ja4sentinel/packaging/build-deb.sh

#!/bin/bash
# Build script for .deb package
# Usage: ./build-deb.sh [version] [architecture] [distribution]
# distribution: debian, ubuntu (default: debian)

set -e

# Sanitize version for Debian package (must start with digit)
VERSION="${1:-1.0.0}"
ARCH="${2:-amd64}"
DIST="${3:-debian}"
PACKAGE_NAME="ja4sentinel"

# Convert git version to Debian-compatible format
# Remove 'v' prefix if present, replace invalid chars with '-'
DEB_VERSION="${VERSION#v}"
DEB_VERSION="${DEB_VERSION//+/-}"

echo "=== Building ${PACKAGE_NAME} ${DEB_VERSION} for ${DIST} (${ARCH}) ==="

# Directories
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
BUILD_DIR="${PROJECT_ROOT}/build/deb"
PACKAGE_DIR="${BUILD_DIR}/${PACKAGE_NAME}_${DEB_VERSION}_${ARCH}"

# Clean and create build directory
rm -rf "${BUILD_DIR}"
mkdir -p "${PACKAGE_DIR}"

# Create package structure
mkdir -p "${PACKAGE_DIR}/usr/bin"
mkdir -p "${PACKAGE_DIR}/etc/ja4sentinel"
mkdir -p "${PACKAGE_DIR}/var/lib/ja4sentinel"
mkdir -p "${PACKAGE_DIR}/var/log/ja4sentinel"
mkdir -p "${PACKAGE_DIR}/var/run/ja4sentinel"
mkdir -p "${PACKAGE_DIR}/usr/lib/systemd/system"
mkdir -p "${PACKAGE_DIR}/usr/share/ja4sentinel"
mkdir -p "${PACKAGE_DIR}/DEBIAN"

# Copy binary (build if not exists)
if [ ! -f "${PROJECT_ROOT}/dist/ja4sentinel-linux-amd64" ]; then
    echo "Building binary..."
    cd "${PROJECT_ROOT}"
    make build-linux
fi
cp "${PROJECT_ROOT}/dist/ja4sentinel-linux-amd64" "${PACKAGE_DIR}/usr/bin/ja4sentinel"
chmod 755 "${PACKAGE_DIR}/usr/bin/ja4sentinel"

# Copy systemd service
cp "${SCRIPT_DIR}/systemd/ja4sentinel.service" "${PACKAGE_DIR}/usr/lib/systemd/system/ja4sentinel.service"
chmod 644 "${PACKAGE_DIR}/usr/lib/systemd/system/ja4sentinel.service"

# Copy default config
cp "${SCRIPT_DIR}/systemd/config.yml" "${PACKAGE_DIR}/etc/ja4sentinel/config.yml.default"
cp "${SCRIPT_DIR}/systemd/config.yml" "${PACKAGE_DIR}/usr/share/ja4sentinel/config.yml"
chmod 640 "${PACKAGE_DIR}/etc/ja4sentinel/config.yml.default"
chmod 640 "${PACKAGE_DIR}/usr/share/ja4sentinel/config.yml"

# Copy maintainer scripts
cp "${SCRIPT_DIR}/deb/postinst" "${PACKAGE_DIR}/DEBIAN/postinst"
cp "${SCRIPT_DIR}/deb/prerm" "${PACKAGE_DIR}/DEBIAN/prerm"
cp "${SCRIPT_DIR}/deb/postrm" "${PACKAGE_DIR}/DEBIAN/postrm"
chmod 755 "${PACKAGE_DIR}/DEBIAN/postinst"
chmod 755 "${PACKAGE_DIR}/DEBIAN/prerm"
chmod 755 "${PACKAGE_DIR}/DEBIAN/postrm"

# Create control file
cat > "${PACKAGE_DIR}/DEBIAN/control" << EOF
Package: ${PACKAGE_NAME}
Version: ${DEB_VERSION}
Section: net
Priority: optional
Architecture: ${ARCH}
Depends: systemd, libpcap0.8
Maintainer: JA4Sentinel Team <team@example.com>
Description: JA4 TLS fingerprinting daemon
 JA4Sentinel is a Go-based tool for capturing network traffic on Linux servers,
 extracting client-side TLS handshakes, generating JA4 signatures, enriching
 with IP/TCP metadata, and logging results to configurable outputs.
 .
 Features:
 - Network packet capture with BPF filters
 - TLS ClientHello extraction
 - JA4/JA3 fingerprint generation
 - IP/TCP metadata enrichment
 - Multiple output formats (stdout, file, UNIX socket)
 - Structured JSON logging for systemd/journald
Homepage: https://github.com/your-repo/ja4sentinel
EOF

# Create conffiles
echo "/etc/ja4sentinel/config.yml.default" > "${PACKAGE_DIR}/DEBIAN/conffiles"

# Build the package
echo "Building .deb package..."
cd "${BUILD_DIR}"
dpkg-deb --build "${PACKAGE_NAME}_${DEB_VERSION}_${ARCH}"

# Calculate checksum
cd "${BUILD_DIR}"
sha256sum "${PACKAGE_NAME}_${DEB_VERSION}_${ARCH}.deb" > "${PACKAGE_NAME}_${DEB_VERSION}_${ARCH}.deb.sha256"

echo ""
echo "=== Build complete ==="
echo "Package: ${BUILD_DIR}/${PACKAGE_NAME}_${DEB_VERSION}_${ARCH}.deb"
echo "Checksum: $(cat ${PACKAGE_NAME}_${DEB_VERSION}_${ARCH}.deb.sha256)"