Support debian #40
Support debian #40
Conversation
There was a problem hiding this comment.
Pull request overview
This pull request adds Debian package support for Log4TC on Linux systems and attempts to upgrade the entire project from .NET 8.0 to .NET 10.0. The PR includes infrastructure for creating and hosting Debian packages via GitHub Pages using aptly, adds systemd service configuration, updates documentation with Linux installation instructions, and updates all NuGet package dependencies.
Key changes:
- Adds Debian package creation infrastructure with aptly configuration and Azure DevOps pipeline integration
- Attempts to upgrade all projects from .NET 8.0 to .NET 10.0 (critical issue: .NET 10.0 does not exist)
- Adds Linux installation documentation with apt repository setup instructions
Reviewed changes
Copilot reviewed 36 out of 39 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
| source/aptly/* | New aptly configuration and database files for Debian repository management |
| source/Log4Tc/dockerfile | Updates framework references to net10.0 for test and publish stages |
| source/Log4Tc/**/*.csproj | Updates all project files from net8.0 to net10.0 target framework |
| source/Log4Tc/Mbc.Log4Tc.Service/Mbc.Log4Tc.Service.service | New systemd service unit file for Linux deployment |
| source/Log4Tc/Mbc.Log4Tc.Service/Mbc.Log4Tc.Service.csproj | Adds Packaging.Targets for Debian package creation and Linux path mappings |
| source/Log4Tc/Mbc.Log4Tc.SmokeTest/Mbc.Log4Tc.SmokeTest.csproj | Updates test SDK and assertion library versions |
| source/Log4Tc/Log4Tc.sln | Removes build configurations for setup project |
| source/Log4Tc/Directory.Build.props | Updates version to 25.12.14 and improves description |
| azure-pipelines-release.yml | Adds new stage for publishing Debian packages to GitHub Pages |
| docs/reference/installation.md | Adds comprehensive Linux installation section with apt repository configuration |
| docs/Changelog.md | Documents new Debian support and .NET 10.0 upgrade |
| .azure-pipelines/templates/log4tc/*.yaml | Updates pipeline templates to use net10.0 framework |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| RUN dotnet publish --framework net8.0 --configuration Release --self-contained false --runtime linux-x64 --output /app/publish | ||
| RUN dotnet publish --framework net10.0 --configuration Release --self-contained false --runtime linux-x64 --output /app/publish | ||
|
|
||
| # Stage for pack the binary to deploymnd container |
There was a problem hiding this comment.
Typo in the comment: "deploymnd" should be "deployment".
|
|
||
|  | ||
|
|
||
| Starten sie das setup erneut mit der Kommandozeile ausgeführt als Administrator. Navigieren Sie in den Ortner mit dem MSI Setup per `cd [folder]`. Geben Sie folgendes ein: `msiexec.exe /i "[setup].msi" /l*v install.log`. Wenden Sie sich anschliessend mit dem `install.log` an uns. |
There was a problem hiding this comment.
Typo: "Ortner" should be "Ordner" (German for "folder").
| <!-- Build target to build dep file with: dotnet publish Mbc.Log4Tc.Service\Mbc.Log4Tc.Service.csproj -framework net10.0 - -configuration Release - -self-contained true - -runtime linux-x64 -t:CreateDeb --> | ||
| <ItemGroup> | ||
| <PackageReference Update="Microsoft.CodeAnalysis.Analyzers" Version="3.11.0"> | ||
| <PackageReference Include="Packaging.Targets" Version="0.1.232-*"> |
There was a problem hiding this comment.
The Packaging.Targets package version "0.1.232-*" uses a pre-release wildcard pattern. This can lead to unstable builds as it may pull in newer pre-release versions automatically. Consider pinning to a specific stable version or at least a specific pre-release version.
| <PackageReference Include="Packaging.Targets" Version="0.1.232-*"> | |
| <PackageReference Include="Packaging.Targets" Version="0.1.232"> |
| Types: deb | ||
| URIs: https://mbc-engineering.github.io/log4TC/deb | ||
| Suites: stable | ||
| Components: main | ||
| # there is no GPG key available, so we mark the repository as trusted | ||
| Trusted: yes | ||
| ``` |
There was a problem hiding this comment.
The Debian APT repository configuration for log4tc disables signature verification by setting Trusted: yes without providing a GPG key, which allows an attacker who can intercept or compromise the HTTPS endpoint to distribute malicious packages that APT will accept as trusted. This effectively bypasses APT’s package integrity and origin verification, turning the update channel into a potential remote code execution vector. Instead, generate and publish a proper repository signing key, distribute it out-of-band (e.g., via apt-key replacement mechanisms or signed-by=), and remove the Trusted: yes flag so packages are only accepted when correctly signed.
| # publish the repository to a local directory | ||
| aptly publish repo -config=aptly.conf -architectures="amd64,arm64" -skip-signing log4tc | ||
|
|
||
| # The contents of the public directory can then be copied to the gh-pages branch of the github repository | ||
| cp -r /root/.aptly/public/* /tmp/deb/ | ||
|
|
||
| # Now you can add following line to apt /etc/apt/sources.list.d/log4tc.list: | ||
| # deb https://mbc-engineering.github.io/log4TC/deb/ stable main | ||
|
|
||
| # or in the new format /etc/apt/sources.list.d/log4tc.sources: | ||
| # Types: deb | ||
| # URIs: https://mbc-engineering.github.io/log4TC/deb | ||
| # Suites: stable | ||
| # Components: main | ||
| # Trusted: yes |
There was a problem hiding this comment.
The aptly publish command uses the -skip-signing flag and the suggested client configuration relies on Trusted: yes, creating an unsigned Debian repository that clients will fully trust, which removes cryptographic integrity and origin guarantees for all distributed packages. An attacker who compromises the GitHub Pages hosting or performs a MITM on the HTTPS connection can inject arbitrary packages that will be installed as if they were legitimate updates. You should sign the repository with a GPG key and instruct clients to require valid signatures (e.g., remove -skip-signing and Trusted: yes, and configure a signed-by key file or equivalent secure mechanism).
There was a problem hiding this comment.
@copilot integrate gpg key Generation and fix this issue
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
|
@copilot create a new devops pipeline to test the deb Installation of the latest version in an debian docker Container. This pipeline should be executed in each pr. Also start a Container with a setup influxdb that log4tc can connect to. All dies nformations can be found in the docs. Check if the connection is successfull. You will see it in the internal log. In future it should be possible to spin up a own twincat docker Container to run some end to end tests with the installed log4tc. |
Log4tc Support linux debian with own feed and debian package also Update to .net10