git: b927d496c166 - main - security/crowdsec{-firewall-bouncer}: handle pkg upgrade
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 06 Feb 2022 16:28:47 UTC
The branch main has been updated by pi:
URL: https://cgit.FreeBSD.org/ports/commit/?id=b927d496c166174f151c75caf0470df953727389
commit b927d496c166174f151c75caf0470df953727389
Author: Marco <marco@crowdsec.net>
AuthorDate: 2022-02-06 16:21:58 +0000
Commit: Kurt Jaeger <pi@FreeBSD.org>
CommitDate: 2022-02-06 16:28:28 +0000
security/crowdsec{-firewall-bouncer}: handle pkg upgrade
- avoid flushing the firewall rules upon install by using pf anchors
- restart service after upgrade if it was running before
PR: 261304
MFH: 2022Q1
---
security/crowdsec-firewall-bouncer/Makefile | 1 +
security/crowdsec-firewall-bouncer/files/pkg-deinstall.in | 3 ++-
security/crowdsec-firewall-bouncer/files/pkg-install.in | 10 ++++++++++
security/crowdsec/Makefile | 4 +++-
security/crowdsec/files/crowdsec.conf-newsyslog | 4 ++--
security/crowdsec/files/crowdsec.in | 2 +-
security/crowdsec/files/pkg-deinstall.in | 3 ++-
security/crowdsec/files/pkg-install.in | 10 ++++++++++
security/crowdsec/pkg-plist | 3 ---
9 files changed, 31 insertions(+), 9 deletions(-)
diff --git a/security/crowdsec-firewall-bouncer/Makefile b/security/crowdsec-firewall-bouncer/Makefile
index 6f9b4c3b9649..a52441bcfc53 100644
--- a/security/crowdsec-firewall-bouncer/Makefile
+++ b/security/crowdsec-firewall-bouncer/Makefile
@@ -25,6 +25,7 @@ GH_TAGNAME= v0.0.20-freebsd
USE_RC_SUBR= crowdsec_firewall
SUB_FILES= pkg-message \
+ pkg-install \
pkg-deinstall
# BUILD_VERSION=$(git describe --tags $(git rev-list --tags --max-count=1))
diff --git a/security/crowdsec-firewall-bouncer/files/pkg-deinstall.in b/security/crowdsec-firewall-bouncer/files/pkg-deinstall.in
index 0324401c6e19..8167b3f0167f 100644
--- a/security/crowdsec-firewall-bouncer/files/pkg-deinstall.in
+++ b/security/crowdsec-firewall-bouncer/files/pkg-deinstall.in
@@ -1,7 +1,8 @@
#!/bin/sh
case $2 in
- DEINSTALL)
+ "DEINSTALL")
+ service crowdsec_firewall status && touch /var/run/crowdsec_firewall.running
service crowdsec_firewall stop || :
;;
esac
diff --git a/security/crowdsec-firewall-bouncer/files/pkg-install.in b/security/crowdsec-firewall-bouncer/files/pkg-install.in
new file mode 100644
index 000000000000..f75e58ce4685
--- /dev/null
+++ b/security/crowdsec-firewall-bouncer/files/pkg-install.in
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+case $2 in
+ "POST-INSTALL")
+ if [ -e /var/run/crowdsec_firewall.running ]; then
+ service crowdsec_firewall start
+ rm -f /var/run/crowdsec_firewall.running
+ fi
+ ;;
+esac
diff --git a/security/crowdsec/Makefile b/security/crowdsec/Makefile
index dbc74172642a..6fad13f10378 100644
--- a/security/crowdsec/Makefile
+++ b/security/crowdsec/Makefile
@@ -1,5 +1,6 @@
PORTNAME= crowdsec
PORTVERSION= 1.2.3 # NOTE: change BUILD_VERSION and BUILD_TAG as well
+PORTREVISION= 1
DISTVERSIONPREFIX= v
CATEGORIES= security
@@ -24,6 +25,7 @@ GH_TAGNAME= v1.2.3-freebsd
USE_RC_SUBR= crowdsec
SUB_FILES= pkg-message \
+ pkg-install \
pkg-deinstall
# BUILD_VERSION=$(git describe --tags $(git rev-list --tags --max-count=1))
@@ -129,5 +131,5 @@ do-install:
@${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
${INSTALL_DATA} ${FILESDIR}/crowdsec.conf-newsyslog ${STAGEDIR}${PREFIX}/etc/newsyslog.conf.d/crowdsec.conf.sample
-
+
.include <bsd.port.mk>
diff --git a/security/crowdsec/files/crowdsec.conf-newsyslog b/security/crowdsec/files/crowdsec.conf-newsyslog
index a32cf4d567d7..560519c5a99f 100644
--- a/security/crowdsec/files/crowdsec.conf-newsyslog
+++ b/security/crowdsec/files/crowdsec.conf-newsyslog
@@ -1,3 +1,3 @@
# logfilename [owner:group] mode count size(kb) when flags [/pid_file] [sig_num]
-/var/log/crowdsec.log root:wheel 644 10 5120 * JC /var/run/crowdsec.pid
-/var/log/crowdsec_api.log root:wheel 644 10 5120 * JC /var/run/crowdsec.pid
+/var/log/crowdsec.log root:wheel 644 10 20480 * JC /var/run/crowdsec.pid
+/var/log/crowdsec_api.log root:wheel 644 10 20480 * JC /var/run/crowdsec.pid
diff --git a/security/crowdsec/files/crowdsec.in b/security/crowdsec/files/crowdsec.in
index ac0f384a9572..113d66aed599 100644
--- a/security/crowdsec/files/crowdsec.in
+++ b/security/crowdsec/files/crowdsec.in
@@ -72,7 +72,7 @@ crowdsec_precmd() {
crowdsec_start()
{
/usr/sbin/daemon -f -p ${pidfile} -t "${desc}" -- \
- ${command} -c ${crowdsec_config} ${crowdsec_flags}
+ ${command} -c "${crowdsec_config}" ${crowdsec_flags}
}
crowdsec_configtest()
diff --git a/security/crowdsec/files/pkg-deinstall.in b/security/crowdsec/files/pkg-deinstall.in
index 1f067c828536..4fdfd0b04d72 100644
--- a/security/crowdsec/files/pkg-deinstall.in
+++ b/security/crowdsec/files/pkg-deinstall.in
@@ -1,7 +1,8 @@
#!/bin/sh
case $2 in
- DEINSTALL)
+ "DEINSTALL")
+ service crowdsec status && touch /var/run/crowdsec.running
service crowdsec stop || :
;;
esac
diff --git a/security/crowdsec/files/pkg-install.in b/security/crowdsec/files/pkg-install.in
new file mode 100644
index 000000000000..9c13af959b40
--- /dev/null
+++ b/security/crowdsec/files/pkg-install.in
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+case $2 in
+ "POST-INSTALL")
+ if [ -e /var/run/crowdsec.running ]; then
+ service crowdsec start
+ rm -f /var/run/crowdsec.running
+ fi
+ ;;
+esac
diff --git a/security/crowdsec/pkg-plist b/security/crowdsec/pkg-plist
index a8e54a73df13..635dcc3da591 100644
--- a/security/crowdsec/pkg-plist
+++ b/security/crowdsec/pkg-plist
@@ -14,9 +14,6 @@ bin/crowdsec-cli
@sample %%ETCDIR%%/notifications/http/http.yaml.sample
@sample %%ETCDIR%%/notifications/slack/slack.yaml.sample
@sample %%ETCDIR%%/notifications/splunk/splunk.yaml.sample
-%%ETCDIR%%/dev.yaml
-%%ETCDIR%%/user.yaml
-%%ETCDIR%%/crowdsec.service
%%ETCDIR%%/patterns/aws
%%ETCDIR%%/patterns/bacula
%%ETCDIR%%/patterns/bro