From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id D432B1FF146 for ; Tue, 09 Jun 2026 15:27:39 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 0F7EA13113; Tue, 9 Jun 2026 15:26:45 +0200 (CEST) From: Hannes Laimer To: pve-devel@lists.proxmox.com Subject: [PATCH proxmox-ebpf 03/16] debian: add packaging and boot-time oneshot unit Date: Tue, 9 Jun 2026 15:25:09 +0200 Message-ID: <20260609132522.235917-4-h.laimer@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260609132522.235917-1-h.laimer@proxmox.com> References: <20260609132522.235917-1-h.laimer@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1781011483473 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.083 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_SHORT 0.001 Use of a URL Shortener for very short URL SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: 7AFDKDDZUD5MWJMQ2SL75VQH35ARWJUG X-Message-ID-Hash: 7AFDKDDZUD5MWJMQ2SL75VQH35ARWJUG X-MailFrom: h.laimer@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Package the agent and ship a systemd unit that runs `apply` once at boot, bringing BPF state in line with the SDN running-config. Signed-off-by: Hannes Laimer --- Makefile | 66 +++++++++++++++++++++++++++++++++++++ debian/changelog | 5 +++ debian/control | 34 +++++++++++++++++++ debian/copyright | 18 ++++++++++ debian/proxmox-ebpf.install | 1 + debian/proxmox-ebpf.postrm | 11 +++++++ debian/proxmox-ebpf.prerm | 12 +++++++ debian/proxmox-ebpf.service | 15 +++++++++ debian/rules | 33 +++++++++++++++++++ debian/source/format | 1 + 10 files changed, 196 insertions(+) create mode 100644 Makefile create mode 100644 debian/changelog create mode 100644 debian/control create mode 100644 debian/copyright create mode 100644 debian/proxmox-ebpf.install create mode 100755 debian/proxmox-ebpf.postrm create mode 100755 debian/proxmox-ebpf.prerm create mode 100644 debian/proxmox-ebpf.service create mode 100755 debian/rules create mode 100644 debian/source/format diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..bf3d7e7 --- /dev/null +++ b/Makefile @@ -0,0 +1,66 @@ +include /usr/share/dpkg/architecture.mk +include /usr/share/dpkg/pkg-info.mk + +PACKAGE := proxmox-ebpf +BUILDDIR ?= $(PACKAGE)-$(DEB_VERSION_UPSTREAM) +CARGO ?= cargo + +ifeq ($(BUILD_MODE), release) +CARGO_BUILD_ARGS += --release +endif + +DEB=$(PACKAGE)_$(DEB_VERSION)_$(DEB_HOST_ARCH).deb +DBG_DEB=$(PACKAGE)-dbgsym_$(DEB_VERSION)_$(DEB_HOST_ARCH).deb +DSC=$(PACKAGE)_$(DEB_VERSION).dsc + +all: cargo-build + +.PHONY: cargo-build +cargo-build: + $(CARGO) build $(CARGO_BUILD_ARGS) + +.PHONY: test +test: + $(CARGO) test $(CARGO_BUILD_ARGS) + +.PHONY: check +check: test + +$(BUILDDIR): src include debian Cargo.toml build.rs + rm -rf $(BUILDDIR) $(BUILDDIR).tmp + mkdir $(BUILDDIR).tmp + cp -a -t $(BUILDDIR).tmp $^ Makefile + mv $(BUILDDIR).tmp $(BUILDDIR) + +.PHONY: deb +deb: $(DEB) +$(DEB) $(DBG_DEB) &: $(BUILDDIR) + cd $(BUILDDIR); dpkg-buildpackage -b -us -uc + lintian $(DEB) + +.PHONY: dsc +dsc: + $(MAKE) clean + $(MAKE) $(DSC) + lintian $(DSC) + +$(DSC): $(BUILDDIR) + cd $(BUILDDIR); dpkg-buildpackage -S -us -uc -d + +sbuild: $(DSC) + sbuild $(DSC) + +.PHONY: upload +upload: UPLOAD_DIST ?= $(DEB_DISTRIBUTION) +upload: $(DEB) $(DBG_DEB) + tar -cf - $(DEB) $(DBG_DEB) | ssh -X repoman@repo.proxmox.com upload --product pve --dist $(UPLOAD_DIST) + +.PHONY: dinstall +dinstall: + $(MAKE) deb + sudo -k dpkg -i $(DEB) + +clean: + $(CARGO) clean + rm -rf ./$(BUILDDIR) + rm -f -- *.deb *.dsc *.tar.?z *.buildinfo *.build *.changes diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..310d2cd --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +proxmox-ebpf (0.1.0) trixie; urgency=medium + + * initial packaging. + + -- Proxmox Support Team Mon, 18 May 2026 11:00:00 +0200 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..680da4f --- /dev/null +++ b/debian/control @@ -0,0 +1,34 @@ +Source: proxmox-ebpf +Section: admin +Priority: optional +Build-Depends: debhelper-compat (= 13), + clang, + llvm, + libbpf-dev, + linux-libc-dev, + cargo:native, + rustc:native, + libstd-rust-dev, + librust-anyhow-1+default-dev, + librust-aya-0.13+default-dev, + librust-log-0.4+default-dev, + librust-pico-args-0.5+default-dev, + librust-proxmox-log-1+default-dev, + librust-proxmox-ve-config-0.10+default-dev, + librust-nix-0.29+default-dev, + librust-nix-0.29+hostname-dev, + librust-nix-0.29+net-dev, + librust-serde-json-1+default-dev, +Maintainer: Proxmox Support Team +Standards-Version: 4.6.2 +Homepage: https://www.proxmox.com +Rules-Requires-Root: no + +Package: proxmox-ebpf +Architecture: any +Depends: pve-cluster (>= 9.0.1), + libpve-network-perl, + ${shlibs:Depends}, + ${misc:Depends}, +Description: eBPF-based microsegmentation agent for Proxmox VE + Filters traffic between guests by identity. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..01138fa --- /dev/null +++ b/debian/copyright @@ -0,0 +1,18 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ + +Files: + * +Copyright: 2026 Proxmox Server Solutions GmbH +License: AGPL-3.0-or-later + This program is free software: you can redistribute it and/or modify it under + the terms of the GNU Affero General Public License as published by the Free + Software Foundation, either version 3 of the License, or (at your option) any + later version. + . + This program is distributed in the hope that it will be useful, but WITHOUT + ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more + details. + . + You should have received a copy of the GNU Affero General Public License along + with this program. If not, see . diff --git a/debian/proxmox-ebpf.install b/debian/proxmox-ebpf.install new file mode 100644 index 0000000..7fbce7e --- /dev/null +++ b/debian/proxmox-ebpf.install @@ -0,0 +1 @@ +target/x86_64-unknown-linux-gnu/release/proxmox-ebpf usr/libexec/proxmox diff --git a/debian/proxmox-ebpf.postrm b/debian/proxmox-ebpf.postrm new file mode 100755 index 0000000..2a7d9a5 --- /dev/null +++ b/debian/proxmox-ebpf.postrm @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +case "$1" in + remove|purge) + rm -rf /sys/fs/bpf/proxmox-ebpf /sys/fs/bpf/proxmox-ebpf-test || true + rm -rf /run/proxmox-ebpf || true + ;; +esac + +#DEBHELPER# diff --git a/debian/proxmox-ebpf.prerm b/debian/proxmox-ebpf.prerm new file mode 100755 index 0000000..cce50f0 --- /dev/null +++ b/debian/proxmox-ebpf.prerm @@ -0,0 +1,12 @@ +#!/bin/sh +set -e + +case "$1" in + remove) + if [ -x /usr/libexec/proxmox/proxmox-ebpf ]; then + /usr/libexec/proxmox/proxmox-ebpf clear || true + fi + ;; +esac + +#DEBHELPER# diff --git a/debian/proxmox-ebpf.service b/debian/proxmox-ebpf.service new file mode 100644 index 0000000..b78259e --- /dev/null +++ b/debian/proxmox-ebpf.service @@ -0,0 +1,15 @@ +[Unit] +Description=Proxmox VE eBPF microsegmentation boot reconcile +Wants=pve-cluster.service network-online.target +After=pve-cluster.service network-online.target pve-sdn-commit.service +Before=pve-guests.service + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/libexec/proxmox/proxmox-ebpf apply +RuntimeDirectory=proxmox-ebpf +RuntimeDirectoryPreserve=yes + +[Install] +WantedBy=multi-user.target diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..db2a8c9 --- /dev/null +++ b/debian/rules @@ -0,0 +1,33 @@ +#!/usr/bin/make -f +# See debhelper(7) (uncomment to enable) +# output every command that modifies files on the build system. +DH_VERBOSE = 1 + +include /usr/share/dpkg/pkg-info.mk +include /usr/share/rustc/architecture.mk + +export BUILD_MODE=release + +export CFLAGS CXXFLAGS CPPFLAGS LDFLAGS +export DEB_HOST_RUST_TYPE DEB_HOST_GNU_TYPE + +export CARGO=/usr/share/cargo/bin/cargo +export CARGO_HOME = $(CURDIR)/debian/cargo_home + +export DEB_CARGO_CRATE=proxmox-ebpf_$(DEB_VERSION_UPSTREAM) +export DEB_CARGO_PACKAGE=proxmox-ebpf + +%: + dh $@ + +override_dh_auto_configure: + @perl -ne 'if (/^version\s*=\s*"(\d+(?:\.\d+)+)"/) { my $$v_cargo = $$1; my $$v_deb = "$(DEB_VERSION_UPSTREAM)"; \ + die "ERROR: d/changelog <-> Cargo.toml version mismatch: $$v_cargo != $$v_deb\n" if $$v_cargo ne $$v_deb; exit(0); }' Cargo.toml + $(CARGO) prepare-debian $(CURDIR)/debian/cargo_registry --link-from-system + dh_auto_configure + +override_dh_missing: + dh_missing --fail-missing + +override_dh_installsystemd: + dh_installsystemd proxmox-ebpf.service diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..89ae9db --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (native) -- 2.47.3