From 1c273f57772d387720ddec8324361f9f71873458 Mon Sep 17 00:00:00 2001 From: Maksym Sobolyev Date: Thu, 9 Oct 2025 07:34:26 -0700 Subject: [PATCH 01/19] debian: sync copyright years --- .github/workflows.cfg | 13 +++--- .github/workflows/.jobs_configure.yml | 4 ++ .github/workflows/rtpproxy_ci.yml | 67 +++++++++++++++++++++------ LICENSE | 2 +- debian/changelog | 20 ++++++++ debian/control | 47 +++++++++++++++++++ debian/copyright | 30 ++++++++++++ debian/rtpproxy-debug.install | 7 +++ debian/rtpproxy-dev.install | 2 + debian/rtpproxy.examples | 1 + debian/rtpproxy.install | 8 ++++ debian/rtpproxy.manpages | 1 + debian/rules | 24 ++++++++++ debian/source/format | 1 + debian/watch | 3 ++ doc/rtpproxy.conf.sample | 18 +++++++ docker/Dockerfile | 1 + 17 files changed, 228 insertions(+), 21 deletions(-) create mode 100644 debian/changelog create mode 100644 debian/control create mode 100644 debian/copyright create mode 100644 debian/rtpproxy-debug.install create mode 100644 debian/rtpproxy-dev.install create mode 100644 debian/rtpproxy.examples create mode 100644 debian/rtpproxy.install create mode 100644 debian/rtpproxy.manpages create mode 100755 debian/rules create mode 100644 debian/source/format create mode 100644 debian/watch create mode 100644 doc/rtpproxy.conf.sample diff --git a/.github/workflows.cfg b/.github/workflows.cfg index b0a61760a..1c6d55c1f 100644 --- a/.github/workflows.cfg +++ b/.github/workflows.cfg @@ -1,8 +1,9 @@ # Comment the line(s) below to disable particular pipeline(s): -do_Docker=true -do_FullBuild=true -do_FuncTest=true -do_Fuzzing=true -do_Glitch=true -do_MinBuild=true +do_Docker=false +do_FullBuild=false +do_FuncTest=false +do_Fuzzing=false +do_Glitch=false +do_MinBuild=false +do_DebianPackage=true diff --git a/.github/workflows/.jobs_configure.yml b/.github/workflows/.jobs_configure.yml index f38fd2c15..3e1ca6188 100644 --- a/.github/workflows/.jobs_configure.yml +++ b/.github/workflows/.jobs_configure.yml @@ -21,6 +21,9 @@ on: do_MinBuild: description: "Whether the current workflow should continue" value: ${{ jobs.check_disabled_actions.outputs.do_MinBuild }} + do_DebianPackage: + description: "Whether the current workflow should continue" + value: ${{ jobs.check_disabled_actions.outputs.do_DebianPackage }} jobs: check_disabled_actions: @@ -33,6 +36,7 @@ jobs: do_Fuzzing: ${{ steps.check_status.outputs.do_Fuzzing }} do_Glitch: ${{ steps.check_status.outputs.do_Glitch }} do_MinBuild: ${{ steps.check_status.outputs.do_MinBuild }} + do_DebianPackage: ${{ steps.check_status.outputs.do_DebianPackage }} steps: - name: Checkout code uses: actions/checkout@v4 diff --git a/.github/workflows/rtpproxy_ci.yml b/.github/workflows/rtpproxy_ci.yml index 82b60e660..1c9e8b935 100644 --- a/.github/workflows/rtpproxy_ci.yml +++ b/.github/workflows/rtpproxy_ci.yml @@ -94,6 +94,43 @@ jobs: - name: build run: sh -x ./scripts/do-build.sh cleanbuild + DebianPackage: + name: Debian package build + needs: LoadJobs_conf + if: needs.LoadJobs_conf.outputs.do_DebianPackage == 'true' + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@v4 + with: + submodules: 'recursive' + - name: Install build tools + run: | + sudo apt-get update + sudo apt-get install -y build-essential devscripts debhelper pkg-config libssl-dev libbcg729-dev libgsm1-dev libsndfile1-dev libunwind-dev libsrtp2-dev fakeroot + - name: Build Debian package + env: + DEB_BUILD_OPTIONS: nocheck + run: | + dpkg-buildpackage -us -uc -b + + - name: Test install Debian packages + run: | + set -euo pipefail + shopt -s nullglob + pkgs=(../*.deb) + if [ "${#pkgs[@]}" -eq 0 ]; then + echo "No Debian packages produced" >&2 + exit 1 + fi + sudo apt-get install -y "${pkgs[@]}" + + - name: Upload Debian packages + uses: actions/upload-artifact@v4 + with: + name: rtpproxy-debian-packages + path: ../*.deb + if-no-files-found: error + FullBuild: name: Full Build needs: [LoadJobs_conf, MinBuild] @@ -427,7 +464,8 @@ jobs: GIT_BRANCH="${GIT_BRANCH#refs/tags/}" echo "GIT_BRANCH=${GIT_BRANCH}" >> $GITHUB_ENV OS_TAG="`echo ${BASE_IMAGE} | sed 's|:|_|g'`" - CCACHE_IMAGE="${{ env.GHCR_REPO }}:${GIT_BRANCH}-${OS_TAG}-cccache" + BRANCH_TAG="`echo ${GIT_BRANCH} | sed 's|/|_|g'`" + CCACHE_IMAGE="${{ env.GHCR_REPO }}:${BRANCH_TAG}-${OS_TAG}-cccache" if ! docker pull ${CCACHE_IMAGE} 2>&1 >/dev/null then CCACHE_BIMAGE="scratch" @@ -435,6 +473,7 @@ jobs: CCACHE_BIMAGE="${CCACHE_IMAGE}" fi docker pull ${CCACHE_BIN_IMAGE} + echo "BRANCH_TAG=${BRANCH_TAG}" >> $GITHUB_ENV echo "CCACHE_IMAGE=${CCACHE_IMAGE}" >> $GITHUB_ENV echo "CCACHE_BIMAGE=${CCACHE_BIMAGE}" >> $GITHUB_ENV echo "BUILD_IMAGE=${{ env.LOCAL_REPO }}:latest-${OS_TAG}" >> $GITHUB_ENV @@ -463,12 +502,12 @@ jobs: with: images: ${{ env.DOCKER_REPO }} tags: | - type=schedule,suffix=-${{ env.OS_TAG}} - type=ref,event=branch,suffix=-${{ env.OS_TAG}} - type=ref,event=tag,suffix=-${{ env.OS_TAG}} - type=ref,event=pr,suffix=-${{ env.OS_TAG}} - type=raw,value=latest-${{ env.OS_TAG}},enable={{is_default_branch}} - type=sha,suffix=-${{ env.OS_TAG}} + type=schedule,suffix=-${{ env.OS_TAG }} + type=ref,event=branch,suffix=-${{ env.OS_TAG }} + type=ref,event=tag,suffix=-${{ env.OS_TAG }} + type=ref,event=pr,suffix=-${{ env.OS_TAG }} + type=raw,value=latest-${{ env.OS_TAG }},enable={{is_default_branch}} + type=sha,suffix=-${{ env.OS_TAG }} type=raw,value=latest,enable=${{ env.ADD_LATEST == 'true' }} - name: Extract metadata (tags, labels) for GHCR @@ -477,18 +516,18 @@ jobs: with: images: ${{ env.GHCR_REPO }} tags: | - type=schedule,suffix=-${{ env.OS_TAG}} - type=ref,event=branch,suffix=-${{ env.OS_TAG}} - type=ref,event=tag,suffix=-${{ env.OS_TAG}} - type=ref,event=pr,suffix=-${{ env.OS_TAG}} - type=raw,value=latest-${{ env.OS_TAG}},enable={{is_default_branch}} - type=sha,suffix=-${{ env.OS_TAG}} + type=schedule,suffix=-${{ env.OS_TAG }} + type=ref,event=branch,suffix=-${{ env.OS_TAG }} + type=ref,event=tag,suffix=-${{ env.OS_TAG }} + type=ref,event=pr,suffix=-${{ env.OS_TAG }} + type=raw,value=latest-${{ env.OS_TAG }},enable={{is_default_branch}} + type=sha,suffix=-${{ env.OS_TAG }} type=raw,value=latest,enable=${{ env.ADD_LATEST == 'true' }} - name: Build Docker image uses: docker/build-push-action@v6 env: - CACHE_SPEC: "type=registry,ref=${{ env.GHCR_REPO }}:${{ env.GIT_BRANCH }}-${{ env.OS_TAG}}-buildcache" + CACHE_SPEC: "type=registry,ref=${{ env.GHCR_REPO }}:${{ env.BRANCH_TAG }}-${{ env.OS_TAG }}-buildcache" with: context: . file: ./docker/Dockerfile diff --git a/LICENSE b/LICENSE index bc0b3353b..c1515b524 100644 --- a/LICENSE +++ b/LICENSE @@ -1,7 +1,7 @@ BSD 2-Clause License Copyright (c) 2004-2006 Maxim Sobolev -Copyright (c) 2006-2019, Sippy Software, Inc., http://www.sippysoft.com +Copyright (c) 2006-2025, Sippy Software, Inc., http://www.sippysoft.com All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 000000000..b37aa4503 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,20 @@ +rtpproxy (3.1+dev1) unstable; urgency=medium + + * Build librtpproxy during package configuration and ship a new + rtpproxy-dev package with the static archive and public header. + * Add optional audio and unwind build dependencies required by the + librtpproxy-enabled build. + * Split debugging helpers and *_debug modules into the rtpproxy-debug + binary package. + * Ship the DTLS gateway and ICE lite modules in their respective + runtime and debug packages to avoid missing-file warnings. + * Depend on libsrtp2 during the build so the crypto modules are + compiled and available for packaging. + + -- Maxim Sobolev Wed, 15 May 2024 00:00:00 +0000 + +rtpproxy (3.1) unstable; urgency=medium + + * Initial release of Debian packaging skeleton. + + -- Maxim Sobolev Wed, 15 May 2024 00:00:00 +0000 diff --git a/debian/control b/debian/control new file mode 100644 index 000000000..f360b7270 --- /dev/null +++ b/debian/control @@ -0,0 +1,47 @@ +Source: rtpproxy +Section: net +Priority: optional +Maintainer: Maxim Sobolev +Build-Depends: debhelper-compat (= 13), + pkg-config, + libssl-dev, + libbcg729-dev, + libgsm1-dev, + libsndfile1-dev, + libunwind-dev, + libsrtp2-dev +Standards-Version: 4.6.2 +Homepage: https://github.com/sippy/rtpproxy +Vcs-Git: https://github.com/sippy/rtpproxy.git +Vcs-Browser: https://github.com/sippy/rtpproxy +Rules-Requires-Root: no + +Package: rtpproxy +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: High-performance SIP RTP media proxy + RTPProxy is a high-performance, scalable media relay designed for + SIP-based applications. It supports advanced media handling features + such as secure RTP, codec transcoding modules, and high availability + deployments. + +Package: rtpproxy-debug +Section: debug +Architecture: any +Depends: ${misc:Depends}, rtpproxy (= ${binary:Version}) +Multi-Arch: same +Description: Debug helpers and modules for RTPProxy + This package provides the debugging-friendly binaries and modules for + RTPProxy, including the rtpproxy_debug control tool, UDP contention + tester, and the *_debug.so plugin variants. + +Package: rtpproxy-dev +Section: libdevel +Architecture: any +Depends: ${misc:Depends}, rtpproxy (= ${binary:Version}) +Multi-Arch: same +Description: Development files for librtpproxy instrumentation library + librtpproxy exposes the internal RTPProxy engine to external tooling + for instrumentation and advanced control. This development package + ships the static archive and public header needed to link against the + library. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 000000000..58176f9e1 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,30 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: rtpproxy +Upstream-Contact: Maxim Sobolev +Source: https://github.com/sippy/rtpproxy + +Files: * +Copyright: 2004-2006 Maxim Sobolev + 2006-2025 Sippy Software, Inc. +License: BSD-2-Clause + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + . + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + . + 2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. diff --git a/debian/rtpproxy-debug.install b/debian/rtpproxy-debug.install new file mode 100644 index 000000000..73993ff55 --- /dev/null +++ b/debian/rtpproxy-debug.install @@ -0,0 +1,7 @@ +usr/bin/rtpproxy_debug +usr/bin/udp_contention +usr/lib/*/rtpproxy/rtpp_acct_csv_debug.so +usr/lib/*/rtpproxy/rtpp_acct_rtcp_hep_debug.so +usr/lib/*/rtpproxy/rtpp_catch_dtmf_debug.so +usr/lib/*/rtpproxy/rtpp_dtls_gw_debug.so +usr/lib/*/rtpproxy/rtpp_ice_lite_debug.so diff --git a/debian/rtpproxy-dev.install b/debian/rtpproxy-dev.install new file mode 100644 index 000000000..6d50d166a --- /dev/null +++ b/debian/rtpproxy-dev.install @@ -0,0 +1,2 @@ +usr/include/librtpproxy.h +usr/lib/*/librtpproxy.a diff --git a/debian/rtpproxy.examples b/debian/rtpproxy.examples new file mode 100644 index 000000000..d113092de --- /dev/null +++ b/debian/rtpproxy.examples @@ -0,0 +1 @@ +doc/rtpproxy.conf.sample diff --git a/debian/rtpproxy.install b/debian/rtpproxy.install new file mode 100644 index 000000000..7028e1e6d --- /dev/null +++ b/debian/rtpproxy.install @@ -0,0 +1,8 @@ +usr/bin/makeann +usr/bin/extractaudio +usr/bin/rtpproxy +usr/lib/*/rtpproxy/rtpp_acct_csv.so +usr/lib/*/rtpproxy/rtpp_acct_rtcp_hep.so +usr/lib/*/rtpproxy/rtpp_catch_dtmf.so +usr/lib/*/rtpproxy/rtpp_dtls_gw.so +usr/lib/*/rtpproxy/rtpp_ice_lite.so diff --git a/debian/rtpproxy.manpages b/debian/rtpproxy.manpages new file mode 100644 index 000000000..3952ce28b --- /dev/null +++ b/debian/rtpproxy.manpages @@ -0,0 +1 @@ +rtpproxy.8 diff --git a/debian/rules b/debian/rules new file mode 100755 index 000000000..74966acb3 --- /dev/null +++ b/debian/rules @@ -0,0 +1,24 @@ +#!/usr/bin/make -f + +%: + dh $@ + +override_dh_auto_configure: + dh_auto_configure -- --enable-librtpproxy + +override_dh_update_autotools_config: + @echo "Skipping autotools config update" + +override_dh_autoreconf: + @echo "Skipping autoreconf; using bundled configure script" + +override_dh_shlibdeps: + dh_shlibdeps --dpkg-shlibdeps-params=--ignore-missing-info + +execute_after_dh_auto_install: + rm -f debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/rtpproxy/*.la + rm -f debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/librtpproxy.la + rm -f debian/tmp/usr/share/man/man8/rtpproxy.8 + +override_dh_auto_test: + @echo "Skipping upstream tests for package build" diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 000000000..89ae9db8f --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (native) diff --git a/debian/watch b/debian/watch new file mode 100644 index 000000000..421b4b0d0 --- /dev/null +++ b/debian/watch @@ -0,0 +1,3 @@ +version=4 +opts=filenamemangle=s/.+\/v?(\d[^/]+)\.tar\.gz/rtpproxy-$1\.tar.gz/ \ + https://github.com/sippy/rtpproxy/releases .*/archive/refs/tags/v?(\d[^/]+)\.tar\.gz diff --git a/doc/rtpproxy.conf.sample b/doc/rtpproxy.conf.sample new file mode 100644 index 000000000..9dcff869a --- /dev/null +++ b/doc/rtpproxy.conf.sample @@ -0,0 +1,18 @@ +# Example rtpproxy configuration file in UCL format. +# +# Enable accounting modules shipped with the Debian rtpproxy package. +# Comment or remove any modules you do not plan to use. The runtime will +# automatically load the shared object that matches each module name. +modules { + acct_csv { + logfile = /var/log/rtpproxy/rtpproxy.csv + } + + # Forward RTCP reports to a HEP collector. + acct_rtcp_hep { + capt_host = 127.0.0.1 + capt_port = 9060 + capt_ptype = udp + capt_id = 101 + } +} diff --git a/docker/Dockerfile b/docker/Dockerfile index b5bb5d6bf..c0cbbb274 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -51,6 +51,7 @@ WORKDIR /rtpproxy COPY --from=ccache_bin /usr/bin/ccache /usr/bin/ccache ARG TARGETPLATFORM ARG BASE_IMAGE +ENV CCACHE_COMPILERCHECK="content" RUN env `./scripts/build/get-arch-buildargs.sh platformopts` \ /rtpproxy/docker/build.sh RUN ls -l /usr/local/bin/rtpproxy* From 316cb387bf35f342fe726620672c0b3c8f02cf3b Mon Sep 17 00:00:00 2001 From: Maksym Sobolyev Date: Thu, 9 Oct 2025 07:59:52 -0700 Subject: [PATCH 02/19] ci: collect deb packages before upload --- .github/workflows/rtpproxy_ci.yml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/.github/workflows/rtpproxy_ci.yml b/.github/workflows/rtpproxy_ci.yml index 1c9e8b935..033e49b32 100644 --- a/.github/workflows/rtpproxy_ci.yml +++ b/.github/workflows/rtpproxy_ci.yml @@ -113,11 +113,21 @@ jobs: run: | dpkg-buildpackage -us -uc -b + - name: Collect Debian packages + run: | + set -euo pipefail + mkdir -p debian-artifacts + shopt -s nullglob + for artifact in ../*.deb ../*.buildinfo ../*.changes; do + [ -e "${artifact}" ] || continue + mv "${artifact}" debian-artifacts/ + done + - name: Test install Debian packages run: | set -euo pipefail shopt -s nullglob - pkgs=(../*.deb) + pkgs=(./debian-artifacts/*.deb) if [ "${#pkgs[@]}" -eq 0 ]; then echo "No Debian packages produced" >&2 exit 1 @@ -128,7 +138,7 @@ jobs: uses: actions/upload-artifact@v4 with: name: rtpproxy-debian-packages - path: ../*.deb + path: debian-artifacts if-no-files-found: error FullBuild: From 174eb0e8bf3c047ca64efa4ff4a3ec9a366bb036 Mon Sep 17 00:00:00 2001 From: Maksym Sobolyev Date: Thu, 9 Oct 2025 08:58:42 -0700 Subject: [PATCH 03/19] ci: upload Debian artifacts individually --- .github/workflows/rtpproxy_ci.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/rtpproxy_ci.yml b/.github/workflows/rtpproxy_ci.yml index 033e49b32..07a761191 100644 --- a/.github/workflows/rtpproxy_ci.yml +++ b/.github/workflows/rtpproxy_ci.yml @@ -138,7 +138,11 @@ jobs: uses: actions/upload-artifact@v4 with: name: rtpproxy-debian-packages - path: debian-artifacts + path: | + debian-artifacts/*.deb + debian-artifacts/*.buildinfo + debian-artifacts/*.changes + compression-level: 0 if-no-files-found: error FullBuild: From 99ba3044eb8e05f062cc13f15d579b150152cdca Mon Sep 17 00:00:00 2001 From: Maksym Sobolyev Date: Thu, 9 Oct 2025 09:33:10 -0700 Subject: [PATCH 04/19] ci: upload Debian artifacts separately --- .github/workflows/rtpproxy_ci.yml | 41 ++++++++++++++++++++++++++----- 1 file changed, 35 insertions(+), 6 deletions(-) diff --git a/.github/workflows/rtpproxy_ci.yml b/.github/workflows/rtpproxy_ci.yml index 07a761191..9c7e48eff 100644 --- a/.github/workflows/rtpproxy_ci.yml +++ b/.github/workflows/rtpproxy_ci.yml @@ -134,14 +134,43 @@ jobs: fi sudo apt-get install -y "${pkgs[@]}" - - name: Upload Debian packages + - name: Upload runtime package uses: actions/upload-artifact@v4 with: - name: rtpproxy-debian-packages - path: | - debian-artifacts/*.deb - debian-artifacts/*.buildinfo - debian-artifacts/*.changes + name: rtpproxy.deb + path: debian-artifacts/rtpproxy_*.deb + compression-level: 0 + if-no-files-found: error + + - name: Upload development package + uses: actions/upload-artifact@v4 + with: + name: rtpproxy-dev.deb + path: debian-artifacts/rtpproxy-dev_*.deb + compression-level: 0 + if-no-files-found: error + + - name: Upload debug package + uses: actions/upload-artifact@v4 + with: + name: rtpproxy-debug.deb + path: debian-artifacts/rtpproxy-debug_*.deb + compression-level: 0 + if-no-files-found: error + + - name: Upload build metadata + uses: actions/upload-artifact@v4 + with: + name: rtpproxy.buildinfo + path: debian-artifacts/*.buildinfo + compression-level: 0 + if-no-files-found: error + + - name: Upload changeset + uses: actions/upload-artifact@v4 + with: + name: rtpproxy.changes + path: debian-artifacts/*.changes compression-level: 0 if-no-files-found: error From e41c4a46056774058b14dc1f03e3d02a4e53e8bd Mon Sep 17 00:00:00 2001 From: Maksym Sobolyev Date: Thu, 9 Oct 2025 09:38:20 -0700 Subject: [PATCH 05/19] ci: upload Debian artifacts with CLI --- .github/workflows/rtpproxy_ci.yml | 58 ++++++++++--------------------- 1 file changed, 19 insertions(+), 39 deletions(-) diff --git a/.github/workflows/rtpproxy_ci.yml b/.github/workflows/rtpproxy_ci.yml index 9c7e48eff..9d553fc1f 100644 --- a/.github/workflows/rtpproxy_ci.yml +++ b/.github/workflows/rtpproxy_ci.yml @@ -106,7 +106,7 @@ jobs: - name: Install build tools run: | sudo apt-get update - sudo apt-get install -y build-essential devscripts debhelper pkg-config libssl-dev libbcg729-dev libgsm1-dev libsndfile1-dev libunwind-dev libsrtp2-dev fakeroot + sudo apt-get install -y build-essential devscripts debhelper pkg-config libssl-dev libbcg729-dev libgsm1-dev libsndfile1-dev libunwind-dev libsrtp2-dev fakeroot zip - name: Build Debian package env: DEB_BUILD_OPTIONS: nocheck @@ -134,45 +134,25 @@ jobs: fi sudo apt-get install -y "${pkgs[@]}" - - name: Upload runtime package - uses: actions/upload-artifact@v4 - with: - name: rtpproxy.deb - path: debian-artifacts/rtpproxy_*.deb - compression-level: 0 - if-no-files-found: error - - - name: Upload development package - uses: actions/upload-artifact@v4 - with: - name: rtpproxy-dev.deb - path: debian-artifacts/rtpproxy-dev_*.deb - compression-level: 0 - if-no-files-found: error + - name: Setup GitHub Actions artifact client + uses: lhotari/gh-actions-artifact-client@v2 - - name: Upload debug package - uses: actions/upload-artifact@v4 - with: - name: rtpproxy-debug.deb - path: debian-artifacts/rtpproxy-debug_*.deb - compression-level: 0 - if-no-files-found: error - - - name: Upload build metadata - uses: actions/upload-artifact@v4 - with: - name: rtpproxy.buildinfo - path: debian-artifacts/*.buildinfo - compression-level: 0 - if-no-files-found: error - - - name: Upload changeset - uses: actions/upload-artifact@v4 - with: - name: rtpproxy.changes - path: debian-artifacts/*.changes - compression-level: 0 - if-no-files-found: error + - name: Upload Debian artifacts + run: | + set -euo pipefail + shopt -s nullglob + uploaded=0 + for file in debian-artifacts/*.deb debian-artifacts/*.buildinfo debian-artifacts/*.changes; do + [ -e "$file" ] || continue + uploaded=1 + name=$(basename "$file") + echo "Uploading $name, file: $file" + zip - "$file" | gh-actions-artifact-client.js upload "$name" --retentionDays=7 + done + if [ "$uploaded" -eq 0 ]; then + echo "No Debian artifacts found for upload" >&2 + exit 1 + fi FullBuild: name: Full Build From 4c533fe003cf0c33a9e360268bb40e64a752227f Mon Sep 17 00:00:00 2001 From: Maksym Sobolyev Date: Thu, 9 Oct 2025 09:54:01 -0700 Subject: [PATCH 06/19] ci: upload dbgsym packages as ddebs --- .github/workflows/rtpproxy_ci.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/rtpproxy_ci.yml b/.github/workflows/rtpproxy_ci.yml index 9d553fc1f..30a86f8c5 100644 --- a/.github/workflows/rtpproxy_ci.yml +++ b/.github/workflows/rtpproxy_ci.yml @@ -120,7 +120,11 @@ jobs: shopt -s nullglob for artifact in ../*.deb ../*.buildinfo ../*.changes; do [ -e "${artifact}" ] || continue - mv "${artifact}" debian-artifacts/ + base=$(basename "${artifact}") + if [[ "${base}" == *-dbgsym_*.deb ]]; then + base="${base%.deb}.ddeb" + fi + mv "${artifact}" "debian-artifacts/${base}" done - name: Test install Debian packages @@ -142,7 +146,7 @@ jobs: set -euo pipefail shopt -s nullglob uploaded=0 - for file in debian-artifacts/*.deb debian-artifacts/*.buildinfo debian-artifacts/*.changes; do + for file in debian-artifacts/*.deb debian-artifacts/*.ddeb debian-artifacts/*.buildinfo debian-artifacts/*.changes; do [ -e "$file" ] || continue uploaded=1 name=$(basename "$file") From 0cf5ba1929037c83b8579a83ada79a9fe07857f2 Mon Sep 17 00:00:00 2001 From: Maksym Sobolyev Date: Thu, 9 Oct 2025 10:03:19 -0700 Subject: [PATCH 07/19] ci: upload dbgsym artifacts without renaming --- .github/workflows/rtpproxy_ci.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/rtpproxy_ci.yml b/.github/workflows/rtpproxy_ci.yml index 30a86f8c5..db71f868d 100644 --- a/.github/workflows/rtpproxy_ci.yml +++ b/.github/workflows/rtpproxy_ci.yml @@ -118,12 +118,9 @@ jobs: set -euo pipefail mkdir -p debian-artifacts shopt -s nullglob - for artifact in ../*.deb ../*.buildinfo ../*.changes; do + for artifact in ../*.deb ../*.ddeb ../*.buildinfo ../*.changes; do [ -e "${artifact}" ] || continue base=$(basename "${artifact}") - if [[ "${base}" == *-dbgsym_*.deb ]]; then - base="${base%.deb}.ddeb" - fi mv "${artifact}" "debian-artifacts/${base}" done From 2f295bda2ad8d66f81a8bf470445abcd6379e91a Mon Sep 17 00:00:00 2001 From: Maksym Sobolyev Date: Thu, 9 Oct 2025 10:26:24 -0700 Subject: [PATCH 08/19] debian: enable systemd integration --- .github/workflows/rtpproxy_ci.yml | 2 +- debian/changelog | 2 ++ debian/control | 3 ++- debian/rules | 2 +- 4 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/rtpproxy_ci.yml b/.github/workflows/rtpproxy_ci.yml index db71f868d..cd8879fa6 100644 --- a/.github/workflows/rtpproxy_ci.yml +++ b/.github/workflows/rtpproxy_ci.yml @@ -106,7 +106,7 @@ jobs: - name: Install build tools run: | sudo apt-get update - sudo apt-get install -y build-essential devscripts debhelper pkg-config libssl-dev libbcg729-dev libgsm1-dev libsndfile1-dev libunwind-dev libsrtp2-dev fakeroot zip + sudo apt-get install -y build-essential devscripts debhelper pkg-config libssl-dev libbcg729-dev libgsm1-dev libsndfile1-dev libunwind-dev libsrtp2-dev libsystemd-dev fakeroot zip - name: Build Debian package env: DEB_BUILD_OPTIONS: nocheck diff --git a/debian/changelog b/debian/changelog index b37aa4503..52edf96e3 100644 --- a/debian/changelog +++ b/debian/changelog @@ -10,6 +10,8 @@ rtpproxy (3.1+dev1) unstable; urgency=medium runtime and debug packages to avoid missing-file warnings. * Depend on libsrtp2 during the build so the crypto modules are compiled and available for packaging. + * Enable systemd integration by building against libsystemd-dev and + configuring with --enable-systemd. -- Maxim Sobolev Wed, 15 May 2024 00:00:00 +0000 diff --git a/debian/control b/debian/control index f360b7270..cfa38cab6 100644 --- a/debian/control +++ b/debian/control @@ -9,7 +9,8 @@ Build-Depends: debhelper-compat (= 13), libgsm1-dev, libsndfile1-dev, libunwind-dev, - libsrtp2-dev + libsrtp2-dev, + libsystemd-dev Standards-Version: 4.6.2 Homepage: https://github.com/sippy/rtpproxy Vcs-Git: https://github.com/sippy/rtpproxy.git diff --git a/debian/rules b/debian/rules index 74966acb3..41de851bd 100755 --- a/debian/rules +++ b/debian/rules @@ -4,7 +4,7 @@ dh $@ override_dh_auto_configure: - dh_auto_configure -- --enable-librtpproxy + dh_auto_configure -- --enable-librtpproxy --enable-systemd override_dh_update_autotools_config: @echo "Skipping autotools config update" From 009aa0bac685f024ae49c0001f156dcb8e5cea1c Mon Sep 17 00:00:00 2001 From: Maksym Sobolyev Date: Thu, 9 Oct 2025 10:40:10 -0700 Subject: [PATCH 09/19] debian: enable lto for package builds --- debian/rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/rules b/debian/rules index 41de851bd..0cb3504ad 100755 --- a/debian/rules +++ b/debian/rules @@ -4,7 +4,7 @@ dh $@ override_dh_auto_configure: - dh_auto_configure -- --enable-librtpproxy --enable-systemd + dh_auto_configure -- --enable-librtpproxy --enable-systemd --enable-lto=yes override_dh_update_autotools_config: @echo "Skipping autotools config update" From 494fb8def300a2d7ac2311e6c749410c2e74b67a Mon Sep 17 00:00:00 2001 From: Maksym Sobolyev Date: Thu, 9 Oct 2025 11:04:26 -0700 Subject: [PATCH 10/19] debian: keep librtpproxy archive with LTO --- debian/changelog | 2 ++ debian/rules | 5 ++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 52edf96e3..574414c78 100644 --- a/debian/changelog +++ b/debian/changelog @@ -12,6 +12,8 @@ rtpproxy (3.1+dev1) unstable; urgency=medium compiled and available for packaging. * Enable systemd integration by building against libsystemd-dev and configuring with --enable-systemd. + * Preserve librtpproxy's static archive contents under LTO by appending + -ffat-lto-objects to the maintainer build flags. -- Maxim Sobolev Wed, 15 May 2024 00:00:00 +0000 diff --git a/debian/rules b/debian/rules index 0cb3504ad..e8559aeb8 100755 --- a/debian/rules +++ b/debian/rules @@ -1,7 +1,10 @@ #!/usr/bin/make -f +export DEB_CFLAGS_MAINT_APPEND = -ffat-lto-objects +export DEB_CXXFLAGS_MAINT_APPEND = -ffat-lto-objects + %: - dh $@ + dh $@ override_dh_auto_configure: dh_auto_configure -- --enable-librtpproxy --enable-systemd --enable-lto=yes From abf215e9164372abeddbc045293d9fc7f277863b Mon Sep 17 00:00:00 2001 From: Maksym Sobolyev Date: Thu, 9 Oct 2025 11:13:09 -0700 Subject: [PATCH 11/19] debian: fix rules indentation --- debian/rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/rules b/debian/rules index e8559aeb8..ae425b0ad 100755 --- a/debian/rules +++ b/debian/rules @@ -4,7 +4,7 @@ export DEB_CFLAGS_MAINT_APPEND = -ffat-lto-objects export DEB_CXXFLAGS_MAINT_APPEND = -ffat-lto-objects %: - dh $@ + dh $@ override_dh_auto_configure: dh_auto_configure -- --enable-librtpproxy --enable-systemd --enable-lto=yes From 051a8a02adb723fdc275cf6a399149f1677c4c8e Mon Sep 17 00:00:00 2001 From: Maksym Sobolyev Date: Thu, 9 Oct 2025 12:09:46 -0700 Subject: [PATCH 12/19] debian: document packaging prerequisites --- debian/README.source | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 debian/README.source diff --git a/debian/README.source b/debian/README.source new file mode 100644 index 000000000..ba4fe6b8f --- /dev/null +++ b/debian/README.source @@ -0,0 +1,13 @@ +Building the Debian packaging helpers locally requires the Debian helper tools. + +Before invoking commands such as `debian/rules clean` or `dpkg-buildpackage`, +install the packaging toolchain, for example: + +``` +sudo apt-get update +sudo apt-get install debhelper +``` + +The packaging workflow in CI already provisions these dependencies. When +working on the packaging locally you need to provision them once per build +environment. From 9d761783bf759898b2f5e0d3bcc424bb7bde64b9 Mon Sep 17 00:00:00 2001 From: Maksym Sobolyev Date: Thu, 9 Oct 2025 12:35:11 -0700 Subject: [PATCH 13/19] Add systemd unit for rtpproxy --- debian/changelog | 2 ++ debian/rtpproxy.default | 12 ++++++++++++ debian/rtpproxy.service | 16 ++++++++++++++++ 3 files changed, 30 insertions(+) create mode 100644 debian/rtpproxy.default create mode 100644 debian/rtpproxy.service diff --git a/debian/changelog b/debian/changelog index 574414c78..5e500a758 100644 --- a/debian/changelog +++ b/debian/changelog @@ -14,6 +14,8 @@ rtpproxy (3.1+dev1) unstable; urgency=medium configuring with --enable-systemd. * Preserve librtpproxy's static archive contents under LTO by appending -ffat-lto-objects to the maintainer build flags. + * Provide a packaged systemd service and default configuration so the + daemon can be managed with systemd out of the box. -- Maxim Sobolev Wed, 15 May 2024 00:00:00 +0000 diff --git a/debian/rtpproxy.default b/debian/rtpproxy.default new file mode 100644 index 000000000..f1408d569 --- /dev/null +++ b/debian/rtpproxy.default @@ -0,0 +1,12 @@ +# Defaults for the rtpproxy systemd service. +# +# Provide additional command-line options via RTPPROXY_ARGS. The service +# already enforces foreground mode and will create /run/rtpproxy for pid +# files automatically, so typical deployments only need to specify the +# control socket and advertised addresses. For example: +# RTPPROXY_ARGS="-p /run/rtpproxy/rtpproxy.pid -s udp:127.0.0.1:7722 \ +# -l 203.0.113.10/198.51.100.10" +# +# Leave the value empty to accept upstream defaults and manage options via +# the configuration file. +RTPPROXY_ARGS="-p /run/rtpproxy/rtpproxy.pid" diff --git a/debian/rtpproxy.service b/debian/rtpproxy.service new file mode 100644 index 000000000..d6f399065 --- /dev/null +++ b/debian/rtpproxy.service @@ -0,0 +1,16 @@ +[Unit] +Description=RTPProxy media relay +Documentation=man:rtpproxy(8) +After=network.target + +[Service] +Type=simple +EnvironmentFile=-/etc/default/rtpproxy +RuntimeDirectory=rtpproxy +RuntimeDirectoryMode=0755 +ExecStart=/usr/bin/rtpproxy -f $RTPPROXY_ARGS +ExecReload=/bin/kill -HUP $MAINPID +Restart=on-failure + +[Install] +WantedBy=multi-user.target From e27b8ad22328977a3231f5d1cf98cf2e7920c148 Mon Sep 17 00:00:00 2001 From: Maksym Sobolyev Date: Thu, 9 Oct 2025 12:35:22 -0700 Subject: [PATCH 14/19] Reuse upstream systemd units and add service account --- debian/changelog | 6 ++++-- debian/control | 2 +- debian/dirs | 2 ++ debian/rtpproxy.default | 12 ------------ debian/rtpproxy.install | 3 +++ debian/rtpproxy.postinst | 19 +++++++++++++++++++ debian/rtpproxy.postrm | 17 +++++++++++++++++ debian/rtpproxy.service | 16 ---------------- rpm/rtpproxy.service | 9 +++++++-- rpm/rtpproxy.sysconfig | 8 ++++++++ 10 files changed, 61 insertions(+), 33 deletions(-) create mode 100644 debian/dirs delete mode 100644 debian/rtpproxy.default create mode 100755 debian/rtpproxy.postinst create mode 100755 debian/rtpproxy.postrm delete mode 100644 debian/rtpproxy.service diff --git a/debian/changelog b/debian/changelog index 5e500a758..ffd16737e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -14,8 +14,10 @@ rtpproxy (3.1+dev1) unstable; urgency=medium configuring with --enable-systemd. * Preserve librtpproxy's static archive contents under LTO by appending -ffat-lto-objects to the maintainer build flags. - * Provide a packaged systemd service and default configuration so the - daemon can be managed with systemd out of the box. + * Reuse the upstream systemd service and socket units in Debian builds, + installing their shared sysconfig file for consistent configuration. + * Create a dedicated rtpproxy user and group at install time so the + service runs under a locked-down account by default. -- Maxim Sobolev Wed, 15 May 2024 00:00:00 +0000 diff --git a/debian/control b/debian/control index cfa38cab6..29eeba7db 100644 --- a/debian/control +++ b/debian/control @@ -19,7 +19,7 @@ Rules-Requires-Root: no Package: rtpproxy Architecture: any -Depends: ${misc:Depends}, ${shlibs:Depends} +Depends: ${misc:Depends}, ${shlibs:Depends}, adduser Description: High-performance SIP RTP media proxy RTPProxy is a high-performance, scalable media relay designed for SIP-based applications. It supports advanced media handling features diff --git a/debian/dirs b/debian/dirs new file mode 100644 index 000000000..fac29b400 --- /dev/null +++ b/debian/dirs @@ -0,0 +1,2 @@ +etc/sysconfig +var/lib/rtpproxy diff --git a/debian/rtpproxy.default b/debian/rtpproxy.default deleted file mode 100644 index f1408d569..000000000 --- a/debian/rtpproxy.default +++ /dev/null @@ -1,12 +0,0 @@ -# Defaults for the rtpproxy systemd service. -# -# Provide additional command-line options via RTPPROXY_ARGS. The service -# already enforces foreground mode and will create /run/rtpproxy for pid -# files automatically, so typical deployments only need to specify the -# control socket and advertised addresses. For example: -# RTPPROXY_ARGS="-p /run/rtpproxy/rtpproxy.pid -s udp:127.0.0.1:7722 \ -# -l 203.0.113.10/198.51.100.10" -# -# Leave the value empty to accept upstream defaults and manage options via -# the configuration file. -RTPPROXY_ARGS="-p /run/rtpproxy/rtpproxy.pid" diff --git a/debian/rtpproxy.install b/debian/rtpproxy.install index 7028e1e6d..8953d31c8 100644 --- a/debian/rtpproxy.install +++ b/debian/rtpproxy.install @@ -6,3 +6,6 @@ usr/lib/*/rtpproxy/rtpp_acct_rtcp_hep.so usr/lib/*/rtpproxy/rtpp_catch_dtmf.so usr/lib/*/rtpproxy/rtpp_dtls_gw.so usr/lib/*/rtpproxy/rtpp_ice_lite.so +rpm/rtpproxy.service usr/lib/systemd/system/ +rpm/rtpproxy.socket usr/lib/systemd/system/ +rpm/rtpproxy.sysconfig etc/sysconfig/rtpproxy diff --git a/debian/rtpproxy.postinst b/debian/rtpproxy.postinst new file mode 100755 index 000000000..a984bac5b --- /dev/null +++ b/debian/rtpproxy.postinst @@ -0,0 +1,19 @@ +#!/bin/sh +set -e + +case "$1" in + configure) + if ! getent group rtpproxy >/dev/null; then + addgroup --system rtpproxy + fi + if ! getent passwd rtpproxy >/dev/null; then + adduser --system --ingroup rtpproxy --home /var/lib/rtpproxy \ + --shell /usr/sbin/nologin --no-create-home rtpproxy + fi + install -d -o rtpproxy -g rtpproxy -m 0750 /var/lib/rtpproxy + ;; +esac + +#DEBHELPER# + +exit 0 diff --git a/debian/rtpproxy.postrm b/debian/rtpproxy.postrm new file mode 100755 index 000000000..3f606dfef --- /dev/null +++ b/debian/rtpproxy.postrm @@ -0,0 +1,17 @@ +#!/bin/sh +set -e + +case "$1" in + purge) + if command -v deluser >/dev/null 2>&1; then + deluser --system --quiet rtpproxy || true + fi + if command -v delgroup >/dev/null 2>&1; then + delgroup --quiet rtpproxy || true + fi + ;; +esac + +#DEBHELPER# + +exit 0 diff --git a/debian/rtpproxy.service b/debian/rtpproxy.service deleted file mode 100644 index d6f399065..000000000 --- a/debian/rtpproxy.service +++ /dev/null @@ -1,16 +0,0 @@ -[Unit] -Description=RTPProxy media relay -Documentation=man:rtpproxy(8) -After=network.target - -[Service] -Type=simple -EnvironmentFile=-/etc/default/rtpproxy -RuntimeDirectory=rtpproxy -RuntimeDirectoryMode=0755 -ExecStart=/usr/bin/rtpproxy -f $RTPPROXY_ARGS -ExecReload=/bin/kill -HUP $MAINPID -Restart=on-failure - -[Install] -WantedBy=multi-user.target diff --git a/rpm/rtpproxy.service b/rpm/rtpproxy.service index f7f8c7371..3c7c97cea 100644 --- a/rpm/rtpproxy.service +++ b/rpm/rtpproxy.service @@ -1,14 +1,19 @@ [Unit] -Description=A symmetric RTP proxy +Description=RTPProxy media relay +Documentation=man:rtpproxy(8) After=network.target [Service] Type=notify User=rtpproxy Group=rtpproxy -EnvironmentFile=/etc/sysconfig/rtpproxy +EnvironmentFile=-/etc/sysconfig/rtpproxy PIDFile=/var/run/rtpproxy/rtpproxy.pid +RuntimeDirectory=rtpproxy +RuntimeDirectoryMode=0755 ExecStart=/usr/bin/rtpproxy -f -p /var/run/rtpproxy/rtpproxy.pid $OPTIONS +ExecReload=/bin/kill -HUP $MAINPID +Restart=on-failure [Install] Also=rtpproxy.socket diff --git a/rpm/rtpproxy.sysconfig b/rpm/rtpproxy.sysconfig index 9186ef794..58275d90b 100644 --- a/rpm/rtpproxy.sysconfig +++ b/rpm/rtpproxy.sysconfig @@ -1 +1,9 @@ +# Command-line options passed to rtpproxy by the systemd unit. +# +# The service already enables foreground operation and manages the runtime +# directory, so typically only the control socket and advertised addresses +# need to be provided here. For example: +# OPTIONS="-s udp:127.0.0.1:7722 -l 203.0.113.10/198.51.100.10" +# +# Leave the value empty to accept the built-in defaults. OPTIONS="" From aa89adf979cc0c920937ed00bea17ea60f5aeb2f Mon Sep 17 00:00:00 2001 From: Maksym Sobolyev Date: Thu, 9 Oct 2025 12:35:27 -0700 Subject: [PATCH 15/19] Adjust systemd unit for socket activation --- debian/changelog | 2 ++ rpm/rtpproxy.service | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index ffd16737e..fcee28ef4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -16,6 +16,8 @@ rtpproxy (3.1+dev1) unstable; urgency=medium -ffat-lto-objects to the maintainer build flags. * Reuse the upstream systemd service and socket units in Debian builds, installing their shared sysconfig file for consistent configuration. + * Update the systemd service to supervise rtpproxy via systemd sockets + so the packaged unit works with Type=notify without extra tuning. * Create a dedicated rtpproxy user and group at install time so the service runs under a locked-down account by default. diff --git a/rpm/rtpproxy.service b/rpm/rtpproxy.service index 3c7c97cea..904b9fed2 100644 --- a/rpm/rtpproxy.service +++ b/rpm/rtpproxy.service @@ -11,7 +11,7 @@ EnvironmentFile=-/etc/sysconfig/rtpproxy PIDFile=/var/run/rtpproxy/rtpproxy.pid RuntimeDirectory=rtpproxy RuntimeDirectoryMode=0755 -ExecStart=/usr/bin/rtpproxy -f -p /var/run/rtpproxy/rtpproxy.pid $OPTIONS +ExecStart=/usr/bin/rtpproxy -f -s systemd: -p /var/run/rtpproxy/rtpproxy.pid $OPTIONS ExecReload=/bin/kill -HUP $MAINPID Restart=on-failure From f0504428f63002883560d5d0daff54c98415d8fe Mon Sep 17 00:00:00 2001 From: Maksym Sobolyev Date: Thu, 9 Oct 2025 12:36:04 -0700 Subject: [PATCH 16/19] Align systemd unit runtime paths --- debian/changelog | 2 ++ rpm/rtpproxy.service | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index fcee28ef4..2cf0ae8c5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -20,6 +20,8 @@ rtpproxy (3.1+dev1) unstable; urgency=medium so the packaged unit works with Type=notify without extra tuning. * Create a dedicated rtpproxy user and group at install time so the service runs under a locked-down account by default. + * Align the packaged systemd unit with /run paths so PID tracking stays + consistent with RuntimeDirectory management. -- Maxim Sobolev Wed, 15 May 2024 00:00:00 +0000 diff --git a/rpm/rtpproxy.service b/rpm/rtpproxy.service index 904b9fed2..1b465a328 100644 --- a/rpm/rtpproxy.service +++ b/rpm/rtpproxy.service @@ -8,10 +8,10 @@ Type=notify User=rtpproxy Group=rtpproxy EnvironmentFile=-/etc/sysconfig/rtpproxy -PIDFile=/var/run/rtpproxy/rtpproxy.pid +PIDFile=/run/rtpproxy/rtpproxy.pid RuntimeDirectory=rtpproxy RuntimeDirectoryMode=0755 -ExecStart=/usr/bin/rtpproxy -f -s systemd: -p /var/run/rtpproxy/rtpproxy.pid $OPTIONS +ExecStart=/usr/bin/rtpproxy -f -s systemd: -p /run/rtpproxy/rtpproxy.pid $OPTIONS ExecReload=/bin/kill -HUP $MAINPID Restart=on-failure From ce28d620f0c474843af282890424ec22c8889c4a Mon Sep 17 00:00:00 2001 From: Maksym Sobolyev Date: Thu, 9 Oct 2025 12:36:15 -0700 Subject: [PATCH 17/19] Refine systemd integration checks --- .github/workflows/rtpproxy_ci.yml | 13 +++++++++++++ debian/changelog | 2 ++ rpm/rtpproxy.service | 2 +- 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/.github/workflows/rtpproxy_ci.yml b/.github/workflows/rtpproxy_ci.yml index cd8879fa6..b27d4f3ab 100644 --- a/.github/workflows/rtpproxy_ci.yml +++ b/.github/workflows/rtpproxy_ci.yml @@ -135,6 +135,19 @@ jobs: fi sudo apt-get install -y "${pkgs[@]}" + - name: Exercise systemd service + run: | + set -euo pipefail + sudo systemctl daemon-reload + sudo systemctl enable --now rtpproxy.socket + sudo systemctl start rtpproxy.service + sudo systemctl status --no-pager rtpproxy.service + sudo systemctl restart rtpproxy.service + sudo systemctl status --no-pager rtpproxy.service + sudo systemctl stop rtpproxy.service + sudo systemctl status --no-pager rtpproxy.service || true + sudo systemctl disable --now rtpproxy.socket + - name: Setup GitHub Actions artifact client uses: lhotari/gh-actions-artifact-client@v2 diff --git a/debian/changelog b/debian/changelog index 2cf0ae8c5..5660af08d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -22,6 +22,8 @@ rtpproxy (3.1+dev1) unstable; urgency=medium service runs under a locked-down account by default. * Align the packaged systemd unit with /run paths so PID tracking stays consistent with RuntimeDirectory management. + * Pass systemd's MAINPID through ExecStart so the daemon receives the + tracked PID even when launched under socket activation. -- Maxim Sobolev Wed, 15 May 2024 00:00:00 +0000 diff --git a/rpm/rtpproxy.service b/rpm/rtpproxy.service index 1b465a328..ba08b1874 100644 --- a/rpm/rtpproxy.service +++ b/rpm/rtpproxy.service @@ -11,7 +11,7 @@ EnvironmentFile=-/etc/sysconfig/rtpproxy PIDFile=/run/rtpproxy/rtpproxy.pid RuntimeDirectory=rtpproxy RuntimeDirectoryMode=0755 -ExecStart=/usr/bin/rtpproxy -f -s systemd: -p /run/rtpproxy/rtpproxy.pid $OPTIONS +ExecStart=/usr/bin/rtpproxy -f -s systemd:$MAINPID -p /run/rtpproxy/rtpproxy.pid $OPTIONS ExecReload=/bin/kill -HUP $MAINPID Restart=on-failure From 2ffb65e420867bda212cf533492d7beaae4b4e63 Mon Sep 17 00:00:00 2001 From: Maksym Sobolyev Date: Thu, 9 Oct 2025 13:25:20 -0700 Subject: [PATCH 18/19] Align rtpproxy service pid flag with systemd MAINPID --- debian/changelog | 4 ++-- rpm/rtpproxy.service | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/debian/changelog b/debian/changelog index 5660af08d..e8768bf9e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -22,8 +22,8 @@ rtpproxy (3.1+dev1) unstable; urgency=medium service runs under a locked-down account by default. * Align the packaged systemd unit with /run paths so PID tracking stays consistent with RuntimeDirectory management. - * Pass systemd's MAINPID through ExecStart so the daemon receives the - tracked PID even when launched under socket activation. + * Use systemd's MAINPID in ExecStart for the pidfile flag instead of + hardcoding the /run directory path. -- Maxim Sobolev Wed, 15 May 2024 00:00:00 +0000 diff --git a/rpm/rtpproxy.service b/rpm/rtpproxy.service index ba08b1874..6ada251fc 100644 --- a/rpm/rtpproxy.service +++ b/rpm/rtpproxy.service @@ -11,7 +11,7 @@ EnvironmentFile=-/etc/sysconfig/rtpproxy PIDFile=/run/rtpproxy/rtpproxy.pid RuntimeDirectory=rtpproxy RuntimeDirectoryMode=0755 -ExecStart=/usr/bin/rtpproxy -f -s systemd:$MAINPID -p /run/rtpproxy/rtpproxy.pid $OPTIONS +ExecStart=/usr/bin/rtpproxy -f -s systemd: -p $MAINPID $OPTIONS ExecReload=/bin/kill -HUP $MAINPID Restart=on-failure From 893f6c3b4aa9c898ddfb81f9309c33e8e9507cb7 Mon Sep 17 00:00:00 2001 From: Maksym Sobolyev Date: Thu, 9 Oct 2025 13:40:21 -0700 Subject: [PATCH 19/19] Restore explicit pidfile path in systemd unit --- debian/changelog | 5 +++-- rpm/rtpproxy.service | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/debian/changelog b/debian/changelog index e8768bf9e..d34e1af4f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -22,8 +22,9 @@ rtpproxy (3.1+dev1) unstable; urgency=medium service runs under a locked-down account by default. * Align the packaged systemd unit with /run paths so PID tracking stays consistent with RuntimeDirectory management. - * Use systemd's MAINPID in ExecStart for the pidfile flag instead of - hardcoding the /run directory path. + * Keep ExecStart's pidfile flag pointed at /run/rtpproxy/rtpproxy.pid + because the MAINPID environment variable is not available at start + time. -- Maxim Sobolev Wed, 15 May 2024 00:00:00 +0000 diff --git a/rpm/rtpproxy.service b/rpm/rtpproxy.service index 6ada251fc..1b465a328 100644 --- a/rpm/rtpproxy.service +++ b/rpm/rtpproxy.service @@ -11,7 +11,7 @@ EnvironmentFile=-/etc/sysconfig/rtpproxy PIDFile=/run/rtpproxy/rtpproxy.pid RuntimeDirectory=rtpproxy RuntimeDirectoryMode=0755 -ExecStart=/usr/bin/rtpproxy -f -s systemd: -p $MAINPID $OPTIONS +ExecStart=/usr/bin/rtpproxy -f -s systemd: -p /run/rtpproxy/rtpproxy.pid $OPTIONS ExecReload=/bin/kill -HUP $MAINPID Restart=on-failure