Raspbian automatic forward porter [Mon, 5 Jun 2023 02:58:53 +0000 (03:58 +0100)]
Merge version 1.4.6-3+rpi1 and 1.4.6-4 to produce 1.4.6-4+rpi1
Peter Michael Green [Thu, 1 Jun 2023 19:00:38 +0000 (19:00 +0000)]
Manual merge of version 1.4.6-1+rpi1 and 1.4.6-3 to produce 1.4.6-3+rpi1
Cyril Brulebois [Wed, 31 May 2023 16:54:17 +0000 (17:54 +0100)]
Merge crowdsec (1.4.6-4) import into refs/heads/workingbranch
Manuel Sabban [Mon, 13 Mar 2023 16:26:33 +0000 (17:26 +0100)]
[PATCH] try to make reproducible build work (#2119)
Co-authored-by: sabban <15465465+sabban@users.noreply.github.com>
Gbp-Pq: Name 0016-try-to-make-reproducible-build-work-2119.patch
Cyril Brulebois [Wed, 1 Mar 2023 22:58:00 +0000 (23:58 +0100)]
Silence “Crowdsec is not the latest version” messages.
We're shipping crowdsec in a stable Debian release, which isn't quite
compatible with a “latest and greatest” approach. :)
Upstream maintains a hub branch for the version we ship in stable anyway.
Gbp-Pq: Name 0015-silence-not-latest-version.patch
Cyril Brulebois [Wed, 1 Mar 2023 21:36:00 +0000 (22:36 +0100)]
Silence yaml patching
Being able to patch configuration files using .local snippets is relatively new,
and very useful when it comes to shipping mostly untouched configuration files,
with just a few values set in a .local file.
Unfortunately the initial code is very chatty and generates info-level messages
in all cscli calls.
An early patch upstream is
ca12432a2acd2fd607e9fbea97fea3fb3f124678 (backported
here), which demotes those messages from info to debug. It left the “Prepending”
messages at info, but those haven't been seen with the current packages, so
that's left untouched in this patch as well.
Further refinement landed in
cd4dabde0ec833552881dd36780ab847cf20882d but that
touches more code, and we're closing in freeze-wise, so leave it alone. All our
crowdsec* packages ship a README.Debian file, which should be sufficient in most
cases. When in doubt, adjusting the log level in specific commands should be
enough to figure out what's happening.
Gbp-Pq: Name 0014-silence-yaml-patching.patch
Cyril Brulebois [Wed, 1 Mar 2023 21:41:36 +0000 (22:41 +0100)]
Skip flakky tests
Initially (2023-02-15):
- TestAPICSendMetrics
- TestLongRunningQPS
Both aim at checking performance, and might error out when the underlying
system is “slow”. That was the case for the first test on arm64 (KO on
arm-arm-01, OK on arm-ubc-03) and on armel (KO on arm-ubc-06, OK on
arm-conova-02), and for the second test on mipsel (KO on mipsel-aql-02).
The same might happen on ci.debian.net, so disable both tests everywhere.
Extension (2023-03-01):
- TestAPICCAPIPullIsOld
- TestAPICHandleDeletedDecisions
- TestAPICPullTop
- TestGetDecisionsSinceCount
Gbp-Pq: Name 0013-skip-flakky-tests.patch
Manuel Sabban [Fri, 25 Nov 2022 07:34:47 +0000 (08:34 +0100)]
Refresh code generated from protobuf specifications
Without this patch, crowdsec would build fine but would fail in its testsuite,
reaching the 10-minute timeout. This was tracked down to unexpected csplugins
crashes, due to mismatched protobuf versions.
This issue would go away with golang-goprotobuf-dev 1.5.2-1~exp1 (as found in
experimental for a while) instead of 1.3.5-2 (in unstable as of November 2022).
Since protobuf's build-time and run-time are particularly tricky to get right,
incompatible 1.3.x and 1.5.x versions are packaged separately and aren't
co-installable. Since most packages depend on the 1.3.x version, it's not
possible to pull the 1.5.x version to avoid this issue.
Therefore, upstream was kind enough to come up with this patch, refreshing the
generated code so that it works fine within unstable.
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
Gbp-Pq: Name 0011-refresh-protobuf-code.patch
Cyril Brulebois [Wed, 31 May 2023 16:54:17 +0000 (17:54 +0100)]
disable-some-tests
Gbp-Pq: Name 0010-disable-some-tests.patch
Cyril Brulebois [Wed, 31 May 2023 16:54:17 +0000 (17:54 +0100)]
disable-kafka-acquisition-module
Gbp-Pq: Name 0009-disable-kafka-acquisition-module.patch
Cyril Brulebois [Wed, 31 May 2023 16:54:17 +0000 (17:54 +0100)]
r3labs-diff-versions
Gbp-Pq: Name 0008-r3labs-diff-versions.patch
Cyril Brulebois [Mon, 1 Mar 2021 20:40:04 +0000 (20:40 +0000)]
Automatically enable the online hub
By default, crowdsec comes with an offline copy of the hub (see
README.Debian). When running `cscli hub update`, ensure switching from
this offline copy to the online hub.
To ensure cscli doesn't disable anything that was configured (due to
symlinks from /etc/crowdsec becoming dangling all of a sudden), copy the
offline hub in the live directory (/var/lib/crowdsec/hub), and let
further operations (`cscli hub upgrade`, or `cscli <type> install`)
update the live directory as required.
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
Gbp-Pq: Name 0007-automatically-enable-online-hub.patch
Cyril Brulebois [Mon, 1 Mar 2021 14:11:36 +0000 (14:11 +0000)]
Adjust default config
Let's have all hub-related data under /var/lib/crowdsec/hub instead of
the default /etc/crowdsec/hub directory.
Also fix plugin directory.
Also delete pid_dir, which would otherwise generate this at runtime:
Deprecation warning: the pid_dir config can be safely removed and is not required
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
Gbp-Pq: Name 0005-adjust-config.patch
Cyril Brulebois [Fri, 22 Jan 2021 14:35:42 +0000 (14:35 +0000)]
Disable geoip-enrich in the hub files
It would download GeoLite2*.mmdb files from the network. Let users
enable the hub by themselves if they want to use it.
When refreshing this patch, don't forget to update both digest and
content fields, using:
- digest: sha256sum hub1/collections/crowdsecurity/linux.yaml
- content: base64 -w 0 /etc/crowdsec/collections/linux.yaml
Gbp-Pq: Name 0004-disable-geoip-enrich.patch
Cyril Brulebois [Fri, 22 Jan 2021 13:25:54 +0000 (13:25 +0000)]
Adjust systemd unit
- Adjust paths for the packaged crowdsec binary (/usr/bin).
- Drop commented out ExecStartPost entirely.
- Drop syslog.target dependency, it's socket-activated (thanks to the
systemd-service-file-refers-to-obsolete-target lintian tag).
- Ensure both local and online API credentials have been defined.
Gbp-Pq: Name 0003-adjust-systemd-unit.patch
Cyril Brulebois [Wed, 31 May 2023 16:54:17 +0000 (17:54 +0100)]
crowdsec (1.4.6-4) unstable; urgency=medium
* Implement support for pending registration: since bouncers list crowdsec
in Recommends, we cannot guarantee the order in which bouncers and
crowdsec are configured (See: #
1035499, #
1036985). Bouncers can now
queue triplets (systemd unit name, bouncer identifier and API key) in
/var/lib/crowdsec/pending-registration. crowdsec.postinst will register
those bouncers, and start their systemd units after removing that file
(satisfying their ConditionPathExists=! on it).
* Replace `exit 0` with `break` in the preceding code block.
[dgit import unpatched crowdsec 1.4.6-4]
Cyril Brulebois [Wed, 31 May 2023 16:54:17 +0000 (17:54 +0100)]
Import crowdsec_1.4.6-4.debian.tar.xz
[dgit import tarball crowdsec 1.4.6-4 crowdsec_1.4.6-4.debian.tar.xz]
Cyril Brulebois [Sat, 18 Mar 2023 23:25:07 +0000 (23:25 +0000)]
Merge crowdsec (1.4.6-3) import into refs/heads/workingbranch
Manuel Sabban [Mon, 13 Mar 2023 16:26:33 +0000 (17:26 +0100)]
[PATCH] try to make reproducible build work (#2119)
Co-authored-by: sabban <15465465+sabban@users.noreply.github.com>
Gbp-Pq: Name 0016-try-to-make-reproducible-build-work-2119.patch
Cyril Brulebois [Wed, 1 Mar 2023 22:58:00 +0000 (23:58 +0100)]
Silence “Crowdsec is not the latest version” messages.
We're shipping crowdsec in a stable Debian release, which isn't quite
compatible with a “latest and greatest” approach. :)
Upstream maintains a hub branch for the version we ship in stable anyway.
Gbp-Pq: Name 0015-silence-not-latest-version.patch
Cyril Brulebois [Wed, 1 Mar 2023 21:36:00 +0000 (22:36 +0100)]
Silence yaml patching
Being able to patch configuration files using .local snippets is relatively new,
and very useful when it comes to shipping mostly untouched configuration files,
with just a few values set in a .local file.
Unfortunately the initial code is very chatty and generates info-level messages
in all cscli calls.
An early patch upstream is
ca12432a2acd2fd607e9fbea97fea3fb3f124678 (backported
here), which demotes those messages from info to debug. It left the “Prepending”
messages at info, but those haven't been seen with the current packages, so
that's left untouched in this patch as well.
Further refinement landed in
cd4dabde0ec833552881dd36780ab847cf20882d but that
touches more code, and we're closing in freeze-wise, so leave it alone. All our
crowdsec* packages ship a README.Debian file, which should be sufficient in most
cases. When in doubt, adjusting the log level in specific commands should be
enough to figure out what's happening.
Gbp-Pq: Name 0014-silence-yaml-patching.patch
Cyril Brulebois [Wed, 1 Mar 2023 21:41:36 +0000 (22:41 +0100)]
Skip flakky tests
Initially (2023-02-15):
- TestAPICSendMetrics
- TestLongRunningQPS
Both aim at checking performance, and might error out when the underlying
system is “slow”. That was the case for the first test on arm64 (KO on
arm-arm-01, OK on arm-ubc-03) and on armel (KO on arm-ubc-06, OK on
arm-conova-02), and for the second test on mipsel (KO on mipsel-aql-02).
The same might happen on ci.debian.net, so disable both tests everywhere.
Extension (2023-03-01):
- TestAPICCAPIPullIsOld
- TestAPICHandleDeletedDecisions
- TestAPICPullTop
- TestGetDecisionsSinceCount
Gbp-Pq: Name 0013-skip-flakky-tests.patch
Manuel Sabban [Fri, 25 Nov 2022 07:34:47 +0000 (08:34 +0100)]
Refresh code generated from protobuf specifications
Without this patch, crowdsec would build fine but would fail in its testsuite,
reaching the 10-minute timeout. This was tracked down to unexpected csplugins
crashes, due to mismatched protobuf versions.
This issue would go away with golang-goprotobuf-dev 1.5.2-1~exp1 (as found in
experimental for a while) instead of 1.3.5-2 (in unstable as of November 2022).
Since protobuf's build-time and run-time are particularly tricky to get right,
incompatible 1.3.x and 1.5.x versions are packaged separately and aren't
co-installable. Since most packages depend on the 1.3.x version, it's not
possible to pull the 1.5.x version to avoid this issue.
Therefore, upstream was kind enough to come up with this patch, refreshing the
generated code so that it works fine within unstable.
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
Gbp-Pq: Name 0011-refresh-protobuf-code.patch
Cyril Brulebois [Sat, 18 Mar 2023 23:25:07 +0000 (23:25 +0000)]
disable-some-tests
Gbp-Pq: Name 0010-disable-some-tests.patch
Cyril Brulebois [Sat, 18 Mar 2023 23:25:07 +0000 (23:25 +0000)]
disable-kafka-acquisition-module
Gbp-Pq: Name 0009-disable-kafka-acquisition-module.patch
Cyril Brulebois [Sat, 18 Mar 2023 23:25:07 +0000 (23:25 +0000)]
r3labs-diff-versions
Gbp-Pq: Name 0008-r3labs-diff-versions.patch
Cyril Brulebois [Mon, 1 Mar 2021 20:40:04 +0000 (20:40 +0000)]
Automatically enable the online hub
By default, crowdsec comes with an offline copy of the hub (see
README.Debian). When running `cscli hub update`, ensure switching from
this offline copy to the online hub.
To ensure cscli doesn't disable anything that was configured (due to
symlinks from /etc/crowdsec becoming dangling all of a sudden), copy the
offline hub in the live directory (/var/lib/crowdsec/hub), and let
further operations (`cscli hub upgrade`, or `cscli <type> install`)
update the live directory as required.
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
Gbp-Pq: Name 0007-automatically-enable-online-hub.patch
Cyril Brulebois [Mon, 1 Mar 2021 14:11:36 +0000 (14:11 +0000)]
Adjust default config
Let's have all hub-related data under /var/lib/crowdsec/hub instead of
the default /etc/crowdsec/hub directory.
Also fix plugin directory.
Also delete pid_dir, which would otherwise generate this at runtime:
Deprecation warning: the pid_dir config can be safely removed and is not required
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
Gbp-Pq: Name 0005-adjust-config.patch
Cyril Brulebois [Fri, 22 Jan 2021 14:35:42 +0000 (14:35 +0000)]
Disable geoip-enrich in the hub files
It would download GeoLite2*.mmdb files from the network. Let users
enable the hub by themselves if they want to use it.
When refreshing this patch, don't forget to update both digest and
content fields, using:
- digest: sha256sum hub1/collections/crowdsecurity/linux.yaml
- content: base64 -w 0 /etc/crowdsec/collections/linux.yaml
Gbp-Pq: Name 0004-disable-geoip-enrich.patch
Cyril Brulebois [Fri, 22 Jan 2021 13:25:54 +0000 (13:25 +0000)]
Adjust systemd unit
- Adjust paths for the packaged crowdsec binary (/usr/bin).
- Drop commented out ExecStartPost entirely.
- Drop syslog.target dependency, it's socket-activated (thanks to the
systemd-service-file-refers-to-obsolete-target lintian tag).
- Ensure both local and online API credentials have been defined.
Gbp-Pq: Name 0003-adjust-systemd-unit.patch
Cyril Brulebois [Sat, 18 Mar 2023 23:25:07 +0000 (23:25 +0000)]
crowdsec (1.4.6-3) unstable; urgency=medium
* When performing an upgrade from pre-1.4.x versions, apply a workaround
to avoid losing CAPI decisions for several hours (Closes: #
1033138):
delete alert(s) matching “Community blocklist”, and if at least one
deletion occurred, restart the daemon to force an immediate pull.
* Hardcode libsqlite3-0 (>= 3.35.0) in Depends to ensure Ent-generated
SQLite queries are understood (Closes: #
1033132): otherwise, we would
get a dependency on libsqlite3-0 (>= 3.12.0) via shlibs, which is
clearly not enough.
* Backport upstream patch to fix building in the past/in the future (as
seen with reproducible builds), no longer hardcoding the expected year
for yearless timestamps:
- 0016-try-to-make-reproducible-build-work-2119.patch
[dgit import unpatched crowdsec 1.4.6-3]
Cyril Brulebois [Sat, 18 Mar 2023 23:25:07 +0000 (23:25 +0000)]
Import crowdsec_1.4.6-3.debian.tar.xz
[dgit import tarball crowdsec 1.4.6-3 crowdsec_1.4.6-3.debian.tar.xz]
Raspbian automatic forward porter [Tue, 14 Mar 2023 16:01:07 +0000 (16:01 +0000)]
Merge version 1.4.2-3+rpi1 and 1.4.6-1 to produce 1.4.6-1+rpi1
Cyril Brulebois [Thu, 2 Mar 2023 05:07:10 +0000 (05:07 +0000)]
Import crowdsec_1.4.6.orig.tar.gz
[dgit import orig crowdsec_1.4.6.orig.tar.gz]
Cyril Brulebois [Thu, 2 Mar 2023 05:07:10 +0000 (05:07 +0000)]
Import crowdsec_1.4.6.orig-data1.tar.gz
[dgit import orig crowdsec_1.4.6.orig-data1.tar.gz]
Cyril Brulebois [Thu, 2 Mar 2023 05:07:10 +0000 (05:07 +0000)]
Import crowdsec_1.4.6.orig-hub1.tar.gz
[dgit import orig crowdsec_1.4.6.orig-hub1.tar.gz]
Cyril Brulebois [Thu, 2 Mar 2023 05:07:10 +0000 (05:07 +0000)]
Merge crowdsec (1.4.6-1) import into refs/heads/workingbranch
Cyril Brulebois [Wed, 1 Mar 2023 22:58:00 +0000 (23:58 +0100)]
Silence “Crowdsec is not the latest version” messages.
We're shipping crowdsec in a stable Debian release, which isn't quite
compatible with a “latest and greatest” approach. :)
Upstream maintains a hub branch for the version we ship in stable anyway.
Gbp-Pq: Name 0015-silence-not-latest-version.patch
Cyril Brulebois [Wed, 1 Mar 2023 21:36:00 +0000 (22:36 +0100)]
Silence yaml patching
Being able to patch configuration files using .local snippets is relatively new,
and very useful when it comes to shipping mostly untouched configuration files,
with just a few values set in a .local file.
Unfortunately the initial code is very chatty and generates info-level messages
in all cscli calls.
An early patch upstream is
ca12432a2acd2fd607e9fbea97fea3fb3f124678 (backported
here), which demotes those messages from info to debug. It left the “Prepending”
messages at info, but those haven't been seen with the current packages, so
that's left untouched in this patch as well.
Further refinement landed in
cd4dabde0ec833552881dd36780ab847cf20882d but that
touches more code, and we're closing in freeze-wise, so leave it alone. All our
crowdsec* packages ship a README.Debian file, which should be sufficient in most
cases. When in doubt, adjusting the log level in specific commands should be
enough to figure out what's happening.
Gbp-Pq: Name 0014-silence-yaml-patching.patch
Cyril Brulebois [Wed, 1 Mar 2023 21:41:36 +0000 (22:41 +0100)]
Skip flakky tests
Initially (2023-02-15):
- TestAPICSendMetrics
- TestLongRunningQPS
Both aim at checking performance, and might error out when the underlying
system is “slow”. That was the case for the first test on arm64 (KO on
arm-arm-01, OK on arm-ubc-03) and on armel (KO on arm-ubc-06, OK on
arm-conova-02), and for the second test on mipsel (KO on mipsel-aql-02).
The same might happen on ci.debian.net, so disable both tests everywhere.
Extension (2023-03-01):
- TestAPICCAPIPullIsOld
- TestAPICHandleDeletedDecisions
- TestAPICPullTop
- TestGetDecisionsSinceCount
Gbp-Pq: Name 0013-skip-flakky-tests.patch
Manuel Sabban [Fri, 25 Nov 2022 07:34:47 +0000 (08:34 +0100)]
Refresh code generated from protobuf specifications
Without this patch, crowdsec would build fine but would fail in its testsuite,
reaching the 10-minute timeout. This was tracked down to unexpected csplugins
crashes, due to mismatched protobuf versions.
This issue would go away with golang-goprotobuf-dev 1.5.2-1~exp1 (as found in
experimental for a while) instead of 1.3.5-2 (in unstable as of November 2022).
Since protobuf's build-time and run-time are particularly tricky to get right,
incompatible 1.3.x and 1.5.x versions are packaged separately and aren't
co-installable. Since most packages depend on the 1.3.x version, it's not
possible to pull the 1.5.x version to avoid this issue.
Therefore, upstream was kind enough to come up with this patch, refreshing the
generated code so that it works fine within unstable.
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
Gbp-Pq: Name 0011-refresh-protobuf-code.patch
Cyril Brulebois [Thu, 2 Mar 2023 05:07:10 +0000 (05:07 +0000)]
disable-some-tests
Gbp-Pq: Name 0010-disable-some-tests.patch
Cyril Brulebois [Thu, 2 Mar 2023 05:07:10 +0000 (05:07 +0000)]
disable-kafka-acquisition-module
Gbp-Pq: Name 0009-disable-kafka-acquisition-module.patch
Cyril Brulebois [Thu, 2 Mar 2023 05:07:10 +0000 (05:07 +0000)]
r3labs-diff-versions
Gbp-Pq: Name 0008-r3labs-diff-versions.patch
Cyril Brulebois [Mon, 1 Mar 2021 20:40:04 +0000 (20:40 +0000)]
Automatically enable the online hub
By default, crowdsec comes with an offline copy of the hub (see
README.Debian). When running `cscli hub update`, ensure switching from
this offline copy to the online hub.
To ensure cscli doesn't disable anything that was configured (due to
symlinks from /etc/crowdsec becoming dangling all of a sudden), copy the
offline hub in the live directory (/var/lib/crowdsec/hub), and let
further operations (`cscli hub upgrade`, or `cscli <type> install`)
update the live directory as required.
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
Gbp-Pq: Name 0007-automatically-enable-online-hub.patch
Cyril Brulebois [Mon, 1 Mar 2021 14:11:36 +0000 (14:11 +0000)]
Adjust default config
Let's have all hub-related data under /var/lib/crowdsec/hub instead of
the default /etc/crowdsec/hub directory.
Also fix plugin directory.
Also delete pid_dir, which would otherwise generate this at runtime:
Deprecation warning: the pid_dir config can be safely removed and is not required
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
Gbp-Pq: Name 0005-adjust-config.patch
Cyril Brulebois [Fri, 22 Jan 2021 14:35:42 +0000 (14:35 +0000)]
Disable geoip-enrich in the hub files
It would download GeoLite2*.mmdb files from the network. Let users
enable the hub by themselves if they want to use it.
When refreshing this patch, don't forget to update both digest and
content fields, using:
- digest: sha256sum hub1/collections/crowdsecurity/linux.yaml
- content: base64 -w 0 /etc/crowdsec/collections/linux.yaml
Gbp-Pq: Name 0004-disable-geoip-enrich.patch
Cyril Brulebois [Fri, 22 Jan 2021 13:25:54 +0000 (13:25 +0000)]
Adjust systemd unit
- Adjust paths for the packaged crowdsec binary (/usr/bin).
- Drop commented out ExecStartPost entirely.
- Drop syslog.target dependency, it's socket-activated (thanks to the
systemd-service-file-refers-to-obsolete-target lintian tag).
- Ensure both local and online API credentials have been defined.
Gbp-Pq: Name 0003-adjust-systemd-unit.patch
Cyril Brulebois [Thu, 2 Mar 2023 05:07:10 +0000 (05:07 +0000)]
crowdsec (1.4.6-1) unstable; urgency=medium
* New upstream release (Closes: #
1031322).
* Include a snapshot of hub files from the v1.4.6 branch, at commit
f23a543a80.
* Delete patch:
- 0012-work-around-buggy-testparse-test.patch (fixed upstream)
* Extend patch to avoid crowdsecurity/linux's being marked tainted:
- 0004-disable-geoip-enrich.patch
* Extend patch to skip more unreliable tests:
- 0013-skip-flakky-tests.patch
* Add patches:
- 0014-silence-yaml-patching.patch: avoid polluting cscli's output
with debug messages.
- 0015-silence-not-latest-version.patch: upstream maintains a hub
branch for our stable release (Closes: #
1031323).
* Rework collections handling:
- With crowdsec growing over time, the initial “let's enable all
collections” approach doesn't seem appropriate anymore.
- On initial installation, only enable 3 collections (and their
dependencies), which should cover common needs already:
+ crowdsecurity/linux
+ crowdsecurity/apache2
+ crowdsecurity/nginx
- On upgrade, check whether all 3 collections are (still) enabled.
If that's the case, enable their dependencies as well (as new
versions tend to gain dependencies over time).
- Let admins enable/disable any other collections on their own.
* Update README.Debian accordingly.
[dgit import unpatched crowdsec 1.4.6-1]
Cyril Brulebois [Thu, 2 Mar 2023 05:07:10 +0000 (05:07 +0000)]
Import crowdsec_1.4.6-1.debian.tar.xz
[dgit import tarball crowdsec 1.4.6-1 crowdsec_1.4.6-1.debian.tar.xz]
Raspbian automatic forward porter [Mon, 27 Feb 2023 11:45:53 +0000 (11:45 +0000)]
Merge version 1.0.9-3+rpi1 and 1.4.2-3 to produce 1.4.2-3+rpi1
Cyril Brulebois [Wed, 15 Feb 2023 10:03:10 +0000 (10:03 +0000)]
Merge crowdsec (1.4.2-3) import into refs/heads/workingbranch
Cyril Brulebois [Wed, 15 Feb 2023 09:55:43 +0000 (10:55 +0100)]
Skip flakky tests
Both aim at checking performance, and might error out when the underlying
system is “slow”. That was the case for the first test on arm64 (KO on
arm-arm-01, OK on arm-ubc-03) and on armel (KO on arm-ubc-06, OK on
arm-conova-02), and for the second test on mipsel (KO on mipsel-aql-02).
The same might happen on ci.debian.net, so disable both tests everywhere.
Gbp-Pq: Name 0013-skip-flakky-tests.patch
Cyril Brulebois [Mon, 13 Feb 2023 16:28:35 +0000 (17:28 +0100)]
Work around buggy test.
This test expects a year-less timestamp to be understood as being from
the current year. Except we're next year already!
Bump the expected year for the time being.
Gbp-Pq: Name 0012-work-around-buggy-testparse-test.patch
Manuel Sabban [Fri, 25 Nov 2022 07:34:47 +0000 (08:34 +0100)]
Refresh code generated from protobuf specifications
Without this patch, crowdsec would build fine but would fail in its testsuite,
reaching the 10-minute timeout. This was tracked down to unexpected csplugins
crashes, due to mismatched protobuf versions.
This issue would go away with golang-goprotobuf-dev 1.5.2-1~exp1 (as found in
experimental for a while) instead of 1.3.5-2 (in unstable as of November 2022).
Since protobuf's build-time and run-time are particularly tricky to get right,
incompatible 1.3.x and 1.5.x versions are packaged separately and aren't
co-installable. Since most packages depend on the 1.3.x version, it's not
possible to pull the 1.5.x version to avoid this issue.
Therefore, upstream was kind enough to come up with this patch, refreshing the
generated code so that it works fine within unstable.
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
Gbp-Pq: Name 0011-refresh-protobuf-code.patch
Cyril Brulebois [Wed, 15 Feb 2023 10:03:10 +0000 (10:03 +0000)]
disable-some-tests
Gbp-Pq: Name 0010-disable-some-tests.patch
Cyril Brulebois [Wed, 15 Feb 2023 10:03:10 +0000 (10:03 +0000)]
disable-kafka-acquisition-module
Gbp-Pq: Name 0009-disable-kafka-acquisition-module.patch
Cyril Brulebois [Wed, 15 Feb 2023 10:03:10 +0000 (10:03 +0000)]
r3labs-diff-versions
Gbp-Pq: Name 0008-r3labs-diff-versions.patch
Cyril Brulebois [Mon, 1 Mar 2021 20:40:04 +0000 (20:40 +0000)]
Automatically enable the online hub
By default, crowdsec comes with an offline copy of the hub (see
README.Debian). When running `cscli hub update`, ensure switching from
this offline copy to the online hub.
To ensure cscli doesn't disable anything that was configured (due to
symlinks from /etc/crowdsec becoming dangling all of a sudden), copy the
offline hub in the live directory (/var/lib/crowdsec/hub), and let
further operations (`cscli hub upgrade`, or `cscli <type> install`)
update the live directory as required.
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
Gbp-Pq: Name 0007-automatically-enable-online-hub.patch
Cyril Brulebois [Mon, 1 Mar 2021 14:11:36 +0000 (14:11 +0000)]
Adjust default config
Let's have all hub-related data under /var/lib/crowdsec/hub instead of
the default /etc/crowdsec/hub directory.
Also fix plugin directory.
Also delete pid_dir, which would otherwise generate this at runtime:
Deprecation warning: the pid_dir config can be safely removed and is not required
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
Gbp-Pq: Name 0005-adjust-config.patch
Cyril Brulebois [Fri, 22 Jan 2021 14:35:42 +0000 (14:35 +0000)]
Disable geoip-enrich in the hub files
It would download GeoLite2*.mmdb files from the network. Let users
enable the hub by themselves if they want to use it.
Gbp-Pq: Name 0004-disable-geoip-enrich.patch
Cyril Brulebois [Fri, 22 Jan 2021 13:25:54 +0000 (13:25 +0000)]
Adjust systemd unit
- Adjust paths for the packaged crowdsec binary (/usr/bin).
- Drop commented out ExecStartPost entirely.
- Drop syslog.target dependency, it's socket-activated (thanks to the
systemd-service-file-refers-to-obsolete-target lintian tag).
- Ensure both local and online API credentials have been defined.
Gbp-Pq: Name 0003-adjust-systemd-unit.patch
Cyril Brulebois [Wed, 15 Feb 2023 10:03:10 +0000 (10:03 +0000)]
crowdsec (1.4.2-3) unstable; urgency=medium
* Really fix FTBFS with -A, by really adjusting the override.
* Add patch:
- 0013-skip-flakky-tests.patch: this should avoid build failures, and
probably autopkgtest failures on “slow systems” (arm*, mips*).
[dgit import unpatched crowdsec 1.4.2-3]
Cyril Brulebois [Wed, 15 Feb 2023 10:03:10 +0000 (10:03 +0000)]
Import crowdsec_1.4.2-3.debian.tar.xz
[dgit import tarball crowdsec 1.4.2-3 crowdsec_1.4.2-3.debian.tar.xz]
Cyril Brulebois [Tue, 14 Feb 2023 22:32:27 +0000 (22:32 +0000)]
Import crowdsec_1.4.2.orig.tar.gz
[dgit import orig crowdsec_1.4.2.orig.tar.gz]
Cyril Brulebois [Tue, 14 Feb 2023 22:32:27 +0000 (22:32 +0000)]
Import crowdsec_1.4.2.orig-data1.tar.gz
[dgit import orig crowdsec_1.4.2.orig-data1.tar.gz]
Cyril Brulebois [Tue, 14 Feb 2023 22:32:27 +0000 (22:32 +0000)]
Import crowdsec_1.4.2.orig-hub1.tar.gz
[dgit import orig crowdsec_1.4.2.orig-hub1.tar.gz]
Raspbian automatic forward porter [Thu, 9 Dec 2021 22:27:41 +0000 (22:27 +0000)]
Merge version 1.0.9-2+rpi1 and 1.0.9-3 to produce 1.0.9-3+rpi1
Cyril Brulebois [Sat, 4 Dec 2021 04:03:33 +0000 (04:03 +0000)]
Merge crowdsec (1.0.9-3) import into refs/heads/workingbranch
Manuel Sabban [Thu, 19 Aug 2021 07:08:20 +0000 (09:08 +0200)]
[PATCH] Download datafile (#895)
* add the ability to download datafile on cscli hub upgrade on files are missing
* fix stuff + lint
* fix error management
Co-authored-by: sabban <15465465+sabban@users.noreply.github.com>
Gbp-Pq: Name 0011-
4dbbd4b3c4-automatically-download-files-when-needed.patch
AlteredCoder [Thu, 9 Sep 2021 14:27:30 +0000 (16:27 +0200)]
[PATCH] fix stacktrace when mmdb file are not present (#935)
* fix stacktrace when mmdb file are not present
Gbp-Pq: Name 0010-
5ae69aa293-fix-stacktrace-when-mmdb-files-are-not-present.patch
Thibault "bui" Koechlin [Thu, 22 Apr 2021 09:08:16 +0000 (11:08 +0200)]
[PATCH] Improve http bad user agent : use regexp (#197)
* switch to regexp with word boundaries to avoid false positives when a legit user agent contains a bad one
Co-authored-by: GitHub Action <action@github.com>
Gbp-Pq: Name 0009-Improve-http-bad-user-agent-use-regexp-197.patch
Thibault "bui" Koechlin [Fri, 12 Mar 2021 15:01:53 +0000 (16:01 +0100)]
[PATCH] remove broken scenario `ban-report-ssh_bf_report` (#181)
* remove broken scenario
* Update index
Co-authored-by: GitHub Action <action@github.com>
Gbp-Pq: Name 0008-hub-disable-broken-scenario.patch
Cyril Brulebois [Mon, 1 Mar 2021 20:40:04 +0000 (20:40 +0000)]
Automatically enable the online hub
By default, crowdsec comes with an offline copy of the hub (see
README.Debian). When running `cscli hub update`, ensure switching from
this offline copy to the online hub.
To ensure cscli doesn't disable anything that was configured (due to
symlinks from /etc/crowdsec becoming dangling all of a sudden), copy the
offline hub in the live directory (/var/lib/crowdsec/hub), and let
further operations (`cscli hub upgrade`, or `cscli <type> install`)
update the live directory as required.
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
Gbp-Pq: Name 0007-automatically-enable-online-hub.patch
Cyril Brulebois [Mon, 1 Mar 2021 20:40:04 +0000 (20:40 +0000)]
Prefer `systemctl restart crowdsec` to `systemctl reload crowdsec`
As of version 1.0.8, reloading doesn't work due to failures to reopen
the database:
https://github.com/crowdsecurity/crowdsec/issues/656
Until this is fixed, advertise `systemctl restart crowdsec` instead.
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
Gbp-Pq: Name 0006-prefer-systemctl-restart.patch
Cyril Brulebois [Mon, 1 Mar 2021 14:11:36 +0000 (14:11 +0000)]
Adjust default config
Let's have all hub-related data under /var/lib/crowdsec/hub instead of
the default /etc/crowdsec/hub directory.
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
Gbp-Pq: Name 0005-adjust-config.patch
Cyril Brulebois [Fri, 22 Jan 2021 14:35:42 +0000 (14:35 +0000)]
Disable geoip-enrich in the hub files
It would download GeoLite2*.mmdb files from the network. Let users
enable the hub by themselves if they want to use it.
Gbp-Pq: Name 0004-disable-geoip-enrich.patch
Cyril Brulebois [Fri, 22 Jan 2021 13:25:54 +0000 (13:25 +0000)]
Adjust systemd unit
- Drop PIDFile (that uses an obsolete path, and doesn't seem to be
used at all).
- Adjust paths for the packaged crowdsec binary (/usr/bin).
- Drop commented out ExecStartPost entirely.
- Drop syslog.target dependency, it's socket-activated (thanks to the
systemd-service-file-refers-to-obsolete-target lintian tag).
- Ensure both local and online API credentials have been defined.
Gbp-Pq: Name 0003-adjust-systemd-unit.patch
Cyril Brulebois [Fri, 8 Jan 2021 17:27:15 +0000 (17:27 +0000)]
Use _foreign_keys=1 instead of _fk=1
The _foreign_keys=1 syntax is widely supported but the _fk=1 alias for
it was only added in version 1.8.0 of the sqlite3 driver. Avoid using
the alias for the time being (the freeze is near).
Gbp-Pq: Name 0002-add-compatibility-for-older-sqlite-driver.patch
Cyril Brulebois [Thu, 7 Jan 2021 17:07:12 +0000 (17:07 +0000)]
Use local machineid implementation
Let's avoid a dependency on an extra package (denisbrodbeck/machineid),
since its ID() function is mostly about trying to read from two files.
Signed-off-by: Manuel Sabban <manuel@crowdsec.net>
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
Gbp-Pq: Name 0001-use-a-local-machineid-implementation.patch
Cyril Brulebois [Sat, 4 Dec 2021 04:03:33 +0000 (04:03 +0000)]
crowdsec (1.0.9-3) unstable; urgency=medium
* Backport upstream patches to deal with missing MMDB files gracefully
(geolocation files aren't shipped by default):
-
5ae69aa293: fix stacktrace when mmdb files are not present (#935)
-
4dbbd4b3c4: automatically download files when needed (#895), so
that switching to the online hub doesn't require extra steps to
fetch files.
[dgit import unpatched crowdsec 1.0.9-3]
Cyril Brulebois [Sat, 4 Dec 2021 04:03:33 +0000 (04:03 +0000)]
Import crowdsec_1.0.9-3.debian.tar.xz
[dgit import tarball crowdsec 1.0.9-3 crowdsec_1.0.9-3.debian.tar.xz]
Raspbian automatic forward porter [Fri, 4 Jun 2021 03:35:21 +0000 (04:35 +0100)]
Merge version 1.0.9-1+rpi1 and 1.0.9-2 to produce 1.0.9-2+rpi1
Peter Michael Green [Sat, 8 May 2021 13:10:12 +0000 (14:10 +0100)]
Merge crowdsec (1.0.9-1+rpi1) import into refs/heads/workingbranch
Thibault "bui" Koechlin [Fri, 12 Mar 2021 15:01:53 +0000 (16:01 +0100)]
[PATCH] remove broken scenario `ban-report-ssh_bf_report` (#181)
* remove broken scenario
* Update index
Co-authored-by: GitHub Action <action@github.com>
Gbp-Pq: Name 0008-hub-disable-broken-scenario.patch
Cyril Brulebois [Mon, 1 Mar 2021 20:40:04 +0000 (20:40 +0000)]
Automatically enable the online hub
By default, crowdsec comes with an offline copy of the hub (see
README.Debian). When running `cscli hub update`, ensure switching from
this offline copy to the online hub.
To ensure cscli doesn't disable anything that was configured (due to
symlinks from /etc/crowdsec becoming dangling all of a sudden), copy the
offline hub in the live directory (/var/lib/crowdsec/hub), and let
further operations (`cscli hub upgrade`, or `cscli <type> install`)
update the live directory as required.
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
Gbp-Pq: Name 0007-automatically-enable-online-hub.patch
Cyril Brulebois [Mon, 1 Mar 2021 20:40:04 +0000 (20:40 +0000)]
Prefer `systemctl restart crowdsec` to `systemctl reload crowdsec`
As of version 1.0.8, reloading doesn't work due to failures to reopen
the database:
https://github.com/crowdsecurity/crowdsec/issues/656
Until this is fixed, advertise `systemctl restart crowdsec` instead.
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
Gbp-Pq: Name 0006-prefer-systemctl-restart.patch
Cyril Brulebois [Mon, 1 Mar 2021 14:11:36 +0000 (14:11 +0000)]
Adjust default config
Let's have all hub-related data under /var/lib/crowdsec/hub instead of
the default /etc/crowdsec/hub directory.
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
Gbp-Pq: Name 0005-adjust-config.patch
Cyril Brulebois [Fri, 22 Jan 2021 14:35:42 +0000 (14:35 +0000)]
Disable geoip-enrich in the hub files
It would download GeoLite2*.mmdb files from the network. Let users
enable the hub by themselves if they want to use it.
Gbp-Pq: Name 0004-disable-geoip-enrich.patch
Cyril Brulebois [Fri, 22 Jan 2021 13:25:54 +0000 (13:25 +0000)]
Adjust systemd unit
- Drop PIDFile (that uses an obsolete path, and doesn't seem to be
used at all).
- Adjust paths for the packaged crowdsec binary (/usr/bin).
- Drop commented out ExecStartPost entirely.
- Drop syslog.target dependency, it's socket-activated (thanks to the
systemd-service-file-refers-to-obsolete-target lintian tag).
- Ensure both local and online API credentials have been defined.
Gbp-Pq: Name 0003-adjust-systemd-unit.patch
Cyril Brulebois [Fri, 8 Jan 2021 17:27:15 +0000 (17:27 +0000)]
Use _foreign_keys=1 instead of _fk=1
The _foreign_keys=1 syntax is widely supported but the _fk=1 alias for
it was only added in version 1.8.0 of the sqlite3 driver. Avoid using
the alias for the time being (the freeze is near).
Gbp-Pq: Name 0002-add-compatibility-for-older-sqlite-driver.patch
Cyril Brulebois [Thu, 7 Jan 2021 17:07:12 +0000 (17:07 +0000)]
Use local machineid implementation
Let's avoid a dependency on an extra package (denisbrodbeck/machineid),
since its ID() function is mostly about trying to read from two files.
Signed-off-by: Manuel Sabban <manuel@crowdsec.net>
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
Gbp-Pq: Name 0001-use-a-local-machineid-implementation.patch
Peter Michael Green [Sat, 8 May 2021 13:10:12 +0000 (14:10 +0100)]
crowdsec (1.0.9-1+rpi1) bullseye-staging; urgency=medium
* Disable testsuite (probablly a btrfs related failure).
[dgit import unpatched crowdsec 1.0.9-1+rpi1]
Peter Michael Green [Sat, 8 May 2021 13:10:12 +0000 (14:10 +0100)]
Import crowdsec_1.0.9-1+rpi1.debian.tar.xz
[dgit import tarball crowdsec 1.0.9-1+rpi1 crowdsec_1.0.9-1+rpi1.debian.tar.xz]
Cyril Brulebois [Mon, 3 May 2021 07:29:06 +0000 (08:29 +0100)]
Merge crowdsec (1.0.9-2) import into refs/heads/workingbranch
Thibault "bui" Koechlin [Thu, 22 Apr 2021 09:08:16 +0000 (11:08 +0200)]
[PATCH] Improve http bad user agent : use regexp (#197)
* switch to regexp with word boundaries to avoid false positives when a legit user agent contains a bad one
Co-authored-by: GitHub Action <action@github.com>
Gbp-Pq: Name 0009-Improve-http-bad-user-agent-use-regexp-197.patch
Thibault "bui" Koechlin [Fri, 12 Mar 2021 15:01:53 +0000 (16:01 +0100)]
[PATCH] remove broken scenario `ban-report-ssh_bf_report` (#181)
* remove broken scenario
* Update index
Co-authored-by: GitHub Action <action@github.com>
Gbp-Pq: Name 0008-hub-disable-broken-scenario.patch
Cyril Brulebois [Mon, 1 Mar 2021 20:40:04 +0000 (20:40 +0000)]
Automatically enable the online hub
By default, crowdsec comes with an offline copy of the hub (see
README.Debian). When running `cscli hub update`, ensure switching from
this offline copy to the online hub.
To ensure cscli doesn't disable anything that was configured (due to
symlinks from /etc/crowdsec becoming dangling all of a sudden), copy the
offline hub in the live directory (/var/lib/crowdsec/hub), and let
further operations (`cscli hub upgrade`, or `cscli <type> install`)
update the live directory as required.
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
Gbp-Pq: Name 0007-automatically-enable-online-hub.patch
Cyril Brulebois [Mon, 1 Mar 2021 20:40:04 +0000 (20:40 +0000)]
Prefer `systemctl restart crowdsec` to `systemctl reload crowdsec`
As of version 1.0.8, reloading doesn't work due to failures to reopen
the database:
https://github.com/crowdsecurity/crowdsec/issues/656
Until this is fixed, advertise `systemctl restart crowdsec` instead.
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
Gbp-Pq: Name 0006-prefer-systemctl-restart.patch
Cyril Brulebois [Mon, 1 Mar 2021 14:11:36 +0000 (14:11 +0000)]
Adjust default config
Let's have all hub-related data under /var/lib/crowdsec/hub instead of
the default /etc/crowdsec/hub directory.
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
Gbp-Pq: Name 0005-adjust-config.patch
projects / crowdsec.git / log