git: 04d93cdfdfe4 - main - security/crowdsec-firewall-bouncer: update to 0.0.17
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 17 Dec 2021 12:39:42 UTC
The branch main has been updated by sbz:
URL: https://cgit.FreeBSD.org/ports/commit/?id=04d93cdfdfe4a4aab87b84021f0c486f8980feb7
commit 04d93cdfdfe4a4aab87b84021f0c486f8980feb7
Author: Sofian Brabez <sbz@FreeBSD.org>
AuthorDate: 2021-12-16 19:37:18 +0000
Commit: Sofian Brabez <sbz@FreeBSD.org>
CommitDate: 2021-12-17 12:32:57 +0000
security/crowdsec-firewall-bouncer: update to 0.0.17
Update to 0.0.17 release and pass the maintainership to the submitter.
PR: 260264
---
security/crowdsec-firewall-bouncer/Makefile | 47 +++++++++++++++-------
security/crowdsec-firewall-bouncer/distinfo | 8 ++--
.../files/crowdsec_firewall.in | 33 ++++++++++++---
.../crowdsec-firewall-bouncer/files/patch-Makefile | 11 +++++
.../files/pkg-deinstall.in | 8 ++++
.../crowdsec-firewall-bouncer/files/pkg-message.in | 22 ++++++++--
security/crowdsec-firewall-bouncer/pkg-plist | 4 +-
7 files changed, 104 insertions(+), 29 deletions(-)
diff --git a/security/crowdsec-firewall-bouncer/Makefile b/security/crowdsec-firewall-bouncer/Makefile
index 60925f445797..36a868801a50 100644
--- a/security/crowdsec-firewall-bouncer/Makefile
+++ b/security/crowdsec-firewall-bouncer/Makefile
@@ -1,40 +1,59 @@
PORTNAME= crowdsec-firewall-bouncer
-PORTVERSION= 0.0.13
+PORTVERSION= 0.0.17 # NOTE: change BUILD_VERSION and BUILD_TAG as well
DISTVERSIONPREFIX= v
CATEGORIES= security
-MAINTAINER= sbz@FreeBSD.org
-COMMENT= Crowdsec bouncer written in golang for firewalls
+MAINTAINER= marco@crowdsec.net
+COMMENT= CrowdSec bouncer written in golang for firewalls
LICENSE= MIT
LICENSE_FILE= ${WRKSRC}/LICENSE
+BUILD_DEPENDS= git:devel/git@lite \
+ go:lang/go
+
+USES= gmake
+
RUN_DEPENDS= crowdsec>0:security/crowdsec
-USES= go:modules
+USE_GITHUB= yes
+GH_ACCOUNT= crowdsecurity
+GH_PROJECT= cs-firewall-bouncer
+#GH_TAGNAME is automatically set from DISTVERSION
USE_RC_SUBR= crowdsec_firewall
-GO_MODULE= github.com/crowdsecurity/cs-firewall-bouncer
+SUB_FILES= pkg-message \
+ pkg-deinstall
+
+# BUILD_VERSION=$(git describe --tags $(git rev-list --tags --max-count=1))
+# BUILD_TAG=$(git rev-parse HEAD)
+MAKE_ENV= BUILD_VERSION="v0.0.17" \
+ BUILD_TAG="b330209afcdefd0046fd6790999bbb342c02f1b3"
-GO_BUILDFLAGS= -ldflags "-s -w \
- -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Version=v${PORTVERSION} \
- -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Tag=freebsd \
- -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.BuildDate=`date -u '+%Y-%m-%d_%I:%M:%S%p'`"
+ETCDIR= ${PREFIX}/etc/crowdsec/bouncers
-SUB_FILES= pkg-message
+do-patch:
+ cd ${WRKSRC} && go mod download github.com/mattn/go-sqlite3
post-patch:
${REINPLACE_CMD} 's,$${BACKEND},pf,g' \
${WRKSRC}/config/crowdsec-firewall-bouncer.yaml
do-install:
- @${MKDIR} ${STAGEDIR}${ETCDIR}
+ #
+ # Binaries
+ #
+
+ ${INSTALL_PROGRAM} ${WRKSRC}/crowdsec-firewall-bouncer \
+ ${STAGEDIR}${PREFIX}/bin/crowdsec-firewall-bouncer
+
+ #
+ # Configuration
+ #
+ @${MKDIR} ${STAGEDIR}${ETCDIR}
${INSTALL_DATA} ${WRKSRC}/config/crowdsec-firewall-bouncer.yaml \
${STAGEDIR}${ETCDIR}/crowdsec-firewall-bouncer.yaml.sample
- ${INSTALL_PROGRAM} ${WRKDIR}/bin/crowdsec-firewall-bouncer \
- ${STAGEDIR}${PREFIX}/bin/crowdsec-firewall-bouncer
-
.include <bsd.port.mk>
diff --git a/security/crowdsec-firewall-bouncer/distinfo b/security/crowdsec-firewall-bouncer/distinfo
index cf74c8b81d95..001ca177529b 100644
--- a/security/crowdsec-firewall-bouncer/distinfo
+++ b/security/crowdsec-firewall-bouncer/distinfo
@@ -1,5 +1,3 @@
-TIMESTAMP = 1625834541
-SHA256 (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.13/v0.0.13.mod) = c4ee3539ac5bd53f013e0798add577d5daef4480ad6910a3c35c381e74b26f63
-SIZE (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.13/v0.0.13.mod) = 935
-SHA256 (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.13/v0.0.13.zip) = 0817452582e7ff9f92ae7c51751c6de86a277d7b772e5ac1b35dc7a3ea35aba7
-SIZE (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.13/v0.0.13.zip) = 148490
+TIMESTAMP = 1637702397
+SHA256 (crowdsecurity-cs-firewall-bouncer-v0.0.17_GH0.tar.gz) = 53af239b86c6b554da3711e3686d7d3036d33b2e561bfb00e195b6c8a06918c8
+SIZE (crowdsecurity-cs-firewall-bouncer-v0.0.17_GH0.tar.gz) = 143037
diff --git a/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in b/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in
index 1bc55e6ca263..ee3dcc9f7325 100755
--- a/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in
+++ b/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in
@@ -18,13 +18,34 @@ rcvar=crowdsec_firewall_enable
load_rc_config $name
-: ${crowdsec_firewall_enable:="NO"}
-: ${crowdsec_firewall_config:="%%PREFIX%%/etc/crowdsec-firewall-bouncer/crowdsec-firewall-bouncer.yaml"}
+: "${crowdsec_firewall_enable:=NO}"
+: "${crowdsec_firewall_config:=%%ETCDIR%%/crowdsec-firewall-bouncer.yaml}"
-pidfile=/var/run/$name.pid
+pidfile=/var/run/${name}.pid
required_files="$crowdsec_firewall_config"
-procname="%%PREFIX%%/bin/crowdsec-firewall-bouncer"
-command=/usr/sbin/daemon
-command_args="-fp $pidfile -t '$desc' -- '$procname' -c '$crowdsec_firewall_config'"
+command="%%PREFIX%%/bin/crowdsec-firewall-bouncer"
+start_cmd="${name}_start"
+start_precmd="${name}_precmd"
+
+crowdsec_firewall_precmd() {
+ CSCLI=%%PREFIX%%/bin/cscli
+ orig_line="api_key: \${API_KEY}"
+ if grep -q "^${orig_line}" "${crowdsec_firewall_config}"; then
+ SUFFIX=$(LC_CTYPE=C tr -dc A-Za-z0-9 </dev/urandom | head -c 8)
+ BOUNCER="cs-firewall-bouncer-${SUFFIX}"
+ if command -v "$CSCLI" >/dev/null; then
+ API_KEY=$($CSCLI bouncers add "${BOUNCER}" -o raw)
+ if [ -n "$API_KEY" ]; then
+ sed -i "" "s/^${orig_line}/api_key: ${API_KEY} # ${BOUNCER}/" "${crowdsec_firewall_config}"
+ echo "Registered: ${BOUNCER}"
+ fi
+ fi
+ fi
+}
+
+crowdsec_firewall_start() {
+ /usr/sbin/daemon -f -p ${pidfile} -t "${desc}" -- \
+ ${command} -c "${crowdsec_firewall_config}"
+}
run_rc_command "$1"
diff --git a/security/crowdsec-firewall-bouncer/files/patch-Makefile b/security/crowdsec-firewall-bouncer/files/patch-Makefile
new file mode 100644
index 000000000000..6d9e9a2e2f42
--- /dev/null
+++ b/security/crowdsec-firewall-bouncer/files/patch-Makefile
@@ -0,0 +1,11 @@
+--- Makefile.orig 2021-12-07 09:00:17 UTC
++++ Makefile
+@@ -11,7 +11,7 @@ GOGET=$(GOCMD) get
+ BUILD_VERSION?="$(shell git describe --tags `git rev-list --tags --max-count=1`)"
+ BUILD_GOVERSION="$(shell go version | cut -d " " -f3 | sed -r 's/[go]+//g')"
+ BUILD_TIMESTAMP=$(shell date +%F"_"%T)
+-BUILD_TAG="$(shell git rev-parse HEAD)"
++BUILD_TAG?="$(shell git rev-parse HEAD)"
+ export LD_OPTS=-ldflags "-s -w -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Version=$(BUILD_VERSION) \
+ -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.BuildDate=$(BUILD_TIMESTAMP) \
+ -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Tag=$(BUILD_TAG) \
diff --git a/security/crowdsec-firewall-bouncer/files/pkg-deinstall.in b/security/crowdsec-firewall-bouncer/files/pkg-deinstall.in
new file mode 100644
index 000000000000..0324401c6e19
--- /dev/null
+++ b/security/crowdsec-firewall-bouncer/files/pkg-deinstall.in
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+case $2 in
+ DEINSTALL)
+ service crowdsec_firewall stop || :
+ ;;
+esac
+
diff --git a/security/crowdsec-firewall-bouncer/files/pkg-message.in b/security/crowdsec-firewall-bouncer/files/pkg-message.in
index 46710f5d090a..3929d468efd0 100644
--- a/security/crowdsec-firewall-bouncer/files/pkg-message.in
+++ b/security/crowdsec-firewall-bouncer/files/pkg-message.in
@@ -4,17 +4,33 @@
crowdsec-firewall-bouncer is installed.
-You need to edit the config file %%ETCDIR%%/crowdsec-firewall-bouncer.yaml, your pf
-config and enable rc via sysrc.
+The bouncer should register itself but you may want to check the
+configuration file, which is now in %%ETCDIR%%/crowdsec-firewall-bouncer.yaml
+(for consistency with the other platforms).
-Add the following in pf.conf to create the tables
+In previous versions, the configuration was in /usr/local/etc/crowdsec-firewall-bouncer, you may need
+to check if you made any changes there.
+If it's the first time, you need to edit your Packet Filter configuration.
+Add the following in /etc/pf.conf to create the tables:
+
+----------
# create crowdsec ipv4 table
table <crowdsec-blacklists> persist
# create crowdsec ipv6 table
table <crowdsec6-blacklists> persist
+block drop in quick from <crowdsec-blacklists> to any
+block drop in quick from <crowdsec6-blacklists> to any
+----------
+
+To apply the file:
+
+# pfctl -f /etc/pf.conf
+
+Then activate the bouncer via sysrc:
+
# sysrc crowdsec_firewall_enable="YES"
EOM
}
diff --git a/security/crowdsec-firewall-bouncer/pkg-plist b/security/crowdsec-firewall-bouncer/pkg-plist
index d47d3e2429aa..6a41287c1e57 100644
--- a/security/crowdsec-firewall-bouncer/pkg-plist
+++ b/security/crowdsec-firewall-bouncer/pkg-plist
@@ -1,2 +1,4 @@
-@sample etc/crowdsec-firewall-bouncer/crowdsec-firewall-bouncer.yaml.sample
+@mode 0755
bin/crowdsec-firewall-bouncer
+@mode 0600
+@sample %%ETCDIR%%/crowdsec-firewall-bouncer.yaml.sample