File crowdsec-firewall-bouncer-iptables.spec of Package crowdsec-firewall-bouncer-iptables

Name:           crowdsec-firewall-bouncer-iptables
Version:        0.0.28
Release:        0
Summary:        Firewall bouncer for Crowdsec (iptables+ipset configuration)

License:        MIT
URL:            https://github.com/crowdsecurity/cs-firewall-bouncer/
Group:          Productivity/Networking/Security
Source0:        %{name}-%{version}.tar.gz
Source1:        80-crowdsec-firewall-bouncer.preset
Source2:        vendor.tar.gz
BuildRequires:  git
BuildRequires:  make
BuildRequires:  jq
BuildRequires:  go >= 1.20
BuildRequires:  golang-packaging
Requires:       crowdsec

Requires: iptables,ipset,gettext,ipset

%define debug_package %{nil}

%description
Crowdsec bouncer written in golang for firewalls.

crowdsec-firewall-bouncer will fetch new and old decisions from a CrowdSec API to add them in a blocklist used by supported firewalls.

Supported firewalls:

iptables (IPv4 heavy_check_mark / IPv6 heavy_check_mark )
nftables (IPv4 heavy_check_mark / IPv6 heavy_check_mark )
ipset only (IPv4 heavy_check_mark / IPv6 heavy_check_mark )
pf (IPV4 heavy_check_mark / IPV6 heavy_check_mark )


%define version_number  %version
%define releasever  %release
%global local_version v%{version_number}-%{releasever}-rpm
%global name crowdsec-firewall-bouncer
%global __mangle_shebangs_exclude_from /usr/bin/env

%prep
%autosetup -p 1 -a 1
#tar -axf %{SOURCE2}

%build
# hash will be shortened by COMMIT_HASH:0:8 later
COMMIT_HASH="$(sed -n 's/commit: \(.*\)/\1/p' %_sourcedir/%{name}.obsinfo)"
BUILD_DATE=$(date -u -d "@${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u -r "${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u "${DATE_FMT}")

BUILD_VERSION=%{local_version} GOFLAGS=-mod=vendor make
TMP=$(mktemp -p /tmp/)
cp config/%{name}.service ${TMP}
BIN=%{_bindir}/%{name} CFG=/etc/crowdsec/bouncers/ envsubst < ${TMP} > config/%{name}.service
rm ${TMP}

%install
rm -rf %{buildroot}
mkdir -p %{buildroot}/usr/sbin
mkdir -p %{buildroot}%{_presetdir}
install -m 755 -D %{name}  %{buildroot}%{_bindir}/%{name}
install -m 600 -D config/%{name}.yaml %{buildroot}/etc/crowdsec/bouncers/%{name}.yaml
install -m 644 -D config/%{name}.service %{buildroot}%{_unitdir}/%{name}.service
install -m 644 -D %{SOURCE1} %{buildroot}%{_presetdir}
ln -s /usr/sbin/service %{buildroot}/usr/sbin/rccrowdsec-firewall-bouncer
%clean
rm -rf %{buildroot}

%files
%defattr(-,root,root,-)
/usr/bin/%{name}
%{_unitdir}/%{name}.service
/usr/sbin/rccrowdsec-firewall-bouncer
%dir %{_sysconfdir}/crowdsec/
%dir %{_sysconfdir}/crowdsec/bouncers/
%config(noreplace) %{_sysconfdir}/crowdsec/bouncers/%{name}.yaml
%config(noreplace) %{_presetdir}/80-crowdsec-firewall-bouncer.preset

%changelog
* Tue Feb 16 2021 Manuel Sabban <manuel@crowdsec.net>
- First initial packaging

%pre
%systemd_pre %{name}.service

%post
%systemd_post %{name}.service

%preun
%systemd_preun %{name}.service

%postun
%systemd_postun_with_restart %{name}.service


# %package -n crowdsec-firewall-bouncer-nftables
# Summary:      Firewall bouncer for Crowdsec (nftables configuration)
# Requires: nftables,gettext
# Requires:       crowdsec
# %description -n crowdsec-firewall-bouncer-nftables
# 
# %files -n crowdsec-firewall-bouncer-nftables
# /usr/bin/%{name}
# %{_unitdir}/%{name}.service
# %dir %{_sysconfdir}/crowdsec/
# %dir %{_sysconfdir}/crowdsec/bouncers/
# %config(noreplace) %{_sysconfdir}/crowdsec/bouncers/%{name}.yaml