[gentoo-commits] repo/gentoo:master commit in: net-analyzer/fail2ban/, net-analyzer/fail2ban/files/

[gentoo-commits] repo/gentoo:master commit in: net-analyzer/fail2ban/, net-analyzer/fail2ban/files/

[Sam James]

commit:     5e75f94661d665527b763aa8a5a85e4c7f45a130
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 24 03:37:21 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Oct 24 03:38:58 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5e75f946

net-analyzer/fail2ban: fix install with newer setuptools (2to3 usage)

Closes: https://bugs.gentoo.org/818733
Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-analyzer/fail2ban/fail2ban-0.11.2-r1.ebuild    |   1 +
 .../files/fail2ban-0.11.2-fix-2to3-usage.patch     | 109 +++++++++++++++++++++
 2 files changed, 110 insertions(+)

diff --git a/net-analyzer/fail2ban/fail2ban-0.11.2-r1.ebuild b/net-analyzer/fail2ban/fail2ban-0.11.2-r1.ebuild
index d2a4540b0ea..3e667a2f573 100644
--- a/net-analyzer/fail2ban/fail2ban-0.11.2-r1.ebuild
+++ b/net-analyzer/fail2ban/fail2ban-0.11.2-r1.ebuild
@@ -40,6 +40,7 @@ DOCS=( ChangeLog DEVELOP README.md THANKS TODO doc/run-rootless.txt )
 PATCHES=(
 	"${FILESDIR}"/${P}-fix-tests-for-2021.patch
 	"${FILESDIR}"/${PN}-0.11.2-adjust-apache-logs-paths.patch
+	"${FILESDIR}"/${PN}-0.11.2-fix-2to3-usage.patch
 )
 
 python_prepare_all() {

diff --git a/net-analyzer/fail2ban/files/fail2ban-0.11.2-fix-2to3-usage.patch b/net-analyzer/fail2ban/files/fail2ban-0.11.2-fix-2to3-usage.patch
new file mode 100644
index 00000000000..9098d096e8a
--- /dev/null
+++ b/net-analyzer/fail2ban/files/fail2ban-0.11.2-fix-2to3-usage.patch
@@ -0,0 +1,109 @@
+https://github.com/fail2ban/fail2ban/commit/7f22c4873aed3b5ffce0953f079f3c1977297c9a
+https://github.com/fail2ban/fail2ban/commit/5ac303df8a171f748330d4c645ccbf1c2c7f3497
+https://github.com/fail2ban/fail2ban/commit/d6b884f3b72b8a42b21da863836569ef6836c2ea
+https://github.com/fail2ban/fail2ban/issues/3098
+https://bugs.gentoo.org/818733
+
+From: "Sergey G. Brester" <serg.brester@sebres.de>
+Date: Sun, 19 Sep 2021 18:36:02 +0200
+Subject: [PATCH] remove 2to3 in setup (should be called outside before setup)
+
+--- a/setup.py
++++ b/setup.py
+@@ -39,14 +39,6 @@
+ if setuptools is None:
+ 	from distutils.command.install import install
+ 	from distutils.command.install_scripts import install_scripts
+-try:
+-	# python 3.x
+-	from distutils.command.build_py import build_py_2to3
+-	from distutils.command.build_scripts import build_scripts_2to3
+-	_2to3 = True
+-except ImportError:
+-	# python 2.x
+-	_2to3 = False
+ 
+ import os
+ from os.path import isfile, join, isdir, realpath
+
+From: sebres <info@sebres.de>
+Date: Sun, 19 Sep 2021 18:49:18 +0200
+Subject: [PATCH] fix gh-3098: build fails with error in fail2ban setup
+ command: use_2to3 is invalid (setuptools 58+)
+
+--- a/setup.py
++++ b/setup.py
+@@ -48,7 +48,7 @@
+ from glob import glob
+ 
+ from fail2ban.setup import updatePyExec
+-
++from fail2ban.version import version
+ 
+ source_dir = os.path.realpath(os.path.dirname(
+ 	# __file__ seems to be overwritten sometimes on some python versions (e.g. bug of 2.6 by running under cProfile, etc.):
+@@ -112,22 +112,12 @@ def update_scripts(self, dry_run=False):
+ # Wrapper to specify fail2ban own options:
+ class install_command_f2b(install):
+ 	user_options = install.user_options + [
+-		('disable-2to3', None, 'Specify to deactivate 2to3, e.g. if the install runs from fail2ban test-cases.'),
+ 		('without-tests', None, 'without tests files installation'),
+ 	]
+ 	def initialize_options(self):
+-		self.disable_2to3 = None
+ 		self.without_tests = not with_tests
+ 		install.initialize_options(self)
+ 	def finalize_options(self):
+-		global _2to3
+-		## in the test cases 2to3 should be already done (fail2ban-2to3):
+-		if self.disable_2to3:
+-			_2to3 = False
+-		if _2to3:
+-			cmdclass = self.distribution.cmdclass
+-			cmdclass['build_py'] = build_py_2to3
+-			cmdclass['build_scripts'] = build_scripts_2to3
+ 		if self.without_tests:
+ 			self.distribution.scripts.remove('bin/fail2ban-testcases')
+ 
+@@ -178,7 +168,6 @@ def run(self):
+ if setuptools:
+ 	setup_extra = {
+ 		'test_suite': "fail2ban.tests.utils.gatherTests",
+-		'use_2to3': True,
+ 	}
+ else:
+ 	setup_extra = {}
+@@ -202,9 +191,6 @@ def run(self):
+ 		('/usr/share/doc/fail2ban', doc_files)
+ 	)
+ 
+-# Get version number, avoiding importing fail2ban.
+-# This is due to tests not functioning for python3 as 2to3 takes place later
+-exec(open(join("fail2ban", "version.py")).read())
+ 
+ setup(
+ 	name = "fail2ban",
+From: sebres <info@sebres.de>
+Date: Sun, 19 Sep 2021 18:52:34 +0200
+Subject: [PATCH] amend to fix gh-3098: no option `--disable-2to3` anymore
+
+--- a/fail2ban/tests/misctestcase.py
++++ b/fail2ban/tests/misctestcase.py
+@@ -111,7 +111,7 @@ def testSetupInstallDryRun(self):
+ 		supdbgout = ' >/dev/null 2>&1' if unittest.F2B.log_level >= logging.DEBUG else '' # HEAVYDEBUG
+ 		try:
+ 			# try dry-run:
+-			os.system("%s %s --dry-run install --disable-2to3 --root=%s%s"
++			os.system("%s %s --dry-run install --root=%s%s"
+ 					  % (sys.executable, self.setup , tmp, supdbgout))
+ 			# check nothing was created:
+ 			self.assertTrue(not os.listdir(tmp))
+@@ -127,7 +127,7 @@ def testSetupInstallRoot(self):
+ 		# suppress stdout (and stderr) if not heavydebug
+ 		supdbgout = ' >/dev/null' if unittest.F2B.log_level >= logging.DEBUG else '' # HEAVYDEBUG
+ 		try:
+-			self.assertEqual(os.system("%s %s install --disable-2to3 --root=%s%s"
++			self.assertEqual(os.system("%s %s install --root=%s%s"
+ 					  % (sys.executable, self.setup, tmp, supdbgout)), 0)
+ 
+ 			def strippath(l):

[gentoo-commits] repo/gentoo:master commit in: net-analyzer/fail2ban/, net-analyzer/fail2ban/files/

[Arthur Zamarin]

commit:     15dae333e924ac177f65934a4f8c0bee3d36b7d4
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 17 17:54:56 2021 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Dec 17 17:58:33 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=15dae333

net-analyzer/fail2ban: enable py3.10

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 net-analyzer/fail2ban/fail2ban-0.11.2-r2.ebuild    | 134 +++++++++++++++++++++
 .../fail2ban-0.11.2-fix-py3.10-collections.patch   |  33 +++++
 2 files changed, 167 insertions(+)

diff --git a/net-analyzer/fail2ban/fail2ban-0.11.2-r2.ebuild b/net-analyzer/fail2ban/fail2ban-0.11.2-r2.ebuild
new file mode 100644
index 000000000000..e1483b6442e6
--- /dev/null
+++ b/net-analyzer/fail2ban/fail2ban-0.11.2-r2.ebuild
@@ -0,0 +1,134 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{8..10} )
+DISTUTILS_SINGLE_IMPL=1
+
+inherit bash-completion-r1 distutils-r1 systemd tmpfiles
+
+DESCRIPTION="Scans log files and bans IPs that show malicious signs"
+HOMEPAGE="https://www.fail2ban.org/"
+if [[ ${PV} == *9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/${PN}/${PN}"
+	inherit git-r3
+else
+	SRC_URI="https://github.com/${PN}/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
+fi
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="selinux systemd"
+
+RDEPEND="
+	virtual/logger
+	virtual/mta
+	selinux? ( sec-policy/selinux-fail2ban )
+	systemd? (
+		$(python_gen_cond_dep '
+			|| (
+				dev-python/python-systemd[${PYTHON_USEDEP}]
+				sys-apps/systemd[python(-),${PYTHON_USEDEP}]
+			)' 'python*' )
+	)
+"
+
+DOCS=( ChangeLog DEVELOP README.md THANKS TODO doc/run-rootless.txt )
+
+PATCHES=(
+	"${FILESDIR}"/${P}-fix-tests-for-2021.patch
+	"${FILESDIR}"/${PN}-0.11.2-adjust-apache-logs-paths.patch
+	"${FILESDIR}"/${P}-fix-2to3-usage.patch
+	"${FILESDIR}"/${P}-fix-systemd-test.patch
+	"${FILESDIR}"/${P}-fix-py3.10-collections.patch
+)
+
+python_prepare_all() {
+	# Replace /var/run with /run, but not in the top source directory
+	find . -mindepth 2 -type f -exec \
+		sed -i -e 's|/var\(/run/fail2ban\)|\1|g' {} + || die
+
+	sed -i -e 's|runscript|openrc-run|g' files/gentoo-initd || die
+
+	distutils-r1_python_prepare_all
+}
+
+python_compile() {
+	./fail2ban-2to3 || die
+	distutils-r1_python_compile
+}
+
+python_test() {
+	bin/fail2ban-testcases \
+		--no-network \
+		--no-gamin \
+		--verbosity=4 || die "Tests failed with ${EPYTHON}"
+}
+
+python_install_all() {
+	distutils-r1_python_install_all
+
+	rm -rf "${ED}"/usr/share/doc/${PN} "${ED}"/run || die
+
+	# Not ${FILESDIR}
+	newconfd files/gentoo-confd ${PN}
+	newinitd files/gentoo-initd ${PN}
+
+	sed -e "s:@BINDIR@:${EPREFIX}/usr/bin:g" files/${PN}.service.in > "${T}"/${PN}.service || die
+	systemd_dounit "${T}"/${PN}.service
+	dotmpfiles files/${PN}-tmpfiles.conf
+
+	doman man/*.{1,5}
+
+	# Use INSTALL_MASK if you do not want to touch /etc/logrotate.d.
+	# See http://thread.gmane.org/gmane.linux.gentoo.devel/35675
+	insinto /etc/logrotate.d
+	newins files/${PN}-logrotate ${PN}
+
+	keepdir /var/lib/${PN}
+
+	newbashcomp files/bash-completion ${PN}-client
+	bashcomp_alias ${PN}-client ${PN}-server ${PN}-regex
+}
+
+pkg_preinst() {
+	has_version "<${CATEGORY}/${PN}-0.7"
+	previous_less_than_0_7=$?
+}
+
+pkg_postinst() {
+	tmpfiles_process ${PN}-tmpfiles.conf
+
+	if [[ ${previous_less_than_0_7} = 0 ]] ; then
+		elog
+		elog "Configuration files are now in /etc/fail2ban/"
+		elog "You probably have to manually update your configuration"
+		elog "files before restarting Fail2Ban!"
+		elog
+		elog "Fail2Ban is not installed under /usr/lib anymore. The"
+		elog "new location is under /usr/share."
+		elog
+		elog "You are upgrading from version 0.6.x, please see:"
+		elog "http://www.fail2ban.org/wiki/index.php/HOWTO_Upgrade_from_0.6_to_0.8"
+	fi
+
+	if ! has_version dev-python/pyinotify && ! has_version app-admin/gamin ; then
+		elog "For most jail.conf configurations, it is recommended you install either"
+		elog "dev-python/pyinotify or app-admin/gamin (in order of preference)"
+		elog "to control how log file modifications are detected"
+	fi
+
+	if ! has_version dev-lang/python[sqlite] ; then
+		elog "If you want to use ${PN}'s persistent database, then reinstall"
+		elog "dev-lang/python with USE=sqlite. If you do not use the"
+		elog "persistent database feature, then you should set"
+		elog "dbfile = :memory: in fail2ban.conf accordingly."
+	fi
+
+	if has_version sys-apps/systemd[-python] ; then
+		elog "If you want to track logins through sys-apps/systemd's"
+		elog "journal backend, then reinstall sys-apps/systemd with USE=python"
+	fi
+}

diff --git a/net-analyzer/fail2ban/files/fail2ban-0.11.2-fix-py3.10-collections.patch b/net-analyzer/fail2ban/files/fail2ban-0.11.2-fix-py3.10-collections.patch
new file mode 100644
index 000000000000..6cf4e194b089
--- /dev/null
+++ b/net-analyzer/fail2ban/files/fail2ban-0.11.2-fix-py3.10-collections.patch
@@ -0,0 +1,33 @@
+--- a/fail2ban/server/action.py
++++ b/fail2ban/server/action.py
+@@ -30,7 +30,7 @@ import tempfile
+ import threading
+ import time
+ from abc import ABCMeta
+-from collections import MutableMapping
++from collections.abc import MutableMapping
+ 
+ from .failregex import mapTag2Opt
+ from .ipdns import DNSUtils
+--- a/fail2ban/server/actions.py
++++ b/fail2ban/server/actions.py
+@@ -28,7 +28,7 @@ import logging
+ import os
+ import sys
+ import time
+-from collections import Mapping
++from collections.abc import Mapping
+ try:
+ 	from collections import OrderedDict
+ except ImportError:
+--- a/fail2ban/server/jails.py
++++ b/fail2ban/server/jails.py
+@@ -22,7 +22,7 @@ __copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2013- Yaroslav Halchenko"
+ __license__ = "GPL"
+ 
+ from threading import Lock
+-from collections import Mapping
++from collections.abc import Mapping
+ 
+ from ..exceptions import DuplicateJailException, UnknownJailException
+ from .jail import Jail

[gentoo-commits] repo/gentoo:master commit in: net-analyzer/fail2ban/, net-analyzer/fail2ban/files/

[Michael Orlitzky]

commit:     abb0829a6cca560c1686ee864b9735a60c2c4b98
Author:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
AuthorDate: Tue Jan  4 15:18:46 2022 +0000
Commit:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
CommitDate: Tue Jan  4 16:08:31 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=abb0829a

net-analyzer/fail2ban: new revision with improved openrc support.

This -r3 adds a patch corresponding to,

  https://github.com/fail2ban/fail2ban/pull/2182

that (a) upstreams the OpenRC script and (b) adds some nice
improvements to it. Done with sam's permission.

Package-Manager: Portage-3.0.28, Repoman-3.0.3
Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org>

 net-analyzer/fail2ban/fail2ban-0.11.2-r3.ebuild    | 134 +++++++++++
 .../files/fail2ban-0.11.2-upstream-openrc.patch    | 247 +++++++++++++++++++++
 2 files changed, 381 insertions(+)

diff --git a/net-analyzer/fail2ban/fail2ban-0.11.2-r3.ebuild b/net-analyzer/fail2ban/fail2ban-0.11.2-r3.ebuild
new file mode 100644
index 000000000000..1390bc1bdc39
--- /dev/null
+++ b/net-analyzer/fail2ban/fail2ban-0.11.2-r3.ebuild
@@ -0,0 +1,134 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{8..10} )
+DISTUTILS_SINGLE_IMPL=1
+
+inherit bash-completion-r1 distutils-r1 systemd tmpfiles
+
+DESCRIPTION="Scans log files and bans IPs that show malicious signs"
+HOMEPAGE="https://www.fail2ban.org/"
+if [[ ${PV} == *9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/${PN}/${PN}"
+	inherit git-r3
+else
+	SRC_URI="https://github.com/${PN}/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
+fi
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="selinux systemd"
+
+RDEPEND="
+	virtual/logger
+	virtual/mta
+	selinux? ( sec-policy/selinux-fail2ban )
+	systemd? (
+		$(python_gen_cond_dep '
+			|| (
+				dev-python/python-systemd[${PYTHON_USEDEP}]
+				sys-apps/systemd[python(-),${PYTHON_USEDEP}]
+			)' 'python*' )
+	)
+"
+
+DOCS=( ChangeLog DEVELOP README.md THANKS TODO doc/run-rootless.txt )
+
+PATCHES=(
+	"${FILESDIR}"/${P}-fix-tests-for-2021.patch
+	"${FILESDIR}"/${PN}-0.11.2-adjust-apache-logs-paths.patch
+	"${FILESDIR}"/${P}-fix-2to3-usage.patch
+	"${FILESDIR}"/${P}-fix-systemd-test.patch
+	"${FILESDIR}"/${P}-fix-py3.10-collections.patch
+	"${FILESDIR}"/${P}-upstream-openrc.patch
+)
+
+python_prepare_all() {
+	distutils-r1_python_prepare_all
+
+	# Replace /var/run with /run, but not in the top source directory
+	find . -mindepth 2 -type f -exec \
+		sed -i -e 's|/var\(/run/fail2ban\)|\1|g' {} + || die
+}
+
+python_compile() {
+	./fail2ban-2to3 || die
+	distutils-r1_python_compile
+}
+
+python_test() {
+	bin/fail2ban-testcases \
+		--no-network \
+		--no-gamin \
+		--verbosity=4 || die "Tests failed with ${EPYTHON}"
+}
+
+python_install_all() {
+	distutils-r1_python_install_all
+
+	rm -rf "${ED}"/usr/share/doc/${PN} "${ED}"/run || die
+
+	newconfd files/fail2ban-openrc.conf ${PN}
+
+	# These two are placed in the ${BUILD_DIR} after being "built"
+	# in install_scripts().
+	newinitd "${BUILD_DIR}/fail2ban-openrc.init" "${PN}"
+	systemd_dounit "${BUILD_DIR}/${PN}.service"
+
+	dotmpfiles files/${PN}-tmpfiles.conf
+
+	doman man/*.{1,5}
+
+	# Use INSTALL_MASK if you do not want to touch /etc/logrotate.d.
+	# See http://thread.gmane.org/gmane.linux.gentoo.devel/35675
+	insinto /etc/logrotate.d
+	newins files/${PN}-logrotate ${PN}
+
+	keepdir /var/lib/${PN}
+
+	newbashcomp files/bash-completion ${PN}-client
+	bashcomp_alias ${PN}-client ${PN}-server ${PN}-regex
+}
+
+pkg_preinst() {
+	has_version "<${CATEGORY}/${PN}-0.7"
+	previous_less_than_0_7=$?
+}
+
+pkg_postinst() {
+	tmpfiles_process ${PN}-tmpfiles.conf
+
+	if [[ ${previous_less_than_0_7} = 0 ]] ; then
+		elog
+		elog "Configuration files are now in /etc/fail2ban/"
+		elog "You probably have to manually update your configuration"
+		elog "files before restarting Fail2Ban!"
+		elog
+		elog "Fail2Ban is not installed under /usr/lib anymore. The"
+		elog "new location is under /usr/share."
+		elog
+		elog "You are upgrading from version 0.6.x, please see:"
+		elog "http://www.fail2ban.org/wiki/index.php/HOWTO_Upgrade_from_0.6_to_0.8"
+	fi
+
+	if ! has_version dev-python/pyinotify && ! has_version app-admin/gamin ; then
+		elog "For most jail.conf configurations, it is recommended you install either"
+		elog "dev-python/pyinotify or app-admin/gamin (in order of preference)"
+		elog "to control how log file modifications are detected"
+	fi
+
+	if ! has_version dev-lang/python[sqlite] ; then
+		elog "If you want to use ${PN}'s persistent database, then reinstall"
+		elog "dev-lang/python with USE=sqlite. If you do not use the"
+		elog "persistent database feature, then you should set"
+		elog "dbfile = :memory: in fail2ban.conf accordingly."
+	fi
+
+	if has_version sys-apps/systemd[-python] ; then
+		elog "If you want to track logins through sys-apps/systemd's"
+		elog "journal backend, then reinstall sys-apps/systemd with USE=python"
+	fi
+}

diff --git a/net-analyzer/fail2ban/files/fail2ban-0.11.2-upstream-openrc.patch b/net-analyzer/fail2ban/files/fail2ban-0.11.2-upstream-openrc.patch
new file mode 100644
index 000000000000..7483c5685156
--- /dev/null
+++ b/net-analyzer/fail2ban/files/fail2ban-0.11.2-upstream-openrc.patch
@@ -0,0 +1,247 @@
+https://github.com/fail2ban/fail2ban/pull/2182
+
+diff --git a/MANIFEST b/MANIFEST
+index 48c751a0..c2df1e51 100644
+--- a/MANIFEST
++++ b/MANIFEST
+@@ -393,8 +393,8 @@ files/fail2ban.service.in
+ files/fail2ban-tmpfiles.conf
+ files/fail2ban.upstart
+ files/gen_badbots
+-files/gentoo-confd
+-files/gentoo-initd
++files/fail2ban-openrc.conf
++files/fail2ban-openrc.init.in
+ files/ipmasq-ZZZzzz_fail2ban.rul
+ files/logwatch/fail2ban
+ files/logwatch/fail2ban-0.8.log
+diff --git a/files/fail2ban-openrc.conf b/files/fail2ban-openrc.conf
+new file mode 100644
+index 00000000..9454ef68
+--- /dev/null
++++ b/files/fail2ban-openrc.conf
+@@ -0,0 +1,2 @@
++# For available options, plase run "fail2ban-server --help".
++#FAIL2BAN_OPTIONS="-x"
+diff --git a/files/fail2ban-openrc.init.in b/files/fail2ban-openrc.init.in
+new file mode 100755
+index 00000000..2c56ee3a
+--- /dev/null
++++ b/files/fail2ban-openrc.init.in
+@@ -0,0 +1,86 @@
++#!/sbin/openrc-run
++# This file is part of Fail2Ban.
++#
++# Fail2Ban is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 2 of the License, or
++# (at your option) any later version.
++#
++# Fail2Ban is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with Fail2Ban; if not, write to the Free Software
++# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
++#
++# Author: Sireyessire, Cyril Jaquier
++#
++
++description="Ban hosts that cause multiple authentication errors"
++description_reload="reload configuration without dropping bans"
++extra_started_commands="reload"
++
++# Can't (and shouldn't) be changed by the end-user.
++#
++# Note that @BINDIR@ is already supplied by the build system. Some
++# day, it might be nice to have @RUNDIR@ supplied by the build system
++# as well, so that we don't have to hard-code /run here.
++FAIL2BAN_RUNDIR="/run/${RC_SVCNAME}"
++FAIL2BAN_SOCKET="${FAIL2BAN_RUNDIR}/${RC_SVCNAME}.sock"
++
++# The fail2ban-client program is also capable of starting and stopping
++# the server, but things are simpler if we let start-stop-daemon do it.
++command="@BINDIR@/fail2ban-server"
++pidfile="${FAIL2BAN_RUNDIR}/${RC_SVCNAME}.pid"
++
++# We force the pidfile/socket location in this service script because
++# we're taking responsibility for ensuring that their parent directory
++# exists and has the correct permissions (which we can't do if the
++# user is allowed to change them).
++command_args="${FAIL2BAN_OPTIONS} -p ${pidfile} -s ${FAIL2BAN_SOCKET}"
++retry="30"
++
++depend() {
++	use logger
++	after iptables
++}
++
++checkconfig() {
++    "${command}" ${command_args} --test
++}
++
++start_pre() {
++	# If this isn't a restart, make sure that the user's config isn't
++	# busted before we try to start the daemon (this will produce
++	# better error messages than if we just try to start it blindly).
++	#
++	# If, on the other hand, this *is* a restart, then the stop_pre
++	# action will have ensured that the config is usable and we don't
++	# need to do that again.
++	if [ "${RC_CMD}" != "restart" ] ; then
++		checkconfig || return $?
++	fi
++	checkpath -d "${FAIL2BAN_RUNDIR}"
++}
++
++stop_pre() {
++	# If this is a restart, check to make sure the user's config
++	# isn't busted before we stop the running daemon.
++	if [ "${RC_CMD}" = "restart" ] ; then
++		checkconfig || return $?
++	fi
++}
++
++reload() {
++	# The fail2ban-client uses an undocumented protocol to tell
++	# the server to reload(), so we have to use it here rather
++	# than e.g. sending a signal to the server daemon. Note that
++	# the reload will fail (on the server side) if the new config
++	# is invalid; we therefore don't need to test it ourselves
++	# with checkconfig() before initiating the reload.
++	ebegin "Reloading ${RC_SVCNAME}"
++	"@BINDIR@/fail2ban-client" ${command_args} reload
++	eend $? "Failed to reload ${RC_SVCNAME}"
++}
+diff --git a/files/gentoo-confd b/files/gentoo-confd
+deleted file mode 100644
+index 00d19f8b..00000000
+--- a/files/gentoo-confd
++++ /dev/null
+@@ -1,8 +0,0 @@
+-# Config file for /etc/init.d/fail2ban
+-#
+-# For information on options, see "/usr/bin/fail2ban-client -h".
+-
+-FAIL2BAN_OPTIONS=""
+-
+-# Force execution of the server even if the socket already exists:
+-#FAIL2BAN_OPTIONS="-x"
+diff --git a/files/gentoo-initd b/files/gentoo-initd
+deleted file mode 100755
+index 0fb157cd..00000000
+--- a/files/gentoo-initd
++++ /dev/null
+@@ -1,60 +0,0 @@
+-#!/sbin/openrc-run
+-# This file is part of Fail2Ban.
+-#
+-# Fail2Ban is free software; you can redistribute it and/or modify
+-# it under the terms of the GNU General Public License as published by
+-# the Free Software Foundation; either version 2 of the License, or
+-# (at your option) any later version.
+-#
+-# Fail2Ban is distributed in the hope that it will be useful,
+-# but WITHOUT ANY WARRANTY; without even the implied warranty of
+-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+-# GNU General Public License for more details.
+-#
+-# You should have received a copy of the GNU General Public License
+-# along with Fail2Ban; if not, write to the Free Software
+-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+-#
+-# Author: Sireyessire, Cyril Jaquier
+-#
+-
+-description="Daemon to ban hosts that cause multiple authentication errors"
+-description_reload="reload configuration"
+-description_showlog="show fail2ban logs"
+-extra_started_commands="reload showlog"
+-
+-FAIL2BAN="/usr/bin/fail2ban-client ${FAIL2BAN_OPTIONS}"
+-
+-depend() {
+-	need net
+-	need logger
+-	after iptables
+-}
+-
+-start() {
+-	ebegin "Starting fail2ban"
+-	mkdir -p /var/run/fail2ban || return 1
+-	# remove stalled sock file after system crash
+-	# bug 347477
+-	rm -f /var/run/fail2ban/fail2ban.sock || return 1
+-	start-stop-daemon --start --pidfile /var/run/fail2ban/fail2ban.pid \
+-	-- ${FAIL2BAN} start
+-	eend $? "Failed to start fail2ban"
+-}
+-
+-stop() {
+-	ebegin "Stopping fail2ban"
+-	start-stop-daemon --stop --pidfile /var/run/fail2ban/fail2ban.pid --retry 30 \
+-	-- ${FAIL2BAN} stop
+-	eend $? "Failed to stop fail2ban"
+-}
+-
+-reload() {
+-	ebegin "Reloading fail2ban"
+-	${FAIL2BAN} reload
+-	eend $? "Failed to reload fail2ban"
+-}
+-
+-showlog(){
+-	less /var/log/fail2ban.log
+-}
+diff --git a/setup.py b/setup.py
+index 98413273..91f71cf2 100755
+--- a/setup.py
++++ b/setup.py
+@@ -89,24 +89,27 @@ class install_scripts_f2b(install_scripts):
+ 			if install_dir.startswith(root):
+ 				install_dir = install_dir[len(root):]
+ 		except: # pragma: no cover
+-			print('WARNING: Cannot find root-base option, check the bin-path to fail2ban-scripts in "fail2ban.service".')
+-		print('Creating %s/fail2ban.service (from fail2ban.service.in): @BINDIR@ -> %s' % (buildroot, install_dir))
+-		with open(os.path.join(source_dir, 'files/fail2ban.service.in'), 'r') as fn:
+-			lines = fn.readlines()
+-		fn = None
+-		if not dry_run:
+-			fn = open(os.path.join(buildroot, 'fail2ban.service'), 'w')
+-		try:
+-			for ln in lines:
+-				ln = re.sub(r'@BINDIR@', lambda v: install_dir, ln)
+-				if dry_run:
+-					sys.stdout.write(' | ' + ln)
+-					continue
+-				fn.write(ln)
+-		finally:
+-			if fn: fn.close()
+-		if dry_run:
+-			print(' `')
++			print('WARNING: Cannot find root-base option, check the bin-path to fail2ban-scripts in "fail2ban.service" and "fail2ban-openrc.init".')
++
++		scripts = ['fail2ban.service', 'fail2ban-openrc.init']
++		for script in scripts:
++			print('Creating %s/%s (from %s.in): @BINDIR@ -> %s' % (buildroot, script, script, install_dir))
++			with open(os.path.join(source_dir, 'files/%s.in' % script), 'r') as fn:
++				lines = fn.readlines()
++			fn = None
++			if not dry_run:
++				fn = open(os.path.join(buildroot, script), 'w')
++			try:
++				for ln in lines:
++					ln = re.sub(r'@BINDIR@', lambda v: install_dir, ln)
++					if dry_run:
++						sys.stdout.write(' | ' + ln)
++						continue
++					fn.write(ln)
++			finally:
++				if fn: fn.close()
++			if dry_run:
++				print(' `')
+ 
+ 
+ # Wrapper to specify fail2ban own options:

[gentoo-commits] repo/gentoo:master commit in: net-analyzer/fail2ban/, net-analyzer/fail2ban/files/

[Sam James]

commit:     ed3efbc32c75f107e1633b92e99a37e31d9462d9
Author:     hsk17 <hsk17 <AT> mail <DOT> de>
AuthorDate: Tue Nov 29 11:11:59 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Jan  4 05:49:56 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ed3efbc3

net-analyzer/fail2ban: backport patch for annoying configreader warnings

Closes: https://github.com/gentoo/gentoo/pull/28473
Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-analyzer/fail2ban/fail2ban-1.0.2-r1.ebuild     | 134 +++++++++++++++++++++
 .../fail2ban-1.0.2-configreader-warning.patch      |  19 +++
 2 files changed, 153 insertions(+)

diff --git a/net-analyzer/fail2ban/fail2ban-1.0.2-r1.ebuild b/net-analyzer/fail2ban/fail2ban-1.0.2-r1.ebuild
new file mode 100644
index 000000000000..177a0d0239c8
--- /dev/null
+++ b/net-analyzer/fail2ban/fail2ban-1.0.2-r1.ebuild
@@ -0,0 +1,134 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DISTUTILS_SINGLE_IMPL=1
+PYTHON_COMPAT=( python3_{8..11} )
+
+inherit bash-completion-r1 distutils-r1 systemd tmpfiles
+
+DESCRIPTION="Scans log files and bans IPs that show malicious signs"
+HOMEPAGE="https://www.fail2ban.org/"
+
+if [[ ${PV} == *9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/fail2ban/fail2ban"
+	inherit git-r3
+else
+	SRC_URI="https://github.com/fail2ban/fail2ban/archive/${PV}.tar.gz -> ${P}.tar.gz"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
+fi
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="selinux systemd"
+
+RDEPEND="
+	virtual/logger
+	virtual/mta
+	selinux? ( sec-policy/selinux-fail2ban )
+	systemd? (
+		$(python_gen_cond_dep '
+			|| (
+				dev-python/python-systemd[${PYTHON_USEDEP}]
+				sys-apps/systemd[python(-),${PYTHON_USEDEP}]
+			)' 'python*' )
+	)
+"
+
+DOCS=( ChangeLog DEVELOP README.md THANKS TODO doc/run-rootless.txt )
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-0.11.2-adjust-apache-logs-paths.patch
+	"${FILESDIR}"/${P}-configreader-warning.patch
+)
+
+python_prepare_all() {
+	distutils-r1_python_prepare_all
+
+	# Replace /var/run with /run, but not in the top source directory
+	find . -mindepth 2 -type f -exec \
+		sed -i -e 's|/var\(/run/fail2ban\)|\1|g' {} + || die
+}
+
+python_compile() {
+	./fail2ban-2to3 || die
+	distutils-r1_python_compile
+}
+
+python_test() {
+	bin/fail2ban-testcases \
+		--no-network \
+		--no-gamin \
+		--verbosity=4 || die "Tests failed with ${EPYTHON}"
+
+	# Workaround for bug #790251
+	rm -r fail2ban.egg-info || die
+}
+
+python_install_all() {
+	distutils-r1_python_install_all
+
+	rm -rf "${ED}"/usr/share/doc/${PN} "${ED}"/run || die
+
+	newconfd files/fail2ban-openrc.conf ${PN}
+
+	# These two are placed in the ${BUILD_DIR} after being "built"
+	# in install_scripts().
+	newinitd "${BUILD_DIR}/fail2ban-openrc.init" "${PN}"
+	systemd_dounit "${BUILD_DIR}/${PN}.service"
+
+	dotmpfiles files/${PN}-tmpfiles.conf
+
+	doman man/*.{1,5}
+
+	# Use INSTALL_MASK if you do not want to touch /etc/logrotate.d.
+	# See http://thread.gmane.org/gmane.linux.gentoo.devel/35675
+	insinto /etc/logrotate.d
+	newins files/${PN}-logrotate ${PN}
+
+	keepdir /var/lib/${PN}
+
+	newbashcomp files/bash-completion ${PN}-client
+	bashcomp_alias ${PN}-client ${PN}-server ${PN}-regex
+}
+
+pkg_preinst() {
+	has_version "<${CATEGORY}/${PN}-0.7"
+	previous_less_than_0_7=$?
+}
+
+pkg_postinst() {
+	tmpfiles_process ${PN}-tmpfiles.conf
+
+	if [[ ${previous_less_than_0_7} = 0 ]] ; then
+		elog
+		elog "Configuration files are now in /etc/fail2ban/"
+		elog "You probably have to manually update your configuration"
+		elog "files before restarting Fail2Ban!"
+		elog
+		elog "Fail2Ban is not installed under /usr/lib anymore. The"
+		elog "new location is under /usr/share."
+		elog
+		elog "You are upgrading from version 0.6.x, please see:"
+		elog "http://www.fail2ban.org/wiki/index.php/HOWTO_Upgrade_from_0.6_to_0.8"
+	fi
+
+	if ! has_version dev-python/pyinotify && ! has_version app-admin/gamin ; then
+		elog "For most jail.conf configurations, it is recommended you install either"
+		elog "dev-python/pyinotify or app-admin/gamin (in order of preference)"
+		elog "to control how log file modifications are detected"
+	fi
+
+	if ! has_version dev-lang/python[sqlite] ; then
+		elog "If you want to use ${PN}'s persistent database, then reinstall"
+		elog "dev-lang/python with USE=sqlite. If you do not use the"
+		elog "persistent database feature, then you should set"
+		elog "dbfile = :memory: in fail2ban.conf accordingly."
+	fi
+
+	if has_version sys-apps/systemd[-python] ; then
+		elog "If you want to track logins through sys-apps/systemd's"
+		elog "journal backend, then reinstall sys-apps/systemd with USE=python"
+	fi
+}

diff --git a/net-analyzer/fail2ban/files/fail2ban-1.0.2-configreader-warning.patch b/net-analyzer/fail2ban/files/fail2ban-1.0.2-configreader-warning.patch
new file mode 100644
index 000000000000..748e507e4a26
--- /dev/null
+++ b/net-analyzer/fail2ban/files/fail2ban-1.0.2-configreader-warning.patch
@@ -0,0 +1,19 @@
+https://github.com/fail2ban/fail2ban/commit/432e7e1
+
+From 432e7e1e93936f09e349e80d94254e5f43d0cc8a Mon Sep 17 00:00:00 2001
+From: "Sergey G. Brester" <serg.brester@sebres.de>
+Date: Mon, 28 Nov 2022 13:21:15 +0100
+Subject: [PATCH] no warning if no config value but default (debug message now)
+
+closes #3420
+--- a/fail2ban/client/configreader.py
++++ b/fail2ban/client/configreader.py
+@@ -277,7 +277,7 @@ def getOptions(self, sec, options, pOptions=None, shouldExist=False, convert=Tru
+ 				# TODO: validate error handling here.
+ 			except NoOptionError:
+ 				if not optvalue is None:
+-					logSys.warning("'%s' not defined in '%s'. Using default one: %r"
++					logSys.debug("'%s' not defined in '%s'. Using default one: %r"
+ 								% (optname, sec, optvalue))
+ 					values[optname] = optvalue
+ 				# elif logSys.getEffectiveLevel() <= logLevel: