feat: add Debian packaging

ppomes · ppomes · commit a3db312f2e5c · 2026-03-17T16:51:51.000-04:00
Produces two binary packages:
- libcoraza1: runtime shared library with proper SONAME (libcoraza.so.1)
- libcoraza-dev: headers, static lib, and dev symlink

Uses patchelf to set SONAME and create the standard versioned symlink
chain since go build -buildmode=c-shared doesn't set one natively.

Libraries are installed under multiarch paths. Tests honor nocheck.
Dependencies are vendored at build time via go mod vendor.
diff --git a/.gitignore b/.gitignore
@@ -34,3 +34,4 @@ _obj/
 .libs/
 Doxyfile
 .dirstamp
+vendor/
diff --git a/debian/changelog b/debian/changelog
@@ -0,0 +1,5 @@
+libcoraza (1.1.1-1) unstable; urgency=low
+
+  * Initial Debian packaging.
+
+ -- Pierre Pomes <pierre.pomes@gmail.com>  Tue, 17 Mar 2026 12:00:00 +0100
diff --git a/debian/control b/debian/control
@@ -0,0 +1,34 @@
+Source: libcoraza
+Section: libs
+Priority: optional
+Maintainer: Pierre Pomes <pierre.pomes@gmail.com>
+Build-Depends: debhelper-compat (= 13),
+               autoconf,
+               automake,
+               libtool,
+               golang-go (>= 2:1.24~),
+               gcc,
+               make,
+               patchelf,
+               pkg-config
+Standards-Version: 4.7.0
+Homepage: https://github.com/corazawaf/libcoraza
+Rules-Requires-Root: no
+
+Package: libcoraza1
+Architecture: any
+Multi-Arch: same
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: OWASP Coraza WAF C library - runtime
+ Coraza is an open-source Web Application Firewall engine. libcoraza
+ provides C bindings to the Coraza engine, allowing integration with
+ web servers like Nginx and Apache.
+
+Package: libcoraza-dev
+Section: libdevel
+Architecture: any
+Depends: libcoraza1 (= ${binary:Version}), ${misc:Depends}
+Description: OWASP Coraza WAF C library - development files
+ Coraza is an open-source Web Application Firewall engine. This package
+ contains the header files and static library needed to build modules
+ that use libcoraza.
diff --git a/debian/copyright b/debian/copyright
@@ -0,0 +1,24 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: libcoraza
+Upstream-Contact: https://github.com/corazawaf/libcoraza/issues
+Source: https://github.com/corazawaf/libcoraza
+
+Files: *
+Copyright: 2022-2026 OWASP Coraza contributors
+License: Apache-2.0
+
+License: Apache-2.0
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+     https://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian systems, the complete text of the Apache License, Version 2.0
+ can be found in "/usr/share/common-licenses/Apache-2.0".
diff --git a/debian/libcoraza-dev.install b/debian/libcoraza-dev.install
@@ -0,0 +1,3 @@
+usr/include/coraza/coraza.h
+usr/lib/*/libcoraza.a
+usr/lib/*/libcoraza.so
diff --git a/debian/libcoraza1.install b/debian/libcoraza1.install
@@ -0,0 +1 @@
+usr/lib/*/libcoraza.so.*
diff --git a/debian/rules b/debian/rules
@@ -0,0 +1,59 @@
+#!/usr/bin/make -f
+
+include /usr/share/dpkg/pkg-info.mk
+include /usr/share/dpkg/architecture.mk
+
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+export GOPATH = $(CURDIR)/.gopath
+export GOCACHE = $(CURDIR)/.gocache
+export GOFLAGS = -mod=vendor
+
+SOMAJOR = 1
+SOVER = $(DEB_VERSION_UPSTREAM)
+MULTIARCH_LIBDIR = usr/lib/$(DEB_HOST_MULTIARCH)
+
+%:
+	dh $@
+
+override_dh_autoreconf:
+	./build.sh
+
+override_dh_auto_configure:
+	go mod vendor
+	dh_auto_configure -- --libdir=/usr/lib/$(DEB_HOST_MULTIARCH)
+
+override_dh_auto_build:
+	$(MAKE) all
+
+override_dh_auto_install:
+	# Install manually to decouple from the check target
+	install -d debian/tmp/usr/lib
+	install -d debian/tmp/usr/include/coraza
+	install libcoraza.a debian/tmp/usr/lib/
+	install libcoraza.so debian/tmp/usr/lib/
+	install coraza/coraza.h debian/tmp/usr/include/coraza/coraza.h
+	# Upstream installs to /usr/lib; move to multiarch path
+	mkdir -p debian/tmp/$(MULTIARCH_LIBDIR)
+	mv debian/tmp/usr/lib/libcoraza.so debian/tmp/$(MULTIARCH_LIBDIR)/
+	mv debian/tmp/usr/lib/libcoraza.a debian/tmp/$(MULTIARCH_LIBDIR)/
+	# Set SONAME and create versioned symlink chain
+	patchelf --set-soname libcoraza.so.$(SOMAJOR) debian/tmp/$(MULTIARCH_LIBDIR)/libcoraza.so
+	mv debian/tmp/$(MULTIARCH_LIBDIR)/libcoraza.so debian/tmp/$(MULTIARCH_LIBDIR)/libcoraza.so.$(SOVER)
+	ln -s libcoraza.so.$(SOVER) debian/tmp/$(MULTIARCH_LIBDIR)/libcoraza.so.$(SOMAJOR)
+	ln -s libcoraza.so.$(SOMAJOR) debian/tmp/$(MULTIARCH_LIBDIR)/libcoraza.so
+
+override_dh_auto_test:
+ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
+	$(MAKE) check
+endif
+
+override_dh_dwz:
+	# Skip dwz compression (incompatible with cgo-built shared libraries)
+
+override_dh_strip:
+	dh_strip --no-automatic-dbgsym
+
+override_dh_auto_clean:
+	[ ! -f Makefile ] || $(MAKE) distclean
+	chmod -Rf u+w .gopath .gocache vendor 2>/dev/null || true
+	rm -rf .gopath .gocache vendor
diff --git a/debian/source/format b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+usr/include/coraza/coraza.h`
	`2`	`+usr/lib/*/libcoraza.a`
	`3`	`+usr/lib/*/libcoraza.so`