%bcond check 1
%bcond re2 1

%if %{with re2}
%global re2_buildttag re2_cgo
%global re2_ldflags -X '%{goipath}/pkg/cwversion.Libre2=C++'
%else
%global re2_buildttag %{nil}
%global re2_ldflags %{nil}
%endif

# https://github.com/crowdsecurity/crowdsec
%global goipath         github.com/crowdsecurity/crowdsec
Version:                1.7.4

%gometa -L -f


Name:           crowdsec
Release:        1%{?dist}
Summary:        Crowdsourced protection against malicious IPs

License:        Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND CC-BY-2.5 AND ISC AND MIT AND MIT-0 AND MITNFA AND MPL-2.0 AND Unicode-DFS-2015 AND WTFPL AND blessing
URL:            https://crowdsec.net
Source0:        %{gosource}
Source1:        %{archivename}-vendor.tar.zst
Source2:        go-vendor-tools.toml

# setup on first run to be compatible with atomic editions
Source3:        %{name}.service.dropin.conf
Source4:        %{name}-setup-etc.service
Source5:        %{name}-setup-hub.service
Source6:        %{name}-setup-local-api-credentials.service
Source7:        %{name}-setup-online-api-credentials.service
Source8:        %{name}-setup-unattended.service
Source9:        %{name}-setup-var.service

# work around unusual systemd unit only present on Fedora CoreOS
# https://github.com/systemd/systemd/issues/40079
Patch1:         0001-cscli-setup-ignore-extraneous-lines-from-systemctl-s.patch

BuildRequires:  go-vendor-tools
BuildRequires:  systemd-rpm-macros

%if %{with re2}
BuildRequires:  gcc-c++
BuildRequires:  pkgconfig(re2)
%endif


%description
The open-source and participative security solution offering crowdsourced protection against 
malicious IPs and access to the most advanced real-world CTI.


%prep
%goprep -A
%setup -q -T -D -a1 %{forgesetupargs}
%autopatch -p1


%generate_buildrequires
%go_vendor_license_buildrequires -c %{S:2}


%build
%global gomodulesmode GO111MODULE=on
GO_LDFLAGS='%{shrink:
    -X 'github.com/crowdsecurity/go-cs-lib/version.Version=v%{version}'
    -X 'github.com/crowdsecurity/go-cs-lib/version.BuildDate=%(date +%F"_"%T)'
    -X 'github.com/crowdsecurity/go-cs-lib/version.Tag=rpmbuild'
    -X '%{goipath}/pkg/cwversion.Codename=alphaga'
    -X '%{goipath}/pkg/csconfig.defaultConfigDir=%{_sysconfdir}/%{name}'
    -X '%{goipath}/pkg/csconfig.defaultDataDir=%{_sharedstatedir}/%{name}'
    %{re2_ldflags}
}'
GO_BUILDTAGS='%{shrink:
  netgo
  osusergo 
  expr_debug 
  sqlite_omit_load_extension
  %{re2_buildttag}
  datasource_appsec 
	datasource_cloudwatch 
	datasource_docker 
	datasource_file 
	datasource_http 
	datasource_k8saudit 
	datasource_kafka 
	datasource_journalctl 
	datasource_kinesis 
	datasource_loki 
	datasource_victorialogs 
	datasource_s3 
	datasource_syslog 
	datasource_wineventlog 
	cscli_setup 
	db_mysql 
	db_postgres 
	db_sqlite
}'
for cmd in cmd/* ; do
  %gobuild -o %{gobuilddir}/bin/$(basename $cmd) %{goipath}/$cmd
done


%install
%go_vendor_license_install -c %{S:2}

install -m 755 -d %{buildroot}%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/acquis.d
install -m 755 -d %{buildroot}%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/hub
install -m 755 -d %{buildroot}%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/patterns
install -m 755 -d %{buildroot}%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/console
install -m 755 -d %{buildroot}%{_datadir}/%{name}/skel%{_sharedstatedir}/%{name}/data
install -m 755 -d %{buildroot}%{_datadir}/%{name}/skel%{_sharedstatedir}/%{name}/plugins
install -m 755 -d %{buildroot}%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/notifications
install -m 755 -d %{buildroot}%{_libdir}/%{name}/plugins

install -m 755 -D %{gobuilddir}/bin/%{name} %{buildroot}%{_bindir}/%{name}
install -m 755 -D %{gobuilddir}/bin/%{name}-cli %{buildroot}%{_bindir}/cscli
install -m 755 -D debian/hubupdate.sh %{buildroot}%{_libexecdir}/%{name}/hubupdate.sh
install -m 644 -D debian/%{name}.service %{buildroot}%{_unitdir}/%{name}.service
install -m 644 -D debian/%{name}-hubupdate.service %{buildroot}%{_unitdir}/%{name}-hubupdate.service
install -m 644 -D debian/%{name}-hubupdate.timer %{buildroot}%{_unitdir}/%{name}-hubupdate.timer

install -m 644 -D config/patterns/* -t %{buildroot}%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/patterns/
install -m 600 -D config/config.yaml %{buildroot}%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/
install -m 600 -D config/detect.yaml %{buildroot}%{_datadir}/%{name}/skel%{_sharedstatedir}/%{name}/data/
install -m 644 -D config/simulation.yaml %{buildroot}%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/
install -m 644 -D config/profiles.yaml %{buildroot}%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/
install -m 644 -D config/console.yaml %{buildroot}%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/
install -m 644 -D config/context.yaml %{buildroot}%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/console/

# plugins could go to _libexecdir but we'll leave them in _libdir because it's referenced in config.yaml
install -m 755 %{gobuilddir}/bin/notification-slack %{buildroot}%{_libdir}/%{name}/plugins/
install -m 755 %{gobuilddir}/bin/notification-http %{buildroot}%{_libdir}/%{name}/plugins/
install -m 755 %{gobuilddir}/bin/notification-splunk %{buildroot}%{_libdir}/%{name}/plugins/
install -m 755 %{gobuilddir}/bin/notification-email %{buildroot}%{_libdir}/%{name}/plugins/
install -m 755 %{gobuilddir}/bin/notification-sentinel %{buildroot}%{_libdir}/%{name}/plugins/
install -m 755 %{gobuilddir}/bin/notification-file %{buildroot}%{_libdir}/%{name}/plugins/

install -m 600 cmd/notification-slack/slack.yaml %{buildroot}%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/notifications/
install -m 600 cmd/notification-http/http.yaml %{buildroot}%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/notifications/
install -m 600 cmd/notification-splunk/splunk.yaml %{buildroot}%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/notifications/
install -m 600 cmd/notification-email/email.yaml %{buildroot}%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/notifications/
install -m 600 cmd/notification-sentinel/sentinel.yaml %{buildroot}%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/notifications/
install -m 600 cmd/notification-file/file.yaml %{buildroot}%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/notifications/

install -m 644 -D %{S:3} %{buildroot}%{_unitdir}/%{name}.service.d/setup.conf
install -m 644 -D %{S:4} %{buildroot}%{_unitdir}/%{name}-setup-etc.service
install -m 644 -D %{S:5} %{buildroot}%{_unitdir}/%{name}-setup-hub.service
install -m 644 -D %{S:6} %{buildroot}%{_unitdir}/%{name}-setup-local-api-credentials.service
install -m 644 -D %{S:7} %{buildroot}%{_unitdir}/%{name}-setup-online-api-credentials.service
install -m 644 -D %{S:8} %{buildroot}%{_unitdir}/%{name}-setup-unattended.service
install -m 644 -D %{S:9} %{buildroot}%{_unitdir}/%{name}-setup-var.service


%check
# some corrections have been made
%go_vendor_license_check -c %{S:2}

%if %{with check}
%global ignores %{shrink:
  -d github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/cloudwatch
  -d github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/docker
  -d github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/file
  -d github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/http
  -d github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/kafka
  -d github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/kinesis
  -d github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/loki
  -d github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/syslog
  -d github.com/crowdsecurity/crowdsec/pkg/acquisition/modules/victorialogs
  -d github.com/crowdsecurity/crowdsec/pkg/csplugin
  -d github.com/crowdsecurity/crowdsec/pkg/exprhelpers
}
%gocheck2 %{ignores}
%endif


%files -f %{go_vendor_license_filelist}
%doc README.md SECURITY.md
%{_bindir}/%{name}
%{_bindir}/cscli
%{_libexecdir}/%{name}/hubupdate.sh
%{_libdir}/%{name}/plugins/notification-slack
%{_libdir}/%{name}/plugins/notification-http
%{_libdir}/%{name}/plugins/notification-splunk
%{_libdir}/%{name}/plugins/notification-email
%{_libdir}/%{name}/plugins/notification-sentinel
%{_libdir}/%{name}/plugins/notification-file

%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/patterns/linux-syslog
%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/patterns/ruby
%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/patterns/nginx
%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/patterns/junos
%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/patterns/cowrie_honeypot
%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/patterns/redis
%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/patterns/firewalls
%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/patterns/paths
%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/patterns/java
%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/patterns/postgresql
%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/patterns/bacula
%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/patterns/mcollective
%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/patterns/rails
%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/patterns/haproxy
%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/patterns/nagios
%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/patterns/mysql
%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/patterns/ssh
%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/patterns/tcpdump
%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/patterns/exim
%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/patterns/bro
%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/patterns/modsecurity
%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/patterns/aws
%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/patterns/smb
%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/patterns/mongodb
%{_datadir}/%{name}/skel%{_sharedstatedir}/%{name}/data/detect.yaml
%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/config.yaml
%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/simulation.yaml
%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/profiles.yaml
%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/console.yaml
%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/console/context.yaml
%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/notifications/http.yaml
%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/notifications/slack.yaml
%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/notifications/splunk.yaml
%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/notifications/email.yaml
%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/notifications/sentinel.yaml
%{_datadir}/%{name}/skel%{_sysconfdir}/%{name}/notifications/file.yaml

%ghost %{_sysconfdir}/%{name}/patterns/linux-syslog
%ghost %{_sysconfdir}/%{name}/patterns/ruby
%ghost %{_sysconfdir}/%{name}/patterns/nginx
%ghost %{_sysconfdir}/%{name}/patterns/junos
%ghost %{_sysconfdir}/%{name}/patterns/cowrie_honeypot
%ghost %{_sysconfdir}/%{name}/patterns/redis
%ghost %{_sysconfdir}/%{name}/patterns/firewalls
%ghost %{_sysconfdir}/%{name}/patterns/paths
%ghost %{_sysconfdir}/%{name}/patterns/java
%ghost %{_sysconfdir}/%{name}/patterns/postgresql
%ghost %{_sysconfdir}/%{name}/patterns/bacula
%ghost %{_sysconfdir}/%{name}/patterns/mcollective
%ghost %{_sysconfdir}/%{name}/patterns/rails
%ghost %{_sysconfdir}/%{name}/patterns/haproxy
%ghost %{_sysconfdir}/%{name}/patterns/nagios
%ghost %{_sysconfdir}/%{name}/patterns/mysql
%ghost %{_sysconfdir}/%{name}/patterns/ssh
%ghost %{_sysconfdir}/%{name}/patterns/tcpdump
%ghost %{_sysconfdir}/%{name}/patterns/exim
%ghost %{_sysconfdir}/%{name}/patterns/bro
%ghost %{_sysconfdir}/%{name}/patterns/modsecurity
%ghost %{_sysconfdir}/%{name}/patterns/aws
%ghost %{_sysconfdir}/%{name}/patterns/smb
%ghost %{_sysconfdir}/%{name}/patterns/mongodb
%ghost %{_sharedstatedir}/%{name}/data/detect.yaml
%ghost %attr(0600,root,root) %{_sysconfdir}/%{name}/config.yaml
%ghost %{_sysconfdir}/%{name}/simulation.yaml
%ghost %{_sysconfdir}/%{name}/profiles.yaml
%ghost %{_sysconfdir}/%{name}/console.yaml
%ghost %{_sysconfdir}/%{name}/console/context.yaml
%ghost %attr(0600,root,root) %{_sysconfdir}/%{name}/notifications/http.yaml
%ghost %attr(0600,root,root) %{_sysconfdir}/%{name}/notifications/slack.yaml
%ghost %attr(0600,root,root) %{_sysconfdir}/%{name}/notifications/splunk.yaml
%ghost %attr(0600,root,root) %{_sysconfdir}/%{name}/notifications/email.yaml
%ghost %attr(0600,root,root) %{_sysconfdir}/%{name}/notifications/sentinel.yaml
%ghost %attr(0600,root,root) %{_sysconfdir}/%{name}/notifications/file.yaml

%{_unitdir}/%{name}.service
%{_unitdir}/%{name}-hubupdate.service
%{_unitdir}/%{name}-hubupdate.timer
%{_unitdir}/%{name}.service.d/setup.conf
%{_unitdir}/%{name}-setup-etc.service
%{_unitdir}/%{name}-setup-hub.service
%{_unitdir}/%{name}-setup-local-api-credentials.service
%{_unitdir}/%{name}-setup-online-api-credentials.service
%{_unitdir}/%{name}-setup-unattended.service
%{_unitdir}/%{name}-setup-var.service

%ghost %attr(0600,root,root) %{_sysconfdir}/%{name}/hub/.index.json
%ghost %attr(0600,root,root) %{_localstatedir}/log/%{name}.log

%ghost %attr(0600,root,root) %{_sysconfdir}/%{name}/local_api_credentials.yaml
%ghost %attr(0600,root,root) %{_sysconfdir}/%{name}/online_api_credentials.yaml
%ghost %{_sysconfdir}/%{name}/acquis.yaml


%post
%systemd_post %{name}.service
%systemd_post %{name}-hubupdate.timer
%systemd_post %{name}-setup-etc.service
%systemd_post %{name}-setup-hub.service
%systemd_post %{name}-setup-local-api-credentials.service
%systemd_post %{name}-setup-online-api-credentials.service
%systemd_post %{name}-setup-unattended.service
%systemd_post %{name}-setup-var.service


%preun
%systemd_preun %{name}.service
%systemd_preun %{name}-hubupdate.timer
%systemd_preun %{name}-setup-etc.service
%systemd_preun %{name}-setup-hub.service
%systemd_preun %{name}-setup-local-api-credentials.service
%systemd_preun %{name}-setup-online-api-credentials.service
%systemd_preun %{name}-setup-unattended.service
%systemd_preun %{name}-setup-var.service


%postun
%systemd_postun_with_restart %{name}.service
%systemd_postun %{name}-hubupdate.timer
%systemd_postun %{name}-setup-etc.service
%systemd_postun %{name}-setup-hub.service
%systemd_postun %{name}-setup-local-api-credentials.service
%systemd_postun %{name}-setup-online-api-credentials.service
%systemd_postun %{name}-setup-unattended.service
%systemd_postun %{name}-setup-var.service


%changelog
* Sun Dec 14 2025 T.C. Hollingsworth <tchollingsworth@gmail.com> - 1.7.4-1
- initial package