From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 8EF079095C for ; Tue, 2 Apr 2024 19:17:03 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 5430BA891 for ; Tue, 2 Apr 2024 19:16:45 +0200 (CEST) Received: from lana.proxmox.com (unknown [94.136.29.99]) by firstgate.proxmox.com (Proxmox) with ESMTP for ; Tue, 2 Apr 2024 19:16:42 +0200 (CEST) Received: by lana.proxmox.com (Postfix, from userid 10043) id EB3872C3B98; Tue, 2 Apr 2024 19:16:31 +0200 (CEST) From: Stefan Hanreich To: pve-devel@lists.proxmox.com Date: Tue, 2 Apr 2024 19:16:25 +0200 Message-Id: <20240402171629.536804-34-s.hanreich@proxmox.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240402171629.536804-1-s.hanreich@proxmox.com> References: <20240402171629.536804-1-s.hanreich@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.316 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record Subject: [pve-devel] [PATCH proxmox-firewall 33/37] firewall: add files for debian packaging X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Apr 2024 17:17:03 -0000 Signed-off-by: Stefan Hanreich --- Makefile | 93 +++++++++++++++++++++++++++++++++ debian/changelog | 5 ++ debian/control | 31 +++++++++++ debian/copyright | 16 ++++++ debian/proxmox-firewall.service | 16 ++++++ debian/proxmox-firewall.timer | 11 ++++ debian/rules | 14 +++++ debian/source/format | 1 + defines.mk | 13 +++++ 9 files changed, 200 insertions(+) create mode 100644 Makefile create mode 100644 debian/changelog create mode 100644 debian/control create mode 100644 debian/copyright create mode 100644 debian/proxmox-firewall.service create mode 100644 debian/proxmox-firewall.timer create mode 100644 debian/rules create mode 100644 debian/source/format create mode 100644 defines.mk diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..984c318 --- /dev/null +++ b/Makefile @@ -0,0 +1,93 @@ +include /usr/share/dpkg/pkg-info.mk +include /usr/share/dpkg/architecture.mk +include defines.mk + +PACKAGE=proxmox-firewall +BUILDDIR ?= $(PACKAGE)-$(DEB_VERSION_UPSTREAM) + + +DEB=$(PACKAGE)_$(DEB_VERSION_UPSTREAM_REVISION)_$(DEB_HOST_ARCH).deb +DBG_DEB=$(PACKAGE)-dbgsym_$(DEB_VERSION_UPSTREAM_REVISION)_$(DEB_HOST_ARCH).deb +DSC=rust-$(PACKAGE)_$(DEB_VERSION_UPSTREAM_REVISION).dsc + +DEBS = $(DEB) $(DBG_DEB) + +ifeq ($(BUILD_MODE), release) +CARGO_BUILD_ARGS += --release +COMPILEDIR := target/release +else +COMPILEDIR := target/debug +endif + +USR_BIN := \ + proxmox-firewall + +COMPILED_BINS := \ + $(addprefix $(COMPILEDIR)/,$(USR_BIN)) + +all: cargo-build + +.PHONY: cargo-build +cargo-build: + cargo build $(CARGO_BUILD_ARGS) + +$(COMPILED_BINS): cargo-build + +install: $(COMPILED_BINS) + install -dm755 $(DESTDIR)$(SBINDIR) + $(foreach i,$(USR_BIN), \ + install -m755 $(COMPILEDIR)/$(i) $(DESTDIR)$(SBINDIR)/ ;) + +update-dcontrol: #$(BUILDDIR) + debcargo package \ + --config debian/debcargo.toml \ + --changelog-ready \ + --no-overlay-write-back \ + --directory $(BUILDDIR) \ + $(PACKAGE) \ + $(shell dpkg-parsechangelog -l debian/changelog -SVersion | sed -e 's/-.*//') + cat $(BUILDDIR)/debian/control debian/control.extra > debian/control + wrap-and-sort -t -k -f debian/control + +.PHONY: build +build: $(BUILDDIR) +$(BUILDDIR): + rm -rf $@ $@.tmp; mkdir $@.tmp + cp -a proxmox-firewall proxmox-nftables proxmox-ve-config debian Cargo.toml Makefile defines.mk $@.tmp/ + mv $@.tmp $@ + +.PHONY: deb +deb: $(DEB) +$(HELPER_DEB) $(DBG_DEB) $(HELPER_DBG_DEB) $(DOC_DEB): $(DEB) +$(DEB): $(BUILDDIR) + cd $(BUILDDIR); dpkg-buildpackage -b -us -uc --no-pre-clean + lintian $(DEB) $(DOC_DEB) $(HELPER_DEB) + +.PHONY: test +test: + cargo test + +.PHONY: dsc +dsc: + rm -rf $(BUILDDIR) $(DSC) + $(MAKE) $(DSC) + lintian $(DSC) +$(DSC): $(BUILDDIR) + cd $(BUILDDIR); dpkg-buildpackage -S -us -uc -d -nc + +sbuild: $(DSC) + sbuild $< + +.PHONY: dinstall +dinstall: $(DEB) + dpkg -i $(DEB) $(DBG_DEB) $(DOC_DEB) + +.PHONY: distclean +distclean: clean + +.PHONY: clean +clean: + cargo clean + rm -f *.deb *.build *.buildinfo *.changes *.dsc rust-$(PACKAGE)*.tar* + rm -rf $(PACKAGE)-[0-9]*/ + find . -name '*~' -exec rm {} ';' diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..7918ec9 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +proxmox-firewall (0.1-1) UNRELEASED; urgency=medium + + * Initial release. + + -- Stefan Hanreich Thu, 07 Mar 2024 10:15:10 +0100 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..e04ce68 --- /dev/null +++ b/debian/control @@ -0,0 +1,31 @@ +Source: proxmox-firewall +Section: admin +Priority: optional +Maintainer: Proxmox Support Team +Build-Depends: cargo:native, + debhelper-compat (= 13), + dh-cargo (>= 25), + librust-anyhow-1+default-dev, + librust-env-logger-0.10+default-dev, + librust-log-0.4+default-dev (>= 0.4.17-~~), + librust-nix-0.26+default-dev (>= 0.26.1-~~), + librust-serde-1+default-dev, + librust-serde-1+derive-dev, + librust-serde-json-1+default-dev, + librust-serde-plain-1+default-dev, + librust-serde-plain-1+default-dev, + librust-serde-with+default-dev, + librust-libc-0.2+default-dev, + librust-proxmox-schema-3+default-dev, +Standards-Version: 4.6.2 +Homepage: https://www.proxmox.com + +Package: proxmox-firewall +Architecture: any +Conflicts: ulogd, +Depends: ${misc:Depends}, ${shlibs:Depends}, + pve-firewall, + nftables, +Description: Proxmox VE nft Firewall + This package contains a nftables-based implementation of the Proxmox VE + Firewall diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..fe09a1b --- /dev/null +++ b/debian/copyright @@ -0,0 +1,16 @@ +Copyright (C) 2018-2024 Proxmox Server Solutions GmbH + +This software is written by Proxmox Server Solutions GmbH + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU Affero General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU Affero General Public License for more details. + +You should have received a copy of the GNU Affero General Public License +along with this program. If not, see . diff --git a/debian/proxmox-firewall.service b/debian/proxmox-firewall.service new file mode 100644 index 0000000..5f9bf4b --- /dev/null +++ b/debian/proxmox-firewall.service @@ -0,0 +1,16 @@ +[Unit] +Description=Proxmox VE nftables firewall +ConditionPathExists=/usr/sbin/proxmox-firewall +Wants=pve-cluster.service pvefw-logger.service +After=pvefw-logger.service pve-cluster.service network.target systemd-modules-load.service +DefaultDependencies=no +Before=shutdown.target +Conflicts=shutdown.target + +[Service] +ExecStart=/usr/sbin/proxmox-firewall +Type=oneshot + +[Install] +WantedBy=multi-user.target + diff --git a/debian/proxmox-firewall.timer b/debian/proxmox-firewall.timer new file mode 100644 index 0000000..d051102 --- /dev/null +++ b/debian/proxmox-firewall.timer @@ -0,0 +1,11 @@ +[Unit] +Description=Proxmox VE nft Firewall timer + +[Timer] +OnBootSec=1s +OnUnitInactiveSec=5s +Unit=proxmox-firewall.service + +[Install] +WantedBy=timers.target + diff --git a/debian/rules b/debian/rules new file mode 100644 index 0000000..5539a00 --- /dev/null +++ b/debian/rules @@ -0,0 +1,14 @@ +#!/usr/bin/make -f + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +%: + dh $@ + +override_dh_installsystemd: + dh_installsystemd --no-start proxmox-firewall.service + dh_installsystemd proxmox-firewall.timer + +override_dh_installinit: + diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..89ae9db --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (native) diff --git a/defines.mk b/defines.mk new file mode 100644 index 0000000..e01164d --- /dev/null +++ b/defines.mk @@ -0,0 +1,13 @@ +PREFIX = /usr +BINDIR = $(PREFIX)/bin +SBINDIR = $(PREFIX)/sbin +LIBDIR = $(PREFIX)/lib +LIBEXECDIR = $(LIBDIR) +DATAROOTDIR = $(PREFIX)/share +MAN1DIR = $(PREFIX)/share/man/man1 +MAN5DIR = $(PREFIX)/share/man/man5 +SYSCONFDIR = /etc + +# For local overrides +-include local.mak + -- 2.39.2