public/rpms
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Packages are now easier to update

Browse Source
This commit is contained in:
admin
2023-11-04 14:39:34 +01:00
parent 8df93a4a96
commit 685e491925
4 changed files with 205 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

187
alma/SPECS/crowdsec-firewall-bouncer.spec Normal file
View File

@@ -0,0 +1,187 @@
Name: crowdsec-firewall-bouncer-iptables
Version: 0.0.28
Release: 1%{?dist}
Summary: Firewall bouncer for Crowdsec (iptables+ipset configuration)
License: MIT
URL: https://crowdsec.net
Source0: https://github.com/crowdsecurity/%{name}/archive/v%{version}.tar.gz
Source1: 80-crowdsec-firewall-bouncer.preset
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: make
%{?fc33:BuildRequires: systemd-rpm-macros}
Requires: gettext,iptables,ipset,ipset-libs
%define debug_package %{nil}
%define _build_id_links none
%global local_version v%{version}-%{release}-rpm
%global name crowdsec-firewall-bouncer
%global __mangle_shebangs_exclude_from /usr/bin/env
%prep
%setup -q -T -b 0 -n %{name}-%{version}
%build
BUILD_VERSION=%{version} make
%install
rm -rf %{buildroot}
mkdir -p %{buildroot}%{_bindir}
install -m 755 %{name} %{buildroot}%{_bindir}/%{name}
# symlink for compatibility with old versions
mkdir -p %{buildroot}/usr/sbin
ln -s %{_bindir}/%{name} %{buildroot}/usr/sbin/%{name}
mkdir -p %{buildroot}/etc/crowdsec/bouncers
install -m 600 config/%{name}.yaml %{buildroot}/etc/crowdsec/bouncers/%{name}.yaml
mkdir -p %{buildroot}/usr/lib/%{name}
install -m 600 scripts/_bouncer.sh %{buildroot}/usr/lib/%{name}/_bouncer.sh
mkdir -p %{buildroot}%{_unitdir}
BIN=%{_bindir}/%{name} CFG=/etc/crowdsec/bouncers envsubst '$BIN $CFG' < config/%{name}.service | install -m 0644 /dev/stdin %{buildroot}%{_unitdir}/%{name}.service
mkdir -p %{buildroot}%{_presetdir}
install -D -m 644 %{SOURCE1} %{buildroot}%{_presetdir}/
# ------------------------------------
# iptables
# ------------------------------------
%description -n %{name}-iptables
%files -n %{name}-iptables
%defattr(-,root,root,-)
%{_bindir}/%{name}
/usr/lib/%{name}/_bouncer.sh
%{_unitdir}/%{name}.service
%config(noreplace) /etc/crowdsec/bouncers/%{name}.yaml
%config(noreplace) %{_presetdir}/80-crowdsec-firewall-bouncer.preset
%post -n %{name}-iptables
systemctl daemon-reload
. /usr/lib/%{name}/_bouncer.sh
START=1
if grep -q '${BACKEND}' "$CONFIG"; then
newconfig=$(BACKEND="iptables" envsubst '$BACKEND' < "$CONFIG")
echo "$newconfig" | install -m 0600 /dev/stdin "$CONFIG"
fi
if [ "$1" = "1" ]; then
if need_api_key; then
if ! set_api_key; then
START=0
fi
fi
fi
set_local_port
%systemd_post %{name}.service
if [ "$START" -eq 0 ]; then
echo "no api key was generated, you can generate one on your LAPI Server by running 'cscli bouncers add <bouncer_name>' and add it to '$CONFIG'" >&2
else
%if 0%{?fc35}
systemctl enable "$SERVICE"
%endif
systemctl start "$SERVICE"
fi
echo "$BOUNCER has been successfully installed"
%preun -n %{name}-iptables
. /usr/lib/%{name}/_bouncer.sh
if [ "$1" = "0" ]; then
systemctl stop "$SERVICE" || echo "cannot stop service"
systemctl disable "$SERVICE" || echo "cannot disable service"
delete_bouncer
fi
%postun -n %{name}-iptables
if [ "$1" = "1" ]; then
systemctl restart %{name} || echo "cannot restart service"
fi
# ------------------------------------
# nftables
# ------------------------------------
%package -n %{name}-nftables
Summary: Firewall bouncer for Crowdsec (nftables configuration)
Requires: nftables,gettext
%description -n %{name}-nftables
%files -n %{name}-nftables
%defattr(-,root,root,-)
%{_bindir}/%{name}
/usr/sbin/%{name}
/usr/lib/%{name}/_bouncer.sh
%{_unitdir}/%{name}.service
%config(noreplace) /etc/crowdsec/bouncers/%{name}.yaml
%config(noreplace) %{_presetdir}/80-crowdsec-firewall-bouncer.preset
%post -n %{name}-nftables
systemctl daemon-reload
. /usr/lib/%{name}/_bouncer.sh
START=1
if grep -q '${BACKEND}' "$CONFIG"; then
newconfig=$(BACKEND="nftables" envsubst '$BACKEND' < "$CONFIG")
echo "$newconfig" | install -m 0600 /dev/stdin "$CONFIG"
fi
if [ "$1" = "1" ]; then
if need_api_key; then
if ! set_api_key; then
START=0
fi
fi
fi
set_local_port
%systemd_post %{name}.service
if [ "$START" -eq 0 ]; then
echo "no api key was generated, you can generate one on your LAPI Server by running 'cscli bouncers add <bouncer_name>' and add it to '$CONFIG'" >&2
else
%if 0%{?fc35}
systemctl enable "$SERVICE"
%endif
systemctl start "$SERVICE"
fi
echo "$BOUNCER has been successfully installed"
%preun -n %{name}-nftables
. /usr/lib/%{name}/_bouncer.sh
if [ "$1" = "0" ]; then
systemctl stop "$SERVICE" || echo "cannot stop service"
systemctl disable "$SERVICE" || echo "cannot disable service"
delete_bouncer
fi
%postun -n %{name}-nftables
if [ "$1" = "1" ]; then
systemctl restart %{name} || echo "cannot restart service"
fi
%clean
rm -rf %{buildroot}
%changelog
* Sat Nov 4 2023 Daniel Steiner <daniel.steiner@dsteiner.ch>
- First initial packaging

12
alma/SPECS/crowdsec.spec
View File

@@ -6,15 +6,12 @@ Summary: Crowdsec - An open-source, lightweight agent to detect and respo
License: MIT
URL: https://crowdsec.net
Source0: https://github.com/crowdsecurity/%{name}/archive/%{name}-release.tgz
Source0: https://github.com/crowdsecurity/%{name}/archive/v%{version}.tar.gz
Source1: 80-%{name}.preset
Patch0: crowdsec.unit.patch
Patch1: user.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%define debug_package %{nil}
%define _build_id_links none
BuildRequires: systemd
Requires: crontabs
%{?fc33:BuildRequires: systemd-rpm-macros}
@@ -22,16 +19,16 @@ Requires: crontabs
%{?fc35:BuildRequires: systemd-rpm-macros}
%{?fc36:BuildRequires: systemd-rpm-macros}
%define debug_package %{nil}
%define _build_id_links none
%description
%define version_number %(echo $VERSION)
%define releasever %(echo $RELEASEVER)
%global name crowdsec
%global __mangle_shebangs_exclude_from /usr/bin/env
%prep
%setup -q -T -b 0 -n %{name}-v%{version}
%setup -q -T -b 0
%patch -P 0
%patch -P 1
@@ -242,3 +239,4 @@ fi
%changelog
* Sat Nov 4 2023 Daniel Steiner <daniel.steiner@dsteiner.ch>
- First initial packaging

14
fedora/SPECS/crowdsec-firewall-bouncer.spec
View File

@@ -48,12 +48,6 @@ BIN=%{_bindir}/%{name} CFG=/etc/crowdsec/bouncers envsubst '$BIN $CFG' < config/
mkdir -p %{buildroot}%{_presetdir}
install -D -m 644 %{SOURCE1} %{buildroot}%{_presetdir}/
%clean
rm -rf %{buildroot}
%changelog
* Tue Feb 16 2021 Manuel Sabban <manuel@crowdsec.net>
- First initial packaging
# ------------------------------------
# iptables
@@ -183,3 +177,11 @@ fi
if [ "$1" = "1" ]; then
systemctl restart %{name} || echo "cannot restart service"
fi
%clean
rm -rf %{buildroot}
%changelog
* Sat Nov 4 2023 Daniel Steiner <daniel.steiner@dsteiner.ch>
- First initial packaging

12
fedora/SPECS/crowdsec.spec
View File

@@ -6,15 +6,12 @@ Summary: Crowdsec - An open-source, lightweight agent to detect and respo
License: MIT
URL: https://crowdsec.net
Source0: https://github.com/crowdsecurity/%{name}/archive/%{name}-release.tgz
Source0: https://github.com/crowdsecurity/%{name}/archive/v%{version}.tar.gz
Source1: 80-%{name}.preset
Patch0: crowdsec.unit.patch
Patch1: user.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%define debug_package %{nil}
%define _build_id_links none
BuildRequires: systemd
Requires: crontabs
%{?fc33:BuildRequires: systemd-rpm-macros}
@@ -22,16 +19,16 @@ Requires: crontabs
%{?fc35:BuildRequires: systemd-rpm-macros}
%{?fc36:BuildRequires: systemd-rpm-macros}
%define debug_package %{nil}
%define _build_id_links none
%description
%define version_number %(echo $VERSION)
%define releasever %(echo $RELEASEVER)
%global name crowdsec
%global __mangle_shebangs_exclude_from /usr/bin/env
%prep
%setup -q -T -b 0 -n %{name}-v%{version}
%setup -q -T -b 0
%patch -P 0
%patch -P 1
@@ -242,3 +239,4 @@ fi
%changelog
* Sat Nov 4 2023 Daniel Steiner <daniel.steiner@dsteiner.ch>
- First initial packaging