File crowdsec.spec of Package crowdsec
#
# spec file for package crowdsec
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
%define cli_executable_name cscli
Name: crowdsec
Version: 1.6.2
Release: 0
Summary: Crowdsourced protection against malicious IPs
License: MIT
URL: https://github.com/crowdsecurity/crowdsec
Source: %{name}-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: go >= 1.22
BuildRequires: gcc-c++
BuildRequires: re2-devel
%description
CrowdSec is a free, modern & collaborative behavior detection engine, coupled
with a global IP reputation network. It stacks on fail2ban's philosophy but is
IPV6 compatible and 60x faster (Go vs Python), it uses Grok patterns to parse
logs and YAML scenarios to identify behaviors. CrowdSec is engineered for
modern Cloud / Containers / VM-based infrastructures (by decoupling detection
and remediation). Once detected you can remedy threats with various bouncers
(firewall block, nginx http 403, Captchas, etc.) while the aggressive IP can be
sent to CrowdSec for curation before being shared among all users to further
improve everyone's security.
%package -n %{name}-cli
Summary: CLI for %{name}
Requires: %{name}-cli = %{version}
%description -n %{name}-cli
CLI for Crowdsec
%package -n %{name}-cli-bash-completion
Summary: Bash Completion for %{name}-cli
Group: System/Shells
Requires: %{name}-cli = %{version}
Requires: bash-completion
Supplements: (%{name}-cli and bash-completion)
BuildArch: noarch
%description -n %{name}-cli-bash-completion
Bash command line completion support for %{name}-cli.
%package -n %{name}-cli-fish-completion
Summary: Fish Completion for %{name}-cli
Group: System/Shells
Requires: %{name}-cli = %{version}
Supplements: (%{name}-cli and fish)
BuildArch: noarch
%description -n %{name}-cli-fish-completion
Fish command line completion support for %{name}-cli.
%package -n %{name}-cli-zsh-completion
Summary: Zsh Completion for %{name}-cli
Group: System/Shells
Requires: %{name}-cli = %{version}
Supplements: (%{name}-cli and zsh)
BuildArch: noarch
%description -n %{name}-cli-zsh-completion
zsh command line completion support for %{name}-cli.
%prep
%autosetup -p 1 -a 1
%build
# hash will be shortened by COMMIT_HASH:0:8 later
COMMIT_HASH="$(sed -n 's/commit: \(.*\)/\1/p' %_sourcedir/%{name}.obsinfo)"
DATE_FMT="+%%Y-%%m-%%dT%%H:%%M:%%SZ"
BUILD_DATE=$(date -u -d "@${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u -r "${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u "${DATE_FMT}")
go build \
-mod=vendor \
-buildmode=pie \
-trimpath \
-tags='netgo,osusergo,sqlite_omit_load_extension,re2_cgo' \
-ldflags=" \
-X github.com/crowdsecurity/crowdsec/pkg/cwversion.Libre2=C++ \
-X github.com/crowdsecurity/go-cs-lib/version.Version=v%{version} \
-X github.com/crowdsecurity/go-cs-lib/version.Tag=${COMMIT_HASH:0:8} \
-X github.com/crowdsecurity/go-cs-lib/version.BuildDate=${BUILD_DATE} \
-X 'github.com/crowdsecurity/crowdsec/pkg/cwversion.Codename=alphaga' \
-X 'github.com/crowdsecurity/crowdsec/pkg/csconfig.defaultConfigDir=/etc/crowdsec/' \
-X 'github.com/crowdsecurity/crowdsec/pkg/csconfig.defaultDataDir=%{_sharedstatedir}/%{name}/data/'" \
-o bin/%{name} ./cmd/%{name}
go build \
-mod=vendor \
-buildmode=pie \
-trimpath \
-tags='netgo,osusergo,sqlite_omit_load_extension,re2_cgo' \
-ldflags=" \
-X github.com/crowdsecurity/crowdsec/pkg/cwversion.Libre2=C++ \
-X github.com/crowdsecurity/go-cs-lib/version.Version=v%{version} \
-X github.com/crowdsecurity/go-cs-lib/version.Tag=${COMMIT_HASH:0:8} \
-X github.com/crowdsecurity/go-cs-lib/version.BuildDate=${BUILD_DATE} \
-X 'github.com/crowdsecurity/crowdsec/pkg/cwversion.Codename=alphaga' \
-X 'github.com/crowdsecurity/crowdsec/pkg/csconfig.defaultConfigDir=/etc/crowdsec/' \
-X 'github.com/crowdsecurity/crowdsec/pkg/csconfig.defaultDataDir=%{_sharedstatedir}/%{name}/data/'" \
-o bin/%{cli_executable_name} ./cmd/%{name}-cli
for i in cmd/notification-*
do
pushd "${i}"
go build \
-mod=vendor \
-buildmode=pie \
-trimpath \
-tags='netgo,osusergo,sqlite_omit_load_extension,re2_cgo' \
-ldflags=" \
-X github.com/crowdsecurity/crowdsec/pkg/cwversion.Libre2=C++ \
-X github.com/crowdsecurity/go-cs-lib/version.Version=v%{version} \
-X github.com/crowdsecurity/go-cs-lib/version.Tag=${COMMIT_HASH:0:8} \
-X github.com/crowdsecurity/go-cs-lib/version.BuildDate=${BUILD_DATE} \
-X 'github.com/crowdsecurity/crowdsec/pkg/cwversion.Codename=alphaga' \
-X 'github.com/crowdsecurity/crowdsec/pkg/csconfig.defaultConfigDir=/etc/crowdsec/' \
-X 'github.com/crowdsecurity/crowdsec/pkg/csconfig.defaultDataDir=%{_sharedstatedir}/%{name}/data/'" \
-o "${i/cmd\//}"
popd
done
%install
# Install the binary.
install -D -m 0755 bin/%{name} %{buildroot}/%{_bindir}/%{name}
# directory in /var/lib/
install -d -m 0755 %{buildroot}%{_sharedstatedir}/%{name}
install -d -m 0755 %{buildroot}%{_sharedstatedir}/%{name}/data/
install -d -m 0755 %{buildroot}%{_sharedstatedir}/%{name}/plugins/
# directory in /etc/
install -d -m 0755 %{buildroot}%{_sysconfdir}/%{name}/
install -d -m 0755 %{buildroot}%{_sysconfdir}/%{name}/acquis.d/
install -d -m 0755 %{buildroot}%{_sysconfdir}/%{name}/console/
install -d -m 0755 %{buildroot}%{_sysconfdir}/%{name}/hub/
install -m 600 -D config/config.yaml %{buildroot}%{_sysconfdir}/%{name}/
# plugins are not in /etc/crowdsec/plugins/
sed -i 's#/usr/local/lib/crowdsec/plugins/#%{_libdir}/%{name}/plugins/#' %{buildroot}%{_sysconfdir}/%{name}/config.yaml
# notifiations are not in /etc/crowdsec/notifications/
sed -i 's#/etc/crowdsec/notifications/#%{_datadir}/%{name}/notifications/#' %{buildroot}%{_sysconfdir}/%{name}/config.yaml
# set pattern_dir, as patterns are not in /etc/crowdsec/patterns/
sed -i '/plugin_dir/a\ \ pattern_dir: %{_datadir}/%{name}/patterns/' %{buildroot}%{_sysconfdir}/%{name}/config.yaml
install -m 644 -D config/console.yaml %{buildroot}%{_sysconfdir}/%{name}/
install -m 644 -D config/profiles.yaml %{buildroot}%{_sysconfdir}/%{name}/
install -m 644 -D config/simulation.yaml %{buildroot}%{_sysconfdir}/%{name}/
# unit file
install -d -m 0755 %{buildroot}%{_unitdir}/
install -m 644 -D debian/crowdsec.service %{buildroot}%{_unitdir}/%{name}.service
# directory in /usr/share/
install -d -m 0755 %{buildroot}%{_datadir}/
install -d -m 0755 %{buildroot}%{_datadir}/%{name}/
sed -i 's/env bash/bash/' wizard.sh
install -m 755 -D wizard.sh %{buildroot}%{_datadir}/%{name}/wizard.sh
install -d -m 0755 %{buildroot}%{_datadir}/%{name}/patterns/
install -m 644 -D config/patterns/* -t %{buildroot}%{_datadir}/%{name}/patterns/
install -d -m 0755 %{buildroot}%{_datadir}/%{name}/notifications/
install -m 600 cmd/notification-slack/slack.yaml %{buildroot}%{_datadir}/%{name}/notifications/
install -m 600 cmd/notification-http/http.yaml %{buildroot}%{_datadir}/%{name}/notifications/
install -m 600 cmd/notification-splunk/splunk.yaml %{buildroot}%{_datadir}/%{name}/notifications/
install -m 600 cmd/notification-email/email.yaml %{buildroot}%{_datadir}/%{name}/notifications/
install -m 600 cmd/notification-sentinel/sentinel.yaml %{buildroot}%{_datadir}/%{name}/notifications/
install -m 600 cmd/notification-file/file.yaml %{buildroot}%{_datadir}/%{name}/notifications/
mkdir -p %{buildroot}%{_libdir}/%{name}/plugins/
install -m 551 cmd/notification-slack/notification-slack %{buildroot}%{_libdir}/%{name}/plugins/
install -m 551 cmd/notification-http/notification-http %{buildroot}%{_libdir}/%{name}/plugins/
install -m 551 cmd/notification-splunk/notification-splunk %{buildroot}%{_libdir}/%{name}/plugins/
install -m 551 cmd/notification-email/notification-email %{buildroot}%{_libdir}/%{name}/plugins/
install -m 551 cmd/notification-sentinel/notification-sentinel %{buildroot}%{_libdir}/%{name}/plugins/
install -m 551 cmd/notification-file/notification-file %{buildroot}%{_libdir}/%{name}/plugins/
# in contrast to https://github.com/crowdsecurity/crowdsec/blob/master/rpm/SPECS/crowdsec.spec#L10
# we do not package the preset, i.e. we do not enable crowdsec by default
# Install the binary for the CLI
install -D -m 0755 bin/%{cli_executable_name} %{buildroot}/%{_bindir}/%{cli_executable_name}
# create the bash completion file
mkdir -p %{buildroot}%{_datarootdir}/bash-completion/completions/
%{buildroot}/%{_bindir}/%{cli_executable_name} completion bash > %{buildroot}%{_datarootdir}/bash-completion/completions/%{cli_executable_name}
# create the fish completion file
mkdir -p %{buildroot}%{_datarootdir}/fish/vendor_completions.d/
%{buildroot}/%{_bindir}/%{cli_executable_name} completion fish > %{buildroot}%{_datarootdir}/fish/vendor_completions.d/%{cli_executable_name}.fish
# create the zsh completion file
mkdir -p %{buildroot}%{_datarootdir}/zsh_completion.d/
%{buildroot}/%{_bindir}/%{cli_executable_name} completion zsh > %{buildroot}%{_datarootdir}/zsh_completion.d/_%{cli_executable_name}
%pre -n %{name}
%service_add_pre %{name}.service
%post -n %{name}
%service_add_post %{name}.service
%preun -n %{name}
%service_del_preun %{name}.service
%postun -n %{name}
%service_del_postun %{name}.service
%files
%doc README.md
%license LICENSE
%{_bindir}/%{name}
%{_unitdir}/%{name}.service
%dir %{_sysconfdir}/%{name}
%dir %{_sysconfdir}/%{name}/acquis.d/
%dir %{_sysconfdir}/%{name}/console/
%dir %{_sysconfdir}/%{name}/hub
%ghost %{_sysconfdir}/%{name}/hub/.index.json
%config(noreplace) %{_sysconfdir}/%{name}/config.yaml
%config(noreplace) %{_sysconfdir}/%{name}/simulation.yaml
%config(noreplace) %{_sysconfdir}/%{name}/profiles.yaml
%config(noreplace) %{_sysconfdir}/%{name}/console.yaml
%dir %{_datadir}/%{name}/
%{_datadir}/%{name}/wizard.sh
%dir %{_datadir}/%{name}/notifications/
%{_datadir}/%{name}/notifications/*
%dir %{_datadir}/%{name}/patterns/
%{_datadir}/%{name}/patterns/linux-syslog
%{_datadir}/%{name}/patterns/ruby
%{_datadir}/%{name}/patterns/nginx
%{_datadir}/%{name}/patterns/junos
%{_datadir}/%{name}/patterns/cowrie_honeypot
%{_datadir}/%{name}/patterns/redis
%{_datadir}/%{name}/patterns/firewalls
%{_datadir}/%{name}/patterns/paths
%{_datadir}/%{name}/patterns/java
%{_datadir}/%{name}/patterns/postgresql
%{_datadir}/%{name}/patterns/bacula
%{_datadir}/%{name}/patterns/mcollective
%{_datadir}/%{name}/patterns/rails
%{_datadir}/%{name}/patterns/haproxy
%{_datadir}/%{name}/patterns/nagios
%{_datadir}/%{name}/patterns/mysql
%{_datadir}/%{name}/patterns/ssh
%{_datadir}/%{name}/patterns/tcpdump
%{_datadir}/%{name}/patterns/exim
%{_datadir}/%{name}/patterns/bro
%{_datadir}/%{name}/patterns/modsecurity
%{_datadir}/%{name}/patterns/aws
%{_datadir}/%{name}/patterns/smb
%{_datadir}/%{name}/patterns/mongodb
%dir %{_libdir}/%{name}/
%{_libdir}/%{name}/*
%dir %{_sharedstatedir}/%{name}/
%dir %{_sharedstatedir}/%{name}/data/
%files -n %{name}-cli
%doc README.md
%license LICENSE
%{_bindir}/%{cli_executable_name}
%files -n %{name}-cli-bash-completion
%dir %{_datarootdir}/bash-completion/completions/
%{_datarootdir}/bash-completion/completions/%{cli_executable_name}
%files -n %{name}-cli-fish-completion
%dir %{_datarootdir}/fish
%dir %{_datarootdir}/fish/vendor_completions.d
%{_datarootdir}/fish/vendor_completions.d/%{cli_executable_name}.fish
%files -n %{name}-cli-zsh-completion
%defattr(-,root,root)
%dir %{_datarootdir}/zsh_completion.d/
%{_datarootdir}/zsh_completion.d/_%{cli_executable_name}
%changelog
