From 1ec558e559a48c337fb20e5532fe8ae48c624fd9 Mon Sep 17 00:00:00 2001 From: ppom Date: Fri, 21 Feb 2025 12:00:00 +0100 Subject: [PATCH] v2.0.0-rc2 release - Cross compilation to amd64 and arm64 - Fully static binaries - Debian packages - Man pages - Shell completions - Systemd service --- Cargo.lock | 2 +- Cargo.toml | 16 +- Makefile | 47 +- README.md | 39 +- config/reaction.service | 20 + debian/changelog | 17 - debian/control | 23 - debian/copyright | 678 ------------------ debian/reaction.dirs | 3 - debian/reaction.lintian-overrides | 1 - debian/reaction@.service | 13 - debian/rules | 8 - debian/source/format | 1 - packaging/Makefile | 22 + .../reaction@.service | 8 +- release.py | 320 +++++---- 16 files changed, 259 insertions(+), 959 deletions(-) create mode 100644 config/reaction.service delete mode 100644 debian/changelog delete mode 100644 debian/control delete mode 100644 debian/copyright delete mode 100644 debian/reaction.dirs delete mode 100644 debian/reaction.lintian-overrides delete mode 100644 debian/reaction@.service delete mode 100755 debian/rules delete mode 100644 debian/source/format create mode 100644 packaging/Makefile rename config/reaction.example.service => packaging/reaction@.service (91%) diff --git a/Cargo.lock b/Cargo.lock index a62b42e..291b397 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -889,7 +889,7 @@ dependencies = [ [[package]] name = "reaction" -version = "2.0.0-rc1" +version = "2.0.0-rc2" dependencies = [ "bincode", "chrono", diff --git a/Cargo.toml b/Cargo.toml index 136849f..bcf990f 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "reaction" -version = "2.0.0-rc1" +version = "2.0.0-rc2" edition = "2021" authors = ["ppom "] license = "AGPL-3.0" @@ -11,6 +11,20 @@ repository = "https://framagit.org/ppom/reaction" keywords = ["security", "sysadmin", "fail2ban", "logs", "monitoring"] build = "build.rs" +[package.metadata.deb] +maintainer-scripts = "packaging/" +systemd-units = { enable = false } +assets = [ + # Executable + [ "target/release/reaction", "/usr/bin/reaction", "755" ], + # Man pages + [ "target/release/reaction*.1", "/usr/share/man/man1/", "644" ], + # Shell completions + [ "target/release/reaction.bash", "/usr/share/bash-completion/completions/reaction", "644" ], + [ "target/release/reaction.fish", "/usr/share/fish/completions/", "644" ], + [ "target/release/_reaction", "/usr/share/zsh/vendor-completions/", "644" ], +] + [dependencies] bincode = "1.3.3" chrono = { version = "0.4.38", features = ["std", "clock", "serde"] } diff --git a/Makefile b/Makefile index 8256c85..52a3af8 100644 --- a/Makefile +++ b/Makefile @@ -4,50 +4,19 @@ BINDIR = $(PREFIX)/bin MANDIR = $(PREFIX)/share/man/man1 SYSTEMDDIR ?= /etc/systemd -all: reaction ip46tables nft46 +all: reaction clean: - rm -f reaction ip46tables nft46 reaction*.deb reaction.minisig ip46tables.minisig nft46.minisig reaction*.deb.minisig - rm -rf debian-packaging cargo clean -ip46tables: helpers_c/ip46tables.c - $(CC) -s -static helpers_c/ip46tables.c -o ip46tables - -nft46: helpers_c/nft46.c - $(CC) -s -static helpers_c/nft46.c -o nft46 - -reaction: src/* src/*/* src/*/*/* Cargo.toml Cargo.lock build.rs +reaction: cargo build --release -reaction_%-1_amd64.deb: - apt-get -qq -y update - apt-get -qq -y install build-essential devscripts debhelper quilt wget - if [ -e debian-packaging ]; then rm -rf debian-packaging; fi - mkdir debian-packaging - wget "https://framagit.org/ppom/reaction/-/archive/v${*}/reaction-v${*}.tar.gz" -O "debian-packaging/reaction_${*}.orig.tar.gz" - cd debian-packaging && tar xf "reaction_${*}.orig.tar.gz" - cp -r debian "debian-packaging/reaction-v${*}" - if [ -e "debian/changelog" ]; then \ - cd "debian-packaging/reaction-v${*}" && \ - DEBFULLNAME=ppom DEBEMAIL=reaction@ppom.me dch --package reaction --newversion "${*}-1" "New upstream release."; \ - else \ - cd "debian-packaging/reaction-v${*}" && \ - DEBFULLNAME=ppom DEBEMAIL=reaction@ppom.me dch --create --package reaction --newversion "${*}-1" "Initial release."; \ - fi - cd "debian-packaging/reaction-v${*}" && DEBFULLNAME=ppom DEBEMAIL=reaction@ppom.me dch --release --distribution stable --urgency low "" - cd "debian-packaging/reaction-v${*}" && debuild --prepend-path=/go/bin:/usr/local/go/bin -us -uc - cp "debian-packaging/reaction-v${*}/debian/changelog" debian/ - cp "debian-packaging/reaction_${*}-1_amd64.deb" . - -signatures_%: reaction_%-1_amd64.deb reaction ip46tables nft46 - minisign -Sm nft46 ip46tables reaction reaction_${*}-1_amd64.deb - -install: all - install -m755 reaction $(DESTDIR)$(BINDIR) - install -m755 ip46tables $(DESTDIR)$(BINDIR) - install -m755 nft46 $(DESTDIR)$(BINDIR) +install: reaction + install -m755 target/release/reaction $(DESTDIR)$(BINDIR) + install -m755 target/release/ip46tables $(DESTDIR)$(BINDIR) + install -m755 target/release/nft46 $(DESTDIR)$(BINDIR) install_systemd: install - install -m644 config/reaction.example.service $(SYSTEMDDIR)/system/reaction.service - sed -i 's#/usr/bin#$(DESTDIR)$(BINDIR)#' $(SYSTEMDDIR)/system/reaction.service + install -m644 packaging/reaction.service $(SYSTEMDDIR)/system/reaction.service + sed -i 's#/usr/local/bin#$(DESTDIR)$(BINDIR)#' $(SYSTEMDDIR)/system/reaction.service diff --git a/README.md b/README.md index 0028631..725e0d8 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ A common usage is to scan ssh and webserver logs, and to ban hosts that cause mu ## Current project status -reaction just reached v2.0.0-rc1 version, which is a complete rust rewrite of reaction. +reaction just reached v2.0.0-rc2 version, which is a complete rust rewrite of reaction. It's in feature parity with the Go version, and breaking changes should be small. See https://reaction.ppom.me/migrate-to-v2.html @@ -160,44 +160,15 @@ We recommend that you read the ***Good Practices*** chapters before starting. ### Binaries -Executables are provided [here](https://framagit.org/ppom/reaction/-/releases/), for a standard x86-64 linux machine. +Executables and .deb packages are provided [in the releases page](https://framagit.org/ppom/reaction/-/releases/), for x86-64/amd64 linux and aarch64/arm64 linux. -A standard place to put such executables is `/usr/local/bin/`. +Signature verification and installation instructions are provided in the releases page. -> Provided binaries in the previous section are compiled this way: -```shell -$ docker run -it --rm -e HOME=/tmp/ -v $(pwd):/tmp/code -w /tmp/code -u $(id -u) rust make clean reaction.deb -$ make signatures -``` -#### Signature verification - -Starting at v1.0.3, all binaries are signed with public key `RWSpLTPfbvllNqRrXUgZzM7mFjLUA7PQioAItz80ag8uU4A2wtoT2DzX`. You can check their authenticity with minisign: -```bash -minisign -VP RWSpLTPfbvllNqRrXUgZzM7mFjLUA7PQioAItz80ag8uU4A2wtoT2DzX -m nft46 -minisign -VP RWSpLTPfbvllNqRrXUgZzM7mFjLUA7PQioAItz80ag8uU4A2wtoT2DzX -m ip46tables -minisign -VP RWSpLTPfbvllNqRrXUgZzM7mFjLUA7PQioAItz80ag8uU4A2wtoT2DzX -m reaction -# or -minisign -VP RWSpLTPfbvllNqRrXUgZzM7mFjLUA7PQioAItz80ag8uU4A2wtoT2DzX -m reaction.deb -``` - -#### Debian - -The releases also contain a `reaction*.deb` file, which packages reaction & ip46tables. -You can install it using `sudo apt install ./reaction*.deb`. -You'll have to create a configuration at `/etc/reaction.jsonnet`. - -If you want to use another configuration format (YAML or JSON), you can override systemd's `ExecStart` command in `/etc/systemd/system/reaction.service` like this: -```systemd -[Service] -# First an empty directive to reset the default one -ExecStart= -# Then put what you want -ExecStart=/usr/bin/reaction start -c /etc/reaction.yml -``` +> Provided binaries are compiled by running `nix-shell release.py` on a NixOS machine with docker installed. #### NixOS -[not yet upstreamed **module**](https://framagit.org/ppom/nixos/-/blob/main/modules/common/reaction.nix) +reaction is packaged, but the [**module**](https://framagit.org/ppom/nixos/-/blob/main/modules/common/reaction.nix) has not yet been upstreamed. #### OpenBSD diff --git a/config/reaction.service b/config/reaction.service new file mode 100644 index 0000000..9265118 --- /dev/null +++ b/config/reaction.service @@ -0,0 +1,20 @@ +# vim: ft=systemd +[Unit] +Description=A daemon that scans program outputs for repeated patterns, and takes action. +Documentation=https://reaction.ppom.me +# Ensure reaction will insert its chain after docker has inserted theirs. Only useful when iptables & docker are used +# After=docker.service + +# See `man systemd.exec` and `man systemd.service` for most options below +[Service] +ExecStart=/usr/local/bin/reaction start -c /etc/reaction.jsonnet + +# Ask systemd to create /var/lib/reaction (/var/lib/ is implicit) +StateDirectory=reaction +# Ask systemd to create /run/reaction at runtime (/run/ is implicit) +RuntimeDirectory=reaction +# Start reaction in its state directory +WorkingDirectory=/var/lib/reaction + +[Install] +WantedBy=multi-user.target diff --git a/debian/changelog b/debian/changelog deleted file mode 100644 index 30b1af6..0000000 --- a/debian/changelog +++ /dev/null @@ -1,17 +0,0 @@ -reaction (1.4.1-1) stable; urgency=low - - * New upstream release. - - -- ppom Sat, 08 Jun 2024 20:27:11 +0000 - -reaction (1.4.0-1) stable; urgency=low - - * New upstream release. - - -- ppom Wed, 29 May 2024 11:37:16 +0000 - -reaction (1.3.1-1) stable; urgency=low - - * Initial release. - - -- ppom Sat, 06 Apr 2024 18:59:13 +0000 diff --git a/debian/control b/debian/control deleted file mode 100644 index 72ff04f..0000000 --- a/debian/control +++ /dev/null @@ -1,23 +0,0 @@ -Source: reaction -Maintainer: Luc Didry -Section: utils -Priority: optional -Standards-Version: 4.6.2 -Build-Depends: debhelper-compat (= 13) -Homepage: https://framagit.org/ppom/reaction - -Package: reaction -Architecture: any -Package-Type: deb -Depends: ${shlibs:Depends}, ${misc:Depends} -Description: daemon that scans program outputs for patterns, and takes action - A common use of reaction is to scan ssh and web server logs, - and ban hosts that cause multiple authentication errors. - reaction doesn't have all the features of the honorable fail2ban, - but it's ~10x faster and easier to configure. -Tag: admin::automation, admin::logging, admin::monitoring, - interface::commandline, interface::daemon, - network::firewall, protocol::ip, role::program, - security::authentication, security::firewall, security::ids, - security::log-analyzer, use::login, use::monitor, - works-with-format::plaintext, works-with::logfile, works-with::text diff --git a/debian/copyright b/debian/copyright deleted file mode 100644 index 1c5746b..0000000 --- a/debian/copyright +++ /dev/null @@ -1,678 +0,0 @@ -Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -Source: https://framagit.org/ppom/reaction -Upstream-Name: reaction -Upstream-Contact: ppom -License: AGPL-3 - -Files: - * -Copyright: 2023 ppom -License: AGPL-3 - -Files: - debian/* -Copyright: 2024 Luc Didry -License: AGPL-3 - -License: AGPL-3 - GNU AFFERO GENERAL PUBLIC LICENSE - Version 3, 19 November 2007 - . - Copyright (C) 2007 Free Software Foundation, Inc. - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - . - Preamble - . - The GNU Affero General Public License is a free, copyleft license for - software and other kinds of works, specifically designed to ensure - cooperation with the community in the case of network server software. - . - The licenses for most software and other practical works are designed - to take away your freedom to share and change the works. By contrast, - our General Public Licenses are intended to guarantee your freedom to - share and change all versions of a program--to make sure it remains free - software for all its users. - . - When we speak of free software, we are referring to freedom, not - price. Our General Public Licenses are designed to make sure that you - have the freedom to distribute copies of free software (and charge for - them if you wish), that you receive source code or can get it if you - want it, that you can change the software or use pieces of it in new - free programs, and that you know you can do these things. - . - Developers that use our General Public Licenses protect your rights - with two steps: (1) assert copyright on the software, and (2) offer - you this License which gives you legal permission to copy, distribute - and/or modify the software. - . - A secondary benefit of defending all users' freedom is that - improvements made in alternate versions of the program, if they - receive widespread use, become available for other developers to - incorporate. Many developers of free software are heartened and - encouraged by the resulting cooperation. However, in the case of - software used on network servers, this result may fail to come about. - The GNU General Public License permits making a modified version and - letting the public access it on a server without ever releasing its - source code to the public. - . - The GNU Affero General Public License is designed specifically to - ensure that, in such cases, the modified source code becomes available - to the community. It requires the operator of a network server to - provide the source code of the modified version running there to the - users of that server. Therefore, public use of a modified version, on - a publicly accessible server, gives the public access to the source - code of the modified version. - . - An older license, called the Affero General Public License and - published by Affero, was designed to accomplish similar goals. This is - a different license, not a version of the Affero GPL, but Affero has - released a new version of the Affero GPL which permits relicensing under - this license. - . - The precise terms and conditions for copying, distribution and - modification follow. - . - TERMS AND CONDITIONS - . - 0. Definitions. - . - "This License" refers to version 3 of the GNU Affero General Public License. - . - "Copyright" also means copyright-like laws that apply to other kinds of - works, such as semiconductor masks. - . - "The Program" refers to any copyrightable work licensed under this - License. Each licensee is addressed as "you". "Licensees" and - "recipients" may be individuals or organizations. - . - To "modify" a work means to copy from or adapt all or part of the work - in a fashion requiring copyright permission, other than the making of an - exact copy. The resulting work is called a "modified version" of the - earlier work or a work "based on" the earlier work. - . - A "covered work" means either the unmodified Program or a work based - on the Program. - . - To "propagate" a work means to do anything with it that, without - permission, would make you directly or secondarily liable for - infringement under applicable copyright law, except executing it on a - computer or modifying a private copy. Propagation includes copying, - distribution (with or without modification), making available to the - public, and in some countries other activities as well. - . - To "convey" a work means any kind of propagation that enables other - parties to make or receive copies. Mere interaction with a user through - a computer network, with no transfer of a copy, is not conveying. - . - An interactive user interface displays "Appropriate Legal Notices" - to the extent that it includes a convenient and prominently visible - feature that (1) displays an appropriate copyright notice, and (2) - tells the user that there is no warranty for the work (except to the - extent that warranties are provided), that licensees may convey the - work under this License, and how to view a copy of this License. If - the interface presents a list of user commands or options, such as a - menu, a prominent item in the list meets this criterion. - . - 1. Source Code. - . - The "source code" for a work means the preferred form of the work - for making modifications to it. "Object code" means any non-source - form of a work. - . - A "Standard Interface" means an interface that either is an official - standard defined by a recognized standards body, or, in the case of - interfaces specified for a particular programming language, one that - is widely used among developers working in that language. - . - The "System Libraries" of an executable work include anything, other - than the work as a whole, that (a) is included in the normal form of - packaging a Major Component, but which is not part of that Major - Component, and (b) serves only to enable use of the work with that - Major Component, or to implement a Standard Interface for which an - implementation is available to the public in source code form. A - "Major Component", in this context, means a major essential component - (kernel, window system, and so on) of the specific operating system - (if any) on which the executable work runs, or a compiler used to - produce the work, or an object code interpreter used to run it. - . - The "Corresponding Source" for a work in object code form means all - the source code needed to generate, install, and (for an executable - work) run the object code and to modify the work, including scripts to - control those activities. However, it does not include the work's - System Libraries, or general-purpose tools or generally available free - programs which are used unmodified in performing those activities but - which are not part of the work. For example, Corresponding Source - includes interface definition files associated with source files for - the work, and the source code for shared libraries and dynamically - linked subprograms that the work is specifically designed to require, - such as by intimate data communication or control flow between those - subprograms and other parts of the work. - . - The Corresponding Source need not include anything that users - can regenerate automatically from other parts of the Corresponding - Source. - . - The Corresponding Source for a work in source code form is that - same work. - . - 2. Basic Permissions. - . - All rights granted under this License are granted for the term of - copyright on the Program, and are irrevocable provided the stated - conditions are met. This License explicitly affirms your unlimited - permission to run the unmodified Program. The output from running a - covered work is covered by this License only if the output, given its - content, constitutes a covered work. This License acknowledges your - rights of fair use or other equivalent, as provided by copyright law. - . - You may make, run and propagate covered works that you do not - convey, without conditions so long as your license otherwise remains - in force. You may convey covered works to others for the sole purpose - of having them make modifications exclusively for you, or provide you - with facilities for running those works, provided that you comply with - the terms of this License in conveying all material for which you do - not control copyright. Those thus making or running the covered works - for you must do so exclusively on your behalf, under your direction - and control, on terms that prohibit them from making any copies of - your copyrighted material outside their relationship with you. - . - Conveying under any other circumstances is permitted solely under - the conditions stated below. Sublicensing is not allowed; section 10 - makes it unnecessary. - . - 3. Protecting Users' Legal Rights From Anti-Circumvention Law. - . - No covered work shall be deemed part of an effective technological - measure under any applicable law fulfilling obligations under article - 11 of the WIPO copyright treaty adopted on 20 December 1996, or - similar laws prohibiting or restricting circumvention of such - measures. - . - When you convey a covered work, you waive any legal power to forbid - circumvention of technological measures to the extent such circumvention - is effected by exercising rights under this License with respect to - the covered work, and you disclaim any intention to limit operation or - modification of the work as a means of enforcing, against the work's - users, your or third parties' legal rights to forbid circumvention of - technological measures. - . - 4. Conveying Verbatim Copies. - . - You may convey verbatim copies of the Program's source code as you - receive it, in any medium, provided that you conspicuously and - appropriately publish on each copy an appropriate copyright notice; - keep intact all notices stating that this License and any - non-permissive terms added in accord with section 7 apply to the code; - keep intact all notices of the absence of any warranty; and give all - recipients a copy of this License along with the Program. - . - You may charge any price or no price for each copy that you convey, - and you may offer support or warranty protection for a fee. - . - 5. Conveying Modified Source Versions. - . - You may convey a work based on the Program, or the modifications to - produce it from the Program, in the form of source code under the - terms of section 4, provided that you also meet all of these conditions: - . - a) The work must carry prominent notices stating that you modified - it, and giving a relevant date. - . - b) The work must carry prominent notices stating that it is - released under this License and any conditions added under section - 7. This requirement modifies the requirement in section 4 to - "keep intact all notices". - . - c) You must license the entire work, as a whole, under this - License to anyone who comes into possession of a copy. This - License will therefore apply, along with any applicable section 7 - additional terms, to the whole of the work, and all its parts, - regardless of how they are packaged. This License gives no - permission to license the work in any other way, but it does not - invalidate such permission if you have separately received it. - . - d) If the work has interactive user interfaces, each must display - Appropriate Legal Notices; however, if the Program has interactive - interfaces that do not display Appropriate Legal Notices, your - work need not make them do so. - . - A compilation of a covered work with other separate and independent - works, which are not by their nature extensions of the covered work, - and which are not combined with it such as to form a larger program, - in or on a volume of a storage or distribution medium, is called an - "aggregate" if the compilation and its resulting copyright are not - used to limit the access or legal rights of the compilation's users - beyond what the individual works permit. Inclusion of a covered work - in an aggregate does not cause this License to apply to the other - parts of the aggregate. - . - 6. Conveying Non-Source Forms. - . - You may convey a covered work in object code form under the terms - of sections 4 and 5, provided that you also convey the - machine-readable Corresponding Source under the terms of this License, - in one of these ways: - . - a) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by the - Corresponding Source fixed on a durable physical medium - customarily used for software interchange. - . - b) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by a - written offer, valid for at least three years and valid for as - long as you offer spare parts or customer support for that product - model, to give anyone who possesses the object code either (1) a - copy of the Corresponding Source for all the software in the - product that is covered by this License, on a durable physical - medium customarily used for software interchange, for a price no - more than your reasonable cost of physically performing this - conveying of source, or (2) access to copy the - Corresponding Source from a network server at no charge. - . - c) Convey individual copies of the object code with a copy of the - written offer to provide the Corresponding Source. This - alternative is allowed only occasionally and noncommercially, and - only if you received the object code with such an offer, in accord - with subsection 6b. - . - d) Convey the object code by offering access from a designated - place (gratis or for a charge), and offer equivalent access to the - Corresponding Source in the same way through the same place at no - further charge. You need not require recipients to copy the - Corresponding Source along with the object code. If the place to - copy the object code is a network server, the Corresponding Source - may be on a different server (operated by you or a third party) - that supports equivalent copying facilities, provided you maintain - clear directions next to the object code saying where to find the - Corresponding Source. Regardless of what server hosts the - Corresponding Source, you remain obligated to ensure that it is - available for as long as needed to satisfy these requirements. - . - e) Convey the object code using peer-to-peer transmission, provided - you inform other peers where the object code and Corresponding - Source of the work are being offered to the general public at no - charge under subsection 6d. - . - A separable portion of the object code, whose source code is excluded - from the Corresponding Source as a System Library, need not be - included in conveying the object code work. - . - A "User Product" is either (1) a "consumer product", which means any - tangible personal property which is normally used for personal, family, - or household purposes, or (2) anything designed or sold for incorporation - into a dwelling. In determining whether a product is a consumer product, - doubtful cases shall be resolved in favor of coverage. For a particular - product received by a particular user, "normally used" refers to a - typical or common use of that class of product, regardless of the status - of the particular user or of the way in which the particular user - actually uses, or expects or is expected to use, the product. A product - is a consumer product regardless of whether the product has substantial - commercial, industrial or non-consumer uses, unless such uses represent - the only significant mode of use of the product. - . - "Installation Information" for a User Product means any methods, - procedures, authorization keys, or other information required to install - and execute modified versions of a covered work in that User Product from - a modified version of its Corresponding Source. The information must - suffice to ensure that the continued functioning of the modified object - code is in no case prevented or interfered with solely because - modification has been made. - . - If you convey an object code work under this section in, or with, or - specifically for use in, a User Product, and the conveying occurs as - part of a transaction in which the right of possession and use of the - User Product is transferred to the recipient in perpetuity or for a - fixed term (regardless of how the transaction is characterized), the - Corresponding Source conveyed under this section must be accompanied - by the Installation Information. But this requirement does not apply - if neither you nor any third party retains the ability to install - modified object code on the User Product (for example, the work has - been installed in ROM). - . - The requirement to provide Installation Information does not include a - requirement to continue to provide support service, warranty, or updates - for a work that has been modified or installed by the recipient, or for - the User Product in which it has been modified or installed. Access to a - network may be denied when the modification itself materially and - adversely affects the operation of the network or violates the rules and - protocols for communication across the network. - . - Corresponding Source conveyed, and Installation Information provided, - in accord with this section must be in a format that is publicly - documented (and with an implementation available to the public in - source code form), and must require no special password or key for - unpacking, reading or copying. - . - 7. Additional Terms. - . - "Additional permissions" are terms that supplement the terms of this - License by making exceptions from one or more of its conditions. - Additional permissions that are applicable to the entire Program shall - be treated as though they were included in this License, to the extent - that they are valid under applicable law. If additional permissions - apply only to part of the Program, that part may be used separately - under those permissions, but the entire Program remains governed by - this License without regard to the additional permissions. - . - When you convey a copy of a covered work, you may at your option - remove any additional permissions from that copy, or from any part of - it. (Additional permissions may be written to require their own - removal in certain cases when you modify the work.) You may place - additional permissions on material, added by you to a covered work, - for which you have or can give appropriate copyright permission. - . - Notwithstanding any other provision of this License, for material you - add to a covered work, you may (if authorized by the copyright holders of - that material) supplement the terms of this License with terms: - . - a) Disclaiming warranty or limiting liability differently from the - terms of sections 15 and 16 of this License; or - . - b) Requiring preservation of specified reasonable legal notices or - author attributions in that material or in the Appropriate Legal - Notices displayed by works containing it; or - . - c) Prohibiting misrepresentation of the origin of that material, or - requiring that modified versions of such material be marked in - reasonable ways as different from the original version; or - . - d) Limiting the use for publicity purposes of names of licensors or - authors of the material; or - . - e) Declining to grant rights under trademark law for use of some - trade names, trademarks, or service marks; or - . - f) Requiring indemnification of licensors and authors of that - material by anyone who conveys the material (or modified versions of - it) with contractual assumptions of liability to the recipient, for - any liability that these contractual assumptions directly impose on - those licensors and authors. - . - All other non-permissive additional terms are considered "further - restrictions" within the meaning of section 10. If the Program as you - received it, or any part of it, contains a notice stating that it is - governed by this License along with a term that is a further - restriction, you may remove that term. If a license document contains - a further restriction but permits relicensing or conveying under this - License, you may add to a covered work material governed by the terms - of that license document, provided that the further restriction does - not survive such relicensing or conveying. - . - If you add terms to a covered work in accord with this section, you - must place, in the relevant source files, a statement of the - additional terms that apply to those files, or a notice indicating - where to find the applicable terms. - . - Additional terms, permissive or non-permissive, may be stated in the - form of a separately written license, or stated as exceptions; - the above requirements apply either way. - . - 8. Termination. - . - You may not propagate or modify a covered work except as expressly - provided under this License. Any attempt otherwise to propagate or - modify it is void, and will automatically terminate your rights under - this License (including any patent licenses granted under the third - paragraph of section 11). - . - However, if you cease all violation of this License, then your - license from a particular copyright holder is reinstated (a) - provisionally, unless and until the copyright holder explicitly and - finally terminates your license, and (b) permanently, if the copyright - holder fails to notify you of the violation by some reasonable means - prior to 60 days after the cessation. - . - Moreover, your license from a particular copyright holder is - reinstated permanently if the copyright holder notifies you of the - violation by some reasonable means, this is the first time you have - received notice of violation of this License (for any work) from that - copyright holder, and you cure the violation prior to 30 days after - your receipt of the notice. - . - Termination of your rights under this section does not terminate the - licenses of parties who have received copies or rights from you under - this License. If your rights have been terminated and not permanently - reinstated, you do not qualify to receive new licenses for the same - material under section 10. - . - 9. Acceptance Not Required for Having Copies. - . - You are not required to accept this License in order to receive or - run a copy of the Program. Ancillary propagation of a covered work - occurring solely as a consequence of using peer-to-peer transmission - to receive a copy likewise does not require acceptance. However, - nothing other than this License grants you permission to propagate or - modify any covered work. These actions infringe copyright if you do - not accept this License. Therefore, by modifying or propagating a - covered work, you indicate your acceptance of this License to do so. - . - 10. Automatic Licensing of Downstream Recipients. - . - Each time you convey a covered work, the recipient automatically - receives a license from the original licensors, to run, modify and - propagate that work, subject to this License. You are not responsible - for enforcing compliance by third parties with this License. - . - An "entity transaction" is a transaction transferring control of an - organization, or substantially all assets of one, or subdividing an - organization, or merging organizations. If propagation of a covered - work results from an entity transaction, each party to that - transaction who receives a copy of the work also receives whatever - licenses to the work the party's predecessor in interest had or could - give under the previous paragraph, plus a right to possession of the - Corresponding Source of the work from the predecessor in interest, if - the predecessor has it or can get it with reasonable efforts. - . - You may not impose any further restrictions on the exercise of the - rights granted or affirmed under this License. For example, you may - not impose a license fee, royalty, or other charge for exercise of - rights granted under this License, and you may not initiate litigation - (including a cross-claim or counterclaim in a lawsuit) alleging that - any patent claim is infringed by making, using, selling, offering for - sale, or importing the Program or any portion of it. - . - 11. Patents. - . - A "contributor" is a copyright holder who authorizes use under this - License of the Program or a work on which the Program is based. The - work thus licensed is called the contributor's "contributor version". - . - A contributor's "essential patent claims" are all patent claims - owned or controlled by the contributor, whether already acquired or - hereafter acquired, that would be infringed by some manner, permitted - by this License, of making, using, or selling its contributor version, - but do not include claims that would be infringed only as a - consequence of further modification of the contributor version. For - purposes of this definition, "control" includes the right to grant - patent sublicenses in a manner consistent with the requirements of - this License. - . - Each contributor grants you a non-exclusive, worldwide, royalty-free - patent license under the contributor's essential patent claims, to - make, use, sell, offer for sale, import and otherwise run, modify and - propagate the contents of its contributor version. - . - In the following three paragraphs, a "patent license" is any express - agreement or commitment, however denominated, not to enforce a patent - (such as an express permission to practice a patent or covenant not to - sue for patent infringement). To "grant" such a patent license to a - party means to make such an agreement or commitment not to enforce a - patent against the party. - . - If you convey a covered work, knowingly relying on a patent license, - and the Corresponding Source of the work is not available for anyone - to copy, free of charge and under the terms of this License, through a - publicly available network server or other readily accessible means, - then you must either (1) cause the Corresponding Source to be so - available, or (2) arrange to deprive yourself of the benefit of the - patent license for this particular work, or (3) arrange, in a manner - consistent with the requirements of this License, to extend the patent - license to downstream recipients. "Knowingly relying" means you have - actual knowledge that, but for the patent license, your conveying the - covered work in a country, or your recipient's use of the covered work - in a country, would infringe one or more identifiable patents in that - country that you have reason to believe are valid. - . - If, pursuant to or in connection with a single transaction or - arrangement, you convey, or propagate by procuring conveyance of, a - covered work, and grant a patent license to some of the parties - receiving the covered work authorizing them to use, propagate, modify - or convey a specific copy of the covered work, then the patent license - you grant is automatically extended to all recipients of the covered - work and works based on it. - . - A patent license is "discriminatory" if it does not include within - the scope of its coverage, prohibits the exercise of, or is - conditioned on the non-exercise of one or more of the rights that are - specifically granted under this License. You may not convey a covered - work if you are a party to an arrangement with a third party that is - in the business of distributing software, under which you make payment - to the third party based on the extent of your activity of conveying - the work, and under which the third party grants, to any of the - parties who would receive the covered work from you, a discriminatory - patent license (a) in connection with copies of the covered work - conveyed by you (or copies made from those copies), or (b) primarily - for and in connection with specific products or compilations that - contain the covered work, unless you entered into that arrangement, - or that patent license was granted, prior to 28 March 2007. - . - Nothing in this License shall be construed as excluding or limiting - any implied license or other defenses to infringement that may - otherwise be available to you under applicable patent law. - . - 12. No Surrender of Others' Freedom. - . - If conditions are imposed on you (whether by court order, agreement or - otherwise) that contradict the conditions of this License, they do not - excuse you from the conditions of this License. If you cannot convey a - covered work so as to satisfy simultaneously your obligations under this - License and any other pertinent obligations, then as a consequence you may - not convey it at all. For example, if you agree to terms that obligate you - to collect a royalty for further conveying from those to whom you convey - the Program, the only way you could satisfy both those terms and this - License would be to refrain entirely from conveying the Program. - . - 13. Remote Network Interaction; Use with the GNU General Public License. - . - Notwithstanding any other provision of this License, if you modify the - Program, your modified version must prominently offer all users - interacting with it remotely through a computer network (if your version - supports such interaction) an opportunity to receive the Corresponding - Source of your version by providing access to the Corresponding Source - from a network server at no charge, through some standard or customary - means of facilitating copying of software. This Corresponding Source - shall include the Corresponding Source for any work covered by version 3 - of the GNU General Public License that is incorporated pursuant to the - following paragraph. - . - Notwithstanding any other provision of this License, you have - permission to link or combine any covered work with a work licensed - under version 3 of the GNU General Public License into a single - combined work, and to convey the resulting work. The terms of this - License will continue to apply to the part which is the covered work, - but the work with which it is combined will remain governed by version - 3 of the GNU General Public License. - . - 14. Revised Versions of this License. - . - The Free Software Foundation may publish revised and/or new versions of - the GNU Affero General Public License from time to time. Such new versions - will be similar in spirit to the present version, but may differ in detail to - address new problems or concerns. - . - Each version is given a distinguishing version number. If the - Program specifies that a certain numbered version of the GNU Affero General - Public License "or any later version" applies to it, you have the - option of following the terms and conditions either of that numbered - version or of any later version published by the Free Software - Foundation. If the Program does not specify a version number of the - GNU Affero General Public License, you may choose any version ever published - by the Free Software Foundation. - . - If the Program specifies that a proxy can decide which future - versions of the GNU Affero General Public License can be used, that proxy's - public statement of acceptance of a version permanently authorizes you - to choose that version for the Program. - . - Later license versions may give you additional or different - permissions. However, no additional obligations are imposed on any - author or copyright holder as a result of your choosing to follow a - later version. - . - 15. Disclaimer of Warranty. - . - THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY - APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT - HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY - OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, - THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM - IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF - ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - . - 16. Limitation of Liability. - . - IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING - WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS - THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY - GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE - USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF - DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD - PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), - EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF - SUCH DAMAGES. - . - 17. Interpretation of Sections 15 and 16. - . - If the disclaimer of warranty and limitation of liability provided - above cannot be given local legal effect according to their terms, - reviewing courts shall apply local law that most closely approximates - an absolute waiver of all civil liability in connection with the - Program, unless a warranty or assumption of liability accompanies a - copy of the Program in return for a fee. - . - END OF TERMS AND CONDITIONS - . - How to Apply These Terms to Your New Programs - . - If you develop a new program, and you want it to be of the greatest - possible use to the public, the best way to achieve this is to make it - free software which everyone can redistribute and change under these terms. - . - To do so, attach the following notices to the program. It is safest - to attach them to the start of each source file to most effectively - state the exclusion of warranty; and each file should have at least - the "copyright" line and a pointer to where the full notice is found. - . - - Copyright (C) - . - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU Affero General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - . - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU Affero General Public License for more details. - . - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . - . - Also add information on how to contact you by electronic and paper mail. - . - If your software can interact with users remotely through a computer - network, you should also make sure that it provides a way for users to - get its source. For example, if your program is a web application, its - interface could display a "Source" link that leads users to an archive - of the code. There are many ways you could offer source, and different - solutions will be better for different programs; see section 13 for the - specific requirements. - . - You should also get your employer (if you work as a programmer) or school, - if any, to sign a "copyright disclaimer" for the program, if necessary. - For more information on this, and how to apply and follow the GNU AGPL, see - . diff --git a/debian/reaction.dirs b/debian/reaction.dirs deleted file mode 100644 index 60888a1..0000000 --- a/debian/reaction.dirs +++ /dev/null @@ -1,3 +0,0 @@ -usr/bin -usr/sbin -lib/systemd/system diff --git a/debian/reaction.lintian-overrides b/debian/reaction.lintian-overrides deleted file mode 100644 index 3a456a4..0000000 --- a/debian/reaction.lintian-overrides +++ /dev/null @@ -1 +0,0 @@ -reaction: initial-upload-closes-no-bugs diff --git a/debian/reaction@.service b/debian/reaction@.service deleted file mode 100644 index 488f562..0000000 --- a/debian/reaction@.service +++ /dev/null @@ -1,13 +0,0 @@ -# vim: ft=systemd -[Unit] -Description=A daemon that scans program outputs for repeated patterns, and takes action. -Documentation=https://framagit.org/ppom/reaction-wiki - -[Service] -ExecStart=/usr/bin/reaction start -c /etc/%i -StateDirectory=reaction -RuntimeDirectory=reaction -WorkingDirectory=/var/lib/reaction - -[Install] -WantedBy=multi-user.target diff --git a/debian/rules b/debian/rules deleted file mode 100755 index ad79dca..0000000 --- a/debian/rules +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/make -f -%: - dh $@ - -override_dh_auto_install: - install -m755 reaction $$(pwd)/debian/reaction/usr/bin - install -m755 nft46 $$(pwd)/debian/reaction/usr/sbin - install -m755 ip46tables $$(pwd)/debian/reaction/usr/sbin diff --git a/debian/source/format b/debian/source/format deleted file mode 100644 index 163aaf8..0000000 --- a/debian/source/format +++ /dev/null @@ -1 +0,0 @@ -3.0 (quilt) diff --git a/packaging/Makefile b/packaging/Makefile new file mode 100644 index 0000000..259e393 --- /dev/null +++ b/packaging/Makefile @@ -0,0 +1,22 @@ +PREFIX ?= /usr/local +BINDIR = $(PREFIX)/bin +MANDIR = $(PREFIX)/share/man/man1 +SYSTEMDDIR ?= /etc/systemd + +install: + install -m755 reaction nft46 ip46tables $(DESTDIR)$(BINDIR) + install -m644 reaction*.1 $(DESTDIR)$(MANDIR)/man/man1/ + install -m644 reaction.bash $(DESTDIR)/share/bash-completion/completions/reaction + install -m644 reaction.fish $(DESTDIR)/share/fish/completions/ + install -m644 _reaction $(DESTDIR)/share/zsh/vendor-completions/ + install -m644 reaction.service $(SYSTEMDDIR)/system/reaction.service + +remove: + rm -f $(DESTDIR)$(BINDIR)/bin/reaction + rm -f $(DESTDIR)$(BINDIR)/bin/nft46 + rm -f $(DESTDIR)$(BINDIR)/bin/ip46tables + rm -f $(DESTDIR)$(MANDIR)/man/man1/reaction*.1 + rm -f $(DESTDIR)/share/bash-completion/completions/reaction + rm -f $(DESTDIR)/share/fish/completions/ + rm -f $(DESTDIR)/share/zsh/vendor-completions/ + rm -f $(SYSTEMDDIR)/system/reaction.service diff --git a/config/reaction.example.service b/packaging/reaction@.service similarity index 91% rename from config/reaction.example.service rename to packaging/reaction@.service index 22eed48..729b95b 100644 --- a/config/reaction.example.service +++ b/packaging/reaction@.service @@ -2,15 +2,12 @@ [Unit] Description=A daemon that scans program outputs for repeated patterns, and takes action. Documentation=https://reaction.ppom.me - -[Install] -WantedBy=multi-user.target # Ensure reaction will insert its chain after docker has inserted theirs. Only useful when iptables & docker are used # After=docker.service # See `man systemd.exec` and `man systemd.service` for most options below [Service] -ExecStart=/usr/bin/reaction start -c /etc/reaction.jsonnet +ExecStart=/usr/bin/reaction start -c /etc/%i # Ask systemd to create /var/lib/reaction (/var/lib/ is implicit) StateDirectory=reaction @@ -18,3 +15,6 @@ StateDirectory=reaction RuntimeDirectory=reaction # Start reaction in its state directory WorkingDirectory=/var/lib/reaction + +[Install] +WantedBy=multi-user.target diff --git a/release.py b/release.py index da6267a..a7c27a1 100644 --- a/release.py +++ b/release.py @@ -4,24 +4,25 @@ import http.client import json import os import subprocess +import shutil import sys import tempfile -def quit_if(cmd): - if cmd.returncode != 0: - print(f"{' '.join(cmd.args)} failed with exit code {cmd.returncode}") - sys.exit(1) -def add_path(files, architecture): - return [ - (f"./target/{architecture}/release/{file[0]}", file[1], file[2], file[3]) - for file in files - ] +def run_command(args, **kwargs): + print(f"\033[36mCMD: {args}\033[0m") + cmd = subprocess.run(args, **kwargs) + if cmd.returncode != 0: + print(f"\033[31mCMD failed with exit code {cmd.returncode}\033[0m") + sys.exit(1) + return cmd + def main(): # Git tag - cmd = subprocess.run(["git", "tag", "--sort=v:refname"], capture_output=True, text=True) - quit_if(cmd) + cmd = run_command( + ["git", "tag", "--sort=v:refname"], capture_output=True, text=True + ) tag = "" try: tag = cmd.stdout.strip().split("\n")[-1] @@ -32,158 +33,199 @@ def main(): sys.exit(1) # Ask user - if input(f"We will create a release for tag {tag}. Do you want to continue? (y/n) ") != "y": - print("exiting.") - sys.exit(1) + # if input(f"We will create a release for tag {tag}. Do you want to continue? (y/n) ") != "y": + # print("exiting.") + # sys.exit(1) # Git push - # cmd = subprocess.run(["git", "push", "--tags"]) - # quit_if(cmd) + # run_command(["git", "push", "--tags"]) + # Minisign password cmd = subprocess.run(["rbw", "get", "minisign"], capture_output=True, text=True) - quit_if(cmd) minisign_password = cmd.stdout + # Create directory + run_command( + [ + "ssh", + "akesi", + # "-J", "pica01", + "mkdir", + "-p", + f"/var/www/static/reaction/releases/{tag}/", + ] + ) + + architectures = { + "x86_64-unknown-linux-musl": "amd64", + "aarch64-unknown-linux-musl": "arm64", + } + + root_dir = os.getcwd() + all_files = [] - architectures = [ - "x86_64-unknown-linux-gnu", - # "x86_64-unknown-openbsd", # not supported by cross - "armv7-unknown-linux-gnueabihf", + instructions = [ + "## Changes", + """ +## Instructions + +You'll need to install minisign to check the authenticity of the package. + +After installing reaction, create your configuration file at +`/etc/reaction.json`, `/etc/reaction.jsonnet` or `/etc/reaction.yml`. +See for documentation. + +Reload systemd: +```bash +$ sudo systemctl daemon-reload +``` + +Then enable and start reaction with this command +```bash +# replace `reaction.jsonnet` with the name of your configuration file in /etc/ +$ sudo systemctl enable --now reaction@reaction.jsonnet.service +``` +""".strip(), ] - for architecture in architectures: + for architecture in architectures.keys(): + # Cargo clean + run_command(["cargo", "clean"]) # Install toolchain - cmd = subprocess.run([ - "rustup", "toolchain", "install", "stable", - "-t", architecture, - "--profile", "minimal"]) - quit_if(cmd) + run_command( + [ + "rustup", + "toolchain", + "install", + f"stable-{architecture}", + "--force-non-host", # I know, I know! + "--profile", + "minimal", + ] + ) # Build - cmd = subprocess.run([ - "cross", "build", "--release", "--target", architecture - ]) - quit_if(cmd) + run_command(["cross", "build", "--release", "--target", architecture]) - # File lists - binary_files = [ - ("reaction", architecture, f"reaction ({architecture})", "package"), - ("nft46", architecture, f"nft46 ({architecture})", "package"), - ("ip46tables", architecture, f"ip46tables ({architecture})", "package"), - # (f"reaction_{tag}-1_amd64.deb", architecture, f"reaction.deb ({architecture})", "package") + # Build .deb + cmd = run_command( + ["cargo-deb", f"--target={architecture}", "--no-build", "--no-strip"] + ) + + deb_dir = os.path.join("./target", architecture, "debian") + deb_name = [f for f in os.listdir(deb_dir) if f.endswith(".deb")][0] + deb_path = os.path.join(deb_dir, deb_name) + + # Archive + files_path = os.path.join("./target", architecture, "release") + pkg_name = f"reaction-{tag}-{architectures[architecture]}" + tar_name = f"{pkg_name}.tar.gz" + tar_path = os.path.join(files_path, tar_name) + + os.chdir(files_path) + try: + os.mkdir(pkg_name) + except FileExistsError: + pass + + files = [ + # Binaries + "reaction", + "nft46", + "ip46tables", + # Shell completion + "reaction.bash", + "reaction.fish", + "_reaction", + # Man pages + "reaction.1", + "reaction-flush.1", + "reaction-show.1", + "reaction-start.1", + "reaction-test-regex.1", ] + for file in files: + shutil.copy(file, pkg_name) - sig_files = [ - (f"{file[0]}.minisig", architecture, f"{file[0]}.minisig ({architecture})", "other") - for file - in binary_files - ] + makefile = os.path.join(root_dir, "packaging", "Makefile") + shutil.copy(makefile, pkg_name) - binary_files = add_path(binary_files, architecture) - sig_files = add_path(sig_files, architecture) + systemd = os.path.join(root_dir, "config", "reaction.service") + shutil.copy(systemd, pkg_name) + + run_command(["tar", "czf", tar_name, pkg_name]) + + os.chdir(root_dir) # Sign - cmd = subprocess.run( - ["minisign", "-Sm"] - + [ file[0] for file in binary_files ], - text=True, - input=minisign_password + run_command( + ["minisign", "-Sm", deb_path, tar_path], text=True, input=minisign_password ) - quit_if(cmd) - - # Create directory - cmd = subprocess.run([ - "ssh", "akesi", - "-J", "pica01", - "mkdir", "-p", f"/var/www/static/reaction/releases/{tag}/{architecture}/" - ]) - quit_if(cmd) + deb_sig = f"{deb_path}.minisig" + tar_sig = f"{tar_path}.minisig" # Push - cmd = subprocess.run([ - "rsync", - "-avze", "ssh -J pica01", ] - + [ file[0] for file in binary_files + sig_files ] - + [ f"akesi:/var/www/static/reaction/releases/{tag}/{architecture}/" - ]) - quit_if(cmd) - - all_files.extend(binary_files) - all_files.extend(sig_files) - - # Copy only one time the text files, which are architecture-independant - if architecture == architectures[-1]: - text_files = [ - ("reaction.bash", "", "bash completion file", "other"), - ("reaction.fish", "", "fish completion file", "other"), - ("_reaction", "", "zsh completion file", "other"), - ("reaction.1", False, False, False), - ("reaction-flush.1", False, False, False), - ("reaction-show.1", False, False, False), - ("reaction-start.1", False, False, False), - ("reaction-test-regex.1", False, False, False), - ] - text_files = add_path(text_files, architecture) - all_files.extend(text_files) - - cmd = subprocess.run([ + run_command( + [ "rsync", - "-avze", "ssh -J pica01" ] - + [ file[0] for file in text_files ] - + [ f"akesi:/var/www/static/reaction/releases/{tag}/" - ]) - quit_if(cmd) + "-az", # "-e", "ssh -J pica01", + tar_path, + tar_sig, + deb_path, + deb_sig, + f"akesi:/var/www/static/reaction/releases/{tag}/", + ] + ) + all_files.extend([tar_path, tar_sig, deb_path, deb_sig]) + + # Instructions + + instructions.append( + f""" +## Tar installation ({architectures[architecture]} linux) + +```bash +curl -O https://static.ppom.me/reaction/releases/{tag}/{tar_name} \\ + -O https://static.ppom.me/reaction/releases/{tag}/{tar_name}.minisig \\ + && minisign -VP RWSpLTPfbvllNqRrXUgZzM7mFjLUA7PQioAItz80ag8uU4A2wtoT2DzX -m {tar_name} \\ + && rm {tar_name}.minisig \\ + && cd {tar_name} \\ + && sudo make install +``` + """.strip() + ) + + instructions.append( + f""" +## Debian installation ({architectures[architecture]} linux) + +```bash +curl -O https://static.ppom.me/reaction/releases/{tag}/{deb_name} \\ + -O https://static.ppom.me/reaction/releases/{tag}/{deb_name}.minisig \\ + && minisign -VP RWSpLTPfbvllNqRrXUgZzM7mFjLUA7PQioAItz80ag8uU4A2wtoT2DzX -m {deb_name} \\ + && rm {deb_name}.minisig \\ + && sudo apt install ./{deb_name} +``` + """.strip() + ) # Release - - cmd = subprocess.run(["rbw", "get", "framagit.org", "token"], capture_output=True, text=True) - quit_if(cmd) + cmd = run_command( + ["rbw", "get", "framagit.org", "token"], capture_output=True, text=True + ) token = cmd.stdout.strip() if token == "": print("Could not retrieve token") sys.exit(1) - description = f""" -## Changes - -## Direct download - -```bash -wget https://static.ppom.me/reaction/releases/{architectures[0][0]}/{tag}/nft46 \\ - https://static.ppom.me/reaction/releases/{architectures[0][0]}/{tag}/reaction \\ - https://static.ppom.me/reaction/releases/{architectures[0][0]}/{tag}/ip46tables \\ - https://static.ppom.me/reaction/releases/{architectures[0][0]}/{tag}/nft46.minisig \\ - https://static.ppom.me/reaction/releases/{architectures[0][0]}/{tag}/reaction.minisig \\ - https://static.ppom.me/reaction/releases/{architectures[0][0]}/{tag}/ip46tables.minisig -for i in nft46 ip46tables reaction -do - minisign -VP RWSpLTPfbvllNqRrXUgZzM7mFjLUA7PQioAItz80ag8uU4A2wtoT2DzX -m $i && rm $i.minisig -done -``` - - -``` -""" - # Make user edit the description tmpdir = tempfile.TemporaryDirectory() desc_path = tmpdir.name + "/description.md" with open(desc_path, "w+") as desc_file: - desc_file.write(description) - cmd = subprocess.run(["vi", desc_path]) - quit_if(cmd) + desc_file.write("\n\n".join(instructions)) + run_command(["vi", desc_path]) with open(desc_path) as desc_file: description = desc_file.read().strip() @@ -194,24 +236,27 @@ wget https://static.ppom.me/reaction/releases/{tag}/reaction_{tag}-1_amd64.deb \ sys.exit(1) # Construct JSON payload - files = [ file for file in all_files if file[2] != False ] + files = [os.path.basename(file) for file in all_files] data = { "tag_name": tag, "description": description, "assets": { "links": [ { - "url": "https://" + f"static.ppom.me/reaction/releases/{tag}/{file[1]}/{os.path.basename(file[0])}".replace("//", "/"), - "name": file[2], - "link_type": file[3], + "url": "https://" + + f"static.ppom.me/reaction/releases/{tag}/{os.path.basename(file)}".replace( + "//", "/" + ), + "name": file, + "link_type": "other" if file.endswith(".minisig") else "package", } - for file - in files + for file in files ] - } + }, } body = json.dumps(data) + print(body) # Send POST request headers = { @@ -225,7 +270,10 @@ wget https://static.ppom.me/reaction/releases/{tag}/reaction_{tag}-1_amd64.deb \ response = conn.getresponse() if response.status != 200: - print(f"sending message failed: status: {response.status}, reason: {response.reason}") + print( + f"sending message failed: status: {response.status}, reason: {response.reason}" + ) sys.exit(1) + main()