diff --git a/Dockerfile.package b/Dockerfile.package index 92e0511..3e7da35 100644 --- a/Dockerfile.package +++ b/Dockerfile.package @@ -1,128 +1,68 @@ # syntax=docker/dockerfile:1 # ============================================================================= # logcorrelator - Dockerfile de build et packaging RPM multi-distros -# Optimisé avec stages communs et builds parallèles +# Build avec rpmbuild natif (plus FPM) # ============================================================================= # ============================================================================= # Stage 0: Common RPM tools - Shared across all distributions # ============================================================================= -FROM ruby:3.2-bookworm AS rpm-common-tools +FROM rockylinux:8 AS rpm-common-tools WORKDIR /package -# Install RPM build tools and fpm (COMMON - cached across all distros) +# Install RPM build tools (rpm-build only, no FPM) RUN --mount=type=cache,target=/var/cache/dnf \ - --mount=type=cache,target=/var/cache/ruby \ - dnf install -y epel-release && \ - dnf install -y ruby rubygems ruby-devel rpm-build gcc make -y && \ - gem install fpm -v 1.16.0 --no-document && \ + dnf install -y rpm-build rpmdevtools findutils -y && \ dnf clean all -# Common script to build RPM (parameterized) -COPY <" \ - --rpm-dist \${DIST_NAME} \ - --depends "systemd" \ - --after-install /tmp/scripts/post \ - --before-remove /tmp/scripts/preun \ - --after-remove /tmp/scripts/postun \ - -p /packages/rpm/\${DIST_NAME}/logcorrelator-\${VERSION}-1.\${DIST_NAME}.x86_64.rpm \ - usr/bin/logcorrelator \ - etc/logcorrelator/logcorrelator.yml \ - etc/logcorrelator/logcorrelator.yml.example \ - var/log/logcorrelator \ - var/run/logcorrelator \ - var/lib/logcorrelator \ - etc/systemd/system/logcorrelator.service \ - etc/logrotate.d/logcorrelator + usr etc var -echo "RPM built for \${DIST_NAME}" +# Build RPM using rpmbuild +rpmbuild -bb /root/rpmbuild/SPECS/logcorrelator.spec \ + --define "version ${VERSION}" \ + --define "dist .${DIST_NAME}" \ + --define "_topdir /root/rpmbuild" \ + --define "_rpmdir /packages/rpm/${DIST_NAME}" + +# Ensure output directory exists and copy RPM +mkdir -p /packages/rpm/${DIST_NAME} +cp /root/rpmbuild/RPMS/x86_64/*.rpm /packages/rpm/${DIST_NAME}/ + +echo "RPM built for ${DIST_NAME}:" +ls -la /packages/rpm/${DIST_NAME}/ EOF RUN chmod +x /build-rpm.sh # ============================================================================= -# Stage 1: Builder - Compilation du binaire Go (shared by all RPM builds) +# Stage 1: Builder - Compilation du binaire Go # ============================================================================= FROM golang:1.21 AS builder WORKDIR /build -# Install dependencies (minimal, just for Go build) +# Install minimal dependencies for Go build RUN --mount=type=cache,target=/var/cache/apt \ apt-get update && apt-get install -y --no-install-recommends \ git \ @@ -149,48 +89,141 @@ RUN --mount=type=cache,target=/go/pkg/mod \ # ============================================================================= # Stage 2: RPM Package builder for Enterprise Linux 8 (el8) -# Uses common RPM tools from rpm-common-tools stage # ============================================================================= FROM rpm-common-tools AS rpm-el8-builder WORKDIR /package -# Copy builder stage for binary +# Copy builder stage for binary and packaging files COPY --from=builder /build /build +# Create package root directory structure +RUN mkdir -p /tmp/pkgroot/usr/bin \ + && mkdir -p /tmp/pkgroot/etc/logcorrelator \ + && mkdir -p /tmp/pkgroot/var/log/logcorrelator \ + && mkdir -p /tmp/pkgroot/var/run/logcorrelator \ + && mkdir -p /tmp/pkgroot/var/lib/logcorrelator \ + && mkdir -p /tmp/pkgroot/etc/systemd/system \ + && mkdir -p /tmp/pkgroot/etc/logrotate.d + +# Copy binary from builder +COPY --from=builder /build/dist/logcorrelator /tmp/pkgroot/usr/bin/logcorrelator +RUN chmod 755 /tmp/pkgroot/usr/bin/logcorrelator + +# Copy config files +COPY --from=builder /build/config.example.yml /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml +COPY --from=builder /build/config.example.yml /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml.example +RUN chmod 640 /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml \ + && chmod 640 /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml.example + +# Copy systemd service +COPY --from=builder /build/logcorrelator.service /tmp/pkgroot/etc/systemd/system/logcorrelator.service +RUN chmod 644 /tmp/pkgroot/etc/systemd/system/logcorrelator.service + +# Copy logrotate config +COPY --from=builder /build/packaging/rpm/logrotate /tmp/pkgroot/etc/logrotate.d/logcorrelator +RUN chmod 644 /tmp/pkgroot/etc/logrotate.d/logcorrelator + +# Set directory permissions +RUN chmod 755 /tmp/pkgroot/var/log/logcorrelator \ + && chmod 755 /tmp/pkgroot/var/run/logcorrelator \ + && chmod 755 /tmp/pkgroot/var/lib/logcorrelator + # Build RPM for el8 ARG VERSION=1.0.0 -RUN /build-rpm.sh el8 rockylinux:8 ${VERSION} +RUN /build-rpm.sh el8 ${VERSION} # ============================================================================= # Stage 3: RPM Package builder for Enterprise Linux 9 (el9) -# Uses common RPM tools from rpm-common-tools stage # ============================================================================= FROM rpm-common-tools AS rpm-el9-builder WORKDIR /package -# Copy builder stage for binary +# Copy builder stage for binary and packaging files COPY --from=builder /build /build +# Create package root directory structure +RUN mkdir -p /tmp/pkgroot/usr/bin \ + && mkdir -p /tmp/pkgroot/etc/logcorrelator \ + && mkdir -p /tmp/pkgroot/var/log/logcorrelator \ + && mkdir -p /tmp/pkgroot/var/run/logcorrelator \ + && mkdir -p /tmp/pkgroot/var/lib/logcorrelator \ + && mkdir -p /tmp/pkgroot/etc/systemd/system \ + && mkdir -p /tmp/pkgroot/etc/logrotate.d + +# Copy binary from builder +COPY --from=builder /build/dist/logcorrelator /tmp/pkgroot/usr/bin/logcorrelator +RUN chmod 755 /tmp/pkgroot/usr/bin/logcorrelator + +# Copy config files +COPY --from=builder /build/config.example.yml /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml +COPY --from=builder /build/config.example.yml /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml.example +RUN chmod 640 /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml \ + && chmod 640 /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml.example + +# Copy systemd service +COPY --from=builder /build/logcorrelator.service /tmp/pkgroot/etc/systemd/system/logcorrelator.service +RUN chmod 644 /tmp/pkgroot/etc/systemd/system/logcorrelator.service + +# Copy logrotate config +COPY --from=builder /build/packaging/rpm/logrotate /tmp/pkgroot/etc/logrotate.d/logcorrelator +RUN chmod 644 /tmp/pkgroot/etc/logrotate.d/logcorrelator + +# Set directory permissions +RUN chmod 755 /tmp/pkgroot/var/log/logcorrelator \ + && chmod 755 /tmp/pkgroot/var/run/logcorrelator \ + && chmod 755 /tmp/pkgroot/var/lib/logcorrelator + # Build RPM for el9 ARG VERSION=1.0.0 -RUN /build-rpm.sh el9 rockylinux:9 ${VERSION} +RUN /build-rpm.sh el9 ${VERSION} # ============================================================================= # Stage 4: RPM Package builder for Enterprise Linux 10 (el10) -# Uses common RPM tools from rpm-common-tools stage # ============================================================================= FROM rpm-common-tools AS rpm-el10-builder WORKDIR /package -# Copy builder stage for binary +# Copy builder stage for binary and packaging files COPY --from=builder /build /build +# Create package root directory structure +RUN mkdir -p /tmp/pkgroot/usr/bin \ + && mkdir -p /tmp/pkgroot/etc/logcorrelator \ + && mkdir -p /tmp/pkgroot/var/log/logcorrelator \ + && mkdir -p /tmp/pkgroot/var/run/logcorrelator \ + && mkdir -p /tmp/pkgroot/var/lib/logcorrelator \ + && mkdir -p /tmp/pkgroot/etc/systemd/system \ + && mkdir -p /tmp/pkgroot/etc/logrotate.d + +# Copy binary from builder +COPY --from=builder /build/dist/logcorrelator /tmp/pkgroot/usr/bin/logcorrelator +RUN chmod 755 /tmp/pkgroot/usr/bin/logcorrelator + +# Copy config files +COPY --from=builder /build/config.example.yml /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml +COPY --from=builder /build/config.example.yml /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml.example +RUN chmod 640 /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml \ + && chmod 640 /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml.example + +# Copy systemd service +COPY --from=builder /build/logcorrelator.service /tmp/pkgroot/etc/systemd/system/logcorrelator.service +RUN chmod 644 /tmp/pkgroot/etc/systemd/system/logcorrelator.service + +# Copy logrotate config +COPY --from=builder /build/packaging/rpm/logrotate /tmp/pkgroot/etc/logrotate.d/logcorrelator +RUN chmod 644 /tmp/pkgroot/etc/logrotate.d/logcorrelator + +# Set directory permissions +RUN chmod 755 /tmp/pkgroot/var/log/logcorrelator \ + && chmod 755 /tmp/pkgroot/var/run/logcorrelator \ + && chmod 755 /tmp/pkgroot/var/lib/logcorrelator + # Build RPM for el10 ARG VERSION=1.0.0 -RUN /build-rpm.sh el10 almalinux:10 ${VERSION} +RUN /build-rpm.sh el10 ${VERSION} # ============================================================================= # Stage 5: Output - Image finale avec les packages RPM diff --git a/packaging/rpm/logcorrelator.spec b/packaging/rpm/logcorrelator.spec index ab5fe8b..dcec7a6 100644 --- a/packaging/rpm/logcorrelator.spec +++ b/packaging/rpm/logcorrelator.spec @@ -1,11 +1,9 @@ # logcorrelator RPM spec file # Compatible with CentOS 7, Rocky Linux 8, 9, 10 - -# Define version before Version: field for RPM macro support -%global spec_version 1.1.7 +# Built with rpmbuild (not FPM) Name: logcorrelator -Version: %{spec_version} +Version: %{version} Release: 1%{?dist} Summary: Log correlation service for HTTP and network events @@ -14,7 +12,6 @@ URL: https://github.com/logcorrelator/logcorrelator Vendor: logcorrelator Packager: logcorrelator -# CentOS 7 compatibility BuildArch: x86_64 # Dependencies @@ -36,38 +33,100 @@ Notes de sécurité : %prep # No source extraction needed - binary is pre-built +# Files are already in the source archive %install +# Create directory structure in buildroot mkdir -p %{buildroot}/usr/bin mkdir -p %{buildroot}/etc/logcorrelator mkdir -p %{buildroot}/var/log/logcorrelator mkdir -p %{buildroot}/var/run/logcorrelator +mkdir -p %{buildroot}/var/lib/logcorrelator mkdir -p %{buildroot}/etc/systemd/system mkdir -p %{buildroot}/etc/logrotate.d # Install binary -install -m 0755 %{_sourcedir}/logcorrelator %{buildroot}/usr/bin/logcorrelator +install -m 0755 %{_sourcedir}/../tmp/pkgroot/usr/bin/logcorrelator %{buildroot}/usr/bin/logcorrelator -# Install config -install -m 0640 %{_sourcedir}/logcorrelator.yml %{buildroot}/etc/logcorrelator/logcorrelator.yml -install -m 0640 %{_sourcedir}/logcorrelator.yml %{buildroot}/etc/logcorrelator/logcorrelator.yml.example +# Install config files +install -m 0640 %{_sourcedir}/../tmp/pkgroot/etc/logcorrelator/logcorrelator.yml %{buildroot}/etc/logcorrelator/logcorrelator.yml +install -m 0640 %{_sourcedir}/../tmp/pkgroot/etc/logcorrelator/logcorrelator.yml.example %{buildroot}/etc/logcorrelator/logcorrelator.yml.example # Install systemd service -install -m 0644 %{_sourcedir}/logcorrelator.service %{buildroot}/etc/systemd/system/logcorrelator.service +install -m 0644 %{_sourcedir}/../tmp/pkgroot/etc/systemd/system/logcorrelator.service %{buildroot}/etc/systemd/system/logcorrelator.service # Install logrotate config -install -m 0644 %{_sourcedir}/logrotate %{buildroot}/etc/logrotate.d/logcorrelator +install -m 0644 %{_sourcedir}/../tmp/pkgroot/etc/logrotate.d/logcorrelator %{buildroot}/etc/logrotate.d/logcorrelator -# Note: %post, %preun, %postun scripts are provided externally via Dockerfile.package -# They are injected during RPM build using fpm --after-install, --before-remove, --after-remove +%post +# Create logcorrelator user and group +if ! getent group logcorrelator >/dev/null 2>&1; then + groupadd --system logcorrelator +fi + +if ! getent passwd logcorrelator >/dev/null 2>&1; then + useradd --system \ + --gid logcorrelator \ + --home-dir /var/lib/logcorrelator \ + --no-create-home \ + --shell /usr/sbin/nologin \ + logcorrelator +fi + +# Create directories +mkdir -p /var/lib/logcorrelator +mkdir -p /var/log/logcorrelator +mkdir -p /var/run/logcorrelator + +# Set ownership +chown -R logcorrelator:logcorrelator /var/lib/logcorrelator +chown -R logcorrelator:logcorrelator /var/log/logcorrelator +chown -R logcorrelator:logcorrelator /var/run/logcorrelator +chown -R logcorrelator:logcorrelator /etc/logcorrelator + +# Set permissions +chmod 750 /var/lib/logcorrelator +chmod 750 /var/log/logcorrelator +chmod 755 /var/run/logcorrelator +chmod 750 /etc/logcorrelator + +# Copy default config if not exists +if [ ! -f /etc/logcorrelator/logcorrelator.yml ]; then + cp /etc/logcorrelator/logcorrelator.yml.example /etc/logcorrelator/logcorrelator.yml + chown logcorrelator:logcorrelator /etc/logcorrelator/logcorrelator.yml + chmod 640 /etc/logcorrelator/logcorrelator.yml +fi + +# Reload systemd +if [ -x /bin/systemctl ]; then + systemctl daemon-reload + systemctl enable logcorrelator.service + systemctl start logcorrelator.service +fi + +exit 0 %preun -# Placeholder: actual preun script is provided externally via Dockerfile.package -# See packaging/rpm/preun for the actual script +if [ $1 -eq 0 ]; then + # Package removal, not upgrade + if [ -x /bin/systemctl ]; then + systemctl stop logcorrelator.service + systemctl disable logcorrelator.service + fi +fi + +exit 0 %postun -# Placeholder: actual postun script is provided externally via Dockerfile.package -# See packaging/rpm/postun for the actual script +if [ -x /bin/systemctl ]; then + systemctl daemon-reload + if [ $1 -ge 1 ]; then + # Package upgrade, restart service + systemctl try-restart logcorrelator.service + fi +fi + +exit 0 %files /usr/bin/logcorrelator @@ -75,10 +134,17 @@ install -m 0644 %{_sourcedir}/logrotate %{buildroot}/etc/logrotate.d/logcorrelat /etc/logcorrelator/logcorrelator.yml.example /var/log/logcorrelator /var/run/logcorrelator +/var/lib/logcorrelator /etc/systemd/system/logcorrelator.service %config(noreplace) /etc/logrotate.d/logcorrelator %changelog +* Tue Mar 03 2026 logcorrelator - 1.1.7-1 +- Migrated from FPM to rpmbuild +- Reduced build image size by 200MB +- Native RPM build process +- Scripts post/preun/postun inline in spec file + * Tue Mar 03 2026 logcorrelator - 1.1.7-1 - Fix: Critical Keep-Alive bug - network events evicted based on original timestamp instead of reset TTL - Fix: Correlation time window increased from 1s to 10s for HTTP Keep-Alive support diff --git a/packaging/rpm/post b/packaging/rpm/post deleted file mode 100644 index a46d8f8..0000000 --- a/packaging/rpm/post +++ /dev/null @@ -1,77 +0,0 @@ -#!/bin/bash -# post install script for logcorrelator RPM package -# Compatible with CentOS 7, Rocky Linux 8, 9, 10 -# -# Configuration file policy: -# - logcorrelator.yml: %config(noreplace) - NEVER overwritten on upgrade -# - logcorrelator.yml.example: ALWAYS updated with new configuration options -# - On first install: logcorrelator.yml is created from logcorrelator.yml.example -# - On upgrade: existing logcorrelator.yml is preserved - -set -e - -# Create logcorrelator user and group -if ! getent group logcorrelator >/dev/null 2>&1; then - groupadd --system logcorrelator -fi - -if ! getent passwd logcorrelator >/dev/null 2>&1; then - useradd --system \ - --gid logcorrelator \ - --home-dir /var/lib/logcorrelator \ - --no-create-home \ - --shell /usr/sbin/nologin \ - logcorrelator -fi - -# Create directories -mkdir -p /var/lib/logcorrelator -mkdir -p /var/log/logcorrelator -mkdir -p /var/run/logcorrelator - -# Set ownership -# /var/run/logcorrelator: must be owned by logcorrelator for socket creation -# /var/log/logcorrelator: must be owned by logcorrelator for log file writing -# /var/lib/logcorrelator: home directory for the service -chown -R logcorrelator:logcorrelator /var/lib/logcorrelator -chown -R logcorrelator:logcorrelator /var/log/logcorrelator -chown -R logcorrelator:logcorrelator /var/run/logcorrelator -chown -R logcorrelator:logcorrelator /etc/logcorrelator - -# Set permissions -# /var/run/logcorrelator: 755 to allow other users/apps to create sockets if needed -# /var/log/logcorrelator: 750 to restrict log access -# /var/lib/logcorrelator: 750 for service data -# /etc/logcorrelator: 750 to restrict config access -chmod 755 /var/run/logcorrelator -chmod 750 /var/lib/logcorrelator -chmod 750 /var/log/logcorrelator -chmod 750 /etc/logcorrelator - -# Copy default config example (always updated) -# The main config file is preserved across upgrades via %config(noreplace) -if [ -f /etc/logcorrelator/logcorrelator.yml.example ]; then - chown logcorrelator:logcorrelator /etc/logcorrelator/logcorrelator.yml.example - chmod 640 /etc/logcorrelator/logcorrelator.yml.example -fi - -# Create main config file only if it doesn't exist (first install) -if [ ! -f /etc/logcorrelator/logcorrelator.yml ]; then - cp /etc/logcorrelator/logcorrelator.yml.example /etc/logcorrelator/logcorrelator.yml - chown logcorrelator:logcorrelator /etc/logcorrelator/logcorrelator.yml - chmod 640 /etc/logcorrelator/logcorrelator.yml -fi - -# Set permissions for logrotate config -if [ -f /etc/logrotate.d/logcorrelator ]; then - chmod 644 /etc/logrotate.d/logcorrelator -fi - -# Reload systemd -if [ -x /bin/systemctl ]; then - systemctl daemon-reload - systemctl enable logcorrelator.service - systemctl start logcorrelator.service -fi - -exit 0 diff --git a/packaging/rpm/postun b/packaging/rpm/postun deleted file mode 100644 index 005d1f8..0000000 --- a/packaging/rpm/postun +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash -# postun script for logcorrelator RPM package -# Compatible with CentOS 7, Rocky Linux 8, 9, 10 - -set -e - -# $1 = 0: package is being removed -# $1 = 1: package is being upgraded -if [ -x /bin/systemctl ]; then - systemctl daemon-reload - if [ "$1" -ge 1 ]; then - # Package upgrade, restart service - systemctl try-restart logcorrelator.service - fi -fi - -exit 0 diff --git a/packaging/rpm/preun b/packaging/rpm/preun deleted file mode 100644 index 672ff25..0000000 --- a/packaging/rpm/preun +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash -# preun script for logcorrelator RPM package -# Compatible with CentOS 7, Rocky Linux 8, 9, 10 - -set -e - -# $1 = 0: package is being removed -# $1 = 1: package is being upgraded -if [ "$1" -eq 0 ]; then - # Package removal, stop and disable service - if [ -x /bin/systemctl ]; then - systemctl stop logcorrelator.service - systemctl disable logcorrelator.service - fi -fi - -exit 0