From nobody Sun Feb 06 16:28:47 2022 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 2B51419B1B4F; Sun, 6 Feb 2022 16:28:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JsF8J0gb8z4mtP; Sun, 6 Feb 2022 16:28:48 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1644164928; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/rL099fikykbBXWCzYDnSnwnddkDuL5lkl2cbtwtOZo=; b=TMfQQBQdnTNS21TcqPvXpu4H1xDZXyW6KyuFieeJu0coriD0dSSgAnAU9Vb4I8M30B0Zjy PnhPIt5JJm9vD/AbfgFOMSRhOv87qdkkRnI9vPSJonYbKdQP67t3Igm65GpBQTkLsn/Elo KQKOapKBRWr7nYQ6CBDY/buVV1o6WmKRXdLuXTSFutRBCoM/S8+1efhb0byLlvc3D0Mmtr P9p+BmgRjBiip2tJRAVckQY36jhFA0YbJuoDx2biujDZtFTcc6P0EpXOVGtlShSgSiXRT0 lwxYRHJjMu8aVk+rIuoMk4KU3h6Hk0Slv26TKQtwGL95IObNZe+K4EJWg5pT1g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id EB334159EC; Sun, 6 Feb 2022 16:28:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 216GSlP4063471; Sun, 6 Feb 2022 16:28:47 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 216GSliR063470; Sun, 6 Feb 2022 16:28:47 GMT (envelope-from git) Date: Sun, 6 Feb 2022 16:28:47 GMT Message-Id: <202202061628.216GSliR063470@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Kurt Jaeger Subject: git: b927d496c166 - main - security/crowdsec{-firewall-bouncer}: handle pkg upgrade List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: pi X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: b927d496c166174f151c75caf0470df953727389 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1644164928; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/rL099fikykbBXWCzYDnSnwnddkDuL5lkl2cbtwtOZo=; b=fGXxx0yGnvE3ghVz/slyB49uFdNroqQVSR6YQAmJeIt9Vt9PPQHn3VGR6VwJG5BcAd2sND vCEzWpiPrD8kAsMbVszH6ESaDNguQ67wX7mZ5fOtPeRLHLpzXInby/Yev+kWR4rHxuzPVU sjx4ED/ugo8qtemaC3jq1HbbfWLLks005roX+16NP23JXf5l8r9At3NV6TvulBqaX9ydh0 kR+BoC4bWy7sqCJ3YxoAWNGf4VpXgEqIbsfiSGWgJSdmzTl5gIZUj+EG9vdS6Nsfp0k3Hz Ol12Qzk0Ad6zSfFks+NCmQ7l40dSRbzzXxtElDtnxwYY0htevfVq7t1UoxqnEQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1644164928; a=rsa-sha256; cv=none; b=ggAfWCII/qhCKkE6EBWf655zOCCuE5E6PcwKU/81tFXrgdP35tiwfjA6kQWrAhpba4ehDp Xqh2V2GCHpLus0/pfHeRA1R5+q4od7MitY2d0+/sxsClRjwuZubEyX4Im8fa8FYsuS7oBb ayuFshPHcKmOpfkQqC95Gu+DOYsWktaWWnX6b7BSCp4a/qgSJmxUHtMVqLjy9ZrMVwGGDM zQ6AFFg1aTFnde7MMMZ3TDHL6opEOHvlcjWZfYuEDAqgmJN12/BROzNJqiW4ajuGmyHbqB Wk51BvZyJGrI44Xa2ctISy/Ii3NzhqdIT4l7FgDzGltO8igMY46vr9S9+97JKA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by pi: URL: https://cgit.FreeBSD.org/ports/commit/?id=b927d496c166174f151c75caf0470df953727389 commit b927d496c166174f151c75caf0470df953727389 Author: Marco AuthorDate: 2022-02-06 16:21:58 +0000 Commit: Kurt Jaeger CommitDate: 2022-02-06 16:28:28 +0000 security/crowdsec{-firewall-bouncer}: handle pkg upgrade - avoid flushing the firewall rules upon install by using pf anchors - restart service after upgrade if it was running before PR: 261304 MFH: 2022Q1 --- security/crowdsec-firewall-bouncer/Makefile | 1 + security/crowdsec-firewall-bouncer/files/pkg-deinstall.in | 3 ++- security/crowdsec-firewall-bouncer/files/pkg-install.in | 10 ++++++++++ security/crowdsec/Makefile | 4 +++- security/crowdsec/files/crowdsec.conf-newsyslog | 4 ++-- security/crowdsec/files/crowdsec.in | 2 +- security/crowdsec/files/pkg-deinstall.in | 3 ++- security/crowdsec/files/pkg-install.in | 10 ++++++++++ security/crowdsec/pkg-plist | 3 --- 9 files changed, 31 insertions(+), 9 deletions(-) diff --git a/security/crowdsec-firewall-bouncer/Makefile b/security/crowdsec-firewall-bouncer/Makefile index 6f9b4c3b9649..a52441bcfc53 100644 --- a/security/crowdsec-firewall-bouncer/Makefile +++ b/security/crowdsec-firewall-bouncer/Makefile @@ -25,6 +25,7 @@ GH_TAGNAME= v0.0.20-freebsd USE_RC_SUBR= crowdsec_firewall SUB_FILES= pkg-message \ + pkg-install \ pkg-deinstall # BUILD_VERSION=$(git describe --tags $(git rev-list --tags --max-count=1)) diff --git a/security/crowdsec-firewall-bouncer/files/pkg-deinstall.in b/security/crowdsec-firewall-bouncer/files/pkg-deinstall.in index 0324401c6e19..8167b3f0167f 100644 --- a/security/crowdsec-firewall-bouncer/files/pkg-deinstall.in +++ b/security/crowdsec-firewall-bouncer/files/pkg-deinstall.in @@ -1,7 +1,8 @@ #!/bin/sh case $2 in - DEINSTALL) + "DEINSTALL") + service crowdsec_firewall status && touch /var/run/crowdsec_firewall.running service crowdsec_firewall stop || : ;; esac diff --git a/security/crowdsec-firewall-bouncer/files/pkg-install.in b/security/crowdsec-firewall-bouncer/files/pkg-install.in new file mode 100644 index 000000000000..f75e58ce4685 --- /dev/null +++ b/security/crowdsec-firewall-bouncer/files/pkg-install.in @@ -0,0 +1,10 @@ +#!/bin/sh + +case $2 in + "POST-INSTALL") + if [ -e /var/run/crowdsec_firewall.running ]; then + service crowdsec_firewall start + rm -f /var/run/crowdsec_firewall.running + fi + ;; +esac diff --git a/security/crowdsec/Makefile b/security/crowdsec/Makefile index dbc74172642a..6fad13f10378 100644 --- a/security/crowdsec/Makefile +++ b/security/crowdsec/Makefile @@ -1,5 +1,6 @@ PORTNAME= crowdsec PORTVERSION= 1.2.3 # NOTE: change BUILD_VERSION and BUILD_TAG as well +PORTREVISION= 1 DISTVERSIONPREFIX= v CATEGORIES= security @@ -24,6 +25,7 @@ GH_TAGNAME= v1.2.3-freebsd USE_RC_SUBR= crowdsec SUB_FILES= pkg-message \ + pkg-install \ pkg-deinstall # BUILD_VERSION=$(git describe --tags $(git rev-list --tags --max-count=1)) @@ -129,5 +131,5 @@ do-install: @${MKDIR} ${STAGEDIR}${EXAMPLESDIR} ${INSTALL_DATA} ${FILESDIR}/crowdsec.conf-newsyslog ${STAGEDIR}${PREFIX}/etc/newsyslog.conf.d/crowdsec.conf.sample - + .include diff --git a/security/crowdsec/files/crowdsec.conf-newsyslog b/security/crowdsec/files/crowdsec.conf-newsyslog index a32cf4d567d7..560519c5a99f 100644 --- a/security/crowdsec/files/crowdsec.conf-newsyslog +++ b/security/crowdsec/files/crowdsec.conf-newsyslog @@ -1,3 +1,3 @@ # logfilename [owner:group] mode count size(kb) when flags [/pid_file] [sig_num] -/var/log/crowdsec.log root:wheel 644 10 5120 * JC /var/run/crowdsec.pid -/var/log/crowdsec_api.log root:wheel 644 10 5120 * JC /var/run/crowdsec.pid +/var/log/crowdsec.log root:wheel 644 10 20480 * JC /var/run/crowdsec.pid +/var/log/crowdsec_api.log root:wheel 644 10 20480 * JC /var/run/crowdsec.pid diff --git a/security/crowdsec/files/crowdsec.in b/security/crowdsec/files/crowdsec.in index ac0f384a9572..113d66aed599 100644 --- a/security/crowdsec/files/crowdsec.in +++ b/security/crowdsec/files/crowdsec.in @@ -72,7 +72,7 @@ crowdsec_precmd() { crowdsec_start() { /usr/sbin/daemon -f -p ${pidfile} -t "${desc}" -- \ - ${command} -c ${crowdsec_config} ${crowdsec_flags} + ${command} -c "${crowdsec_config}" ${crowdsec_flags} } crowdsec_configtest() diff --git a/security/crowdsec/files/pkg-deinstall.in b/security/crowdsec/files/pkg-deinstall.in index 1f067c828536..4fdfd0b04d72 100644 --- a/security/crowdsec/files/pkg-deinstall.in +++ b/security/crowdsec/files/pkg-deinstall.in @@ -1,7 +1,8 @@ #!/bin/sh case $2 in - DEINSTALL) + "DEINSTALL") + service crowdsec status && touch /var/run/crowdsec.running service crowdsec stop || : ;; esac diff --git a/security/crowdsec/files/pkg-install.in b/security/crowdsec/files/pkg-install.in new file mode 100644 index 000000000000..9c13af959b40 --- /dev/null +++ b/security/crowdsec/files/pkg-install.in @@ -0,0 +1,10 @@ +#!/bin/sh + +case $2 in + "POST-INSTALL") + if [ -e /var/run/crowdsec.running ]; then + service crowdsec start + rm -f /var/run/crowdsec.running + fi + ;; +esac diff --git a/security/crowdsec/pkg-plist b/security/crowdsec/pkg-plist index a8e54a73df13..635dcc3da591 100644 --- a/security/crowdsec/pkg-plist +++ b/security/crowdsec/pkg-plist @@ -14,9 +14,6 @@ bin/crowdsec-cli @sample %%ETCDIR%%/notifications/http/http.yaml.sample @sample %%ETCDIR%%/notifications/slack/slack.yaml.sample @sample %%ETCDIR%%/notifications/splunk/splunk.yaml.sample -%%ETCDIR%%/dev.yaml -%%ETCDIR%%/user.yaml -%%ETCDIR%%/crowdsec.service %%ETCDIR%%/patterns/aws %%ETCDIR%%/patterns/bacula %%ETCDIR%%/patterns/bro