[pve-devel] [PATCH proxmox-firewall v2 33/39] firewall: add files for debian packaging

From: Stefan Hanreich <s.hanreich@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH proxmox-firewall v2 33/39] firewall: add files for debian packaging
Date: Wed, 17 Apr 2024 15:53:58 +0200	[thread overview]
Message-ID: <20240417135404.573490-34-s.hanreich@proxmox.com> (raw)
In-Reply-To: <20240417135404.573490-1-s.hanreich@proxmox.com>

Suggested-By: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
 .gitignore                      |  3 ++
 Makefile                        | 70 +++++++++++++++++++++++++++++++++
 debian/changelog                |  5 +++
 debian/control                  | 38 ++++++++++++++++++
 debian/copyright                | 16 ++++++++
 debian/postrm                   | 14 +++++++
 debian/proxmox-firewall.install |  1 +
 debian/proxmox-firewall.service |  9 +++++
 debian/proxmox-firewall.timer   | 13 ++++++
 debian/rules                    | 32 +++++++++++++++
 debian/source/format            |  1 +
 defines.mk                      | 13 ++++++
 12 files changed, 215 insertions(+)
 create mode 100644 Makefile
 create mode 100644 debian/changelog
 create mode 100644 debian/control
 create mode 100644 debian/copyright
 create mode 100755 debian/postrm
 create mode 100644 debian/proxmox-firewall.install
 create mode 100644 debian/proxmox-firewall.service
 create mode 100644 debian/proxmox-firewall.timer
 create mode 100755 debian/rules
 create mode 100644 debian/source/format
 create mode 100644 defines.mk

diff --git a/.gitignore b/.gitignore
index 3cb8114..90749ee 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,5 +2,8 @@
 /Cargo.lock
 proxmox-firewall-*/
 *.deb
+*.dsc
+*.tar*
+*.build
 *.buildinfo
 *.changes
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..c235b93
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,70 @@
+include /usr/share/dpkg/pkg-info.mk
+include /usr/share/dpkg/architecture.mk
+include defines.mk
+
+PACKAGE=proxmox-firewall
+BUILDDIR ?= $(PACKAGE)-$(DEB_VERSION_UPSTREAM)
+CARGO ?= cargo
+
+DEB=$(PACKAGE)_$(DEB_VERSION_UPSTREAM_REVISION)_$(DEB_HOST_ARCH).deb
+DBG_DEB=$(PACKAGE)-dbgsym_$(DEB_VERSION_UPSTREAM_REVISION)_$(DEB_HOST_ARCH).deb
+DSC=rust-$(PACKAGE)_$(DEB_VERSION_UPSTREAM_REVISION).dsc
+
+DEBS = $(DEB) $(DBG_DEB)
+
+ifeq ($(BUILD_MODE), release)
+CARGO_BUILD_ARGS += --release
+COMPILEDIR := target/release
+else
+COMPILEDIR := target/debug
+endif
+
+
+all: cargo-build
+
+.PHONY: cargo-build
+cargo-build:
+	$(CARGO) build $(CARGO_BUILD_ARGS)
+
+.PHONY: build
+build: $(BUILDDIR)
+$(BUILDDIR):
+	rm -rf $@ $@.tmp; mkdir $@.tmp
+	cp -a proxmox-firewall proxmox-nftables proxmox-ve-config debian Cargo.toml Makefile defines.mk $@.tmp/
+	mv $@.tmp $@
+
+.PHONY: deb
+deb: $(DEB)
+$(HELPER_DEB) $(DBG_DEB) $(HELPER_DBG_DEB) $(DOC_DEB): $(DEB)
+$(DEB): $(BUILDDIR)
+	cd $(BUILDDIR); dpkg-buildpackage -b -us -uc --no-pre-clean
+	lintian $(DEB) $(DOC_DEB) $(HELPER_DEB)
+
+.PHONY: test
+test:
+	$(CARGO) test
+
+.PHONY: dsc
+dsc:
+	rm -rf $(BUILDDIR) $(DSC)
+	$(MAKE) $(DSC)
+	lintian $(DSC)
+$(DSC): $(BUILDDIR)
+	cd $(BUILDDIR); dpkg-buildpackage -S -us -uc -d -nc
+
+sbuild: $(DSC)
+	sbuild $<
+
+.PHONY: dinstall
+dinstall: $(DEB)
+	dpkg -i $(DEB) $(DBG_DEB) $(DOC_DEB)
+
+.PHONY: distclean
+distclean: clean
+
+.PHONY: clean
+clean:
+	$(CARGO) clean
+	rm -f *.deb *.build *.buildinfo *.changes *.dsc rust-$(PACKAGE)*.tar*
+	rm -rf $(PACKAGE)-[0-9]*/
+	find . -name '*~' -exec rm {} ';'
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..3ca5833
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,5 @@
+rust-proxmox-firewall (0.1) UNRELEASED; urgency=medium
+
+  * Initial release.
+
+ -- Stefan Hanreich <s.hanreich@proxmox.com>  Thu, 07 Mar 2024 10:15:10 +0100
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..fe9467b
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,38 @@
+Source: rust-proxmox-firewall
+Section: admin
+Priority: optional
+Maintainer: Proxmox Support Team <support@proxmox.com>
+Build-Depends: cargo:native,
+               debhelper-compat (= 13),
+               libnftables-dev,
+               librust-anyhow-1+default-dev,
+               librust-env-logger-0.10+default-dev,
+               librust-log-0.4+default-dev (>= 0.4.17-~~),
+               librust-nix-0.26+default-dev (>= 0.26.1-~~),
+               librust-proxmox-sys-dev,
+               librust-proxmox-sortable-macro-dev,
+               librust-serde-1+default-dev,
+               librust-serde-1+derive-dev,
+               librust-serde-json-1+default-dev,
+               librust-serde-plain-1+default-dev,
+               librust-serde-plain-1+default-dev,
+               librust-serde-with+default-dev,
+               librust-libc-0.2+default-dev,
+               librust-proxmox-schema-3+default-dev,
+               libstd-rust-dev,
+               netbase,
+               python3,
+               rustc:native,
+Standards-Version: 4.6.2
+Homepage: https://www.proxmox.com
+
+Package: proxmox-firewall
+Architecture: any
+Conflicts: ulogd,
+Depends: ${misc:Depends}, ${shlibs:Depends},
+         pve-firewall,
+         nftables,
+         netbase,
+Description: Proxmox nftables firewall
+ This package contains a nftables-based implementation of the Proxmox VE
+ Firewall
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..fe09a1b
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,16 @@
+Copyright (C) 2018-2024 Proxmox Server Solutions GmbH
+
+This software is written by Proxmox Server Solutions GmbH <support@proxmox.com>
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
diff --git a/debian/postrm b/debian/postrm
new file mode 100755
index 0000000..1bc0282
--- /dev/null
+++ b/debian/postrm
@@ -0,0 +1,14 @@
+#!/bin/sh
+set -e
+
+case "$1" in
+    remove)
+	if command -v nft
+	then
+	    nft delete table inet proxmox-firewall || echo "unable to remove proxmox-firewall table"
+	    nft delete table bridge proxmox-firewall-guests || echo "unable to remove proxmox-firewall-guests table"
+	fi
+    ;;
+esac
+
+#DEBHELPER#
diff --git a/debian/proxmox-firewall.install b/debian/proxmox-firewall.install
new file mode 100644
index 0000000..bccfc63
--- /dev/null
+++ b/debian/proxmox-firewall.install
@@ -0,0 +1 @@
+target/x86_64-unknown-linux-gnu/release/proxmox-firewall usr/sbin
diff --git a/debian/proxmox-firewall.service b/debian/proxmox-firewall.service
new file mode 100644
index 0000000..ddc5e6c
--- /dev/null
+++ b/debian/proxmox-firewall.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Proxmox nftables firewall
+Wants=pve-cluster.service pvefw-logger.service
+After=pvefw-logger.service pve-cluster.service network.target systemd-modules-load.service
+
+[Service]
+ExecStart=/usr/sbin/proxmox-firewall
+Type=oneshot
+
diff --git a/debian/proxmox-firewall.timer b/debian/proxmox-firewall.timer
new file mode 100644
index 0000000..05dbc86
--- /dev/null
+++ b/debian/proxmox-firewall.timer
@@ -0,0 +1,13 @@
+[Unit]
+Description=Proxmox VE nft Firewall timer
+Wants=pve-cluster.service pvefw-logger.service
+After=pvefw-logger.service pve-cluster.service network.target systemd-modules-load.service
+
+[Timer]
+OnBootSec=1s
+OnUnitInactiveSec=5s
+Unit=proxmox-firewall.service
+
+[Install]
+WantedBy=timers.target
+
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..6e5edbf
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,32 @@
+#!/usr/bin/make -f
+
+# Uncomment this to turn on verbose mode.
+export DH_VERBOSE=1
+
+include /usr/share/dpkg/pkg-info.mk
+include /usr/share/rustc/architecture.mk
+
+export BUILD_MODE=release
+
+export CFLAGS CXXFLAGS CPPFLAGS LDFLAGS
+export DEB_HOST_RUST_TYPE DEB_HOST_GNU_TYPE
+
+export CARGO=/usr/share/cargo/bin/cargo
+export CARGO_HOME = $(CURDIR)/debian/cargo_home
+
+export DEB_CARGO_CRATE=proxmox-firewall$(DEB_VERSION_UPSTREAM)
+export DEB_CARGO_PACKAGE=proxmox-firewall
+
+%:
+	dh $@
+
+override_dh_auto_configure:
+	@perl -ne 'if (/^version\s*=\s*"(\d+(?:\.\d+)+)"/) { my $$v_cargo = $$1; my $$v_deb = "$(DEB_VERSION_UPSTREAM)"; \
+	    die "ERROR: d/changelog <-> Cargo.toml version mismatch: $$v_cargo != $$v_deb\n" if $$v_cargo ne $$v_deb; exit(0); }' Cargo.toml
+	$(CARGO) prepare-debian $(CURDIR)/debian/cargo_registry --link-from-system
+	dh_auto_configure
+
+override_dh_installsystemd:
+	dh_installsystemd --no-start --no-enable proxmox-firewall.service
+	dh_installsystemd proxmox-firewall.timer
+
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..89ae9db
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (native)
diff --git a/defines.mk b/defines.mk
new file mode 100644
index 0000000..e01164d
--- /dev/null
+++ b/defines.mk
@@ -0,0 +1,13 @@
+PREFIX = /usr
+BINDIR = $(PREFIX)/bin
+SBINDIR = $(PREFIX)/sbin
+LIBDIR = $(PREFIX)/lib
+LIBEXECDIR = $(LIBDIR)
+DATAROOTDIR = $(PREFIX)/share
+MAN1DIR = $(PREFIX)/share/man/man1
+MAN5DIR = $(PREFIX)/share/man/man5
+SYSCONFDIR = /etc
+
+# For local overrides
+-include local.mak
+
-- 
2.39.2


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
