dgit.raspbian.org Git - crowdsec.git/log

r3labs-diff-versions

Gbp-Pq: Name 0008-r3labs-diff-versions.patch

Automatically enable the online hub

By default, crowdsec comes with an offline copy of the hub (see
README.Debian). When running `cscli hub update`, ensure switching from
this offline copy to the online hub.

To ensure cscli doesn't disable anything that was configured (due to
symlinks from /etc/crowdsec becoming dangling all of a sudden), copy the
offline hub in the live directory (/var/lib/crowdsec/hub), and let
further operations (`cscli hub upgrade`, or `cscli <type> install`)
update the live directory as required.

Signed-off-by: Cyril Brulebois <cyril@debamax.com>
Gbp-Pq: Name 0007-automatically-enable-online-hub.patch

Adjust default config

Let's have all hub-related data under /var/lib/crowdsec/hub instead of
the default /etc/crowdsec/hub directory.

Also fix plugin directory.

Also delete pid_dir, which would otherwise generate this at runtime:

Deprecation warning: the pid_dir config can be safely removed and is not required

Signed-off-by: Cyril Brulebois <cyril@debamax.com>
Gbp-Pq: Name 0005-adjust-config.patch

Disable geoip-enrich in the hub files

It would download GeoLite2*.mmdb files from the network. Let users
enable the hub by themselves if they want to use it.

When refreshing this patch, don't forget to update both digest and
content fields, using:

- digest: sha256sum hub1/collections/crowdsecurity/linux.yaml
- content: base64 -w 0 /etc/crowdsec/collections/linux.yaml

Gbp-Pq: Name 0004-disable-geoip-enrich.patch

Adjust systemd unit

- Adjust paths for the packaged crowdsec binary (/usr/bin).
- Drop commented out ExecStartPost entirely.
- Drop syslog.target dependency, it's socket-activated (thanks to the
systemd-service-file-refers-to-obsolete-target lintian tag).
- Ensure both local and online API credentials have been defined.

Gbp-Pq: Name 0003-adjust-systemd-unit.patch

crowdsec (1.4.6-1) unstable; urgency=medium

  * New upstream release (Closes: #1031322).
  * Include a snapshot of hub files from the v1.4.6 branch, at commit
    f23a543a80.
  * Delete patch:
     - 0012-work-around-buggy-testparse-test.patch (fixed upstream)
  * Extend patch to avoid crowdsecurity/linux's being marked tainted:
     - 0004-disable-geoip-enrich.patch
  * Extend patch to skip more unreliable tests:
     - 0013-skip-flakky-tests.patch
  * Add patches:
     - 0014-silence-yaml-patching.patch: avoid polluting cscli's output
       with debug messages.
     - 0015-silence-not-latest-version.patch: upstream maintains a hub
       branch for our stable release (Closes: #1031323).
  * Rework collections handling:
     - With crowdsec growing over time, the initial “let's enable all
       collections” approach doesn't seem appropriate anymore.
     - On initial installation, only enable 3 collections (and their
       dependencies), which should cover common needs already:
        + crowdsecurity/linux
        + crowdsecurity/apache2
        + crowdsecurity/nginx
     - On upgrade, check whether all 3 collections are (still) enabled.
       If that's the case, enable their dependencies as well (as new
       versions tend to gain dependencies over time).
     - Let admins enable/disable any other collections on their own.
  * Update README.Debian accordingly.

[dgit import unpatched crowdsec 1.4.6-1]

Import crowdsec_1.4.6.orig.tar.gz

[dgit import orig crowdsec_1.4.6.orig.tar.gz]

Import crowdsec_1.4.6.orig-data1.tar.gz

[dgit import orig crowdsec_1.4.6.orig-data1.tar.gz]

Import crowdsec_1.4.6.orig-hub1.tar.gz

[dgit import orig crowdsec_1.4.6.orig-hub1.tar.gz]

Import crowdsec_1.4.6-1.debian.tar.xz

[dgit import tarball crowdsec 1.4.6-1 crowdsec_1.4.6-1.debian.tar.xz]