '' && echo '=== RPM Packages (el10 - Alma/Rocky 10) ===' && ls -la /packages/rpm/el10/"]