fix: remove splunk 8 compatibility

app is not compatible with SCP1 "chunked=false"
Revert "fix: compatibility with splunk 8"
This reverts commit 0cc9e2fd64.

.gitlab-ci.yml

@@ -3,9 +3,8 @@ image: python:slim
 variables:
   PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
   PACKAGE_VERSION: $CI_COMMIT_TAG
-  PACKAGE_REGISTRY_URL: "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${CI_PROJECT_NAME}/${PACKAGE_VERSION}"
   ADDON_PACKAGE: "malware_filter-${PACKAGE_VERSION}.tar.gz"
-  ADDON_PACKAGE_LEGACY: "malware_filter-${PACKAGE_VERSION}-splunk8.tar.gz"
+  PACKAGE_REGISTRY_URL: "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${CI_PROJECT_NAME}/${PACKAGE_VERSION}"
 
 stages:
   - test
@@ -52,9 +51,6 @@ upload:
       curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file ${ADDON_PACKAGE} ${PACKAGE_REGISTRY_URL}/${ADDON_PACKAGE}
       sha256sum "$ADDON_PACKAGE" > "${ADDON_PACKAGE}.sha256sum"
       curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file "${ADDON_PACKAGE}.sha256sum" "${PACKAGE_REGISTRY_URL}/${ADDON_PACKAGE}.sha256sum"
-      curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file ${ADDON_PACKAGE_LEGACY} ${PACKAGE_REGISTRY_URL}/${ADDON_PACKAGE_LEGACY}
-      sha256sum "$ADDON_PACKAGE_LEGACY" > "${ADDON_PACKAGE_LEGACY}.sha256sum"
-      curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file "${ADDON_PACKAGE_LEGACY}.sha256sum" "${PACKAGE_REGISTRY_URL}/${ADDON_PACKAGE_LEGACY}.sha256sum"
 
 release_job:
   stage: release
@@ -72,7 +68,3 @@ release_job:
           url: "${PACKAGE_REGISTRY_URL}/${ADDON_PACKAGE}"
         - name: ${ADDON_PACKAGE}.sha256sum
           url: "${PACKAGE_REGISTRY_URL}/${ADDON_PACKAGE}.sha256sum"
-        - name: ${ADDON_PACKAGE_LEGACY}
-          url: "${PACKAGE_REGISTRY_URL}/${ADDON_PACKAGE_LEGACY}"
-        - name: ${ADDON_PACKAGE_LEGACY}.sha256sum
-          url: "${PACKAGE_REGISTRY_URL}/${ADDON_PACKAGE_LEGACY}.sha256sum"

README.md

@@ -15,7 +15,7 @@
 
 Provide custom search commands to update [malware-filter](https://gitlab.com/malware-filter) lookups. Each command downloads from a source CSV and emit rows as events which can then be piped to a lookup file or used as a subsearch. Each command is exported globally and can be used in any app. This add-on currently does not have any UI.
 
-Compatible with Splunk 9.x. For Splunk 8.x, install "\*-splunk8.tar.gz" instead.
+Compatible with Splunk 9.x. Splunk 8.x requires [additional configuration](#splunk-8x) to avoid issue.
 
 ## Installation
 
@@ -150,6 +150,18 @@ Recommend to update the lookup file "opendbl_ip.csv" every 15 minutes (cron `*/1
 
 Source: https://opendbl.net/
 
+## Splunk 8.x
+
+Splunk scheduler may not run scheduled searches (alert/report) without this workaround.
+
+Add the following config to `$SPLUNK_HOME/etc/apps/malware_filter/local/commands.conf`.
+
+```conf
+[default]
+chunked = false
+generating = true
+```
+
 ## Disable individual commands
 
 Settings -> All configurations -> filter by "malware_filter" app

build.py

@@ -40,7 +40,8 @@ def version():
     )
     app_conf = ConfigParser()
     app_conf.read(app_conf_path)
-    return app_conf["launcher"]["version"]
+    launcher = app_conf["launcher"] if "launcher" in app_conf.sections() else {}
+    return launcher.get("version", "")
 
 
 def exclusion(tarinfo):
@@ -85,24 +86,3 @@ pkg_file = f"malware_filter-{version()}.tar.gz"
 print(f"Creating {pkg_file}...")
 with tarfile.open(pkg_file, "w:gz") as tar:
     tar.add(".", filter=exclusion)
-
-# Splunk 8 workaround
-# Splunk scheduler may not run scheduled searches (alert/report) without this workaround
-commands_conf_path = path.join(
-    "default",
-    "commands.conf",
-)
-commands_conf = ConfigParser()
-commands_conf.read(commands_conf_path)
-commands_conf["default"]["chunked"] = "false"
-with open(commands_conf_path, "w") as f:
-    commands_conf.write(f)
-
-pkg_file_8 = f"malware_filter-{version()}-splunk8.tar.gz"
-print(f"Creating {pkg_file_8}...")
-with tarfile.open(pkg_file_8, "w:gz") as tar:
-    tar.add(".", filter=exclusion)
-
-commands_conf["default"]["chunked"] = "true"
-with open(commands_conf_path, "w") as f:
-    commands_conf.write(f)

default/commands.conf

@@ -1,7 +1,9 @@
+#
+# Custom search command
+#
 [default]
 chunked = true
 python.version = python3
-generating = true
 
 [geturlhausfilter]
 filename = geturlhausfilter.py