FreeBSD Bugzilla – Attachment 238461 Details for
Bug 267808
security/crowdsec: update to 1.4.3
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for crowdsec 1.4.3 and blocklist mirror 0.0.1
0001-security-crowdsec-1.4.3-security-crowdsec-blocklist-.patch (text/plain), 16.73 KB, created by
marco
on 2022-11-30 21:45:18 UTC
(
hide
)
Description:
patch for crowdsec 1.4.3 and blocklist mirror 0.0.1
Filename:
MIME Type:
Creator:
marco
Created:
2022-11-30 21:45:18 UTC
Size:
16.73 KB
patch
obsolete
>From 6d57bb66818fa8298a3cfa11d275340f7ff57fa9 Mon Sep 17 00:00:00 2001 >From: Marco Mariani <marco@crowdsec.net> >Date: Wed, 30 Nov 2022 22:39:47 +0100 >Subject: [PATCH] security/crowdsec: 1.4.3, security/crowdsec-blocklist-mirror: > 0.0.1 > >--- > security/crowdsec-blocklist-mirror/Makefile | 48 ++++++++++++ > security/crowdsec-blocklist-mirror/distinfo | 3 + > .../files/crowdsec_mirror.in | 73 +++++++++++++++++++ > .../files/pkg-deinstall.in | 9 +++ > .../files/pkg-install.in | 10 +++ > .../files/pkg-message.in | 31 ++++++++ > security/crowdsec-blocklist-mirror/pkg-descr | 3 + > security/crowdsec-blocklist-mirror/pkg-plist | 4 + > security/crowdsec/Makefile | 32 +++++--- > security/crowdsec/distinfo | 6 +- > security/crowdsec/files/crowdsec.cron.in | 2 + > security/crowdsec/files/patch-Makefile | 12 --- > security/crowdsec/files/pkg-deinstall.in | 4 +- > security/crowdsec/files/pkg-message.in | 2 +- > security/crowdsec/files/upgrade-hub.in | 17 +++++ > security/crowdsec/pkg-plist | 12 +-- > 16 files changed, 236 insertions(+), 32 deletions(-) > create mode 100644 security/crowdsec-blocklist-mirror/Makefile > create mode 100644 security/crowdsec-blocklist-mirror/distinfo > create mode 100755 security/crowdsec-blocklist-mirror/files/crowdsec_mirror.in > create mode 100755 security/crowdsec-blocklist-mirror/files/pkg-deinstall.in > create mode 100755 security/crowdsec-blocklist-mirror/files/pkg-install.in > create mode 100644 security/crowdsec-blocklist-mirror/files/pkg-message.in > create mode 100644 security/crowdsec-blocklist-mirror/pkg-descr > create mode 100644 security/crowdsec-blocklist-mirror/pkg-plist > create mode 100644 security/crowdsec/files/crowdsec.cron.in > delete mode 100644 security/crowdsec/files/patch-Makefile > create mode 100644 security/crowdsec/files/upgrade-hub.in > >diff --git a/security/crowdsec-blocklist-mirror/Makefile b/security/crowdsec-blocklist-mirror/Makefile >new file mode 100644 >index 000000000000..acd035bf7d32 >--- /dev/null >+++ b/security/crowdsec-blocklist-mirror/Makefile >@@ -0,0 +1,48 @@ >+PORTNAME= crowdsec-blocklist-mirror >+DISTVERSIONPREFIX= v >+DISTVERSION= 0.0.1 >+CATEGORIES= security >+ >+MAINTAINER= marco@crowdsec.net >+COMMENT= CrowdSec Blocklist Mirror >+WWW= https://github.com/crowdsecurity/cs-blocklist-mirror >+ >+LICENSE= MIT >+LICENSE_FILE= ${WRKSRC}/LICENSE >+ >+BUILD_DEPENDS= git:devel/git@lite >+ >+USES= gmake go:1.19,no_targets >+ >+USE_GITHUB= yes >+GH_ACCOUNT= crowdsecurity >+GH_PROJECT= cs-blocklist-mirror >+GH_TAGNAME= ${DISTVERSIONFULL}-freebsd >+_BUILD_TAG= 24a43080 >+USE_RC_SUBR= crowdsec_mirror >+ >+MAKE_ARGS= BUILD_VERSION="${DISTVERSIONFULL}" \ >+ BUILD_TAG="${_BUILD_TAG}" \ >+ BUILD_VENDOR_FLAGS="-mod=vendor -modcacherw" >+ >+SUB_FILES= pkg-deinstall pkg-install pkg-message >+ >+ETCDIR= ${PREFIX}/etc/crowdsec/bouncers >+ >+do-install: >+ # >+ # Binaries >+ # >+ >+ ${INSTALL_PROGRAM} ${WRKSRC}/crowdsec-blocklist-mirror \ >+ ${STAGEDIR}${PREFIX}/bin/crowdsec-blocklist-mirror >+ >+ # >+ # Configuration >+ # >+ >+ @${MKDIR} ${STAGEDIR}${ETCDIR} >+ ${INSTALL_DATA} ${WRKSRC}/config/crowdsec-blocklist-mirror.yaml \ >+ ${STAGEDIR}${ETCDIR}/crowdsec-blocklist-mirror.yaml.sample >+ >+.include <bsd.port.mk> >diff --git a/security/crowdsec-blocklist-mirror/distinfo b/security/crowdsec-blocklist-mirror/distinfo >new file mode 100644 >index 000000000000..7b883760ab69 >--- /dev/null >+++ b/security/crowdsec-blocklist-mirror/distinfo >@@ -0,0 +1,3 @@ >+TIMESTAMP = 1664462306 >+SHA256 (crowdsecurity-cs-blocklist-mirror-v0.0.1-v0.0.1-freebsd_GH0.tar.gz) = a3e35eb6bba0a5b34a2fd50fb7223378c6ac268311d2ebe7fefd0381bc39e7d5 >+SIZE (crowdsecurity-cs-blocklist-mirror-v0.0.1-v0.0.1-freebsd_GH0.tar.gz) = 2444802 >diff --git a/security/crowdsec-blocklist-mirror/files/crowdsec_mirror.in b/security/crowdsec-blocklist-mirror/files/crowdsec_mirror.in >new file mode 100755 >index 000000000000..ccfea9df38f2 >--- /dev/null >+++ b/security/crowdsec-blocklist-mirror/files/crowdsec_mirror.in >@@ -0,0 +1,73 @@ >+#!/bin/sh >+# >+# PROVIDE: crowdsec_mirror >+# REQUIRE: LOGIN DAEMON NETWORKING >+# KEYWORD: shutdown >+# >+# Add the following lines to /etc/rc.conf.local or /etc/rc.conf >+# to enable this service: >+# >+# crowdsec_mirror_enable (bool): Set it to YES to enable the blocklist mirror. >+# Default is "NO" >+# crowdsec_mirror_config (str): Set the config path. >+# Default is "%%ETCDIR%%/crowdsec-blocklist-mirror.yaml" >+# crowdsec_mirror_flags (str): extra flags to run bouncer. >+# Default is "" >+ >+. /etc/rc.subr >+ >+name=crowdsec_mirror >+desc="Crowdsec Blocklist Mirror" >+rcvar=crowdsec_mirror_enable >+ >+load_rc_config $name >+ >+: "${crowdsec_mirror_enable:=NO}" >+: "${crowdsec_mirror_config:=%%ETCDIR%%/crowdsec-blocklist-mirror.yaml}" >+: "${crowdsec_mirror_flags:=}" >+ >+pidfile=/var/run/${name}.pid >+required_files="$crowdsec_mirror_config" >+command="%%PREFIX%%/bin/crowdsec-blocklist-mirror" >+start_cmd="${name}_start" >+start_precmd="${name}_precmd" >+ >+crowdsec_mirror_precmd() { >+ CSCLI=%%PREFIX%%/bin/cscli >+ orig_line="lapi_key: \${API_KEY}" >+ # IF the bouncer is not configured >+ if grep -q "${orig_line}" "${crowdsec_mirror_config}"; then >+ SUFFIX=$(jot -r -c 10 a z | rs -g0) >+ BOUNCER="cs-blocklist-mirror-${SUFFIX}" >+ # AND crowdsec is installed.. >+ if command -v "$CSCLI" >/dev/null; then >+ # THEN, register it to the local API >+ API_KEY="$($CSCLI bouncers add "${BOUNCER}" -o raw)" >+ if [ -n "$API_KEY" ]; then >+ sed -i "" "s/${orig_line}/lapi_key: ${API_KEY} # ${BOUNCER}/" "${crowdsec_mirror_config}" >+ echo "Registered: ${BOUNCER}" >+ fi >+ fi >+ fi >+ >+ orig_line="lapi_url: \${CROWDSEC_LAPI_URL}" >+ # IF the lapi endpoint is not configured >+ if grep -q "${orig_line}" "${crowdsec_mirror_config}"; then >+ # AND crowdsec is installed.. >+ if command -v "$CSCLI" >/dev/null; then >+ # THEN, use the listen address >+ CROWDSEC_LAPI_ENDPOINT="$($CSCLI config show --key Config.API.Server.ListenURI)" >+ if [ -n "$CROWDSEC_LAPI_ENDPOINT" ]; then >+ sed -i "" "s#${orig_line}#lapi_url: http://${CROWDSEC_LAPI_ENDPOINT}#" "${crowdsec_mirror_config}" >+ echo "LAPI listen address set up." >+ fi >+ fi >+ fi >+} >+ >+crowdsec_mirror_start() { >+ /usr/sbin/daemon -f -p ${pidfile} -t "${desc}" -- \ >+ ${command} -c "${crowdsec_mirror_config}" ${crowdsec_mirror_flags} >+} >+ >+run_rc_command "$1" >diff --git a/security/crowdsec-blocklist-mirror/files/pkg-deinstall.in b/security/crowdsec-blocklist-mirror/files/pkg-deinstall.in >new file mode 100755 >index 000000000000..32c2e941c7e5 >--- /dev/null >+++ b/security/crowdsec-blocklist-mirror/files/pkg-deinstall.in >@@ -0,0 +1,9 @@ >+#!/bin/sh >+ >+case $2 in >+ "DEINSTALL") >+ service crowdsec_mirror status 2>/dev/null && touch /var/run/crowdsec_mirror.running >+ service crowdsec_mirror stop 2>/dev/null || : >+ ;; >+esac >+ >diff --git a/security/crowdsec-blocklist-mirror/files/pkg-install.in b/security/crowdsec-blocklist-mirror/files/pkg-install.in >new file mode 100755 >index 000000000000..0dd870bdac41 >--- /dev/null >+++ b/security/crowdsec-blocklist-mirror/files/pkg-install.in >@@ -0,0 +1,10 @@ >+#!/bin/sh >+ >+case $2 in >+ "POST-INSTALL") >+ if [ -e /var/run/crowdsec_mirror.running ]; then >+ service crowdsec_mirror start >+ rm -f /var/run/crowdsec_mirror.running >+ fi >+ ;; >+esac >diff --git a/security/crowdsec-blocklist-mirror/files/pkg-message.in b/security/crowdsec-blocklist-mirror/files/pkg-message.in >new file mode 100644 >index 000000000000..569ba653f2b5 >--- /dev/null >+++ b/security/crowdsec-blocklist-mirror/files/pkg-message.in >@@ -0,0 +1,31 @@ >+[ >+{ type: install >+ message: <<EOM >+ >+crowdsec-blocklist-mirror is installed. >+ >+If you are running crowdsec on this machine, the bouncer will register itself with >+the Local API when it's started the first time. >+ >+If the LAPI is on another machine, you need to manually register the bouncer >+and fill lapi_key and lapi_url in %%ETCDIR%%/crowdsec-blocklist-mirror.yaml before >+starting the service. >+ >+Please refer to the documentation at >+https://docs.crowdsec.net/docs/bouncers/blocklist-mirror/ >+ >+Then activate the bouncer via sysrc and run it: >+ >+---------- >+# sysrc crowdsec_mirror_enable="YES" >+crowdsec_mirror_enable: NO -> YES >+# service crowdsec_mirror start >+---------- >+ >+The blocklist is available by default at >+'http://127.0.0.1:41412/security/blocklist', check the configuration file to >+change address, endpoint or add some authentication. >+ >+EOM >+} >+] >diff --git a/security/crowdsec-blocklist-mirror/pkg-descr b/security/crowdsec-blocklist-mirror/pkg-descr >new file mode 100644 >index 000000000000..7eb46c5bf50e >--- /dev/null >+++ b/security/crowdsec-blocklist-mirror/pkg-descr >@@ -0,0 +1,3 @@ >+CrowdSec Blocklist Mirror >+ >+Publish CrowdSec decisions via HTTP, to be consumed by network appliances. >diff --git a/security/crowdsec-blocklist-mirror/pkg-plist b/security/crowdsec-blocklist-mirror/pkg-plist >new file mode 100644 >index 000000000000..b9b5dc8a069b >--- /dev/null >+++ b/security/crowdsec-blocklist-mirror/pkg-plist >@@ -0,0 +1,4 @@ >+@mode 0755 >+bin/crowdsec-blocklist-mirror >+@mode 0600 >+@sample %%ETCDIR%%/crowdsec-blocklist-mirror.yaml.sample >diff --git a/security/crowdsec/Makefile b/security/crowdsec/Makefile >index 0a99adfc8956..40de23012e24 100644 >--- a/security/crowdsec/Makefile >+++ b/security/crowdsec/Makefile >@@ -1,7 +1,6 @@ > PORTNAME= crowdsec > DISTVERSIONPREFIX= v >-DISTVERSION= 1.4.1 >-PORTREVISION= 2 >+DISTVERSION= 1.4.3 > CATEGORIES= security > > MAINTAINER= marco@crowdsec.net >@@ -13,22 +12,24 @@ LICENSE_FILE= ${WRKSRC}/LICENSE > > BUILD_DEPENDS= git:devel/git@lite > >-USES= gmake go:no_targets >+USES= gmake go:1.19,no_targets > > USE_GITHUB= yes > GH_ACCOUNT= crowdsecurity > GH_PROJECT= crowdsec > GH_TAGNAME= ${DISTVERSIONFULL}-freebsd >-_BUILD_TAG= 527995f >+_BUILD_TAG= 8a738f5b > USE_RC_SUBR= crowdsec > >-MAKE_ENV= BUILD_VERSION="${DISTVERSIONFULL}" \ >+MAKE_ARGS= BUILD_VERSION="${DISTVERSIONFULL}" \ > BUILD_TAG="${_BUILD_TAG}" \ >+ BUILD_VENDOR_FLAGS="-mod=vendor -modcacherw" \ > DEFAULT_CONFIGDIR="${PREFIX}/etc/crowdsec" \ > DEFAULT_DATADIR="/var/db/crowdsec/data" >+ > ALL_TARGET= build > >-SUB_FILES= pkg-deinstall pkg-install pkg-message >+SUB_FILES= pkg-deinstall pkg-install pkg-message crowdsec.cron upgrade-hub > > OPTIONS_DEFINE= FIREWALL_BOUNCER > OPTIONS_DEFAULT= >@@ -49,6 +50,10 @@ post-patch: > ${WRKSRC}/config/config.yaml \ > ${WRKSRC}/config/profiles.yaml > >+post-install: >+ @${MKDIR} ${STAGEDIR}${PREFIX}/etc/cron.d >+ @${INSTALL_DATA} ${WRKDIR}/crowdsec.cron ${STAGEDIR}${PREFIX}/etc/cron.d/crowdsec >+ > do-install: > # > # Binaries >@@ -124,16 +129,25 @@ do-install: > @${MKDIR} ${STAGEDIR}${ETCDIR}/hub > @${MKDIR} ${STAGEDIR}/var/db/crowdsec/data > >+ # >+ # Cron >+ # >+ >+ @${MKDIR} ${STAGEDIR}${PREFIX}/libexec/crowdsec >+ ${INSTALL_DATA} ${WRKDIR}/upgrade-hub \ >+ ${STAGEDIR}${PREFIX}/libexec/crowdsec/upgrade-hub >+ > # > # Cleanup > # > >+ @${RM} ${STAGEDIR}${ETCDIR}/acquis_win.yaml >+ @${RM} ${STAGEDIR}${ETCDIR}/config_win_no_lapi.yaml >+ @${RM} ${STAGEDIR}${ETCDIR}/config_win.yaml >+ @${RM} ${STAGEDIR}${ETCDIR}/crowdsec.cron.daily > @${RM} ${STAGEDIR}${ETCDIR}/crowdsec.service > @${RM} ${STAGEDIR}${ETCDIR}/dev.yaml > @${RM} ${STAGEDIR}${ETCDIR}/user.yaml >- @${RM} ${STAGEDIR}${ETCDIR}/acquis_win.yaml >- @${RM} ${STAGEDIR}${ETCDIR}/config_win.yaml >- @${RM} ${STAGEDIR}${ETCDIR}/config_win_no_lapi.yaml > @${RMDIR} ${STAGEDIR}${ETCDIR}/notifications/email > @${RMDIR} ${STAGEDIR}${ETCDIR}/notifications/http > @${RMDIR} ${STAGEDIR}${ETCDIR}/notifications/slack >diff --git a/security/crowdsec/distinfo b/security/crowdsec/distinfo >index f003aa1d1b01..2700819fc7cc 100644 >--- a/security/crowdsec/distinfo >+++ b/security/crowdsec/distinfo >@@ -1,3 +1,3 @@ >-TIMESTAMP = 1658844897 >-SHA256 (crowdsecurity-crowdsec-v1.4.1-v1.4.1-freebsd_GH0.tar.gz) = a05e75838f4c4e87906ab6df846cc73b4701f6460834e35e5b64b7774e16bb63 >-SIZE (crowdsecurity-crowdsec-v1.4.1-v1.4.1-freebsd_GH0.tar.gz) = 20805956 >+TIMESTAMP = 1669821186 >+SHA256 (crowdsecurity-crowdsec-v1.4.3-v1.4.3-freebsd_GH0.tar.gz) = b7341939db304a21c0920bc9b8e89d589dfff5da83ea4c54b3d1fc46b9eea2c3 >+SIZE (crowdsecurity-crowdsec-v1.4.3-v1.4.3-freebsd_GH0.tar.gz) = 21310998 >diff --git a/security/crowdsec/files/crowdsec.cron.in b/security/crowdsec/files/crowdsec.cron.in >new file mode 100644 >index 000000000000..30df05dc2199 >--- /dev/null >+++ b/security/crowdsec/files/crowdsec.cron.in >@@ -0,0 +1,2 @@ >+#minute hour mday month wday who command >+0 3 * * * root %%PREFIX%%/libexec/crowdsec/upgrade-hub >diff --git a/security/crowdsec/files/patch-Makefile b/security/crowdsec/files/patch-Makefile >deleted file mode 100644 >index 68ea23023ecf..000000000000 >--- a/security/crowdsec/files/patch-Makefile >+++ /dev/null >@@ -1,12 +0,0 @@ >---- Makefile.orig 2022-02-10 09:11:04 UTC >-+++ Makefile >-@@ -58,8 +58,8 @@ LD_OPTS_VARS= \ >- -X github.com/crowdsecurity/crowdsec/pkg/csconfig.defaultConfigDir=$(DEFAULT_CONFIGDIR) \ >- -X github.com/crowdsecurity/crowdsec/pkg/csconfig.defaultDataDir=$(DEFAULT_DATADIR) >- >--export LD_OPTS=-ldflags "-s -w $(LD_OPTS_VARS)" >--export LD_OPTS_STATIC=-ldflags "-s -w $(LD_OPTS_VARS) -extldflags '-static'" >-+export LD_OPTS=-mod vendor -modcacherw -ldflags "-s -w $(LD_OPTS_VARS)" >-+export LD_OPTS_STATIC=-mod vendor -modcacherw -ldflags "-s -w $(LD_OPTS_VARS) -extldflags '-static'" >- >- RELDIR = crowdsec-$(BUILD_VERSION) >diff --git a/security/crowdsec/files/pkg-deinstall.in b/security/crowdsec/files/pkg-deinstall.in >index 4fdfd0b04d72..4cee7a613b84 100644 >--- a/security/crowdsec/files/pkg-deinstall.in >+++ b/security/crowdsec/files/pkg-deinstall.in >@@ -2,8 +2,8 @@ > > case $2 in > "DEINSTALL") >- service crowdsec status && touch /var/run/crowdsec.running >- service crowdsec stop || : >+ service crowdsec status 2>/dev/null && touch /var/run/crowdsec.running >+ service crowdsec stop 2>/dev/null || : > ;; > esac > >diff --git a/security/crowdsec/files/pkg-message.in b/security/crowdsec/files/pkg-message.in >index 0f59a21a5980..2fa6c08f4b30 100644 >--- a/security/crowdsec/files/pkg-message.in >+++ b/security/crowdsec/files/pkg-message.in >@@ -7,7 +7,7 @@ crowdsec is installed. > You need to check/edit the following files in %%ETCDIR%% as described in https://doc.crowdsec.net/docs/configuration/crowdsec_configuration > > - config.yaml: main configuration >- - acquis.yaml: where to find logs to parse (this port does not include automatic discovery of the running services) >+ - acquis.yaml, acquis.d: datasource configuration (this port does not include automatic discovery of the running services) > - profiles.yaml: remediation policies (ban, duration, etc) > > Then you can enable the daemon via sysrc and run it. >diff --git a/security/crowdsec/files/upgrade-hub.in b/security/crowdsec/files/upgrade-hub.in >new file mode 100644 >index 000000000000..450dc8af96cc >--- /dev/null >+++ b/security/crowdsec/files/upgrade-hub.in >@@ -0,0 +1,17 @@ >+#!/bin/sh >+ >+test -x /usr/local/bin/cscli || exit 0 >+ >+# favor the opnsense plugin's cron if it's there >+test -e /usr/local/etc/cron.d/oscrowdsec.cron && exit 0 >+ >+/usr/local/bin/cscli --error hub update >+ >+upgraded=$(/usr/local/bin/cscli --error hub upgrade) >+if [ -n "$upgraded" ]; then >+ # splay initial metrics push >+ sleep $(jot -r 1 1 60) >+ service crowdsec reload >+fi >+ >+exit 0 >diff --git a/security/crowdsec/pkg-plist b/security/crowdsec/pkg-plist >index 730535931c6d..3e3566388844 100644 >--- a/security/crowdsec/pkg-plist >+++ b/security/crowdsec/pkg-plist >@@ -2,19 +2,20 @@ > bin/crowdsec > bin/cscli > bin/crowdsec-cli >+libexec/crowdsec/upgrade-hub > @mode 0600 >+@sample %%ETCDIR%%/config.yaml.sample > @sample %%ETCDIR%%/local_api_credentials.yaml.sample > @sample %%ETCDIR%%/online_api_credentials.yaml.sample >+@sample %%ETCDIR%%/notifications/email.yaml.sample >+@sample %%ETCDIR%%/notifications/http.yaml.sample >+@sample %%ETCDIR%%/notifications/slack.yaml.sample >+@sample %%ETCDIR%%/notifications/splunk.yaml.sample > @mode 0644 > @sample %%ETCDIR%%/acquis.yaml.sample >-@sample %%ETCDIR%%/config.yaml.sample > @sample %%ETCDIR%%/console.yaml.sample > @sample %%ETCDIR%%/profiles.yaml.sample > @sample %%ETCDIR%%/simulation.yaml.sample >-@sample %%ETCDIR%%/notifications/email.yaml.sample >-@sample %%ETCDIR%%/notifications/http.yaml.sample >-@sample %%ETCDIR%%/notifications/slack.yaml.sample >-@sample %%ETCDIR%%/notifications/splunk.yaml.sample > %%ETCDIR%%/patterns/aws > %%ETCDIR%%/patterns/bacula > %%ETCDIR%%/patterns/bro >@@ -39,6 +40,7 @@ bin/crowdsec-cli > %%ETCDIR%%/patterns/smb > %%ETCDIR%%/patterns/ssh > %%ETCDIR%%/patterns/tcpdump >+etc/cron.d/crowdsec > @mode 0755 > lib/crowdsec/plugins/notification-email > lib/crowdsec/plugins/notification-http >-- >2.37.2 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=238461">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
marco:
maintainer-approval+
Actions:
View
|
Diff
Attachments on
bug 267808
:
238116
|
238461
|
238479
|
238958