mirror/rustnet
1
0
Fork 0
mirror of https://github.com/domcyrus/rustnet.git synced 2025-12-30 02:19:50 -06:00
Code Issues Packages Projects Releases Wiki Activity

feat: add GitHub Actions workflow for Ubuntu PPA releases

Browse Source 
- Add automated PPA build workflow for Ubuntu 22.04 and 24.04
- Build and sign packages using CI GPG key
- Auto-upload to ppa:domcyrus/rustnet on git tags
- Add complete Debian packaging files
This commit is contained in:
Marco Cadetg
2025-10-13 11:51:27 +02:00
parent e1d4118e55
commit e0de0c42a7
11 changed files with 521 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
.github/PPA_SETUP.md vendored Normal file
View File

@@ -0,0 +1,50 @@
# GitHub Actions PPA Setup
## Add GitHub Secrets
Go to: **Settings****Secrets and variables****Actions****New repository secret**
### 1. GPG_PRIVATE_KEY
```bash
# Display your CI private key
cat ci-signing-key.asc
```
Copy the entire output (including `-----BEGIN PGP PRIVATE KEY BLOCK-----` and `-----END...`)
- Name: `GPG_PRIVATE_KEY`
- Value: [paste the entire key]
### 2. GPG_KEY_ID
```bash
# Get your key ID
gpg --list-keys cadetg@gmail.com
```
Copy the long hex string (e.g., `ABC123...`)
- Name: `GPG_KEY_ID`
- Value: [paste just the key ID]
## Test the Workflow
```bash
# Create and push a test tag
git tag v0.14.0-test
git push origin v0.14.0-test
```
Check: **Actions** tab in GitHub → **Release to Ubuntu PPA**
## Remove Test Tag (if needed)
```bash
git tag -d v0.14.0-test
git push origin :refs/tags/v0.14.0-test
```
## Done!
From now on, just push version tags and GitHub will handle the PPA release automatically! 🚀

169
.github/workflows/ppa-release.yml vendored Normal file
View File

@@ -0,0 +1,169 @@
name: Release to Ubuntu PPA
on:
workflow_dispatch:
inputs:
ubuntu_release:
description: 'Ubuntu release codename'
required: true
default: 'noble'
type: choice
options:
- noble # 24.04 LTS
- jammy # 22.04 LTS
push:
tags:
- 'v*'
env:
DEBEMAIL: cadetg@gmail.com
DEBFULLNAME: Marco Cadetg
PPA: ppa:domcyrus/rustnet
jobs:
build-and-upload:
runs-on: ubuntu-22.04
strategy:
matrix:
ubuntu_release:
- noble
- jammy
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y \
debhelper \
devscripts \
dput \
gnupg \
libpcap-dev \
libelf-dev \
elfutils \
zlib1g-dev \
clang \
llvm \
pkg-config
- name: Install Rust
uses: dtolnay/rust-toolchain@stable
with:
toolchain: stable
- name: Import GPG key
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
run: |
echo "$GPG_PRIVATE_KEY" | gpg --batch --import
gpg --list-secret-keys
- name: Get version
id: version
run: |
VERSION=$(grep '^version = ' Cargo.toml | head -1 | sed 's/version = "\(.*\)"/\1/')
echo "version=$VERSION" >> $GITHUB_OUTPUT
# Set debian revision
if [ "${{ matrix.ubuntu_release }}" = "noble" ]; then
DEBIAN_REVISION="1ubuntu1"
else
DEBIAN_REVISION="1ubuntu1~${{ matrix.ubuntu_release }}1"
fi
echo "debian_revision=$DEBIAN_REVISION" >> $GITHUB_OUTPUT
- name: Update debian/changelog
run: |
cd debian
# Update distribution
sed -i "s/) noble;/) ${{ matrix.ubuntu_release }};/" changelog
# For jammy, add backport entry
if [ "${{ matrix.ubuntu_release }}" = "jammy" ]; then
VERSION="${{ steps.version.outputs.version }}"
REVISION="${{ steps.version.outputs.debian_revision }}"
cat > changelog.new <<EOF
rustnet-monitor (${VERSION}-${REVISION}) jammy; urgency=medium
* Backport to Ubuntu 22.04 Jammy
-- Marco Cadetg <cadetg@gmail.com> $(date -R)
EOF
cat changelog >> changelog.new
mv changelog.new changelog
fi
- name: Build source package
run: |
VERSION="${{ steps.version.outputs.version }}"
PACKAGE_NAME="rustnet-monitor"
# Create build directory
mkdir -p build-ppa
# Create orig tarball
git archive --format=tar.gz --prefix="${PACKAGE_NAME}-${VERSION}/" HEAD \
> "build-ppa/${PACKAGE_NAME}_${VERSION}.orig.tar.gz"
# Extract and add debian directory
cd build-ppa
tar -xzf "${PACKAGE_NAME}_${VERSION}.orig.tar.gz"
cp -r "$GITHUB_WORKSPACE/debian" "${PACKAGE_NAME}-${VERSION}/"
# Build source package
cd "${PACKAGE_NAME}-${VERSION}"
debuild -S -sa -d -us -uc
- name: Sign and upload
env:
GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }}
run: |
cd build-ppa
VERSION="${{ steps.version.outputs.version }}"
DEBIAN_REVISION="${{ steps.version.outputs.debian_revision }}"
CHANGES_FILE="rustnet-monitor_${VERSION}-${DEBIAN_REVISION}_source.changes"
# Sign
debsign -k${GPG_KEY_ID} ${CHANGES_FILE}
# Verify
gpg --verify ${CHANGES_FILE}
# Upload to PPA
dput ${{ env.PPA }} ${CHANGES_FILE}
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: ppa-source-${{ matrix.ubuntu_release }}
path: |
build-ppa/*.dsc
build-ppa/*.tar.gz
build-ppa/*.tar.xz
build-ppa/*.changes
build-ppa/*.buildinfo
retention-days: 30
- name: Summary
run: |
echo "## 🎉 PPA Upload Complete" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "- **Package**: rustnet-monitor" >> $GITHUB_STEP_SUMMARY
echo "- **Version**: ${{ steps.version.outputs.version }}-${{ steps.version.outputs.debian_revision }}" >> $GITHUB_STEP_SUMMARY
echo "- **Ubuntu**: ${{ matrix.ubuntu_release }}" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Installation" >> $GITHUB_STEP_SUMMARY
echo '```bash' >> $GITHUB_STEP_SUMMARY
echo "sudo add-apt-repository ppa:domcyrus/rustnet" >> $GITHUB_STEP_SUMMARY
echo "sudo apt update && sudo apt install rustnet" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "[View PPA →](https://launchpad.net/~domcyrus/+archive/ubuntu/rustnet/+packages)" >> $GITHUB_STEP_SUMMARY

62
debian/README.md vendored Normal file
View File

@@ -0,0 +1,62 @@
# Ubuntu PPA Packaging for RustNet
RustNet uses GitHub Actions to automatically build and upload packages to Ubuntu PPA.
## Quick Start
Push a git tag to trigger automatic PPA release:
```bash
git tag v0.15.0
git push origin v0.15.0
```
This automatically builds and uploads to both Ubuntu 22.04 (Jammy) and 24.04 (Noble).
## GitHub Secrets Setup
Add these secrets to your GitHub repository (Settings → Secrets and variables → Actions):
### 1. GPG_PRIVATE_KEY
Your passphrase-free CI GPG private key:
```bash
cat ci-signing-key.asc
# Copy the entire output including BEGIN/END markers
```
### 2. GPG_KEY_ID
Your CI GPG key ID:
```bash
gpg --list-keys cadetg@gmail.com
# Copy the key ID (long hex string)
```
## Installation (for users)
```bash
sudo add-apt-repository ppa:domcyrus/rustnet
sudo apt update
sudo apt install rustnet
```
## Package Details
- **Source**: rustnet-monitor
- **Binary**: rustnet
- **Maintainer**: Marco Cadetg <cadetg@gmail.com>
- **PPA**: https://launchpad.net/~domcyrus/+archive/ubuntu/rustnet
- **Supported**: Ubuntu 22.04 LTS, 24.04 LTS
- **Architectures**: amd64, arm64, armhf
## Workflow
See [.github/workflows/ppa-release.yml](../.github/workflows/ppa-release.yml)
## Links
- [PPA Packages](https://launchpad.net/~domcyrus/+archive/ubuntu/rustnet/+packages)
- [Build Logs](https://launchpad.net/~domcyrus/+archive/ubuntu/rustnet/+builds)

23
debian/changelog vendored Normal file
View File

@@ -0,0 +1,23 @@
rustnet-monitor (0.14.0-1ubuntu1) noble; urgency=medium
* Initial Ubuntu PPA release
* eBPF enabled by default on Linux with automatic procfs fallback
* JSON logging for SIEM integration
* TUN/TAP interface support for VPN monitoring
* Multi-architecture support (amd64, arm64, armhf)
* Desktop integration with .desktop file and icon
* Automatic capability setting for non-root packet capture
-- Marco Cadetg <domcyrus@example.com> Mon, 13 Oct 2025 12:00:00 +0000
rustnet-monitor (0.14.0-1) unstable; urgency=medium
* New upstream release
* eBPF Enabled by Default on Linux for enhanced performance
* JSON Logging for SIEM Integration
* TUN/TAP Interface Support for VPN connections
* Fedora COPR RPM Packaging
* Fixed high CPU usage on Linux
* Bundled vmlinux.h files to eliminate network dependency during builds
-- Marco Cadetg <domcyrus@example.com> Sat, 12 Oct 2025 00:00:00 +0000

42
debian/control vendored Normal file
View File

@@ -0,0 +1,42 @@
Source: rustnet-monitor
Section: net
Priority: optional
Maintainer: Marco Cadetg <domcyrus@example.com>
Build-Depends: debhelper-compat (= 13),
cargo,
rustc,
libpcap-dev,
libelf-dev,
elfutils,
zlib1g-dev,
clang,
llvm,
pkg-config
Standards-Version: 4.7.2
Homepage: https://github.com/domcyrus/rustnet
Vcs-Git: https://github.com/domcyrus/rustnet.git
Vcs-Browser: https://github.com/domcyrus/rustnet
Rules-Requires-Root: no
Package: rustnet
Architecture: amd64 arm64 armhf
Depends: ${shlibs:Depends},
${misc:Depends},
libpcap0.8,
libelf1,
elfutils
Recommends: libcap2-bin
Description: Cross-platform network monitoring terminal UI tool
RustNet provides real-time visibility into network connections with
detailed state information, connection lifecycle management, deep
packet inspection, and a terminal user interface.
.
Features include:
* Real-time Network Monitoring for TCP, UDP, ICMP, and ARP connections
* Deep Packet Inspection (DPI) for HTTP/HTTPS, DNS, SSH, and QUIC protocols
* Connection lifecycle management with protocol-aware timeouts
* Process identification and service name resolution
* Cross-platform support (Linux, macOS, Windows, BSD)
* Advanced filtering with vim/fzf-style search
* Multi-threaded processing for optimal performance
* eBPF-enhanced process detection (enabled by default with automatic fallback)

28
debian/copyright vendored Normal file
View File

@@ -0,0 +1,28 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: rustnet-monitor
Upstream-Contact: domcyrus <domcyrus@example.com>
Source: https://github.com/domcyrus/rustnet
Files: *
Copyright: 2024-2025 domcyrus <domcyrus@example.com>
License: Apache-2.0
Files: debian/*
Copyright: 2025 Marco Cadetg <domcyrus@example.com>
License: Apache-2.0
License: Apache-2.0
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
http://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
.
On Debian systems, the complete text of the Apache License version 2.0
can be found in "/usr/share/common-licenses/Apache-2.0".

3
debian/install vendored Normal file
View File

@@ -0,0 +1,3 @@
assets/services usr/share/rustnet-monitor/
resources/packaging/linux/rustnet.desktop usr/share/applications/
resources/packaging/linux/graphics/rustnet.png usr/share/icons/hicolor/256x256/apps/

64
debian/postinst vendored Executable file
View File

@@ -0,0 +1,64 @@
#!/bin/sh
set -e
#DEBHELPER#
case "$1" in
configure)
# Set capabilities for packet capture and eBPF support without requiring root/sudo
# This allows rustnet to run as a normal user with enhanced eBPF process detection
if command -v setcap >/dev/null 2>&1; then
# Try modern capabilities first (Linux 5.8+)
# CAP_NET_RAW, CAP_NET_ADMIN: packet capture
# CAP_BPF, CAP_PERFMON: eBPF support
# CAP_SYS_ADMIN: may be required for kprobe attachment on some kernel versions
setcap 'cap_net_raw,cap_net_admin,cap_sys_admin,cap_bpf,cap_perfmon+eip' /usr/bin/rustnet 2>/dev/null || \
# Fallback for older kernels without CAP_BPF/CAP_PERFMON
setcap 'cap_net_raw,cap_net_admin,cap_sys_admin+eip' /usr/bin/rustnet || true
fi
cat <<EOF
================================================================================
RustNet has been installed with eBPF support!
NETWORK PACKET CAPTURE PERMISSIONS:
RustNet requires specific Linux capabilities for packet capture and eBPF
process detection. These have been automatically set if setcap is available.
To verify permissions are set correctly:
getcap /usr/bin/rustnet
Expected output (Linux 5.8+):
/usr/bin/rustnet cap_net_raw,cap_net_admin,cap_sys_admin,cap_bpf,cap_perfmon=eip
Or for older kernels:
/usr/bin/rustnet cap_net_raw,cap_net_admin,cap_sys_admin=eip
If capabilities are not set, you can manually set them:
# For Linux 5.8+ with eBPF support
sudo setcap 'cap_net_raw,cap_net_admin,cap_sys_admin,cap_bpf,cap_perfmon+eip' /usr/bin/rustnet
# Or for older kernels
sudo setcap 'cap_net_raw,cap_net_admin,cap_sys_admin+eip' /usr/bin/rustnet
Alternatively, run rustnet with sudo:
sudo rustnet
eBPF FALLBACK:
If eBPF fails to load, rustnet will automatically fall back to procfs-based
process detection. Check the TUI Statistics panel to see which detection
method is active.
USAGE:
rustnet # Start network monitoring
rustnet --help # Show all options
For more information, visit: https://github.com/domcyrus/rustnet
================================================================================
EOF
;;
esac
exit 0

73
debian/rules vendored Executable file
View File

@@ -0,0 +1,73 @@
#!/usr/bin/make -f
export DH_VERBOSE = 1
export RUSTFLAGS = -C strip=symbols
# Use rustup-installed cargo/rustc instead of system version
export PATH := $(HOME)/.cargo/bin:$(PATH)
# eBPF is enabled by default, no need for explicit feature flag
export CARGO_BUILD_FLAGS = --release
# Set asset directory for completions and manpage generation
export RUSTNET_ASSET_DIR = $(CURDIR)/debian/tmp/assets
%:
dh $@
override_dh_auto_clean:
# Use rustup cargo for clean
[ ! -f Cargo.toml ] || cargo clean || true
override_dh_auto_build:
# Create asset directory for build.rs
mkdir -p $(RUSTNET_ASSET_DIR)
# Build with rustup cargo (supports edition 2024)
cargo build --release --verbose
override_dh_auto_install:
# Install binary
install -Dm755 target/release/rustnet debian/rustnet/usr/bin/rustnet
# Install services file
install -Dm644 assets/services debian/rustnet/usr/share/rustnet-monitor/services
# Install desktop file
install -Dm644 resources/packaging/linux/rustnet.desktop \
debian/rustnet/usr/share/applications/rustnet.desktop
# Install icon
install -Dm644 resources/packaging/linux/graphics/rustnet.png \
debian/rustnet/usr/share/icons/hicolor/256x256/apps/rustnet.png
# Install documentation
install -Dm644 README.md debian/rustnet/usr/share/doc/rustnet/README.md
# Install shell completions if generated
if [ -d "$(RUSTNET_ASSET_DIR)" ]; then \
mkdir -p debian/rustnet/usr/share/bash-completion/completions; \
mkdir -p debian/rustnet/usr/share/zsh/vendor-completions; \
mkdir -p debian/rustnet/usr/share/fish/vendor_completions.d; \
[ -f "$(RUSTNET_ASSET_DIR)/rustnet.bash" ] && \
install -Dm644 "$(RUSTNET_ASSET_DIR)/rustnet.bash" \
debian/rustnet/usr/share/bash-completion/completions/rustnet || true; \
[ -f "$(RUSTNET_ASSET_DIR)/_rustnet" ] && \
install -Dm644 "$(RUSTNET_ASSET_DIR)/_rustnet" \
debian/rustnet/usr/share/zsh/vendor-completions/_rustnet || true; \
[ -f "$(RUSTNET_ASSET_DIR)/rustnet.fish" ] && \
install -Dm644 "$(RUSTNET_ASSET_DIR)/rustnet.fish" \
debian/rustnet/usr/share/fish/vendor_completions.d/rustnet.fish || true; \
fi
# Install manpage if generated
if [ -f "$(RUSTNET_ASSET_DIR)/rustnet.1" ]; then \
install -Dm644 "$(RUSTNET_ASSET_DIR)/rustnet.1" \
debian/rustnet/usr/share/man/man1/rustnet.1; \
fi
override_dh_auto_test:
# Skip tests during package build (requires privileged network access)
@echo "Skipping tests - requires network privileges"
override_dh_installchangelogs:
dh_installchangelogs CHANGELOG.md

6
debian/rustnet.lintian-overrides vendored Normal file
View File

@@ -0,0 +1,6 @@
# Capabilities are intentionally set in postinst for packet capture and eBPF
rustnet: elevated-privileges [usr/bin/rustnet]
rustnet: setuid-binary [usr/bin/rustnet] *
# Binary size is expected for Rust applications with eBPF support
rustnet: unstripped-binary-or-object [usr/bin/rustnet]

1
debian/source/format vendored Normal file
View File

@@ -0,0 +1 @@
3.0 (quilt)