From 685e491925a688ea0f40ea00eb808833b2088b66 Mon Sep 17 00:00:00 2001
From: Daniel Steiner <daniel.steiner@dsteiner.ch>
Date: Sat, 4 Nov 2023 14:39:34 +0100
Subject: [PATCH] Packages are now easier to update

---
 alma/SPECS/crowdsec-firewall-bouncer.spec   | 187 ++++++++++++++++++++
 alma/SPECS/crowdsec.spec                    |  12 +-
 fedora/SPECS/crowdsec-firewall-bouncer.spec |  14 +-
 fedora/SPECS/crowdsec.spec                  |  12 +-
 4 files changed, 205 insertions(+), 20 deletions(-)
 create mode 100644 alma/SPECS/crowdsec-firewall-bouncer.spec

diff --git a/alma/SPECS/crowdsec-firewall-bouncer.spec b/alma/SPECS/crowdsec-firewall-bouncer.spec
new file mode 100644
index 0000000..32cfbb2
--- /dev/null
+++ b/alma/SPECS/crowdsec-firewall-bouncer.spec
@@ -0,0 +1,187 @@
+Name:      crowdsec-firewall-bouncer-iptables
+Version:   0.0.28
+Release:   1%{?dist}
+Summary:   Firewall bouncer for Crowdsec (iptables+ipset configuration)
+
+License:   MIT
+URL:       https://crowdsec.net
+Source0:   https://github.com/crowdsecurity/%{name}/archive/v%{version}.tar.gz
+Source1:   80-crowdsec-firewall-bouncer.preset
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+
+BuildRequires: make
+%{?fc33:BuildRequires: systemd-rpm-macros}
+
+Requires: gettext,iptables,ipset,ipset-libs
+
+%define debug_package %{nil}
+%define _build_id_links none 
+
+%global local_version v%{version}-%{release}-rpm
+%global name crowdsec-firewall-bouncer
+%global __mangle_shebangs_exclude_from /usr/bin/env
+
+%prep
+%setup -q -T -b 0 -n %{name}-%{version}
+
+%build
+BUILD_VERSION=%{version} make
+
+%install
+rm -rf %{buildroot}
+
+mkdir -p %{buildroot}%{_bindir}
+install -m 755 %{name} %{buildroot}%{_bindir}/%{name}
+# symlink for compatibility with old versions
+mkdir -p %{buildroot}/usr/sbin
+ln -s %{_bindir}/%{name} %{buildroot}/usr/sbin/%{name}
+
+mkdir -p %{buildroot}/etc/crowdsec/bouncers
+install -m 600 config/%{name}.yaml %{buildroot}/etc/crowdsec/bouncers/%{name}.yaml
+
+mkdir -p %{buildroot}/usr/lib/%{name}
+install -m 600 scripts/_bouncer.sh %{buildroot}/usr/lib/%{name}/_bouncer.sh
+
+mkdir -p %{buildroot}%{_unitdir}
+BIN=%{_bindir}/%{name} CFG=/etc/crowdsec/bouncers envsubst '$BIN $CFG' < config/%{name}.service | install -m 0644 /dev/stdin %{buildroot}%{_unitdir}/%{name}.service
+
+mkdir -p %{buildroot}%{_presetdir}
+install -D -m 644 %{SOURCE1} %{buildroot}%{_presetdir}/
+
+
+# ------------------------------------
+# iptables
+# ------------------------------------
+
+%description -n %{name}-iptables
+
+%files -n %{name}-iptables
+%defattr(-,root,root,-)
+%{_bindir}/%{name}
+/usr/lib/%{name}/_bouncer.sh
+%{_unitdir}/%{name}.service
+%config(noreplace) /etc/crowdsec/bouncers/%{name}.yaml
+%config(noreplace) %{_presetdir}/80-crowdsec-firewall-bouncer.preset
+
+%post -n %{name}-iptables
+systemctl daemon-reload
+
+. /usr/lib/%{name}/_bouncer.sh
+START=1
+
+if grep -q '${BACKEND}' "$CONFIG"; then
+  newconfig=$(BACKEND="iptables" envsubst '$BACKEND' < "$CONFIG")
+  echo "$newconfig" | install -m 0600 /dev/stdin "$CONFIG"
+fi
+
+if [ "$1" = "1" ]; then
+    if need_api_key; then
+        if ! set_api_key; then
+            START=0
+        fi
+    fi
+fi
+
+set_local_port
+
+%systemd_post %{name}.service
+
+if [ "$START" -eq 0 ]; then
+    echo "no api key was generated, you can generate one on your LAPI Server by running 'cscli bouncers add <bouncer_name>' and add it to '$CONFIG'" >&2
+else
+    %if 0%{?fc35}
+    systemctl enable "$SERVICE"
+    %endif
+    systemctl start "$SERVICE"
+fi
+
+echo "$BOUNCER has been successfully installed"
+
+%preun -n %{name}-iptables
+. /usr/lib/%{name}/_bouncer.sh
+
+if [ "$1" = "0" ]; then
+    systemctl stop "$SERVICE" || echo "cannot stop service"
+    systemctl disable "$SERVICE" || echo "cannot disable service"
+    delete_bouncer
+fi
+
+%postun -n %{name}-iptables
+if [ "$1" = "1" ]; then
+    systemctl restart %{name} || echo "cannot restart service"
+fi
+
+# ------------------------------------
+# nftables
+# ------------------------------------
+
+%package -n %{name}-nftables
+Summary:  Firewall bouncer for Crowdsec (nftables configuration)
+Requires: nftables,gettext
+
+%description -n %{name}-nftables
+
+%files -n %{name}-nftables
+%defattr(-,root,root,-)
+%{_bindir}/%{name}
+/usr/sbin/%{name}
+/usr/lib/%{name}/_bouncer.sh
+%{_unitdir}/%{name}.service
+%config(noreplace) /etc/crowdsec/bouncers/%{name}.yaml
+%config(noreplace) %{_presetdir}/80-crowdsec-firewall-bouncer.preset
+
+%post -n %{name}-nftables
+systemctl daemon-reload
+
+. /usr/lib/%{name}/_bouncer.sh
+START=1
+
+if grep -q '${BACKEND}' "$CONFIG"; then
+  newconfig=$(BACKEND="nftables" envsubst '$BACKEND' < "$CONFIG")
+  echo "$newconfig" | install -m 0600 /dev/stdin "$CONFIG"
+fi
+
+if [ "$1" = "1" ]; then
+    if need_api_key; then
+        if ! set_api_key; then
+            START=0
+        fi
+    fi
+fi
+
+set_local_port
+
+%systemd_post %{name}.service
+
+if [ "$START" -eq 0 ]; then
+    echo "no api key was generated, you can generate one on your LAPI Server by running 'cscli bouncers add <bouncer_name>' and add it to '$CONFIG'" >&2
+else
+    %if 0%{?fc35}
+    systemctl enable "$SERVICE"
+    %endif
+    systemctl start "$SERVICE"
+fi
+
+echo "$BOUNCER has been successfully installed"
+
+%preun -n %{name}-nftables
+. /usr/lib/%{name}/_bouncer.sh
+
+if [ "$1" = "0" ]; then
+    systemctl stop "$SERVICE" || echo "cannot stop service"
+    systemctl disable "$SERVICE" || echo "cannot disable service"
+    delete_bouncer
+fi
+
+%postun -n %{name}-nftables
+if [ "$1" = "1" ]; then
+    systemctl restart %{name} || echo "cannot restart service"
+fi
+
+%clean
+rm -rf %{buildroot}
+
+%changelog
+* Sat Nov 4 2023 Daniel Steiner <daniel.steiner@dsteiner.ch>
+- First initial packaging
+
diff --git a/alma/SPECS/crowdsec.spec b/alma/SPECS/crowdsec.spec
index 26e318d..5341d8d 100644
--- a/alma/SPECS/crowdsec.spec
+++ b/alma/SPECS/crowdsec.spec
@@ -6,15 +6,12 @@ Summary:        Crowdsec - An open-source, lightweight agent to detect and respo
 
 License:        MIT
 URL:            https://crowdsec.net
-Source0:        https://github.com/crowdsecurity/%{name}/archive/%{name}-release.tgz
+Source0:        https://github.com/crowdsecurity/%{name}/archive/v%{version}.tar.gz
 Source1:        80-%{name}.preset
 Patch0:         crowdsec.unit.patch
 Patch1:         user.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
-%define         debug_package %{nil}
-%define         _build_id_links none 
-
 BuildRequires:  systemd
 Requires: crontabs
 %{?fc33:BuildRequires: systemd-rpm-macros}
@@ -22,16 +19,16 @@ Requires: crontabs
 %{?fc35:BuildRequires: systemd-rpm-macros}
 %{?fc36:BuildRequires: systemd-rpm-macros}
 
+%define debug_package %{nil}
+%define _build_id_links none 
 
 %description
 
-%define version_number  %(echo $VERSION)
-%define releasever  %(echo $RELEASEVER)
 %global name crowdsec
 %global __mangle_shebangs_exclude_from /usr/bin/env
 
 %prep
-%setup -q -T -b 0 -n %{name}-v%{version}
+%setup -q -T -b 0
 
 %patch -P 0
 %patch -P 1
@@ -242,3 +239,4 @@ fi
 %changelog
 * Sat Nov 4 2023 Daniel Steiner <daniel.steiner@dsteiner.ch>
 - First initial packaging
+
diff --git a/fedora/SPECS/crowdsec-firewall-bouncer.spec b/fedora/SPECS/crowdsec-firewall-bouncer.spec
index 141291f..c58b75d 100644
--- a/fedora/SPECS/crowdsec-firewall-bouncer.spec
+++ b/fedora/SPECS/crowdsec-firewall-bouncer.spec
@@ -48,12 +48,6 @@ BIN=%{_bindir}/%{name} CFG=/etc/crowdsec/bouncers envsubst '$BIN $CFG' < config/
 mkdir -p %{buildroot}%{_presetdir}
 install -D -m 644 %{SOURCE1} %{buildroot}%{_presetdir}/
 
-%clean
-rm -rf %{buildroot}
-
-%changelog
-* Tue Feb 16 2021 Manuel Sabban <manuel@crowdsec.net>
-- First initial packaging
 
 # ------------------------------------
 # iptables
@@ -183,3 +177,11 @@ fi
 if [ "$1" = "1" ]; then
     systemctl restart %{name} || echo "cannot restart service"
 fi
+
+%clean
+rm -rf %{buildroot}
+
+%changelog
+* Sat Nov 4 2023 Daniel Steiner <daniel.steiner@dsteiner.ch>
+- First initial packaging
+
diff --git a/fedora/SPECS/crowdsec.spec b/fedora/SPECS/crowdsec.spec
index 26e318d..5341d8d 100644
--- a/fedora/SPECS/crowdsec.spec
+++ b/fedora/SPECS/crowdsec.spec
@@ -6,15 +6,12 @@ Summary:        Crowdsec - An open-source, lightweight agent to detect and respo
 
 License:        MIT
 URL:            https://crowdsec.net
-Source0:        https://github.com/crowdsecurity/%{name}/archive/%{name}-release.tgz
+Source0:        https://github.com/crowdsecurity/%{name}/archive/v%{version}.tar.gz
 Source1:        80-%{name}.preset
 Patch0:         crowdsec.unit.patch
 Patch1:         user.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
-%define         debug_package %{nil}
-%define         _build_id_links none 
-
 BuildRequires:  systemd
 Requires: crontabs
 %{?fc33:BuildRequires: systemd-rpm-macros}
@@ -22,16 +19,16 @@ Requires: crontabs
 %{?fc35:BuildRequires: systemd-rpm-macros}
 %{?fc36:BuildRequires: systemd-rpm-macros}
 
+%define debug_package %{nil}
+%define _build_id_links none 
 
 %description
 
-%define version_number  %(echo $VERSION)
-%define releasever  %(echo $RELEASEVER)
 %global name crowdsec
 %global __mangle_shebangs_exclude_from /usr/bin/env
 
 %prep
-%setup -q -T -b 0 -n %{name}-v%{version}
+%setup -q -T -b 0
 
 %patch -P 0
 %patch -P 1
@@ -242,3 +239,4 @@ fi
 %changelog
 * Sat Nov 4 2023 Daniel Steiner <daniel.steiner@dsteiner.ch>
 - First initial packaging
+