f0589e5628
Box (Debian 13 Trixie, amd64): apt install ./edgeguard-{api,ui,meta}.deb
zieht postgresql-17, haproxy 3.0, certbot, openssl, etc. nach.
postinst flow läuft sauber: migrate check → initdb → migrate up
(8 migrations) → render-config → install HAProxy drop-in → restart
haproxy → enable api+scheduler. Self-register in ha_nodes nach
Setup-Wizard funktioniert.
End-to-end smoke gegen 89.163.205.6:
* :80 → 301 Moved Permanently → https://
* :443 → TLS termination (self-signed _default.pem aus postinst)
→ JSON envelope vom api_backend (HTTP/2 + HSTS)
* / → React index.html aus /usr/share/edgeguard/ui/
Änderungen:
* control: keydb-server von Depends nach Recommends — single-node v1
installiert ohne KeyDB. Phase-3.1 multi-node bringt es zurück nach
Depends sobald ein eigenes APT-Repo das Paket bereitstellt.
* postinst: render-config (--no-reload) + HAProxy-Drop-in installen +
systemctl restart haproxy als zusätzliche Schritte.
* postrm: drop-in auf remove + purge entfernen, daemon-reload, ggf.
haproxy auf distro-default zurückreloaden.
* deploy/systemd/haproxy-edgeguard.conf: Drop-in lenkt HAProxy-Unit
auf /etc/edgeguard/haproxy/haproxy.cfg statt /etc/haproxy/haproxy.cfg.
After=edgeguard-api.service vermeidet 503-Race in den ersten 5s.
* scripts/apt-repo/build-package.sh: shippt Drop-in unter
/etc/edgeguard/systemd/haproxy-edgeguard.conf in der edgeguard-api.deb.
* haproxy.cfg.tpl: http-request redirect vor use_backend → keine
HAProxy-Warning beim Parsen mehr.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
136 lines
5.4 KiB
Bash
Executable File
136 lines
5.4 KiB
Bash
Executable File
#!/bin/bash
|
|
# EdgeGuard — .deb builder.
|
|
#
|
|
# Pattern: direct dpkg-deb, no debhelper / dh_make / fpm.
|
|
# Mirrors mail-gateway/scripts/apt-repo/build-package.sh.
|
|
#
|
|
# Usage: build-package.sh <arch> [version]
|
|
# Arches: amd64 · arm64
|
|
#
|
|
# Consumes: build/<arch>/edgeguard-{api,scheduler,ctl} (from `make build-linux-<arch>`)
|
|
# Output: build/deb/edgeguard-api_<version>_<arch>.deb
|
|
set -euo pipefail
|
|
|
|
ARCH="${1:?Usage: $0 <arch> [version]}"
|
|
case "$ARCH" in amd64|arm64) ;; *) echo "unknown arch: $ARCH" >&2; exit 1 ;; esac
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
REPO_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
|
|
VERSION="${2:-$(cat "$REPO_ROOT/VERSION" 2>/dev/null || echo 0.0.1-dev)}"
|
|
|
|
OUT_DIR="$REPO_ROOT/build/deb"
|
|
mkdir -p "$OUT_DIR"
|
|
|
|
log() { echo "[build-package] $*"; }
|
|
|
|
# ── edgeguard-api ────────────────────────────────────────────────────────
|
|
build_api() {
|
|
local pkg="edgeguard-api"
|
|
local pkg_src="$REPO_ROOT/packaging/debian/$pkg"
|
|
local build_dir
|
|
build_dir="$(mktemp -d "/tmp/${pkg}-deb-XXXXXX")"
|
|
trap 'rm -rf "$build_dir"' RETURN
|
|
|
|
log "$pkg ($ARCH) version $VERSION"
|
|
|
|
[ -d "$REPO_ROOT/build/$ARCH" ] || {
|
|
log "binaries missing — run 'make build-linux-$ARCH' first" >&2; return 1; }
|
|
|
|
mkdir -p "$build_dir/DEBIAN" \
|
|
"$build_dir/usr/bin" \
|
|
"$build_dir/etc/edgeguard" \
|
|
"$build_dir/etc/systemd/system" \
|
|
"$build_dir/usr/share/edgeguard/templates"
|
|
|
|
# default config (conffile — survives upgrades, dpkg prompts on conflict)
|
|
install -m 0644 "$REPO_ROOT/deploy/config/edgeguard.yaml" \
|
|
"$build_dir/etc/edgeguard/edgeguard.yaml"
|
|
|
|
# control with version + arch substitution
|
|
sed -e "s/__VERSION__/$VERSION/g" \
|
|
-e "s/^Architecture:.*/Architecture: $ARCH/" \
|
|
"$pkg_src/DEBIAN/control" > "$build_dir/DEBIAN/control"
|
|
|
|
# maintainer scripts
|
|
for s in preinst postinst prerm postrm; do
|
|
[ -f "$pkg_src/DEBIAN/$s" ] || continue
|
|
cp "$pkg_src/DEBIAN/$s" "$build_dir/DEBIAN/$s"
|
|
chmod 0755 "$build_dir/DEBIAN/$s"
|
|
done
|
|
|
|
[ -f "$pkg_src/DEBIAN/conffiles" ] && cp "$pkg_src/DEBIAN/conffiles" "$build_dir/DEBIAN/"
|
|
|
|
# binaries
|
|
for bin in edgeguard-api edgeguard-scheduler edgeguard-ctl; do
|
|
install -m 0755 "$REPO_ROOT/build/$ARCH/$bin" "$build_dir/usr/bin/$bin"
|
|
done
|
|
|
|
# systemd units
|
|
install -m 0644 "$REPO_ROOT/deploy/systemd/edgeguard-api.service" \
|
|
"$build_dir/etc/systemd/system/"
|
|
install -m 0644 "$REPO_ROOT/deploy/systemd/edgeguard-scheduler.service" \
|
|
"$build_dir/etc/systemd/system/"
|
|
|
|
# systemd drop-in for HAProxy — postinst copies it into
|
|
# /etc/systemd/system/haproxy.service.d/. Shipped under
|
|
# /etc/edgeguard/systemd/ so dpkg owns the source file.
|
|
mkdir -p "$build_dir/etc/edgeguard/systemd"
|
|
install -m 0644 "$REPO_ROOT/deploy/systemd/haproxy-edgeguard.conf" \
|
|
"$build_dir/etc/edgeguard/systemd/"
|
|
|
|
# Installed-Size in KB (rounded up)
|
|
local size
|
|
size="$(du -sk "$build_dir" | awk '{print $1}')"
|
|
sed -i "s/^Installed-Size:.*/Installed-Size: $size/" "$build_dir/DEBIAN/control"
|
|
|
|
# build
|
|
local out="$OUT_DIR/${pkg}_${VERSION}_${ARCH}.deb"
|
|
dpkg-deb --root-owner-group --build "$build_dir" "$out" >/dev/null
|
|
log "→ $out ($(du -h "$out" | awk '{print $1}'))"
|
|
}
|
|
|
|
# ── edgeguard-ui (architecture: all) ─────────────────────────────────────
|
|
build_ui() {
|
|
local pkg="edgeguard-ui"
|
|
local ui_dist="$REPO_ROOT/management-ui/dist"
|
|
if [ ! -d "$ui_dist" ] || [ -z "$(ls -A "$ui_dist" 2>/dev/null)" ]; then
|
|
log "$pkg: management-ui/dist/ empty — skipping (run 'make ui' first)"
|
|
return 0
|
|
fi
|
|
local pkg_src="$REPO_ROOT/packaging/debian/$pkg"
|
|
local build_dir
|
|
build_dir="$(mktemp -d "/tmp/${pkg}-deb-XXXXXX")"
|
|
trap 'rm -rf "$build_dir"' RETURN
|
|
|
|
log "$pkg version $VERSION (arch: all)"
|
|
mkdir -p "$build_dir/DEBIAN" "$build_dir/usr/share/edgeguard/ui"
|
|
sed -e "s/__VERSION__/$VERSION/g" "$pkg_src/DEBIAN/control" > "$build_dir/DEBIAN/control"
|
|
cp -r "$ui_dist/." "$build_dir/usr/share/edgeguard/ui/"
|
|
local size
|
|
size="$(du -sk "$build_dir" | awk '{print $1}')"
|
|
sed -i "s/^Installed-Size:.*/Installed-Size: $size/" "$build_dir/DEBIAN/control"
|
|
local out="$OUT_DIR/${pkg}_${VERSION}_all.deb"
|
|
dpkg-deb --root-owner-group --build "$build_dir" "$out" >/dev/null
|
|
log "→ $out ($(du -h "$out" | awk '{print $1}'))"
|
|
}
|
|
|
|
# ── edgeguard meta ───────────────────────────────────────────────────────
|
|
build_meta() {
|
|
local pkg="edgeguard"
|
|
local pkg_src="$REPO_ROOT/packaging/debian/edgeguard-meta"
|
|
local build_dir
|
|
build_dir="$(mktemp -d "/tmp/${pkg}-meta-deb-XXXXXX")"
|
|
trap 'rm -rf "$build_dir"' RETURN
|
|
|
|
log "$pkg (meta) version $VERSION (arch: all)"
|
|
mkdir -p "$build_dir/DEBIAN"
|
|
sed -e "s/__VERSION__/$VERSION/g" "$pkg_src/DEBIAN/control" > "$build_dir/DEBIAN/control"
|
|
local out="$OUT_DIR/${pkg}_${VERSION}_all.deb"
|
|
dpkg-deb --root-owner-group --build "$build_dir" "$out" >/dev/null
|
|
log "→ $out ($(du -h "$out" | awk '{print $1}'))"
|
|
}
|
|
|
|
build_api
|
|
build_ui
|
|
build_meta
|