openwrt · russdill · Oct 15, 2025
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,14 @@
+obj-*
+debian/.debhelper/
+debian/*.debhelper
+debian/debhelper-build-stamp
+debian/*.debhelper.log
+debian/*.substvars
+debian/rpcd-dev/
+debian/rpcd-mod-file/
+debian/rpcd-mod-iwinfo/
+debian/rpcd-mod-rpcsys/
+debian/rpcd/
+debian/files
+debian/changelog
+debian/tmp/
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -78,3 +78,11 @@ INSTALL(TARGETS rpcd ${PLUGINS}
 	RUNTIME DESTINATION sbin
 	LIBRARY DESTINATION lib/rpcd
 )
+
+ADD_CUSTOM_TARGET(debian
+        COMMAND ${CMAKE_COMMAND} -E echo "Generating debian/changelog from git..."
+        COMMAND ${CMAKE_SOURCE_DIR}/debian/generate-changelog.sh
+        COMMAND dpkg-buildpackage -b -uc -us
+        WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
+        COMMENT "Building Debian package"
+)
diff --git a/debian/acl/file.json b/debian/acl/file.json
diff --git a/debian/acl/iwinfo.json b/debian/acl/iwinfo.json
@@ -0,0 +1,18 @@
+{
+  "iwinfo": {
+    "description": "Read-only wireless info via iwinfo plugin",
+    "read": {
+      "ubus": {
+        "iwinfo": [
+          "devices",
+          "info",
+          "assoclist",
+          "freqlist",
+          "txpowerlist",
+          "countrylist",
+          "scan"
+        ]
+      }
+    }
+  }
+}
diff --git a/debian/acl/rpcsys.json b/debian/acl/rpcsys.json
@@ -0,0 +1,10 @@
+{
+  "rpc-sys": {
+    "description": "Read-only rpcd sys plugin calls",
+    "read": {
+      "ubus": {
+        "rpc-sys": [ "board", "info", "uptime" ]
+      }
+    }
+  }
+}
diff --git a/debian/control b/debian/control
@@ -0,0 +1,53 @@
+Source: rpcd
+Section: admin
+Priority: optional
+Maintainer: Russ Dill <russ.dill@gmail.com>
+Build-Depends: debhelper-compat (= 13),
+               cmake,
+               libubus-dev,
+               libubox-dev,
+               libjson-c-dev,
+               libiwinfo-dev
+Standards-Version: 4.7.0
+Homepage: https://github.com/openwrt/rpcd
+Rules-Requires-Root: no
+
+Package: rpcd
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, ubus, adduser
+Recommends: rpcd-mod-file, rpcd-mod-rpcsys
+Description: ubus JSON-RPC daemon
+ rpcd is a lightweight JSON-RPC server for ubus. It loads plugins from
+ /usr/lib/rpcd and enforces ACLs under /etc/rpcd/acl.d.
+
+Package: rpcd-dev
+Section: libdevel
+Architecture: any
+Multi-Arch: same
+Depends: rpcd (= ${binary:Version}), ${misc:Depends}
+Description: Development headers for rpcd plugins
+ Provides the C header (plugin.h) needed to build rpcd plugins.
+
+Package: rpcd-mod-file
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, rpcd (>= ${binary:Version})
+Description: rpcd plugin: file
+ Exposes basic file operations via rpcd.
+
+Package: rpcd-mod-iwinfo
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, rpcd (>= ${binary:Version}), libiwinfo0
+Description: rpcd plugin: iwinfo
+ Exposes iwinfo radio/assoc data via rpcd.
+
+Package: rpcd-mod-rpcsys
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, rpcd (>= ${binary:Version})
+Description: rpcd plugin: rpc-sys
+ Exposes basic system info/commands via rpcd.
+
+#Package: rpcd-mod-ucode
+#Architecture: any
+#Depends: ${shlibs:Depends}, ${misc:Depends}, rpcd (>= ${binary:Version}), libucode0
+#Description: rpcd plugin: ucode
+# Allows rpcd procedures implemented in ucode.
diff --git a/debian/generate-changelog.sh b/debian/generate-changelog.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+cd "$(dirname "$0")/.."
+
+COMMIT_DATE=$(git log -1 --format='%cd' --date=format:'%Y%m%d' 2>/dev/null || echo '00000000')
+COMMIT_HASH=$(git log -1 --format='%h' 2>/dev/null || echo 'unknown')
+COMMIT_TIMESTAMP=$(git log -1 --format='%cd' --date=rfc2822 2>/dev/null || date -R)
+
+cat > debian/changelog <<EOF
+rpcd (0.0.${COMMIT_DATE}) unstable; urgency=medium
+
+  * Latest version (${COMMIT_HASH})
+
+ -- Russ Dill <russ.dill@gmail.com>  ${COMMIT_TIMESTAMP}
+EOF
diff --git a/debian/rpcd-dev.install b/debian/rpcd-dev.install
@@ -0,0 +1 @@
+/usr/include/rpcd/*
diff --git a/debian/rpcd-mod-file.install b/debian/rpcd-mod-file.install
@@ -0,0 +1,2 @@
+usr/lib/rpcd/file.so
+debian/acl/file.json  etc/rpcd/acl.d/
diff --git a/debian/rpcd-mod-iwinfo.install b/debian/rpcd-mod-iwinfo.install
@@ -0,0 +1,2 @@
+usr/lib/rpcd/iwinfo.so
+debian/acl/iwinfo.json  etc/rpcd/acl.d/
diff --git a/debian/rpcd-mod-rpcsys.install b/debian/rpcd-mod-rpcsys.install
@@ -0,0 +1,2 @@
+usr/lib/rpcd/rpcsys.so
+debian/acl/rpcsys.json etc/rpcd/acl.d/
diff --git a/debian/rpcd.dirs b/debian/rpcd.dirs
@@ -0,0 +1,2 @@
+etc/rpcd/acl.d
+usr/lib/rpcd
diff --git a/debian/rpcd.install b/debian/rpcd.install
@@ -0,0 +1,2 @@
+usr/sbin/rpcd
+unauthenticated.json  etc/rpcd/acl.d/
diff --git a/debian/rpcd.postinst b/debian/rpcd.postinst
@@ -0,0 +1,13 @@
+#!/bin/sh
+set -e
+
+case "$1" in
+  configure)
+    if ! id rpcd >/dev/null 2>&1; then
+      adduser --system --ingroup rpcd --home /var/lib/rpcd --no-create-home \
+        --disabled-login --shell /usr/sbin/nologin rpcd
+    fi
+  ;;
+esac
+
+exit 0
diff --git a/debian/rpcd.postrm b/debian/rpcd.postrm
@@ -0,0 +1,10 @@
+#!/bin/sh
+set -e
+case "$1" in
+  remove)
+    ;;
+  purge)
+    deluser --system rpcd >/dev/null 2>&1 || true
+    ;;
+esac
+exit 0
diff --git a/debian/rpcd.service b/debian/rpcd.service
@@ -0,0 +1,38 @@
+[Unit]
+Description=rpcd ubus RPC daemon
+Documentation=https://github.com/openwrt/rpcd
+After=network-online.target ubusd.service
+Wants=network-online.target ubusd.service
+
+[Service]
+Type=simple
+User=rpcd
+Group=rpcd
+ExecStart=/usr/sbin/rpcd
+Restart=on-failure
+RestartSec=2
+StateDirectory=rpcd
+SupplementaryGroups=ubus
+
+# Hardening
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+PrivateDevices=true
+RestrictAddressFamilies=AF_UNIX
+RestrictRealtime=true
+RestrictSUIDSGID=true
+LockPersonality=true
+MemoryDenyWriteExecute=true
+SystemCallArchitectures=native
+RuntimeDirectory=rpcd
+ReadOnlyPaths=/etc/rpcd/acl.d /run/ubus/ubus.sock
+ReadWritePaths=/var/lib/rpcd
+
+[Install]
+WantedBy=multi-user.target
diff --git a/debian/rules b/debian/rules
@@ -0,0 +1,26 @@
+#!/usr/bin/make -f
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+
+%:
+	dh $@ --buildsystem=cmake
+
+override_dh_auto_configure:
+	dh_auto_configure -- \
+	  -DCMAKE_BUILD_TYPE=RelWithDebInfo \
+	  -DCMAKE_INSTALL_PREFIX=/usr \
+	  -DFILE_SUPPORT=ON \
+	  -DIWINFO_SUPPORT=ON \
+	  -DSYS_SUPPORT=ON \
+	  -DUCODE_SUPPORT=OFF
+
+override_dh_auto_install:
+	dh_auto_install --destdir=$(CURDIR)/debian/tmp
+
+	install -d debian/tmp/usr/include/rpcd
+	install -m 0644 include/rpcd/plugin.h debian/tmp/usr/include/rpcd/plugin.h
+	install -m 0644 include/rpcd/session.h debian/tmp/usr/include/rpcd/session.h
+	install -m 0644 include/rpcd/exec.h debian/tmp/usr/include/rpcd/exec.h
+
+override_dh_installsystemd:
+	# Install the unit but don't auto-enable/start
+	dh_installsystemd --name=rpcd --no-enable --no-start
diff --git a/debian/source/format b/debian/source/format
@@ -0,0 +1 @@
+3.0 (native)
diff --git a/debian/watch b/debian/watch
@@ -0,0 +1,2 @@
+version=4
+# Fill with tags once upstream publishes versioned releases.
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		usr/lib/rpcd/file.so
		debian/acl/file.json etc/rpcd/acl.d/
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		usr/lib/rpcd/iwinfo.so
		debian/acl/iwinfo.json etc/rpcd/acl.d/
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		usr/lib/rpcd/rpcsys.so
		debian/acl/rpcsys.json etc/rpcd/acl.d/
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		usr/sbin/rpcd
		unauthenticated.json etc/rpcd/acl.d/
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		version=4
		# Fill with tags once upstream publishes versioned releases.