diff --git a/cross/cloudflared/Makefile b/cross/cloudflared/Makefile
index 29ca3cdc220..bbfe5c70fba 100644
--- a/cross/cloudflared/Makefile
+++ b/cross/cloudflared/Makefile
@@ -1,5 +1,5 @@
PKG_NAME = cloudflared
-PKG_VERS = 2024.6.0
+PKG_VERS = 2024.8.2
PKG_EXT = tar.gz
PKG_DIST_NAME = $(PKG_VERS).$(PKG_EXT)
PKG_DIST_SITE = https://github.com/cloudflare/cloudflared/archive
diff --git a/cross/cloudflared/digests b/cross/cloudflared/digests
index 3ec6987d143..b0d03521669 100644
--- a/cross/cloudflared/digests
+++ b/cross/cloudflared/digests
@@ -1,3 +1,3 @@
-cloudflared-2024.6.0.tar.gz SHA1 ea76a4a5df9198fde1a879fdabd44ebc623b9762
-cloudflared-2024.6.0.tar.gz SHA256 e75eec7eaf61320f7b5f9f6abc0891285bd3eeebad46b4a5cb53765281a8d88e
-cloudflared-2024.6.0.tar.gz MD5 5942d076798577ab687786986598990a
+cloudflared-2024.8.2.tar.gz SHA1 6e5caf8d05c90afe4796e197dbd82ad8845538c8
+cloudflared-2024.8.2.tar.gz SHA256 a6fe4be772ebf78f3a4ee615410e70f1aa95dafa1c173509d08fdd2f94bda3a8
+cloudflared-2024.8.2.tar.gz MD5 815a8164ce26fa63b24136d2eb62932c
diff --git a/spk/cloudflared/Makefile b/spk/cloudflared/Makefile
index 40c5769ddf5..182c6d6fbfe 100644
--- a/spk/cloudflared/Makefile
+++ b/spk/cloudflared/Makefile
@@ -1,6 +1,6 @@
SPK_NAME = cloudflared
-SPK_VERS = 2024.6.0
-SPK_REV = 13
+SPK_VERS = 2024.8.2
+SPK_REV = 14
SPK_ICON = src/cloudflared.png
DEPENDS = cross/cloudflared
@@ -11,7 +11,7 @@ DISPLAY_NAME = Cloudflare Tunnel
DESCRIPTION = "Cloudflare Tunnel provides you with a secure way to connect your resources to Cloudflare without a publicly routable IP address. With Tunnel, you do not send traffic to an external IP - instead, a lightweight daemon in your infrastructure \('cloudflared'\) creates outbound-only connections to Cloudflare\'s global network. Cloudflare Tunnel can connect HTTP web servers, SSH servers, remote desktops, and other protocols safely to Cloudflare. This way, your origins can serve traffic through Cloudflare without being vulnerable to attacks that bypass Cloudflare."
HOMEPAGE = https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/
LICENSE = Apache-2.0
-CHANGELOG = "Update to v2024.6.0, built with go 1.22"
+CHANGELOG = "1.Update to v2024.8.2
2. Use config.yml instead of passing the token directly
3. Add more options to the install wizard"
WIZARDS_DIR = src/wizard/
@@ -19,4 +19,11 @@ STARTABLE = yes
SERVICE_USER = auto
SERVICE_SETUP = src/service-setup.sh
+POST_STRIP_TARGET = cloudflared_extra_install
+
include ../../mk/spksrc.spk.mk
+
+.PHONY: cloudflared_extra_install
+cloudflared_extra_install:
+ install -m 755 -d $(STAGING_DIR)/var
+ install -m 644 src/config.yml $(STAGING_DIR)/var/config.yml
\ No newline at end of file
diff --git a/spk/cloudflared/src/config.yml b/spk/cloudflared/src/config.yml
new file mode 100644
index 00000000000..a94c60bcc26
--- /dev/null
+++ b/spk/cloudflared/src/config.yml
@@ -0,0 +1,5 @@
+token: "@token@"
+no-autoupdate: true
+management-diagnostics: @management-diagnostics@
+post-quantum: @post-quantum@
+edge-ip-version: "@edge-ip-version@"
diff --git a/spk/cloudflared/src/service-setup.sh b/spk/cloudflared/src/service-setup.sh
index 2071cd9cecc..d5d68f52dac 100644
--- a/spk/cloudflared/src/service-setup.sh
+++ b/spk/cloudflared/src/service-setup.sh
@@ -1,18 +1,35 @@
TOKEN_FILE="${SYNOPKG_PKGVAR}/token"
+CONFIG_FILE="${SYNOPKG_PKGVAR}/config.yml"
-# Read token from file
-if [ -e $TOKEN_FILE ]; then
- CLOUDFLARED_TOKEN="$(cat $TOKEN_FILE)"
-fi
-
-SERVICE_COMMAND="${SYNOPKG_PKGDEST}/bin/cloudflared --no-autoupdate tunnel run --token ${CLOUDFLARED_TOKEN}"
+SERVICE_COMMAND="${SYNOPKG_PKGDEST}/bin/cloudflared tunnel --config ${SYNOPKG_PKGVAR}/config.yml run"
SVC_BACKGROUND=y
SVC_WRITE_PID=y
-service_postinst ()
+service_postinst()
+{
+ if [ "${SYNOPKG_PKG_STATUS}" == "INSTALL" ]; then
+
+ # Populate config template
+ sed -i -e "s|@token@|${wizard_cloudflared_token}|g" \
+ -e "s|@management-diagnostics@|${wizard_management_diagnostics}|g" \
+ -e "s|@post-quantum@|${wizard_pq}|g" \
+ -e "s|@edge-ip-version@|${wizard_edge_ip_version}|g" \
+ ${CONFIG_FILE}
+
+ fi
+}
+
+service_postupgrade()
{
- # Save token to file
- if [ -n "${wizard_cloudflared_token}" ]; then
- echo "${wizard_cloudflared_token}" >> ${TOKEN_FILE}
+ # Migrate from token file if exists
+ if [ -e $TOKEN_FILE ]; then
+ echo "Migrate token into ${CONFIG_FILE} and delete ${TOKEN_FILE}"
+ CLOUDFLARED_TOKEN="$(cat $TOKEN_FILE)"
+ rm -f $TOKEN_FILE
+ sed -i -e "s|@token@|${CLOUDFLARED_TOKEN}|g" \
+ -e "s|@management-diagnostics@|false|g" \
+ -e "s|@post-quantum@|false|g" \
+ -e "s|@edge-ip-version@|4|g" \
+ ${CONFIG_FILE}
fi
}
diff --git a/spk/cloudflared/src/wizard/install_uifile b/spk/cloudflared/src/wizard/install_uifile
index 0afac80e3b6..c1f5ca66507 100644
--- a/spk/cloudflared/src/wizard/install_uifile
+++ b/spk/cloudflared/src/wizard/install_uifile
@@ -15,11 +15,46 @@
"regex": {
"expr": "/^(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=|[A-Za-z0-9+\/]{4})$/",
"errorText": "Not a base64 encoded value."
- }
+ }
}
}
]
}
]
+ },
+ {
+ "step_title": "Advanced options",
+ "items": [
+ {
+ "type": "multiselect",
+ "subitems": [
+ {
+ "key": "wizard_pq",
+ "desc": "Create an experimental post-quantum secure tunnel",
+ "defaultValue": false
+ },
+ {
+ "key": "wizard_management_diagnostics",
+ "desc": "Allow the Cloudflare engineering team to remotely get diagnostics from cloudflared during debug activities",
+ "defaultValue": false
+ }
+ ]
+ },
+ {
+ "type": "combobox",
+ "subitems": [
+ {
+ "key": "wizard_edge_ip_version",
+ "desc": "Cloudflare Edge IP address version to connect with",
+ "editable": false,
+ "defaultValue": "4",
+ "store": [ "4", "6", "auto" ],
+ "validator": {
+ "allowBlank": false
+ }
+ }
+ ]
+ }
+ ]
}
]