Skip to content

feat(packaging): Add Debian package infrastructure #660

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Anshgrover23 wants to merge 3 commits into
base: main
Choose a base branch
from
+515 −7
Open

feat(packaging): Add Debian package infrastructure #660

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b5bd96d
feat(packaging): Add Debian package infrastructure
Anshgrover23 Jan 21, 2026
03c0edc
fix(packaging): Fix debian build for Ubuntu 22.04
Anshgrover23 Jan 21, 2026
c93330c
Merge branch 'main' into feat/debian-packaging
Anshgrover23 Jan 21, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
173 changes: 173 additions & 0 deletions .github/workflows/build-deb.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,173 @@
name: Build Debian Packages

on:
release:
types: [published]
workflow_dispatch:
inputs:
version:
description: 'Version to build (e.g., 0.1.0)'
required: false
default: ''
upload_to_apt_repo:
description: 'Upload packages to apt-repo'
required: false
default: 'false'
type: boolean

permissions:
contents: write

jobs:
build-deb:
runs-on: ubuntu-22.04
strategy:
matrix:
arch: [amd64]
# arm64 can be added later with QEMU emulation

steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Install build dependencies
run: |
sudo apt-get update
sudo apt-get install -y \
devscripts \
debhelper \
dh-python \
python3-all \
python3-setuptools \
python3-wheel \
python3-build \
cmake \
g++ \
pkg-config \
libsystemd-dev \
libssl-dev \
uuid-dev \
fakeroot \
lintian

- name: Update changelog version (if release)
if: github.event_name == 'release'
run: |
VERSION="${{ github.event.release.tag_name }}"
# Remove 'v' prefix if present
VERSION="${VERSION#v}"

# Update debian/changelog with release version
cat > debian/changelog << EOF
cortex (${VERSION}-1) stable; urgency=medium

* Release ${VERSION}
* See https://github.com/cortexlinux/cortex/releases/tag/${{ github.event.release.tag_name }}

-- Mike Morgan <mike@cortexlinux.com> $(date -R)
EOF
Comment on lines +55 to +70
Copy link
Contributor

@coderabbitai coderabbitai bot Jan 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Heredoc indentation will corrupt debian/changelog format.

The heredoc content is indented, but those leading spaces will be included literally in the output file. Debian changelog format is whitespace-sensitive — the package name must start at column 1, and change entries must be indented with exactly one space.

🐛 Proposed fix to remove heredoc indentation 
       - name: Update changelog version (if release)
         if: github.event_name == 'release'
         run: |
           VERSION="${{ github.event.release.tag_name }}"
           # Remove 'v' prefix if present
           VERSION="${VERSION#v}"

           # Update debian/changelog with release version
-          cat > debian/changelog << EOF
-          cortex (${VERSION}-1) stable; urgency=medium
-
-            * Release ${VERSION}
-            * See https://github.com/cortexlinux/cortex/releases/tag/${{ github.event.release.tag_name }}
-
-           -- Mike Morgan <mike@cortexlinux.com>  $(date -R)
-          EOF
+          cat > debian/changelog << 'CHANGELOG'
+cortex (${VERSION}-1) stable; urgency=medium
+
+  * Release ${VERSION}
+  * See https://github.com/cortexlinux/cortex/releases/tag/${{ github.event.release.tag_name }}
+
+ -- Mike Morgan <mike@cortexlinux.com>  $(date -R)
+CHANGELOG
+          # Variable substitution requires unquoted heredoc
+          envsubst < debian/changelog > debian/changelog.tmp && mv debian/changelog.tmp debian/changelog

Alternatively, use <<-EOF (with hyphen) if the shell supports it for tab-stripped heredocs, but note that only tabs are stripped, not spaces.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Update changelog version (if release)
if: github.event_name == 'release'
run: |
VERSION="${{ github.event.release.tag_name }}"
# Remove 'v' prefix if present
VERSION="${VERSION#v}"
# Update debian/changelog with release version
cat > debian/changelog << EOF
cortex (${VERSION}-1) stable; urgency=medium
* Release ${VERSION}
* See https://github.com/cortexlinux/cortex/releases/tag/${{ github.event.release.tag_name }}
-- Mike Morgan <mike@cortexlinux.com> $(date -R)
EOF
- name: Update changelog version (if release)
if: github.event_name == 'release'
run: |
VERSION="${{ github.event.release.tag_name }}"
# Remove 'v' prefix if present
VERSION="${VERSION#v}"
# Update debian/changelog with release version
cat > debian/changelog << EOF
cortex (${VERSION}-1) stable; urgency=medium
* Release ${VERSION}
* See https://github.com/cortexlinux/cortex/releases/tag/${{ github.event.release.tag_name }}
-- Mike Morgan <mike@cortexlinux.com> $(date -R)
EOF
🤖 Prompt for AI Agents 
In @.github/workflows/build-deb.yml around lines 55 - 70, The heredoc used in
the "Update changelog version (if release)" step (cat > debian/changelog << EOF)
is indented, which will insert leading spaces and break the Debian changelog
format; fix by switching to a non-indented heredoc body so package name and
entries start at column 1 and change lines have exactly one leading space (or
use a tab-stripping heredoc marker <<-EOF and ensure only tabs are used for
indentation), keeping the same variables (VERSION and
github.event.release.tag_name) and preserving the release date line with $(date
-R).


- name: Update changelog version (if manual)
if: github.event_name == 'workflow_dispatch' && github.event.inputs.version != ''
run: |
VERSION="${{ github.event.inputs.version }}"

cat > debian/changelog << EOF
cortex (${VERSION}-1) unstable; urgency=medium

* Manual build ${VERSION}

-- Mike Morgan <mike@cortexlinux.com> $(date -R)
EOF
Comment on lines +72 to +83
Copy link
Contributor

@coderabbitai coderabbitai bot Jan 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Same heredoc indentation issue in manual build step.

This step has the same whitespace problem as the release changelog step.

🐛 Proposed fix 
       - name: Update changelog version (if manual)
         if: github.event_name == 'workflow_dispatch' && github.event.inputs.version != ''
         run: |
           VERSION="${{ github.event.inputs.version }}"

-          cat > debian/changelog << EOF
-          cortex (${VERSION}-1) unstable; urgency=medium
-
-            * Manual build ${VERSION}
-
-           -- Mike Morgan <mike@cortexlinux.com>  $(date -R)
-          EOF
+          cat > debian/changelog <<EOF
+cortex (${VERSION}-1) unstable; urgency=medium
+
+  * Manual build ${VERSION}
+
+ -- Mike Morgan <mike@cortexlinux.com>  $(date -R)
+EOF
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Update changelog version (if manual)
if: github.event_name == 'workflow_dispatch' && github.event.inputs.version != ''
run: |
VERSION="${{ github.event.inputs.version }}"
cat > debian/changelog << EOF
cortex (${VERSION}-1) unstable; urgency=medium
* Manual build ${VERSION}
-- Mike Morgan <mike@cortexlinux.com> $(date -R)
EOF
- name: Update changelog version (if manual)
if: github.event_name == 'workflow_dispatch' && github.event.inputs.version != ''
run: |
VERSION="${{ github.event.inputs.version }}"
cat > debian/changelog <<EOF
cortex (${VERSION}-1) unstable; urgency=medium
* Manual build ${VERSION}
-- Mike Morgan <mike@cortexlinux.com> $(date -R)
EOF
🤖 Prompt for AI Agents 
In @.github/workflows/build-deb.yml around lines 72 - 83, The heredoc that
writes debian/changelog in the "Update changelog version (if manual)" step
preserves leading indentation, causing whitespace issues; change the heredoc to
use a stripped form (use <<- EOF) or unindent the heredoc body so lines start at
column 0, e.g., replace cat > debian/changelog << EOF and the indented block
with either cat > debian/changelog <<- EOF and keep the indented content (tabs
only) or remove leading spaces from the heredoc content so the generated
changelog has no extra indentation; ensure the VERSION variable usage and the
closing EOF remain correct.


- name: Build Debian packages
run: |
# Build source and binary packages
dpkg-buildpackage -us -uc -b

# Move packages to dist directory
mkdir -p dist
mv ../*.deb dist/
mv ../*.buildinfo dist/ || true
mv ../*.changes dist/ || true

- name: List built packages
run: |
ls -la dist/
for deb in dist/*.deb; do
echo "=== $deb ==="
dpkg-deb -I "$deb"
echo ""
done

- name: Run lintian checks
run: |
# Run lintian but don't fail on warnings
lintian dist/*.deb --no-tag-display-limit || true

- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: debian-packages-${{ matrix.arch }}
path: dist/*.deb
retention-days: 30

- name: Upload to GitHub Release
if: github.event_name == 'release'
uses: softprops/action-gh-release@v1
with:
files: dist/*.deb
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Comment on lines +117 to +123
Copy link
Contributor

@coderabbitai coderabbitai bot Jan 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Update softprops/action-gh-release to v2.

The static analysis tool flagged that @v1 is outdated and may have compatibility issues with newer GitHub Actions runners.

🔧 Proposed fix 
       - name: Upload to GitHub Release
         if: github.event_name == 'release'
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@v2
         with:
           files: dist/*.deb
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
🧰 Tools
🪛 actionlint (1.7.10)

119-119: the runner of "softprops/action-gh-release@v1" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🤖 Prompt for AI Agents 
In @.github/workflows/build-deb.yml around lines 117 - 123, The workflow step
named "Upload to GitHub Release" uses softprops/action-gh-release@v1 which is
outdated; update the action reference to softprops/action-gh-release@v2 (replace
"@v1" with "@v2" in the uses field for that step), keep the existing inputs
(files: dist/*.deb) and GITHUB_TOKEN env, and verify any v2-specific input or
permission requirements in the action docs and adjust the step accordingly.


# Optional job to push to apt-repo
push-to-apt-repo:
needs: build-deb
runs-on: ubuntu-22.04
if: |
github.event_name == 'release' ||
(github.event_name == 'workflow_dispatch' && github.event.inputs.upload_to_apt_repo == 'true')

steps:
- name: Download built packages
uses: actions/download-artifact@v4
with:
name: debian-packages-amd64
path: packages/

- name: List downloaded packages
run: ls -la packages/

- name: Trigger apt-repo update
uses: peter-evans/repository-dispatch@v2
with:
token: ${{ secrets.APT_REPO_TOKEN }}
repository: cortexlinux/apt-repo
event-type: new-packages
client-payload: |
{
"packages": "cortex-linux,cortexd",
"version": "${{ github.event.release.tag_name || github.event.inputs.version }}",
"source_repo": "${{ github.repository }}",
"run_id": "${{ github.run_id }}"
}

# Alternative: Direct push to apt-repo (requires PAT with repo access)
# - name: Clone apt-repo
# uses: actions/checkout@v4
# with:
# repository: cortexlinux/apt-repo
# token: ${{ secrets.APT_REPO_TOKEN }}
# path: apt-repo
#
# - name: Copy packages to apt-repo
# run: |
# cp packages/*.deb apt-repo/packages/cortex/
# cd apt-repo
# git config user.name "GitHub Actions"
# git config user.email "actions@github.com"
# git add packages/
# git commit -m "Add cortex packages from ${{ github.event.release.tag_name || 'manual build' }}"
# git push
9 changes: 9 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,3 +59,12 @@ htmlcov/
*.log
logs/
coverage.xml

# Debian build artifacts
debian/.debhelper/
debian/*.substvars
debian/cortex-linux/
debian/cortexd/
debian/debhelper-build-stamp
debian/files
debian/*.debhelper
16 changes: 9 additions & 7 deletions daemon/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
cmake_minimum_required(VERSION 3.20)
project(cortexd VERSION 1.0.0 LANGUAGES CXX)

# CMake policies
cmake_policy(SET CMP0135 NEW)
# CMake policies (CMP0135 was added in CMake 3.24)
if(POLICY CMP0135)
cmake_policy(SET CMP0135 NEW)
endif()

# Require C++17
set(CMAKE_CXX_STANDARD 17)
Expand Down Expand Up @@ -98,15 +100,15 @@ set(DAEMON_SOURCES
# Core
src/main.cpp
src/core/daemon.cpp

# Config
src/config/config.cpp

# IPC
src/ipc/server.cpp
src/ipc/protocol.cpp
src/ipc/handlers.cpp

# Utils
src/utils/logger.cpp
)
Expand Down Expand Up @@ -169,14 +171,14 @@ message(STATUS "")
# Tests (optional)
if(BUILD_TESTS)
enable_testing()

# Fetch Google Test
FetchContent_Declare(googletest
GIT_REPOSITORY https://github.com/google/googletest.git
GIT_TAG v1.14.0
GIT_SHALLOW TRUE
)
FetchContent_MakeAvailable(googletest)

add_subdirectory(tests)
endif()
10 changes: 10 additions & 0 deletions debian/changelog
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
cortex (0.1.0-1) unstable; urgency=medium

* Initial release.
* AI-powered package manager with natural language support
* Multiple LLM provider support (Anthropic, OpenAI)
* Secure sandbox execution environment
* Rich terminal UI with interactive dashboard
* cortexd daemon with systemd integration

-- Mike Morgan <mike@cortexlinux.com> Tue, 21 Jan 2026 12:00:00 +0000
65 changes: 65 additions & 0 deletions debian/control
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
Source: cortex
Section: admin
Priority: optional
Maintainer: Mike Morgan <mike@cortexlinux.com>
Build-Depends: debhelper-compat (= 13),
python3 (>= 3.10),
python3-pip,
python3-venv,
python3-setuptools,
python3-wheel,
python3-build,
cmake (>= 3.20),
g++,
pkg-config,
libsystemd-dev,
libssl-dev,
uuid-dev
Standards-Version: 4.6.2
Homepage: https://github.com/cortexlinux/cortex
Vcs-Git: https://github.com/cortexlinux/cortex.git
Vcs-Browser: https://github.com/cortexlinux/cortex
Rules-Requires-Root: no

Package: cortex-linux
Architecture: all
Depends: ${python3:Depends},
${misc:Depends},
python3 (>= 3.10),
python3-requests,
python3-yaml,
python3-cryptography,
python3-dotenv,
python3-rich,
python3-typing-extensions
Recommends: cortexd
Suggests: python3-psutil, python3-nvidia-ml-py
Description: AI-powered package manager for Debian/Ubuntu
Cortex Linux is an AI-powered package manager that understands natural
language commands. It provides an intelligent interface to APT, allowing
users to install, remove, and manage packages using conversational queries.
.
Features:
- Natural language package management
- Multiple LLM provider support (Anthropic, OpenAI)
- Secure sandbox execution
- Rich terminal UI
- Comprehensive audit logging
Comment on lines +24 to +47
Copy link
Contributor

@coderabbitai coderabbitai bot Jan 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check Ubuntu 22.04 package availability
echo "=== Checking python3-dotenv ==="
apt-cache search python3-dotenv | head -10

echo ""
echo "=== Checking python3-nvidia-ml-py ==="
apt-cache search python3-nvidia-ml-py | head -10

echo ""
echo "=== Alternative search for nvidia packages ==="
apt-cache search nvidia-ml | head -10

echo ""
echo "=== Check python3-dotenv in detail ==="
apt-cache show python3-dotenv 2>/dev/null | grep -E "Package:|Version:|Status:" || echo "Not found in apt-cache"

echo ""
echo "=== Check python3-nvidia-ml-py in detail ==="
apt-cache show python3-nvidia-ml-py 2>/dev/null | grep -E "Package:|Version:|Status:" || echo "Not found in apt-cache"

Repository: cortexlinux/cortex

Length of output: 474

🌐 Web query:

Debian python3-dotenv package name availability

💡 Result:

Short answer: The Debian package name python3-dotenv exists. It's packaged as python3-dotenv (from source python-dotenv) in Debian: bullseye (0.15.0-1), bookworm (0.21.0-1) and current/testing/unstable (trixie/forky/sid) at 1.0.1-1. See Debian package pages for details. [1][2][3]

References

  • Package search / overview: python3-dotenv. [1]
  • python3-dotenv (sid) detail (1.0.1-1). [2]
  • python-dotenv source (bookworm/bullseye listings). [3]

🌐 Web query:

Debian Ubuntu python3-nvidia-ml-py package availability alternatives

💡 Result:

Short answer: There is no widely used distro package named python3-nvidia-ml-py. Debian/Ubuntu expose NVML Python bindings as python3-pynvml in Debian repos (package python3-pynvml), while the common upstream/third‑party packages installable via pip are nvidia-ml-py3, pynvml (pynvml/pynvml_utils), and py3nvml. Use the distro package when you want APT-managed installs, or pip (inside a venv) to get the latest bindings.

References:

  • Debian package python3-pynvml (Debian bullseye). [1]
  • PyPI: pynvml (and note it may depend on nvidia-ml-py). [2]
  • PyPI / PyPI listings for nvidia-ml-py3 / GitHub py3nvml as pip-installable alternatives. [3][4]

If you want, tell me your Debian/Ubuntu release and whether you prefer APT or pip and I’ll give the exact install command.

Use correct Debian package name for NVIDIA ML bindings.

python3-nvidia-ml-py is not available in standard Debian/Ubuntu repositories. Replace it with python3-pynvml, which provides the Python NVML bindings in Debian's package repositories.

The python3-dotenv package is available and correctly named in Debian/Ubuntu repositories, so no change needed there.

🤖 Prompt for AI Agents 
In `@debian/control` around lines 23 - 46, Update the Debian control Depends list
to use the official NVML bindings package: replace the obsolete
python3-nvidia-ml-py entry with python3-pynvml in the Depends stanza (the block
that currently lists python3-psutil, python3-nvidia-ml-py, etc.), leaving
python3-dotenv and the other dependencies unchanged; ensure the modified package
name appears exactly as python3-pynvml.


Package: cortexd
Architecture: any
Depends: ${shlibs:Depends},
${misc:Depends},
systemd
Recommends: cortex-linux
Description: Cortex daemon for background AI operations
The Cortex daemon (cortexd) provides background services for the Cortex
AI package manager. It handles IPC communication, manages LLM sessions,
and provides system-level integration via systemd.
.
Features:
- Unix socket IPC with JSON-RPC protocol
- systemd integration with watchdog support
- Hot-reload configuration
- Security-hardened service
- Sub-millisecond startup time
35 changes: 35 additions & 0 deletions debian/copyright
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: cortex
Upstream-Contact: Mike Morgan <mike@cortexlinux.com>
Source: https://github.com/cortexlinux/cortex

Files: *
Copyright: 2024-2026 Cortex Linux
License: BUSL-1.1

Files: debian/*
Copyright: 2024-2026 Cortex Linux
License: BUSL-1.1

License: BUSL-1.1
Business Source License 1.1
.
Licensor: Cortex Linux
.
Licensed Work: Cortex
.
The Licensed Work is (c) 2024-2026 Cortex Linux.
.
Additional Use Grant: You may make use of the Licensed Work, provided that
you do not use the Licensed Work for a Package Management Service.
.
A "Package Management Service" is a commercial offering that allows third
parties to access the functionality of the Licensed Work by performing
package management operations.
.
Change Date: Four years from the date the Licensed Work is published.
.
Change License: Apache License, Version 2.0
.
For more information, see the LICENSE file in the source distribution
or visit https://github.com/cortexlinux/cortex
35 changes: 35 additions & 0 deletions debian/cortex-linux.postinst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
#!/bin/sh
set -e

case "$1" in
configure)
# Create cortex configuration directory if it doesn't exist
if [ ! -d /etc/cortex ]; then
mkdir -p /etc/cortex
chmod 755 /etc/cortex
fi

# Create cortex state directory
if [ ! -d /var/lib/cortex ]; then
mkdir -p /var/lib/cortex
chmod 750 /var/lib/cortex
fi
Comment on lines +7 to +16
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot Jan 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The logic to create /etc/cortex and /var/lib/cortex is duplicated in debian/cortexd.postinst. Since cortexd is the daemon component and seems more foundational, it's better to centralize the creation of these system-wide directories in its postinst script.

Removing this duplicated code from cortex-linux.postinst will make the packaging easier to maintain and ensure there's a single source of truth for directory management. The cortex-linux package already Recommends: cortexd, so in most cases, cortexd will be installed and will have already created these directories.


# Create user config directory hint
echo "Cortex Linux installed successfully."
echo "Run 'cortex --help' to get started."
echo "Configure your LLM API key with 'cortex config set api_key YOUR_KEY'"
;;

abort-upgrade|abort-remove|abort-deconfigure)
;;

*)
echo "postinst called with unknown argument '$1'" >&2
exit 1
;;
esac

#DEBHELPER#

exit 0
Loading