config/crowdsec.service | 10 6 + 4 - 0 !
1 file changed, 6 insertions(+), 4 deletions(-)

 adjust systemd unit

 - Adjust paths for the packaged crowdsec binary (/usr/bin).
 - Drop commented out ExecStartPost entirely.
 - Drop syslog.target dependency, it's socket-activated (thanks to the
   systemd-service-file-refers-to-obsolete-target lintian tag).
 - Ensure both local and online API credentials have been defined.

hub1/.index.json | 36 6 + 30 - 0 !
hub1/collections/crowdsecurity/linux.yaml | 3 1 + 2 - 0 !
hub1/parsers/s02-enrich/crowdsecurity/geoip-enrich.yaml | 27 0 + 27 - 0 !
3 files changed, 7 insertions(+), 59 deletions(-)

 disable geoip-enrich in the hub files

It would download GeoLite2*.mmdb files from the network. Let users
enable the hub by themselves if they want to use it.

When refreshing this patch, don't forget to update both digest and
content fields, using:

 - digest: sha256sum hub1/collections/crowdsecurity/linux.yaml
 - content: base64 -w 0 /etc/crowdsec/collections/linux.yaml

config/config.yaml | 7 3 + 4 - 0 !
1 file changed, 3 insertions(+), 4 deletions(-)

 adjust default config

Let's have all hub-related data under /var/lib/crowdsec/hub instead of
the default /etc/crowdsec/hub directory.

Also fix plugin directory.

Also delete pid_dir, which would otherwise generate this at runtime:

    Deprecation warning: the pid_dir config can be safely removed and is not required

Signed-off-by: Cyril Brulebois <cyril@debamax.com>

cmd/crowdsec-cli/hub.go | 7 7 + 0 - 0 !
1 file changed, 7 insertions(+)

 automatically enable the online hub

By default, crowdsec comes with an offline copy of the hub (see
README.Debian). When running `cscli hub update`, ensure switching from
this offline copy to the online hub.

To ensure cscli doesn't disable anything that was configured (due to
symlinks from /etc/crowdsec becoming dangling all of a sudden), copy the
offline hub in the live directory (/var/lib/crowdsec/hub), and let
further operations (`cscli hub upgrade`, or `cscli <type> install`)
update the live directory as required.

Signed-off-by: Cyril Brulebois <cyril@debamax.com>

go.mod | 2 1 + 1 - 0 !
pkg/hubtest/parser_assert.go | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

---

pkg/acquisition/acquisition.go | 5 0 + 5 - 0 !
pkg/acquisition/modules/kafka/kafka.go | 2 2 + 0 - 0 !
pkg/acquisition/modules/kafka/kafka_test.go | 2 2 + 0 - 0 !
3 files changed, 4 insertions(+), 5 deletions(-)

---

pkg/acquisition/modules/cloudwatch/cloudwatch_test.go | 2 2 + 0 - 0 !
pkg/acquisition/modules/docker/docker_test.go | 2 2 + 0 - 0 !
pkg/acquisition/modules/kinesis/kinesis_test.go | 2 2 + 0 - 0 !
3 files changed, 6 insertions(+)

---

pkg/protobufs/notifier.pb.go | 339 114 + 225 - 0 !
1 file changed, 114 insertions(+), 225 deletions(-)

 refresh code generated from protobuf specifications

Without this patch, crowdsec would build fine but would fail in its testsuite,
reaching the 10-minute timeout. This was tracked down to unexpected csplugins
crashes, due to mismatched protobuf versions.

This issue would go away with golang-goprotobuf-dev 1.5.2-1~exp1 (as found in
experimental for a while) instead of 1.3.5-2 (in unstable as of November 2022).
Since protobuf's build-time and run-time are particularly tricky to get right,
incompatible 1.3.x and 1.5.x versions are packaged separately and aren't
co-installable. Since most packages depend on the 1.3.x version, it's not
possible to pull the 1.5.x version to avoid this issue.

Therefore, upstream was kind enough to come up with this patch, refreshing the
generated code so that it works fine within unstable.

Signed-off-by: Cyril Brulebois <cyril@debamax.com>

pkg/apiserver/apic_test.go | 4 4 + 0 - 0 !
pkg/exprhelpers/exprlib_test.go | 1 1 + 0 - 0 !
pkg/time/rate/rate_test.go | 1 1 + 0 - 0 !
3 files changed, 6 insertions(+)

 skip flakky tests

Initially (2023-02-15):
 - TestAPICSendMetrics
 - TestLongRunningQPS

Both aim at checking performance, and might error out when the underlying
system is slow. That was the case for the first test on arm64 (KO on
arm-arm-01, OK on arm-ubc-03) and on armel (KO on arm-ubc-06, OK on
arm-conova-02), and for the second test on mipsel (KO on mipsel-aql-02).

The same might happen on ci.debian.net, so disable both tests everywhere.

Extension (2023-03-01):
 - TestAPICCAPIPullIsOld
 - TestAPICHandleDeletedDecisions
 - TestAPICPullTop
 - TestGetDecisionsSinceCount

pkg/yamlpatch/patcher.go | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 silence yaml patching

Being able to patch configuration files using .local snippets is relatively new,
and very useful when it comes to shipping mostly untouched configuration files,
with just a few values set in a .local file.

Unfortunately the initial code is very chatty and generates info-level messages
in all cscli calls.

An early patch upstream is ca12432a2acd2fd607e9fbea97fea3fb3f124678 (backported
here), which demotes those messages from info to debug. It left the Prepending
messages at info, but those haven't been seen with the current packages, so
that's left untouched in this patch as well.

Further refinement landed in cd4dabde0ec833552881dd36780ab847cf20882d but that
touches more code, and we're closing in freeze-wise, so leave it alone. All our
crowdsec* packages ship a README.Debian file, which should be sufficient in most
cases. When in doubt, adjusting the log level in specific commands should be
enough to figure out what's happening.

pkg/cwhub/helpers.go | 5 0 + 5 - 0 !
1 file changed, 5 deletions(-)

 silence crowdsec is not the latest version messages.

We're shipping crowdsec in a stable Debian release, which isn't quite
compatible with a latest and greatest approach. :)

Upstream maintains a hub branch for the version we ship in stable anyway.

pkg/acquisition/modules/syslog/internal/parser/rfc3164/parse_test.go | 6 4 + 2 - 0 !
1 file changed, 4 insertions(+), 2 deletions(-)

 [patch] try to make reproducible build work (#2119)

Co-authored-by: sabban <15465465+sabban@users.noreply.github.com>

config/acquis.yaml | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 add journalctl for ssh by default

cmd/crowdsec/crowdsec.go | 10 5 + 5 - 0 !
cmd/crowdsec/main.go | 4 4 + 0 - 0 !
pkg/acquisition/acquisition.go | 31 26 + 5 - 0 !
pkg/acquisition/acquisition_test.go | 2 1 + 1 - 0 !
tests/bats/01_crowdsec.bats | 49 43 + 6 - 0 !
tests/bin/assert-crowdsec-not-running | 2 1 + 1 - 0 !
6 files changed, 80 insertions(+), 18 deletions(-)

 [patch] non-fatal error if some datasource can't be run (i.e.
 journalctl but systemd is missing) (#2310)

This on the other hand, gives a new fatal error when there are no valid datasources.
In the previous version, crowdsec kept running with just a warning if no
acquisition yaml or dir were specified.

pkg/acquisition/modules/journalctl/journalctl_test.go | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 disable buggy test

Adding the 0017 and 0018 patches had the side effect of uncovering
reliability issues in TestStreaming(). Let's not block the bugfix for
#1040976 on fixing that test: it's more important for the acquisition
bugfix to make its way into testing and into stable.