| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0003-adjust-systemd-unit.patch | Adjust systemd unit - Adjust paths for the packaged crowdsec binary (/usr/bin). - Drop commented out ExecStartPost entirely. - Drop syslog.target dependency, it's socket-activated (thanks to the systemd-service-file-refers-to-obsolete-target lintian tag). - Ensure both local and online API credentials have been defined. |
Cyril Brulebois <cyril@debamax.com> | no | 2021-01-22 | ||
| 0004-disable-geoip-enrich.patch | Disable geoip-enrich in the hub files It would download GeoLite2*.mmdb files from the network. Let users enable the hub by themselves if they want to use it. When refreshing this patch, don't forget to update both digest and content fields, using: - digest: sha256sum hub1/collections/crowdsecurity/linux.yaml - content: base64 -w 0 /etc/crowdsec/collections/linux.yaml |
Cyril Brulebois <cyril@debamax.com> | no | 2021-01-22 | ||
| 0005-adjust-config.patch | Adjust default config Let's have all hub-related data under /var/lib/crowdsec/hub instead of the default /etc/crowdsec/hub directory. Also fix plugin directory. Also delete pid_dir, which would otherwise generate this at runtime: Deprecation warning: the pid_dir config can be safely removed and is not required |
Cyril Brulebois <cyril@debamax.com> | no | 2022-11-29 | ||
| 0007-automatically-enable-online-hub.patch | Automatically enable the online hub By default, crowdsec comes with an offline copy of the hub (see README.Debian). When running `cscli hub update`, ensure switching from this offline copy to the online hub. To ensure cscli doesn't disable anything that was configured (due to symlinks from /etc/crowdsec becoming dangling all of a sudden), copy the offline hub in the live directory (/var/lib/crowdsec/hub), and let further operations (`cscli hub upgrade`, or `cscli <type> install`) update the live directory as required. |
Cyril Brulebois <cyril@debamax.com> | no | 2021-03-01 | ||
| 0008-r3labs-diff-versions.patch | no | |||||
| 0009-disable-kafka-acquisition-module.patch | no | |||||
| 0010-disable-some-tests.patch | no | |||||
| 0011-refresh-protobuf-code.patch | Refresh code generated from protobuf specifications Without this patch, crowdsec would build fine but would fail in its testsuite, reaching the 10-minute timeout. This was tracked down to unexpected csplugins crashes, due to mismatched protobuf versions. This issue would go away with golang-goprotobuf-dev 1.5.2-1~exp1 (as found in experimental for a while) instead of 1.3.5-2 (in unstable as of November 2022). Since protobuf's build-time and run-time are particularly tricky to get right, incompatible 1.3.x and 1.5.x versions are packaged separately and aren't co-installable. Since most packages depend on the 1.3.x version, it's not possible to pull the 1.5.x version to avoid this issue. Therefore, upstream was kind enough to come up with this patch, refreshing the generated code so that it works fine within unstable. |
Manuel Sabban <manuel@crowdsec.net> | no | 2022-11-25 | ||
| 0013-skip-flakky-tests.patch | Skip flakky tests Initially (2023-02-15): - TestAPICSendMetrics - TestLongRunningQPS Both aim at checking performance, and might error out when the underlying system is slow. That was the case for the first test on arm64 (KO on arm-arm-01, OK on arm-ubc-03) and on armel (KO on arm-ubc-06, OK on arm-conova-02), and for the second test on mipsel (KO on mipsel-aql-02). The same might happen on ci.debian.net, so disable both tests everywhere. Extension (2023-03-01): - TestAPICCAPIPullIsOld - TestAPICHandleDeletedDecisions - TestAPICPullTop - TestGetDecisionsSinceCount |
Cyril Brulebois <cyril@debamax.com> | no | 2023-03-01 | ||
| 0014-silence-yaml-patching.patch | Silence yaml patching Being able to patch configuration files using .local snippets is relatively new, and very useful when it comes to shipping mostly untouched configuration files, with just a few values set in a .local file. Unfortunately the initial code is very chatty and generates info-level messages in all cscli calls. An early patch upstream is ca12432a2acd2fd607e9fbea97fea3fb3f124678 (backported here), which demotes those messages from info to debug. It left the Prepending messages at info, but those haven't been seen with the current packages, so that's left untouched in this patch as well. Further refinement landed in cd4dabde0ec833552881dd36780ab847cf20882d but that touches more code, and we're closing in freeze-wise, so leave it alone. All our crowdsec* packages ship a README.Debian file, which should be sufficient in most cases. When in doubt, adjusting the log level in specific commands should be enough to figure out what's happening. |
Cyril Brulebois <cyril@debamax.com> | no | 2023-03-01 | ||
| 0015-silence-not-latest-version.patch | Silence Crowdsec is not the latest version messages. We're shipping crowdsec in a stable Debian release, which isn't quite compatible with a latest and greatest approach. :) Upstream maintains a hub branch for the version we ship in stable anyway. |
Cyril Brulebois <cyril@debamax.com> | no | 2023-03-01 | ||
| 0016-try-to-make-reproducible-build-work-2119.patch | [PATCH] try to make reproducible build work (#2119) | Manuel Sabban <github@sabban.eu> | no | 2023-03-13 | ||
| 0017-fix-default-acquisition.patch | Add journalctl for ssh by defaultdiff --git a/config/acquis.yaml b/config/acquis.yaml index cc3631f3..69976b38 100644 |
Manuel Sabban <github@sabban.eu> | no | https://github.com/crowdsecurity/crowdsec/pull/2316/ | 2023-06-28 | |
| 0018-non-fatal-errors-for-invalid-datasources.patch | [PATCH] non-fatal error if some datasource can't be run (i.e. journalctl but systemd is missing) (#2310) This on the other hand, gives a new fatal error when there are no valid datasources. In the previous version, crowdsec kept running with just a warning if no acquisition yaml or dir were specified. |
mmetc <92726601+mmetc@users.noreply.github.com> | no | 2023-06-27 | ||
| 0019-disable-unreliable-test-TestStreaming.patch | Disable buggy test Adding the 0017 and 0018 patches had the side effect of uncovering reliability issues in TestStreaming(). Let's not block the bugfix for #1040976 on fixing that test: it's more important for the acquisition bugfix to make its way into testing and into stable. |
Cyril Brulebois <cyril@debamax.com> | no | 2023-07-14 |