Received: from tetsumaki.net (tetsumaki.net [88.198.164.7])
	by gbr-app-1.alpinelinux.org (Postfix) with ESMTPS id 4486122039D
	for <alpine-aports@lists.alpinelinux.org>; Wed, 16 Nov 2022 18:11:31 +0000 (UTC)
From: tetsumaki <yd-alpine@tetsumaki.net>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tetsumaki.net;
	s=dkim; t=1668622280;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding;
	bh=OcrL7x2vKbk2Julx43MJkx7KlHJJ6K9ZRRkDGui06Ig=;
	b=IFaDga7+tGZ5yr2kjtiOU6tz2KFg5bRG1odSpJxfWKNinMOqMtjrdJXW+JrT+xATgryDHW
	i+OV7UOgAeRFKhVFOCYcVnwsoMWk6GX+VVketffW60OEZZijoj82YzUDQfEHnvlNmfOoaa
	fbogcuk4yLBdw+SX7KhSb2s7RseezmQ=
To: alpine-aports@lists.alpinelinux.org
Cc: tetsumaki <yd-alpinelinux@tetsumaki.net>
Subject: [PATCH] increase security of configuration file to 0600 (token and other sensitive information)
Date: Wed, 16 Nov 2022 19:11:23 +0100
Message-Id: <20221116181123.6801-1-yd-alpine@tetsumaki.net>
X-Mailer: git-send-email 2.38.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

From: tetsumaki <yd-alpinelinux@tetsumaki.net>

https://github.com/crowdsecurity/cs-firewall-bouncer/blob/main/debian/rules#L27
https://github.com/crowdsecurity/cs-firewall-bouncer/blob/main/rpm/SPECS/crowdsec-firewall-bouncer.spec#L44
---
 testing/cs-firewall-bouncer/APKBUILD | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/testing/cs-firewall-bouncer/APKBUILD b/testing/cs-firewall-bouncer/APKBUILD
index 789cc41764..577a7bd233 100644
--- a/testing/cs-firewall-bouncer/APKBUILD
+++ b/testing/cs-firewall-bouncer/APKBUILD
@@ -1,8 +1,9 @@
+# Contributor: tetsumaki <yd-alpine@tetsumaki.net>
 # Contributor: Kevin Daudt <kdaudt@alpinelinux.org>
 # Maintainer: Kevin Daudt <kdaudt@alpinelinux.org>
 pkgname=cs-firewall-bouncer
 pkgver=0.0.24
-pkgrel=1
+pkgrel=2
 pkgdesc="Crowdsec bouncer for firewalls"
 url="https://github.com/crowdsecurity/cs-firewall-bouncer"
 arch="all"
@@ -31,8 +32,8 @@ package() {
 	install -Dm0755 crowdsec-firewall-bouncer -t "$pkgdir"/usr/bin/
 	install -dm0755 "$pkgdir"/etc/crowdsec/bouncers
 	BACKEND=iptables API_KEY="" envsubst \
-		<config/crowdsec-firewall-bouncer.yaml \
-		>"$pkgdir"/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
+		< config/crowdsec-firewall-bouncer.yaml \
+		| install -Dm0600 /dev/stdin "$pkgdir"/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
 
 	install -Dm0755 "$srcdir"/$pkgname.initd \
 		"$pkgdir"/etc/init.d/cs-firewall-bouncer
-- 
2.38.1