From 2b548ffb1124ab0d26f6841fcd312aa02ab41103 Mon Sep 17 00:00:00 2001 From: Luc Didry Date: Fri, 12 Jan 2024 14:45:31 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=93=A6=F0=9F=91=B7=20=E2=80=94=20Build=20?= =?UTF-8?q?better=20deb=20package=20in=20release.sh=20+=20test=20building?= =?UTF-8?q?=20in=20CI?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitignore | 2 ++ .gitlab-ci.yml | 35 ++++++---------------------------- DEBIAN/control | 19 ------------------- DEBIAN/postinst | 50 ------------------------------------------------- DEBIAN/postrm | 40 --------------------------------------- DEBIAN/prerm | 6 ------ Makefile | 35 +++++++++++++++++++++------------- debian/control | 6 ++++-- debian/rules | 1 + release.sh | 10 +++++----- 10 files changed, 40 insertions(+), 164 deletions(-) delete mode 100644 DEBIAN/control delete mode 100755 DEBIAN/postinst delete mode 100755 DEBIAN/postrm delete mode 100755 DEBIAN/prerm diff --git a/.gitignore b/.gitignore index 206e6a0..0f1d2c6 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,5 @@ *.deb *.minisig *.qcow2 +debian-packaging/* +*.swp diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 73ed0b3..78d7601 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,38 +1,15 @@ --- -image: debian:bookworm +image: golang:1.20-bookworm stages: - - deb + - build variables: - DEBIAN_FRONTEND: noninteractive - DEBFULLNAME: Ppom - DEBEMAIL: reaction@ppom.me + DEBIAN_FRONTEND: noninteractive -make_deb: - stage: deb +test_building: + stage: build before_script: - - echo "deb http://deb.debian.org/debian bookworm-backports main" > /etc/apt/sources.list.d/backports.list - apt-get -qq -y update - apt-get -qq -y install build-essential devscripts debhelper quilt wget - - apt-get -qq -y install golang-go -t bookworm-backports script: - - mkdir debian-packaging public - - cd debian-packaging - - wget "https://framagit.org/ppom/reaction/-/archive/${CI_COMMIT_TAG}/reaction-${CI_COMMIT_TAG}.tar.gz" -O "reaction_${CI_COMMIT_TAG:1}.orig.tar.gz" - - tar xf "reaction_${CI_COMMIT_TAG:1}.orig.tar.gz" - - cp -r ../debian "reaction-${CI_COMMIT_TAG}" - - cd "reaction-${CI_COMMIT_TAG}" - - if [[ -e debian/changelog ]]; then - dch --package reaction --newversion "${CI_COMMIT_TAG:1}-1" "New upstream release."; - else - dch --create --package reaction --newversion "${CI_COMMIT_TAG:1}-1" "Initial release."; - fi - - dch --release --distribution stable --urgency low "" - - debuild -us -uc - - cp debian/changelog "../reaction_${CI_COMMIT_TAG:1}-1_amd64.deb" ../../public - artifacts: - expire_in: 1 week - paths: - - public - only: - - tags + - make reaction ip46tables nft46 diff --git a/DEBIAN/control b/DEBIAN/control deleted file mode 100644 index f7101f7..0000000 --- a/DEBIAN/control +++ /dev/null @@ -1,19 +0,0 @@ -Package: reaction -Version: LAST_TAG -Architecture: amd64 -Maintainer: ppom <> -Section: utils -Package-Type: deb -Priority: Optional -Homepage: https://framagit.org/ppom/reaction -Description: A daemon that scans program outputs for repeated patterns, and takes action - A common use of reaction is to scan ssh and web server logs, - and ban hosts that cause multiple authentication errors. - reaction doesn't have all the features of the honorable fail2ban, - but it's ~10x faster and easier to configure. -Tag: admin::automation, admin::logging, admin::monitoring, - interface::commandline, interface::daemon, - network::firewall, protocol::ip, role::program, - security::authentication, security::firewall, security::ids, - security::log-analyzer, use::login, use::monitor, - works-with-format::plaintext, works-with::logfile, works-with::text diff --git a/DEBIAN/postinst b/DEBIAN/postinst deleted file mode 100755 index e8f45ed..0000000 --- a/DEBIAN/postinst +++ /dev/null @@ -1,50 +0,0 @@ -#! /bin/sh -# postinst script for reaction -# -# see: dh_installdeb(1) - -set -e - -# summary of how this script can be called: -# * `configure' -# * `abort-upgrade' -# * `abort-remove' `in-favour' -# -# * `abort-deconfigure' `in-favour' -# `removing' -# -# for details, see http://www.debian.org/doc/debian-policy/ or -# the debian-policy package -# - -case "$1" in - configure|abort-upgrade|abort-remove|abort-deconfigure) - - ;; - - *) - echo "postinst called with unknown argument \`$1'" >&2 - exit 1 - ;; -esac - -# The following line should be removed in trixie or trixie+1 -deb-systemd-helper unmask 'reaction.service' >/dev/null || true - -# was-enabled defaults to true, so new installations run enable. -if deb-systemd-helper --quiet was-enabled 'reaction.service'; then - # Enables the unit on first installation, creates new - # symlinks on upgrades if the unit file has changed. - deb-systemd-helper enable 'reaction.service' >/dev/null || true -else - # Update the statefile to add new symlinks (if any), which need to be - # cleaned up on purge. Also remove old symlinks. - deb-systemd-helper update-state 'reaction.service' >/dev/null || true -fi - -if [ -d /run/systemd/system ]; then - systemctl --system daemon-reload >/dev/null || true -fi - - -exit 0 diff --git a/DEBIAN/postrm b/DEBIAN/postrm deleted file mode 100755 index 6319a3b..0000000 --- a/DEBIAN/postrm +++ /dev/null @@ -1,40 +0,0 @@ -#! /bin/sh -# postrm script for reaction -# -# see: dh_installdeb(1) - -set -e - -# summary of how this script can be called: -# * `remove' -# * `purge' -# * `upgrade' -# * `failed-upgrade' -# * `abort-install' -# * `abort-install' -# * `abort-upgrade' -# * `disappear' overwrit>r> -# for details, see /usr/doc/packaging-manual/ - - -case "$1" in - purge|disappear) - # Remove configuration - rm -f /etc/reaction.yml - # Remove database - rm -f /var/lib/reaction/* - ;; - remove|upgrade|failed-upgrade|abort-install|abort-upgrade) - # nothing - ;; -esac - -if [ "$1" = remove ] && [ -d /run/systemd/system ] ; then - systemctl --system daemon-reload >/dev/null || true -fi - -if [ "$1" = "purge" ]; then - if [ -x "/usr/bin/deb-systemd-helper" ]; then - deb-systemd-helper purge 'reaction.service' >/dev/null || true - fi -fi diff --git a/DEBIAN/prerm b/DEBIAN/prerm deleted file mode 100755 index 7e9504c..0000000 --- a/DEBIAN/prerm +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh -set -e - -if [ -z "${DPKG_ROOT:-}" ] && [ "$1" = remove ] && [ -d /run/systemd/system ] ; then - deb-systemd-invoke stop 'reaction.service' >/dev/null || true -fi diff --git a/Makefile b/Makefile index a1d4b20..68268f8 100644 --- a/Makefile +++ b/Makefile @@ -6,7 +6,7 @@ SYSTEMDDIR ?= /etc/systemd all: reaction ip46tables nft46 clean: - rm -f reaction ip46tables nft46 reaction.deb deb reaction.minisig ip46tables.minisig reaction.deb.minisig nft46.minisig + rm -f reaction ip46tables nft46 reaction*.deb debian-packaging reaction.minisig ip46tables.minisig nft46.minisig reaction*.deb.minisig ip46tables: helpers_c/ip46tables.c $(CC) -s -static helpers_c/ip46tables.c -o ip46tables @@ -17,19 +17,28 @@ nft46: helpers_c/nft46.c reaction: app/* reaction.go go.mod go.sum CGO_ENABLED=0 go build -buildvcs=false -ldflags "-s -X main.version=`git tag --sort=v:refname | tail -n1` -X main.commit=`git rev-parse --short HEAD`" -reaction.deb: reaction ip46tables nft46 - chmod +x reaction ip46tables nft46 - mkdir -p deb/reaction/usr/bin/ deb/reaction/usr/sbin/ deb/reaction/lib/systemd/system/ - cp reaction ip46tables nft46 deb/reaction/usr/bin/ - cp config/reaction.debian.service deb/reaction/lib/systemd/system/reaction.service - cp -r DEBIAN/ deb/reaction/DEBIAN - sed -e "s/LAST_TAG/`git tag --sort=v:refname | tail -n1`/" -e "s/Version: v/Version: /" -i deb/reaction/DEBIAN/* - cd deb && dpkg-deb --root-owner-group --build reaction - mv deb/reaction.deb reaction.deb - rm -rf deb/ +reaction_%-1_amd64.deb: + apt-get -qq -y update + apt-get -qq -y install build-essential devscripts debhelper quilt wget + if [ -e debian-packaging ]; then rm -rf debian-packaging; fi + mkdir debian-packaging + wget "https://framagit.org/ppom/reaction/-/archive/v${*}/reaction-v${*}.tar.gz" -O "debian-packaging/reaction_${*}.orig.tar.gz" + cd debian-packaging && tar xf "reaction_${*}.orig.tar.gz" + cp -r debian "debian-packaging/reaction-v${*}" + if [ -e "debian/changelog" ]; then \ + cd "debian-packaging/reaction-v${*}" && \ + DEBFULLNAME=Ppom DEBEMAIL=reaction@ppom.me dch --package reaction --newversion "${*}-1" "New upstream release."; \ + else \ + cd "debian-packaging/reaction-v${*}" && \ + DEBFULLNAME=Ppom DEBEMAIL=reaction@ppom.me dch --create --package reaction --newversion "${*}-1" "Initial release."; \ + fi + cd "debian-packaging/reaction-v${*}" && DEBFULLNAME=Ppom DEBEMAIL=reaction@ppom.me dch --release --distribution stable --urgency low "" + cd "debian-packaging/reaction-v${*}" && debuild --prepend-path=/go/bin:/usr/local/go/bin -us -uc + cp "debian-packaging/reaction-v${*}/debian/changelog" debian/ + cp "debian-packaging/reaction_${*}-1_amd64.deb" . -signatures: reaction.deb reaction ip46tables nft46 - minisign -Sm ip46tables nft46 reaction reaction.deb +signatures_%: reaction_%-1_amd64.deb reaction ip46tables nft46 + minisign -Sm nft46 ip46tables reaction reaction_${*}-1_amd64.deb install: all install -m755 reaction $(DESTDIR)$(BINDIR) diff --git a/debian/control b/debian/control index 2c1e900..72ff04f 100644 --- a/debian/control +++ b/debian/control @@ -1,12 +1,14 @@ Source: reaction Maintainer: Luc Didry -Section: misc +Section: utils Priority: optional Standards-Version: 4.6.2 -Build-Depends: debhelper-compat (= 13), golang-go (>= 2:1.21~) +Build-Depends: debhelper-compat (= 13) +Homepage: https://framagit.org/ppom/reaction Package: reaction Architecture: any +Package-Type: deb Depends: ${shlibs:Depends}, ${misc:Depends} Description: daemon that scans program outputs for patterns, and takes action A common use of reaction is to scan ssh and web server logs, diff --git a/debian/rules b/debian/rules index f17cfd5..ad79dca 100755 --- a/debian/rules +++ b/debian/rules @@ -4,4 +4,5 @@ override_dh_auto_install: install -m755 reaction $$(pwd)/debian/reaction/usr/bin + install -m755 nft46 $$(pwd)/debian/reaction/usr/sbin install -m755 ip46tables $$(pwd)/debian/reaction/usr/sbin diff --git a/release.sh b/release.sh index 286cd7b..04d82f3 100755 --- a/release.sh +++ b/release.sh @@ -4,13 +4,13 @@ set -exu git push --tags -docker run -it --rm -e HOME=/tmp/ -v "$(pwd)":/tmp/code -w /tmp/code -u "$(id -u)" golang:1.20 make reaction.deb - -make signatures - TAG="$(git tag --sort=v:refname | tail -n1)" -rsync -avz -e 'ssh -J pica01' ./ip46tables ./nft46 ./reaction ./reaction.deb ./nft46.minisig ./ip46tables.minisig ./reaction.minisig ./reaction.deb.minisig akesi:/var/www/static/reaction/releases/"$TAG" +docker run -it --rm -e HOME=/tmp/ -v "$(pwd)":/tmp/code -w /tmp/code debian:bookworm sh -c "make reaction_${TAG:1}-1_amd64.deb reaction ip46tables nft46" + +make "signatures_${TAG:1}" + +rsync -avz -e 'ssh -J pica01' ./ip46tables ./nft46 ./reaction ./reaction_${TAG:1}-1_amd64.deb ./nft46.minisig ./ip46tables.minisig ./reaction.minisig ./reaction_${TAG:1}-1_amd64.deb.minisig akesi:/var/www/static/reaction/releases/"$TAG" TOKEN="$(rbw get framagit.org token)"