dgit.raspbian.org Git - crowdsec.git/log

Merge crowdsec (1.4.6-9) import into refs/heads/workingbranch

add-patch-to-build-with-docker-26

Gbp-Pq: Name 0020-add-patch-to-build-with-docker-26.patch

Disable buggy test

Adding the 0017 and 0018 patches had the side effect of uncovering
reliability issues in TestStreaming(). Let's not block the bugfix for
#1040976 on fixing that test: it's more important for the acquisition
bugfix to make its way into testing and into stable.

Gbp-Pq: Name 0019-disable-unreliable-test-TestStreaming.patch

[PATCH] non-fatal error if some datasource can't be run (i.e. journalctl but systemd is missing) (#2310)

This on the other hand, gives a new fatal error when there are no valid datasources.
In the previous version, crowdsec kept running with just a warning if no
acquisition yaml or dir were specified.

Gbp-Pq: Name 0018-non-fatal-errors-for-invalid-datasources.patch

Add journalctl for ssh by default

Origin: https://github.com/crowdsecurity/crowdsec/pull/2316/

Gbp-Pq: Name 0017-fix-default-acquisition.patch

[PATCH] try to make reproducible build work (#2119)

Co-authored-by: sabban <15465465+sabban@users.noreply.github.com>
Gbp-Pq: Name 0016-try-to-make-reproducible-build-work-2119.patch

Silence “Crowdsec is not the latest version” messages.

We're shipping crowdsec in a stable Debian release, which isn't quite
compatible with a “latest and greatest” approach. :)

Upstream maintains a hub branch for the version we ship in stable anyway.

Gbp-Pq: Name 0015-silence-not-latest-version.patch

Silence yaml patching

Being able to patch configuration files using .local snippets is relatively new,
and very useful when it comes to shipping mostly untouched configuration files,
with just a few values set in a .local file.

Unfortunately the initial code is very chatty and generates info-level messages
in all cscli calls.

An early patch upstream is ca12432a2acd2fd607e9fbea97fea3fb3f124678 (backported
here), which demotes those messages from info to debug. It left the “Prepending”
messages at info, but those haven't been seen with the current packages, so
that's left untouched in this patch as well.

Further refinement landed in cd4dabde0ec833552881dd36780ab847cf20882d but that
touches more code, and we're closing in freeze-wise, so leave it alone. All our
crowdsec* packages ship a README.Debian file, which should be sufficient in most
cases. When in doubt, adjusting the log level in specific commands should be
enough to figure out what's happening.

Gbp-Pq: Name 0014-silence-yaml-patching.patch

Skip flakky tests

Initially (2023-02-15):
- TestAPICSendMetrics
- TestLongRunningQPS

Both aim at checking performance, and might error out when the underlying
system is “slow”. That was the case for the first test on arm64 (KO on
arm-arm-01, OK on arm-ubc-03) and on armel (KO on arm-ubc-06, OK on
arm-conova-02), and for the second test on mipsel (KO on mipsel-aql-02).

The same might happen on ci.debian.net, so disable both tests everywhere.

Extension (2023-03-01):
- TestAPICCAPIPullIsOld
- TestAPICHandleDeletedDecisions
- TestAPICPullTop
- TestGetDecisionsSinceCount

Gbp-Pq: Name 0013-skip-flakky-tests.patch

Refresh code generated from protobuf specifications

Without this patch, crowdsec would build fine but would fail in its testsuite,
reaching the 10-minute timeout. This was tracked down to unexpected csplugins
crashes, due to mismatched protobuf versions.

This issue would go away with golang-goprotobuf-dev 1.5.2-1~exp1 (as found in
experimental for a while) instead of 1.3.5-2 (in unstable as of November 2022).
Since protobuf's build-time and run-time are particularly tricky to get right,
incompatible 1.3.x and 1.5.x versions are packaged separately and aren't
co-installable. Since most packages depend on the 1.3.x version, it's not
possible to pull the 1.5.x version to avoid this issue.

Therefore, upstream was kind enough to come up with this patch, refreshing the
generated code so that it works fine within unstable.

Signed-off-by: Cyril Brulebois <cyril@debamax.com>
Gbp-Pq: Name 0011-refresh-protobuf-code.patch

disable-some-tests

Gbp-Pq: Name 0010-disable-some-tests.patch

disable-kafka-acquisition-module

Gbp-Pq: Name 0009-disable-kafka-acquisition-module.patch

r3labs-diff-versions

Gbp-Pq: Name 0008-r3labs-diff-versions.patch

Automatically enable the online hub

By default, crowdsec comes with an offline copy of the hub (see
README.Debian). When running `cscli hub update`, ensure switching from
this offline copy to the online hub.

To ensure cscli doesn't disable anything that was configured (due to
symlinks from /etc/crowdsec becoming dangling all of a sudden), copy the
offline hub in the live directory (/var/lib/crowdsec/hub), and let
further operations (`cscli hub upgrade`, or `cscli <type> install`)
update the live directory as required.

Signed-off-by: Cyril Brulebois <cyril@debamax.com>
Gbp-Pq: Name 0007-automatically-enable-online-hub.patch

Adjust default config

Let's have all hub-related data under /var/lib/crowdsec/hub instead of
the default /etc/crowdsec/hub directory.

Also fix plugin directory.

Also delete pid_dir, which would otherwise generate this at runtime:

Deprecation warning: the pid_dir config can be safely removed and is not required

Signed-off-by: Cyril Brulebois <cyril@debamax.com>
Gbp-Pq: Name 0005-adjust-config.patch

Disable geoip-enrich in the hub files

It would download GeoLite2*.mmdb files from the network. Let users
enable the hub by themselves if they want to use it.

When refreshing this patch, don't forget to update both digest and
content fields, using:

- digest: sha256sum hub1/collections/crowdsecurity/linux.yaml
- content: base64 -w 0 /etc/crowdsec/collections/linux.yaml

Gbp-Pq: Name 0004-disable-geoip-enrich.patch

Adjust systemd unit

- Adjust paths for the packaged crowdsec binary (/usr/bin).
- Drop commented out ExecStartPost entirely.
- Drop syslog.target dependency, it's socket-activated (thanks to the
systemd-service-file-refers-to-obsolete-target lintian tag).
- Ensure both local and online API credentials have been defined.

Gbp-Pq: Name 0003-adjust-systemd-unit.patch

crowdsec (1.4.6-9) unstable; urgency=medium

  [ Nilesh Patra ]
  * Fix FTBFS with docker.io 26+ (Closes: #1077303):
     - Add 0020-add-patch-to-build-with-docker-26.patch
     - Version golang-github-docker-docker-dev (Build-)Depends accordingly.

[dgit import unpatched crowdsec 1.4.6-9]

Import crowdsec_1.4.6-9.debian.tar.xz

[dgit import tarball crowdsec 1.4.6-9 crowdsec_1.4.6-9.debian.tar.xz]

Merge crowdsec (1.4.6-8) import into refs/heads/workingbranch