Refactor of RPM packaging files + migrate from sysvinit -> systemd service

.github/workflows/c-cpp.yml

@@ -11,8 +11,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
+    - name: Update repo metadata
+      run: sudo apt update -y
     - name: Install stuff for creating packages
-      run: sudo apt install -y fakeroot rpm dpkg debhelper
+      run: sudo apt install -y fakeroot rpm dpkg debhelper systemd
     - name: Install packages required for optional configurations of cntlm
       run: sudo apt install -y libkrb5-dev
     - name: Install further tools (clang-tools for scan-build)
@@ -35,10 +37,10 @@ jobs:
         make DEBUG=1
         ./cntlm -h
         make distclean
-    - name: Verify package creation and installation
+        git diff-files --quiet || ( echo "Changes detected in working tree after make distclean" ; git status ; exit 1 )
+    - name: Verify debian package creation and installation
       run: |
         ./configure
-        make rpm
         make deb
         make clean
         sudo make install
@@ -49,3 +51,42 @@ jobs:
         ./configure
         make duktape.o
         scan-build --force-analyze-debug-code make
+
+  package:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+        - os: rhel
+          image: registry.access.redhat.com/ubi9/ubi:latest
+        - os: sles
+          image: registry.suse.com/suse/sle15:latest
+        - os: fedora
+          image: docker.io/fedora:latest
+    container:
+      image: ${{ matrix.image }}
+    steps:
+      - name: Install build dependencies (RHEL / Fedora)
+        run: dnf install -y make gcc systemd rpm-build git shadow-utils which && dnf clean all
+        if: ${{ matrix.os == 'rhel' || matrix.os == 'fedora' }}
+      - name: Install build dependencies (SLES)
+        run: zypper install -y make gcc systemd rpm-build git shadow which && zypper clean -a
+        if: ${{ matrix.os == 'sles' }}
+      - name: Checkout repo
+        uses: actions/checkout@v4
+      - name: Set working directory as safe
+        run: git config --global --add safe.directory ${GITHUB_WORKSPACE}
+      - name: Build the source
+        run: |
+          ./configure
+          make rpm
+      - name: Install the RPM
+        run: 'rpm -iv cntlm*.rpm'
+      - name: Invoke cNTLM to ensure it is installed properly
+        run: cntlm -h
+      - name: Enforce that the debug symbols have been stripped in the packaged binary
+        run: |
+          du -h /usr/sbin/cntlm
+          file /usr/sbin/cntlm | grep -E ', stripped$'
+      - name: Enforce that the make distclean target removes all changes to the source tree
+        run: git diff-files --quiet || ( echo "Changes detected in working tree after make distclean while packaging:" ; git status ; exit 1 )

.github/workflows/sonarcloud.yml

@@ -38,7 +38,9 @@ jobs:
           unzip -o $HOME/.sonar/build-wrapper-linux-x86.zip -d $HOME/.sonar/
           echo "$HOME/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH
       - name: Install packages required for optional configurations of cntlm
-        run: sudo apt install -y libkrb5-dev
+        run: |
+          sudo apt -y update
+          sudo apt install -y libkrb5-dev
       - name: Run build-wrapper
         run: |
           ./configure

.gitignore

@@ -5,6 +5,7 @@ cntlm*.zip
 cntlm*.rpm
 cntlm*.deb
 cntlm*.tar.gz
+cntlm*.tar.bz2
 /configure-stamp
 /config/config.h
 /config/endian
@@ -17,6 +18,9 @@ cntlm*.tar.gz
 /config/memset_s
 /config/gss
 /config/*.exe
+/linux/debian/changelog
+/linux/rpm/BUILD*
+/linux/rpm/SPECS/cntlm.spec
 /win/*.exe
 /win/*.dll
 /win/setup.iss
@@ -26,4 +30,5 @@ cntlm*.tar.gz
 .vscode
 .cproject
 .project
-.settings/
+.settings/
+rpm/BUILD*

Makefile

@@ -6,6 +6,8 @@ DESTDIR    	:=
 PREFIX     	:= /usr/local
 SYSCONFDIR 	:= $(DESTDIR)/etc
 BINDIR     	:= $(DESTDIR)$(PREFIX)/sbin
+INST_BINDIR := $(PREFIX)/sbin
+LIBEXECDIR  := $(DESTDIR)$(PREFIX)/libexec
 MANDIR     	:= $(DESTDIR)$(PREFIX)/share/man
 
 STAMP	:= configure-stamp
@@ -27,7 +29,7 @@ LDFLAGS		:= -lpthread -lm $(OSLDFLAGS)
 CYGWIN_REQS	:= cygwin1.dll cygrunsrv.exe
 
 ifeq ($(CC),gcc)
-GCC_VER := $(shell ${CC} -dumpfullversion | sed -e 's/\.\([0-9][0-9]\)/\1/g' -e 's/\.\([0-9]\)/0\1/g' -e 's/^[0-9]\{3,4\}$$/&00/')
+GCC_VER := $(shell ${CC} -dumpfullversion -dumpversion | sed -e 's/\.\([0-9][0-9]\)/\1/g' -e 's/\.\([0-9]\)/0\1/g' -e 's/^[0-9]\{3,4\}$$/&00/')
 GCC_GTEQ_430 := $(shell expr ${GCC_VER} \>= 40300)
 GCC_GTEQ_450 := $(shell expr ${GCC_VER} \>= 40500)
 GCC_GTEQ_600 := $(shell expr ${GCC_VER} \>= 60000)
@@ -69,6 +71,10 @@ ifeq ($(COVERAGE),1)
 else ifeq ($(DEBUG),1)
 	# DEBUG
 	CFLAGS	+= -g -O0
+else ifeq ($(NOSTRIP),1)
+	# Packaging, therefore optimization enabled but build with debug symbols
+	# as RPM will strip these out into a -debuginfo package that can be optionally installed
+	CFLAGS	+= -g -O3
 else
 	# RELEASE
 	CFLAGS	+= -O3
@@ -126,22 +132,31 @@ win/resources.o: win/resources.rc
 	@echo Win64: adding ICON resource
 	@windres $^ -o $@
 
+ifneq ($(NOSTRIP),1)
+	STRIP="-s"
+	STRIPAIX="-S"
+else
+	STRIP=""
+	STRIPAIX="-S"
+endif
 install: $(NAME)
 	# Special handling for install(1)
 	if [ "`uname -s`" = "AIX" ]; then \
-		install -M 755 -S -f $(BINDIR) $(NAME); \
+		install -M 755 $(STRIPAIX) -f $(BINDIR) $(NAME); \
 		install -M 644 -f $(MANDIR)/man1 doc/$(NAME).1; \
 		install -M 600 -c $(SYSCONFDIR) doc/$(NAME).conf; \
 	elif [ "`uname -s`" = "Darwin" ]; then \
 		install -d $(BINDIR)/; \
-		install -m 755 -s $(NAME) $(BINDIR)/$(NAME); \
+		install -m 755 $(STRIP) $(NAME) $(BINDIR)/$(NAME); \
 		install -d $(MANDIR)/man1/; \
 		install -m 644 doc/$(NAME).1 $(MANDIR)/man1/$(NAME).1; \
 		[ -f $(SYSCONFDIR)/$(NAME).conf -o -z "$(SYSCONFDIR)" ] \
 			|| install -d $(SYSCONFDIR)/; \
 			   install -m 600 doc/$(NAME).conf $(SYSCONFDIR)/$(NAME).conf; \
 	else \
-		install -D -m 755 -s $(NAME) $(BINDIR)/$(NAME); \
+		install -D -m 755 $(STRIP) $(NAME) $(BINDIR)/$(NAME); \
+		sed "s#%BINDIR%#$(INST_BINDIR)#g" linux/cntlm-user.in > linux/cntlm-user; \
+		install -D -m 755 linux/$(NAME)-user $(LIBEXECDIR)/$(NAME)-user; \
 		install -D -m 644 doc/$(NAME).1 $(MANDIR)/man1/$(NAME).1; \
 		[ -f $(SYSCONFDIR)/$(NAME).conf -o -z "$(SYSCONFDIR)" ] \
 			|| install -D -m 600 doc/$(NAME).conf $(SYSCONFDIR)/$(NAME).conf; \
@@ -165,25 +180,22 @@ tbz2:
 	rmdir tmp 2>/dev/null || true
 
 deb:
-	sed -i "s/^\(cntlm *\)([^)]*)/\1($(VER))/g" debian/changelog
-	if [ `id -u` = 0 ]; then \
-		debian/rules binary; \
-		debian/rules clean; \
-	else \
-		fakeroot debian/rules binary; \
-		fakeroot debian/rules clean; \
+	ln -sf linux/debian
+	sed "s/^\(cntlm *\)([^)]*)/\1($(VER))/g" linux/debian/changelog.in > linux/debian/changelog
+	if [ `id -u` = 0 ] && [ -L debian ]; then \
+		linux/debian/rules binary; \
+		linux/debian/rules clean; \
+	elif [ -L debian ]; then \
+		fakeroot linux/debian/rules binary; \
+		fakeroot linux/debian/rules clean; \
 	fi
 	mv ../cntlm_$(VER)*.deb .
 
-rpm:
-	sed -i "s/^\(Version:[\t ]*\)\(.*\)/\1$(VER)/g" rpm/cntlm.spec
-	if [ `id -u` = 0 ]; then \
-		rpm/rules binary; \
-		rpm/rules clean; \
-	else \
-		fakeroot rpm/rules binary; \
-		fakeroot rpm/rules clean; \
-	fi
+rpm: tbz2
+	sed "s/^\(Version:[\t ]*\)\(.*\)/\1$(VER)/g" linux/rpm/SPECS/cntlm.spec.in > linux/rpm/SPECS/cntlm.spec
+	@cp $(NAME)-$(VER).tar.bz2 linux/rpm/SOURCES/
+	rpmbuild --define '_topdir $(CURDIR)/linux/rpm' -ba linux/rpm/SPECS/cntlm.spec
+	mv linux/rpm/RPMS/**/*.rpm .
 
 win: win/setup.iss $(NAME) win/cntlm_manual.pdf win/cntlm.ini win/LICENSE.txt $(NAME)-$(VER)-win64.exe $(NAME)-$(VER)-win64.zip
 
@@ -231,19 +243,22 @@ uninstall:
 
 clean:
 	@rm -f config/endian config/gethostname config/socklen_t config/strdup config/arc4random_buf config/strlcat config/strlcpy config/memset_s config/gss config/*.exe
-	@rm -f *.o cntlm cntlm.exe configure-stamp build-stamp config/config.h
+	@rm -f *.o cntlm cntlm.exe configure-stamp build-stamp config/config.h cntlm-user
 	@rm -f $(patsubst %, win/%, $(CYGWIN_REQS) cntlm.exe cntlm.ini LICENSE.txt resources.o setup.iss cntlm_manual.pdf)
 
 distclean: clean
 ifeq ($(findstring CYGWIN,$(OS)),)
-	if [ `id -u` = 0 ]; then \
-		debian/rules clean; \
-		rpm/rules clean; \
-	else \
-		fakeroot debian/rules clean; \
-		fakeroot rpm/rules clean; \
+	if [ -L debian ]; then \
+	    if command -v dh_testdir && [ `id -u` = 0 ]; then \
+		    debian/rules clean; \
+	    elif command -v dh_testdir; then \
+		    fakeroot debian/rules clean; \
+	    fi \
 	fi
 endif
-	@rm -f *.exe *.deb *.rpm *.tgz *.tar.gz *.tar.bz2 *.zip *.exe tags ctags pid 2>/dev/null
+	@rm -f *.exe *.deb *.rpm *.tgz *.tar.gz *.tar.bz2 *.zip *.exe \
+	  linux/rpm/specs/cntlm.spec linux/cntlm-user linux/debian/changelog tags ctags pid 2>/dev/null
+	@rm -rf linux/rpm/BUILD linux/rpm/BUILDROOT 2>/dev/null
+
 
 .PHONY: all install tgz tbz2 deb rpm win uninstall clean distclean

README

@@ -115,11 +115,12 @@ $ ./configure
 $ make
 $ make install
 
-Cntlm does not require any dynamic libraries and there are no dependencies you
-have to satisfy before compilation, except for libpthreads. This library is
-required for all threaded applications and is very likely to be part of your
-system already, because it comes with libc. Next, install cntlm onto your
-system like so:
+Cntlm does not require any dynamic libraries unless kerberos support is enabled,
+and there are no dependencies you have to satisfy before compilation,
+except for libpthreads. This library is required for all threaded applications
+and is very likely to be part of your system already, because it comes with libc.
+
+Next, install cntlm onto your system like so:
 
 Default installation directories are /usr/local/sbin, /usr/local/share/man and /etc.
 Should you want to install cntlm into a different location, change the DESTDIR
@@ -132,7 +133,7 @@ $ make install SYSCONFDIR=/etc BINDIR=/usr/bin MANDIR=/usr/share/man
 
 Cntlm is compiled with system-wide configuration file by default. That means
 whenever you run cntlm, it looks into a hardcoded path (SYSCONFDIR) and tries
-to load cntml.conf. You cannot make it not to do so, unless you use -c with an
+to load cntlm.conf. You cannot make it not to do so, unless you use -c with an
 alternative file or /dev/null. This is standard behaviour and probably what you
 want. On the other hand, some of you might not want to use cntlm as a daemon
 started by init scripts and you would prefer setting up everything on the
@@ -149,17 +150,14 @@ among other things a file called "cntlmd". It can be used as an init.d script.
 Architectures
 ~~~~~~~~~~~~~
 The build system now has an autodetection of the build arch endianness. Every
-common CPU and OS out there is supported, including Windows, MacOS X, Linux,
+common CPU and OS out there is supported, including Windows, MacOS, Linux,
 *BSD, AIX.
 
 
 Compilers
 ~~~~~~~~~
-Cntlm is tested against GCC and IBM XL C/C++, other C compilers will work
+Cntlm is tested against GCC, Clang and IBM XL C/C++, other C compilers will work
 for you too. There are no compiler specific directives and options AFAIK.
-compilers might work for you (then again, they might not). Specific
-Makefiles for different compilers are supported by the ./configure script
-(e.g. Makefile.xlc)
 
 
 Contact

README.md

@@ -53,7 +53,7 @@ Compile:
     dpkg-buildpackage -b -rfakeroot
 
 Upon installation, the package takes care of creating a dedicated user for
-cntlm, init script integration, manages eventual configuration file updates
+cntlm, systemd unit integration, manages eventual configuration file updates
 with new upstream versions, things like restart of the daemon after future
 updates, etc. You can later revert all these changes with one command, should
 you decide to remove cntlm from your system.
@@ -62,12 +62,14 @@ you decide to remove cntlm from your system.
 
 ### 1) Quick way to create RPM
 
-    make rpm    # you'll need root privs. or fakeroot utility
+    make rpm
 
 ### 2) Detailed howto (or if make rpm doesn't work for you)
 
-To build an RPM package from scratch, as root change to
-/usr/src/[redhat|rpm|whatever]/SOURCES
+To build an RPM package from scratch:
+* Ensure that the rpmdevtools package is present
+* Execute `rpmdev-setuptree`
+* Change to `~/rpmbuild/SOURCES`
 
 Copy there all files from cntlm's rpm/ directory plus appropriate version of
 the source tar.bz2 (see Creating a SOURCE TARBALL section above) and type:
@@ -162,29 +164,28 @@ whenever you run cntlm, it looks into a hardcoded path (SYSCONFDIR) and tries
 to load cntml.conf. You cannot make it not to do so, unless you use -c with an
 alternative file or /dev/null. This is standard behavior and probably what you
 want. On the other hand, some of you might not want to use cntlm as a daemon
-started by init scripts and you would prefer setting up everything on the
+started by systemd units and you would prefer setting up everything on the
 command line. This is possible, just comment out SYSCONFDIR variable definition
 in the Makefile before you compile cntlm and it will remove this feature.
 
 Installation includes the main binary, the man page (see "man cntlm") and if
 the default config feature was not removed, it also installs a configuration
 template. Please note that unlike bin and man targets, existing configuration
-is never overwritten during installation. In the doc/ directory you can find
-among other things a file called "cntlmd". It can be used as an init.d script.
+is never overwritten during installation. In the linux/ directory you can find
+among other things a files with a suffix of ".service" which implement systemd
+unit files that can be used to manage cntlm, as either a system scoped or user
+scoped service.
 
 ## Architectures
 
 The build system now has an autodetection of the build arch endianness. Every
-common CPU and OS out there is supported, including Windows, MacOS X, Linux,
+common CPU and OS out there is supported, including Windows, MacOS, Linux,
 *BSD, AIX.
 
 ## Compilers
 
 Cntlm is tested against GCC, Clang and IBM XL C/C++, other C compilers will work
 for you too. There are no compiler specific directives and options AFAIK.
-compilers might work for you (then again, they might not). Specific
-Makefiles for different compilers are supported by the ./configure script
-(e.g. Makefile.xlc)
 
 ## Contact
 

VERSION

@@ -1 +1 @@
-0.94beta1
+0.95.0beta1

debian

@@ -0,0 +1 @@
+linux/debian