pkg: use staging dir for packaging and enable noreplace for rpm config

2026-03-01 13:39:44 +08:00 · 2026-01-16 20:36:34 +08:00
parent 4cf5f13e0e
commit d62c0248f0
3 changed files with 11 additions and 16 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -45,8 +45,8 @@ jobs:
      - name: Prepare Packaging Assets
        run: |
          # Move binary to expected location for cargo-deb and cargo-generate-rpm which read Cargo.toml assets
-          mkdir -p target/release
-          cp target/${{ matrix.target }}/release/traudit target/release/traudit
+          mkdir -p target/package_tmp
+          cp target/${{ matrix.target }}/release/traudit target/package_tmp/traudit

      - name: Package DEB
        run: |
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -3,7 +3,7 @@ name = "traudit"
 version = "0.0.1"
 edition = "2021"
 authors = ["awfufu"]
-description = "A reverse proxy with auditing capabilities."
+description = "A reverse proxy that streams audit records directly to databases."
 license = "MIT"
 repository = "https://github.com/awfufu/traudit"

@@ -38,23 +38,20 @@ strip = true
 maintainer = "awfufu"
 copyright = "2026, awfufu"
 license-file = ["README.md", "4"]
-extended-description = """\
-A reverse proxy with auditing capabilities.
-"""
+extended-description = "A reverse proxy that streams audit records directly to databases"
 depends = "$auto"
 section = "net"
 priority = "optional"
 assets = [
-    ["target/release/traudit", "usr/bin/", "755"],
-    ["config_example.yaml", "etc/traudit/config.yaml", "644"],
+    ["target/package_tmp/traudit", "usr/bin/", "755"],
+    ["config_example.yaml", "etc/traudit/config.yaml", "600"],
    ["traudit.service", "usr/lib/systemd/system/traudit.service", "644"],
 ]
 conf-files = ["/etc/traudit/config.yaml"]

-
 [package.metadata.generate-rpm]
 assets = [
-    { source = "target/release/traudit", dest = "/usr/bin/traudit", mode = "755" },
-    { source = "config_example.yaml", dest = "/etc/traudit/config.yaml", mode = "644", config = true },
+    { source = "target/package_tmp/traudit", dest = "/usr/bin/traudit", mode = "755" },
+    { source = "config_example.yaml", dest = "/etc/traudit/config.yaml", mode = "600", config = "noreplace" },
    { source = "traudit.service", dest = "/usr/lib/systemd/system/traudit.service", mode = "644" },
 ]
--- a/config_example.yaml
+++ b/config_example.yaml
@@ -7,18 +7,16 @@ database:
  batch_timeout_secs: 5

 services:
-  # Receives traffic from FRP with v2 Proxy Protocol header, audits it,
-  # strips the header, and forwards pure TCP to local SSHD.
+  # receives traffic from frp with v2 proxy protocol header, audits it,
+  # strips the header, and forwards pure tcp to local sshd.
  - name: "ssh"
    type: "tcp"
    binds:
      # Entry 1: Public traffic from FRP
-      - addr: "0.0.0.0:2223"
+      - addr: "unix://test.sock"
        proxy: "v2"

      # Entry 2: LAN direct traffic (no Proxy Protocol)
      - addr: "0.0.0.0:2222"
-        # no proxy

    forward_to: "127.0.0.1:22"
-