security/crowdsec-firewall-bouncer: update to 0.0.17

Update to 0.0.17 release and pass the maintainership to the submitter.

PR:		260264

7 files changed, 104 insertions, 29 deletions

diff --git a/security/crowdsec-firewall-bouncer/Makefile b/security/crowdsec-firewall-bouncer/Makefile
index 60925f445797..36a868801a50 100644
--- a/security/crowdsec-firewall-bouncer/Makefile
+++ b/security/crowdsec-firewall-bouncer/Makefile
@@ -1,40 +1,59 @@
 PORTNAME=	crowdsec-firewall-bouncer
-PORTVERSION=	0.0.13
+PORTVERSION=	0.0.17	# NOTE: change BUILD_VERSION and BUILD_TAG as well
 DISTVERSIONPREFIX=	v
 CATEGORIES=	security
 
-MAINTAINER=	sbz@FreeBSD.org
-COMMENT=	Crowdsec bouncer written in golang for firewalls
+MAINTAINER=	marco@crowdsec.net
+COMMENT=	CrowdSec bouncer written in golang for firewalls
 
 LICENSE=	MIT
 LICENSE_FILE=	${WRKSRC}/LICENSE
 
+BUILD_DEPENDS=	git:devel/git@lite \
+		go:lang/go
+
+USES=		gmake
+
 RUN_DEPENDS=	crowdsec>0:security/crowdsec
 
-USES=		go:modules
+USE_GITHUB=	yes
+GH_ACCOUNT=	crowdsecurity
+GH_PROJECT=	cs-firewall-bouncer
+#GH_TAGNAME is automatically set from DISTVERSION
 
 USE_RC_SUBR=	crowdsec_firewall
 
-GO_MODULE=	github.com/crowdsecurity/cs-firewall-bouncer
+SUB_FILES=	pkg-message \
+		pkg-deinstall
+
+# BUILD_VERSION=$(git describe --tags $(git rev-list --tags --max-count=1))
+# BUILD_TAG=$(git rev-parse HEAD)
+MAKE_ENV=	BUILD_VERSION="v0.0.17" \
+		BUILD_TAG="b330209afcdefd0046fd6790999bbb342c02f1b3"
 
-GO_BUILDFLAGS=	-ldflags "-s -w \
-		-X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Version=v${PORTVERSION} \
-		-X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Tag=freebsd \
-		-X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.BuildDate=`date -u '+%Y-%m-%d_%I:%M:%S%p'`"
+ETCDIR=		${PREFIX}/etc/crowdsec/bouncers
 
-SUB_FILES=	pkg-message
+do-patch:
+	cd ${WRKSRC} && go mod download github.com/mattn/go-sqlite3
 
 post-patch:
 	${REINPLACE_CMD} 's,$${BACKEND},pf,g' \
 		${WRKSRC}/config/crowdsec-firewall-bouncer.yaml
 
 do-install:
-	@${MKDIR} ${STAGEDIR}${ETCDIR}
+	#
+	# Binaries
+	#
+
+	${INSTALL_PROGRAM} ${WRKSRC}/crowdsec-firewall-bouncer \
+		${STAGEDIR}${PREFIX}/bin/crowdsec-firewall-bouncer
+
+	#
+	# Configuration
+	#
 
+	@${MKDIR} ${STAGEDIR}${ETCDIR}
 	${INSTALL_DATA} ${WRKSRC}/config/crowdsec-firewall-bouncer.yaml \
 		${STAGEDIR}${ETCDIR}/crowdsec-firewall-bouncer.yaml.sample
 
-	${INSTALL_PROGRAM} ${WRKDIR}/bin/crowdsec-firewall-bouncer \
-		${STAGEDIR}${PREFIX}/bin/crowdsec-firewall-bouncer
-
 .include <bsd.port.mk>
diff --git a/security/crowdsec-firewall-bouncer/distinfo b/security/crowdsec-firewall-bouncer/distinfo
index cf74c8b81d95..001ca177529b 100644
--- a/security/crowdsec-firewall-bouncer/distinfo
+++ b/security/crowdsec-firewall-bouncer/distinfo
@@ -1,5 +1,3 @@
-TIMESTAMP = 1625834541
-SHA256 (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.13/v0.0.13.mod) = c4ee3539ac5bd53f013e0798add577d5daef4480ad6910a3c35c381e74b26f63
-SIZE (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.13/v0.0.13.mod) = 935
-SHA256 (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.13/v0.0.13.zip) = 0817452582e7ff9f92ae7c51751c6de86a277d7b772e5ac1b35dc7a3ea35aba7
-SIZE (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.13/v0.0.13.zip) = 148490
+TIMESTAMP = 1637702397
+SHA256 (crowdsecurity-cs-firewall-bouncer-v0.0.17_GH0.tar.gz) = 53af239b86c6b554da3711e3686d7d3036d33b2e561bfb00e195b6c8a06918c8
+SIZE (crowdsecurity-cs-firewall-bouncer-v0.0.17_GH0.tar.gz) = 143037
diff --git a/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in b/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in
index 1bc55e6ca263..ee3dcc9f7325 100755
--- a/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in
+++ b/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in
@@ -18,13 +18,34 @@ rcvar=crowdsec_firewall_enable
 
 load_rc_config $name
 
-: ${crowdsec_firewall_enable:="NO"}
-: ${crowdsec_firewall_config:="%%PREFIX%%/etc/crowdsec-firewall-bouncer/crowdsec-firewall-bouncer.yaml"}
+: "${crowdsec_firewall_enable:=NO}"
+: "${crowdsec_firewall_config:=%%ETCDIR%%/crowdsec-firewall-bouncer.yaml}"
 
-pidfile=/var/run/$name.pid
+pidfile=/var/run/${name}.pid
 required_files="$crowdsec_firewall_config"
-procname="%%PREFIX%%/bin/crowdsec-firewall-bouncer"
-command=/usr/sbin/daemon
-command_args="-fp $pidfile -t '$desc' -- '$procname' -c '$crowdsec_firewall_config'"
+command="%%PREFIX%%/bin/crowdsec-firewall-bouncer"
+start_cmd="${name}_start"
+start_precmd="${name}_precmd"
+
+crowdsec_firewall_precmd() {
+    CSCLI=%%PREFIX%%/bin/cscli
+    orig_line="api_key: \${API_KEY}"
+    if grep -q "^${orig_line}" "${crowdsec_firewall_config}"; then
+        SUFFIX=$(LC_CTYPE=C tr -dc A-Za-z0-9 </dev/urandom | head -c 8)
+        BOUNCER="cs-firewall-bouncer-${SUFFIX}"
+        if command -v "$CSCLI" >/dev/null; then
+            API_KEY=$($CSCLI bouncers add "${BOUNCER}" -o raw)
+            if [ -n "$API_KEY" ]; then
+                sed -i "" "s/^${orig_line}/api_key: ${API_KEY}     # ${BOUNCER}/" "${crowdsec_firewall_config}"
+                echo "Registered: ${BOUNCER}"
+            fi
+        fi
+    fi
+}
+
+crowdsec_firewall_start() {
+    /usr/sbin/daemon -f -p ${pidfile} -t "${desc}" -- \
+        ${command} -c "${crowdsec_firewall_config}"
+}
 
 run_rc_command "$1"
diff --git a/security/crowdsec-firewall-bouncer/files/patch-Makefile b/security/crowdsec-firewall-bouncer/files/patch-Makefile
new file mode 100644
index 000000000000..6d9e9a2e2f42
--- /dev/null
+++ b/security/crowdsec-firewall-bouncer/files/patch-Makefile
@@ -0,0 +1,11 @@
+--- Makefile.orig	2021-12-07 09:00:17 UTC
++++ Makefile
+@@ -11,7 +11,7 @@ GOGET=$(GOCMD) get
+ BUILD_VERSION?="$(shell git describe --tags `git rev-list --tags --max-count=1`)"
+ BUILD_GOVERSION="$(shell go version | cut -d " " -f3 | sed -r 's/[go]+//g')"
+ BUILD_TIMESTAMP=$(shell date +%F"_"%T)
+-BUILD_TAG="$(shell git rev-parse HEAD)"
++BUILD_TAG?="$(shell git rev-parse HEAD)"
+ export LD_OPTS=-ldflags "-s -w -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Version=$(BUILD_VERSION) \
+ -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.BuildDate=$(BUILD_TIMESTAMP) \
+ -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Tag=$(BUILD_TAG) \
diff --git a/security/crowdsec-firewall-bouncer/files/pkg-deinstall.in b/security/crowdsec-firewall-bouncer/files/pkg-deinstall.in
new file mode 100644
index 000000000000..0324401c6e19
--- /dev/null
+++ b/security/crowdsec-firewall-bouncer/files/pkg-deinstall.in
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+case $2 in
+       DEINSTALL)
+               service crowdsec_firewall stop || :
+               ;;
+esac
+
diff --git a/security/crowdsec-firewall-bouncer/files/pkg-message.in b/security/crowdsec-firewall-bouncer/files/pkg-message.in
index 46710f5d090a..3929d468efd0 100644
--- a/security/crowdsec-firewall-bouncer/files/pkg-message.in
+++ b/security/crowdsec-firewall-bouncer/files/pkg-message.in
@@ -4,17 +4,33 @@
 
 crowdsec-firewall-bouncer is installed.
 
-You need to edit the config file %%ETCDIR%%/crowdsec-firewall-bouncer.yaml, your pf
-config and enable rc via sysrc.
+The bouncer should register itself but you may want to check the
+configuration file, which is now in %%ETCDIR%%/crowdsec-firewall-bouncer.yaml
+(for consistency with the other platforms).
 
-Add the following in pf.conf to create the tables
+In previous versions, the configuration was in /usr/local/etc/crowdsec-firewall-bouncer, you may need
+to check if you made any changes there.
 
+If it's the first time, you need to edit your Packet Filter configuration.
+Add the following in /etc/pf.conf to create the tables:
+
+----------
 # create crowdsec ipv4 table
 table <crowdsec-blacklists> persist
 
 # create crowdsec ipv6 table
 table <crowdsec6-blacklists> persist
 
+block drop in quick from <crowdsec-blacklists> to any
+block drop in quick from <crowdsec6-blacklists> to any
+----------
+
+To apply the file:
+
+# pfctl -f /etc/pf.conf
+
+Then activate the bouncer via sysrc:
+
 # sysrc crowdsec_firewall_enable="YES"
 EOM
 }
diff --git a/security/crowdsec-firewall-bouncer/pkg-plist b/security/crowdsec-firewall-bouncer/pkg-plist
index d47d3e2429aa..6a41287c1e57 100644
--- a/security/crowdsec-firewall-bouncer/pkg-plist
+++ b/security/crowdsec-firewall-bouncer/pkg-plist
@@ -1,2 +1,4 @@
-@sample etc/crowdsec-firewall-bouncer/crowdsec-firewall-bouncer.yaml.sample
+@mode 0755
 bin/crowdsec-firewall-bouncer
+@mode 0600
+@sample %%ETCDIR%%/crowdsec-firewall-bouncer.yaml.sample