This exposes Broker's new WebSocket support in Zeek. To enable it,
call `Broker::listen_websocket()`. Zeek will then start listening on
port 9997 for incoming WebSocket connections.
See the Broker documentation for a description of the message format
expected over these WebSocket connections.
SHA1 signatures are only allowed in the legacy policy. I have no idea
where this is documented - I found it in a patch for the OpenSSL source
package.
Also adding tar as a specific dependency, since we have a test that
requires it, and at least for me it was not present in a minimal
installation.
Fixes#2115
* origin/topic/bbannier/spicy:
Add NEWS item for new requirements due to default-enabled Spicy support.
Include headers in binary dir before other headers.
Increase memory in CI.
Add tests for bundled Spicy infrastructure.
Include spicy in build.
Add `bare_mode` bif.
Change test so included plugins can load notice framework.
Do not log function arguments in test.
All changes in this patch were performed automatically with `shfmt` with
configuration flags specified in `.pre-commit-config.yaml`.
In addition to fixing whitespace the roundtrip through shfmt's AST also
transforms command substitutions
`cmd`
# becomes
$(cmd)
and some redirects
>&2 echo "msg"
# becomes
echo >&2 "msg"
Older cmake versions have problems with the version number. When
installing OpenSSL on a 64 bit linux one also needs to create an
additional symlink to get cmake to use the correct library.
This patch adds `clang-format` as only linter for now. This replaces the
previously used script from `auxil/run-clang-format` which we remove.
This requires the Python program `pre-commit`
(https://pypi.org/project/pre-commit/). With that one can then run
`clang-format` on the whole codebase with
$ pre-commit run -a clang-format
or on just the staged files
# Explicitly selecting linter.
$ pre-commit run clang-format
# Run all linters (currently just `clang-format`).
$ pre-commit
`pre-commit` supports managing Git commit hooks so that linters are run
on commit. Linters can be installed with
$ pre-commit install
The documentation at https://pre-commit.com/ covers these topics in
addition to more information.
The initialization of the private testsuite currently fails builds run in
forks. Cirrus's encrypted variables won't work outsize of the Zeek project, so
skip that setting altogether.
Homebrew apparently requires you to now specify the version of the package
you're updating. We previously could just run `brew update openssl` and it
would work. Now we must run `brew update openssl@1.1` for the command to
succeed.
Using `brew update-reset` causes homebrew to reset to homebrew's HEAD commit, which may
be buggy and broken. It appears whatever Cirrus was doing previously on their Catalina
VM is no longer a problem, and so update-reset isn't required anymore. Switch to
`brew update` to make sure we still get newer versions of the packages, but is
actually a versioned release of homebrew.
This oversubscribes our cores 2x, which testing shows we actually
run with at times: speedup is around a third on average for builds,
and a bit more than that for testing.
Also some light Bashification in ci/build.sh, for consistency.
This fixes some issues with the Catalina builds when it prepares the image
and the base Cirrus image has old recipes for Homebrew. The VM then has
to build a bunch of packages it shouldn't need to.
- Upgrade the Big Sur VM to use the Xcode 12.5 version. This has a newer
version of brew installed on it that fixes an issue with an EOL package host
that finally shut down for good recently.
- Use 'brew upgrade' for openssl and cmake, since those are both present on the
base VM. This prevents 'brew install' from printing an error if the package
exists but is out of date.
