Skip to content

fix(packaging): declare libcap dependency for setcap#24

Merged
vcwild merged 1 commit into
mainfrom
fix/package-libcap-dependency
Jun 22, 2026
Merged

fix(packaging): declare libcap dependency for setcap#24
vcwild merged 1 commit into
mainfrom
fix/package-libcap-dependency

Conversation

@vcwild

@vcwild vcwild commented Jun 22, 2026

Copy link
Copy Markdown
Owner

Problem

The deb/rpm post-install scripts run setcap cap_net_admin+ep /usr/bin/akon to grant the CAP_NET_ADMIN akon needs to create the TUN device. But setcap was not declared as a package dependency, so on a host without it the install merely printed a warning and akon silently failed to connect until the user installed libcap manually.

Fix

Declare the dependency so the package manager pulls it in:

  • deb: depends = "libcap2-bin"
  • rpm: requires { libcap = "*" }

resolvectl (systemd-resolved, used for DNS) is part of base systemd and is not added.

Testing

The PR's package-building CI jobs build both the .deb and .rpm, validating the metadata. Verified the manifest parses (cargo metadata).

The post-install scripts run 'setcap cap_net_admin+ep' to grant CAP_NET_ADMIN,
without which akon cannot create the TUN device. setcap was not declared as a
package dependency, so on a system lacking it the install only printed a warning
and akon silently failed to connect until libcap was installed manually.

Declare the dependency so the package manager pulls it in:
- deb: depends = libcap2-bin
- rpm: requires libcap
Copilot AI review requested due to automatic review settings June 22, 2026 20:22

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes a packaging defect where the deb/rpm post-install scripts invoke setcap cap_net_admin+ep /usr/bin/akon (to grant CAP_NET_ADMIN for TUN device creation) but the package never declared setcap as a dependency. On hosts lacking libcap tooling, the install only printed a warning and the VPN silently failed. The change declares the dependency so the package manager pulls in setcap automatically. I verified both debian/postinst and rpm/post-install.sh do indeed call setcap, and that libcap2-bin (deb) / libcap (rpm) provide it on their respective distro families.

Changes:

  • Add depends = "libcap2-bin" to the [package.metadata.deb] section.
  • Add requires = { libcap = "*" } to the [package.metadata.generate-rpm] section.
  • Add explanatory comments tying the dependency to the post-install setcap step.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread Cargo.toml
priority = "optional"
# setcap (from libcap2-bin) is required by the post-install script to grant
# CAP_NET_ADMIN; without it akon cannot create the TUN device.
depends = "libcap2-bin"
@vcwild vcwild merged commit e07ba25 into main Jun 22, 2026
10 checks passed
@vcwild vcwild deleted the fix/package-libcap-dependency branch June 22, 2026 21:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants