Add debian build

This adds a debian build for usteer including the following packages:

usteer (usteerd, usteer.service)
usteer-tools (ap-monitor, fakeap)

This relies on the recent debian/ packaging additions to libubox and ubus as
well as the new libnl-unl package, which provides a component present in
libnl-tiny missing from stock libnl-3:

https://github.com/russdill/libnl-unl

It  also requires the packaged rpcd:

openwrt/rpcd#20

This is currently for proof of concept and experimentation, as the debian
package of hostapd does not contain any of the ubus endpoints.

Author: russdill

.gitignore

@@ -9,4 +9,15 @@ install_manifest.txt
 .vscode/
 *.patch
 *.orig
+obj-*
+debian/.debhelper/
+debian/*.debhelper
+debian/debhelper-build-stamp
+debian/*.debhelper.log
+debian/*.substvars
+debian/files
+debian/usteer/
+debian/usteer-tools/
+debian/changelog
+debian/tmp/
 

debian/control

@@ -0,0 +1,33 @@
+Source: usteer
+Section: net
+Priority: optional
+Maintainer: You <you@example.com>
+Build-Depends:
+  debhelper-compat (= 13),
+  cmake,
+  pkg-config,
+  libpcap-dev,
+  libjson-c-dev,
+  libubus-dev,
+  libubox-dev,
+  libnl-3-dev, libnl-genl-3-dev, libnl-unl-dev
+Standards-Version: 4.7.0
+Homepage: https://github.com/openwrt/usteer
+Rules-Requires-Root: no
+
+Package: usteer
+Architecture: any
+Multi-Arch: same
+Depends: ${shlibs:Depends}, ${misc:Depends}, ubus, ubusd, hostapd, rpcd
+Recommends: rpcd-mod-hostapd, rpcd-mod-iwinfo
+Description: AP client steering daemon
+ usteer coordinates client roaming between APs using hostapd and ubus.
+ On Debian it runs as a systemd service and uses rpcd/ubus for control.
+ (Optional nl80211 support is enabled automatically if libnl-tiny is present.)
+
+Package: usteer-tools
+Architecture: any
+Multi-Arch: same
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: Utilities for usteer (monitoring & testing)
+ Installs 'ap-monitor' (pcap-based passive monitor) and 'fakeap' test tool.

debian/generate-changelog.sh

@@ -0,0 +1,15 @@
+#!/bin/sh
+
+cd "$(dirname "$0")/.."
+
+COMMIT_DATE=$(git log -1 --format='%cd' --date=format:'%Y%m%d' 2>/dev/null || echo '00000000')
+COMMIT_HASH=$(git log -1 --format='%h' 2>/dev/null || echo 'unknown')
+COMMIT_TIMESTAMP=$(git log -1 --format='%cd' --date=rfc2822 2>/dev/null || date -R)
+
+cat > debian/changelog <<EOF
+usteer (0.0.${COMMIT_DATE}) unstable; urgency=medium
+
+  * Latest version (${COMMIT_HASH})
+
+ -- Russ Dill <russ.dill@gmail.com>  ${COMMIT_TIMESTAMP}
+EOF

debian/rules

@@ -0,0 +1,28 @@
+#!/usr/bin/make -f
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+
+NL3_CFLAGS := $(shell pkg-config --cflags libnl-genl-3.0 libnl-3.0 libnl-unl)
+NL3_LIBS   := $(shell pkg-config --libs   libnl-genl-3.0 libnl-3.0 libnl-unl)
+
+%:
+	dh $@ --buildsystem=cmake
+
+override_dh_auto_configure:
+	dh_auto_configure -- \
+	  -DCMAKE_BUILD_TYPE=RelWithDebInfo \
+	  -DCMAKE_INSTALL_PREFIX=/usr \
+	  -DCMAKE_INSTALL_SYSCONFDIR=/etc \
+	  -DNL_CFLAGS="$(NL3_CFLAGS)" \
+	  -DNL_LIBS="$(NL3_LIBS)" \
+	  -DNL_LDFLAGS="$(NL3_LIBS)"
+
+override_dh_auto_install:
+	dh_auto_install --destdir=$(CURDIR)/debian/tmp
+
+	install -d debian/tmp/usr/bin
+	[ -f obj-*/ap-monitor ] && install -m 0755 obj-*/ap-monitor debian/tmp/usr/bin/ap-monitor || true
+	[ -f obj-*/fakeap ]    && install -m 0755 obj-*/fakeap    debian/tmp/usr/bin/fakeap     || true
+
+override_dh_installsystemd:
+	# Install the unit but do not auto-enable/start
+	dh_installsystemd --name=usteer --no-enable --no-start

debian/source/format

@@ -0,0 +1 @@
+3.0 (native)

debian/usteer-tools.install

@@ -0,0 +1,2 @@
+usr/bin/ap-monitor
+usr/bin/fakeap

debian/usteer.install

@@ -0,0 +1,2 @@
+usr/sbin/usteerd
+debian/usteer.service  lib/systemd/system/

debian/usteer.postinst

@@ -0,0 +1,14 @@
+#!/bin/sh
+set -e
+case "$1" in
+  configure)
+    if ! getent group usteer >/dev/null; then addgroup --system usteer; fi
+    if ! id usteer >/dev/null 2>&1; then
+      adduser --system --ingroup usteer --home /var/lib/usteer --no-create-home \
+        --disabled-login --shell /usr/sbin/nologin usteer
+    fi
+    install -d -o usteer -g usteer -m 0750 /var/lib/usteer
+    systemctl daemon-reload >/dev/null 2>&1 || true
+  ;;
+esac
+exit 0

debian/usteer.prerm

@@ -0,0 +1,6 @@
+#!/bin/sh
+set -e
+if [ "$1" = remove ] && [ -d /run/systemd/system ]; then
+  systemctl stop usteer.service >/dev/null 2>&1 || true
+fi
+exit 0

debian/usteer.service

@@ -0,0 +1,36 @@
+[Unit]
+Description=usteer client steering daemon
+Documentation=https://github.com/openwrt/usteer
+After=network-online.target ubusd.service hostapd.service rpcd.service
+Wants=network-online.target ubusd.service hostapd.service rpcd.service
+
+[Service]
+Type=simple
+User=usteer
+Group=usteer
+ExecStart=/usr/sbin/usteerd
+Restart=on-failure
+RestartSec=2
+
+# Hardening
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+PrivateDevices=true
+RestrictAddressFamilies=AF_UNIX
+RestrictRealtime=true
+RestrictSUIDSGID=true
+LockPersonality=true
+MemoryDenyWriteExecute=true
+SystemCallArchitectures=native
+ReadOnlyPaths=/run/ubus/ubus.sock
+ReadWritePaths=/var/lib/usteer
+
+[Install]
+WantedBy=multi-user.target
+