From nobody Thu May 11 04:33:19 2023
X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QGzXv6CSDz49dlY;
	Thu, 11 May 2023 04:33:19 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QGzXv5pd8z4FGv;
	Thu, 11 May 2023 04:33:19 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1683779599;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=ZSiVTN2HIakzutlaEQhng1qW8L8DS9v4gNcOtfmzjEs=;
	b=Z+CtkSsrl7uhZ9JzNGs3kDlhBOwULS3U6PMcjJVYEmfORiHAktIFWP3izUicCR3y22usQB
	aQjmMgtYzz3rlJC/Jym/reCV8a+zPNj087BxPuvO6UBF/NSnx10Ao2FHTm4EY3N8paExXL
	4lC/Lh6Mnxdd+uDmxFXPAN5c784g2RVpftJYVEPgZ4ksErMNxdSW1D1OW9Y1HMBugltOg2
	VRyC6Q6t4tWX1bVjkTHQiEE4fj8SsL11E1NYZr3lK/cCSMGWJrAZ7rSSEo/J3w5LrHiA5u
	oHx8uhqetfJX7E78qapPrquveOveMiobHjQ10pQoe5eV7IVpye3lcasgI4Pvlg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1683779599;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=ZSiVTN2HIakzutlaEQhng1qW8L8DS9v4gNcOtfmzjEs=;
	b=IFr417UotndQ7wSg+TY6lEVlzebVKFJyrtgT/kXa3QIcdATgvUoYsHIG5Kr2tosEa7hS8c
	9zpNw+oZwgvWVAohaj4814w/JG6Xn/yze+kkwOBqgEco2th9oZzh7JE7G+492KYVdDDXnE
	UD4A+0Qst8zrAo2kn8K5YdvR8hM1TSbWhZD+vqVt2Wlvv51qNcSh0QXZVTOkC+DXjDNpTn
	Q/ZnAD4sSmfWchTEO2D0SBu6LmslaF1hTE8n18Yn5GMk9n4O60nU+Dbc5Ps5D/gj4+s31b
	g7wbFGM9lI3ykHnxIxWErVAAzYlxXVz1F3BKOmQe2e/de7TPYmyxPnHAeU1jOQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1683779599; a=rsa-sha256; cv=none;
	b=WMGdi6Mn002b/bUKYKNn8a4RJX1Ia9Ennom6UDqjp23yvvfRs40g9LDazU8ol8p4nDKXQN
	lWQOWc47C10G+YDE67AJuJof6EnLkOYa4yfiu+BEQU7PQM4HPx76KAhBNHK41jOvKuL2G8
	xuc0T3+eIc2JXiwpsGL5k3V3Bc/YJifNhjW3DygjKa6/tK92iiVsA9CmKql0hJK9QaPH25
	7TqhK65nN/xqmNe6WEe2mufiQY43vZxLc0Bvv8oK7btBe8dShRDGe3V3XQxj7cLEeU6Odw
	Ez1eVBRtP6ZVq/ri76IGr8AZ2OUnIwkMXo1rKOF7Tg4QYs0fNpZvImyeqr+2Kg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QGzXv4Zmszdw5;
	Thu, 11 May 2023 04:33:19 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34B4XJc5085984;
	Thu, 11 May 2023 04:33:19 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34B4XJp3085983;
	Thu, 11 May 2023 04:33:19 GMT
	(envelope-from git)
Date: Thu, 11 May 2023 04:33:19 GMT
Message-Id: <202305110433.34B4XJp3085983@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Jose Alonso Cardenas Marquez <acm@FreeBSD.org>
Subject: git: 42df5a346683 - main - security/caldera: Use caldera user and group into port files
List-Id: Commits to the main branch of the FreeBSD ports repository <dev-commits-ports-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main
List-Help: <mailto:dev-commits-ports-main+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-main+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-main@freebsd.org
X-BeenThere: dev-commits-ports-main@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: acm
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 42df5a346683e4c0134eae1cf74058c05b5f5e47
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch main has been updated by acm:

URL: https://cgit.FreeBSD.org/ports/commit/?id=42df5a346683e4c0134eae1cf74058c05b5f5e47

commit 42df5a346683e4c0134eae1cf74058c05b5f5e47
Author:     Jose Alonso Cardenas Marquez <acm@FreeBSD.org>
AuthorDate: 2023-05-11 04:26:09 +0000
Commit:     Jose Alonso Cardenas Marquez <acm@FreeBSD.org>
CommitDate: 2023-05-11 04:33:09 +0000

    security/caldera: Use caldera user and group into port files
    
    - Update caldera rc file
    - Update pkg-plist file
    - Atomic plugin was patched for download yaml from alonsobsd/atomic-red-team
      instead of redcanaryco/atomic-red-team github repository until my pull
      request will be approved
    - Add/modify entries into pkg-message file
    - Bump PORTREVISION
---
 security/caldera/Makefile                          |  8 ++++-
 security/caldera/files/caldera.in                  |  8 ++---
 .../files/patch-plugins_atomic_app_atomic__svc.py  |  9 ++++++
 security/caldera/files/pkg-message.in              | 36 ++++++++++++++++------
 security/caldera/pkg-plist                         |  8 ++---
 5 files changed, 51 insertions(+), 18 deletions(-)

diff --git a/security/caldera/Makefile b/security/caldera/Makefile
index 8648038da272..2646d77b1a21 100644
--- a/security/caldera/Makefile
+++ b/security/caldera/Makefile
@@ -1,5 +1,6 @@
 PORTNAME=	caldera
 DISTVERSION=	4.1.0
+PORTREVISION=	1
 CATEGORIES=	security python
 
 MAINTAINER=	acm@FreeBSD.org
@@ -70,6 +71,11 @@ USES=		go:run python:3.8+
 NO_ARCH=	yes
 NO_BUILD=	yes
 
+CALDERA_USER=	caldera
+CALDERA_GROUP=	caldera
+USERS=		${CALDERA_USER}
+GROUPS=		${CALDERA_GROUP}
+
 USE_RC_SUBR=	${PORTNAME:S/-/_/}
 SUB_FILES=	pkg-message
 SUB_LIST=	PYTHON_CMD=${PYTHON_CMD} \
@@ -78,7 +84,7 @@ SUB_LIST=	PYTHON_CMD=${PYTHON_CMD} \
 OPTIONS_DEFINE=	HAPROXY
 OPTIONS_DEFAULT=HAPROXY
 HAPROXY_DESC=	Support for HTTPS
-HAPROXY_RUN_DEPENDS=haproxy18>0:net/haproxy18
+HAPROXY_RUN_DEPENDS=haproxy20>0:net/haproxy20
 
 post-extract:
 	${RM} -R ${WRKSRC}/.github
diff --git a/security/caldera/files/caldera.in b/security/caldera/files/caldera.in
index aaedbb017d79..081a14c8318e 100644
--- a/security/caldera/files/caldera.in
+++ b/security/caldera/files/caldera.in
@@ -22,11 +22,11 @@ export PATH="${PATH}:/usr/local/bin:/usr/local/sbin"
 : ${caldera_enable:=NO}
 : ${caldera_flags="--insecure"}
 
-caldera_user="www"
+caldera_user="caldera"
+caldera_wwwdir="%%WWWDIR%%"
+caldera_logfile="/var/log/caldera.log"
 
 pidfile="/var/run/${name}.pid"
-
-caldera_wwwdir="%%WWWDIR%%"
 python_command="%%PYTHON_CMD%%"
 python_script="${caldera_wwwdir}/server.py"
 start_cmd=${name}_start
@@ -40,7 +40,7 @@ caldera_start()
 	if [ ! -f ${pidfile} ]
 	then
 		cd ${caldera_wwwdir} && \
-			daemon -u ${caldera_user} -p ${pidfile} -t ${name} -o /var/log/caldera.log \
+			daemon -u ${caldera_user} -p ${pidfile} -t ${name} -o ${caldera_logfile} \
 				${python_command} ${python_script}  \
 				${caldera_flags}
 
diff --git a/security/caldera/files/patch-plugins_atomic_app_atomic__svc.py b/security/caldera/files/patch-plugins_atomic_app_atomic__svc.py
index abc3e67c6ccf..04e18806665b 100644
--- a/security/caldera/files/patch-plugins_atomic_app_atomic__svc.py
+++ b/security/caldera/files/patch-plugins_atomic_app_atomic__svc.py
@@ -9,3 +9,12 @@
  EXECUTORS = dict(command_prompt='cmd', sh='sh', powershell='psh', bash='sh')
  RE_VARIABLE = re.compile('(#{(.*?)})', re.DOTALL)
  PREFIX_HASH_LEN = 6
+@@ -45,7 +45,7 @@ class AtomicService(BaseService):
+         the `repo_url` parameter (eg. if you want to use a fork).
+         """
+         if not repo_url:
+-            repo_url = 'https://github.com/redcanaryco/atomic-red-team.git'
++            repo_url = 'https://github.com/alonsobsd/atomic-red-team.git'
+ 
+         if not os.path.exists(self.repo_dir) or not os.listdir(self.repo_dir):
+             self.log.debug('cloning repo %s' % repo_url)
diff --git a/security/caldera/files/pkg-message.in b/security/caldera/files/pkg-message.in
index f97eaf3e8be7..668b6828a2e9 100644
--- a/security/caldera/files/pkg-message.in
+++ b/security/caldera/files/pkg-message.in
@@ -1,7 +1,7 @@
 [
 { type: install
   message: <<EOM
-Caldera port were installed
+Caldera port was installed
 
 1) Take on mind it is a modifying version of Caldera for include FreeBSD as 
    supported OS and you could found some issues. Problem reports are welcome.
@@ -10,6 +10,10 @@ Caldera port were installed
 
   # sysrc caldera_enable="YES"
 
+  or enable it from service command
+
+  # service caldera enable
+
 3) Before of start Caldera you must run some scripts for generate/update payload
    files
 
@@ -21,33 +25,47 @@ Caldera port were installed
 
    %%WWWDIR%%/conf
 
-5) If you want run it in secure mode (https) take a look in ssl plugin section:
+5) You can change default user passwords modifying default.yml file into
+   %%WWWDIR%%/conf folder. By default Caldera uses admin/admin,
+   blue/admin or red/admin like user/password.
+
+   # sed -i "" -e "s|admin: admin|admin: `openssl rand -base64 14`|g" default.yml
+   # sed -i "" -e "s|blue: admin|blue: `openssl rand -base64 14`|g" default.yml
+   # sed -i "" -e "s|red: admin|red: `openssl rand -base64 14`|g" default.yml
+
+6) If you want run it in secure mode (https) take a look in ssl plugin section:
 
    https://caldera.readthedocs.io/en/latest/Plugin-library.html#ssl
 
-6) Start Caldera service
+7) Start Caldera service
 
    # service caldera start
 
-7) When Caldera is starting, atomic plugin will use git to download files from
+8) When Caldera is starting, atomic plugin will use git to download files from
    the following link:
 
    https://github.com/redcanaryco/atomic-red-team
 
+   Currently, the project does not include FreeBSD like a supported platform.
+   For this reason, Atomic plugin was patched for download atomic-red-team
+   files from the following repository until my pull request will be merge into
+   redcanaryco/atomic-red-team:
+
+   https://github.com/alonsobsd/atomic-red-team
+
    Those files are necessary for generate yml files used by Caldera abilities
 
-8) Caldera web listens on port 8888 by default and it uses red/admin or 
-   blue/admin like user/password.
+9) Caldera web listens on port 8888 by default
 
    http://your_caldera_server_ip:8888
 
-9) Log file is located at /var/log/caldera.log
+10) Log file is located at /var/log/caldera.log
 
-10) For more configure information you can look at the following link:
+11) For more configure information you can look at the following link:
 
    https://caldera.readthedocs.io/en/latest/
 
-11) Enjoy it
+12) Enjoy it
 EOM
 }
 ]
diff --git a/security/caldera/pkg-plist b/security/caldera/pkg-plist
index ab4dc204a75c..aa4cf31e6fde 100644
--- a/security/caldera/pkg-plist
+++ b/security/caldera/pkg-plist
@@ -1,6 +1,6 @@
 @mode 640
-@owner www
-@group www
+@owner caldera
+@group caldera
 %%WWWDIR%%/CONTRIBUTING.md
 %%WWWDIR%%/LICENSE
 %%WWWDIR%%/README.md
@@ -1269,8 +1269,8 @@
 %%WWWDIR%%/tests/web_server/test_core_endpoints.py
 %%WWWDIR%%/tox.ini
 @mode 750
-@owner www
-@group www
+@owner caldera
+@group caldera
 @dir %%WWWDIR%%
 @dir %%WWWDIR%%/plugins
 @dir %%WWWDIR%%/plugins/atomic/data