FreeBSD Bugzilla – Attachment 230596 Details for
Bug 260262
security/crowdsec: update to 1.2.1
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for crowdsec 1.2.2_2 and firewall bouncer 0.0.20_2
0001-security-crowdsec-v1.2.2_2-security-crowsec-firewall.patch (text/plain), 12.97 KB, created by
marco
on 2021-12-31 21:31:13 UTC
(
hide
)
Description:
patch for crowdsec 1.2.2_2 and firewall bouncer 0.0.20_2
Filename:
MIME Type:
Creator:
marco
Created:
2021-12-31 21:31:13 UTC
Size:
12.97 KB
patch
obsolete
>From 61978fe4adac0af7737b295ece6c286cf0d3bdc7 Mon Sep 17 00:00:00 2001 >From: Marco Mariani <marco@crowdsec.net> >Date: Fri, 31 Dec 2021 22:22:08 +0100 >Subject: [PATCH] security/crowdsec v1.2.2_2; security/crowsec-firewall-bouncer > v0.0.20_2 > >--- > security/crowdsec-firewall-bouncer/Makefile | 11 +++--- > security/crowdsec-firewall-bouncer/distinfo | 6 ++-- > .../files/crowdsec_firewall.in | 11 +++++- > .../files/patch-Makefile | 12 +++---- > .../files/pkg-message.in | 34 ++++++++++++------- > security/crowdsec/Makefile | 10 +++--- > security/crowdsec/distinfo | 6 ++-- > security/crowdsec/files/crowdsec.in | 15 ++++---- > security/crowdsec/files/patch-Makefile | 29 ++++++++++++---- > .../crowdsec/files/patch-config_acquis.yaml | 12 +++++++ > 10 files changed, 95 insertions(+), 51 deletions(-) > create mode 100644 security/crowdsec/files/patch-config_acquis.yaml > >diff --git a/security/crowdsec-firewall-bouncer/Makefile b/security/crowdsec-firewall-bouncer/Makefile >index 36a868801a50..c6b38b8eaab5 100644 >--- a/security/crowdsec-firewall-bouncer/Makefile >+++ b/security/crowdsec-firewall-bouncer/Makefile >@@ -1,5 +1,6 @@ > PORTNAME= crowdsec-firewall-bouncer >-PORTVERSION= 0.0.17 # NOTE: change BUILD_VERSION and BUILD_TAG as well >+PORTVERSION= 0.0.20 # NOTE: change BUILD_VERSION and BUILD_TAG as well >+PORTREVISION= 2 > DISTVERSIONPREFIX= v > CATEGORIES= security > >@@ -19,6 +20,7 @@ RUN_DEPENDS= crowdsec>0:security/crowdsec > USE_GITHUB= yes > GH_ACCOUNT= crowdsecurity > GH_PROJECT= cs-firewall-bouncer >+GH_TAGNAME= v0.0.20-freebsd > #GH_TAGNAME is automatically set from DISTVERSION > > USE_RC_SUBR= crowdsec_firewall >@@ -28,14 +30,11 @@ SUB_FILES= pkg-message \ > > # BUILD_VERSION=$(git describe --tags $(git rev-list --tags --max-count=1)) > # BUILD_TAG=$(git rev-parse HEAD) >-MAKE_ENV= BUILD_VERSION="v0.0.17" \ >- BUILD_TAG="b330209afcdefd0046fd6790999bbb342c02f1b3" >+MAKE_ENV= BUILD_VERSION="v0.0.20" \ >+ BUILD_TAG="a456a4debdf3d3551c89b8490bb942f626027310" > > ETCDIR= ${PREFIX}/etc/crowdsec/bouncers > >-do-patch: >- cd ${WRKSRC} && go mod download github.com/mattn/go-sqlite3 >- > post-patch: > ${REINPLACE_CMD} 's,$${BACKEND},pf,g' \ > ${WRKSRC}/config/crowdsec-firewall-bouncer.yaml >diff --git a/security/crowdsec-firewall-bouncer/distinfo b/security/crowdsec-firewall-bouncer/distinfo >index 001ca177529b..1548b93d6c60 100644 >--- a/security/crowdsec-firewall-bouncer/distinfo >+++ b/security/crowdsec-firewall-bouncer/distinfo >@@ -1,3 +1,3 @@ >-TIMESTAMP = 1637702397 >-SHA256 (crowdsecurity-cs-firewall-bouncer-v0.0.17_GH0.tar.gz) = 53af239b86c6b554da3711e3686d7d3036d33b2e561bfb00e195b6c8a06918c8 >-SIZE (crowdsecurity-cs-firewall-bouncer-v0.0.17_GH0.tar.gz) = 143037 >+TIMESTAMP = 1640213523 >+SHA256 (crowdsecurity-cs-firewall-bouncer-v0.0.20-v0.0.20-freebsd_GH0.tar.gz) = 95f8abf5f44e700e7f0a41edf5367715ce06918cb0de7a5d084bdca277563171 >+SIZE (crowdsecurity-cs-firewall-bouncer-v0.0.20-v0.0.20-freebsd_GH0.tar.gz) = 3018717 >diff --git a/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in b/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in >index ee3dcc9f7325..6a0f96f26f8f 100755 >--- a/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in >+++ b/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in >@@ -1,7 +1,7 @@ > #!/bin/sh > # > # PROVIDE: crowdsec_firewall >-# REQUIRE: LOGIN DAEMON NETWORKING >+# REQUIRE: LOGIN DAEMON NETWORKING crowdsec > # KEYWORD: shutdown > # > # Add the following lines to /etc/rc.conf.local or /etc/rc.conf >@@ -41,6 +41,15 @@ crowdsec_firewall_precmd() { > fi > fi > fi >+ >+ # needs real tabs >+ cat <<-EOT | /sbin/pfctl -f /dev/fd/0 >+ table <crowdsec-blacklists> persist >+ table <crowdsec6-blacklists> persist >+ block drop in quick from <crowdsec-blacklists> to any >+ block drop in quick from <crowdsec6-blacklists> to any >+ EOT >+ > } > > crowdsec_firewall_start() { >diff --git a/security/crowdsec-firewall-bouncer/files/patch-Makefile b/security/crowdsec-firewall-bouncer/files/patch-Makefile >index 6d9e9a2e2f42..df450e5e1b27 100644 >--- a/security/crowdsec-firewall-bouncer/files/patch-Makefile >+++ b/security/crowdsec-firewall-bouncer/files/patch-Makefile >@@ -1,11 +1,11 @@ >---- Makefile.orig 2021-12-07 09:00:17 UTC >+--- Makefile.orig 2021-12-22 22:57:23 UTC > +++ Makefile >-@@ -11,7 +11,7 @@ GOGET=$(GOCMD) get >- BUILD_VERSION?="$(shell git describe --tags `git rev-list --tags --max-count=1`)" >+@@ -11,7 +11,7 @@ BUILD_VERSION?="$(shell git describe --tags `git rev-l > BUILD_GOVERSION="$(shell go version | cut -d " " -f3 | sed -r 's/[go]+//g')" > BUILD_TIMESTAMP=$(shell date +%F"_"%T) >--BUILD_TAG="$(shell git rev-parse HEAD)" >-+BUILD_TAG?="$(shell git rev-parse HEAD)" >- export LD_OPTS=-ldflags "-s -w -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Version=$(BUILD_VERSION) \ >+ BUILD_TAG?="$(shell git rev-parse HEAD)" >+-export LD_OPTS=-ldflags "-s -w -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Version=$(BUILD_VERSION) \ >++export LD_OPTS=-mod vendor -modcacherw --ldflags "-s -w -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Version=$(BUILD_VERSION) \ > -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.BuildDate=$(BUILD_TIMESTAMP) \ > -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Tag=$(BUILD_TAG) \ >+ -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.GoVersion=$(BUILD_GOVERSION)" >diff --git a/security/crowdsec-firewall-bouncer/files/pkg-message.in b/security/crowdsec-firewall-bouncer/files/pkg-message.in >index 3929d468efd0..e0dfe74a32ac 100644 >--- a/security/crowdsec-firewall-bouncer/files/pkg-message.in >+++ b/security/crowdsec-firewall-bouncer/files/pkg-message.in >@@ -11,27 +11,35 @@ configuration file, which is now in %%ETCDIR%%/crowdsec-firewall-bouncer.yaml > In previous versions, the configuration was in /usr/local/etc/crowdsec-firewall-bouncer, you may need > to check if you made any changes there. > >-If it's the first time, you need to edit your Packet Filter configuration. >-Add the following in /etc/pf.conf to create the tables: >+This package depends on the Packet Filter service. >+To make sure it's active: > > ---------- >-# create crowdsec ipv4 table >-table <crowdsec-blacklists> persist >+# sysrc pf_enable=YES >+pf_enable: NO -> YES >+# service pf start >+Enabling pf. >+---------- > >-# create crowdsec ipv6 table >-table <crowdsec6-blacklists> persist >+Then activate the bouncer via sysrc: > >-block drop in quick from <crowdsec-blacklists> to any >-block drop in quick from <crowdsec6-blacklists> to any >+---------- >+# sysrc crowdsec_firewall_enable="YES" >+crowdsec_firewall_enable: NO -> YES >+# service start crowdsec_firewall > ---------- > >-To apply the file: >- >-# pfctl -f /etc/pf.conf >+After a few seconds, the bouncer should have created the tables and rules: > >-Then activate the bouncer via sysrc: >+---------- >+# pfctl -s Tables >+crowdsec-blacklists >+crowdsec6-blacklists >+# pfctl -s Tables -s rules >+block drop in quick from <crowdsec-blacklists> to any >+block drop in quick from <crowdsec6-blacklists> to any >+---------- > >-# sysrc crowdsec_firewall_enable="YES" > EOM > } > ] >diff --git a/security/crowdsec/Makefile b/security/crowdsec/Makefile >index f3683aee9c30..56aae708412d 100644 >--- a/security/crowdsec/Makefile >+++ b/security/crowdsec/Makefile >@@ -1,5 +1,6 @@ > PORTNAME= crowdsec >-PORTVERSION= 1.2.1 # NOTE: change BUILD_VERSION and BUILD_TAG as well >+PORTVERSION= 1.2.2 # NOTE: change BUILD_VERSION and BUILD_TAG as well >+PORTREVISION= 2 > DISTVERSIONPREFIX= v > CATEGORIES= security > >@@ -18,19 +19,18 @@ USES= gmake > USE_GITHUB= yes > GH_ACCOUNT= crowdsecurity > GH_PROJECT= crowdsec >+GH_TAGNAME= v1.2.2-freebsd > #GH_TAGNAME is automatically set from DISTVERSION > > USE_RC_SUBR= crowdsec > >-USE_RC_SUBR= crowdsec >- > SUB_FILES= pkg-message \ > pkg-deinstall > > # BUILD_VERSION=$(git describe --tags $(git rev-list --tags --max-count=1)) > # BUILD_TAG=$(git rev-parse HEAD) >-MAKE_ENV= BUILD_VERSION="v1.2.1" \ >- BUILD_TAG="dd03d073558e380c283afe66942f537c3da647ff" >+MAKE_ENV= BUILD_VERSION="v1.2.2" \ >+ BUILD_TAG="7865ec368e54e28b23b54a187b9f96999f361f12" > > PLUGIN_DIR= ${PREFIX}/lib/crowdsec/plugins > STAGE_PLUGINS= ${STAGEDIR}${PLUGIN_DIR} >diff --git a/security/crowdsec/distinfo b/security/crowdsec/distinfo >index 1eecdf198266..b45eb3a81972 100644 >--- a/security/crowdsec/distinfo >+++ b/security/crowdsec/distinfo >@@ -1,3 +1,3 @@ >-TIMESTAMP = 1637702390 >-SHA256 (crowdsecurity-crowdsec-v1.2.1_GH0.tar.gz) = e3a9bbb70b1995a83c5001d06dbbcb5f59d43e4d7c18b60548f305a62d2dd6a3 >-SIZE (crowdsecurity-crowdsec-v1.2.1_GH0.tar.gz) = 659398 >+TIMESTAMP = 1640118841 >+SHA256 (crowdsecurity-crowdsec-v1.2.2-v1.2.2-freebsd_GH0.tar.gz) = 25f8503122b38e10f837c4eb8cf7e43ceb15de9a05ea7e89384715a7567ad8cd >+SIZE (crowdsecurity-crowdsec-v1.2.2-v1.2.2-freebsd_GH0.tar.gz) = 16571481 >diff --git a/security/crowdsec/files/crowdsec.in b/security/crowdsec/files/crowdsec.in >index 04b7c02130f9..ac0f384a9572 100644 >--- a/security/crowdsec/files/crowdsec.in >+++ b/security/crowdsec/files/crowdsec.in >@@ -43,12 +43,12 @@ crowdsec_precmd() { > } > > HUB_DIR=$(Config ConfigPaths.HubDir) >- if ! ls -1qA "$HUB_DIR/*" >/dev/null 2>&1; then >+ if ! ls -1qA "$HUB_DIR"/* >/dev/null 2>&1; then > echo "Fetching hub inventory" > cs_cli hub update || : > fi > >- if [ -z "$(cs_cli machines list -o raw)" ]; then >+ if [ "$(cs_cli machines list -o json)" = "[]" ]; then > echo "Registering LAPI" > cs_cli machines add --auto || : > fi >@@ -59,12 +59,13 @@ crowdsec_precmd() { > cs_cli capi register || : > fi > >- cs_cli collections inspect crowdsecurity/linux >/dev/null || cs_cli collections install crowdsecurity/linux || : >+ # This would work but takes 30secs to timeout while reading the metrics, because crowdsec is not running yet. >+ # cs_cli collections inspect crowdsecurity/freebsd 2>/dev/null | grep ^installed | grep -q true || \ >+ # cs_cli collections install crowdsecurity/freebsd || : > >- DATA_DIR=$(Config ConfigPaths.DataDir) >- if [ ! -f "${DATA_DIR}/GeoLite2-City.mmdb" ]; then >- echo "Installing GeoIP enricher" >- cs_cli parsers install crowdsecurity/geoip-enrich || : >+ # So we just check for the file >+ if [ ! -e "${CONFIG_DIR}/collections/freebsd.yaml" ]; then >+ cs_cli collections install crowdsecurity/freebsd || : > fi > } > >diff --git a/security/crowdsec/files/patch-Makefile b/security/crowdsec/files/patch-Makefile >index 909dceada263..840e31a44477 100644 >--- a/security/crowdsec/files/patch-Makefile >+++ b/security/crowdsec/files/patch-Makefile >@@ -1,11 +1,26 @@ >---- Makefile.orig 2021-11-17 09:15:38 UTC >+--- Makefile.orig 2021-12-21 21:18:22 UTC > +++ Makefile >-@@ -42,7 +42,7 @@ BUILD_VERSION?="$(shell git describe --tags `git rev-l >- BUILD_GOVERSION="$(shell go version | cut -d " " -f3 | sed -E 's/[go]+//g')" >- BUILD_CODENAME=$(shell cat RELEASE.json | jq -r .CodeName) >+@@ -44,14 +44,14 @@ BUILD_CODENAME=$(shell cat RELEASE.json | jq -r .CodeN > BUILD_TIMESTAMP=$(shell date +%F"_"%T) >--BUILD_TAG="$(shell git rev-parse HEAD)" >-+BUILD_TAG?="$(shell git rev-parse HEAD)" >+ BUILD_TAG?="$(shell git rev-parse HEAD)" > >- export LD_OPTS=-ldflags "-s -w -X github.com/crowdsecurity/crowdsec/pkg/cwversion.Version=$(BUILD_VERSION) \ >+-export LD_OPTS=-ldflags "-s -w -X github.com/crowdsecurity/crowdsec/pkg/cwversion.Version=$(BUILD_VERSION) \ >++export LD_OPTS=-mod vendor -modcacherw -ldflags "-s -w -X github.com/crowdsecurity/crowdsec/pkg/cwversion.Version=$(BUILD_VERSION) \ > -X github.com/crowdsecurity/crowdsec/pkg/cwversion.System=$(SYSTEM) \ >+ -X github.com/crowdsecurity/crowdsec/pkg/cwversion.BuildDate=$(BUILD_TIMESTAMP) \ >+ -X github.com/crowdsecurity/crowdsec/pkg/cwversion.Codename=$(BUILD_CODENAME) \ >+ -X github.com/crowdsecurity/crowdsec/pkg/cwversion.Tag=$(BUILD_TAG) \ >+ -X github.com/crowdsecurity/crowdsec/pkg/cwversion.GoVersion=$(BUILD_GOVERSION)" >+ >+-export LD_OPTS_STATIC=-ldflags "-s -w -X github.com/crowdsecurity/crowdsec/pkg/cwversion.Version=$(BUILD_VERSION) \ >++export LD_OPTS_STATIC=-mod vendor -modcacherw -ldflags "-s -w -X github.com/crowdsecurity/crowdsec/pkg/cwversion.Version=$(BUILD_VERSION) \ >+ -X github.com/crowdsecurity/crowdsec/pkg/cwversion.BuildDate=$(BUILD_TIMESTAMP) \ >+ -X github.com/crowdsecurity/crowdsec/pkg/cwversion.Codename=$(BUILD_CODENAME) \ >+ -X github.com/crowdsecurity/crowdsec/pkg/cwversion.Tag=$(BUILD_TAG) \ >+@@ -176,4 +176,4 @@ check_release: >+ release: check_release build package >+ >+ .PHONY: >+-release_static: check_release static package_static >+\ No newline at end of file >++release_static: check_release static package_static >diff --git a/security/crowdsec/files/patch-config_acquis.yaml b/security/crowdsec/files/patch-config_acquis.yaml >new file mode 100644 >index 000000000000..67b4ef3c693b >--- /dev/null >+++ b/security/crowdsec/files/patch-config_acquis.yaml >@@ -0,0 +1,12 @@ >+--- config/acquis.yaml.orig 2021-12-15 10:39:37 UTC >++++ config/acquis.yaml >+@@ -11,6 +11,8 @@ filenames: >+ labels: >+ type: syslog >+ --- >+-filename: /var/log/apache2/*.log >++filenames: >++ - /var/log/httpd-access.log >++ - /var/log/httpd-error.log >+ labels: >+ type: apache2 >-- >2.32.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=230596">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 260262
:
229955
|
230328
| 230596 |
230686
|
230968