cloudflared: update to 2024.8.2 (#6185)

* cloudflared: switch to using config.yml

* cloudflared: update to 2024.6.1

* cloudflared: add logging on migration

* cloudflared: update to 2024.7.3

* cloudflared: update to 2024.8.2

cross/cloudflared/Makefile

@@ -1,5 +1,5 @@
 PKG_NAME = cloudflared
-PKG_VERS = 2024.6.0
+PKG_VERS = 2024.8.2
 PKG_EXT = tar.gz
 PKG_DIST_NAME = $(PKG_VERS).$(PKG_EXT)
 PKG_DIST_SITE = https://github.com/cloudflare/cloudflared/archive

cross/cloudflared/digests

@@ -1,3 +1,3 @@
-cloudflared-2024.6.0.tar.gz SHA1 ea76a4a5df9198fde1a879fdabd44ebc623b9762
-cloudflared-2024.6.0.tar.gz SHA256 e75eec7eaf61320f7b5f9f6abc0891285bd3eeebad46b4a5cb53765281a8d88e
-cloudflared-2024.6.0.tar.gz MD5 5942d076798577ab687786986598990a
+cloudflared-2024.8.2.tar.gz SHA1 6e5caf8d05c90afe4796e197dbd82ad8845538c8
+cloudflared-2024.8.2.tar.gz SHA256 a6fe4be772ebf78f3a4ee615410e70f1aa95dafa1c173509d08fdd2f94bda3a8
+cloudflared-2024.8.2.tar.gz MD5 815a8164ce26fa63b24136d2eb62932c

spk/cloudflared/Makefile

@@ -1,6 +1,6 @@
 SPK_NAME = cloudflared
-SPK_VERS = 2024.6.0
-SPK_REV = 13
+SPK_VERS = 2024.8.2
+SPK_REV = 14
 SPK_ICON = src/cloudflared.png
 
 DEPENDS = cross/cloudflared
@@ -11,12 +11,19 @@ DISPLAY_NAME = Cloudflare Tunnel
 DESCRIPTION = "Cloudflare Tunnel provides you with a secure way to connect your resources to Cloudflare without a publicly routable IP address. With Tunnel, you do not send traffic to an external IP - instead, a lightweight daemon in your infrastructure \('cloudflared'\) creates outbound-only connections to Cloudflare\'s global network. Cloudflare Tunnel can connect HTTP web servers, SSH servers, remote desktops, and other protocols safely to Cloudflare. This way, your origins can serve traffic through Cloudflare without being vulnerable to attacks that bypass Cloudflare."
 HOMEPAGE = https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/
 LICENSE = Apache-2.0
-CHANGELOG = "Update to v2024.6.0, built with go 1.22"
+CHANGELOG = "1.Update to v2024.8.2 <br/>2. Use config.yml instead of passing the token directly<br/>3. Add more options to the install wizard"
 
 WIZARDS_DIR = src/wizard/
 
 STARTABLE = yes
 SERVICE_USER = auto
 SERVICE_SETUP = src/service-setup.sh
 
+POST_STRIP_TARGET = cloudflared_extra_install
+
 include ../../mk/spksrc.spk.mk
+
+.PHONY: cloudflared_extra_install
+cloudflared_extra_install:
+	install -m 755 -d $(STAGING_DIR)/var
+	install -m 644 src/config.yml $(STAGING_DIR)/var/config.yml

spk/cloudflared/src/config.yml

@@ -0,0 +1,5 @@
+token: "@token@"
+no-autoupdate: true
+management-diagnostics: @management-diagnostics@
+post-quantum: @post-quantum@
+edge-ip-version: "@edge-ip-version@"

spk/cloudflared/src/service-setup.sh

@@ -1,18 +1,35 @@
 TOKEN_FILE="${SYNOPKG_PKGVAR}/token"
+CONFIG_FILE="${SYNOPKG_PKGVAR}/config.yml"
 
-# Read token from file
-if [ -e $TOKEN_FILE ]; then
-    CLOUDFLARED_TOKEN="$(cat $TOKEN_FILE)"
-fi
-
-SERVICE_COMMAND="${SYNOPKG_PKGDEST}/bin/cloudflared --no-autoupdate tunnel run --token ${CLOUDFLARED_TOKEN}"
+SERVICE_COMMAND="${SYNOPKG_PKGDEST}/bin/cloudflared tunnel --config ${SYNOPKG_PKGVAR}/config.yml run"
 SVC_BACKGROUND=y
 SVC_WRITE_PID=y
 
-service_postinst ()
+service_postinst() 
+{
+    if [ "${SYNOPKG_PKG_STATUS}" == "INSTALL" ]; then
+
+        # Populate config template
+        sed -i -e "s|@token@|${wizard_cloudflared_token}|g" \
+            -e "s|@management-diagnostics@|${wizard_management_diagnostics}|g" \
+            -e "s|@post-quantum@|${wizard_pq}|g" \
+            -e "s|@edge-ip-version@|${wizard_edge_ip_version}|g" \
+            ${CONFIG_FILE}
+
+    fi
+}
+
+service_postupgrade() 
 {
-    # Save token to file
-    if [ -n "${wizard_cloudflared_token}" ]; then
-        echo "${wizard_cloudflared_token}" >> ${TOKEN_FILE}
+    # Migrate from token file if exists
+    if [ -e $TOKEN_FILE ]; then
+        echo "Migrate token into ${CONFIG_FILE} and delete ${TOKEN_FILE}"
+        CLOUDFLARED_TOKEN="$(cat $TOKEN_FILE)"
+        rm -f $TOKEN_FILE
+        sed -i -e "s|@token@|${CLOUDFLARED_TOKEN}|g" \
+            -e "s|@management-diagnostics@|false|g" \
+            -e "s|@post-quantum@|false|g" \
+            -e "s|@edge-ip-version@|4|g" \
+            ${CONFIG_FILE}
     fi
 }

spk/cloudflared/src/wizard/install_uifile

@@ -15,11 +15,46 @@
                             "regex": {
                                 "expr": "/^(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=|[A-Za-z0-9+\/]{4})$/",
                                 "errorText": "Not a base64 encoded value."
-                            }                            
+                            }
                         }
                     }
                 ]
             }
         ]
+    },
+    {
+        "step_title": "Advanced options",
+        "items": [
+            {
+                "type": "multiselect",
+                "subitems": [
+                    {
+                        "key": "wizard_pq",
+                        "desc": "Create an experimental post-quantum secure tunnel",
+                        "defaultValue": false
+                    },
+                    {
+                        "key": "wizard_management_diagnostics",
+                        "desc": "Allow the Cloudflare engineering team to remotely get diagnostics from cloudflared during debug activities",
+                        "defaultValue": false
+                    }
+                ]
+            },
+            {
+                "type": "combobox",
+                "subitems": [
+                    {
+                        "key": "wizard_edge_ip_version",
+                        "desc": "Cloudflare Edge IP address version to connect with",
+                        "editable": false,
+                        "defaultValue": "4",
+                        "store": [ "4", "6", "auto" ],
+                        "validator": {
+                            "allowBlank": false
+                        }                        
+                    }
+                ]
+            }
+        ]
     }
 ]