FreeBSD Bugzilla – Attachment 229957 Details for
Bug 260264
security/crowdsec-firewall-bouncer: update to 0.0.17
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for crowdsec-firewall-bouncer 0.0.17
0002-security-crowdsec-firewall-bouncer-Update-to-0.0.17.patch (text/plain), 9.07 KB, created by
marco
on 2021-12-07 10:38:59 UTC
(
hide
)
Description:
patch for crowdsec-firewall-bouncer 0.0.17
Filename:
MIME Type:
Creator:
marco
Created:
2021-12-07 10:38:59 UTC
Size:
9.07 KB
patch
obsolete
>From bf36d23dde224fd11abff29f0ccdd7be1caaeefc Mon Sep 17 00:00:00 2001 >From: Marco Mariani <marco@crowdsec.net> >Date: Tue, 7 Dec 2021 10:32:09 +0100 >Subject: [PATCH 2/2] security/crowdsec-firewall-bouncer: Update to 0.0.17 > >--- > security/crowdsec-firewall-bouncer/Makefile | 47 +++++++++++++------ > security/crowdsec-firewall-bouncer/distinfo | 8 ++-- > .../files/crowdsec_firewall.in | 33 ++++++++++--- > .../files/patch-Makefile | 11 +++++ > .../files/pkg-deinstall.in | 8 ++++ > .../files/pkg-message.in | 22 +++++++-- > security/crowdsec-firewall-bouncer/pkg-plist | 4 +- > 7 files changed, 104 insertions(+), 29 deletions(-) > create mode 100644 security/crowdsec-firewall-bouncer/files/patch-Makefile > create mode 100644 security/crowdsec-firewall-bouncer/files/pkg-deinstall.in > >diff --git a/security/crowdsec-firewall-bouncer/Makefile b/security/crowdsec-firewall-bouncer/Makefile >index 60925f445797..36a868801a50 100644 >--- a/security/crowdsec-firewall-bouncer/Makefile >+++ b/security/crowdsec-firewall-bouncer/Makefile >@@ -1,40 +1,59 @@ > PORTNAME= crowdsec-firewall-bouncer >-PORTVERSION= 0.0.13 >+PORTVERSION= 0.0.17 # NOTE: change BUILD_VERSION and BUILD_TAG as well > DISTVERSIONPREFIX= v > CATEGORIES= security > >-MAINTAINER= sbz@FreeBSD.org >-COMMENT= Crowdsec bouncer written in golang for firewalls >+MAINTAINER= marco@crowdsec.net >+COMMENT= CrowdSec bouncer written in golang for firewalls > > LICENSE= MIT > LICENSE_FILE= ${WRKSRC}/LICENSE > >+BUILD_DEPENDS= git:devel/git@lite \ >+ go:lang/go >+ >+USES= gmake >+ > RUN_DEPENDS= crowdsec>0:security/crowdsec > >-USES= go:modules >+USE_GITHUB= yes >+GH_ACCOUNT= crowdsecurity >+GH_PROJECT= cs-firewall-bouncer >+#GH_TAGNAME is automatically set from DISTVERSION > > USE_RC_SUBR= crowdsec_firewall > >-GO_MODULE= github.com/crowdsecurity/cs-firewall-bouncer >+SUB_FILES= pkg-message \ >+ pkg-deinstall >+ >+# BUILD_VERSION=$(git describe --tags $(git rev-list --tags --max-count=1)) >+# BUILD_TAG=$(git rev-parse HEAD) >+MAKE_ENV= BUILD_VERSION="v0.0.17" \ >+ BUILD_TAG="b330209afcdefd0046fd6790999bbb342c02f1b3" > >-GO_BUILDFLAGS= -ldflags "-s -w \ >- -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Version=v${PORTVERSION} \ >- -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Tag=freebsd \ >- -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.BuildDate=`date -u '+%Y-%m-%d_%I:%M:%S%p'`" >+ETCDIR= ${PREFIX}/etc/crowdsec/bouncers > >-SUB_FILES= pkg-message >+do-patch: >+ cd ${WRKSRC} && go mod download github.com/mattn/go-sqlite3 > > post-patch: > ${REINPLACE_CMD} 's,$${BACKEND},pf,g' \ > ${WRKSRC}/config/crowdsec-firewall-bouncer.yaml > > do-install: >- @${MKDIR} ${STAGEDIR}${ETCDIR} >+ # >+ # Binaries >+ # >+ >+ ${INSTALL_PROGRAM} ${WRKSRC}/crowdsec-firewall-bouncer \ >+ ${STAGEDIR}${PREFIX}/bin/crowdsec-firewall-bouncer >+ >+ # >+ # Configuration >+ # > >+ @${MKDIR} ${STAGEDIR}${ETCDIR} > ${INSTALL_DATA} ${WRKSRC}/config/crowdsec-firewall-bouncer.yaml \ > ${STAGEDIR}${ETCDIR}/crowdsec-firewall-bouncer.yaml.sample > >- ${INSTALL_PROGRAM} ${WRKDIR}/bin/crowdsec-firewall-bouncer \ >- ${STAGEDIR}${PREFIX}/bin/crowdsec-firewall-bouncer >- > .include <bsd.port.mk> >diff --git a/security/crowdsec-firewall-bouncer/distinfo b/security/crowdsec-firewall-bouncer/distinfo >index cf74c8b81d95..001ca177529b 100644 >--- a/security/crowdsec-firewall-bouncer/distinfo >+++ b/security/crowdsec-firewall-bouncer/distinfo >@@ -1,5 +1,3 @@ >-TIMESTAMP = 1625834541 >-SHA256 (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.13/v0.0.13.mod) = c4ee3539ac5bd53f013e0798add577d5daef4480ad6910a3c35c381e74b26f63 >-SIZE (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.13/v0.0.13.mod) = 935 >-SHA256 (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.13/v0.0.13.zip) = 0817452582e7ff9f92ae7c51751c6de86a277d7b772e5ac1b35dc7a3ea35aba7 >-SIZE (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.13/v0.0.13.zip) = 148490 >+TIMESTAMP = 1637702397 >+SHA256 (crowdsecurity-cs-firewall-bouncer-v0.0.17_GH0.tar.gz) = 53af239b86c6b554da3711e3686d7d3036d33b2e561bfb00e195b6c8a06918c8 >+SIZE (crowdsecurity-cs-firewall-bouncer-v0.0.17_GH0.tar.gz) = 143037 >diff --git a/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in b/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in >index 1bc55e6ca263..58731d397341 100755 >--- a/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in >+++ b/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in >@@ -18,13 +18,34 @@ rcvar=crowdsec_firewall_enable > > load_rc_config $name > >-: ${crowdsec_firewall_enable:="NO"} >-: ${crowdsec_firewall_config:="%%PREFIX%%/etc/crowdsec-firewall-bouncer/crowdsec-firewall-bouncer.yaml"} >+: "${crowdsec_firewall_enable:=NO}" >+: "${crowdsec_firewall_config:=%%ETCDIR%%/crowdsec-firewall-bouncer.yaml}" > >-pidfile=/var/run/$name.pid >+pidfile=/var/run/${name}.pid > required_files="$crowdsec_firewall_config" >-procname="%%PREFIX%%/bin/crowdsec-firewall-bouncer" >-command=/usr/sbin/daemon >-command_args="-fp $pidfile -t '$desc' -- '$procname' -c '$crowdsec_firewall_config'" >+command="%%PREFIX%%/bin/crowdsec-firewall-bouncer" >+start_cmd="${name}_start" >+start_precmd="${name}_precmd" >+ >+crowdsec_firewall_precmd() { >+ CSCLI=%%PREFIX%%/bin/cscli >+ orig_line="api_key: \${API_KEY}" >+ if grep "^${orig_line}" "${crowdsec_firewall_config}"; then >+ SUFFIX=$(LC_CTYPE=C tr -dc A-Za-z0-9 </dev/urandom | head -c 8) >+ BOUNCER="cs-firewall-bouncer-${SUFFIX}" >+ if command -v $CSCLI; then >+ API_KEY=$($CSCLI bouncers add "${BOUNCER}" -o raw) >+ if [ -n "$API_KEY" ]; then >+ sed -i "" "s/^${orig_line}/api_key: ${API_KEY} # ${BOUNCER}/" "${crowdsec_firewall_config}" >+ echo "Registered: ${BOUNCER}" >+ fi >+ fi >+ fi >+} >+ >+crowdsec_firewall_start() { >+ /usr/sbin/daemon -f -p ${pidfile} -t "${desc}" -- \ >+ ${command} -c "${crowdsec_firewall_config}" >+} > > run_rc_command "$1" >diff --git a/security/crowdsec-firewall-bouncer/files/patch-Makefile b/security/crowdsec-firewall-bouncer/files/patch-Makefile >new file mode 100644 >index 000000000000..6d9e9a2e2f42 >--- /dev/null >+++ b/security/crowdsec-firewall-bouncer/files/patch-Makefile >@@ -0,0 +1,11 @@ >+--- Makefile.orig 2021-12-07 09:00:17 UTC >++++ Makefile >+@@ -11,7 +11,7 @@ GOGET=$(GOCMD) get >+ BUILD_VERSION?="$(shell git describe --tags `git rev-list --tags --max-count=1`)" >+ BUILD_GOVERSION="$(shell go version | cut -d " " -f3 | sed -r 's/[go]+//g')" >+ BUILD_TIMESTAMP=$(shell date +%F"_"%T) >+-BUILD_TAG="$(shell git rev-parse HEAD)" >++BUILD_TAG?="$(shell git rev-parse HEAD)" >+ export LD_OPTS=-ldflags "-s -w -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Version=$(BUILD_VERSION) \ >+ -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.BuildDate=$(BUILD_TIMESTAMP) \ >+ -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Tag=$(BUILD_TAG) \ >diff --git a/security/crowdsec-firewall-bouncer/files/pkg-deinstall.in b/security/crowdsec-firewall-bouncer/files/pkg-deinstall.in >new file mode 100644 >index 000000000000..0324401c6e19 >--- /dev/null >+++ b/security/crowdsec-firewall-bouncer/files/pkg-deinstall.in >@@ -0,0 +1,8 @@ >+#!/bin/sh >+ >+case $2 in >+ DEINSTALL) >+ service crowdsec_firewall stop || : >+ ;; >+esac >+ >diff --git a/security/crowdsec-firewall-bouncer/files/pkg-message.in b/security/crowdsec-firewall-bouncer/files/pkg-message.in >index 46710f5d090a..3929d468efd0 100644 >--- a/security/crowdsec-firewall-bouncer/files/pkg-message.in >+++ b/security/crowdsec-firewall-bouncer/files/pkg-message.in >@@ -4,17 +4,33 @@ > > crowdsec-firewall-bouncer is installed. > >-You need to edit the config file %%ETCDIR%%/crowdsec-firewall-bouncer.yaml, your pf >-config and enable rc via sysrc. >+The bouncer should register itself but you may want to check the >+configuration file, which is now in %%ETCDIR%%/crowdsec-firewall-bouncer.yaml >+(for consistency with the other platforms). > >-Add the following in pf.conf to create the tables >+In previous versions, the configuration was in /usr/local/etc/crowdsec-firewall-bouncer, you may need >+to check if you made any changes there. > >+If it's the first time, you need to edit your Packet Filter configuration. >+Add the following in /etc/pf.conf to create the tables: >+ >+---------- > # create crowdsec ipv4 table > table <crowdsec-blacklists> persist > > # create crowdsec ipv6 table > table <crowdsec6-blacklists> persist > >+block drop in quick from <crowdsec-blacklists> to any >+block drop in quick from <crowdsec6-blacklists> to any >+---------- >+ >+To apply the file: >+ >+# pfctl -f /etc/pf.conf >+ >+Then activate the bouncer via sysrc: >+ > # sysrc crowdsec_firewall_enable="YES" > EOM > } >diff --git a/security/crowdsec-firewall-bouncer/pkg-plist b/security/crowdsec-firewall-bouncer/pkg-plist >index d47d3e2429aa..6a41287c1e57 100644 >--- a/security/crowdsec-firewall-bouncer/pkg-plist >+++ b/security/crowdsec-firewall-bouncer/pkg-plist >@@ -1,2 +1,4 @@ >-@sample etc/crowdsec-firewall-bouncer/crowdsec-firewall-bouncer.yaml.sample >+@mode 0755 > bin/crowdsec-firewall-bouncer >+@mode 0600 >+@sample %%ETCDIR%%/crowdsec-firewall-bouncer.yaml.sample >-- >2.32.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=229957">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 260264
: 229957 |
230002