File crowdsec-firewall-bouncer.spec of Package crowdsec-firewall-bouncer
#
# spec file for package crowdsec-firewall-bouncer
#
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: crowdsec-firewall-bouncer
Version: 0.0.31
Release: 0
Summary: Crowdsec bouncer written in golang for firewalls
License: MIT
URL: https://github.com/crowdsecurity/cs-firewall-bouncer
Source0: %{name}-%{version}.tar.gz
Source1: vendor.tar.gz
Source2: %{name}.service
Source3: setup-%{name}
BuildRequires: crowdsec
BuildRequires: golang(API) >= 1.22
Requires: %{default_firewall_backend}
%if 0%{?suse_version} < 1600
Requires: ipset
%endif
%{?systemd_requires}
%description
Crowdsec bouncer written in golang for firewalls.
crowdsec-firewall-bouncer will fetch new and old decisions from a CrowdSec API to add them in a blocklist used by supported firewalls.
Supported firewalls:
iptables (IPv4 ✔️ / IPv6 ✔️ )
nftables (IPv4 ✔️ / IPv6 ✔️ )
ipset only (IPv4 ✔️ / IPv6 ✔️ )
pf (IPV4 ✔️ / IPV6 ✔️ )
%prep
%autosetup -a1
%build
# hash will be shortened by COMMIT_HASH:0:8 later
COMMIT_HASH="$(sed -n 's/commit: \(.*\)/\1/p' %_sourcedir/%{name}.obsinfo)"
DATE_FMT="+%%Y-%%m-%%dT%%H:%%M:%%SZ"
BUILD_DATE=$(date -u -d "@${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u -r "${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u "${DATE_FMT}")
go build \
-mod=vendor \
-buildmode=pie \
-trimpath \
-tags='netgo' \
-ldflags=" \
-X github.com/crowdsecurity/go-cs-lib/version.Version=v%{version} \
-X github.com/crowdsecurity/go-cs-lib/version.Tag=${COMMIT_HASH:0:8} \
-X github.com/crowdsecurity/go-cs-lib/version.BuildDate=${BUILD_DATE}" \
-o %{name}
%install
install -Dm0755 %{name} %{buildroot}%{_bindir}/%{name}
# adapt the mode while building
sed -i '1 s|.*|mode: %{default_firewall_backend}|g' config/%{name}.yaml
install -Dm0600 config/%{name}.yaml %{buildroot}%{_sysconfdir}/crowdsec/bouncers/%{name}.yaml
install -Dm0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.service
install -Dm0755 %{SOURCE3} %{buildroot}%{_bindir}/setup-%{name}
%pre
%service_add_pre %{name}.service
%post
%service_add_post %{name}.service
%preun
%service_del_preun %{name}.service
%postun
%service_del_postun %{name}.service
%files
%doc README.md
%license LICENSE
%config(noreplace) %{_sysconfdir}/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
%{_bindir}/%{name}
%{_bindir}/setup-%{name}
%{_unitdir}/%{name}.service
%changelog
