From dd3af6a6efbb1d9fb145023e59d824f2a3931773 Mon Sep 17 00:00:00 2001 From: Gianluca Boiano <491117+M0Rf30@users.noreply.github.com> Date: Thu, 19 Feb 2026 18:31:46 +0100 Subject: [PATCH 1/2] chore(pkgbuild): split package functions for legacy/modern systemd targets (#213) - Add legacy service files for proxy and clamav-signature-provider sidecars - Split package() into distro-specific functions - Rocky 8/Ubuntu Jammy use legacy services (multi-user.target) - Rocky 9/Ubuntu Noble use modern services (carbonio-proxy.target) Refs: CO-2808 --- proxy/PKGBUILD | 219 ++++++++---------- ...-signature-provider-sidecar-legacy.service | 20 ++ ...-clamav-signature-provider-sidecar.service | 8 +- proxy/carbonio-proxy-sidecar-legacy.service | 20 ++ proxy/carbonio-proxy-sidecar.service | 8 +- 5 files changed, 141 insertions(+), 134 deletions(-) create mode 100644 proxy/carbonio-clamav-signature-provider-sidecar-legacy.service create mode 100644 proxy/carbonio-proxy-sidecar-legacy.service diff --git a/proxy/PKGBUILD b/proxy/PKGBUILD index d271be4e..f63c7da4 100644 --- a/proxy/PKGBUILD +++ b/proxy/PKGBUILD @@ -32,10 +32,12 @@ source=( "211-carbonio-clamav-signature-provider-setup.sh" "311-${pkgname}-setup.sh" "${pkgname}-sidecar.service" + "${pkgname}-sidecar-legacy.service" "${pkgname}.hcl" "${pkgname}.target" "${pkgname}.sh" "carbonio-clamav-signature-provider-sidecar.service" + "carbonio-clamav-signature-provider-sidecar-legacy.service" "carbonio-clamav-signature-provider.hcl" "carbonio-clamav-signature-provider" "intentions-clamav-signature-provider.json" @@ -50,11 +52,13 @@ source=( sha256sums=( 'cbd42efea9c34bd8cd661a7f9a4902ee86a3ba2b07db5c2be07dc36ab894df7a' 'bb536a6e911924cde7438acdfaffaf88efcc070089319bad5dc9c68f5e7a33e3' - '7fd2ca93d1c12f23a3fde073fa0f709004a68451625b1fcd50ba75fbf0e0e270' + 'e7823ac7925801b9d8f58c30e9767a1f76187216412a04b249ce19c9f168aef1' + '54d1260932b8113d3ac13a7a2002b126398b1c971ef08025417bc0ad2a6933c7' 'd503d1f4b4d966999a546b00523a746ba2277495a840135e1878f7855c00114f' '7e5765f837ccbde44c598c80be3576bea469d041b318ed558a67e7d1c15d9948' '98e5fccf13b8ca8691c19495e5e496d1daa24a5962178e3f7b86706507c56e55' - '6784bc6fb696c968808745abe3387d434e70ff48235b861516eb196d06473990' + 'c420b181199c739d540ed967ead2c2978488523c25c8e90d1f91213939e1edd3' + '9e6d5473036305706c9b25a7c13d690caf56ea83755dca007f9414edbc657c6c' 'e31069c73e7326c68188381fd485866c8d083466a576ee9141b9fdbefbb2c157' '9cb0f1b78f9a93dc8c05d7dc3db1514ef9af5a4f165416a497b543a3d620438d' '5b9d7a1598959eec4d81994d8a3d9c912d77f0b75de84529d3b65a19ee13c724' @@ -66,8 +70,7 @@ sha256sums=( 'cb0d5c96f4d9488f84df1f15c193d90f2513432c78dbfd5b49ef27438a5f7cec' ) -package() { - +_package() { cd "$(dirname "$(find / -name "yap.json" -print -quit)")" install -D target/proxyconfgen.jar \ @@ -78,9 +81,6 @@ package() { install -Dm755 "${pkgname}.sh" \ "${pkgdir}/usr/bin/${pkgname}" - install -Dm644 "${pkgname}-sidecar.service" \ - "${pkgdir}/usr/lib/systemd/system/${pkgname}-sidecar.service" - install -Dm644 "policies-proxy.json" \ "${pkgdir}/etc/carbonio/proxy/service-discover/policies.json" @@ -98,9 +98,6 @@ package() { install -Dm755 "carbonio-clamav-signature-provider" \ "${pkgdir}/usr/bin/carbonio-clamav-signature-provider" - install -Dm644 "carbonio-clamav-signature-provider-sidecar.service" \ - "${pkgdir}/usr/lib/systemd/system/carbonio-clamav-signature-provider-sidecar.service" - install -Dm644 "policies-clamav-signature-provider.json" \ "${pkgdir}/etc/carbonio/clamav-signature-provider/service-discover/policies.json" @@ -137,10 +134,12 @@ package() { # systemd sysusers.d install -Dm644 "${srcdir}/systemd-sysuser.conf" \ "${pkgdir}/usr/lib/sysusers.d/${pkgname}.conf" +} +_package_systemd() { # systemd units and target mkdir -p "${pkgdir}/usr/lib/systemd/system/carbonio.target.wants" - mkdir "${pkgdir}/usr/lib/systemd/system/${pkgname}.target.wants" + mkdir -p "${pkgdir}/usr/lib/systemd/system/${pkgname}.target.wants" install -Dm 644 "${pkgname}.target" \ "${pkgdir}/usr/lib/systemd/system/${pkgname}.target" ln -sf "/usr/lib/systemd/system/${pkgname}.target" \ @@ -155,8 +154,7 @@ package() { "${pkgdir}/usr/lib/systemd/system/${pkgname}.target.wants/carbonio-stats.service" } -postinst__apt() { - # start Proxy consul registration +_postinst() { # Create users and groups via systemd-sysusers systemd-sysusers /usr/lib/sysusers.d/carbonio-proxy.conf >/dev/null 2>&1 || : # Create directories and set ownership via tmpfiles.d @@ -171,129 +169,31 @@ postinst__apt() { echo "Carbonio Proxy installed successfully!" echo "You must run pending-setups to configure it correctly." echo "======================================================" - # end Proxy consul registration - - # start ClamAV signature provider consul registration - - if [ -d /run/systemd/system ]; then - systemctl daemon-reload &>/dev/null || : - systemctl enable carbonio-clamav-signature-provider-sidecar.service &>/dev/null || : - systemctl enable carbonio-proxy-sidecar.service &>/dev/null || : - fi echo "======================================================" echo "Carbonio ClamAV signature provider installed successfully!" echo "You must run pending-setups to configure it correctly." echo "======================================================" - # end ClamAV signature provider consul registration } -postinst__ubuntu_noble() { - # start Proxy consul registration - # Create users and groups via systemd-sysusers - systemd-sysusers /usr/lib/sysusers.d/carbonio-proxy.conf >/dev/null 2>&1 || : - # Create directories and set ownership via tmpfiles.d - systemd-tmpfiles --create /usr/lib/tmpfiles.d/carbonio-proxy.conf >/dev/null 2>&1 || : - - # Note: chmod resets capabilities, so setcap must run after chmod - chown root:zextras /opt/zextras/common/sbin/nginx - chmod 750 /opt/zextras/common/sbin/nginx - setcap CAP_NET_BIND_SERVICE=+ep /opt/zextras/common/sbin/nginx - - echo "======================================================" - echo "Carbonio Proxy installed successfully!" - echo "You must run pending-setups to configure it correctly." - echo "======================================================" - # end Proxy consul registration - - # start ClamAV signature provider consul registration - +_postinst_legacy() { if [ -d /run/systemd/system ]; then systemctl daemon-reload &>/dev/null || : - systemctl enable carbonio-proxy.target &>/dev/null || : systemctl enable carbonio-proxy-sidecar.service &>/dev/null || : systemctl enable carbonio-clamav-signature-provider-sidecar.service &>/dev/null || : fi - - echo "======================================================" - echo "Carbonio ClamAV signature provider installed successfully!" - echo "You must run pending-setups to configure it correctly." - echo "======================================================" - # end ClamAV signature provider consul registration } -postinst__rocky_8() { - # start Proxy consul registration - # Create users and groups via systemd-sysusers - systemd-sysusers /usr/lib/sysusers.d/carbonio-proxy.conf >/dev/null 2>&1 || : - # Create directories and set ownership via tmpfiles.d - systemd-tmpfiles --create /usr/lib/tmpfiles.d/carbonio-proxy.conf >/dev/null 2>&1 || : - - # Note: chmod resets capabilities, so setcap must run after chmod - chown root:zextras /opt/zextras/common/sbin/nginx - chmod 750 /opt/zextras/common/sbin/nginx - setcap CAP_NET_BIND_SERVICE=+ep /opt/zextras/common/sbin/nginx - - echo "======================================================" - echo "Carbonio Proxy installed successfully!" - echo "You must run pending-setups to configure it correctly." - echo "======================================================" - # end Proxy consul registration - - # start ClamAV signature provider consul registration - - if [ -d /run/systemd/system ]; then - systemctl daemon-reload &>/dev/null || : - systemctl enable carbonio-clamav-signature-provider-sidecar.service &>/dev/null || : - systemctl enable carbonio-proxy-sidecar.service &>/dev/null || : - fi - - echo "======================================================" - echo "Carbonio ClamAV signature provider installed successfully!" - echo "You must run pending-setups to configure it correctly." - echo "======================================================" - # end ClamAV signature provider consul registration -} - -postinst__rocky_9() { - # start Proxy consul registration - # Create users and groups via systemd-sysusers - systemd-sysusers /usr/lib/sysusers.d/carbonio-proxy.conf >/dev/null 2>&1 || : - # Create directories and set ownership via tmpfiles.d - systemd-tmpfiles --create /usr/lib/tmpfiles.d/carbonio-proxy.conf >/dev/null 2>&1 || : - +_postinst_systemd() { if [ -d /run/systemd/system ]; then systemctl daemon-reload &>/dev/null || : systemctl enable carbonio-proxy.target &>/dev/null || : systemctl enable carbonio-proxy-sidecar.service &>/dev/null || : - fi - - # Note: chmod resets capabilities, so setcap must run after chmod - chown root:zextras /opt/zextras/common/sbin/nginx - chmod 750 /opt/zextras/common/sbin/nginx - setcap CAP_NET_BIND_SERVICE=+ep /opt/zextras/common/sbin/nginx - - echo "======================================================" - echo "Carbonio Proxy installed successfully!" - echo "You must run pending-setups to configure it correctly." - echo "======================================================" - # end Proxy consul registration - - # start ClamAV signature provider consul registration - - if [ -d /run/systemd/system ]; then - systemctl daemon-reload &>/dev/null || : systemctl enable carbonio-clamav-signature-provider-sidecar.service &>/dev/null || : fi - - echo "======================================================" - echo "Carbonio ClamAV signature provider installed successfully!" - echo "You must run pending-setups to configure it correctly." - echo "======================================================" - # end ClamAV signature provider consul registration } -prerm__apt() { +_prerm_legacy() { if [ -d /run/systemd/system ]; then systemctl --no-reload disable carbonio-clamav-signature-provider-sidecar.service &>/dev/null || : systemctl --no-reload disable carbonio-proxy-sidecar.service &>/dev/null || : @@ -302,7 +202,7 @@ prerm__apt() { fi } -prerm__ubuntu_noble() { +_prerm_systemd() { if [ -d /run/systemd/system ]; then systemctl --no-reload disable --now carbonio-clamav-signature-provider-sidecar.service &>/dev/null || : systemctl --no-reload disable --now carbonio-proxy.target &>/dev/null || : @@ -310,21 +210,88 @@ prerm__ubuntu_noble() { fi } +package() { + _package + _package_systemd + + install -Dm644 "${srcdir}/../${pkgname}-sidecar.service" \ + "${pkgdir}/usr/lib/systemd/system/${pkgname}-sidecar.service" + install -Dm644 "${srcdir}/../carbonio-clamav-signature-provider-sidecar.service" \ + "${pkgdir}/usr/lib/systemd/system/carbonio-clamav-signature-provider-sidecar.service" +} + +package__rocky_8() { + _package + + install -Dm644 "${srcdir}/../${pkgname}-sidecar-legacy.service" \ + "${pkgdir}/usr/lib/systemd/system/${pkgname}-sidecar.service" + install -Dm644 "${srcdir}/../carbonio-clamav-signature-provider-sidecar-legacy.service" \ + "${pkgdir}/usr/lib/systemd/system/carbonio-clamav-signature-provider-sidecar.service" +} + +package__rocky_9() { + _package + _package_systemd + + install -Dm644 "${srcdir}/../${pkgname}-sidecar.service" \ + "${pkgdir}/usr/lib/systemd/system/${pkgname}-sidecar.service" + install -Dm644 "${srcdir}/../carbonio-clamav-signature-provider-sidecar.service" \ + "${pkgdir}/usr/lib/systemd/system/carbonio-clamav-signature-provider-sidecar.service" +} + +package__ubuntu_jammy() { + _package + + install -Dm644 "${srcdir}/../${pkgname}-sidecar-legacy.service" \ + "${pkgdir}/usr/lib/systemd/system/${pkgname}-sidecar.service" + install -Dm644 "${srcdir}/../carbonio-clamav-signature-provider-sidecar-legacy.service" \ + "${pkgdir}/usr/lib/systemd/system/carbonio-clamav-signature-provider-sidecar.service" +} + +package__ubuntu_noble() { + _package + _package_systemd + + install -Dm644 "${srcdir}/../${pkgname}-sidecar.service" \ + "${pkgdir}/usr/lib/systemd/system/${pkgname}-sidecar.service" + install -Dm644 "${srcdir}/../carbonio-clamav-signature-provider-sidecar.service" \ + "${pkgdir}/usr/lib/systemd/system/carbonio-clamav-signature-provider-sidecar.service" +} + +postinst__rocky_8() { + _postinst + _postinst_legacy +} + +postinst__rocky_9() { + _postinst + _postinst_systemd +} + +postinst__ubuntu_jammy() { + _postinst + _postinst_legacy +} + +postinst__ubuntu_noble() { + _postinst + _postinst_systemd +} + prerm__rocky_8() { - if [ -d /run/systemd/system ]; then - systemctl --no-reload disable carbonio-clamav-signature-provider-sidecar.service &>/dev/null || : - systemctl --no-reload disable carbonio-proxy-sidecar.service &>/dev/null || : - systemctl stop carbonio-clamav-signature-provider-sidecar.service &>/dev/null || : - systemctl stop carbonio-proxy-sidecar.service &>/dev/null || : - fi + _prerm_legacy } prerm__rocky_9() { - if [ -d /run/systemd/system ]; then - systemctl --no-reload disable --now carbonio-clamav-signature-provider-sidecar.service &>/dev/null || : - systemctl --no-reload disable --now carbonio-proxy.target &>/dev/null || : - systemctl --no-reload disable --now carbonio-proxy-sidecar.service &>/dev/null || : - fi + _prerm_systemd +} + +prerm__ubuntu_jammy() { + _prerm_legacy +} + +prerm__ubuntu_noble() { + _prerm_systemd } postrm() { diff --git a/proxy/carbonio-clamav-signature-provider-sidecar-legacy.service b/proxy/carbonio-clamav-signature-provider-sidecar-legacy.service new file mode 100644 index 00000000..015e0e13 --- /dev/null +++ b/proxy/carbonio-clamav-signature-provider-sidecar-legacy.service @@ -0,0 +1,20 @@ +[Unit] +Description=Carbonio ClamAV Signature Provider Sidecar +Documentation=https://docs.zextras.com/ +Requires=network-online.target +After=network-online.target + +[Service] +User=carbonio-clamav-sig-provider +ExecStart=/usr/bin/consul connect envoy \ + -token-file /etc/carbonio/clamav-signature-provider/service-discover/token \ + -admin-bind localhost:0 \ + -sidecar-for carbonio-clamav-signature-provider +Restart=on-failure +RestartSec=15s +ExecReload=/usr/bin/kill -HUP $MAINPID +KillSignal=SIGINT +LimitNOFILE=65536 + +[Install] +WantedBy=multi-user.target diff --git a/proxy/carbonio-clamav-signature-provider-sidecar.service b/proxy/carbonio-clamav-signature-provider-sidecar.service index 3d88d132..33f7b838 100644 --- a/proxy/carbonio-clamav-signature-provider-sidecar.service +++ b/proxy/carbonio-clamav-signature-provider-sidecar.service @@ -1,9 +1,9 @@ [Unit] -Description=NGINX Carbonio ClamAV signature provider sidecar +Description=Carbonio ClamAV Signature Provider Sidecar Documentation=https://docs.zextras.com/ Requires=network-online.target After=network-online.target -PartOf=carbonio-proxy.target +PartOf=carbonio-mta.target carbonio-proxy.target [Service] User=carbonio-clamav-sig-provider @@ -12,10 +12,10 @@ ExecStart=/usr/bin/consul connect envoy \ -admin-bind localhost:0 \ -sidecar-for carbonio-clamav-signature-provider Restart=on-failure -RestartSec=15 +RestartSec=15s ExecReload=/usr/bin/kill -HUP $MAINPID KillSignal=SIGINT LimitNOFILE=65536 [Install] -WantedBy=multi-user.target +WantedBy=carbonio-mta.target carbonio-proxy.target diff --git a/proxy/carbonio-proxy-sidecar-legacy.service b/proxy/carbonio-proxy-sidecar-legacy.service new file mode 100644 index 00000000..b1d1d439 --- /dev/null +++ b/proxy/carbonio-proxy-sidecar-legacy.service @@ -0,0 +1,20 @@ +[Unit] +Description=Carbonio Proxy Sidecar +Documentation=https://docs.zextras.com/ +Requires=network-online.target +After=network-online.target + +[Service] +User=carbonio-proxy +ExecStart=/usr/bin/consul connect envoy \ + -token-file /etc/carbonio/proxy/service-discover/token \ + -admin-bind localhost:0 \ + -sidecar-for carbonio-proxy +Restart=on-failure +RestartSec=15s +ExecReload=/usr/bin/kill -HUP $MAINPID +KillSignal=SIGINT +LimitNOFILE=65536 + +[Install] +WantedBy=multi-user.target diff --git a/proxy/carbonio-proxy-sidecar.service b/proxy/carbonio-proxy-sidecar.service index 740bc25c..58807512 100644 --- a/proxy/carbonio-proxy-sidecar.service +++ b/proxy/carbonio-proxy-sidecar.service @@ -1,9 +1,9 @@ [Unit] -Description=NGINX carbonio proxy sidecar +Description=Carbonio Proxy Sidecar Documentation=https://docs.zextras.com/ Requires=network-online.target After=network-online.target -PartOf=carbonio-proxy.target +PartOf=carbonio-mta.target carbonio-proxy.target [Service] User=carbonio-proxy @@ -12,10 +12,10 @@ ExecStart=/usr/bin/consul connect envoy \ -admin-bind localhost:0 \ -sidecar-for carbonio-proxy Restart=on-failure -RestartSec=15 +RestartSec=15s ExecReload=/usr/bin/kill -HUP $MAINPID KillSignal=SIGINT LimitNOFILE=65536 [Install] -WantedBy=multi-user.target +WantedBy=carbonio-mta.target carbonio-proxy.target From 8fe11f596160bba4549129dcbf6bb19ee1da224e Mon Sep 17 00:00:00 2001 From: Zextras Bot Date: Fri, 20 Feb 2026 03:16:53 +0000 Subject: [PATCH 2/2] chore(deps): lock file maintenance --- package-lock.json | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index 68575b95..a3830ce5 100644 --- a/package-lock.json +++ b/package-lock.json @@ -145,7 +145,6 @@ "integrity": "sha512-/g2d4sW9nUDJOMz3mabVQvOGhVa4e/BN/Um7yca9Bb2XTzPPnfTWHWQg+IsEYO7M3Vx+EXvaM/I2pJWIMun1bg==", "dev": true, "license": "MIT", - "peer": true, "dependencies": { "@octokit/auth-token": "^4.0.0", "@octokit/graphql": "^7.1.0", @@ -1638,9 +1637,9 @@ } }, "node_modules/get-east-asian-width": { - "version": "1.4.0", - "resolved": "https://registry.npmjs.org/get-east-asian-width/-/get-east-asian-width-1.4.0.tgz", - "integrity": "sha512-QZjmEOC+IT1uk6Rx0sX22V6uHWVwbdbxf1faPqJ1QhLdGgsRGCZoyaQBm/piRdJy/D2um6hM1UP7ZEeQ4EkP+Q==", + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/get-east-asian-width/-/get-east-asian-width-1.5.0.tgz", + "integrity": "sha512-CQ+bEO+Tva/qlmw24dCejulK5pMzVnUOFOijVogd3KQs07HnRIgp8TGipvCCRT06xeYEbpbgwaCxglFyiuIcmA==", "dev": true, "license": "MIT", "engines": { @@ -2416,9 +2415,9 @@ } }, "node_modules/is-wsl": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/is-wsl/-/is-wsl-3.1.0.tgz", - "integrity": "sha512-UcVfVfaK4Sc4m7X3dUSoHoozQGBEFeDC+zVo06t98xe8CzHSZZBekNXH+tu0NalHolcJ/QAGqS46Hef7QXBIMw==", + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/is-wsl/-/is-wsl-3.1.1.tgz", + "integrity": "sha512-e6rvdUCiQCAuumZslxRJWR/Doq4VpPR82kqclvcS0efgt430SlGIk05vdCN58+VrzgtIcfNODjozVielycD4Sw==", "dev": true, "license": "MIT", "dependencies": { @@ -3375,7 +3374,6 @@ } ], "license": "MIT", - "peer": true, "dependencies": { "@iarna/toml": "2.2.5", "@octokit/rest": "20.1.1",