feat(packaging): Add Debian package infrastructure #660
Conversation
Add complete debian packaging to produce .deb packages for cortex-linux (Python CLI) and cortexd (C++ daemon) for distribution via apt repository. debian/ directory includes: - control: Package metadata for both cortex-linux and cortexd - rules: Build instructions using pybuild + CMake - changelog, compat, copyright, source/format - Install files and maintainer scripts (postinst, prerm, postrm) GitHub workflow (build-deb.yml): - Builds .deb packages on release or manual trigger - Uploads to GitHub release artifacts - Optional push to cortexlinux/apt-repo Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Anshgrover23
requested review from
Suyashd999 and
mikejmorgan-ai
as code owners
Summary of ChangesHello @Anshgrover23, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request establishes the foundational infrastructure for distributing the Cortex project as Debian packages. It enables the creation of separate packages for the Python-based CLI and the C++ daemon, ensuring proper installation, configuration, and system integration on Debian-based systems. Furthermore, it sets up an automated CI/CD pipeline to streamline the package build and release process. Highlights
Ignored Files
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
There was a problem hiding this comment.
Pull request overview
This PR adds Debian packaging infrastructure to enable building and distributing .deb packages for both the cortex-linux Python CLI tool and the cortexd C++ daemon. The implementation includes complete Debian package metadata, maintainer scripts for installation/removal, and a GitHub Actions workflow for automated builds on releases.
Changes:
- Complete
debian/directory structure with package metadata, build rules, and maintainer scripts - GitHub Actions workflow to build packages on release or manual trigger and upload to GitHub releases
- Support for dual-package builds:
cortex-linux(Python CLI) andcortexd(C++ daemon with systemd integration)
Reviewed changes
Copilot reviewed 14 out of 14 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
debian/source/format |
Declares native package format |
debian/rules |
Build instructions for both Python and C++ components |
debian/cortexd.service |
Systemd service installation path |
debian/cortexd.prerm |
Pre-removal script to stop daemon |
debian/cortexd.postrm |
Post-removal cleanup script |
debian/cortexd.postinst |
Post-installation setup for daemon |
debian/cortexd.install |
Defines daemon binary and config paths |
debian/cortex-linux.postinst |
Post-installation setup for CLI |
debian/cortex-linux.install |
Defines Python package installation paths |
debian/copyright |
License and copyright information |
debian/control |
Package metadata and dependencies |
debian/compat |
Debhelper compatibility level |
debian/changelog |
Initial package changelog |
.github/workflows/build-deb.yml |
Automated package build workflow |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
Note Other AI code review bot(s) detectedCodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review. 📝 WalkthroughWalkthroughAdds comprehensive Debian packaging infrastructure including a GitHub Actions workflow to automate package builds and publication, Debian metadata files (control, changelog, copyright, rules), installation and removal scripts for both packages, and a minor CMake compatibility fix for policy handling. Changes
Sequence DiagramsequenceDiagram
participant Release as Release/Manual Trigger
participant GHA as GitHub Actions
participant Build as Build Tools<br/>(dpkg-buildpackage)
participant Artifact as Artifact Storage
participant GHRelease as GitHub Release
participant AptRepo as apt-repo<br/>(Dispatch)
Release->>GHA: Trigger build-deb.yml
GHA->>Build: Checkout + Install tooling
Build->>Build: Modify debian/changelog
Build->>Build: dpkg-buildpackage
Build->>Artifact: Copy *.deb to dist/
GHA->>Artifact: Run lintian (non-fatal)
GHA->>Artifact: Upload artifacts (30d)
alt Release Event
GHA->>GHRelease: Publish *.deb
end
alt Release or Manual Upload
GHA->>Artifact: Download artifacts
GHA->>AptRepo: Trigger repository-dispatch
end
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces Debian packaging for the project, which is a great addition for distribution and installation on Debian-based systems. The changes include a complete debian/ directory with control files, build rules, and maintainer scripts for two packages: cortex-linux (the Python CLI) and cortexd (the C++ daemon). My review focuses on improving the maintainability and safety of these packaging scripts. I've identified a few areas for improvement: using CMake's configure_file to avoid sed in the rules file, removing duplicated logic in post-installation scripts, and addressing a potentially destructive command in the post-removal script.
| purge) | ||
| # Remove configuration files | ||
| rm -rf /etc/cortex/cortexd.yaml | ||
|
|
||
| # Remove state directory (only on purge) | ||
| rm -rf /var/lib/cortex | ||
|
|
||
| # Remove runtime directory | ||
| rm -rf /run/cortex | ||
|
|
||
| # Reload systemd | ||
| if [ -d /run/systemd/system ]; then | ||
| systemctl daemon-reload || true | ||
| fi | ||
| ;; |
There was a problem hiding this comment.
There are a couple of safety concerns in the purge section of this script:
-
rm -rf /etc/cortex/cortexd.yaml: Usingrm -rfon a single file is a bad practice. If for some reason the path was an empty string, it could have unintended consequences. It's safer to userm -ffor single files. -
rm -rf /var/lib/cortex: This is a destructive action that removes the entire state directory. Thecortex-linuxpackage also creates and likely uses this directory. Purgingcortexdshould not wipe the data for thecortex-linuxpackage. This could lead to unexpected data loss for the user.
A safer approach would be to only remove files and directories that are exclusively owned by the cortexd package. For shared directories, removal should be handled with more care, for example, by only removing daemon-specific subdirectories or not removing the shared directory at all in this script.
I've suggested a safer version of the purge block below.
| purge) | |
| # Remove configuration files | |
| rm -rf /etc/cortex/cortexd.yaml | |
| # Remove state directory (only on purge) | |
| rm -rf /var/lib/cortex | |
| # Remove runtime directory | |
| rm -rf /run/cortex | |
| # Reload systemd | |
| if [ -d /run/systemd/system ]; then | |
| systemctl daemon-reload || true | |
| fi | |
| ;; | |
| purge) | |
| # Remove configuration files | |
| rm -f /etc/cortex/cortexd.yaml | |
| # The /var/lib/cortex directory is shared with cortex-linux and should not be removed here. | |
| # If cortexd has specific state, it should be in a subdirectory like /var/lib/cortex/cortexd | |
| # Remove runtime directory | |
| rm -rf /run/cortex | |
| # Reload systemd | |
| if [ -d /run/systemd/system ]; then | |
| systemctl daemon-reload || true | |
| fi | |
| ;; |
debian/rules
Outdated
| # Fix systemd service path (use /usr/bin instead of /usr/local/bin) | ||
| mkdir -p $(CURDIR)/debian/cortexd/lib/systemd/system | ||
| sed 's|/usr/local/bin/cortexd|/usr/bin/cortexd|g' \ | ||
| daemon/systemd/cortexd.service > \ | ||
| $(CURDIR)/debian/cortexd/lib/systemd/system/cortexd.service |
There was a problem hiding this comment.
The use of sed to patch the path in the systemd service file is a bit fragile. A more robust and standard approach for handling configuration files in CMake-based projects is to use configure_file. This makes the build process less dependent on the exact string in the source file and moves the configuration logic into CMake where it belongs.
You could implement this by:
- Renaming
daemon/systemd/cortexd.servicetodaemon/systemd/cortexd.service.in. - In the new
.infile, replace the hardcoded path with a CMake variable:ExecStart=@CMAKE_INSTALL_FULL_BINDIR@/cortexd - In
daemon/CMakeLists.txt, useconfigure_fileto generate the final service file and install it. This would replace the existinginstall(FILES systemd/cortexd.service ...)directive.include(GNUInstallDirs) configure_file( systemd/cortexd.service.in ${CMAKE_CURRENT_BINARY_DIR}/cortexd.service @ONLY ) install( FILES ${CMAKE_CURRENT_BINARY_DIR}/cortexd.service DESTINATION ${CMAKE_INSTALL_LIBDIR}/systemd/system )
With this change, the sed command and the mkdir for the systemd directory in this debian/rules file would no longer be necessary, as make install would place the correctly configured file in the right location within the staging directory.
| if [ ! -d /etc/cortex ]; then | ||
| mkdir -p /etc/cortex | ||
| chmod 755 /etc/cortex | ||
| fi | ||
|
|
||
| # Create cortex state directory | ||
| if [ ! -d /var/lib/cortex ]; then | ||
| mkdir -p /var/lib/cortex | ||
| chmod 750 /var/lib/cortex | ||
| fi |
There was a problem hiding this comment.
The logic to create /etc/cortex and /var/lib/cortex is duplicated in debian/cortexd.postinst. Since cortexd is the daemon component and seems more foundational, it's better to centralize the creation of these system-wide directories in its postinst script.
Removing this duplicated code from cortex-linux.postinst will make the packaging easier to maintain and ensure there's a single source of truth for directory management. The cortex-linux package already Recommends: cortexd, so in most cases, cortexd will be installed and will have already created these directories.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 7
🤖 Fix all issues with AI agents
In @.github/workflows/build-deb.yml:
- Around line 117-123: The workflow step named "Upload to GitHub Release" uses
softprops/action-gh-release@v1 which is outdated; update the action reference to
softprops/action-gh-release@v2 (replace "@v1" with "@v2" in the uses field for
that step), keep the existing inputs (files: dist/*.deb) and GITHUB_TOKEN env,
and verify any v2-specific input or permission requirements in the action docs
and adjust the step accordingly.
- Around line 72-83: The heredoc that writes debian/changelog in the "Update
changelog version (if manual)" step preserves leading indentation, causing
whitespace issues; change the heredoc to use a stripped form (use <<- EOF) or
unindent the heredoc body so lines start at column 0, e.g., replace cat >
debian/changelog << EOF and the indented block with either cat >
debian/changelog <<- EOF and keep the indented content (tabs only) or remove
leading spaces from the heredoc content so the generated changelog has no extra
indentation; ensure the VERSION variable usage and the closing EOF remain
correct.
- Around line 55-70: The heredoc used in the "Update changelog version (if
release)" step (cat > debian/changelog << EOF) is indented, which will insert
leading spaces and break the Debian changelog format; fix by switching to a
non-indented heredoc body so package name and entries start at column 1 and
change lines have exactly one leading space (or use a tab-stripping heredoc
marker <<-EOF and ensure only tabs are used for indentation), keeping the same
variables (VERSION and github.event.release.tag_name) and preserving the release
date line with $(date -R).
In `@debian/control`:
- Around line 23-46: Update the Debian control Depends list to use the official
NVML bindings package: replace the obsolete python3-nvidia-ml-py entry with
python3-pynvml in the Depends stanza (the block that currently lists
python3-psutil, python3-nvidia-ml-py, etc.), leaving python3-dotenv and the
other dependencies unchanged; ensure the modified package name appears exactly
as python3-pynvml.
In `@debian/cortexd.postinst`:
- Around line 7-10: The postinst currently creates /run/cortex directly but /run
is tmpfs and will be cleared on reboot; instead add a tmpfiles.d entry or use
systemd RuntimeDirectory to ensure /run/cortex is recreated at boot. Either add
a debian/cortexd.tmpfiles file containing a tmpfiles.d directive for /run/cortex
and add it to debian/cortexd.install so it is installed to
usr/lib/tmpfiles.d/cortexd.conf, or set RuntimeDirectory=cortex in your service
unit file (the systemd unit that manages cortexd) so systemd creates /run/cortex
automatically; remove the mkdir/chmod from debian/cortexd.postinst once you
implement one of these options.
In `@debian/cortexd.postrm`:
- Around line 5-19: In the purge) block of debian/cortexd.postrm do not rm -rf
the shared directories (/var/lib/cortex and /etc/cortex); instead only remove
cortexd-specific files (e.g. /etc/cortex/cortexd.yaml and any files/dirs
namespaced for cortexd under /var/lib/cortex such as /var/lib/cortex/cortexd or
files matching cortexd-*) and avoid deleting the parent shared directories;
locate the purge) case in debian/cortexd.postrm and replace the broad rm -rf
commands with targeted removals, optionally guarding with a check for presence
of cortex-linux via dpkg-query or by testing for other packages' files before
deleting shared dirs, while keeping the systemctl daemon-reload logic.
In `@debian/source/format`:
- Line 1: Change the Debian source format or the changelog version to make them
consistent: either update debian/source/format from "3.0 (native)" to "3.0
(quilt)" if you intend to keep the changelog version "0.1.0-1", or keep "3.0
(native)" and edit the changelog entry version (the version string in
debian/changelog, currently "0.1.0-1") to remove the Debian revision and use
"0.1.0"; locate and update the file containing debian/source/format or the
debian/changelog entry respectively (referencing the "debian/source/format" file
and the version string in debian/changelog).
🧹 Nitpick comments (6)
debian/compat (1)
1-1: Consider using debhelper-compat in debian/control instead.The separate
debian/compatfile is a legacy approach. Modern Debian packaging (debhelper ≥ 10) recommends specifying the compat level viaBuild-Dependsindebian/control:Build-Depends: debhelper-compat (= 13), ...This eliminates the need for a separate file and keeps all build dependencies in one place. The current approach is still functional.
debian/copyright (1)
30-30: Consider specifying an exact Change Date.The BUSL-1.1 typically requires a specific date (e.g., "2030-01-21") rather than a relative phrase like "Four years from the date the Licensed Work is published." An exact date provides clarity for users about when the license converts to Apache 2.0.
.github/workflows/build-deb.yml (1)
105-108: Consider failing the build on critical lintian errors.Currently, lintian runs but all errors are suppressed with
|| true. Consider filtering to fail only on errors (E:) while allowing warnings (W:) to pass:♻️ Optional: Fail on lintian errors only
- name: Run lintian checks run: | - # Run lintian but don't fail on warnings - lintian dist/*.deb --no-tag-display-limit || true + # Run lintian, fail only on errors + lintian dist/*.deb --no-tag-display-limit --fail-on errordebian/cortexd.postinst (2)
13-16: Consider using a dedicated system user for the daemon.The state directory
/var/lib/cortexis created with mode 750 but owned by root. Ifcortexdruns as root, this works, but running daemons as root is generally discouraged for security.Consider creating a dedicated
cortexsystem user/group and setting ownership accordingly:Suggested improvement
+ # Create system user if it doesn't exist + if ! getent passwd cortex >/dev/null; then + adduser --system --group --no-create-home --home /var/lib/cortex cortex + fi + # Create state directory if [ ! -d /var/lib/cortex ]; then mkdir -p /var/lib/cortex chmod 750 /var/lib/cortex + chown cortex:cortex /var/lib/cortex fiThis requires corresponding changes to the systemd service (
User=cortex,Group=cortex).
24-30: Config copy logic looks correct, but consider usingucffor config management.The current approach correctly preserves user modifications by only copying when no config exists. For more robust config file management in Debian packages (handling upgrades, prompting users about changes), consider using
ucf(Update Configuration File):This is optional—the current implementation is functional for an initial release.
debian/rules (1)
27-36: Consider adding error handling for improved defensive programming.The systemd service file at
daemon/systemd/cortexd.serviceexists in the repository. However, adding a check before thesedcommand would improve robustness in case the file is accidentally removed or the path changes:override_dh_auto_install: # Install Python package dh_auto_install --buildsystem=pybuild # Install C++ daemon $(MAKE) -C daemon/build DESTDIR=$(CURDIR)/debian/cortexd install # Fix systemd service path (use /usr/bin instead of /usr/local/bin) + test -f daemon/systemd/cortexd.service || { echo "Error: daemon/systemd/cortexd.service not found"; exit 1; } mkdir -p $(CURDIR)/debian/cortexd/lib/systemd/system sed 's|/usr/local/bin/cortexd|/usr/bin/cortexd|g' \ daemon/systemd/cortexd.service > \ $(CURDIR)/debian/cortexd/lib/systemd/system/cortexd.service
| - name: Update changelog version (if release) | ||
| if: github.event_name == 'release' | ||
| run: | | ||
| VERSION="${{ github.event.release.tag_name }}" | ||
| # Remove 'v' prefix if present | ||
| VERSION="${VERSION#v}" | ||
|
|
||
| # Update debian/changelog with release version | ||
| cat > debian/changelog << EOF | ||
| cortex (${VERSION}-1) stable; urgency=medium | ||
|
|
||
| * Release ${VERSION} | ||
| * See https://github.com/cortexlinux/cortex/releases/tag/${{ github.event.release.tag_name }} | ||
|
|
||
| -- Mike Morgan <mike@cortexlinux.com> $(date -R) | ||
| EOF |
There was a problem hiding this comment.
Heredoc indentation will corrupt debian/changelog format.
The heredoc content is indented, but those leading spaces will be included literally in the output file. Debian changelog format is whitespace-sensitive — the package name must start at column 1, and change entries must be indented with exactly one space.
🐛 Proposed fix to remove heredoc indentation
- name: Update changelog version (if release)
if: github.event_name == 'release'
run: |
VERSION="${{ github.event.release.tag_name }}"
# Remove 'v' prefix if present
VERSION="${VERSION#v}"
# Update debian/changelog with release version
- cat > debian/changelog << EOF
- cortex (${VERSION}-1) stable; urgency=medium
-
- * Release ${VERSION}
- * See https://github.com/cortexlinux/cortex/releases/tag/${{ github.event.release.tag_name }}
-
- -- Mike Morgan <mike@cortexlinux.com> $(date -R)
- EOF
+ cat > debian/changelog << 'CHANGELOG'
+cortex (${VERSION}-1) stable; urgency=medium
+
+ * Release ${VERSION}
+ * See https://github.com/cortexlinux/cortex/releases/tag/${{ github.event.release.tag_name }}
+
+ -- Mike Morgan <mike@cortexlinux.com> $(date -R)
+CHANGELOG
+ # Variable substitution requires unquoted heredoc
+ envsubst < debian/changelog > debian/changelog.tmp && mv debian/changelog.tmp debian/changelogAlternatively, use <<-EOF (with hyphen) if the shell supports it for tab-stripped heredocs, but note that only tabs are stripped, not spaces.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - name: Update changelog version (if release) | |
| if: github.event_name == 'release' | |
| run: | | |
| VERSION="${{ github.event.release.tag_name }}" | |
| # Remove 'v' prefix if present | |
| VERSION="${VERSION#v}" | |
| # Update debian/changelog with release version | |
| cat > debian/changelog << EOF | |
| cortex (${VERSION}-1) stable; urgency=medium | |
| * Release ${VERSION} | |
| * See https://github.com/cortexlinux/cortex/releases/tag/${{ github.event.release.tag_name }} | |
| -- Mike Morgan <mike@cortexlinux.com> $(date -R) | |
| EOF | |
| - name: Update changelog version (if release) | |
| if: github.event_name == 'release' | |
| run: | | |
| VERSION="${{ github.event.release.tag_name }}" | |
| # Remove 'v' prefix if present | |
| VERSION="${VERSION#v}" | |
| # Update debian/changelog with release version | |
| cat > debian/changelog << EOF | |
| cortex (${VERSION}-1) stable; urgency=medium | |
| * Release ${VERSION} | |
| * See https://github.com/cortexlinux/cortex/releases/tag/${{ github.event.release.tag_name }} | |
| -- Mike Morgan <mike@cortexlinux.com> $(date -R) | |
| EOF |
🤖 Prompt for AI Agents
In @.github/workflows/build-deb.yml around lines 55 - 70, The heredoc used in
the "Update changelog version (if release)" step (cat > debian/changelog << EOF)
is indented, which will insert leading spaces and break the Debian changelog
format; fix by switching to a non-indented heredoc body so package name and
entries start at column 1 and change lines have exactly one leading space (or
use a tab-stripping heredoc marker <<-EOF and ensure only tabs are used for
indentation), keeping the same variables (VERSION and
github.event.release.tag_name) and preserving the release date line with $(date
-R).
| - name: Update changelog version (if manual) | ||
| if: github.event_name == 'workflow_dispatch' && github.event.inputs.version != '' | ||
| run: | | ||
| VERSION="${{ github.event.inputs.version }}" | ||
|
|
||
| cat > debian/changelog << EOF | ||
| cortex (${VERSION}-1) unstable; urgency=medium | ||
|
|
||
| * Manual build ${VERSION} | ||
|
|
||
| -- Mike Morgan <mike@cortexlinux.com> $(date -R) | ||
| EOF |
There was a problem hiding this comment.
Same heredoc indentation issue in manual build step.
This step has the same whitespace problem as the release changelog step.
🐛 Proposed fix
- name: Update changelog version (if manual)
if: github.event_name == 'workflow_dispatch' && github.event.inputs.version != ''
run: |
VERSION="${{ github.event.inputs.version }}"
- cat > debian/changelog << EOF
- cortex (${VERSION}-1) unstable; urgency=medium
-
- * Manual build ${VERSION}
-
- -- Mike Morgan <mike@cortexlinux.com> $(date -R)
- EOF
+ cat > debian/changelog <<EOF
+cortex (${VERSION}-1) unstable; urgency=medium
+
+ * Manual build ${VERSION}
+
+ -- Mike Morgan <mike@cortexlinux.com> $(date -R)
+EOF📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - name: Update changelog version (if manual) | |
| if: github.event_name == 'workflow_dispatch' && github.event.inputs.version != '' | |
| run: | | |
| VERSION="${{ github.event.inputs.version }}" | |
| cat > debian/changelog << EOF | |
| cortex (${VERSION}-1) unstable; urgency=medium | |
| * Manual build ${VERSION} | |
| -- Mike Morgan <mike@cortexlinux.com> $(date -R) | |
| EOF | |
| - name: Update changelog version (if manual) | |
| if: github.event_name == 'workflow_dispatch' && github.event.inputs.version != '' | |
| run: | | |
| VERSION="${{ github.event.inputs.version }}" | |
| cat > debian/changelog <<EOF | |
| cortex (${VERSION}-1) unstable; urgency=medium | |
| * Manual build ${VERSION} | |
| -- Mike Morgan <mike@cortexlinux.com> $(date -R) | |
| EOF |
🤖 Prompt for AI Agents
In @.github/workflows/build-deb.yml around lines 72 - 83, The heredoc that
writes debian/changelog in the "Update changelog version (if manual)" step
preserves leading indentation, causing whitespace issues; change the heredoc to
use a stripped form (use <<- EOF) or unindent the heredoc body so lines start at
column 0, e.g., replace cat > debian/changelog << EOF and the indented block
with either cat > debian/changelog <<- EOF and keep the indented content (tabs
only) or remove leading spaces from the heredoc content so the generated
changelog has no extra indentation; ensure the VERSION variable usage and the
closing EOF remain correct.
| - name: Upload to GitHub Release | ||
| if: github.event_name == 'release' | ||
| uses: softprops/action-gh-release@v1 | ||
| with: | ||
| files: dist/*.deb | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
There was a problem hiding this comment.
Update softprops/action-gh-release to v2.
The static analysis tool flagged that @v1 is outdated and may have compatibility issues with newer GitHub Actions runners.
🔧 Proposed fix
- name: Upload to GitHub Release
if: github.event_name == 'release'
- uses: softprops/action-gh-release@v1
+ uses: softprops/action-gh-release@v2
with:
files: dist/*.deb
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}🧰 Tools
🪛 actionlint (1.7.10)
119-119: the runner of "softprops/action-gh-release@v1" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
🤖 Prompt for AI Agents
In @.github/workflows/build-deb.yml around lines 117 - 123, The workflow step
named "Upload to GitHub Release" uses softprops/action-gh-release@v1 which is
outdated; update the action reference to softprops/action-gh-release@v2 (replace
"@v1" with "@v2" in the uses field for that step), keep the existing inputs
(files: dist/*.deb) and GITHUB_TOKEN env, and verify any v2-specific input or
permission requirements in the action docs and adjust the step accordingly.
| Package: cortex-linux | ||
| Architecture: all | ||
| Depends: ${python3:Depends}, | ||
| ${misc:Depends}, | ||
| python3 (>= 3.10), | ||
| python3-requests, | ||
| python3-yaml, | ||
| python3-cryptography, | ||
| python3-dotenv, | ||
| python3-rich, | ||
| python3-typing-extensions | ||
| Recommends: cortexd | ||
| Suggests: python3-psutil, python3-nvidia-ml-py | ||
| Description: AI-powered package manager for Debian/Ubuntu | ||
| Cortex Linux is an AI-powered package manager that understands natural | ||
| language commands. It provides an intelligent interface to APT, allowing | ||
| users to install, remove, and manage packages using conversational queries. | ||
| . | ||
| Features: | ||
| - Natural language package management | ||
| - Multiple LLM provider support (Anthropic, OpenAI) | ||
| - Secure sandbox execution | ||
| - Rich terminal UI | ||
| - Comprehensive audit logging |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Check Ubuntu 22.04 package availability
echo "=== Checking python3-dotenv ==="
apt-cache search python3-dotenv | head -10
echo ""
echo "=== Checking python3-nvidia-ml-py ==="
apt-cache search python3-nvidia-ml-py | head -10
echo ""
echo "=== Alternative search for nvidia packages ==="
apt-cache search nvidia-ml | head -10
echo ""
echo "=== Check python3-dotenv in detail ==="
apt-cache show python3-dotenv 2>/dev/null | grep -E "Package:|Version:|Status:" || echo "Not found in apt-cache"
echo ""
echo "=== Check python3-nvidia-ml-py in detail ==="
apt-cache show python3-nvidia-ml-py 2>/dev/null | grep -E "Package:|Version:|Status:" || echo "Not found in apt-cache"Repository: cortexlinux/cortex
Length of output: 474
🌐 Web query:
Debian python3-dotenv package name availability
💡 Result:
Short answer: The Debian package name python3-dotenv exists. It's packaged as python3-dotenv (from source python-dotenv) in Debian: bullseye (0.15.0-1), bookworm (0.21.0-1) and current/testing/unstable (trixie/forky/sid) at 1.0.1-1. See Debian package pages for details. [1][2][3]
References
- Package search / overview: python3-dotenv. [1]
- python3-dotenv (sid) detail (1.0.1-1). [2]
- python-dotenv source (bookworm/bullseye listings). [3]
🌐 Web query:
Debian Ubuntu python3-nvidia-ml-py package availability alternatives
💡 Result:
Short answer: There is no widely used distro package named python3-nvidia-ml-py. Debian/Ubuntu expose NVML Python bindings as python3-pynvml in Debian repos (package python3-pynvml), while the common upstream/third‑party packages installable via pip are nvidia-ml-py3, pynvml (pynvml/pynvml_utils), and py3nvml. Use the distro package when you want APT-managed installs, or pip (inside a venv) to get the latest bindings.
References:
- Debian package python3-pynvml (Debian bullseye). [1]
- PyPI: pynvml (and note it may depend on nvidia-ml-py). [2]
- PyPI / PyPI listings for nvidia-ml-py3 / GitHub py3nvml as pip-installable alternatives. [3][4]
If you want, tell me your Debian/Ubuntu release and whether you prefer APT or pip and I’ll give the exact install command.
Use correct Debian package name for NVIDIA ML bindings.
python3-nvidia-ml-py is not available in standard Debian/Ubuntu repositories. Replace it with python3-pynvml, which provides the Python NVML bindings in Debian's package repositories.
The python3-dotenv package is available and correctly named in Debian/Ubuntu repositories, so no change needed there.
🤖 Prompt for AI Agents
In `@debian/control` around lines 23 - 46, Update the Debian control Depends list
to use the official NVML bindings package: replace the obsolete
python3-nvidia-ml-py entry with python3-pynvml in the Depends stanza (the block
that currently lists python3-psutil, python3-nvidia-ml-py, etc.), leaving
python3-dotenv and the other dependencies unchanged; ensure the modified package
name appears exactly as python3-pynvml.
| if [ ! -d /run/cortex ]; then | ||
| mkdir -p /run/cortex | ||
| chmod 755 /run/cortex | ||
| fi |
There was a problem hiding this comment.
/run/cortex is volatile and will be lost on reboot.
The /run directory is a tmpfs mount that's cleared on every boot. Creating it in postinst works for the initial install, but the directory won't exist after a reboot until the service starts.
Consider using a tmpfiles.d configuration file instead, which systemd processes early in boot:
Suggested fix: Add debian/cortexd.tmpfiles
Create debian/cortexd.tmpfiles:
d /run/cortex 0755 root root -
And add to debian/cortexd.install:
debian/cortexd.tmpfiles usr/lib/tmpfiles.d/cortexd.conf
Alternatively, add RuntimeDirectory=cortex to the systemd service unit, which automatically creates and manages /run/cortex.
🤖 Prompt for AI Agents
In `@debian/cortexd.postinst` around lines 7 - 10, The postinst currently creates
/run/cortex directly but /run is tmpfs and will be cleared on reboot; instead
add a tmpfiles.d entry or use systemd RuntimeDirectory to ensure /run/cortex is
recreated at boot. Either add a debian/cortexd.tmpfiles file containing a
tmpfiles.d directive for /run/cortex and add it to debian/cortexd.install so it
is installed to usr/lib/tmpfiles.d/cortexd.conf, or set RuntimeDirectory=cortex
in your service unit file (the systemd unit that manages cortexd) so systemd
creates /run/cortex automatically; remove the mkdir/chmod from
debian/cortexd.postinst once you implement one of these options.
| purge) | ||
| # Remove configuration files | ||
| rm -rf /etc/cortex/cortexd.yaml | ||
|
|
||
| # Remove state directory (only on purge) | ||
| rm -rf /var/lib/cortex | ||
|
|
||
| # Remove runtime directory | ||
| rm -rf /run/cortex | ||
|
|
||
| # Reload systemd | ||
| if [ -d /run/systemd/system ]; then | ||
| systemctl daemon-reload || true | ||
| fi | ||
| ;; |
There was a problem hiding this comment.
Shared directories may break cortex-linux if still installed.
The purge action removes /var/lib/cortex and /etc/cortex/cortexd.yaml, but these directories appear to be shared with the cortex-linux package (based on cortex-linux.postinst creating /var/lib/cortex and /etc/cortex). Purging cortexd while cortex-linux is installed could break the CLI.
🐛 Proposed fix: Only remove cortexd-specific files
purge)
# Remove configuration files
- rm -rf /etc/cortex/cortexd.yaml
+ rm -f /etc/cortex/cortexd.yaml
- # Remove state directory (only on purge)
- rm -rf /var/lib/cortex
+ # Remove cortexd-specific state (only on purge)
+ rm -rf /var/lib/cortex/cortexd
+ # Only remove parent directory if empty
+ rmdir /var/lib/cortex 2>/dev/null || true
+ rmdir /etc/cortex 2>/dev/null || true
# Remove runtime directory
- rm -rf /run/cortex
+ rm -rf /run/cortex/cortexd.sock
+ rmdir /run/cortex 2>/dev/null || true
# Reload systemd
if [ -d /run/systemd/system ]; then
systemctl daemon-reload || true
fi
;;🤖 Prompt for AI Agents
In `@debian/cortexd.postrm` around lines 5 - 19, In the purge) block of
debian/cortexd.postrm do not rm -rf the shared directories (/var/lib/cortex and
/etc/cortex); instead only remove cortexd-specific files (e.g.
/etc/cortex/cortexd.yaml and any files/dirs namespaced for cortexd under
/var/lib/cortex such as /var/lib/cortex/cortexd or files matching cortexd-*) and
avoid deleting the parent shared directories; locate the purge) case in
debian/cortexd.postrm and replace the broad rm -rf commands with targeted
removals, optionally guarding with a check for presence of cortex-linux via
dpkg-query or by testing for other packages' files before deleting shared dirs,
while keeping the systemctl daemon-reload logic.
| @@ -0,0 +1 @@ | |||
| 3.0 (native) | |||
There was a problem hiding this comment.
Source format conflicts with version numbering in changelog.
Using 3.0 (native) format means the package is Debian-native (no separate upstream tarball). However, the changelog version 0.1.0-1 includes a Debian revision (-1), which is only appropriate for non-native packages using 3.0 (quilt) format.
Either:
- Change to
3.0 (quilt)if you want to maintain upstream/Debian separation with revisions like-1,-2, etc. - Keep
3.0 (native)and update the changelog version to0.1.0(no revision suffix).
For a project where upstream and Debian packaging live in the same repo, 3.0 (native) with version 0.1.0 is appropriate.
🤖 Prompt for AI Agents
In `@debian/source/format` at line 1, Change the Debian source format or the
changelog version to make them consistent: either update debian/source/format
from "3.0 (native)" to "3.0 (quilt)" if you intend to keep the changelog version
"0.1.0-1", or keep "3.0 (native)" and edit the changelog entry version (the
version string in debian/changelog, currently "0.1.0-1") to remove the Debian
revision and use "0.1.0"; locate and update the file containing
debian/source/format or the debian/changelog entry respectively (referencing the
"debian/source/format" file and the version string in debian/changelog).
- Remove debian/compat (use debhelper-compat in control instead) - Remove .install files (handle installation in rules directly) - Use pip3 --target for Python package installation - Make CMake CMP0135 policy conditional for older CMake versions - Add debian build artifacts to .gitignore Build tested successfully in Ubuntu 22.04 Docker container. Produces: cortex-linux_0.1.0-1_all.deb, cortexd_0.1.0-1_amd64.deb Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
CLA Verification PassedAll contributors have signed the CLA.
|
|
Summary
debian/directory for building.debpackagescortex-linuxpackage (Python CLI) andcortexdpackage (C++ daemon)Changes
debian/directorycontrolruleschangelogcompatcopyrightsource/formatcortex-linux.installcortex-linux.postinstcortexd.installcortexd.postinstcortexd.prermcortexd.postrm.github/workflows/build-deb.ymlcortex-linux_*.debandcortexd_*.debcortexlinux/apt-repoTest plan
dpkg-buildpackage -us -uc -blocally on Ubuntu.debpackages are createdsudo dpkg -i *.debcortex --helpworks after installsystemctl status cortexdshows service available🤖 Generated with Claude Code
Summary by CodeRabbit
Release Notes
✏️ Tip: You can customize this high-level summary in your review settings.