%bcond check 1 # https://github.com/crowdsecurity/cs-firewall-bouncer %global goipath github.com/crowdsecurity/cs-firewall-bouncer Version: 0.0.34 %gometa -L -f Name: crowdsec-firewall-bouncer Release: 2%{?dist} Summary: Firewall bouncer for Crowdsec License: Apache-2.0 AND BSD-3-Clause AND ISC AND MIT URL: %{gourl} Source0: %{gosource} Source1: %{archivename}-vendor.tar.bz2 Source2: go-vendor-tools.toml Source3: setup-iptables.sh Source4: setup-nftables.sh Source5: crowdsec-firewall-bouncer-setup.service.in Source6: crowdsec-firewall-bouncer-setup-dropin.conf.in BuildRequires: go-vendor-tools BuildRequires: systemd-rpm-macros BuildRequires: /usr/bin/envsubst %description Firewall bouncer for Crowdsec (iptables+ipset configuration) %package common Summary: %{summary} (common files) Requires: /usr/bin/envsubst Recommends: crowdsec %description common %{description} (iptables+ipset configuration) %package iptables Summary: %{summary} (iptables+ipset configuration) Requires: %{name}-common iptables ipset ipset-libs %description iptables %{description} (iptables+ipset configuration) %package nftables Summary: %{summary} (nftables configuration) Requires: %{name}-common nftables %description nftables %{description} (nftables configuration) %prep %goprep -A %setup -q -T -D -a1 %{forgesetupargs} # %%autopatch -p1 %generate_buildrequires %go_vendor_license_buildrequires -c %{S:2} %build %global gomodulesmode GO111MODULE=on GO_LDFLAGS='%{shrink: -X 'github.com/crowdsecurity/go-cs-lib/version.Version=v%{version}' -X 'github.com/crowdsecurity/go-cs-lib/version.BuildDate=%(date +%F"_"%T)' -X 'github.com/crowdsecurity/go-cs-lib/version.Tag=rpm' }' %gobuild -o %{gobuilddir}/bin/cs-firewall-bouncer %{goipath} %install %go_vendor_license_install -c %{S:2} install -m 755 -D %{gobuilddir}/bin/cs-firewall-bouncer %{buildroot}%{_bindir}/%{name} install -m 600 -D config/%{name}.yaml %{buildroot}%{_datadir}/%{name}/%{name}.yaml install -m 600 -D /dev/null %{buildroot}%{_sysconfdir}/crowdsec/bouncers/%{name}.yaml install -m 600 -D scripts/_bouncer.sh %{buildroot}%{_prefix}/lib/%{name}/_bouncer.sh BIN=%{_bindir}/%{name} CFG=%{_sysconfdir}/crowdsec/bouncers envsubst '$BIN $CFG' < config/%{name}.service | install -m 644 -D /dev/stdin %{buildroot}%{_unitdir}/%{name}.service install -m 755 -D %{S:3} %{buildroot}%{_prefix}/lib/%{name}/setup-iptables.sh install -m 755 -D %{S:4} %{buildroot}%{_prefix}/lib/%{name}/setup-nftables.sh TYPE=iptables OTHER=nftables envsubst '$TYPE $OTHER' < %{S:5} | install -m 644 -D /dev/stdin %{buildroot}%{_unitdir}/%{name}-setup-iptables.service TYPE=nftables OTHER=iptables envsubst '$TYPE $OTHER' < %{S:5} | install -m 644 -D /dev/stdin %{buildroot}%{_unitdir}/%{name}-setup-nftables.service TYPE=iptables envsubst '$TYPE' < %{S:6} | install -m 644 -D /dev/stdin %{buildroot}%{_unitdir}/%{name}.service.d/%{name}-setup-iptables.conf TYPE=nftables envsubst '$TYPE' < %{S:6} | install -m 644 -D /dev/stdin %{buildroot}%{_unitdir}/%{name}.service.d/%{name}-setup-nftables.conf %check %go_vendor_license_check -c %{S:2} %if %{with check} %gotest ./... %endif %files common -f %{go_vendor_license_filelist} %license vendor/modules.txt %doc README.md %{_bindir}/%{name} %{_datadir}/%{name}/%{name}.yaml %{_prefix}/lib/%{name}/_bouncer.sh %{_unitdir}/%{name}.service %ghost %attr(0600, root, root) %{_sysconfdir}/crowdsec/bouncers/%{name}.yaml %files iptables %{_prefix}/lib/%{name}/setup-iptables.sh %{_unitdir}/%{name}-setup-iptables.service %{_unitdir}/%{name}.service.d/%{name}-setup-iptables.conf %files nftables %{_prefix}/lib/%{name}/setup-nftables.sh %{_unitdir}/%{name}-setup-nftables.service %{_unitdir}/%{name}.service.d/%{name}-setup-nftables.conf %post common %systemd_post %{name}.service %preun common %systemd_preun %{name}.service %postun common %systemd_postun_with_restart %{name}.service %changelog * Sun Dec 14 2025 T.C. Hollingsworth - 0.0.34-2 - switch dependency to /usr/bin/envsubst to be compatible with EPEL * Sun Dec 14 2025 T.C. Hollingsworth - 0.0.34-1 - initial package