Suggested-By: Fabian Grünbichler <f.gruenbich...@proxmox.com> Signed-off-by: Stefan Hanreich <s.hanre...@proxmox.com> --- .gitignore | 3 ++ Makefile | 70 +++++++++++++++++++++++++++++++++ debian/changelog | 5 +++ debian/control | 39 ++++++++++++++++++ debian/copyright | 16 ++++++++ debian/proxmox-firewall.install | 1 + debian/proxmox-firewall.service | 14 +++++++ debian/rules | 31 +++++++++++++++ debian/source/format | 1 + defines.mk | 13 ++++++ 10 files changed, 193 insertions(+) create mode 100644 Makefile create mode 100644 debian/changelog create mode 100644 debian/control create mode 100644 debian/copyright create mode 100644 debian/proxmox-firewall.install create mode 100644 debian/proxmox-firewall.service create mode 100755 debian/rules create mode 100644 debian/source/format create mode 100644 defines.mk
diff --git a/.gitignore b/.gitignore index 3cb8114..90749ee 100644 --- a/.gitignore +++ b/.gitignore @@ -2,5 +2,8 @@ /Cargo.lock proxmox-firewall-*/ *.deb +*.dsc +*.tar* +*.build *.buildinfo *.changes diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..c235b93 --- /dev/null +++ b/Makefile @@ -0,0 +1,70 @@ +include /usr/share/dpkg/pkg-info.mk +include /usr/share/dpkg/architecture.mk +include defines.mk + +PACKAGE=proxmox-firewall +BUILDDIR ?= $(PACKAGE)-$(DEB_VERSION_UPSTREAM) +CARGO ?= cargo + +DEB=$(PACKAGE)_$(DEB_VERSION_UPSTREAM_REVISION)_$(DEB_HOST_ARCH).deb +DBG_DEB=$(PACKAGE)-dbgsym_$(DEB_VERSION_UPSTREAM_REVISION)_$(DEB_HOST_ARCH).deb +DSC=rust-$(PACKAGE)_$(DEB_VERSION_UPSTREAM_REVISION).dsc + +DEBS = $(DEB) $(DBG_DEB) + +ifeq ($(BUILD_MODE), release) +CARGO_BUILD_ARGS += --release +COMPILEDIR := target/release +else +COMPILEDIR := target/debug +endif + + +all: cargo-build + +.PHONY: cargo-build +cargo-build: + $(CARGO) build $(CARGO_BUILD_ARGS) + +.PHONY: build +build: $(BUILDDIR) +$(BUILDDIR): + rm -rf $@ $@.tmp; mkdir $@.tmp + cp -a proxmox-firewall proxmox-nftables proxmox-ve-config debian Cargo.toml Makefile defines.mk $@.tmp/ + mv $@.tmp $@ + +.PHONY: deb +deb: $(DEB) +$(HELPER_DEB) $(DBG_DEB) $(HELPER_DBG_DEB) $(DOC_DEB): $(DEB) +$(DEB): $(BUILDDIR) + cd $(BUILDDIR); dpkg-buildpackage -b -us -uc --no-pre-clean + lintian $(DEB) $(DOC_DEB) $(HELPER_DEB) + +.PHONY: test +test: + $(CARGO) test + +.PHONY: dsc +dsc: + rm -rf $(BUILDDIR) $(DSC) + $(MAKE) $(DSC) + lintian $(DSC) +$(DSC): $(BUILDDIR) + cd $(BUILDDIR); dpkg-buildpackage -S -us -uc -d -nc + +sbuild: $(DSC) + sbuild $< + +.PHONY: dinstall +dinstall: $(DEB) + dpkg -i $(DEB) $(DBG_DEB) $(DOC_DEB) + +.PHONY: distclean +distclean: clean + +.PHONY: clean +clean: + $(CARGO) clean + rm -f *.deb *.build *.buildinfo *.changes *.dsc rust-$(PACKAGE)*.tar* + rm -rf $(PACKAGE)-[0-9]*/ + find . -name '*~' -exec rm {} ';' diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..3ca5833 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +rust-proxmox-firewall (0.1) UNRELEASED; urgency=medium + + * Initial release. + + -- Stefan Hanreich <s.hanre...@proxmox.com> Thu, 07 Mar 2024 10:15:10 +0100 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..97f9e89 --- /dev/null +++ b/debian/control @@ -0,0 +1,39 @@ +Source: rust-proxmox-firewall +Section: admin +Priority: optional +Maintainer: Proxmox Support Team <supp...@proxmox.com> +Build-Depends: cargo:native, + debhelper-compat (= 13), + librust-anyhow-1+default-dev, + librust-env-logger-0.10+default-dev, + librust-log-0.4+default-dev (>= 0.4.17-~~), + librust-nix-0.26+default-dev (>= 0.26.1-~~), + librust-proxmox-sys-dev, + librust-proxmox-sortable-macro-dev, + librust-serde-1+default-dev, + librust-serde-1+derive-dev, + librust-serde-json-1+default-dev, + librust-serde-plain-1+default-dev, + librust-serde-plain-1+default-dev, + librust-serde-with+default-dev, + librust-signal-hook-dev, + librust-thiserror-dev, + librust-libc-0.2+default-dev, + librust-proxmox-schema-3+default-dev, + libstd-rust-dev, + netbase, + python3, + rustc:native, +Standards-Version: 4.6.2 +Homepage: https://www.proxmox.com + +Package: proxmox-firewall +Architecture: any +Conflicts: ulogd, +Depends: ${misc:Depends}, ${shlibs:Depends}, + pve-firewall, + nftables, + netbase, +Description: Proxmox nftables firewall + This package contains a nftables-based implementation of the Proxmox VE + Firewall diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..fe09a1b --- /dev/null +++ b/debian/copyright @@ -0,0 +1,16 @@ +Copyright (C) 2018-2024 Proxmox Server Solutions GmbH + +This software is written by Proxmox Server Solutions GmbH <supp...@proxmox.com> + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU Affero General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU Affero General Public License for more details. + +You should have received a copy of the GNU Affero General Public License +along with this program. If not, see <http://www.gnu.org/licenses/>. diff --git a/debian/proxmox-firewall.install b/debian/proxmox-firewall.install new file mode 100644 index 0000000..8eb376c --- /dev/null +++ b/debian/proxmox-firewall.install @@ -0,0 +1 @@ +target/x86_64-unknown-linux-gnu/release/proxmox-firewall usr/libexec/proxmox diff --git a/debian/proxmox-firewall.service b/debian/proxmox-firewall.service new file mode 100644 index 0000000..ad2324b --- /dev/null +++ b/debian/proxmox-firewall.service @@ -0,0 +1,14 @@ +[Unit] +Description=Proxmox nftables firewall +Wants=pve-cluster.service pvefw-logger.service +After=pvefw-logger.service pve-cluster.service network.target systemd-modules-load.service + +[Service] +ExecStart=/usr/libexec/proxmox/proxmox-firewall +PIDFile=/run/proxmox-firewall.pid +Environment="RUST_LOG_STYLE=SYSTEMD" +Environment="RUST_LOG=warn" + +[Install] +WantedBy=multi-user.target + diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..1c1af5a --- /dev/null +++ b/debian/rules @@ -0,0 +1,31 @@ +#!/usr/bin/make -f + +# Uncomment this to turn on verbose mode. +export DH_VERBOSE=1 + +include /usr/share/dpkg/pkg-info.mk +include /usr/share/rustc/architecture.mk + +export BUILD_MODE=release + +export CFLAGS CXXFLAGS CPPFLAGS LDFLAGS +export DEB_HOST_RUST_TYPE DEB_HOST_GNU_TYPE + +export CARGO=/usr/share/cargo/bin/cargo +export CARGO_HOME = $(CURDIR)/debian/cargo_home + +export DEB_CARGO_CRATE=proxmox-firewall$(DEB_VERSION_UPSTREAM) +export DEB_CARGO_PACKAGE=proxmox-firewall + +%: + dh $@ + +override_dh_auto_configure: + @perl -ne 'if (/^version\s*=\s*"(\d+(?:\.\d+)+)"/) { my $$v_cargo = $$1; my $$v_deb = "$(DEB_VERSION_UPSTREAM)"; \ + die "ERROR: d/changelog <-> Cargo.toml version mismatch: $$v_cargo != $$v_deb\n" if $$v_cargo ne $$v_deb; exit(0); }' Cargo.toml + $(CARGO) prepare-debian $(CURDIR)/debian/cargo_registry --link-from-system + dh_auto_configure + +override_dh_installsystemd: + dh_installsystemd proxmox-firewall.service + diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..89ae9db --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (native) diff --git a/defines.mk b/defines.mk new file mode 100644 index 0000000..e01164d --- /dev/null +++ b/defines.mk @@ -0,0 +1,13 @@ +PREFIX = /usr +BINDIR = $(PREFIX)/bin +SBINDIR = $(PREFIX)/sbin +LIBDIR = $(PREFIX)/lib +LIBEXECDIR = $(LIBDIR) +DATAROOTDIR = $(PREFIX)/share +MAN1DIR = $(PREFIX)/share/man/man1 +MAN5DIR = $(PREFIX)/share/man/man5 +SYSCONFDIR = /etc + +# For local overrides +-include local.mak + -- 2.39.2 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel