From nobody Fri Dec 17 12:39:41 2021
X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 9541F18FC824;
	Fri, 17 Dec 2021 12:39:41 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4JFpTT1v4fz3FSk;
	Fri, 17 Dec 2021 12:39:41 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 2191C1BD7A;
	Fri, 17 Dec 2021 12:39:41 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 1BHCdfoa053753;
	Fri, 17 Dec 2021 12:39:41 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 1BHCdfw5053752;
	Fri, 17 Dec 2021 12:39:41 GMT
	(envelope-from git)
Date: Fri, 17 Dec 2021 12:39:41 GMT
Message-Id: <202112171239.1BHCdfw5053752@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Sofian Brabez <sbz@FreeBSD.org>
Subject: git: 6713efec42d4 - main - security/crowdsec: update to 1.2.1
List-Id: Commits to the main branch of the FreeBSD ports repository <dev-commits-ports-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main
List-Help: <mailto:dev-commits-ports-main+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-main+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-main@freebsd.org
X-BeenThere: dev-commits-ports-main@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: sbz
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 6713efec42d49e664024afb6af6ecf696aa6dc21
Auto-Submitted: auto-generated
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1639744781;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=lIUHxv+AH1DQLsLjup+PaqnIS8M78A58a/j77n/+dBQ=;
	b=ENGnHKBUGR89ZpTmCOdU1rNgJd0Te5GRCKgv01AGugNOFypWxzaVjIpdJ5QXOpfEhFa1AC
	v26d5ltUnejbiA1XiKyIaX6F6IshMPx8k2ZnmrK0bYTaLihxsG3/74i1lwzvAF6GbIcGFX
	j3cWOcBmCg70afU387gXxR038/GEUMzw0wG0XOz8Bqeoqak3+NO/hzDEzx3+4FP86DCLkk
	1nw118f8ZnDMUt7nSBMTFDpltAmXYP5NvUCSQimUyTB6xxTwetFaAv2H2hnSnZuJlWYDU2
	rJrcQj+0qyCX7kmLbPsYbAKIjvCx8okyduCxzvq5nW+DBbIyVll7LU3LVnn3cw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1639744781; a=rsa-sha256; cv=none;
	b=IW+kONPSJxZ0pSGlPizcUGtXTOxEMl8uS4UIhR1+CrZ3UlrzPRbz3iFuQgIyqjVrbEXf+i
	OE5Ndp1Gz8hF0s97TuVC2WFtD6fPRdV0bPst4I5/ismWGbSaMynuayokXcbsbdwcZDUtw7
	QU01SR8gkWm785gGKKlNeCGfbWURldUpysS36gj+NbIorKPZVpoX9ZeKYSyrq9zePd04tl
	bWBawOe7ZgzZtXw2euqF4mRRNbgKbFL4sR866xw8Z1aPUulKi0sE4x9K6IsNV7BxHdu5Ch
	FAhZN7IkhpRxzzQnGeXfyPE2jdvj0TXx0nqczMvTM6eHK2KFTaEXJ6lFtjB0/g==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-ThisMailContainsUnwantedMimeParts: N

The branch main has been updated by sbz:

URL: https://cgit.FreeBSD.org/ports/commit/?id=6713efec42d49e664024afb6af6ecf696aa6dc21

commit 6713efec42d49e664024afb6af6ecf696aa6dc21
Author:     Sofian Brabez <sbz@FreeBSD.org>
AuthorDate: 2021-12-16 18:13:45 +0000
Commit:     Sofian Brabez <sbz@FreeBSD.org>
CommitDate: 2021-12-17 12:32:56 +0000

    security/crowdsec: update to 1.2.1
    
    Update to 1.2.1 release and pass the maintainership to the submitter.
    
    PR:             260262
---
 security/crowdsec/Makefile               | 107 ++++++++++++++++++++++++++-----
 security/crowdsec/distinfo               |   8 +--
 security/crowdsec/files/crowdsec.in      |  48 ++++++++++----
 security/crowdsec/files/patch-Makefile   |  11 ++++
 security/crowdsec/files/pkg-deinstall.in |   8 +++
 security/crowdsec/files/pkg-message.in   |  11 +++-
 security/crowdsec/pkg-plist              |  30 ++++++---
 7 files changed, 178 insertions(+), 45 deletions(-)

diff --git a/security/crowdsec/Makefile b/security/crowdsec/Makefile
index 9a6aa7ada379..f3683aee9c30 100644
--- a/security/crowdsec/Makefile
+++ b/security/crowdsec/Makefile
@@ -1,45 +1,122 @@
 PORTNAME=	crowdsec
-PORTVERSION=	1.1.1
+PORTVERSION=	1.2.1	# NOTE: change BUILD_VERSION and BUILD_TAG as well
 DISTVERSIONPREFIX=	v
 CATEGORIES=	security
 
-MAINTAINER=	sbz@FreeBSD.org
-COMMENT=	Crowdsec lightweight and collaborative security engine
+MAINTAINER=	marco@crowdsec.net
+COMMENT=	CrowdSec lightweight and collaborative security engine
 
 LICENSE=	MIT
 LICENSE_FILE=	${WRKSRC}/LICENSE
 
-USES=		go:modules
+BUILD_DEPENDS=	git:devel/git@lite \
+		go:lang/go \
+		jq:textproc/jq
+
+USES=		gmake
+
+USE_GITHUB=	yes
+GH_ACCOUNT=	crowdsecurity
+GH_PROJECT=	crowdsec
+#GH_TAGNAME is automatically set from DISTVERSION
 
 USE_RC_SUBR=	crowdsec
 
-GO_MODULE=	github.com/crowdsecurity/crowdsec
+USE_RC_SUBR=	crowdsec
 
-GO_BUILDFLAGS=	-ldflags "-s -w \
-		-X github.com/crowdsecurity/crowdsec/pkg/cwversion.Version=v${PORTVERSION} \
-		-X github.com/crowdsecurity/crowdsec/pkg/cwversion.System=freebsd \
-		-X github.com/crowdsecurity/crowdsec/pkg/cwversion.BuildDate=`date -u '+%Y-%m-%d_%I:%M:%S%p'`"
+SUB_FILES=	pkg-message \
+		pkg-deinstall
 
-GO_TARGET=	./cmd/crowdsec \
-		./cmd/crowdsec-cli
+# BUILD_VERSION=$(git describe --tags $(git rev-list --tags --max-count=1))
+# BUILD_TAG=$(git rev-parse HEAD)
+MAKE_ENV=	BUILD_VERSION="v1.2.1" \
+		BUILD_TAG="dd03d073558e380c283afe66942f537c3da647ff"
 
-SUB_FILES=	pkg-message
+PLUGIN_DIR=	${PREFIX}/lib/crowdsec/plugins
+STAGE_PLUGINS=	${STAGEDIR}${PLUGIN_DIR}
+STAGE_BIN=	${STAGEDIR}${PREFIX}/bin
 
 post-patch:
 	@${REINPLACE_CMD} 's,/etc/crowdsec/,${ETCDIR}/,g' \
 		${WRKSRC}/pkg/csconfig/config.go \
+		${WRKSRC}/pkg/cstest/hubtest_item.go \
 		${WRKSRC}/cmd/crowdsec-cli/machines.go \
 		${WRKSRC}/cmd/crowdsec-cli/main.go \
-		${WRKSRC}/cmd/crowdsec/main.go
+		${WRKSRC}/cmd/crowdsec/main.go \
+		${WRKSRC}/config/config.yaml \
+		${WRKSRC}/config/profiles.yaml
+
+	@${REINPLACE_CMD} 's,/var/lib/,/var/db/,g' \
+		${WRKSRC}/pkg/csconfig/config.go \
+		${WRKSRC}/pkg/metabase/database.go \
+		${WRKSRC}/config/config.yaml \
+		${WRKSRC}/config/profiles.yaml
 
 do-install:
+	#
+	# Binaries
+	#
+
+	${INSTALL_PROGRAM} ${WRKSRC}/cmd/crowdsec/crowdsec ${STAGE_BIN}/
+	${INSTALL_PROGRAM} ${WRKSRC}/cmd/crowdsec-cli/cscli ${STAGE_BIN}/
+	${LN} -s cscli ${STAGE_BIN}/crowdsec-cli
+
+	@${MKDIR} ${STAGE_PLUGINS}
+	${INSTALL_PROGRAM} ${WRKSRC}/plugins/notifications/http/notification-http ${STAGE_PLUGINS}/
+	${INSTALL_PROGRAM} ${WRKSRC}/plugins/notifications/slack/notification-slack ${STAGE_PLUGINS}/
+	${INSTALL_PROGRAM} ${WRKSRC}/plugins/notifications/splunk/notification-splunk ${STAGE_PLUGINS}/
+
+	#
+	# Configuration
+	#
+
 	@${MKDIR} ${STAGEDIR}${ETCDIR}
 	@(cd ${WRKSRC}/config && ${COPYTREE_SHARE} . ${STAGEDIR}${ETCDIR})
 
+	@${MV} ${STAGEDIR}${ETCDIR}/acquis.yaml \
+		${STAGEDIR}${ETCDIR}/acquis.yaml.sample
+
 	@${MV} ${STAGEDIR}${ETCDIR}/config.yaml \
 		${STAGEDIR}${ETCDIR}/config.yaml.sample
 
-	${INSTALL_PROGRAM} ${WRKDIR}/bin/crowdsec ${STAGEDIR}${PREFIX}/bin
-	${INSTALL_PROGRAM} ${WRKDIR}/bin/crowdsec-cli ${STAGEDIR}${PREFIX}/bin
+	@${MV} ${STAGEDIR}${ETCDIR}/profiles.yaml \
+		${STAGEDIR}${ETCDIR}/profiles.yaml.sample
+
+	# managed by "cscli simulation"
+	@${MV} ${STAGEDIR}${ETCDIR}/simulation.yaml \
+		${STAGEDIR}${ETCDIR}/simulation.yaml.sample
+
+	#
+	# Plugin configuration
+	#
+
+	@${MKDIR} ${STAGEDIR}${ETCDIR}/notifications
+
+	@${MKDIR} ${STAGEDIR}${ETCDIR}/notifications/http
+	@${MV} ${WRKSRC}/plugins/notifications/http/http.yaml \
+		${STAGEDIR}${ETCDIR}/notifications/http/http.yaml.sample
+
+	@${MKDIR} ${STAGEDIR}${ETCDIR}/notifications/slack
+	@${MV} ${WRKSRC}/plugins/notifications/slack/slack.yaml \
+		${STAGEDIR}${ETCDIR}/notifications/slack/slack.yaml.sample
+
+	@${MKDIR} ${STAGEDIR}${ETCDIR}/notifications/splunk
+	@${MV} ${WRKSRC}/plugins/notifications/splunk/splunk.yaml \
+		${STAGEDIR}${ETCDIR}/notifications/splunk/splunk.yaml.sample
+
+	# updated by "cscli machines" at first service start
+	@${MV} ${STAGEDIR}${ETCDIR}/local_api_credentials.yaml \
+		${STAGEDIR}${ETCDIR}/local_api_credentials.yaml.sample
+
+	# updated by "cscli capi" at first service start
+	@${MV} ${STAGEDIR}${ETCDIR}/online_api_credentials.yaml \
+		${STAGEDIR}${ETCDIR}/online_api_credentials.yaml.sample
+
+	#
+	# Data
+	#
+
+	@${MKDIR} ${STAGEDIR}${ETCDIR}/hub
+	@${MKDIR} ${STAGEDIR}/var/db/crowdsec/data
 
 .include <bsd.port.mk>
diff --git a/security/crowdsec/distinfo b/security/crowdsec/distinfo
index 2d309c313933..1eecdf198266 100644
--- a/security/crowdsec/distinfo
+++ b/security/crowdsec/distinfo
@@ -1,5 +1,3 @@
-TIMESTAMP = 1626257804
-SHA256 (go/security_crowdsec/crowdsec-v1.1.1/v1.1.1.mod) = f764f7d850f1e2306f6764e534ace7261f7dc99f3b4884c2b0f617cb791b35de
-SIZE (go/security_crowdsec/crowdsec-v1.1.1/v1.1.1.mod) = 3295
-SHA256 (go/security_crowdsec/crowdsec-v1.1.1/v1.1.1.zip) = f7e63641a67392d57412ab1ff86a26ae4deeb9fc8460542f6258f7c9f56238e9
-SIZE (go/security_crowdsec/crowdsec-v1.1.1/v1.1.1.zip) = 640252
+TIMESTAMP = 1637702390
+SHA256 (crowdsecurity-crowdsec-v1.2.1_GH0.tar.gz) = e3a9bbb70b1995a83c5001d06dbbcb5f59d43e4d7c18b60548f305a62d2dd6a3
+SIZE (crowdsecurity-crowdsec-v1.2.1_GH0.tar.gz) = 659398
diff --git a/security/crowdsec/files/crowdsec.in b/security/crowdsec/files/crowdsec.in
index 59219b42aa19..04b7c02130f9 100644
--- a/security/crowdsec/files/crowdsec.in
+++ b/security/crowdsec/files/crowdsec.in
@@ -22,9 +22,9 @@ rcvar=crowdsec_enable
 
 load_rc_config $name
 
-: ${crowdsec_enable:="NO"}
-: ${crowdsec_config:="%%PREFIX%%/etc/crowdsec/config.yaml"}
-: ${crowdsec_flags:=""}
+: "${crowdsec_enable:=NO}"
+: "${crowdsec_config:=%%PREFIX%%/etc/crowdsec/config.yaml}"
+: "${crowdsec_flags:=}"
 
 pidfile=/var/run/${name}.pid
 required_files="$crowdsec_config"
@@ -35,27 +35,49 @@ configtest_cmd="${name}_configtest"
 extra_commands="configtest reload"
 
 crowdsec_precmd() {
-    if [ ! -d %%PREFIX%%/etc/crowdsec/hub ]; then
-        %%PREFIX%%/bin/crowdsec-cli hub update || :
+    cs_cli() {
+        "%%PREFIX%%/bin/cscli" -c "${crowdsec_config}" "$@"
+    }
+    Config() {
+        cs_cli config show --key "Config.$1"
+    }
+
+    HUB_DIR=$(Config ConfigPaths.HubDir)
+    if ! ls -1qA "$HUB_DIR/*" >/dev/null 2>&1; then
+        echo "Fetching hub inventory"
+        cs_cli hub update || :
+    fi
+
+    if [ -z "$(cs_cli machines list -o raw)" ]; then
+        echo "Registering LAPI"
+        cs_cli machines add --auto || :
     fi
-    if [ -z "`%%PREFIX%%/bin/crowdsec-cli machines list -o raw`" ]; then
-        %%PREFIX%%/bin/crowdsec-cli machines add --auto || :
+
+    CONFIG_DIR=$(Config ConfigPaths.ConfigDir)
+    if [ ! -s "${CONFIG_DIR}/online_api_credentials.yaml" ]; then
+        echo "Registering CAPI"
+        cs_cli capi register || :
     fi
-    if [ ! -s %%PREFIX%%/etc/crowdsec/online_api_credentials.yaml ]; then
-        %%PREFIX%%/bin/crowdsec-cli capi register || :
+
+    cs_cli collections inspect crowdsecurity/linux >/dev/null || cs_cli collections install crowdsecurity/linux || :
+
+    DATA_DIR=$(Config ConfigPaths.DataDir)
+    if [ ! -f "${DATA_DIR}/GeoLite2-City.mmdb" ]; then
+        echo "Installing GeoIP enricher"
+        cs_cli parsers install crowdsecurity/geoip-enrich || :
     fi
 }
 
 crowdsec_start()
 {
-	/usr/sbin/daemon -f -p ${pidfile} -t "${desc}" \
-		${command} -c ${crowdsec_config} ${crowdsec_flags}
+    /usr/sbin/daemon -f -p ${pidfile} -t "${desc}" -- \
+        ${command} -c ${crowdsec_config} ${crowdsec_flags}
 }
 
 crowdsec_configtest()
 {
-	echo "Performing sanity check on ${name} configuration."
-	eval ${command} -c ${crowdsec_config} -t
+    echo "Performing sanity check on ${name} configuration."
+        eval ${command} -c ${crowdsec_config} -t
 }
 
 run_rc_command "$1"
diff --git a/security/crowdsec/files/patch-Makefile b/security/crowdsec/files/patch-Makefile
new file mode 100644
index 000000000000..909dceada263
--- /dev/null
+++ b/security/crowdsec/files/patch-Makefile
@@ -0,0 +1,11 @@
+--- Makefile.orig	2021-11-17 09:15:38 UTC
++++ Makefile
+@@ -42,7 +42,7 @@ BUILD_VERSION?="$(shell git describe --tags `git rev-l
+ BUILD_GOVERSION="$(shell go version | cut -d " " -f3 | sed -E 's/[go]+//g')"
+ BUILD_CODENAME=$(shell cat RELEASE.json | jq -r .CodeName)
+ BUILD_TIMESTAMP=$(shell date +%F"_"%T)
+-BUILD_TAG="$(shell git rev-parse HEAD)"
++BUILD_TAG?="$(shell git rev-parse HEAD)"
+ 
+ export LD_OPTS=-ldflags "-s -w -X github.com/crowdsecurity/crowdsec/pkg/cwversion.Version=$(BUILD_VERSION) \
+ -X github.com/crowdsecurity/crowdsec/pkg/cwversion.System=$(SYSTEM) \
diff --git a/security/crowdsec/files/pkg-deinstall.in b/security/crowdsec/files/pkg-deinstall.in
new file mode 100644
index 000000000000..1f067c828536
--- /dev/null
+++ b/security/crowdsec/files/pkg-deinstall.in
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+case $2 in
+       DEINSTALL)
+               service crowdsec stop || :
+               ;;
+esac
+
diff --git a/security/crowdsec/files/pkg-message.in b/security/crowdsec/files/pkg-message.in
index 93da4e2c4dae..0f59a21a5980 100644
--- a/security/crowdsec/files/pkg-message.in
+++ b/security/crowdsec/files/pkg-message.in
@@ -4,10 +4,17 @@
 
 crowdsec is installed.
 
-You need to edit the agent config file %%ETCDIR%%/crowdsec.yaml and
-enable rc via sysrc.
+You need to check/edit the following files in %%ETCDIR%% as described in https://doc.crowdsec.net/docs/configuration/crowdsec_configuration
+
+ - config.yaml: main configuration
+ - acquis.yaml: where to find logs to parse (this port does not include automatic discovery of the running services)
+ - profiles.yaml: remediation policies (ban, duration, etc)
+
+Then you can enable the daemon via sysrc and run it.
 
 # sysrc crowdsec_enable="YES"
+crowdsec_enable: NO -> YES
+# service crowdsec start
 EOM
 }
 ]
diff --git a/security/crowdsec/pkg-plist b/security/crowdsec/pkg-plist
index b3555470e374..5a02566e9cf2 100644
--- a/security/crowdsec/pkg-plist
+++ b/security/crowdsec/pkg-plist
@@ -1,12 +1,18 @@
-@sample %%ETCDIR%%/config.yaml.sample
+@mode 0755
 bin/crowdsec
+bin/cscli
 bin/crowdsec-cli
-%%ETCDIR%%/acquis.yaml
-%%ETCDIR%%/crowdsec.service
-%%ETCDIR%%/crowdsec_pull
-%%ETCDIR%%/dev.yaml
-%%ETCDIR%%/local_api_credentials.yaml
-%%ETCDIR%%/online_api_credentials.yaml
+@mode 0600
+@sample %%ETCDIR%%/local_api_credentials.yaml.sample
+@sample %%ETCDIR%%/online_api_credentials.yaml.sample
+@mode 0644
+@sample %%ETCDIR%%/acquis.yaml.sample
+@sample %%ETCDIR%%/config.yaml.sample
+@sample %%ETCDIR%%/profiles.yaml.sample
+@sample %%ETCDIR%%/simulation.yaml.sample
+@sample %%ETCDIR%%/notifications/http/http.yaml.sample
+@sample %%ETCDIR%%/notifications/slack/slack.yaml.sample
+@sample %%ETCDIR%%/notifications/splunk/splunk.yaml.sample
 %%ETCDIR%%/patterns/aws
 %%ETCDIR%%/patterns/bacula
 %%ETCDIR%%/patterns/bro
@@ -31,6 +37,10 @@ bin/crowdsec-cli
 %%ETCDIR%%/patterns/smb
 %%ETCDIR%%/patterns/ssh
 %%ETCDIR%%/patterns/tcpdump
-%%ETCDIR%%/profiles.yaml
-%%ETCDIR%%/simulation.yaml
-%%ETCDIR%%/user.yaml
+@mode 0755
+lib/crowdsec/plugins/notification-http
+lib/crowdsec/plugins/notification-slack
+lib/crowdsec/plugins/notification-splunk
+@dir %%ETCDIR%%/hub
+@dir /var/db/crowdsec/data
+@dir /var/db/crowdsec