Packaging fixes.

.github/workflows/pkg.yml

@@ -12,11 +12,30 @@ on:
 
 jobs:
   package:
-    uses: NLnetLabs/ploutos/.github/workflows/pkg-rust.yml@v8
+    uses: NLnetLabs/ploutos/.github/workflows/pkg-rust.yml@v9
     with:
       package_build_rules: pkg/rules/packages-to-build.yml
       package_test_scripts_path: pkg/test-scripts/test-<package>.sh
 
+      # About the use of deb_apt_source and rpm_yum_repo:
+      # ----------------------------------------------------------------------
+      # These settings are used below to direct Ploutos to add an alternate
+      # package repository than the default (also packages.nlnetlabs.nl but
+      # normal channel rather than the "-proposed" channel). This repository
+      # is used during the package testing phase and is needed so that when
+      # the newly built Cascade package is installed that its dependencies,
+      # dnst and kmip2pkcs11, can be resolved. This is because those
+      # dependencies are at the time of writing not yet published in the main
+      # channel but only in the "-proposed" channel.
+      package_test_always_add_repo: true
+
       deb_extra_build_packages: libssl-dev
+      deb_apt_source: 'deb [arch=amd64] https://packages.nlnetlabs.nl/linux/${OS_NAME} ${OS_REL}-proposed main'
+
       rpm_extra_build_packages: make openssl-devel
       rpm_scriptlets_path: pkg/rpm/scriptlets.toml
+      rpm_yum_repo: |
+        [nlnetlabs]
+        name=NLnet Labs Testing
+        baseurl=https://packages.nlnetlabs.nl/linux/centos/$releasever/proposed/$basearch
+        enabled=1

Cargo.toml

@@ -1,3 +1,3 @@
 [package]
 name = "cascade"
 default-run = "cascaded"
@@ -114,39 +114,17 @@
 
 [package.metadata.deb]
 assets = [
-	[
-		"target/release/cascade",
-		"usr/bin/",
-		"755",
-	],
-	[
-		"target/release/cascaded",
-		"usr/bin/",
-		"755",
-	],
-	[
-		"README.md",
-		"usr/share/doc/cascade/",
-		"644",
-	],
+	["target/release/cascade", "usr/bin/", "755"],
+	["target/release/cascaded", "usr/bin/",	"755"],
+	["README.md",	"usr/share/doc/cascade/",	"644"],
 	#["doc/cascade.1", "usr/share/man/man1/cascade.1", "644"],
 	#["doc/cascaded.1", "usr/share/man/man1/cascaded.1", "644"],
-	[
-		"config.toml",
-		"etc/cascade/config.toml",
-		"644",
-	],
-	[
-		"pkg/common/service.preset",
-		"usr/lib/systemd/service-preset/50-cascaded.preset",
-		"644",
-	],
+	["config.toml", "etc/cascade/config.toml", "644"],
+	["pkg/common/service.preset",	"usr/lib/systemd/service-preset/50-cascaded.preset", "644"],
 ]
 name = "cascade"
-# TODO: create email alias
 maintainer = "NLnet Labs <[email protected]>"
 license-file = ["LICENSE", "0"]
-# TODO: come up with a description (also for the git repo)
 extended-description = """\
 Cascade is a friendly DNSSEC signing solution, offering sensible defaults,
 controllability, observability and flexibility.
@@ -159,9 +137,24 @@
 changelog = "target/debian/changelog" # this will be generated by the pkg workflow
 copyright = "Copyright (c) 2025, NLnet Labs. All rights reserved."
 conf-files = ["/etc/cascade/config.toml"]
-systemd-units = { unit-name = "cascaded", unit-scripts = "pkg/common", enable = false }
+systemd-units = { unit-name = "cascaded", unit-scripts = "pkg/common", enable = false, usr-merge = true } # usr-merge is needed for Bookworm/Noble and later
+
+[package.metadata.deb.variants.debian-buster]
+systemd-units = { unit-name = "cascaded", unit-scripts = "pkg/common", enable = false, usr-merge = false }
+
+[package.metadata.deb.variants.debian-bullseye]
+systemd-units = { unit-name = "cascaded", unit-scripts = "pkg/common", enable = false, usr-merge = false }
+
+[package.metadata.deb.variants.ubuntu-focal]
+systemd-units = { unit-name = "cascaded", unit-scripts = "pkg/common", enable = false, usr-merge = false }
+
+[package.metadata.deb.variants.ubuntu-jammy]
+systemd-units = { unit-name = "cascaded", unit-scripts = "pkg/common", enable = false, usr-merge = false }
 
 [package.metadata.generate-rpm]
+# Use a shorter summary as rpmlint complains with E: summary-too-long.
+# Use an initial capital letter to satisfy rpmlinlt which complains with W: summary-not-capitalized
+summary = "Friendly DNSSEC signing solution"
 assets = [
 	{ source = "target/release/cascade", dest = "/usr/bin/cascade", mode = "755" },
 	{ source = "target/release/cascaded", dest = "/usr/bin/cascaded", mode = "755" },

pkg/common/cascaded.service

@@ -4,7 +4,7 @@ Documentation=man:cascade(1)
 After=network.target
 
 [Service]
-ExecStart=/usr/bin/cascade --config=/etc/cascade/config.toml
+ExecStart=/usr/bin/cascaded --config=/etc/cascade/config.toml
 Type=exec
 Restart=on-failure
 User=cascade

pkg/debian/postrm

@@ -1,6 +1,6 @@
 #!/bin/sh -e
 
-CONFIG_FILE_PATH="/etc/cascade/cascade.conf"
+CONFIG_FILE_PATH="/etc/cascade/config.toml"
 
 case "$1" in
 purge)

pkg/rpm/scriptlets.toml

@@ -18,7 +18,7 @@ if [ $1 -eq 1 ] ; then
     fi
 
     # Run commands equivalent to what the RPM systemd macros would do
-    systemd_post cascade.service
+    systemd_post cascaded.service
     systemd_triggers
 fi
 '''
@@ -30,7 +30,7 @@ pre_uninstall_script = '''
 if [ $1 -eq 0 ] ; then
     # Package removal, not upgrade
     # Run commands equivalent to what the RPM systemd macros would do
-    systemd_preun cascade.service
+    systemd_preun cascaded.service
     systemd_triggers
 fi
 '''
@@ -41,7 +41,7 @@ post_uninstall_script = '''
 
 if [ $1 -ge 1 ] ; then
     # Run commands equivalent to what the RPM systemd macros would do
-    systemd_postun_with_restart cascade.service
+    systemd_postun_with_restart cascaded.service
     systemd_triggers
 
     # TODO: Remove the user account?

pkg/rules/packages-to-build.yml

@@ -4,7 +4,14 @@
 pkg:
   - 'cascade'
 image:
-  - "debian:trixie" # debian/13
+  - "ubuntu:jammy"    # ubuntu/22.04
+  - "ubuntu:noble"    # ubuntu/24.04
+  - "debian:buster"   # debian/10
+  - "debian:bullseye" # debian/11
+  - "debian:bookworm" # debian/12
+  - "debian:trixie"   # debian/13
+  - 'almalinux:8'     # compatible with EOL centos:8
+  - 'almalinux:9'
   - 'almalinux:10'
 target:
   - 'x86_64'
@@ -17,8 +24,14 @@ test-image:
   # in the original matrix. This is just how GitHub Actions matrix include rules work.
   - ""
 include:
+  - image: 'almalinux:9'
+    systemd_service_unit_file: pkg/common/cascaded.service
+
+  - image: 'almalinux:8'
+    systemd_service_unit_file: pkg/common/cascaded.service
+
   - image: 'almalinux:10'
-    systemd_service_unit_file: pkg/common/cascade.service
+    systemd_service_unit_file: pkg/common/cascaded.service
 
 # 'mode' is not used by the package building workflow job, but is used by the package testing workflow job.
 # Ploutos will not include this key when using this matrix definition to generate package building matrix

pkg/test-scripts/test-cascade.sh

@@ -4,32 +4,26 @@ set -eo pipefail
 set -x
 
 case $1 in
-  post-install)
-    #echo -e "\nCASCADE VERSION:"
-    #VER=$(cascade --version)
-    #echo $VER
+  post-install|post-upgrade)
+    echo -e "\nCASCADE VERSION:"
+    cascade --version
 
-    echo -e "\nCASCADE CONF:"
-    cat /etc/cascade/cascade.conf
+    echo -e "\nCASCADED VERSION:"
+    cascaded --version
 
-    echo -e "\nCASCADE SERVICE STATUS:"
-    systemctl status cascade || true
+    echo -e "\nDNST VERSION:"
+    dnst --version
+
+    echo -e "\nCASCADED CONF:"
+    cat /etc/cascade/config.toml
+
+    echo -e "\nCASCADED SERVICE STATUS:"
+    systemctl status cascaded || true
 
     #echo -e "\nCASCADE MAN PAGE (first 20 lines only):"
     #man -P cat cascade | head -n 20 || true
-    ;;
 
-  post-upgrade)
-    #echo -e "\nCASCADE VERSION:"
-    #cascade --version
-
-    echo -e "\nCASCADE CONF:"
-    cat /etc/cascade/cascade.conf
-
-    echo -e "\nCASCADE SERVICE STATUS:"
-    systemctl status cascade || true
-
-    #echo -e "\nCASCADE MAN PAGE:"
-    #man -P cat cascade
+    #echo -e "\nCASCADED MAN PAGE (first 20 lines only):"
+    #man -P cat cascaded | head -n 20 || true
     ;;
 esac