Attachment #238116 for bug #267808




PORTNAME=	crowdsec-blocklist-mirror
DISTVERSIONPREFIX=	v
DISTVERSION=	0.0.1
CATEGORIES=	security

MAINTAINER=	marco@crowdsec.net
COMMENT=	CrowdSec Blocklist Mirror
WWW=		https://github.com/crowdsecurity/cs-blocklist-mirror

LICENSE=	MIT
LICENSE_FILE=	${WRKSRC}/LICENSE

BUILD_DEPENDS=	git:devel/git@lite

USES=		gmake go:no_targets

USE_GITHUB=	yes
GH_ACCOUNT=	crowdsecurity
GH_PROJECT=	cs-blocklist-mirror
GH_TAGNAME=	${DISTVERSIONFULL}-freebsd
_BUILD_TAG=     24a43080
USE_RC_SUBR=	crowdsec_mirror

MAKE_ARGS=	BUILD_VERSION="${DISTVERSIONFULL}" \
		BUILD_TAG="${_BUILD_TAG}" \
		BUILD_VENDOR_FLAGS="-mod=vendor -modcacherw"

SUB_FILES=	pkg-deinstall pkg-install pkg-message

ETCDIR=		${PREFIX}/etc/crowdsec/bouncers

do-install:
	#
	# Binaries
	#

	${INSTALL_PROGRAM} ${WRKSRC}/crowdsec-blocklist-mirror \
		${STAGEDIR}${PREFIX}/bin/crowdsec-blocklist-mirror

	#
	# Configuration
	#

	@${MKDIR} ${STAGEDIR}${ETCDIR}
	${INSTALL_DATA} ${WRKSRC}/config/crowdsec-blocklist-mirror.yaml \
		${STAGEDIR}${ETCDIR}/crowdsec-blocklist-mirror.yaml.sample

.include <bsd.port.mk>

Added Link Here

(-)b/security/crowdsec-blocklist-mirror/distinfo (+3 lines)
1	TIMESTAMP = 1664462306
2	SHA256 (crowdsecurity-cs-blocklist-mirror-v0.0.1-v0.0.1-freebsd_GH0.tar.gz) = a3e35eb6bba0a5b34a2fd50fb7223378c6ac268311d2ebe7fefd0381bc39e7d5
3	SIZE (crowdsecurity-cs-blocklist-mirror-v0.0.1-v0.0.1-freebsd_GH0.tar.gz) = 2444802




#!/bin/sh
#
# PROVIDE: crowdsec_mirror
# REQUIRE: LOGIN DAEMON NETWORKING
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# crowdsec_mirror_enable (bool):	Set it to YES to enable the blocklist mirror.
#					Default is "NO"
# crowdsec_mirror_config (str):		Set the config path.
#					Default is "%%ETCDIR%%/crowdsec-blocklist-mirror.yaml"
# crowdsec_mirror_flags (str):		extra flags to run bouncer.
#					Default is ""

. /etc/rc.subr

name=crowdsec_mirror
desc="Crowdsec Blocklist Mirror"
rcvar=crowdsec_mirror_enable

load_rc_config $name

: "${crowdsec_mirror_enable:=NO}"
: "${crowdsec_mirror_config:=%%ETCDIR%%/crowdsec-blocklist-mirror.yaml}"
: "${crowdsec_mirror_flags:=}"

pidfile=/var/run/${name}.pid
required_files="$crowdsec_mirror_config"
command="%%PREFIX%%/bin/crowdsec-blocklist-mirror"
start_cmd="${name}_start"
start_precmd="${name}_precmd"

crowdsec_mirror_precmd() {
    CSCLI=%%PREFIX%%/bin/cscli
    orig_line="lapi_key: \${API_KEY}"
    # IF the bouncer is not configured
    if grep -q "${orig_line}" "${crowdsec_mirror_config}"; then
        SUFFIX=$(jot -r -c 10 a z | rs -g0)
        BOUNCER="cs-blocklist-mirror-${SUFFIX}"
        # AND crowdsec is installed..
        if command -v "$CSCLI" >/dev/null; then
            # THEN, register it to the local API
            API_KEY="$($CSCLI bouncers add "${BOUNCER}" -o raw)"
            if [ -n "$API_KEY" ]; then
                sed -i "" "s/${orig_line}/lapi_key: ${API_KEY}     # ${BOUNCER}/" "${crowdsec_mirror_config}"
                echo "Registered: ${BOUNCER}"
            fi
        fi
    fi

    orig_line="lapi_url: \${CROWDSEC_LAPI_URL}"
    # IF the lapi endpoint is not configured
    if grep -q "${orig_line}" "${crowdsec_mirror_config}"; then
        # AND crowdsec is installed..
        if command -v "$CSCLI" >/dev/null; then
            # THEN, use the listen address
            CROWDSEC_LAPI_ENDPOINT="$($CSCLI config show --key Config.API.Server.ListenURI)"
            if [ -n "$CROWDSEC_LAPI_ENDPOINT" ]; then
                sed -i "" "s#${orig_line}#lapi_url: http://${CROWDSEC_LAPI_ENDPOINT}#" "${crowdsec_mirror_config}"
                echo "LAPI listen address set up."
            fi
        fi
    fi
}

crowdsec_mirror_start() {
    /usr/sbin/daemon -f -p ${pidfile} -t "${desc}" -- \
        ${command} -c "${crowdsec_mirror_config}" ${crowdsec_mirror_flags}
}

run_rc_command "$1"

Added Link Here

(-)b/security/crowdsec-blocklist-mirror/files/pkg-deinstall.in (+9 lines)
1	#!/bin/sh
2
3	case $2 in
4	"DEINSTALL")
5	service crowdsec_mirror status 2>/dev/null && touch /var/run/crowdsec_mirror.running
6	service crowdsec_mirror stop 2>/dev/null \|\| :
7	;;
8	esac
9

Added Link Here

(-)b/security/crowdsec-blocklist-mirror/files/pkg-install.in (+10 lines)
1	#!/bin/sh
2
3	case $2 in
4	"POST-INSTALL")
5	if [ -e /var/run/crowdsec_mirror.running ]; then
6	service crowdsec_mirror start
7	rm -f /var/run/crowdsec_mirror.running
8	fi
9	;;
10	esac




[
{ type: install
  message: <<EOM

crowdsec-blocklist-mirror is installed.

If you are running crowdsec on this machine, the bouncer will register itself with
the Local API when it's started the first time.

If the LAPI is on another machine, you need to manually register the bouncer
and fill lapi_key and lapi_url in %%ETCDIR%%/crowdsec-blocklist-mirror.yaml before
starting the service.

Please refer to the documentation at
https://docs.crowdsec.net/docs/bouncers/blocklist-mirror/

Then activate the bouncer via sysrc and run it:

----------
# sysrc crowdsec_mirror_enable="YES"
crowdsec_mirror_enable: NO -> YES
# service crowdsec_mirror start
----------

The blocklist is available by default at
'http://127.0.0.1:41412/security/blocklist', check the configuration file to
change address, endpoint or add some authentication.

EOM
}
]

Added Link Here

(-)b/security/crowdsec-blocklist-mirror/pkg-descr (+3 lines)
1	CrowdSec Blocklist Mirror
2
3	Publish CrowdSec decisions via HTTP, to be consumed by network appliances.

Added Link Here

(-)b/security/crowdsec-blocklist-mirror/pkg-plist (+4 lines)
1	@mode 0755
2	bin/crowdsec-blocklist-mirror
3	@mode 0600
4	@sample %%ETCDIR%%/crowdsec-blocklist-mirror.yaml.sample




PORTNAME=	crowdsec
DISTVERSIONPREFIX=	v
DISTVERSION=	1.4.2
PORTREVISION=	2
CATEGORIES=	security

MAINTAINER=	marco@crowdsec.net

GH_ACCOUNT=	crowdsecurity
GH_PROJECT=	crowdsec
GH_TAGNAME=	${DISTVERSIONFULL}-freebsd
_BUILD_TAG=	6dc63b9e
USE_RC_SUBR=	crowdsec

MAKE_ARGS=	BUILD_VERSION="${DISTVERSIONFULL}" \
		BUILD_TAG="${_BUILD_TAG}" \
		BUILD_VENDOR_FLAGS="-mod=vendor -modcacherw" \
		DEFAULT_CONFIGDIR="${PREFIX}/etc/crowdsec" \
		DEFAULT_DATADIR="/var/db/crowdsec/data"

ALL_TARGET=	build

SUB_FILES=	pkg-deinstall pkg-install pkg-message crowdsec.cron upgrade-hub

OPTIONS_DEFINE=	FIREWALL_BOUNCER
OPTIONS_DEFAULT=

		${WRKSRC}/config/config.yaml \
		${WRKSRC}/config/profiles.yaml

post-install:
	@${MKDIR} ${STAGEDIR}${PREFIX}/etc/cron.d
	@${INSTALL_DATA} ${WRKDIR}/crowdsec.cron ${STAGEDIR}${PREFIX}/etc/cron.d/crowdsec

do-install:
	#
	# Binaries

	@${MKDIR} ${STAGEDIR}${ETCDIR}/hub
	@${MKDIR} ${STAGEDIR}/var/db/crowdsec/data

	#
	# Cron
	#

	@${MKDIR} ${STAGEDIR}${PREFIX}/libexec/crowdsec
	${INSTALL_DATA} ${WRKDIR}/upgrade-hub \
		${STAGEDIR}${PREFIX}/libexec/crowdsec/upgrade-hub

	#
	# Cleanup
	#

	@${RM} ${STAGEDIR}${ETCDIR}/acquis_win.yaml
	@${RM} ${STAGEDIR}${ETCDIR}/config_win_no_lapi.yaml
	@${RM} ${STAGEDIR}${ETCDIR}/config_win.yaml
	@${RM} ${STAGEDIR}${ETCDIR}/crowdsec.cron.daily
	@${RM} ${STAGEDIR}${ETCDIR}/crowdsec.service
	@${RM} ${STAGEDIR}${ETCDIR}/dev.yaml
	@${RM} ${STAGEDIR}${ETCDIR}/user.yaml
	@${RM} ${STAGEDIR}${ETCDIR}/acquis_win.yaml
	@${RM} ${STAGEDIR}${ETCDIR}/config_win.yaml
	@${RM} ${STAGEDIR}${ETCDIR}/config_win_no_lapi.yaml
	@${RMDIR} ${STAGEDIR}${ETCDIR}/notifications/email
	@${RMDIR} ${STAGEDIR}${ETCDIR}/notifications/http
	@${RMDIR} ${STAGEDIR}${ETCDIR}/notifications/slack

Lines 1-3 Link Here

(-)b/security/crowdsec/distinfo (-3 / +3 lines)
1	TIMESTAMP = 1658844897	1	TIMESTAMP = 1668590233
2	SHA256 (crowdsecurity-crowdsec-v1.4.1-v1.4.1-freebsd_GH0.tar.gz) = a05e75838f4c4e87906ab6df846cc73b4701f6460834e35e5b64b7774e16bb63	2	SHA256 (crowdsecurity-crowdsec-v1.4.2-v1.4.2-freebsd_GH0.tar.gz) = e000798c2025352802a98b0e42c967b5b15bd5c4fd47f8c78581b3f8756208fb
3	SIZE (crowdsecurity-crowdsec-v1.4.1-v1.4.1-freebsd_GH0.tar.gz) = 20805956	3	SIZE (crowdsecurity-crowdsec-v1.4.2-v1.4.2-freebsd_GH0.tar.gz) = 21309952

Added Link Here

(-)b/security/crowdsec/files/crowdsec.cron.in (+2 lines)
1	#minute hour mday month wday who command
2	0 3 * * * root %%PREFIX%%/libexec/crowdsec/upgrade-hub




--- Makefile.orig	2022-02-10 09:11:04 UTC
+++ Makefile
@@ -58,8 +58,8 @@ LD_OPTS_VARS= \
 -X github.com/crowdsecurity/crowdsec/pkg/csconfig.defaultConfigDir=$(DEFAULT_CONFIGDIR) \
 -X github.com/crowdsecurity/crowdsec/pkg/csconfig.defaultDataDir=$(DEFAULT_DATADIR)
 
-export LD_OPTS=-ldflags "-s -w $(LD_OPTS_VARS)"
-export LD_OPTS_STATIC=-ldflags "-s -w $(LD_OPTS_VARS) -extldflags '-static'"
+export LD_OPTS=-mod vendor -modcacherw -ldflags "-s -w $(LD_OPTS_VARS)"
+export LD_OPTS_STATIC=-mod vendor -modcacherw -ldflags "-s -w $(LD_OPTS_VARS) -extldflags '-static'"
 
 RELDIR = crowdsec-$(BUILD_VERSION)

Lines 2-9 Link Here

(-)b/security/crowdsec/files/pkg-deinstall.in (-2 / +2 lines)
2		2
3	case $2 in	3	case $2 in
4	"DEINSTALL")	4	"DEINSTALL")
5	service crowdsec status && touch /var/run/crowdsec.running	5	service crowdsec status 2>/dev/null && touch /var/run/crowdsec.running
6	service crowdsec stop \|\| :	6	service crowdsec stop 2>/dev/null \|\| :
7	;;	7	;;
8	esac	8	esac
9		9

Lines 7-13 crowdsec is installed. Link Here

(-)b/security/crowdsec/files/pkg-message.in (-1 / +1 lines)
7	You need to check/edit the following files in %%ETCDIR%% as described in https://doc.crowdsec.net/docs/configuration/crowdsec_configuration	7	You need to check/edit the following files in %%ETCDIR%% as described in https://doc.crowdsec.net/docs/configuration/crowdsec_configuration
8		8
9	- config.yaml: main configuration	9	- config.yaml: main configuration
10	- acquis.yaml: where to find logs to parse (this port does not include automatic discovery of the running services)	10	- acquis.yaml, acquis.d: datasource configuration (this port does not include automatic discovery of the running services)
11	- profiles.yaml: remediation policies (ban, duration, etc)	11	- profiles.yaml: remediation policies (ban, duration, etc)
12		12
13	Then you can enable the daemon via sysrc and run it.	13	Then you can enable the daemon via sysrc and run it.




#!/bin/sh

test -x /usr/local/bin/cscli || exit 0

# favor the opnsense plugin's cron if it's there
test -e /usr/local/etc/cron.d/oscrowdsec.cron && exit 0

/usr/local/bin/cscli --error hub update

upgraded=$(/usr/local/bin/cscli --error hub upgrade)
if [ -n "$upgraded" ]; then
    # splay initial metrics push
    sleep $(jot -r 1 1 60)
    service crowdsec reload
fi

exit 0




bin/crowdsec
bin/cscli
bin/crowdsec-cli
libexec/crowdsec/upgrade-hub
@mode 0600
@sample %%ETCDIR%%/config.yaml.sample
@sample %%ETCDIR%%/local_api_credentials.yaml.sample
@sample %%ETCDIR%%/online_api_credentials.yaml.sample
@sample %%ETCDIR%%/notifications/email.yaml.sample
@sample %%ETCDIR%%/notifications/http.yaml.sample
@sample %%ETCDIR%%/notifications/slack.yaml.sample
@sample %%ETCDIR%%/notifications/splunk.yaml.sample
@mode 0644
@sample %%ETCDIR%%/acquis.yaml.sample
@sample %%ETCDIR%%/config.yaml.sample
@sample %%ETCDIR%%/console.yaml.sample
@sample %%ETCDIR%%/profiles.yaml.sample
@sample %%ETCDIR%%/simulation.yaml.sample
@sample %%ETCDIR%%/notifications/email.yaml.sample
@sample %%ETCDIR%%/notifications/http.yaml.sample
@sample %%ETCDIR%%/notifications/slack.yaml.sample
@sample %%ETCDIR%%/notifications/splunk.yaml.sample
%%ETCDIR%%/patterns/aws
%%ETCDIR%%/patterns/bacula
%%ETCDIR%%/patterns/bro

%%ETCDIR%%/patterns/smb
%%ETCDIR%%/patterns/ssh
%%ETCDIR%%/patterns/tcpdump
etc/cron.d/crowdsec
@mode 0755
lib/crowdsec/plugins/notification-email
lib/crowdsec/plugins/notification-http
- 

Return to bug 267808

Added Link Here

(-)b/security/crowdsec-blocklist-mirror/Makefile (+48 lines)
1	PORTNAME= crowdsec-blocklist-mirror
2	DISTVERSIONPREFIX= v
3	DISTVERSION= 0.0.1
4	CATEGORIES= security
5
6	MAINTAINER= marco@crowdsec.net
7	COMMENT= CrowdSec Blocklist Mirror
8	WWW= https://github.com/crowdsecurity/cs-blocklist-mirror
9
10	LICENSE= MIT
11	LICENSE_FILE= ${WRKSRC}/LICENSE
12
13	BUILD_DEPENDS= git:devel/git@lite
14
15	USES= gmake go:no_targets
16
17	USE_GITHUB= yes
18	GH_ACCOUNT= crowdsecurity
19	GH_PROJECT= cs-blocklist-mirror
20	GH_TAGNAME= ${DISTVERSIONFULL}-freebsd
21	_BUILD_TAG= 24a43080
22	USE_RC_SUBR= crowdsec_mirror
23
24	MAKE_ARGS= BUILD_VERSION="${DISTVERSIONFULL}" \
25	BUILD_TAG="${_BUILD_TAG}" \
26	BUILD_VENDOR_FLAGS="-mod=vendor -modcacherw"
27
28	SUB_FILES= pkg-deinstall pkg-install pkg-message
29
30	ETCDIR= ${PREFIX}/etc/crowdsec/bouncers
31
32	do-install:
33	#
34	# Binaries
35	#
36
37	${INSTALL_PROGRAM} ${WRKSRC}/crowdsec-blocklist-mirror \
38	${STAGEDIR}${PREFIX}/bin/crowdsec-blocklist-mirror
39
40	#
41	# Configuration
42	#
43
44	@${MKDIR} ${STAGEDIR}${ETCDIR}
45	${INSTALL_DATA} ${WRKSRC}/config/crowdsec-blocklist-mirror.yaml \
46	${STAGEDIR}${ETCDIR}/crowdsec-blocklist-mirror.yaml.sample
47
48	.include <bsd.port.mk>

Added Link Here

(-)b/security/crowdsec-blocklist-mirror/files/crowdsec_mirror.in (+73 lines)
1	#!/bin/sh
2	#
3	# PROVIDE: crowdsec_mirror
4	# REQUIRE: LOGIN DAEMON NETWORKING
5	# KEYWORD: shutdown
6	#
7	# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
8	# to enable this service:
9	#
10	# crowdsec_mirror_enable (bool): Set it to YES to enable the blocklist mirror.
11	# Default is "NO"
12	# crowdsec_mirror_config (str): Set the config path.
13	# Default is "%%ETCDIR%%/crowdsec-blocklist-mirror.yaml"
14	# crowdsec_mirror_flags (str): extra flags to run bouncer.
15	# Default is ""
16
17	. /etc/rc.subr
18
19	name=crowdsec_mirror
20	desc="Crowdsec Blocklist Mirror"
21	rcvar=crowdsec_mirror_enable
22
23	load_rc_config $name
24
25	: "${crowdsec_mirror_enable:=NO}"
26	: "${crowdsec_mirror_config:=%%ETCDIR%%/crowdsec-blocklist-mirror.yaml}"
27	: "${crowdsec_mirror_flags:=}"
28
29	pidfile=/var/run/${name}.pid
30	required_files="$crowdsec_mirror_config"
31	command="%%PREFIX%%/bin/crowdsec-blocklist-mirror"
32	start_cmd="${name}_start"
33	start_precmd="${name}_precmd"
34
35	crowdsec_mirror_precmd() {
36	CSCLI=%%PREFIX%%/bin/cscli
37	orig_line="lapi_key: \${API_KEY}"
38	# IF the bouncer is not configured
39	if grep -q "${orig_line}" "${crowdsec_mirror_config}"; then
40	SUFFIX=$(jot -r -c 10 a z \| rs -g0)
41	BOUNCER="cs-blocklist-mirror-${SUFFIX}"
42	# AND crowdsec is installed..
43	if command -v "$CSCLI" >/dev/null; then
44	# THEN, register it to the local API
45	API_KEY="$($CSCLI bouncers add "${BOUNCER}" -o raw)"
46	if [ -n "$API_KEY" ]; then
47	sed -i "" "s/${orig_line}/lapi_key: ${API_KEY} # ${BOUNCER}/" "${crowdsec_mirror_config}"
48	echo "Registered: ${BOUNCER}"
49	fi
50	fi
51	fi
52
53	orig_line="lapi_url: \${CROWDSEC_LAPI_URL}"
54	# IF the lapi endpoint is not configured
55	if grep -q "${orig_line}" "${crowdsec_mirror_config}"; then
56	# AND crowdsec is installed..
57	if command -v "$CSCLI" >/dev/null; then
58	# THEN, use the listen address
59	CROWDSEC_LAPI_ENDPOINT="$($CSCLI config show --key Config.API.Server.ListenURI)"
60	if [ -n "$CROWDSEC_LAPI_ENDPOINT" ]; then
61	sed -i "" "s#${orig_line}#lapi_url: http://${CROWDSEC_LAPI_ENDPOINT}#" "${crowdsec_mirror_config}"
62	echo "LAPI listen address set up."
63	fi
64	fi
65	fi
66	}
67
68	crowdsec_mirror_start() {
69	/usr/sbin/daemon -f -p ${pidfile} -t "${desc}" -- \
70	${command} -c "${crowdsec_mirror_config}" ${crowdsec_mirror_flags}
71	}
72
73	run_rc_command "$1"

Added Link Here

(-)b/security/crowdsec-blocklist-mirror/files/pkg-message.in (+31 lines)
1	[
2	{ type: install
3	message: <<EOM
4
5	crowdsec-blocklist-mirror is installed.
6
7	If you are running crowdsec on this machine, the bouncer will register itself with
8	the Local API when it's started the first time.
9
10	If the LAPI is on another machine, you need to manually register the bouncer
11	and fill lapi_key and lapi_url in %%ETCDIR%%/crowdsec-blocklist-mirror.yaml before
12	starting the service.
13
14	Please refer to the documentation at
15	https://docs.crowdsec.net/docs/bouncers/blocklist-mirror/
16
17	Then activate the bouncer via sysrc and run it:
18
19	----------
20	# sysrc crowdsec_mirror_enable="YES"
21	crowdsec_mirror_enable: NO -> YES
22	# service crowdsec_mirror start
23	----------
24
25	The blocklist is available by default at
26	'http://127.0.0.1:41412/security/blocklist', check the configuration file to
27	change address, endpoint or add some authentication.
28
29	EOM
30	}
31	]

Lines 1-7 Link Here

(-)b/security/crowdsec/Makefile (-8 / +22 lines)
1	PORTNAME= crowdsec	1	PORTNAME= crowdsec
2	DISTVERSIONPREFIX= v	2	DISTVERSIONPREFIX= v
3	DISTVERSION= 1.4.1	3	DISTVERSION= 1.4.2
4	PORTREVISION= 2
5	CATEGORIES= security	4	CATEGORIES= security
6		5
7	MAINTAINER= marco@crowdsec.net	6	MAINTAINER= marco@crowdsec.net
Lines 19-34 USE_GITHUB= yes Link Here
19	GH_ACCOUNT= crowdsecurity	18	GH_ACCOUNT= crowdsecurity
20	GH_PROJECT= crowdsec	19	GH_PROJECT= crowdsec
21	GH_TAGNAME= ${DISTVERSIONFULL}-freebsd	20	GH_TAGNAME= ${DISTVERSIONFULL}-freebsd
22	_BUILD_TAG= 527995f	21	_BUILD_TAG= 6dc63b9e
23	USE_RC_SUBR= crowdsec	22	USE_RC_SUBR= crowdsec
24		23
25	MAKE_ENV= BUILD_VERSION="${DISTVERSIONFULL}" \	24	MAKE_ARGS= BUILD_VERSION="${DISTVERSIONFULL}" \
26	BUILD_TAG="${_BUILD_TAG}" \	25	BUILD_TAG="${_BUILD_TAG}" \
		26	BUILD_VENDOR_FLAGS="-mod=vendor -modcacherw" \
27	DEFAULT_CONFIGDIR="${PREFIX}/etc/crowdsec" \	27	DEFAULT_CONFIGDIR="${PREFIX}/etc/crowdsec" \
28	DEFAULT_DATADIR="/var/db/crowdsec/data"	28	DEFAULT_DATADIR="/var/db/crowdsec/data"
		29
29	ALL_TARGET= build	30	ALL_TARGET= build
30		31
31	SUB_FILES= pkg-deinstall pkg-install pkg-message	32	SUB_FILES= pkg-deinstall pkg-install pkg-message crowdsec.cron upgrade-hub
32		33
33	OPTIONS_DEFINE= FIREWALL_BOUNCER	34	OPTIONS_DEFINE= FIREWALL_BOUNCER
34	OPTIONS_DEFAULT=	35	OPTIONS_DEFAULT=
Lines 49-54 post-patch: Link Here
49	${WRKSRC}/config/config.yaml \	50	${WRKSRC}/config/config.yaml \
50	${WRKSRC}/config/profiles.yaml	51	${WRKSRC}/config/profiles.yaml
51		52
		53	post-install:
		54	@${MKDIR} ${STAGEDIR}${PREFIX}/etc/cron.d
		55	@${INSTALL_DATA} ${WRKDIR}/crowdsec.cron ${STAGEDIR}${PREFIX}/etc/cron.d/crowdsec
		56
52	do-install:	57	do-install:
53	#	58	#
54	# Binaries	59	# Binaries
Lines 124-139 do-install: Link Here
124	@${MKDIR} ${STAGEDIR}${ETCDIR}/hub	129	@${MKDIR} ${STAGEDIR}${ETCDIR}/hub
125	@${MKDIR} ${STAGEDIR}/var/db/crowdsec/data	130	@${MKDIR} ${STAGEDIR}/var/db/crowdsec/data
126		131
		132	#
		133	# Cron
		134	#
		135
		136	@${MKDIR} ${STAGEDIR}${PREFIX}/libexec/crowdsec
		137	${INSTALL_DATA} ${WRKDIR}/upgrade-hub \
		138	${STAGEDIR}${PREFIX}/libexec/crowdsec/upgrade-hub
		139
127	#	140	#
128	# Cleanup	141	# Cleanup
129	#	142	#
130		143
		144	@${RM} ${STAGEDIR}${ETCDIR}/acquis_win.yaml
		145	@${RM} ${STAGEDIR}${ETCDIR}/config_win_no_lapi.yaml
		146	@${RM} ${STAGEDIR}${ETCDIR}/config_win.yaml
		147	@${RM} ${STAGEDIR}${ETCDIR}/crowdsec.cron.daily
131	@${RM} ${STAGEDIR}${ETCDIR}/crowdsec.service	148	@${RM} ${STAGEDIR}${ETCDIR}/crowdsec.service
132	@${RM} ${STAGEDIR}${ETCDIR}/dev.yaml	149	@${RM} ${STAGEDIR}${ETCDIR}/dev.yaml
133	@${RM} ${STAGEDIR}${ETCDIR}/user.yaml	150	@${RM} ${STAGEDIR}${ETCDIR}/user.yaml
134	@${RM} ${STAGEDIR}${ETCDIR}/acquis_win.yaml
135	@${RM} ${STAGEDIR}${ETCDIR}/config_win.yaml
136	@${RM} ${STAGEDIR}${ETCDIR}/config_win_no_lapi.yaml
137	@${RMDIR} ${STAGEDIR}${ETCDIR}/notifications/email	151	@${RMDIR} ${STAGEDIR}${ETCDIR}/notifications/email
138	@${RMDIR} ${STAGEDIR}${ETCDIR}/notifications/http	152	@${RMDIR} ${STAGEDIR}${ETCDIR}/notifications/http
139	@${RMDIR} ${STAGEDIR}${ETCDIR}/notifications/slack	153	@${RMDIR} ${STAGEDIR}${ETCDIR}/notifications/slack

Removed Link Here

(-)a/security/crowdsec/files/patch-Makefile (-12 lines)
1	--- Makefile.orig 2022-02-10 09:11:04 UTC
2	+++ Makefile
3	@@ -58,8 +58,8 @@ LD_OPTS_VARS= \
4	-X github.com/crowdsecurity/crowdsec/pkg/csconfig.defaultConfigDir=$(DEFAULT_CONFIGDIR) \
5	-X github.com/crowdsecurity/crowdsec/pkg/csconfig.defaultDataDir=$(DEFAULT_DATADIR)
6
7	-export LD_OPTS=-ldflags "-s -w $(LD_OPTS_VARS)"
8	-export LD_OPTS_STATIC=-ldflags "-s -w $(LD_OPTS_VARS) -extldflags '-static'"
9	+export LD_OPTS=-mod vendor -modcacherw -ldflags "-s -w $(LD_OPTS_VARS)"
10	+export LD_OPTS_STATIC=-mod vendor -modcacherw -ldflags "-s -w $(LD_OPTS_VARS) -extldflags '-static'"
11
12	RELDIR = crowdsec-$(BUILD_VERSION)

Added Link Here

(-)b/security/crowdsec/files/upgrade-hub.in (+17 lines)
1	#!/bin/sh
2
3	test -x /usr/local/bin/cscli \|\| exit 0
4
5	# favor the opnsense plugin's cron if it's there
6	test -e /usr/local/etc/cron.d/oscrowdsec.cron && exit 0
7
8	/usr/local/bin/cscli --error hub update
9
10	upgraded=$(/usr/local/bin/cscli --error hub upgrade)
11	if [ -n "$upgraded" ]; then
12	# splay initial metrics push
13	sleep $(jot -r 1 1 60)
14	service crowdsec reload
15	fi
16
17	exit 0

Lines 2-20 Link Here

(-)b/security/crowdsec/pkg-plist (-6 / +7 lines)
2	bin/crowdsec	2	bin/crowdsec
3	bin/cscli	3	bin/cscli
4	bin/crowdsec-cli	4	bin/crowdsec-cli
		5	libexec/crowdsec/upgrade-hub
5	@mode 0600	6	@mode 0600
		7	@sample %%ETCDIR%%/config.yaml.sample
6	@sample %%ETCDIR%%/local_api_credentials.yaml.sample	8	@sample %%ETCDIR%%/local_api_credentials.yaml.sample
7	@sample %%ETCDIR%%/online_api_credentials.yaml.sample	9	@sample %%ETCDIR%%/online_api_credentials.yaml.sample
		10	@sample %%ETCDIR%%/notifications/email.yaml.sample
		11	@sample %%ETCDIR%%/notifications/http.yaml.sample
		12	@sample %%ETCDIR%%/notifications/slack.yaml.sample
		13	@sample %%ETCDIR%%/notifications/splunk.yaml.sample
8	@mode 0644	14	@mode 0644
9	@sample %%ETCDIR%%/acquis.yaml.sample	15	@sample %%ETCDIR%%/acquis.yaml.sample
10	@sample %%ETCDIR%%/config.yaml.sample
11	@sample %%ETCDIR%%/console.yaml.sample	16	@sample %%ETCDIR%%/console.yaml.sample
12	@sample %%ETCDIR%%/profiles.yaml.sample	17	@sample %%ETCDIR%%/profiles.yaml.sample
13	@sample %%ETCDIR%%/simulation.yaml.sample	18	@sample %%ETCDIR%%/simulation.yaml.sample
14	@sample %%ETCDIR%%/notifications/email.yaml.sample
15	@sample %%ETCDIR%%/notifications/http.yaml.sample
16	@sample %%ETCDIR%%/notifications/slack.yaml.sample
17	@sample %%ETCDIR%%/notifications/splunk.yaml.sample
18	%%ETCDIR%%/patterns/aws	19	%%ETCDIR%%/patterns/aws
19	%%ETCDIR%%/patterns/bacula	20	%%ETCDIR%%/patterns/bacula
20	%%ETCDIR%%/patterns/bro	21	%%ETCDIR%%/patterns/bro
Lines 39-44 bin/crowdsec-cli Link Here
39	%%ETCDIR%%/patterns/smb	40	%%ETCDIR%%/patterns/smb
40	%%ETCDIR%%/patterns/ssh	41	%%ETCDIR%%/patterns/ssh
41	%%ETCDIR%%/patterns/tcpdump	42	%%ETCDIR%%/patterns/tcpdump
		43	etc/cron.d/crowdsec
42	@mode 0755	44	@mode 0755
43	lib/crowdsec/plugins/notification-email	45	lib/crowdsec/plugins/notification-email
44	lib/crowdsec/plugins/notification-http	46	lib/crowdsec/plugins/notification-http
45	-