Creation of a debian package

olarriga · Dec 4, 2019 · 687b6fd · 687b6fd
1 parent 9b484e6
commit 687b6fd
Show file tree

Hide file tree

Showing 9 changed files with 115 additions and 17 deletions.
diff --git a/.gitignore b/.gitignore
@@ -11,4 +11,8 @@
 dist/banisher
 
 # Database
-dist/db.bdg
+dist/db.bdg
+
+# Packages
+dist/packages
+dist/*.deb
diff --git a/README.md b/README.md
@@ -20,9 +20,16 @@ __WARNING The Banisher works only with logs handled by systemd journal and is cu
 Just download the lastest binary from the [releases section](https://github.com/toorop/banisher/releases).
 
 ### Config
-
+
+#### Without debian package
+
 In the same directory than The Banisher binary, create a [YAML](https://en.wikipedia.org/wiki/YAML) file named `config.yml`.
 
+#### With the debian package
+
+Modify the /etc/banisher.yml file according to your needs
+
+
 Here is a sample: 
 
 ```yaml

diff --git a/Taskfile.yml b/Taskfile.yml
@@ -1,10 +1,41 @@
 version: '2'
 
+vars:
+    GIT_VERSION:
+      sh: git describe --tags --always | sed 's/v//g'
+
 tasks:
+
   build:
     cmds:
-      - go build -o dist/banisher
+      - go build -ldflags "-w -s -X main.appVersion={{.GIT_VERSION}}" -o dist/banisher
+
   run:
     deps: [build]
     cmds:
-      - dist/banisher
+      - dist/banisher
+
+  package:
+    deps: [build]
+    vars:
+      PACKAGE_BUILD_DATE:
+        sh: date +%s
+    cmds:
+      - mkdir -p dist/packages/debian/DEBIAN
+      - cp debian/postinst dist/packages/debian/DEBIAN/.
+      - cp debian/prerm dist/packages/debian/DEBIAN/.
+      - cp debian/control dist/packages/debian/DEBIAN/.
+      - sed -i 's/#version#/{{.GIT_VERSION}}-{{.PACKAGE_BUILD_DATE}}/g' dist/packages/debian/DEBIAN/control
+      - mkdir -p dist/packages/debian/lib/systemd/system
+      - cp debian/banisher.service dist/packages/debian/lib/systemd/system/.
+      - mkdir -p dist/packages/debian/usr/sbin
+      - cp dist/banisher dist/packages/debian/usr/sbin/.
+      - mkdir -p dist/packages/debian/etc
+      - cp dist/config.yml dist/packages/debian/etc/banisher.yml
+      - dpkg-deb --build dist/packages/debian dist/banisher_{{.GIT_VERSION}}-{{.PACKAGE_BUILD_DATE}}_amd64.deb
+
+  clean:
+    cmds:
+      - rm dist/*.deb
+      - rm dist/packages -R
+      - rm dist/banisher
diff --git a/debian/banisher.service b/debian/banisher.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=The Banisher daemon
+After=network.target auditd.service
+
+[Service]
+ExecStartPre=/usr/bin/install -m 755 -o root -g root -d /var/lib/banisher
+ExecStart=/usr/sbin/banisher -conf=/etc/banisher.yml -db=/var/lib/banisher/db.bdg -systemd
+KillMode=process
+Restart=on-failure
+StandardOutput=syslog
+
+[Install]
+WantedBy=multi-user.target
diff --git a/debian/control b/debian/control
@@ -0,0 +1,8 @@
+Package: banisher
+Version: #version#
+Section: net
+Priority: optional
+Architecture: amd64
+Essential: no
+Maintainer: Olivier LARRIGAUDIERE
+Description: Watches your systemd journal and bans, with no delay, abusers.
diff --git a/debian/postinst b/debian/postinst
@@ -0,0 +1,28 @@
+#!/bin/sh
+set -e
+
+. /usr/share/debconf/confmodule
+db_version 2.0
+
+action="$1"
+oldversion="$2"
+
+umask 022
+
+
+if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
+	if [ -d /run/systemd/system ]; then
+		systemctl --system daemon-reload >/dev/null || true
+        if ! systemctl is-enabled banisher.service >/dev/null 
+        then
+            systemctl enable banisher.service >/dev/null || true
+            systemctl start banisher.service >/dev/null || true
+        else
+            systemctl restart banisher.service >/dev/null || true
+        fi
+	fi
+fi
+
+db_stop
+
+exit 0
diff --git a/debian/prerm b/debian/prerm
@@ -0,0 +1,8 @@
+#!/bin/sh
+set -e
+
+if [ -d /run/systemd/system ]; then
+	deb-systemd-invoke stop banisher.service >/dev/null
+fi
+
+exit 0
diff --git a/dist/config.yml b/dist/config.yml
@@ -3,22 +3,10 @@ defaultBanishmentDuration: 3600
 
 # whitelisted IP
 whitelist:
-  - 163.172.180.201
+#  - 1.2.3.4
 
 # rules
 rules:
-  - name: tmail-timeout
-    match: .*msg="smtpd.*-client timeout.*
-    IPpos: 0
-
-  - name: tmail-auth-404
-    match: .*msg="smtpd.*err:record not found"
-    IPpos: 0
-
-  - name: tmail-auth-empty
-    match: err:login or passwd is empty
-    IPpos: 0
-
   - name: dovecot
     match: .*imap-login:.*auth failed,.*
     IPpos: 0

diff --git a/main.go b/main.go
@@ -14,6 +14,7 @@ import (
 var banisher *Banisher
 var home string
 var config Config
+var appVersion string
 
 // main
 func main() {
@@ -28,13 +29,23 @@ func main() {
 	// load parameters
 	configFile := flag.String("conf", fmt.Sprintf("%s/config.yml", home), "configuration file")
 	databaseFile := flag.String("db", fmt.Sprintf("%s/db.bdg", home), "database file")
+	systemd := flag.Bool("systemd", false, "started by systemd")
 	flag.Parse()
 
+	// remove timestamp on log
+	if *systemd {
+		log.SetFlags(log.Flags() &^ (log.Ldate | log.Ltime))
+	}
+
+	// notify start of application with version
+	log.Printf("Starting The Banisher v%s", appVersion)
+
 	// load config
 	config, err = loadConfig(*configFile)
 	if err != nil {
 		log.Fatalf("failed to load config: %v", err)
 	}
+
 	// init banisher
 	banisher, err = NewBanisher(*databaseFile)
 	if err != nil {