1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1081196: Crowdsec

    From Mathias Gibbens@21:1/5 to Martin Dosch on Tue Mar 18 04:00:01 2025
    On Wed, 2025-03-12 at 18:09 +0000, Martin Dosch wrote:
    Dear all,

    I'd like to see crowdsec in trixie, as I am using it myself.
    Is there any chance to get [1081196] fixed by delivering upstreams sshd-logs.yaml? This file is not in the repo and I failed to figure out
    how it is created.

    I initially thought this could be a simple fix, as upstream has had a
    fix for quite a while[1]. However, upon further investigation into the
    Debian packaging, it looks like there's an offline step of manually
    fetching and bundling "data" and "hub" sources (refer to the package's d/README.source). You might be able to apply the PR as a diff to the
    fully extracted Debian source with a bit of massaging, otherwise you'd
    have to generate a new hub tarball which would require some sort of src:crowdsec version bump like "1.4.6+hubx.y.z", but that gets ugly
    fast.

    A better approach would be to unbundle the "data" and "hub" tarballs
    and make them into proper Debian packages, which crowdsec could then
    properly depend upon. But that's a lot of work, and probably not
    feasible before the trixie soft freeze begins.

    Mathias

    [1] -- https://github.com/crowdsecurity/hub/pull/1093

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEE1Bp60H32xfynSJ8cKe7i1uz0QvkFAmfY4GUACgkQKe7i1uz0 QvlTAg/+M/3M7ObOPaxKc+Ndvy/RcYhF4yUAdWxFltoAn9n3AQxZYrmIyw8hgqdg e7hsna6ISQYMut0vOES7aeKWW9kX7xam37hNzwNFOQGuK0AM5ZUE8cSGpB/lbmSR mVsB8OVvdfB81GxOK1u7cSo3obK98UO14Xz5eFfTybjIIzmET3G/LR0TP3NmusqL 6I/64C1DfXdsh0LJbPD9R2hZXRrFKpJq7URD/sKFtL9UOMVtcEmJKFk/G2LGtMzg EUDPfiM9cj/gW9he7a/tbadZwu2nQZx++TQip0MJGr2ZJDAs8PN+F0pKcYH2gMV4 qGLZcBQlKZE7l04FzVxL5wLDysPfzj+M5Dc/aXIIPdJv8eQMSTnpgzrJsG+AcJIu LGGBfPWwLMC0P5sbqRpbWThkKiEMJ9/E1eXU4YWT3Zjqp0/z4hJJki2vRkcDf/X5 MOSn+9zYCNAJDs4XybZjZE39GgyG0k8HmyjevX4+In9aDCbLo9TnaIzgzbEb6sDC 4VwfsEXBIJBmTgp/K2bFWI33ROL97vFVmVs6n9BtHlKCW5Y2z8YVLgvo0UROlvEa 6NK5mSA2YHUCjUkJwKpqcreTeRNg6+kxHVuZ19vgP3J0uPEeirQ3e/37gLvOGPcu tFgOsNc4iOx51bRdz6tfwwD2oNpPSwpMOiH2ZVW6TP9Z+uY0RN8=
    =K0CA
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Cyril Brulebois@21:1/5 to All on Mon Apr 7 00:20:01 2025
    Hi,

    Mathias Gibbens <gibmat@debian.org> (2025-03-18):
    On Wed, 2025-03-12 at 18:09 +0000, Martin Dosch wrote:
    Dear all,

    I'd like to see crowdsec in trixie, as I am using it myself.
    Is there any chance to get [1081196] fixed by delivering upstreams sshd-logs.yaml? This file is not in the repo and I failed to figure out how it is created.

    I initially thought this could be a simple fix, as upstream has had a
    fix for quite a while[1]. However, upon further investigation into the
    Debian packaging, it looks like there's an offline step of manually
    fetching and bundling "data" and "hub" sources (refer to the package's d/README.source). You might be able to apply the PR as a diff to the
    fully extracted Debian source with a bit of massaging, otherwise you'd
    have to generate a new hub tarball which would require some sort of src:crowdsec version bump like "1.4.6+hubx.y.z", but that gets ugly
    fast.

    I've just done the massaging, tested the resulting package successfully
    on a trixie host, and uploaded it. Sorry for the delay, and thanks
    everyone for your interest in getting this reported and fixed…

    A better approach would be to unbundle the "data" and "hub" tarballs
    and make them into proper Debian packages, which crowdsec could then
    properly depend upon. But that's a lot of work, and probably not
    feasible before the trixie soft freeze begins.

    What follows is just a quick backstory (not an excuse or anything like
    that).

    Yeah, the whole situation is not ideal, sorry about that. While the hub
    could possibly be packaged out of their repository, the data part is
    assembled from various sources so that would be a be weird to have a
    source package for that. Also, whether you go for a separate package
    that you build-depend on or whether you go for an extra tarball, you
    would still have to at least build (via either a binNMU or an upload, respectively) crowdsec again after changing those, so that's why I
    decided to go for a tarball (one for each component).

    Over the few years that package has existed, having to update those
    files has rather be seldom. Usually once per major upstream release.
    Sorry this got in your (collective) way lately.


    Cheers,
    --
    Cyril Brulebois -- Debian Consultant @ DEBAMAX -- https://debamax.com/

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEEHoutkuoaze1Qayc7lZpsmSeGm2EFAmfy+jgACgkQlZpsmSeG m2Gkyg//XbAreLz3Kv9ZHSlVXCW9wmyzHAbY2bIr1S4KEyegO4M009Z3P2j1eZIC y+rdgd8WD2p6arnkMzwVWQ5JEXEh16fetMamIwFG24Y7miUOiSHV/2fHvEmc359O l1jFuwZeOrCprndufjBEw6N4EM/sy6cs8EyoZI/Mm4lGDLcdVV1XjV2V58zQhUnn jrdvX91EkBrKmOiWw8CGBGrbkLrIbmZgFUicQz0vEGP49ZyDDKuiN5aGCAtAJcI1 M6gKVX8lMxOtNTzkDgx8tJPkTJb2sH7t6Gru0Kuw97BbtB+i+HGcmX+QhbWL5UYq w+BFrrm+jbFFDoEEcAbeR0BW/xjBLwAtA0Dx5Fwvxo4RVxYgNhTb5y0Oo0EToMpJ Fn9LnLksjTZrhbqFjbdiAzEU3odWd32yqyPp2237ApedSZhnNXuBaD5OPkSNe/eK UxjuOY31uGRLzvy688GLDe2E0qbYcQ0ONJnt7YRkCUd2bCSMguKe1iI/TbgYlHEG xkECKvGxobHEYKEE30TpzhiOFfu59Ej2KgNBJLYjA0AwYSFgjYnwa7hgaFiqmBzv SDw/uTYG7ZBeSukvT4e3smuxIANblAjEPWd5SSMxCoD4I+HPQGseE/8pV/QHvuJl WD1fKUCMnpySd+/VOvQTl2PJI60uZEqE/bTHhBfuM9x4/ZSbn+w=
    =Nm6f
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)