diff options
| author | Marco Mariani <marco@crowdsec.net> | 2023-10-02 12:51:29 +0000 |
|---|---|---|
| committer | Robert Clausecker <fuz@FreeBSD.org> | 2023-10-04 19:59:57 +0000 |
| commit | 714e7fb44f516d31f08b657b2eb9a66ae1fbf9c7 (patch) | |
| tree | e2f88a490727e6a38ace5ef7e736557df8867bd0 /security/crowdsec-firewall-bouncer | |
| parent | 00b97f0452f080ec3cb8216a94248217e50ebfbc (diff) | |
| download | ports-714e7fb44f516d31f08b657b2eb9a66ae1fbf9c7.tar.gz ports-714e7fb44f516d31f08b657b2eb9a66ae1fbf9c7.zip | |
security/crowdsec-firewall-bouncer: update to v0.0.28
Diffstat (limited to 'security/crowdsec-firewall-bouncer')
| -rw-r--r-- | security/crowdsec-firewall-bouncer/Makefile | 44 | ||||
| -rw-r--r-- | security/crowdsec-firewall-bouncer/distinfo | 8 | ||||
| -rw-r--r--[-rwxr-xr-x] | security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in | 56 | ||||
| -rw-r--r--[-rwxr-xr-x] | security/crowdsec-firewall-bouncer/files/pkg-deinstall.in | 0 | ||||
| -rw-r--r--[-rwxr-xr-x] | security/crowdsec-firewall-bouncer/files/pkg-install.in | 0 | ||||
| -rw-r--r-- | security/crowdsec-firewall-bouncer/files/pkg-message.in | 7 |
6 files changed, 80 insertions, 35 deletions
diff --git a/security/crowdsec-firewall-bouncer/Makefile b/security/crowdsec-firewall-bouncer/Makefile index d308b5c8d4d7..f4488f4953aa 100644 --- a/security/crowdsec-firewall-bouncer/Makefile +++ b/security/crowdsec-firewall-bouncer/Makefile @@ -1,8 +1,6 @@ PORTNAME= crowdsec-firewall-bouncer DISTVERSIONPREFIX= v -DISTVERSION= 0.0.27 -PORTREVISION= 2 -DISTVERSIONSUFFIX= -freebsd +DISTVERSION= 0.0.28 CATEGORIES= security MAINTAINER= marco@crowdsec.net @@ -12,42 +10,42 @@ WWW= https://github.com/crowdsecurity/cs-firewall-bouncer LICENSE= MIT LICENSE_FILE= ${WRKSRC}/LICENSE -BUILD_DEPENDS= git:devel/git@lite - -USES= gmake go:no_targets - -USE_GITHUB= yes -GH_ACCOUNT= crowdsecurity -GH_PROJECT= cs-firewall-bouncer -_BUILD_TAG= f1f8b379 +USES= go:modules +_COMMIT= af6e7e2 +_BUILD_DATE= $$(date -u "+%F_%T") USE_RC_SUBR= crowdsec_firewall -MAKE_ARGS= BUILD_VERSION="${DISTVERSIONFULL}" \ - BUILD_TAG="${_BUILD_TAG}" \ - BUILD_VENDOR_FLAGS="-mod=vendor -modcacherw" +GO_MODULE= github.com/crowdsecurity/cs-firewall-bouncer +GO_TARGET= ${PORTNAME}:./${PORTNAME} +GO_BUILDFLAGS= -trimpath -tags netgo \ + -ldflags="\ + -a -s -w -extldflags '-static' \ + -X github.com/crowdsecurity/go-cs-lib/version.Version=${DISTVERSIONPREFIX}${DISTVERSION}-freebsd \ + -X github.com/crowdsecurity/go-cs-lib/version.BuildDate=${_BUILD_DATE} \ + -X github.com/crowdsecurity/go-cs-lib/version.Tag=${_COMMIT}" -SUB_FILES= pkg-deinstall pkg-install pkg-message +CGO_ENABLED= 0 -ETCDIR= ${PREFIX}/etc/crowdsec/bouncers +SUB_FILES= pkg-deinstall \ + pkg-install \ + pkg-message -post-patch: - ${REINPLACE_CMD} 's,$${BACKEND},pf,g' \ - ${WRKSRC}/config/crowdsec-firewall-bouncer.yaml +ETCDIR= ${PREFIX}/etc/crowdsec/bouncers do-install: # # Binaries # - ${INSTALL_PROGRAM} ${WRKSRC}/crowdsec-firewall-bouncer \ - ${STAGEDIR}${PREFIX}/bin/crowdsec-firewall-bouncer + ${INSTALL_PROGRAM} ${WRKDIR}/bin/${PORTNAME} \ + ${STAGEDIR}${PREFIX}/bin/${PORTNAME} # # Configuration # @${MKDIR} ${STAGEDIR}${ETCDIR} - ${INSTALL_DATA} ${WRKSRC}/config/crowdsec-firewall-bouncer.yaml \ - ${STAGEDIR}${ETCDIR}/crowdsec-firewall-bouncer.yaml.sample + ${INSTALL_DATA} ${WRKSRC}/config/${PORTNAME}.yaml \ + ${STAGEDIR}${ETCDIR}/${PORTNAME}.yaml.sample .include <bsd.port.mk> diff --git a/security/crowdsec-firewall-bouncer/distinfo b/security/crowdsec-firewall-bouncer/distinfo index a43c4d5e59c7..4a349fd2bda7 100644 --- a/security/crowdsec-firewall-bouncer/distinfo +++ b/security/crowdsec-firewall-bouncer/distinfo @@ -1,3 +1,5 @@ -TIMESTAMP = 1684281311 -SHA256 (crowdsecurity-cs-firewall-bouncer-v0.0.27-freebsd_GH0.tar.gz) = 1dba0604d0ff7d9035e2e2adcff42cddf7d0b63f23dd973ce692b6e18ee65126 -SIZE (crowdsecurity-cs-firewall-bouncer-v0.0.27-freebsd_GH0.tar.gz) = 2600838 +TIMESTAMP = 1696243362 +SHA256 (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.28/v0.0.28.mod) = 8da878a2e78081ce7fd2b81f210eb146f87fa77f4c0b5b3857d1e6a4551dd048 +SIZE (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.28/v0.0.28.mod) = 2632 +SHA256 (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.28/v0.0.28.zip) = 6aeaa00beee415f68b2f7a4d98e6b3c83c239f3fe8b1e8be93f34b13e77c940e +SIZE (go/security_crowdsec-firewall-bouncer/crowdsec-firewall-bouncer-v0.0.28/v0.0.28.zip) = 181050 diff --git a/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in b/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in index 475bb4ae0e53..dd2e10d6f918 100755..100644 --- a/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in +++ b/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in @@ -11,6 +11,8 @@ # Default is "NO" # crowdsec_firewall_config (str): Set the bouncer config path. # Default is "%%ETCDIR%%/crowdsec-firewall-bouncer.yaml" +# crowdsec_firewall_name (str): Name of the bouncer to register. +# Default is dynamically generated. # crowdsec_firewall_flags (str): extra flags to run bouncer. # Default is "" @@ -20,39 +22,77 @@ name=crowdsec_firewall desc="Crowdsec Firewall" rcvar=crowdsec_firewall_enable -load_rc_config $name +load_rc_config "$name" : "${crowdsec_firewall_enable:=NO}" : "${crowdsec_firewall_config:=%%ETCDIR%%/crowdsec-firewall-bouncer.yaml}" +: "${crowdsec_firewall_name:=cs-firewall-bouncer-$(date +%s)}" : "${crowdsec_firewall_flags:=}" pidfile=/var/run/${name}.pid required_files="$crowdsec_firewall_config" command="%%PREFIX%%/bin/crowdsec-firewall-bouncer" start_cmd="${name}_start" +stop_cmd="${name}_stop" start_precmd="${name}_precmd" +configtest_cmd="${name}_configtest" +extra_commands="configtest" crowdsec_firewall_precmd() { CSCLI=%%PREFIX%%/bin/cscli - orig_line="api_key: \${API_KEY}" + # there might be quotes + orig_line="api_key: .*\${API_KEY}.*" # IF the bouncer is not configured if grep -q "^${orig_line}" "${crowdsec_firewall_config}"; then - BOUNCER="cs-firewall-bouncer-$(date +%s)" # AND crowdsec is installed.. if command -v "$CSCLI" >/dev/null; then # THEN, register it to the local API - API_KEY=$($CSCLI bouncers add "${BOUNCER}" -o raw) + API_KEY=$($CSCLI bouncers add "${crowdsec_firewall_name}" -o raw) if [ -n "$API_KEY" ]; then - sed -i "" "s/^${orig_line}/api_key: ${API_KEY} # ${BOUNCER}/" "${crowdsec_firewall_config}" - echo "Registered: ${BOUNCER}" + sed -i "" "s|^${orig_line}|api_key: ${API_KEY} # ${crowdsec_firewall_name}|" "${crowdsec_firewall_config}" + echo "Registered: ${crowdsec_firewall_name}" fi fi fi } +crowdsec_firewall_stop() +{ + if [ ! -f "$pidfile" ]; then + echo "${name} is not running." + return + fi + pid=$(cat "$pidfile") + if kill -0 "$pid" >/dev/null 2>&1; then + echo "Stopping ${name}." + kill -s TERM "$pid" >/dev/null 2>&1 + # shellcheck disable=SC2034 + for i in $(seq 1 20); do + sleep 1 + if ! kill -0 "$pid" >/dev/null 2>&1; then + rm -f "$pidfile" + return + fi + done + echo "Timeout, terminating ${name} with SIGKILL." + kill -s KILL "$pid" >/dev/null 2>&1 + rm -f "$pidfile" + else + echo "${name} is not running." + fi +} + crowdsec_firewall_start() { - /usr/sbin/daemon -f -p ${pidfile} -t "${desc}" -- \ - ${command} -c "${crowdsec_firewall_config}" ${crowdsec_firewall_flags} + /usr/sbin/daemon -f -p "$pidfile" -t "$desc" -- \ + "$command" -c "$crowdsec_firewall_config" ${crowdsec_firewall_flags} +} + +crowdsec_firewall_configtest() +{ + echo "Performing sanity check on ${name} configuration." + if "$command" -c "$crowdsec_firewall_config" -t; then + echo "Configuration test OK" + fi } run_rc_command "$1" diff --git a/security/crowdsec-firewall-bouncer/files/pkg-deinstall.in b/security/crowdsec-firewall-bouncer/files/pkg-deinstall.in index 21e946d75a27..21e946d75a27 100755..100644 --- a/security/crowdsec-firewall-bouncer/files/pkg-deinstall.in +++ b/security/crowdsec-firewall-bouncer/files/pkg-deinstall.in diff --git a/security/crowdsec-firewall-bouncer/files/pkg-install.in b/security/crowdsec-firewall-bouncer/files/pkg-install.in index f75e58ce4685..f75e58ce4685 100755..100644 --- a/security/crowdsec-firewall-bouncer/files/pkg-install.in +++ b/security/crowdsec-firewall-bouncer/files/pkg-install.in diff --git a/security/crowdsec-firewall-bouncer/files/pkg-message.in b/security/crowdsec-firewall-bouncer/files/pkg-message.in index 85b8a16382d5..336b3e4fd4dd 100644 --- a/security/crowdsec-firewall-bouncer/files/pkg-message.in +++ b/security/crowdsec-firewall-bouncer/files/pkg-message.in @@ -4,10 +4,15 @@ crowdsec-firewall-bouncer is installed. +Note: If you are using OPNsense or pfSense, ignore the following instructions and use the settings page of the +CrowdSec plugin. + +----- + If you are running crowdsec on this machine, the bouncer will register itself with the Local API when it's started the first time. -If the LAPI is on another machine, you need to manually register the bouncer +If the LAPI is on a different machine, you need to manually register the bouncer and fill api_key and api_url in %%ETCDIR%%/crowdsec-firewall-bouncer.yaml before starting the service. |