Skip to content

Better package #2783

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
moubctez merged 6 commits into from
Apr 23, 2026
Merged

Better package #2783

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
f84886f
pkg
moubctez Apr 23, 2026
5122c27
Merge branch 'release/2.0' of github.com:DefGuard/defguard into pkg
moubctez Apr 23, 2026
e5f8b9e
trivy
moubctez Apr 23, 2026
ce6c159
fixes
moubctez Apr 23, 2026
9179449
Fix FreeBSD pkg and get ready to merge
moubctez Apr 23, 2026
a13515f
Merge branch 'release/2.0' of github.com:DefGuard/defguard into pkg
moubctez Apr 23, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/build-docker.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ jobs:
cache-to: type=registry,mode=max,ref=${{ env.GHCR_REPO }}:cache-${{ matrix.tag }}-${{ env.SAFE_REF }}

- name: Scan image with Trivy
uses: aquasecurity/trivy-action@0.35.0
uses: aquasecurity/trivy-action@v0.36.0
env:
TRIVY_SHOW_SUPPRESSED: 1
TRIVY_IGNOREFILE: "./.trivyignore.yaml"
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ jobs:
uses: mozilla-actions/sccache-action@v0.0.9

- name: Scan code with Trivy
uses: aquasecurity/trivy-action@0.35.0
uses: aquasecurity/trivy-action@v0.36.0
env:
TRIVY_SHOW_SUPPRESSED: 1
TRIVY_IGNOREFILE: "./.trivyignore.yaml"
Expand Down
58 changes: 48 additions & 10 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -148,45 +148,83 @@ jobs:
with:
fpm_args:
"defguard-${{ env.VERSION }}-x86_64-unknown-linux-gnu=/usr/bin/defguard
defguard.service=/usr/lib/systemd/system/defguard.service
linux/defguard.service=/usr/lib/systemd/system/defguard.service
.env.example=/etc/defguard/core.conf"
fpm_opts: "--architecture amd64 --output-type deb --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-x86_64-unknown-linux-gnu.deb"
fpm_opts:
"--architecture amd64
--output-type deb
--version ${{ env.VERSION }}
--package defguard-${{ env.VERSION }}-x86_64-unknown-linux-gnu.deb
--before-install linux/preinst
--after-install linux/postinst
--before-remove linux/prerm
--after-remove linux/postrm"

- name: Build aarch64 DEB package
uses: defGuard/fpm-action@main
with:
fpm_args:
"defguard-${{ env.VERSION }}-aarch64-unknown-linux-gnu=/usr/bin/defguard
defguard.service=/usr/lib/systemd/system/defguard.service
linux/defguard.service=/usr/lib/systemd/system/defguard.service
.env.example=/etc/defguard/core.conf"
fpm_opts: "--architecture arm64 --output-type deb --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-aarch64-unknown-linux-gnu.deb"
fpm_opts:
"--architecture arm64
--output-type deb
--version ${{ env.VERSION }}
--package defguard-${{ env.VERSION }}-aarch64-unknown-linux-gnu.deb
--before-install linux/preinst
--after-install linux/postinst
--before-remove linux/prerm
--after-remove linux/postrm"

- name: Build x86_64 RPM package
uses: defGuard/fpm-action@main
with:
fpm_args:
"defguard-${{ env.VERSION }}-x86_64-unknown-linux-gnu=/usr/bin/defguard
defguard.service=/usr/lib/systemd/system/defguard.service
linux/defguard.service=/usr/lib/systemd/system/defguard.service
.env.example=/etc/defguard/core.conf"
fpm_opts: "--architecture amd64 --output-type rpm --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-x86_64-unknown-linux-gnu.rpm"
fpm_opts:
"--architecture amd64
--output-type rpm
--version ${{ env.VERSION }}
--package defguard-${{ env.VERSION }}-x86_64-unknown-linux-gnu.rpm
--before-install linux/preinst
--after-install linux/postinst
--before-remove linux/prerm
--after-remove linux/postrm"

- name: Build aarch64 RPM package
uses: defGuard/fpm-action@main
with:
fpm_args:
"defguard-${{ env.VERSION }}-aarch64-unknown-linux-gnu=/usr/bin/defguard
defguard.service=/usr/lib/systemd/system/defguard.service
linux/defguard.service=/usr/lib/systemd/system/defguard.service
.env.example=/etc/defguard/core.conf"
fpm_opts: "--architecture arm64 --output-type rpm --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-aarch64-unknown-linux-gnu.rpm"
fpm_opts:
"--architecture arm64
--output-type rpm
--version ${{ env.VERSION }}
--package defguard-${{ env.VERSION }}-aarch64-unknown-linux-gnu.rpm
--before-install linux/preinst
--after-install linux/postinst
--before-remove linux/prerm
--after-remove linux/postrm"

- name: Build FreeBSD package
uses: defGuard/fpm-action@main
with:
fpm_args:
"defguard-${{ env.VERSION }}-x86_64-unknown-freebsd=/usr/local/bin/defguard
defguard.service.freebsd=/usr/local/etc/rc.d/defguard
freebsd/defguard=/usr/local/etc/rc.d/defguard
.env.example=/etc/defguard/core.conf"
fpm_opts: "--architecture amd64 --output-type freebsd --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}_x86_64-unknown-freebsd.pkg --freebsd-osversion '*' --depends openssl"
fpm_opts:
"--architecture amd64
--output-type freebsd
--version ${{ env.VERSION }}
--package defguard-${{ env.VERSION }}_x86_64-unknown-freebsd.pkg
--freebsd-osversion '*'
--depends openssl"

- name: Upload Linux x86_64 archive
uses: shogo82148/actions-upload-release-asset@v1
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/sbom.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ jobs:
submodules: recursive

- name: Create SBOM with Trivy
uses: aquasecurity/trivy-action@0.35.0
uses: aquasecurity/trivy-action@v0.36.0
with:
scan-type: 'fs'
format: 'spdx-json'
Expand All @@ -46,7 +46,7 @@ jobs:
skip-dirs: "e2e"

- name: Create Docker image SBOM with Trivy
uses: aquasecurity/trivy-action@0.35.0
uses: aquasecurity/trivy-action@v0.36.0
with:
image-ref: "ghcr.io/defguard/defguard:${{ steps.vars.outputs.VERSION }}"
scan-type: 'image'
Expand All @@ -56,7 +56,7 @@ jobs:
scanners: "vuln"

- name: Create security advisory file with Trivy
uses: aquasecurity/trivy-action@0.35.0
uses: aquasecurity/trivy-action@v0.36.0
with:
scan-type: 'fs'
format: 'json'
Expand All @@ -67,7 +67,7 @@ jobs:
skip-dirs: "e2e"

- name: Create docker image security advisory file with Trivy
uses: aquasecurity/trivy-action@0.35.0
uses: aquasecurity/trivy-action@v0.36.0
with:
image-ref: "ghcr.io/defguard/defguard:${{ steps.vars.outputs.VERSION }}"
scan-type: 'image'
Expand Down
7 changes: 3 additions & 4 deletions defguard.service.freebsd → freebsd/defguard
100644 → 100755
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,11 @@
name="defguard"
rcvar=defguard_enable
command="/usr/local/bin/defguard"
config="/etc/defguard/core.conf"
defguard_env_file="/etc/defguard/core.conf"
start_cmd="${name}_start"

defguard_start()
{
${command} --config ${config} &
defguard_start() {
${command} &
}

load_rc_config $name
Expand Down
4 changes: 3 additions & 1 deletion defguard.service → linux/defguard.service
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,10 @@ Wants=network-online.target
After=network-online.target

[Service]
DynamicUser=yes
User=defguard
Group=defguard
AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
EnvironmentFile=/etc/defguard/core.conf
ExecStart=/usr/bin/defguard
KillMode=process
Expand Down
22 changes: 22 additions & 0 deletions linux/postinst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
#!/bin/sh
set -e

SERVICE_NAME='defguard'

case "${1}" in
1 | configure)
if [ -x /usr/bin/systemctl ]; then
/usr/bin/systemctl daemon-reload
/usr/bin/systemctl enable ${SERVICE_NAME}
/usr/bin/systemctl --no-block start ${SERVICE_NAME}
fi
;;
abort-upgrade | abort-remove | abort-deconfigure)
if [ -x /usr/bin/systemctl ]; then
/usr/bin/systemctl daemon-reload
if /usr/bin/systemctl is-enabled --quiet ${SERVICE_NAME}; then
/usr/bin/systemctl --no-block restart ${SERVICE_NAME}
fi
fi
;;
esac
12 changes: 12 additions & 0 deletions linux/postrm
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
#!/bin/sh
set -e

USERNAME=defguard

if [ -x /usr/bin/systemctl ]; then
/usr/bin/systemctl --quiet daemon-reload || true
fi

if id -u ${USERNAME} >/dev/null 2>&1; then
echo "If no longer needed, remove ${USERNAME} manually: userdel ${USERNAME}"
fi
12 changes: 12 additions & 0 deletions linux/preinst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
#!/bin/sh
set -e

USERNAME=defguard

if ! id -u ${USERNAME} >/dev/null 2>&1; then
useradd --system --user-group --no-create-home ${USERNAME}
fi

mkdir -p /etc/defguard
chown -R ${USERNAME}:${USERNAME} /etc/defguard
chmod 750 /etc/defguard
8 changes: 8 additions & 0 deletions linux/prerm
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
#!/bin/sh
set -e

SERVICE_NAME='defguard'

if [ -x /usr/bin/systemctl ]; then
/usr/bin/systemctl --no-block --quiet stop ${SERVICE_NAME} || true
fi
Loading