Attachment #245379 for bug #274213

View | Details | Raw Unified | Return to bug 274213
Collapse All | Expand All




PORTNAME=	crowdsec-firewall-bouncer
DISTVERSIONPREFIX=	v
DISTVERSION=	0.0.28
PORTREVISION=	2
DISTVERSIONSUFFIX=	-freebsd
CATEGORIES=	security

MAINTAINER=	marco@crowdsec.net

LICENSE=	MIT
LICENSE_FILE=	${WRKSRC}/LICENSE

USES=		go:modules
_COMMIT=	af6e7e2
_BUILD_DATE=	$$(date -u "+%F_%T")

USE_GITHUB=	yes
GH_ACCOUNT=	crowdsecurity
GH_PROJECT=	cs-firewall-bouncer
_BUILD_TAG=	f1f8b379
USE_RC_SUBR=	crowdsec_firewall

GO_MODULE=	github.com/crowdsecurity/cs-firewall-bouncer
GO_TARGET=	${PORTNAME}:./${PORTNAME}
GO_BUILDFLAGS=	-trimpath -tags netgo \
		-ldflags="\
		-a -s -w -extldflags '-static' \
		-X github.com/crowdsecurity/go-cs-lib/version.Version=${DISTVERSIONPREFIX}${DISTVERSION}-freebsd \
		-X github.com/crowdsecurity/go-cs-lib/version.BuildDate=${_BUILD_DATE} \
		-X github.com/crowdsecurity/go-cs-lib/version.Tag=${_COMMIT}"

CGO_ENABLED=	0

SUB_FILES=	pkg-deinstall \
		pkg-install \
		pkg-message

ETCDIR=		${PREFIX}/etc/crowdsec/bouncers
	${REINPLACE_CMD} 's,$${BACKEND},pf,g' \
		${WRKSRC}/config/crowdsec-firewall-bouncer.yaml

do-install:
	#
	# Binaries
	#

	${INSTALL_PROGRAM} ${WRKDIR}/bin/${PORTNAME} \
		${STAGEDIR}${PREFIX}/bin/${PORTNAME}

	#
	# Configuration
	#

	@${MKDIR} ${STAGEDIR}${ETCDIR}
	${INSTALL_DATA} ${WRKSRC}/config/${PORTNAME}.yaml \
		${STAGEDIR}${ETCDIR}/${PORTNAME}.yaml.sample

.include <bsd.port.mk>

Lines 1-3 Link Here

(-)b/security/crowdsec-firewall-bouncer/distinfo (-3 / +5 lines)
1	TIMESTAMP = 1684281311	1	TIMESTAMP = 1696243362
2	SHA256 (crowdsecurity-cs-firewall-bouncer-v0.0.27-freebsd_GH0.tar.gz) = 1dba0604d0ff7d9035e2e2adcff42cddf7d0b63f23dd973ce692b6e18ee65126	2	SHA256 (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.28/v0.0.28.mod) = 8da878a2e78081ce7fd2b81f210eb146f87fa77f4c0b5b3857d1e6a4551dd048
3	SIZE (crowdsecurity-cs-firewall-bouncer-v0.0.27-freebsd_GH0.tar.gz) = 2600838	3	SIZE (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.28/v0.0.28.mod) = 2632
		4	SHA256 (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.28/v0.0.28.zip) = 6aeaa00beee415f68b2f7a4d98e6b3c83c239f3fe8b1e8be93f34b13e77c940e
		5	SIZE (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.28/v0.0.28.zip) = 181050

Lines 11-16 Link Here

(-)b/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in (-8 / +48 lines)
11	# Default is "NO"	11	# Default is "NO"
12	# crowdsec_firewall_config (str): Set the bouncer config path.	12	# crowdsec_firewall_config (str): Set the bouncer config path.
13	# Default is "%%ETCDIR%%/crowdsec-firewall-bouncer.yaml"	13	# Default is "%%ETCDIR%%/crowdsec-firewall-bouncer.yaml"
		14	# crowdsec_firewall_name (str): Name of the bouncer to register.
		15	# Default is dynamically generated.
14	# crowdsec_firewall_flags (str): extra flags to run bouncer.	16	# crowdsec_firewall_flags (str): extra flags to run bouncer.
15	# Default is ""	17	# Default is ""
16		18
Lines 20-58 name=crowdsec_firewall Link Here
20	desc="Crowdsec Firewall"	22	desc="Crowdsec Firewall"
21	rcvar=crowdsec_firewall_enable	23	rcvar=crowdsec_firewall_enable
22		24
23	load_rc_config $name	25	load_rc_config "$name"
24		26
25	: "${crowdsec_firewall_enable:=NO}"	27	: "${crowdsec_firewall_enable:=NO}"
26	: "${crowdsec_firewall_config:=%%ETCDIR%%/crowdsec-firewall-bouncer.yaml}"	28	: "${crowdsec_firewall_config:=%%ETCDIR%%/crowdsec-firewall-bouncer.yaml}"
		29	: "${crowdsec_firewall_name:=cs-firewall-bouncer-$(date +%s)}"
27	: "${crowdsec_firewall_flags:=}"	30	: "${crowdsec_firewall_flags:=}"
28		31
29	pidfile=/var/run/${name}.pid	32	pidfile=/var/run/${name}.pid
30	required_files="$crowdsec_firewall_config"	33	required_files="$crowdsec_firewall_config"
31	command="%%PREFIX%%/bin/crowdsec-firewall-bouncer"	34	command="%%PREFIX%%/bin/crowdsec-firewall-bouncer"
32	start_cmd="${name}_start"	35	start_cmd="${name}_start"
		36	stop_cmd="${name}_stop"
33	start_precmd="${name}_precmd"	37	start_precmd="${name}_precmd"
		38	configtest_cmd="${name}_configtest"
		39	extra_commands="configtest"
34		40
35	crowdsec_firewall_precmd() {	41	crowdsec_firewall_precmd() {
36	CSCLI=%%PREFIX%%/bin/cscli	42	CSCLI=%%PREFIX%%/bin/cscli
37	orig_line="api_key: \${API_KEY}"	43	# there might be quotes
		44	orig_line="api_key: .\${API_KEY}."
38	# IF the bouncer is not configured	45	# IF the bouncer is not configured
39	if grep -q "^${orig_line}" "${crowdsec_firewall_config}"; then	46	if grep -q "^${orig_line}" "${crowdsec_firewall_config}"; then
40	BOUNCER="cs-firewall-bouncer-$(date +%s)"
41	# AND crowdsec is installed..	47	# AND crowdsec is installed..
42	if command -v "$CSCLI" >/dev/null; then	48	if command -v "$CSCLI" >/dev/null; then
43	# THEN, register it to the local API	49	# THEN, register it to the local API
44	API_KEY=$($CSCLI bouncers add "${BOUNCER}" -o raw)	50	API_KEY=$($CSCLI bouncers add "${crowdsec_firewall_name}" -o raw)
45	if [ -n "$API_KEY" ]; then	51	if [ -n "$API_KEY" ]; then
46	sed -i "" "s/^${orig_line}/api_key: ${API_KEY} # ${BOUNCER}/" "${crowdsec_firewall_config}"	52	sed -i "" "s\|^${orig_line}\|api_key: ${API_KEY} # ${crowdsec_firewall_name}\|" "${crowdsec_firewall_config}"
47	echo "Registered: ${BOUNCER}"	53	echo "Registered: ${crowdsec_firewall_name}"
48	fi	54	fi
49	fi	55	fi
50	fi	56	fi
51	}	57	}
52		58
		59	crowdsec_firewall_stop()
		60	{
		61	if [ ! -f "$pidfile" ]; then
		62	echo "${name} is not running."
		63	return
		64	fi
		65	pid=$(cat "$pidfile")
		66	if kill -0 "$pid" >/dev/null 2>&1; then
		67	echo "Stopping ${name}."
		68	kill -s TERM "$pid" >/dev/null 2>&1
		69	# shellcheck disable=SC2034
		70	for i in $(seq 1 20); do
		71	sleep 1
		72	if ! kill -0 "$pid" >/dev/null 2>&1; then
		73	rm -f "$pidfile"
		74	return
		75	fi
		76	done
		77	echo "Timeout, terminating ${name} with SIGKILL."
		78	kill -s KILL "$pid" >/dev/null 2>&1
		79	rm -f "$pidfile"
		80	else
		81	echo "${name} is not running."
		82	fi
		83	}
		84
53	crowdsec_firewall_start() {	85	crowdsec_firewall_start() {
54	/usr/sbin/daemon -f -p ${pidfile} -t "${desc}" -- \	86	/usr/sbin/daemon -f -p "$pidfile" -t "$desc" -- \
55	${command} -c "${crowdsec_firewall_config}" ${crowdsec_firewall_flags}	87	"$command" -c "$crowdsec_firewall_config" ${crowdsec_firewall_flags}
		88	}
		89
		90	crowdsec_firewall_configtest()
		91	{
		92	echo "Performing sanity check on ${name} configuration."
		93	if "$command" -c "$crowdsec_firewall_config" -t; then
		94	echo "Configuration test OK"
		95	fi
56	}	96	}
57		97
58	run_rc_command "$1"	98	run_rc_command "$1"





crowdsec-firewall-bouncer is installed.

Note: If you are using OPNsense or pfSense, ignore the following instructions and use the settings page of the
CrowdSec plugin.

-----

If you are running crowdsec on this machine, the bouncer will register itself with
the Local API when it's started the first time.

If the LAPI is on a different machine, you need to manually register the bouncer
and fill api_key and api_url in %%ETCDIR%%/crowdsec-firewall-bouncer.yaml before
starting the service.

- 

Return to bug 274213

Lines 1-8 Link Here

(-)b/security/crowdsec-firewall-bouncer/Makefile (-23 / +21 lines)
1	PORTNAME= crowdsec-firewall-bouncer	1	PORTNAME= crowdsec-firewall-bouncer
2	DISTVERSIONPREFIX= v	2	DISTVERSIONPREFIX= v
3	DISTVERSION= 0.0.27	3	DISTVERSION= 0.0.28
4	PORTREVISION= 2
5	DISTVERSIONSUFFIX= -freebsd
6	CATEGORIES= security	4	CATEGORIES= security
7		5
8	MAINTAINER= marco@crowdsec.net	6	MAINTAINER= marco@crowdsec.net
Lines 12-53 WWW= https://github.com/crowdsecurity/cs-firewall-bouncer Link Here
12	LICENSE= MIT	10	LICENSE= MIT
13	LICENSE_FILE= ${WRKSRC}/LICENSE	11	LICENSE_FILE= ${WRKSRC}/LICENSE
14		12
15	BUILD_DEPENDS= git:devel/git@lite	13	USES= go:modules
16		14	_COMMIT= af6e7e2
17	USES= gmake go:no_targets	15	_BUILD_DATE= $$(date -u "+%F_%T")
18
19	USE_GITHUB= yes
20	GH_ACCOUNT= crowdsecurity
21	GH_PROJECT= cs-firewall-bouncer
22	_BUILD_TAG= f1f8b379
23	USE_RC_SUBR= crowdsec_firewall	16	USE_RC_SUBR= crowdsec_firewall
24		17
25	MAKE_ARGS= BUILD_VERSION="${DISTVERSIONFULL}" \	18	GO_MODULE= github.com/crowdsecurity/cs-firewall-bouncer
26	BUILD_TAG="${_BUILD_TAG}" \	19	GO_TARGET= ${PORTNAME}:./${PORTNAME}
27	BUILD_VENDOR_FLAGS="-mod=vendor -modcacherw"	20	GO_BUILDFLAGS= -trimpath -tags netgo \
		21	-ldflags="\
		22	-a -s -w -extldflags '-static' \
		23	-X github.com/crowdsecurity/go-cs-lib/version.Version=${DISTVERSIONPREFIX}${DISTVERSION}-freebsd \
		24	-X github.com/crowdsecurity/go-cs-lib/version.BuildDate=${_BUILD_DATE} \
		25	-X github.com/crowdsecurity/go-cs-lib/version.Tag=${_COMMIT}"
28		26
29	SUB_FILES= pkg-deinstall pkg-install pkg-message	27	CGO_ENABLED= 0
30		28
31	ETCDIR= ${PREFIX}/etc/crowdsec/bouncers	29	SUB_FILES= pkg-deinstall \
		30	pkg-install \
		31	pkg-message
32		32
33	post-patch:	33	ETCDIR= ${PREFIX}/etc/crowdsec/bouncers
34	${REINPLACE_CMD} 's,$${BACKEND},pf,g' \
35	${WRKSRC}/config/crowdsec-firewall-bouncer.yaml
36		34
37	do-install:	35	do-install:
38	#	36	#
39	# Binaries	37	# Binaries
40	#	38	#
41		39
42	${INSTALL_PROGRAM} ${WRKSRC}/crowdsec-firewall-bouncer \	40	${INSTALL_PROGRAM} ${WRKDIR}/bin/${PORTNAME} \
43	${STAGEDIR}${PREFIX}/bin/crowdsec-firewall-bouncer	41	${STAGEDIR}${PREFIX}/bin/${PORTNAME}
44		42
45	#	43	#
46	# Configuration	44	# Configuration
47	#	45	#
48		46
49	@${MKDIR} ${STAGEDIR}${ETCDIR}	47	@${MKDIR} ${STAGEDIR}${ETCDIR}
50	${INSTALL_DATA} ${WRKSRC}/config/crowdsec-firewall-bouncer.yaml \	48	${INSTALL_DATA} ${WRKSRC}/config/${PORTNAME}.yaml \
51	${STAGEDIR}${ETCDIR}/crowdsec-firewall-bouncer.yaml.sample	49	${STAGEDIR}${ETCDIR}/${PORTNAME}.yaml.sample
52		50
53	.include <bsd.port.mk>	51	.include <bsd.port.mk>

Lines 4-13 Link Here

(-)b/security/crowdsec-firewall-bouncer/files/pkg-message.in (-2 / +6 lines)
4		4
5	crowdsec-firewall-bouncer is installed.	5	crowdsec-firewall-bouncer is installed.
6		6
		7	Note: If you are using OPNsense or pfSense, ignore the following instructions and use the settings page of the
		8	CrowdSec plugin.
		9
		10	-----
		11
7	If you are running crowdsec on this machine, the bouncer will register itself with	12	If you are running crowdsec on this machine, the bouncer will register itself with
8	the Local API when it's started the first time.	13	the Local API when it's started the first time.
9		14
10	If the LAPI is on another machine, you need to manually register the bouncer	15	If the LAPI is on a different machine, you need to manually register the bouncer
11	and fill api_key and api_url in %%ETCDIR%%/crowdsec-firewall-bouncer.yaml before	16	and fill api_key and api_url in %%ETCDIR%%/crowdsec-firewall-bouncer.yaml before
12	starting the service.	17	starting the service.
13		18
14	-