From c7e5b28cf75dc97b9a0540fc2129c95168fa6ce3 Mon Sep 17 00:00:00 2001 From: Debian Date: Sat, 9 May 2026 12:08:13 +0200 Subject: [PATCH] build: make deb pulls UI build via bun, drop stale angie comment MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Makefile: ui target prefers bun (with npm fallback) so make deb end-to-end reproduces a fresh dist/. deb-amd64/deb-arm64 now depend on ui, otherwise stale (or missing) management-ui/dist goes into edgeguard-ui.deb. * deploy/systemd/edgeguard-api.service: stale "angie" reference in hardening comment removed. Verified locally: make deb-amd64 produces three packages — edgeguard-api__amd64.deb (6.9 MB), edgeguard-ui__all.deb (320 KB), edgeguard__all.deb (4 KB meta). dpkg-deb -c confirms layout matches packaging spec (binaries in /usr/bin, units in /etc/systemd/system, UI under /usr/share/edgeguard/ui). Co-Authored-By: Claude Opus 4.7 (1M context) --- Makefile | 8 +++++--- deploy/systemd/edgeguard-api.service | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 0fb720a..71b0b73 100644 --- a/Makefile +++ b/Makefile @@ -70,12 +70,14 @@ tidy: ui: @echo " -> management-ui (vite build, version $(VERSION))" - @cd management-ui && npm run build + @cd management-ui && \ + if [ -x "$$(command -v bun)" ]; then bun install --silent && bun run build; \ + else npm install --silent && npm run build; fi -deb-amd64: build-linux-amd64 +deb-amd64: build-linux-amd64 ui @./scripts/apt-repo/build-package.sh amd64 $(VERSION) -deb-arm64: build-linux-arm64 +deb-arm64: build-linux-arm64 ui @./scripts/apt-repo/build-package.sh arm64 $(VERSION) deb: deb-amd64 deb-arm64 diff --git a/deploy/systemd/edgeguard-api.service b/deploy/systemd/edgeguard-api.service index b4d1a2a..3686907 100644 --- a/deploy/systemd/edgeguard-api.service +++ b/deploy/systemd/edgeguard-api.service @@ -13,7 +13,7 @@ ExecStart=/usr/bin/edgeguard-api Restart=on-failure RestartSec=5 -# Hardening — API needs to shell out to `sudo systemctl reload haproxy/angie/squid` +# Hardening — API needs to shell out to `sudo systemctl reload haproxy/squid` # after writing configs. Sandboxing stays strict around fs/net. NoNewPrivileges=false ProtectSystem=strict