-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 02 Mar 2021 00:25:48 +0000 Source: crowdsec Architecture: source Version: 1.0.8-1 Distribution: unstable Urgency: medium Maintainer: Cyril Brulebois <cyril@debamax.com> Changed-By: Cyril Brulebois <cyril@debamax.com> Changes: crowdsec (1.0.8-1) unstable; urgency=medium . * New upstream stable release. * Refresh patches: + 0001-use-a-local-machineid-implementation.patch (unfuzzy) + 0002-add-compatibility-for-older-sqlite-driver.patch * Set cwversion variables through debian/rules (build metadata). * Add patch so that upstream's crowdsec.service is correct on Debian: + 0003-adjust-systemd-unit.patch * Really add lintian overrides for hardening-no-pie warnings. * Ship patterns below /etc/crowdsec/patterns: they're supposed to be stable over time, and it's advised not to modify them, but let's allow for some configurability. * Include a snapshot of hub files from the master branch, at commit d8a8509bdf: hub1. Further updates for a given crowdsec upstream version will be numbered hubN. After a while, they will be generated from a dedicated vX.Y.Z branch instead of from master. * Implement a generate_hub_tarball target in debian/rules to automate generating a tarball for hub files. * Add patch to disable geoip-enrich in the hub files as it requires downloading some files from the network that aren't under the usual MIT license: + 0004-disable-geoip-enrich.patch * Ship a selection of hub files in /usr/share/crowdsec/hub so that crowdsec can be set up without having to download data from the collaborative hub (https://hub.crowdsec.net/). * Ditto for some data files (in /usr/share/crowdsec/data). * Use DH_GOLANG_EXCLUDES to avoid including extra Go files from the hub into the build directory. * Implement an extract_hub_tarball target in debian/rules to automate extracting hub files from the tarball. * Implement an extract_data_tarball target in debian/rules to automate extracting data files from the tarball. * Ship crowdsec-cli (automated Golang naming) as cscli (upstream's preference). * Add patch to adjust the default config: + 0005-adjust-config.patch * Ship config/config.yaml accordingly, along with the config files it references. * Also adjust the hub_branch variable in config.yaml, pointing to the branch related to the current upstream release instead of master. * Create /var/lib/crowdsec/{data,hub} directories. * Implement configure in postinst to generate credentials files: Implement a simple agent setup with a Local API (LAPI), and with an automatic registration to the Central API (CAPI). The latter can be disabled by creating a /etc/crowdsec/online_api_credentials.yaml file containing a comment (e.g. “# no thanks”) before installing this package. * Implement purge in postrm. Drop all of /etc/crowdsec except online_api_credentials.yaml if this file doesn't seem to have been created during CAPI registration (likely because an admin created the file in advance to prevent it). Also remove everything below /var/lib/crowdsec/{data,hub}, along with log files. * Implement custom enable-online-hub and disable-online-hub actions in postinst. The latter is called once automatically to make sure the offline hub is ready to use. See README.Debian for details. * Also enable all items using the offline hub on fresh installation. * Add patch advertising `systemctl restart crowdsec` when updating the configuration: reload doesn't work at the moment (#656 upstream). + 0006-prefer-systemctl-restart.patch * Add patch automating switching from the offline hub to the online hub when `cscli hub update` is called: + 0007-automatically-enable-online-hub.patch * Add lintian override accordingly: uses-dpkg-database-directly. * Add ca-certificates to Depends for the CAPI registration. * Create /etc/machine-id if it doesn't exist already (e.g. in piuparts environments). Checksums-Sha1: c95223e1f8a7dbe9ea6880f461434c279522b6a9 4113 crowdsec_1.0.8-1.dsc b4578e550c122525141b54f0f340da7d57c66b64 6633 crowdsec_1.0.8.orig-data1.tar.gz fc4ea1e240eeeb6d52f9e66532a710eebf7afaf4 328614 crowdsec_1.0.8.orig-hub1.tar.gz fbe11b10729fc59e3bd34ff3cd444f14a390c6aa 28991798 crowdsec_1.0.8.orig.tar.gz 1926be922d664e717cbfcb7f18648d507d5ded81 15028 crowdsec_1.0.8-1.debian.tar.xz 0a574cbfaae028f935e043a0e59404ebea365541 22413 crowdsec_1.0.8-1_source.buildinfo Checksums-Sha256: 8faba7cf2f401041778043dc6677be0490e8295435e2e5098b0eab3482063c92 4113 crowdsec_1.0.8-1.dsc 5162c01310629e0546229a40902d586fddd713208ff5a65fda7660eadd4fa06a 6633 crowdsec_1.0.8.orig-data1.tar.gz 8928fbff222c2401296b22f65b7e4373fac5f6793aa8eb5b587076e675e98f48 328614 crowdsec_1.0.8.orig-hub1.tar.gz 69eaff551eab31fc83207f9f8388ab0ccb4e2caeb7386cce5da79d4752f56b40 28991798 crowdsec_1.0.8.orig.tar.gz 87f6a8765306766fd2b1938b4f9a83301cf689211c92ffc829a72fc0234fde03 15028 crowdsec_1.0.8-1.debian.tar.xz 2e1202a95709a4da81835127cc132639c8d839f93e63071be47ced7a9ab55977 22413 crowdsec_1.0.8-1_source.buildinfo Files: 6a5511cd55dc081949239aed78a48082 4113 golang optional crowdsec_1.0.8-1.dsc c9a40e5a33657fd69d51cf87f814b184 6633 golang optional crowdsec_1.0.8.orig-data1.tar.gz 12fe8aa6f1f1d09fee6e524657661f52 328614 golang optional crowdsec_1.0.8.orig-hub1.tar.gz 1029b77760e3f6b33d40c9f02c770244 28991798 golang optional crowdsec_1.0.8.orig.tar.gz 1a59e5ff6e71d1833ed461f709452752 15028 golang optional crowdsec_1.0.8-1.debian.tar.xz e136491d0b70a35671f3e5ef5eb5d8f4 22413 golang optional crowdsec_1.0.8-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJEBAEBCgAuFiEEtg6/KYRFPHDXTPR4/5FK8MKzVSAFAmA9hnMQHGtpYmlAZGVi aWFuLm9yZwAKCRD/kUrwwrNVIKOVD/42t/vlRs3qis8qpCBWwdKZ9nQjxe2KPZXN VzHB5s2jASpORX8xrZ8Yr462s3l1IRYgGzX1x0XrkdzKlZ1XPvsH0b6SnFeBAfze 5TRFUka+Bcu6osyL9Gaf+DLqCXrZd37H070u3sMSWtWw+9nV0ry7KL2QqPsr4spx u1DW7V0HxPJ+QCFBp10z9uGwWIyxUIihCwhvRx0dxJs/aj+cYN2oG60ZXy5PNJ8z qQLZv7JdMFoXn/QuHOBNwXNHt15GySqAUhiLqGrVFtqb/P4799Srl3+Iwl7rItrx L7z6KkaE5zvsopSy+mg7nPjJRfeNWZCU+cJsae9tGR5SnCujPen3WP4wi1Z5TCct CDJvdKwT6/aQ/GwNa2p4f0MCprUbxUiOGEHyNqmB5/Tt4TIchorr7Qa8unm2Q0e7 v1+UC+bccuXhWf7OOL9dsS0R5CWk3wSOs6GYXb3E/AF8kBkCDDC1eC9VuYJNOACS 9ba1wrBUB8vpXNPeVVwW17K4Zu1rL/fnD1jpL7UZ0KDt++9RDJ8H13cKcCGZZx+P SzK5oEV319vwFlOmBEjJlZY2tEezzK3ex9aCAxzs9DY899JsB2QqXR2mi4EHGUrg OFgSPkUNugHDszgSChB8iqoYvcF1HNgO0wM6NXBy7pYeOHv5ETGuxEeAS7g4WRIO s6imbOHNcw== =hFiS -----END PGP SIGNATURE-----