diff --git a/Earthfile b/Earthfile
index f2c2af91..ecf6f925 100644
--- a/Earthfile
+++ b/Earthfile
@@ -9,12 +9,15 @@ ARG --global outputDir = "./dist"
 # to GOOS, GOARCH and GOARM when building go binaries. See the +RUST_TO_GO_ARCH_STRING
 # helper method at the bottom of the file.
 
+
 ARG --global architectures = "x86_64-unknown-linux-gnu" \
                              "aarch64-unknown-linux-gnu" \
-                             "armv7-unknown-linux-gnueabihf" \
-                             "arm-unknown-linux-gnueabi" \
                              "x86_64-pc-windows-gnu"
 
+# Compile errors here:
+#                             "armv7-unknown-linux-gnueabihf" \
+#                             "arm-unknown-linux-gnueabi" \
+
 # Import the earthly rust lib since it already provides some useful
 # build-targets and methods to initialize the rust toolchain.
 IMPORT github.com/earthly/lib/rust:3.0.2 AS rust
@@ -215,17 +218,17 @@ angular-project:
 
     RUN ./node_modules/.bin/ng build --configuration ${configuration} --base-href ${baseHref} "${project}"
 
-    RUN zip -r "./${project}.zip" "${dist}"
+    RUN cwd=$(pwd) && cd "${dist}" && zip -r "${cwd}/${project}.zip" ./
     SAVE ARTIFACT "./${project}.zip" AS LOCAL ${outputDir}/${project}.zip
     SAVE ARTIFACT "./dist" AS LOCAL ${outputDir}/${project}
 
 # Build the angular projects (portmaster-UI and tauri-builtin) in production mode
 angular-release:
-    BUILD +angular-project --project=portmaster --dist=./dist --configuration=production --baseHref=/ui/modules/portmaster
+    BUILD +angular-project --project=portmaster --dist=./dist --configuration=production --baseHref=/ui/modules/portmaster/
 
 # Build the angular projects (portmaster-UI and tauri-builtin) in dev mode
 angular-dev:
-    BUILD +angular-project --project=portmaster --dist=./dist --configuration=development --baseHref=/ui/modules/portmaster
+    BUILD +angular-project --project=portmaster --dist=./dist --configuration=development --baseHref=/ui/modules/portmaster/
 
 # A base target for rust to prepare the build container
 rust-base:
@@ -325,15 +328,19 @@ tauri-src:
     # are preserved such that Rust's incremental compilation works correctly.
     COPY --keep-ts ./desktop/tauri/ .
     COPY assets/data ./assets
+    COPY packaging/linux ./../../packaging/linux
     COPY (+angular-project/dist/tauri-builtin --project=tauri-builtin --dist=./dist/tauri-builtin --configuration=production --baseHref="/") ./../angular/dist/tauri-builtin
 
+    WORKDIR /app/tauri/src-tauri
+
 build-tauri:
     FROM +tauri-src
 
     ARG --required target
-    ARG output="release/[^\./]+"
+    ARG output = ".*/release/(([^\./]+|([^\./]+\.(dll|exe)))|bundle/.*\.(deb|msi|AppImage))"
     ARG bundle="none"
 
+
     # if we want tauri to create the installer bundles we also need to provide all external binaries
     # we need to do some magic here because tauri expects the binaries to include the rust target tripple.
     # We already knwo that triple because it's a required argument. From that triple, we use +RUST_TO_GO_ARCH_STRING
@@ -351,16 +358,15 @@ build-tauri:
     COPY (+build-go/output --GOOS="${GOOS}" --CMDS="portmaster-start portmaster-core" --GOARCH="${GOARCH}" --GOARM="${GOARM}") /tmp/gobuild
 
     # Place them in the correct folder with the rust target tripple attached.
-    LET dest=""
     FOR bin IN $(ls /tmp/gobuild)
-        SET dest="./binaries/${bin}-${target}"
-
-        IF [ -z "${bin##*.exe}" ]
-            SET dest = "./binaries/${bin%.*}-${target}.exe"
-        END
-
-        RUN echo "Copying ${bin} to ${dest}"
-        RUN cp "/tmp/gobuild/${bin}" "${dest}"
+        # ${bin$.*} does not work in SET commands unfortunately so we use a shell
+        # snippet here:
+        RUN set -e ; \
+            dest="./binaries/${bin}-${target}" ; \
+            if [ -z "${bin##*.exe}" ]; then \
+                dest="./binaries/${bin%.*}-${target}.exe" ; \
+            fi ; \
+            cp "/tmp/gobuild/${bin}" "${dest}" ;
     END
 
     # Just for debugging ...
@@ -389,7 +395,7 @@ build-tauri:
     # The following would use the CROSS function from the earthly lib, this 
     # DO rust+CROSS --target="${target}"
 
-    RUN ls target
+    SAVE ARTIFACT "target/${target}/release/" AS LOCAL "${outputDir}/tauri/${target}"
 
 tauri-release:
     FROM alpine:3.18
diff --git a/packaging/linux/.gitkeep b/packaging/linux/.gitkeep
deleted file mode 100644
index e69de29b..00000000
diff --git a/packaging/linux/portmaster-autostart.desktop b/packaging/linux/portmaster-autostart.desktop
new file mode 100644
index 00000000..4396d9c5
--- /dev/null
+++ b/packaging/linux/portmaster-autostart.desktop
@@ -0,0 +1,9 @@
+[Desktop Entry]
+Name=Portmaster
+GenericName=Application Firewall Notifier
+Exec=/usr/bin/portmaster --with-prompts --with-notifications --background
+Icon=portmaster
+Terminal=false
+Type=Application
+Categories=System
+NoDisplay=true
\ No newline at end of file
diff --git a/packaging/linux/portmaster.desktop b/packaging/linux/portmaster.desktop
new file mode 100644
index 00000000..c21458b0
--- /dev/null
+++ b/packaging/linux/portmaster.desktop
@@ -0,0 +1,8 @@
+[Desktop Entry]
+Name=Portmaster
+GenericName=Application Firewall
+Exec={{exec}} --data=/opt/safing/portmaster --with-prompts --with-notifications 
+Icon={{icon}}
+Terminal=false
+Type=Application
+Categories=System
diff --git a/packaging/linux/portmaster.service b/packaging/linux/portmaster.service
new file mode 100644
index 00000000..d5915e34
--- /dev/null
+++ b/packaging/linux/portmaster.service
@@ -0,0 +1,40 @@
+[Unit]
+Description=Portmaster by Safing
+Documentation=https://safing.io
+Documentation=https://docs.safing.io
+Before=nss-lookup.target network.target shutdown.target
+After=systemd-networkd.service
+Conflicts=shutdown.target
+Conflicts=firewalld.service
+Wants=nss-lookup.target
+
+[Service]
+Type=simple
+Restart=on-failure
+RestartSec=10
+RestartPreventExitStatus=24
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
+PrivateTmp=yes
+PIDFile=/var/lib/portmaster/core-lock.pid
+Environment=LOGLEVEL=info
+Environment=PORTMASTER_ARGS=
+EnvironmentFile=-/etc/default/portmaster
+ProtectSystem=true
+RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
+RestrictNamespaces=yes
+ProtectHome=read-only
+ProtectKernelTunables=yes
+ProtectKernelLogs=yes
+ProtectControlGroups=yes
+PrivateDevices=yes
+AmbientCapabilities=cap_chown cap_kill cap_net_admin cap_net_bind_service cap_net_broadcast cap_net_raw cap_sys_module cap_sys_ptrace cap_dac_override cap_fowner cap_fsetid
+CapabilityBoundingSet=cap_chown cap_kill cap_net_admin cap_net_bind_service cap_net_broadcast cap_net_raw cap_sys_module cap_sys_ptrace cap_dac_override cap_fowner cap_fsetid
+StateDirectory=portmaster
+ExecStartPre=-/usr/bin/portmaster-start --data $STATE_DIRECTORY clean-structure
+ExecStart=/usr/bin/portmaster-core --data $STATE_DIRECTORY --disable-software-updates $PORTMASTER_ARGS 
+ExecStartPost=-/usr/bin/portmaster-start recover-iptables
+
+[Install]
+WantedBy=multi-user.target