FreeBSD Bugzilla – Attachment 238485 Details for
Bug 268105
[NEW PORT] security/crowdsec-blocklist-mirror: CrowdSec Blocklist Mirror
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for blocklist mirror 0.0.1
0001-security-crowdsec-blocklist-mirror-0.0.1.patch (text/plain), 8.68 KB, created by
marco
on 2022-12-02 08:22:44 UTC
(
hide
)
Description:
patch for blocklist mirror 0.0.1
Filename:
MIME Type:
Creator:
marco
Created:
2022-12-02 08:22:44 UTC
Size:
8.68 KB
patch
obsolete
>From ab6781dad438a4384ee103d63b33bcca7f1298ae Mon Sep 17 00:00:00 2001 >From: Marco Mariani <marco@crowdsec.net> >Date: Thu, 1 Dec 2022 22:44:20 +0100 >Subject: [PATCH] security/crowdsec-blocklist-mirror: 0.0.1 > >--- > security/crowdsec-blocklist-mirror/Makefile | 48 ++++++++++++ > security/crowdsec-blocklist-mirror/distinfo | 3 + > .../files/crowdsec_mirror.in | 73 +++++++++++++++++++ > .../files/pkg-deinstall.in | 9 +++ > .../files/pkg-install.in | 10 +++ > .../files/pkg-message.in | 31 ++++++++ > security/crowdsec-blocklist-mirror/pkg-descr | 3 + > security/crowdsec-blocklist-mirror/pkg-plist | 4 + > 8 files changed, 181 insertions(+) > create mode 100644 security/crowdsec-blocklist-mirror/Makefile > create mode 100644 security/crowdsec-blocklist-mirror/distinfo > create mode 100755 security/crowdsec-blocklist-mirror/files/crowdsec_mirror.in > create mode 100755 security/crowdsec-blocklist-mirror/files/pkg-deinstall.in > create mode 100755 security/crowdsec-blocklist-mirror/files/pkg-install.in > create mode 100644 security/crowdsec-blocklist-mirror/files/pkg-message.in > create mode 100644 security/crowdsec-blocklist-mirror/pkg-descr > create mode 100644 security/crowdsec-blocklist-mirror/pkg-plist > >diff --git a/security/crowdsec-blocklist-mirror/Makefile b/security/crowdsec-blocklist-mirror/Makefile >new file mode 100644 >index 000000000000..acd035bf7d32 >--- /dev/null >+++ b/security/crowdsec-blocklist-mirror/Makefile >@@ -0,0 +1,48 @@ >+PORTNAME= crowdsec-blocklist-mirror >+DISTVERSIONPREFIX= v >+DISTVERSION= 0.0.1 >+CATEGORIES= security >+ >+MAINTAINER= marco@crowdsec.net >+COMMENT= CrowdSec Blocklist Mirror >+WWW= https://github.com/crowdsecurity/cs-blocklist-mirror >+ >+LICENSE= MIT >+LICENSE_FILE= ${WRKSRC}/LICENSE >+ >+BUILD_DEPENDS= git:devel/git@lite >+ >+USES= gmake go:1.19,no_targets >+ >+USE_GITHUB= yes >+GH_ACCOUNT= crowdsecurity >+GH_PROJECT= cs-blocklist-mirror >+GH_TAGNAME= ${DISTVERSIONFULL}-freebsd >+_BUILD_TAG= 24a43080 >+USE_RC_SUBR= crowdsec_mirror >+ >+MAKE_ARGS= BUILD_VERSION="${DISTVERSIONFULL}" \ >+ BUILD_TAG="${_BUILD_TAG}" \ >+ BUILD_VENDOR_FLAGS="-mod=vendor -modcacherw" >+ >+SUB_FILES= pkg-deinstall pkg-install pkg-message >+ >+ETCDIR= ${PREFIX}/etc/crowdsec/bouncers >+ >+do-install: >+ # >+ # Binaries >+ # >+ >+ ${INSTALL_PROGRAM} ${WRKSRC}/crowdsec-blocklist-mirror \ >+ ${STAGEDIR}${PREFIX}/bin/crowdsec-blocklist-mirror >+ >+ # >+ # Configuration >+ # >+ >+ @${MKDIR} ${STAGEDIR}${ETCDIR} >+ ${INSTALL_DATA} ${WRKSRC}/config/crowdsec-blocklist-mirror.yaml \ >+ ${STAGEDIR}${ETCDIR}/crowdsec-blocklist-mirror.yaml.sample >+ >+.include <bsd.port.mk> >diff --git a/security/crowdsec-blocklist-mirror/distinfo b/security/crowdsec-blocklist-mirror/distinfo >new file mode 100644 >index 000000000000..7b883760ab69 >--- /dev/null >+++ b/security/crowdsec-blocklist-mirror/distinfo >@@ -0,0 +1,3 @@ >+TIMESTAMP = 1664462306 >+SHA256 (crowdsecurity-cs-blocklist-mirror-v0.0.1-v0.0.1-freebsd_GH0.tar.gz) = a3e35eb6bba0a5b34a2fd50fb7223378c6ac268311d2ebe7fefd0381bc39e7d5 >+SIZE (crowdsecurity-cs-blocklist-mirror-v0.0.1-v0.0.1-freebsd_GH0.tar.gz) = 2444802 >diff --git a/security/crowdsec-blocklist-mirror/files/crowdsec_mirror.in b/security/crowdsec-blocklist-mirror/files/crowdsec_mirror.in >new file mode 100755 >index 000000000000..ccfea9df38f2 >--- /dev/null >+++ b/security/crowdsec-blocklist-mirror/files/crowdsec_mirror.in >@@ -0,0 +1,73 @@ >+#!/bin/sh >+# >+# PROVIDE: crowdsec_mirror >+# REQUIRE: LOGIN DAEMON NETWORKING >+# KEYWORD: shutdown >+# >+# Add the following lines to /etc/rc.conf.local or /etc/rc.conf >+# to enable this service: >+# >+# crowdsec_mirror_enable (bool): Set it to YES to enable the blocklist mirror. >+# Default is "NO" >+# crowdsec_mirror_config (str): Set the config path. >+# Default is "%%ETCDIR%%/crowdsec-blocklist-mirror.yaml" >+# crowdsec_mirror_flags (str): extra flags to run bouncer. >+# Default is "" >+ >+. /etc/rc.subr >+ >+name=crowdsec_mirror >+desc="Crowdsec Blocklist Mirror" >+rcvar=crowdsec_mirror_enable >+ >+load_rc_config $name >+ >+: "${crowdsec_mirror_enable:=NO}" >+: "${crowdsec_mirror_config:=%%ETCDIR%%/crowdsec-blocklist-mirror.yaml}" >+: "${crowdsec_mirror_flags:=}" >+ >+pidfile=/var/run/${name}.pid >+required_files="$crowdsec_mirror_config" >+command="%%PREFIX%%/bin/crowdsec-blocklist-mirror" >+start_cmd="${name}_start" >+start_precmd="${name}_precmd" >+ >+crowdsec_mirror_precmd() { >+ CSCLI=%%PREFIX%%/bin/cscli >+ orig_line="lapi_key: \${API_KEY}" >+ # IF the bouncer is not configured >+ if grep -q "${orig_line}" "${crowdsec_mirror_config}"; then >+ SUFFIX=$(jot -r -c 10 a z | rs -g0) >+ BOUNCER="cs-blocklist-mirror-${SUFFIX}" >+ # AND crowdsec is installed.. >+ if command -v "$CSCLI" >/dev/null; then >+ # THEN, register it to the local API >+ API_KEY="$($CSCLI bouncers add "${BOUNCER}" -o raw)" >+ if [ -n "$API_KEY" ]; then >+ sed -i "" "s/${orig_line}/lapi_key: ${API_KEY} # ${BOUNCER}/" "${crowdsec_mirror_config}" >+ echo "Registered: ${BOUNCER}" >+ fi >+ fi >+ fi >+ >+ orig_line="lapi_url: \${CROWDSEC_LAPI_URL}" >+ # IF the lapi endpoint is not configured >+ if grep -q "${orig_line}" "${crowdsec_mirror_config}"; then >+ # AND crowdsec is installed.. >+ if command -v "$CSCLI" >/dev/null; then >+ # THEN, use the listen address >+ CROWDSEC_LAPI_ENDPOINT="$($CSCLI config show --key Config.API.Server.ListenURI)" >+ if [ -n "$CROWDSEC_LAPI_ENDPOINT" ]; then >+ sed -i "" "s#${orig_line}#lapi_url: http://${CROWDSEC_LAPI_ENDPOINT}#" "${crowdsec_mirror_config}" >+ echo "LAPI listen address set up." >+ fi >+ fi >+ fi >+} >+ >+crowdsec_mirror_start() { >+ /usr/sbin/daemon -f -p ${pidfile} -t "${desc}" -- \ >+ ${command} -c "${crowdsec_mirror_config}" ${crowdsec_mirror_flags} >+} >+ >+run_rc_command "$1" >diff --git a/security/crowdsec-blocklist-mirror/files/pkg-deinstall.in b/security/crowdsec-blocklist-mirror/files/pkg-deinstall.in >new file mode 100755 >index 000000000000..32c2e941c7e5 >--- /dev/null >+++ b/security/crowdsec-blocklist-mirror/files/pkg-deinstall.in >@@ -0,0 +1,9 @@ >+#!/bin/sh >+ >+case $2 in >+ "DEINSTALL") >+ service crowdsec_mirror status 2>/dev/null && touch /var/run/crowdsec_mirror.running >+ service crowdsec_mirror stop 2>/dev/null || : >+ ;; >+esac >+ >diff --git a/security/crowdsec-blocklist-mirror/files/pkg-install.in b/security/crowdsec-blocklist-mirror/files/pkg-install.in >new file mode 100755 >index 000000000000..0dd870bdac41 >--- /dev/null >+++ b/security/crowdsec-blocklist-mirror/files/pkg-install.in >@@ -0,0 +1,10 @@ >+#!/bin/sh >+ >+case $2 in >+ "POST-INSTALL") >+ if [ -e /var/run/crowdsec_mirror.running ]; then >+ service crowdsec_mirror start >+ rm -f /var/run/crowdsec_mirror.running >+ fi >+ ;; >+esac >diff --git a/security/crowdsec-blocklist-mirror/files/pkg-message.in b/security/crowdsec-blocklist-mirror/files/pkg-message.in >new file mode 100644 >index 000000000000..569ba653f2b5 >--- /dev/null >+++ b/security/crowdsec-blocklist-mirror/files/pkg-message.in >@@ -0,0 +1,31 @@ >+[ >+{ type: install >+ message: <<EOM >+ >+crowdsec-blocklist-mirror is installed. >+ >+If you are running crowdsec on this machine, the bouncer will register itself with >+the Local API when it's started the first time. >+ >+If the LAPI is on another machine, you need to manually register the bouncer >+and fill lapi_key and lapi_url in %%ETCDIR%%/crowdsec-blocklist-mirror.yaml before >+starting the service. >+ >+Please refer to the documentation at >+https://docs.crowdsec.net/docs/bouncers/blocklist-mirror/ >+ >+Then activate the bouncer via sysrc and run it: >+ >+---------- >+# sysrc crowdsec_mirror_enable="YES" >+crowdsec_mirror_enable: NO -> YES >+# service crowdsec_mirror start >+---------- >+ >+The blocklist is available by default at >+'http://127.0.0.1:41412/security/blocklist', check the configuration file to >+change address, endpoint or add some authentication. >+ >+EOM >+} >+] >diff --git a/security/crowdsec-blocklist-mirror/pkg-descr b/security/crowdsec-blocklist-mirror/pkg-descr >new file mode 100644 >index 000000000000..7eb46c5bf50e >--- /dev/null >+++ b/security/crowdsec-blocklist-mirror/pkg-descr >@@ -0,0 +1,3 @@ >+CrowdSec Blocklist Mirror >+ >+Publish CrowdSec decisions via HTTP, to be consumed by network appliances. >diff --git a/security/crowdsec-blocklist-mirror/pkg-plist b/security/crowdsec-blocklist-mirror/pkg-plist >new file mode 100644 >index 000000000000..b9b5dc8a069b >--- /dev/null >+++ b/security/crowdsec-blocklist-mirror/pkg-plist >@@ -0,0 +1,4 @@ >+@mode 0755 >+bin/crowdsec-blocklist-mirror >+@mode 0600 >+@sample %%ETCDIR%%/crowdsec-blocklist-mirror.yaml.sample >-- >2.37.2 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=238485">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 268105
: 238485