From 8ba2333965d30b2ecc9b00a3246af17aaef05a19 Mon Sep 17 00:00:00 2001
From: Russ Dill <Russ.Dill@gmail.com>
Date: Wed, 15 Oct 2025 01:46:44 -0700
Subject: [PATCH] Add debian build

This adds a debian build for usteer including the following packages:

usteer (usteerd, usteer.service)
usteer-tools (ap-monitor, fakeap)

This relies on the recent debian/ packaging additions to libubox and ubus as
well as the new libnl-unl package, which provides a component present in
libnl-tiny missing from stock libnl-3:

https://github.com/russdill/libnl-unl

It  also requires the packaged rpcd:

https://github.com/openwrt/rpcd/pull/20

This is currently for proof of concept and experimentation, as the debian
package of hostapd does not contain any of the ubus endpoints.
---
 .gitignore                   | 11 +++++++++++
 debian/control               | 33 +++++++++++++++++++++++++++++++++
 debian/generate-changelog.sh | 15 +++++++++++++++
 debian/rules                 | 28 ++++++++++++++++++++++++++++
 debian/source/format         |  1 +
 debian/usteer-tools.install  |  2 ++
 debian/usteer.install        |  2 ++
 debian/usteer.postinst       | 14 ++++++++++++++
 debian/usteer.prerm          |  6 ++++++
 debian/usteer.service        | 36 ++++++++++++++++++++++++++++++++++++
 debian/watch                 |  2 ++
 11 files changed, 150 insertions(+)
 create mode 100644 debian/control
 create mode 100755 debian/generate-changelog.sh
 create mode 100755 debian/rules
 create mode 100644 debian/source/format
 create mode 100644 debian/usteer-tools.install
 create mode 100644 debian/usteer.install
 create mode 100644 debian/usteer.postinst
 create mode 100644 debian/usteer.prerm
 create mode 100644 debian/usteer.service
 create mode 100644 debian/watch

diff --git a/.gitignore b/.gitignore
index a9bde75..e7f9938 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,4 +9,15 @@ install_manifest.txt
 .vscode/
 *.patch
 *.orig
+obj-*
+debian/.debhelper/
+debian/*.debhelper
+debian/debhelper-build-stamp
+debian/*.debhelper.log
+debian/*.substvars
+debian/files
+debian/usteer/
+debian/usteer-tools/
+debian/changelog
+debian/tmp/
 
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..308cef4
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,33 @@
+Source: usteer
+Section: net
+Priority: optional
+Maintainer: You <you@example.com>
+Build-Depends:
+  debhelper-compat (= 13),
+  cmake,
+  pkg-config,
+  libpcap-dev,
+  libjson-c-dev,
+  libubus-dev,
+  libubox-dev,
+  libnl-3-dev, libnl-genl-3-dev, libnl-unl-dev
+Standards-Version: 4.7.0
+Homepage: https://github.com/openwrt/usteer
+Rules-Requires-Root: no
+
+Package: usteer
+Architecture: any
+Multi-Arch: same
+Depends: ${shlibs:Depends}, ${misc:Depends}, ubus, ubusd, hostapd, rpcd
+Recommends: rpcd-mod-hostapd, rpcd-mod-iwinfo
+Description: AP client steering daemon
+ usteer coordinates client roaming between APs using hostapd and ubus.
+ On Debian it runs as a systemd service and uses rpcd/ubus for control.
+ (Optional nl80211 support is enabled automatically if libnl-tiny is present.)
+
+Package: usteer-tools
+Architecture: any
+Multi-Arch: same
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: Utilities for usteer (monitoring & testing)
+ Installs 'ap-monitor' (pcap-based passive monitor) and 'fakeap' test tool.
diff --git a/debian/generate-changelog.sh b/debian/generate-changelog.sh
new file mode 100755
index 0000000..c916ee1
--- /dev/null
+++ b/debian/generate-changelog.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+cd "$(dirname "$0")/.."
+
+COMMIT_DATE=$(git log -1 --format='%cd' --date=format:'%Y%m%d' 2>/dev/null || echo '00000000')
+COMMIT_HASH=$(git log -1 --format='%h' 2>/dev/null || echo 'unknown')
+COMMIT_TIMESTAMP=$(git log -1 --format='%cd' --date=rfc2822 2>/dev/null || date -R)
+
+cat > debian/changelog <<EOF
+usteer (0.0.${COMMIT_DATE}) unstable; urgency=medium
+
+  * Latest version (${COMMIT_HASH})
+
+ -- Russ Dill <russ.dill@gmail.com>  ${COMMIT_TIMESTAMP}
+EOF
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..829f167
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,28 @@
+#!/usr/bin/make -f
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+
+NL3_CFLAGS := $(shell pkg-config --cflags libnl-genl-3.0 libnl-3.0 libnl-unl)
+NL3_LIBS   := $(shell pkg-config --libs   libnl-genl-3.0 libnl-3.0 libnl-unl)
+
+%:
+	dh $@ --buildsystem=cmake
+
+override_dh_auto_configure:
+	dh_auto_configure -- \
+	  -DCMAKE_BUILD_TYPE=RelWithDebInfo \
+	  -DCMAKE_INSTALL_PREFIX=/usr \
+	  -DCMAKE_INSTALL_SYSCONFDIR=/etc \
+	  -DNL_CFLAGS="$(NL3_CFLAGS)" \
+	  -DNL_LIBS="$(NL3_LIBS)" \
+	  -DNL_LDFLAGS="$(NL3_LIBS)"
+
+override_dh_auto_install:
+	dh_auto_install --destdir=$(CURDIR)/debian/tmp
+
+	install -d debian/tmp/usr/bin
+	[ -f obj-*/ap-monitor ] && install -m 0755 obj-*/ap-monitor debian/tmp/usr/bin/ap-monitor || true
+	[ -f obj-*/fakeap ]    && install -m 0755 obj-*/fakeap    debian/tmp/usr/bin/fakeap     || true
+
+override_dh_installsystemd:
+	# Install the unit but do not auto-enable/start
+	dh_installsystemd --name=usteer --no-enable --no-start
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..89ae9db
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (native)
diff --git a/debian/usteer-tools.install b/debian/usteer-tools.install
new file mode 100644
index 0000000..3c6e429
--- /dev/null
+++ b/debian/usteer-tools.install
@@ -0,0 +1,2 @@
+usr/bin/ap-monitor
+usr/bin/fakeap
diff --git a/debian/usteer.install b/debian/usteer.install
new file mode 100644
index 0000000..c1ba018
--- /dev/null
+++ b/debian/usteer.install
@@ -0,0 +1,2 @@
+usr/sbin/usteerd
+debian/usteer.service  lib/systemd/system/
diff --git a/debian/usteer.postinst b/debian/usteer.postinst
new file mode 100644
index 0000000..749a2cc
--- /dev/null
+++ b/debian/usteer.postinst
@@ -0,0 +1,14 @@
+#!/bin/sh
+set -e
+case "$1" in
+  configure)
+    if ! getent group usteer >/dev/null; then addgroup --system usteer; fi
+    if ! id usteer >/dev/null 2>&1; then
+      adduser --system --ingroup usteer --home /var/lib/usteer --no-create-home \
+        --disabled-login --shell /usr/sbin/nologin usteer
+    fi
+    install -d -o usteer -g usteer -m 0750 /var/lib/usteer
+    systemctl daemon-reload >/dev/null 2>&1 || true
+  ;;
+esac
+exit 0
diff --git a/debian/usteer.prerm b/debian/usteer.prerm
new file mode 100644
index 0000000..9101ec3
--- /dev/null
+++ b/debian/usteer.prerm
@@ -0,0 +1,6 @@
+#!/bin/sh
+set -e
+if [ "$1" = remove ] && [ -d /run/systemd/system ]; then
+  systemctl stop usteer.service >/dev/null 2>&1 || true
+fi
+exit 0
diff --git a/debian/usteer.service b/debian/usteer.service
new file mode 100644
index 0000000..472c3df
--- /dev/null
+++ b/debian/usteer.service
@@ -0,0 +1,36 @@
+[Unit]
+Description=usteer client steering daemon
+Documentation=https://github.com/openwrt/usteer
+After=network-online.target ubusd.service hostapd.service rpcd.service
+Wants=network-online.target ubusd.service hostapd.service rpcd.service
+
+[Service]
+Type=simple
+User=usteer
+Group=usteer
+ExecStart=/usr/sbin/usteerd
+Restart=on-failure
+RestartSec=2
+
+# Hardening
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+PrivateDevices=true
+RestrictAddressFamilies=AF_UNIX
+RestrictRealtime=true
+RestrictSUIDSGID=true
+LockPersonality=true
+MemoryDenyWriteExecute=true
+SystemCallArchitectures=native
+ReadOnlyPaths=/run/ubus/ubus.sock
+ReadWritePaths=/var/lib/usteer
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/debian/watch b/debian/watch
new file mode 100644
index 0000000..2294384
--- /dev/null
+++ b/debian/watch
@@ -0,0 +1,2 @@
+version=4
+# Fill when upstream starts tagging releases