Fix clippy warnings: remove unused imports/variables/functions, derive Default, fix comparisons

debian/linux-patch-api/DEBIAN/conffiles

@@ -0,0 +1,4 @@
+/etc/linux_patch_api/config.yaml
+/etc/linux_patch_api/whitelist.yaml
+/etc/linux_patch_api/config.yaml
+/etc/linux_patch_api/whitelist.yaml

debian/linux-patch-api/DEBIAN/control

@@ -0,0 +1,23 @@
+Package: linux-patch-api
+Version: 1.0.0-1
+Architecture: amd64
+Maintainer: Echo <echo@moon-dragon.us>
+Installed-Size: 8897
+Depends: systemd, libsystemd0, libc6 (>= 2.39), libgcc-s1 (>= 4.2)
+Section: admin
+Priority: optional
+Homepage: https://gitea.moon-dragon.us/echo/linux_patch_api
+Description: Secure remote package management API for Linux systems
+ Linux Patch API provides a secure, mTLS-authenticated REST API for
+ remote package management operations including:
+  - Package installation and removal
+  - Security patch application
+  - System health monitoring
+  - Job queue management with WebSocket status streaming
+ .
+ Features:
+  - Mutual TLS (mTLS) authentication
+  - IP whitelist enforcement
+  - Asynchronous job processing
+  - Comprehensive audit logging
+  - Systemd integration with security hardening

debian/linux-patch-api/DEBIAN/md5sums

@@ -0,0 +1,5 @@
+23b89eecc51f46c6813658dd615d13a9  lib/systemd/system/linux-patch-api.service
+d64a80e2a796561c39c6941c6b9e268c  usr/bin/linux-patch-api
+154c7ae7e01ae22cdc8ceea1fd0956e2  usr/share/doc/linux-patch-api/changelog.Debian.gz
+978478c6c7f1e9dcb38eb1f2454535c0  usr/share/doc/linux-patch-api/changelog.gz
+c2fab316c94aa61adb70d79365cfe08f  usr/share/doc/linux-patch-api/copyright

debian/linux-patch-api/DEBIAN/postinst

@@ -0,0 +1,49 @@
+#!/bin/bash
+# postinst script for linux-patch-api
+# Created by package build system
+
+set -e
+
+# Configure with debhelper
+if [ "$1" = "configure" ]; then
+    echo "Configuring linux-patch-api..."
+    
+    # Copy example configs if they don't exist
+    if [ ! -f "/etc/linux_patch_api/config.yaml" ]; then
+        echo "Creating default config.yaml..."
+        cp /etc/linux_patch_api/config.yaml.example /etc/linux_patch_api/config.yaml
+        chmod 640 /etc/linux_patch_api/config.yaml
+        chown linux-patch-api:linux-patch-api /etc/linux_patch_api/config.yaml
+    fi
+    
+    if [ ! -f "/etc/linux_patch_api/whitelist.yaml" ]; then
+        echo "Creating default whitelist.yaml..."
+        cp /etc/linux_patch_api/whitelist.yaml.example /etc/linux_patch_api/whitelist.yaml
+        chmod 640 /etc/linux_patch_api/whitelist.yaml
+        chown linux-patch-api:linux-patch-api /etc/linux_patch_api/whitelist.yaml
+    fi
+    
+    # Reload systemd daemon to pick up new service file
+    systemctl daemon-reload
+    
+    # Enable the service (but don't start automatically - admin should configure first)
+    systemctl enable linux-patch-api.service
+    
+    echo ""
+    echo "linux-patch-api installed successfully!"
+    echo ""
+    echo "Next steps:"
+    echo "  1. Configure /etc/linux_patch_api/config.yaml with your settings"
+    echo "  2. Place TLS certificates in /etc/linux_patch_api/certs/"
+    echo "  3. Configure IP whitelist in /etc/linux_patch_api/whitelist.yaml"
+    echo "  4. Start the service: systemctl start linux-patch-api"
+    echo "  5. Check status: systemctl status linux-patch-api"
+    echo ""
+fi
+
+# Handle upgrade
+if [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-remove" ] || [ "$1" = "abort-deconfigure" ]; then
+    echo "Installation aborted - service remains in previous state"
+fi
+
+exit 0

debian/linux-patch-api/DEBIAN/postrm

@@ -0,0 +1,64 @@
+#!/bin/bash
+# postrm script for linux-patch-api
+# Created by package build system
+
+set -e
+
+# Handle purge - remove all configuration and data
+if [ "$1" = "purge" ]; then
+    echo "Purging linux-patch-api configuration and data..."
+    
+    # Stop service if still running
+    if systemctl is-active --quiet linux-patch-api.service 2>/dev/null; then
+        systemctl stop linux-patch-api.service
+    fi
+    
+    # Disable service
+    if systemctl is-enabled --quiet linux-patch-api.service 2>/dev/null; then
+        systemctl disable linux-patch-api.service
+    fi
+    
+    # Reload systemd to remove service file
+    systemctl daemon-reload
+    
+    # Remove configuration directory (preserved by conffiles during normal remove)
+    if [ -d "/etc/linux_patch_api" ]; then
+        echo "Removing /etc/linux_patch_api..."
+        rm -rf /etc/linux_patch_api
+    fi
+    
+    # Remove data directory
+    if [ -d "/var/lib/linux_patch_api" ]; then
+        echo "Removing /var/lib/linux_patch_api..."
+        rm -rf /var/lib/linux_patch_api
+    fi
+    
+    # Remove log directory
+    if [ -d "/var/log/linux_patch_api" ]; then
+        echo "Removing /var/log/linux_patch_api..."
+        rm -rf /var/log/linux_patch_api
+    fi
+    
+    # Remove system user
+    if getent passwd linux-patch-api > /dev/null 2>&1; then
+        echo "Removing user linux-patch-api..."
+        userdel linux-patch-api 2>/dev/null || true
+    fi
+    
+    # Remove system group
+    if getent group linux-patch-api > /dev/null 2>&1; then
+        echo "Removing group linux-patch-api..."
+        groupdel linux-patch-api 2>/dev/null || true
+    fi
+    
+    echo "linux-patch-api purged successfully"
+fi
+
+# Handle upgrade/remove - just ensure service is disabled
+if [ "$1" = "remove" ] || [ "$1" = "upgrade" ]; then
+    # Service should already be stopped by prerm
+    # Just reload systemd to remove the service file
+    systemctl daemon-reload 2>/dev/null || true
+fi
+
+exit 0

debian/linux-patch-api/DEBIAN/preinst

@@ -0,0 +1,46 @@
+#!/bin/bash
+# preinst script for linux-patch-api
+# Created by package build system
+
+set -e
+
+# Check if this is an upgrade
+if [ -d "/etc/linux_patch_api" ]; then
+    echo "Detected existing installation - performing upgrade"
+fi
+
+# Create system user if it doesn't exist
+if ! getent group linux-patch-api > /dev/null 2>&1; then
+    echo "Creating group linux-patch-api..."
+    groupadd --system linux-patch-api
+fi
+
+if ! getent passwd linux-patch-api > /dev/null 2>&1; then
+    echo "Creating user linux-patch-api..."
+    useradd --system \
+        --gid linux-patch-api \
+        --home-dir /var/lib/linux_patch_api \
+        --no-create-home \
+        --shell /usr/sbin/nologin \
+        --comment "Linux Patch API Service" \
+        linux-patch-api
+fi
+
+# Create required directories
+mkdir -p /etc/linux_patch_api/certs
+mkdir -p /var/lib/linux_patch_api
+mkdir -p /var/log/linux_patch_api
+
+# Set proper ownership
+chown -R linux-patch-api:linux-patch-api /var/lib/linux_patch_api
+chown -R linux-patch-api:linux-patch-api /var/log/linux_patch_api
+
+# Set secure permissions
+chmod 750 /etc/linux_patch_api
+chmod 750 /etc/linux_patch_api/certs
+chmod 755 /var/lib/linux_patch_api
+chmod 755 /var/log/linux_patch_api
+
+echo "Pre-installation checks completed successfully"
+
+exit 0

debian/linux-patch-api/DEBIAN/prerm

@@ -0,0 +1,33 @@
+#!/bin/bash
+# prerm script for linux-patch-api
+# Created by package build system
+
+set -e
+
+# Stop the service before removal/upgrade
+if [ "$1" = "remove" ] || [ "$1" = "upgrade" ]; then
+    echo "Stopping linux-patch-api service..."
+    
+    if systemctl is-active --quiet linux-patch-api.service; then
+        systemctl stop linux-patch-api.service
+        echo "Service stopped successfully"
+    else
+        echo "Service was not running"
+    fi
+    
+    # Disable the service
+    if systemctl is-enabled --quiet linux-patch-api.service 2>/dev/null; then
+        systemctl disable linux-patch-api.service
+        echo "Service disabled"
+    fi
+fi
+
+# Handle failed upgrade
+if [ "$1" = "failed-upgrade" ]; then
+    echo "Upgrade failed - attempting to restore previous state"
+    # Previous version should handle restoration
+fi
+
+echo "Pre-removal script completed"
+
+exit 0