[PATCH 0/2] Fix fail2ban build

  • Done
  • quality assurance status badge
Details
4 participants
  • Andreas Enge
  • Ludovic Courtès
  • Nicolas Graves
  • Rodion Goritskov
Owner
unassigned
Submitted by
Rodion Goritskov
Severity
normal

Debbugs page

R
R
Rodion Goritskov wrote on 25 Apr 13:12 -0700
(address . guix-patches@gnu.org)(name . Rodion Goritskov)(address . rodion@goritskov.com)
20250425201230.12492-1-rodion@goritskov.com
Hi!

Currently fail2ban is not building [1] because its test suite is not compatible with Python 3.11.
Quick fix is to use Python 3.10 there.

Probably I will find some time to update fail2ban package in the nearest future
(because it is quite old now, four years passed already).

However, I think it is good to have the current version building for now.


Rodion Goritskov (2):
gnu: python: Export wrap-python3.
gnu: fail2ban: Build with Python 3.10.

gnu/packages/admin.scm | 3 ++-
gnu/packages/python.scm | 3 ++-
2 files changed, 4 insertions(+), 2 deletions(-)

--
2.49.0
R
R
Rodion Goritskov wrote on 25 Apr 13:18 -0700
[PATCH 1/2] gnu: python: Export wrap-python3.
(address . 78066@debbugs.gnu.org)(name . Rodion Goritskov)(address . rodion@goritskov.com)
20250425201809.13507-1-rodion@goritskov.com
* gnu/packages/python.scm (wrap-python3): Export wrap-python3.

Change-Id: I89f8b53d0b5451dadb6f6e1c604523e8a718cb19
---
gnu/packages/python.scm | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

Toggle diff (16 lines)
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index dccd3cdd0e..00f4f9e07b 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -105,7 +105,8 @@ (define-module (gnu packages python)
#:use-module (srfi srfi-26)
#:export (customize-site
- guix-pythonpath-search-path))
+ guix-pythonpath-search-path
+ wrap-python3))
(define* (customize-site version)
"Generate a install-sitecustomize.py phase, using VERSION."
--
2.49.0
R
R
Rodion Goritskov wrote on 25 Apr 13:18 -0700
[PATCH 2/2] gnu: fail2ban: Build with Python 3.10.
(address . 78066@debbugs.gnu.org)(name . Rodion Goritskov)(address . rodion@goritskov.com)
20250425201809.13507-2-rodion@goritskov.com
* gnu/packages/admin.scm (fail2ban): Change Python version used to 3.10 to fix
test problems.

Change-Id: I67d2cf3c465ab1639659402d50357395afb35213
---
gnu/packages/admin.scm | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

Toggle diff (16 lines)
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index d7ae926809..225ae87b06 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -6289,7 +6289,8 @@ (define-public fail2ban
"fail2ban-paths-guix-conf.patch"))))
(build-system python-build-system)
(arguments
- '(#:phases (modify-phases %standard-phases
+ `(#:python ,(wrap-python3 python-3.10)
+ #:phases (modify-phases %standard-phases
(add-before 'build 'invoke-2to3
(lambda _
(invoke "./fail2ban-2to3")))
--
2.49.0
N
N
Nicolas Graves wrote on 26 Apr 07:59 -0700
[PATCH 0/2] Fix fail2ban build
(address . 78066@debbugs.gnu.org)
87ldrnezoa.fsf@ngraves.fr
Hi Rodion!

I think the issue with using a different Python version is that I'm not
sure it behaves well in a profile, since python packages are propagated.
Maybe the CLI might work well, but importing python modules would
probably be broken.

If it's only the tests that are broken, maybe it's better to ignore
failing tests?

Or even better : simply update the package to a more recent version. I
get the impression that it should work well from

I'll see if such an update fixes your issue, if yes I'll send an update
here.

--
Best regards,
Nicolas Graves
N
N
Nicolas Graves wrote on 26 Apr 23:29 -0700
(address . 78066@debbugs.gnu.org)
87zfg2t8vl.fsf@ngraves.fr
I managed to get tests to pass properly with an update and minimal
changes (but a change in the build-system [1], I still have to replace
the install phase to avoid a world-rebuild). The subject with
fail2ban is that there's also a complete config, and since I'm not a
user, I'm not sure everything will work well there. But let's update
it, and modify the fail2ban configuration if things have changed there.

See you in a few minutes/hours when I'll send an updated patch series!


On 2025-04-26 16:59, Nicolas Graves via Guix-patches via wrote:

Toggle quote (17 lines)
> Hi Rodion!
>
> I think the issue with using a different Python version is that I'm not
> sure it behaves well in a profile, since python packages are propagated.
> Maybe the CLI might work well, but importing python modules would
> probably be broken.
>
> If it's only the tests that are broken, maybe it's better to ignore
> failing tests?
>
> Or even better : simply update the package to a more recent version. I
> get the impression that it should work well from
> https://github.com/fail2ban/fail2ban/releases/tag/1.1.0
>
> I'll see if such an update fixes your issue, if yes I'll send an update
> here.

--
Best regards,
Nicolas Graves
N
N
Nicolas Graves wrote on 27 Apr 02:08 -0700
[PATCH v2 0/5] Update fail2ban.
(address . 78066@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20250427090915.11846-1-ngraves@ngraves.fr
Instead of building fail2ban with Python@3.10, update it to run with Python@3.11.

Nicolas Graves (5):
gnu: fail2ban: Move file deletion to source snippet.
gnu: fail2ban: Update to 1.1.0.
gnu: fail2ban: Improve style.
gnu: fail2ban: Improve snippet.
gnu: fail2ban: Improve style.

gnu/local.mk | 6 -
gnu/packages/admin.scm | 325 ++++++++----------
.../fail2ban-0.11.2_CVE-2021-32749.patch | 155 ---------
...2ban-0.11.2_fix-setuptools-drop-2to3.patch | 64 ----
.../fail2ban-0.11.2_fix-test-suite.patch | 48 ---
.../fail2ban-python310-server-action.patch | 27 --
.../fail2ban-python310-server-actions.patch | 25 --
.../fail2ban-python310-server-jails.patch | 25 --
8 files changed, 147 insertions(+), 528 deletions(-)
delete mode 100644 gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch
delete mode 100644 gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch
delete mode 100644 gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch
delete mode 100644 gnu/packages/patches/fail2ban-python310-server-action.patch
delete mode 100644 gnu/packages/patches/fail2ban-python310-server-actions.patch
delete mode 100644 gnu/packages/patches/fail2ban-python310-server-jails.patch

--
2.49.0
N
N
Nicolas Graves wrote on 27 Apr 02:08 -0700
[PATCH v2 1/5] gnu: fail2ban: Move file deletion to source snippet.
(address . 78066@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20250427090915.11846-2-ngraves@ngraves.fr
* gnu/packages/admin.scm (fail2ban)
[arguments]<phases>: Move multiple file deletion from here...
[source]<snippet>: ...to here.
---
gnu/packages/admin.scm | 64 +++++++++++++++++++++---------------------
1 file changed, 32 insertions(+), 32 deletions(-)

Toggle diff (84 lines)
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index d7ae926809..c6c5188d81 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -6244,6 +6244,38 @@ (define-public fail2ban
(modules '((guix build utils)))
(snippet
'(begin
+ ;; deleting things that are not feasible to fix
+ ;; or won't be used any way
+ (with-directory-excursion "config"
+ (for-each delete-file
+ '("paths-arch.conf"
+ "paths-debian.conf"
+ "paths-fedora.conf"
+ "paths-freebsd.conf"
+ "paths-opensuse.conf"
+ "paths-osx.conf")))
+ (with-directory-excursion "config/action.d"
+ (for-each delete-file
+ '("apf.conf"
+ "bsd-ipfw.conf"
+ "dshield.conf"
+ "ipfilter.conf"
+ "ipfw.conf"
+ "firewallcmd-allports.conf"
+ "firewallcmd-common.conf"
+ "firewallcmd-ipset.conf"
+ "firewallcmd-multiport.conf"
+ "firewallcmd-new.conf"
+ "firewallcmd-rich-logging.conf"
+ "firewallcmd-rich-rules.conf"
+ "osx-afctl.conf"
+ "osx-ipfw.conf"
+ "pf.conf"
+ "nginx-block-map.conf"
+ "npf.conf"
+ "shorewall.conf"
+ "shorewall-ipset-proto6.conf"
+ "ufw.conf")))
;; Get rid of absolute file names.
(substitute* "setup.py"
(("/etc/fail2ban")
@@ -6305,38 +6337,6 @@ (define-public fail2ban
"/etc/fail2ban")))))
(add-after 'fix-default-config 'set-action-dependencies
(lambda* (#:key inputs #:allow-other-keys)
- ;; deleting things that are not feasible to fix
- ;; or won't be used any way
- (with-directory-excursion "config"
- (for-each delete-file
- '("paths-arch.conf"
- "paths-debian.conf"
- "paths-fedora.conf"
- "paths-freebsd.conf"
- "paths-opensuse.conf"
- "paths-osx.conf")))
- (with-directory-excursion "config/action.d"
- (for-each delete-file
- '("apf.conf"
- "bsd-ipfw.conf"
- "dshield.conf"
- "ipfilter.conf"
- "ipfw.conf"
- "firewallcmd-allports.conf"
- "firewallcmd-common.conf"
- "firewallcmd-ipset.conf"
- "firewallcmd-multiport.conf"
- "firewallcmd-new.conf"
- "firewallcmd-rich-logging.conf"
- "firewallcmd-rich-rules.conf"
- "osx-afctl.conf"
- "osx-ipfw.conf"
- "pf.conf"
- "nginx-block-map.conf"
- "npf.conf"
- "shorewall.conf"
- "shorewall-ipset-proto6.conf"
- "ufw.conf")))
(let* ((lookup-cmd (lambda (i)
(search-input-file inputs i)))
(bin (lambda (i)
--
2.49.0
N
N
Nicolas Graves wrote on 27 Apr 02:08 -0700
[PATCH v2 2/5] gnu: fail2ban: Update to 1.1.0.
(address . 78066@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20250427090915.11846-3-ngraves@ngraves.fr
* gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch,
gnu/packages/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch,
gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch,
gnu/packages/patches/fail2ban-python310-server-action.patch,
gnu/packages/fail2ban-python310-server-actions.patch: Delete patches.

* gnu/local.mk: Deregister patches.

* gnu/packages/admin.scm (fail2ban): Update to 1.1.0.
[source]<snippet>: Use (srfi srfi-26) for readability.
<patches>: Deregister patches.
[build-system]: Switch to pyproject-build-system.
[arguments]<phases>: Remove phase 'invoke-2to3. Add phase
'avoid-external-binary-in-/bin to avoid creating a symlink to
python-wrapper binary during installation (current 'install phase
breaks otherwise).
[native-inputs]: Add python-setuptools, python-wheel.
---
gnu/local.mk | 6 -
gnu/packages/admin.scm | 33 ++--
.../fail2ban-0.11.2_CVE-2021-32749.patch | 155 ------------------
...2ban-0.11.2_fix-setuptools-drop-2to3.patch | 64 --------
.../fail2ban-0.11.2_fix-test-suite.patch | 48 ------
.../fail2ban-python310-server-action.patch | 27 ---
.../fail2ban-python310-server-actions.patch | 25 ---
.../fail2ban-python310-server-jails.patch | 25 ---
8 files changed, 15 insertions(+), 368 deletions(-)
delete mode 100644 gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch
delete mode 100644 gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch
delete mode 100644 gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch
delete mode 100644 gnu/packages/patches/fail2ban-python310-server-action.patch
delete mode 100644 gnu/packages/patches/fail2ban-python310-server-actions.patch
delete mode 100644 gnu/packages/patches/fail2ban-python310-server-jails.patch

Toggle diff (278 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index 3f5e4cec38..be2639eeb4 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1259,13 +1259,7 @@ dist_patch_DATA = \
%D%/packages/patches/expat-CVE-2024-45492.patch \
%D%/packages/patches/extempore-unbundle-external-dependencies.patch \
%D%/packages/patches/extundelete-e2fsprogs-1.44.patch \
- %D%/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch \
- %D%/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch \
- %D%/packages/patches/fail2ban-0.11.2_fix-test-suite.patch \
%D%/packages/patches/fail2ban-paths-guix-conf.patch \
- %D%/packages/patches/fail2ban-python310-server-action.patch \
- %D%/packages/patches/fail2ban-python310-server-actions.patch \
- %D%/packages/patches/fail2ban-python310-server-jails.patch \
%D%/packages/patches/faiss-tests-CMakeLists-find-googletest.patch \
%D%/packages/patches/falcosecurity-libs-shared-build.patch \
%D%/packages/patches/farstream-gupnp.patch \
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index c6c5188d81..689e9bcd4a 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -6231,7 +6231,7 @@ (define-public sysdig
(define-public fail2ban
(package
(name "fail2ban")
- (version "0.11.2")
+ (version "1.1.0")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -6240,8 +6240,8 @@ (define-public fail2ban
(file-name (git-file-name name version))
(sha256
(base32
- "00d9q8m284q2wy6q462nipzszplfbvrs9fhgn0y3imwsc24kv1db"))
- (modules '((guix build utils)))
+ "0lfakna6ad2xwz95sjxzkavipcsxiy7ybavkdkf9zzmspf2ws4yk"))
+ (modules '((guix build utils) (srfi srfi-26)))
(snippet
'(begin
;; deleting things that are not feasible to fix
@@ -6289,10 +6289,9 @@ (define-public fail2ban
(("'/usr/share/doc/fail2ban'")
"'usr/share/doc/fail2ban'"))
;; disable tests performing unacceptable side-effects
- (let ((make-suite (lambda (t)
- (string-append
- "tests.addTest.unittest.makeSuite."
- t ".."))))
+ (let ((make-suite (cut string-append
+ "tests.addTest\\(loadTests\\("
+ <> "\\)\\)")))
(substitute* "fail2ban/tests/utils.py"
(((make-suite "actiontestcase.CommandActionTest"))
"")
@@ -6311,20 +6310,16 @@ (define-public fail2ban
(((make-suite
"servertestcase.ServerConfigReaderTests"))
"")))))
- (patches (search-patches
- "fail2ban-0.11.2_fix-setuptools-drop-2to3.patch"
- "fail2ban-python310-server-action.patch"
- "fail2ban-python310-server-actions.patch"
- "fail2ban-python310-server-jails.patch"
- "fail2ban-0.11.2_fix-test-suite.patch"
- "fail2ban-0.11.2_CVE-2021-32749.patch"
- "fail2ban-paths-guix-conf.patch"))))
- (build-system python-build-system)
+ (patches (search-patches "fail2ban-paths-guix-conf.patch"))))
+ (build-system pyproject-build-system)
(arguments
'(#:phases (modify-phases %standard-phases
- (add-before 'build 'invoke-2to3
+ (add-after 'unpack 'avoid-external-binary-in-/bin
(lambda _
- (invoke "./fail2ban-2to3")))
+ (delete-file "fail2ban/setup.py")
+ (substitute* '("bin/fail2ban-testcases"
+ "setup.py")
+ ((".*updatePyExec.*") ""))))
(add-before 'install 'fix-default-config
(lambda* (#:key outputs #:allow-other-keys)
(substitute* '("config/paths-common.conf"
@@ -6410,6 +6405,8 @@ (define-public fail2ban
"fail2ban-testcases"))
(for-each install-man5
'("jail.conf")))))))))
+ (native-inputs
+ (list python-setuptools python-wheel))
(inputs (list gawk
coreutils-minimal
curl
diff --git a/gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch b/gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch
deleted file mode 100644
index d3c677918c..0000000000
--- a/gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch
+++ /dev/null
@@ -1,155 +0,0 @@
-From 410a6ce5c80dd981c22752da034f2529b5eee844 Mon Sep 17 00:00:00 2001
-From: sebres <serg.brester@sebres.de>
-Date: Mon, 21 Jun 2021 17:12:53 +0200
-Subject: [PATCH] fixed possible RCE vulnerability, unset escape variable
- (default tilde) stops consider "~" char after new-line as composing escape
- sequence
-
----
- config/action.d/complain.conf | 2 +-
- config/action.d/dshield.conf | 2 +-
- config/action.d/mail-buffered.conf | 8 ++++----
- config/action.d/mail-whois-lines.conf | 2 +-
- config/action.d/mail-whois.conf | 6 +++---
- config/action.d/mail.conf | 6 +++---
- 6 files changed, 13 insertions(+), 13 deletions(-)
-
-diff --git a/config/action.d/complain.conf b/config/action.d/complain.conf
-index 3a5f882c9f..4d73b05859 100644
---- a/config/action.d/complain.conf
-+++ b/config/action.d/complain.conf
-@@ -102,7 +102,7 @@ logpath = /dev/null
- # Notes.: Your system mail command. Is passed 2 args: subject and recipient
- # Values: CMD
- #
--mailcmd = mail -s
-+mailcmd = mail -E 'set escape' -s
-
- # Option: mailargs
- # Notes.: Additional arguments to mail command. e.g. for standard Unix mail:
-diff --git a/config/action.d/dshield.conf b/config/action.d/dshield.conf
-index c128bef348..3d5a7a53a9 100644
---- a/config/action.d/dshield.conf
-+++ b/config/action.d/dshield.conf
-@@ -179,7 +179,7 @@ tcpflags =
- # Notes.: Your system mail command. Is passed 2 args: subject and recipient
- # Values: CMD
- #
--mailcmd = mail -s
-+mailcmd = mail -E 'set escape' -s
-
- # Option: mailargs
- # Notes.: Additional arguments to mail command. e.g. for standard Unix mail:
-diff --git a/config/action.d/mail-buffered.conf b/config/action.d/mail-buffered.conf
-index 325f185b2f..79b841049c 100644
---- a/config/action.d/mail-buffered.conf
-+++ b/config/action.d/mail-buffered.conf
-@@ -17,7 +17,7 @@ actionstart = printf %%b "Hi,\n
- The jail <name> has been started successfully.\n
- Output will be buffered until <lines> lines are available.\n
- Regards,\n
-- Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
-+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
-
- # Option: actionstop
- # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
-@@ -28,13 +28,13 @@ actionstop = if [ -f <tmpfile> ]; then
- These hosts have been banned by Fail2Ban.\n
- `cat <tmpfile>`
- Regards,\n
-- Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary from <fq-hostname>" <dest>
-+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: Summary from <fq-hostname>" <dest>
- rm <tmpfile>
- fi
- printf %%b "Hi,\n
- The jail <name> has been stopped.\n
- Regards,\n
-- Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
-+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
-
- # Option: actioncheck
- # Notes.: command executed once before each actionban command
-@@ -55,7 +55,7 @@ actionban = printf %%b "`date`: <ip> (<failures> failures)\n" >> <tmpfile>
- These hosts have been banned by Fail2Ban.\n
- `cat <tmpfile>`
- \nRegards,\n
-- Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary" <dest>
-+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: Summary" <dest>
- rm <tmpfile>
- fi
-
-diff --git a/config/action.d/mail-whois-lines.conf b/config/action.d/mail-whois-lines.conf
-index 3a3e56b2c7..d2818cb9b9 100644
---- a/config/action.d/mail-whois-lines.conf
-+++ b/config/action.d/mail-whois-lines.conf
-@@ -72,7 +72,7 @@ actionunban =
- # Notes.: Your system mail command. Is passed 2 args: subject and recipient
- # Values: CMD
- #
--mailcmd = mail -s
-+mailcmd = mail -E 'set escape' -s
-
- # Default name of the chain
- #
-diff --git a/config/action.d/mail-whois.conf b/config/action.d/mail-whois.conf
-index 7fea34c40d..ab33b616dc 100644
---- a/config/action.d/mail-whois.conf
-+++ b/config/action.d/mail-whois.conf
-@@ -20,7 +20,7 @@ norestored = 1
- actionstart = printf %%b "Hi,\n
- The jail <name> has been started successfully.\n
- Regards,\n
-- Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
-+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
-
- # Option: actionstop
- # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
-@@ -29,7 +29,7 @@ actionstart = printf %%b "Hi,\n
- actionstop = printf %%b "Hi,\n
- The jail <name> has been stopped.\n
- Regards,\n
-- Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
-+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
-
- # Option: actioncheck
- # Notes.: command executed once before each actionban command
-@@ -49,7 +49,7 @@ actionban = printf %%b "Hi,\n
- Here is more information about <ip> :\n
- `%(_whois_command)s`\n
- Regards,\n
-- Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
-+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
-
- # Option: actionunban
- # Notes.: command executed when unbanning an IP. Take care that the
-diff --git a/config/action.d/mail.conf b/config/action.d/mail.conf
-index 5d8c0e154c..f4838ddcb6 100644
---- a/config/action.d/mail.conf
-+++ b/config/action.d/mail.conf
-@@ -16,7 +16,7 @@ norestored = 1
- actionstart = printf %%b "Hi,\n
- The jail <name> has been started successfully.\n
- Regards,\n
-- Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
-+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
-
- # Option: actionstop
- # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
-@@ -25,7 +25,7 @@ actionstart = printf %%b "Hi,\n
- actionstop = printf %%b "Hi,\n
- The jail <name> has been stopped.\n
- Regards,\n
-- Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
-+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
-
- # Option: actioncheck
- # Notes.: command executed once before each actionban command
-@@ -43,7 +43,7 @@ actionban = printf %%b "Hi,\n
- The IP <ip> has just been banned by Fail2Ban after
- <failures> attempts against <name>.\n
- Regards,\n
-- Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
-+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
-
- # Option: actionunban
- # Notes.: command executed when unbanning an IP. Take care that the
diff --git a/gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch b/gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch
deleted file mode 100644
index b0b14364b1..0000000000
--- a/gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From 5ac303df8a171f748330d4c645ccbf1c2c7f3497 Mon Sep 17 00:00:00 2001
-From: sebres <info@sebres.de>
-Date: Sun, 19 Sep 2021 18:49:18 +0200
-Subject: [PATCH] fix gh-3098: build fails with error in fail2ban setup
- command: use_2to3 is invalid (setuptools 58+)
-
----
- setup.py | 16 +---------------
- 1 file changed, 1 insertion(+), 15 deletions(-)
-
-diff --git a/setup.py b/setup.py
-index f4c2550f6f..98413273c5 100755
---- a/setup.py
-+++ b/setup.py
-@@ -48,7 +48,7 @@
- from glob import glob
-
- from fail2ban.setup import updatePyExec
--
-+from fail2ban.version import version
-
- source_dir = os.path.realpath(os.path.dirname(
- # __file__ seems to be overwritten sometimes on some python versions (e.g. bug of 2.6 by running under cProfile, etc.):
-@@ -112,22 +112,12 @@ def update_scripts(self, dry_run=False):
- # Wrapper to specify fail2ban own options:
- class install_command_f2b(install):
- user_options = install.user_options + [
-- ('disable-2to3', None, 'Specify to deactivate 2to3, e.g. if the install runs from fail2ban test-cases.'),
- ('without-tests', None, 'without tests files installation'),
- ]
- def initialize_options(self):
-- self.disable_2to3 = None
- self.without_tests = not with_tests
- install.initialize_options(self)
- def finalize_options(self):
-- global _2to3
-- ## in the test cases 2to3 should be already done (fail2ban-2to3):
-- if self.disable_2to3:
-- _2to3 = False
-- if _2to3:
-- cmdclass = self.distribution.cmdclass
-- cmdclass['build_py'] = build_py_2to3
-- cmdclass['build_scripts'] = build_scripts_2to3
- if self.without_tests:
- self.distribution.scripts.remove('bin/fail2ban-testcases')
-
-@@ -178,7 +168,6 @@ def run(self):
- if setuptools:
- setup_extra = {
- 'test_suite': "fail2ban.tests.utils.gatherTests",
-- 'use_2to3': True,
- }
- else:
- setup_extra = {}
-@@ -202,9 +191,6 @@ def run(self):
- ('/usr/share/doc/fail2ban', doc_files)
- )
-
--# Get version number, avoiding importing fail2ban.
--# This is due to tests not functioning for python3 as 2to3 takes place later
--exec(open(join("fail2ban", "version.py")).read())
-
- setup(
- name = "fail2ban",
Toggle diff (93 lines)
diff --git a/gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch b/gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch
deleted file mode 100644
index 91d973e72e..0000000000
--- a/gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 747d4683221b5584f9663695fb48145689b42ceb Mon Sep 17 00:00:00 2001
-From: sebres <info@sebres.de>
-Date: Mon, 4 Jan 2021 02:42:38 +0100
-Subject: [PATCH] fixes century selector of %ExY and %Exy in datepattern for
- tests, considering interval from 2005 (alternate now) to now; + better
- grouping algorithm for resulting century RE
-
----
- fail2ban/server/strptime.py | 24 ++++++++++++++++++++++--
- 1 file changed, 22 insertions(+), 2 deletions(-)
-
-diff --git a/fail2ban/server/strptime.py b/fail2ban/server/strptime.py
-index 1464a96d1f..39fc795865 100644
---- a/fail2ban/server/strptime.py
-+++ b/fail2ban/server/strptime.py
-@@ -36,10 +36,30 @@ def _getYearCentRE(cent=(0,3), distance=3, now=(MyTime.now(), MyTime.alternateNo
- Thereby respect possible run in the test-cases (alternate date used there)
- """
- cent = lambda year, f=cent[0], t=cent[1]: str(year)[f:t]
-+ def grp(exprset):
-+ c = None
-+ if len(exprset) > 1:
-+ for i in exprset:
-+ if c is None or i[0:-1] == c:
-+ c = i[0:-1]
-+ else:
-+ c = None
-+ break
-+ if not c:
-+ for i in exprset:
-+ if c is None or i[0] == c:
-+ c = i[0]
-+ else:
-+ c = None
-+ break
-+ if c:
-+ return "%s%s" % (c, grp([i[len(c):] for i in exprset]))
-+ return ("(?:%s)" % "|".join(exprset) if len(exprset[0]) > 1 else "[%s]" % "".join(exprset)) \
-+ if len(exprset) > 1 else "".join(exprset)
- exprset = set( cent(now[0].year + i) for i in (-1, distance) )
- if len(now) and now[1]:
-- exprset |= set( cent(now[1].year + i) for i in (-1, distance) )
-- return "(?:%s)" % "|".join(exprset) if len(exprset) > 1 else "".join(exprset)
-+ exprset |= set( cent(now[1].year + i) for i in xrange(-1, now[0].year-now[1].year+1, distance) )
-+ return grp(sorted(list(exprset)))
-
- timeRE = TimeRE()
-
diff --git a/gnu/packages/patches/fail2ban-python310-server-action.patch b/gnu/packages/patches/fail2ban-python310-server-action.patch
deleted file mode 100644
index 723d7f7aa6..0000000000
--- a/gnu/packages/patches/fail2ban-python310-server-action.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 2b6bb2c1bed8f7009631e8f8c306fa3160324a49 Mon Sep 17 00:00:00 2001
-From: "Sergey G. Brester" <serg.brester@sebres.de>
-Date: Mon, 8 Feb 2021 17:19:24 +0100
-Subject: [PATCH] follow bpo-37324: :ref:`collections-abstract-base-classes`
- moved to the :mod:`collections.abc` module
-
-(since 3.10-alpha.5 `MutableMapping` is missing in collections module)
----
- fail2ban/server/action.py | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/fail2ban/server/action.py b/fail2ban/server/action.py
-index 3bc48fe046..f0f1e6f59a 100644
---- a/fail2ban/server/action.py
-+++ b/fail2ban/server/action.py
-@@ -30,7 +30,10 @@
- import threading
- import time
- from abc import ABCMeta
--from collections import MutableMapping
-+try:
-+ from collections.abc import MutableMapping
-+except ImportError:
-+ from collections import MutableMapping
-
- from .failregex import mapTag2Opt
- from .ipdns import DNSUtils
diff --git a/gnu/packages/patches/fail2ban-python310-server-actions.patch b/gnu/packages/patches/fail2ban-python310-server-actions.patch
deleted file mode 100644
index e31316d28b..0000000000
--- a/gnu/packages/patches/fail2ban-python310-server-actions.patch
+++ /dev/null
@@ -1,25 +0,0 @
This message was truncated. Download the full message here.
N
N
Nicolas Graves wrote on 27 Apr 02:08 -0700
[PATCH v2 3/5] gnu: fail2ban: Improve style.
(address . 78066@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20250427090915.11846-4-ngraves@ngraves.fr
* gnu/packages/admin.scm (fail2ban): Improve style (through guix-style).
[arguments]<phases>: Rewrite using gexps. Rewrite phases
'set-action-dependencies and copy-man-pages for readability.
---
gnu/packages/admin.scm | 321 +++++++++++++++++++----------------------
1 file changed, 148 insertions(+), 173 deletions(-)

Toggle diff (336 lines)
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 689e9bcd4a..1f48eb264d 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -6232,181 +6232,156 @@ (define-public fail2ban
(package
(name "fail2ban")
(version "1.1.0")
- (source (origin
- (method git-fetch)
- (uri (git-reference
- (url "https://github.com/fail2ban/fail2ban")
- (commit version)))
- (file-name (git-file-name name version))
- (sha256
- (base32
- "0lfakna6ad2xwz95sjxzkavipcsxiy7ybavkdkf9zzmspf2ws4yk"))
- (modules '((guix build utils) (srfi srfi-26)))
- (snippet
- '(begin
- ;; deleting things that are not feasible to fix
- ;; or won't be used any way
- (with-directory-excursion "config"
- (for-each delete-file
- '("paths-arch.conf"
- "paths-debian.conf"
- "paths-fedora.conf"
- "paths-freebsd.conf"
- "paths-opensuse.conf"
- "paths-osx.conf")))
- (with-directory-excursion "config/action.d"
- (for-each delete-file
- '("apf.conf"
- "bsd-ipfw.conf"
- "dshield.conf"
- "ipfilter.conf"
- "ipfw.conf"
- "firewallcmd-allports.conf"
- "firewallcmd-common.conf"
- "firewallcmd-ipset.conf"
- "firewallcmd-multiport.conf"
- "firewallcmd-new.conf"
- "firewallcmd-rich-logging.conf"
- "firewallcmd-rich-rules.conf"
- "osx-afctl.conf"
- "osx-ipfw.conf"
- "pf.conf"
- "nginx-block-map.conf"
- "npf.conf"
- "shorewall.conf"
- "shorewall-ipset-proto6.conf"
- "ufw.conf")))
- ;; Get rid of absolute file names.
- (substitute* "setup.py"
- (("/etc/fail2ban")
- "etc/fail2ban")
- (("/var/lib/fail2ban")
- "var/lib/fail2ban")
- (("\"/usr/bin/\"")
- "\"usr/bin/\"")
- (("\"/usr/lib/fail2ban/\"")
- "\"usr/lib/fail2ban/\"")
- (("'/usr/share/doc/fail2ban'")
- "'usr/share/doc/fail2ban'"))
- ;; disable tests performing unacceptable side-effects
- (let ((make-suite (cut string-append
- "tests.addTest\\(loadTests\\("
- <> "\\)\\)")))
- (substitute* "fail2ban/tests/utils.py"
- (((make-suite "actiontestcase.CommandActionTest"))
- "")
- (((make-suite "misctestcase.SetupTest"))
- "")
- (((make-suite
- "filtertestcase.DNSUtilsNetworkTests"))
- "")
- (((make-suite "filtertestcase.IgnoreIPDNS"))
- "")
- (((make-suite "filtertestcase.GetFailures"))
- "")
- (((make-suite
- "fail2banclienttestcase.Fail2banServerTest"))
- "")
- (((make-suite
- "servertestcase.ServerConfigReaderTests"))
- "")))))
- (patches (search-patches "fail2ban-paths-guix-conf.patch"))))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/fail2ban/fail2ban")
+ (commit version)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "0lfakna6ad2xwz95sjxzkavipcsxiy7ybavkdkf9zzmspf2ws4yk"))
+ (modules '((guix build utils)
+ (srfi srfi-26)))
+ (snippet '(begin
+ ;; deleting things that are not feasible to fix
+ ;; or won't be used any way
+ (with-directory-excursion "config"
+ (for-each delete-file
+ '("paths-arch.conf" "paths-debian.conf"
+ "paths-fedora.conf" "paths-freebsd.conf"
+ "paths-opensuse.conf" "paths-osx.conf")))
+ (with-directory-excursion "config/action.d"
+ (for-each delete-file
+ '("apf.conf" "bsd-ipfw.conf"
+ "dshield.conf"
+ "ipfilter.conf"
+ "ipfw.conf"
+ "firewallcmd-allports.conf"
+ "firewallcmd-common.conf"
+ "firewallcmd-ipset.conf"
+ "firewallcmd-multiport.conf"
+ "firewallcmd-new.conf"
+ "firewallcmd-rich-logging.conf"
+ "firewallcmd-rich-rules.conf"
+ "osx-afctl.conf"
+ "osx-ipfw.conf"
+ "pf.conf"
+ "nginx-block-map.conf"
+ "npf.conf"
+ "shorewall.conf"
+ "shorewall-ipset-proto6.conf"
+ "ufw.conf")))
+ ;; Get rid of absolute file names.
+ (substitute* "setup.py"
+ (("/etc/fail2ban")
+ "etc/fail2ban")
+ (("/var/lib/fail2ban")
+ "var/lib/fail2ban")
+ (("\"/usr/bin/\"")
+ "\"usr/bin/\"")
+ (("\"/usr/lib/fail2ban/\"")
+ "\"usr/lib/fail2ban/\"")
+ (("'/usr/share/doc/fail2ban'")
+ "'usr/share/doc/fail2ban'"))
+ ;; disable tests performing unacceptable side-effects
+ (let ((make-suite (cut string-append
+ "tests.addTest\\(loadTests\\(" <>
+ "\\)\\)")))
+ (substitute* "fail2ban/tests/utils.py"
+ (((make-suite "actiontestcase.CommandActionTest"))
+ "")
+ (((make-suite "misctestcase.SetupTest"))
+ "")
+ (((make-suite "filtertestcase.DNSUtilsNetworkTests"))
+ "")
+ (((make-suite "filtertestcase.IgnoreIPDNS"))
+ "")
+ (((make-suite "filtertestcase.GetFailures"))
+ "")
+ (((make-suite
+ "fail2banclienttestcase.Fail2banServerTest"))
+ "")
+ (((make-suite "servertestcase.ServerConfigReaderTests"))
+ "")))))
+ (patches (search-patches "fail2ban-paths-guix-conf.patch"))))
(build-system pyproject-build-system)
(arguments
- '(#:phases (modify-phases %standard-phases
- (add-after 'unpack 'avoid-external-binary-in-/bin
- (lambda _
- (delete-file "fail2ban/setup.py")
- (substitute* '("bin/fail2ban-testcases"
- "setup.py")
- ((".*updatePyExec.*") ""))))
- (add-before 'install 'fix-default-config
- (lambda* (#:key outputs #:allow-other-keys)
- (substitute* '("config/paths-common.conf"
- "fail2ban/tests/utils.py"
- "fail2ban/client/configreader.py"
- "fail2ban/client/fail2bancmdline.py"
- "fail2ban/client/fail2banregex.py")
- (("/etc/fail2ban")
- (string-append (assoc-ref outputs "out")
- "/etc/fail2ban")))))
- (add-after 'fix-default-config 'set-action-dependencies
- (lambda* (#:key inputs #:allow-other-keys)
- (let* ((lookup-cmd (lambda (i)
- (search-input-file inputs i)))
- (bin (lambda (i)
- (lookup-cmd (string-append "/bin/" i))))
- (sbin (lambda (i)
- (lookup-cmd (string-append "/sbin/" i))))
- (ip (sbin "ip"))
- (sendmail (sbin "sendmail")))
- (substitute* (find-files "config/action.d" "\\.conf$")
- ;; TODO: deal with geoiplookup ..
- (("(awk|curl|dig|jq)" all cmd)
- (bin cmd))
- (("(cat|echo|grep|head|printf|wc) " all
- cmd)
- (string-append (bin cmd) " "))
- ((" (date|rm|sed|tail|touch|tr) " all
- cmd)
- (string-append " "
- (bin cmd) " "))
- (("cut -d")
- (string-append (bin "cut") " -d"))
- (("`date`")
- (string-append "`"
- (bin "date") "`"))
- (("id -")
- (string-append (bin "id") " -"))
- (("ip -([46]) addr" all ver)
- (string-append ip " -" ver " addr"))
- (("ip route")
- (string-append ip " route"))
- (("ipset ")
- (string-append (sbin "ipset") " "))
- (("(iptables|ip6tables) <" all cmd)
- (string-append (sbin cmd) " <"))
- (("/usr/bin/nsupdate")
- (bin "nsupdate"))
- (("mail -E")
- (string-append sendmail " -E"))
- (("nftables = nft")
- (string-append "nftables = " (sbin "nft")))
- (("perl -e")
- (string-append (bin "perl") " -e"))
- (("/usr/sbin/sendmail")
- sendmail)
- (("test -e")
- (string-append (bin "test") " -e"))
- (("_whois = whois")
- (string-append "_whois = " (bin "whois")))))
- (substitute* "config/jail.conf"
- (("before = paths-debian.conf")
- "before = paths-guix.conf"))))
- (add-after 'install 'copy-man-pages
- (lambda* (#:key outputs #:allow-other-keys)
- (let* ((man (string-append (assoc-ref outputs "out")
- "/man"))
- (install-man (lambda (m)
- (lambda (f)
- (install-file (string-append f
- "." m)
- (string-append man
- "/man" m)))))
- (install-man1 (install-man "1"))
- (install-man5 (install-man "5")))
- (with-directory-excursion "man"
- (for-each install-man1
- '("fail2ban"
- "fail2ban-client"
- "fail2ban-python"
- "fail2ban-regex"
- "fail2ban-server"
- "fail2ban-testcases"))
- (for-each install-man5
- '("jail.conf")))))))))
- (native-inputs
- (list python-setuptools python-wheel))
+ (list
+ #:phases
+ #~(modify-phases %standard-phases
+ (add-after 'unpack 'avoid-external-binary-in-/bin
+ (lambda _
+ (delete-file "fail2ban/setup.py")
+ (substitute* '("bin/fail2ban-testcases" "setup.py")
+ ((".*updatePyExec.*")
+ ""))))
+ (add-before 'install 'fix-default-config
+ (lambda _
+ (substitute* '("config/paths-common.conf"
+ "fail2ban/tests/utils.py"
+ "fail2ban/client/configreader.py"
+ "fail2ban/client/fail2bancmdline.py"
+ "fail2ban/client/fail2banregex.py")
+ (("/etc/fail2ban")
+ (string-append #$output "/etc/fail2ban")))))
+ (add-after 'fix-default-config 'set-action-dependencies
+ (lambda* (#:key inputs #:allow-other-keys)
+ (define (lookup dir file)
+ (search-input-file inputs (string-append "/" dir "/" file)))
+
+ (substitute* (find-files "config/action.d" "\\.conf$")
+ ;; TODO: deal with geoiplookup ..
+ (("(awk|curl|dig|jq)" all cmd)
+ (lookup "bin" cmd))
+ (("(cat|echo|grep|head|printf|wc) " all cmd)
+ (string-append (lookup "bin" cmd) " "))
+ ((" (date|rm|sed|tail|touch|tr) " all cmd)
+ (string-append " " (lookup "bin" cmd) " "))
+ (("cut -d")
+ (string-append (lookup "bin" "cut") " -d"))
+ (("`date`")
+ (string-append "`" (lookup "bin" "date") "`"))
+ (("id -")
+ (string-append (lookup "bin" "id") " -"))
+ (("ip (route|-[46] addr)" all rest)
+ (string-append (lookup "sbin" "ip") rest))
+ (("ipset ")
+ (string-append (lookup "sbin" "ipset") " "))
+ (("(iptables|ip6tables) <" all cmd)
+ (string-append (lookup "sbin" cmd) " <"))
+ (("/usr/bin/nsupdate")
+ (lookup "bin" "nsupdate"))
+ (("mail -E")
+ (string-append (lookup "sbin" "sendmail") " -E"))
+ (("nftables = nft")
+ (string-append "nftables = " (lookup "sbin" "nft")))
+ (("perl -e")
+ (string-append (lookup "bin" "perl") " -e"))
+ (("/usr/sbin/sendmail")
+ (lookup "sbin" "sendmail"))
+ (("test -e")
+ (string-append (lookup "bin" "test") " -e"))
+ (("_whois = whois")
+ (string-append "_whois = " (lookup "bin" "whois"))))
+
+ (substitute* "config/jail.conf"
+ (("before = paths-debian.conf")
+ "before = paths-guix.conf"))))
+ (add-after 'install 'copy-man-pages
+ (lambda _
+ (define (install-man m)
+ (lambda (f)
+ (install-file (string-append f "." m)
+ (string-append #$output "man/man" m))))
+
+ (with-directory-excursion "man"
+ (for-each (install-man "1")
+ '("fail2ban" "fail2ban-client" "fail2ban-python"
+ "fail2ban-regex" "fail2ban-server"
+ "fail2ban-testcases"))
+ ((install-man "5") "jail.conf")))))))
+ (native-inputs (list python-setuptools python-wheel))
(inputs (list gawk
coreutils-minimal
curl
--
2.49.0
N
N
Nicolas Graves wrote on 27 Apr 02:08 -0700
[PATCH v2 4/5] gnu: fail2ban: Improve snippet.
(address . 78066@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20250427090915.11846-5-ngraves@ngraves.fr
* gnu/packages/admin.scm (fail2ban)
[source]<modules>: Remove (srfi srfi-26).
<snippet>: Use gexp. Move substitute* patches...
[arguments]<phases>: ...to phases 'patch-setup.py and 'disable-some-tests.
---
gnu/packages/admin.scm | 127 +++++++++++++++++++++--------------------
1 file changed, 64 insertions(+), 63 deletions(-)

Toggle diff (147 lines)
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 1f48eb264d..25bce63aaf 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -6241,69 +6241,36 @@ (define-public fail2ban
(file-name (git-file-name name version))
(sha256
(base32 "0lfakna6ad2xwz95sjxzkavipcsxiy7ybavkdkf9zzmspf2ws4yk"))
- (modules '((guix build utils)
- (srfi srfi-26)))
- (snippet '(begin
- ;; deleting things that are not feasible to fix
- ;; or won't be used any way
- (with-directory-excursion "config"
- (for-each delete-file
- '("paths-arch.conf" "paths-debian.conf"
- "paths-fedora.conf" "paths-freebsd.conf"
- "paths-opensuse.conf" "paths-osx.conf")))
- (with-directory-excursion "config/action.d"
- (for-each delete-file
- '("apf.conf" "bsd-ipfw.conf"
- "dshield.conf"
- "ipfilter.conf"
- "ipfw.conf"
- "firewallcmd-allports.conf"
- "firewallcmd-common.conf"
- "firewallcmd-ipset.conf"
- "firewallcmd-multiport.conf"
- "firewallcmd-new.conf"
- "firewallcmd-rich-logging.conf"
- "firewallcmd-rich-rules.conf"
- "osx-afctl.conf"
- "osx-ipfw.conf"
- "pf.conf"
- "nginx-block-map.conf"
- "npf.conf"
- "shorewall.conf"
- "shorewall-ipset-proto6.conf"
- "ufw.conf")))
- ;; Get rid of absolute file names.
- (substitute* "setup.py"
- (("/etc/fail2ban")
- "etc/fail2ban")
- (("/var/lib/fail2ban")
- "var/lib/fail2ban")
- (("\"/usr/bin/\"")
- "\"usr/bin/\"")
- (("\"/usr/lib/fail2ban/\"")
- "\"usr/lib/fail2ban/\"")
- (("'/usr/share/doc/fail2ban'")
- "'usr/share/doc/fail2ban'"))
- ;; disable tests performing unacceptable side-effects
- (let ((make-suite (cut string-append
- "tests.addTest\\(loadTests\\(" <>
- "\\)\\)")))
- (substitute* "fail2ban/tests/utils.py"
- (((make-suite "actiontestcase.CommandActionTest"))
- "")
- (((make-suite "misctestcase.SetupTest"))
- "")
- (((make-suite "filtertestcase.DNSUtilsNetworkTests"))
- "")
- (((make-suite "filtertestcase.IgnoreIPDNS"))
- "")
- (((make-suite "filtertestcase.GetFailures"))
- "")
- (((make-suite
- "fail2banclienttestcase.Fail2banServerTest"))
- "")
- (((make-suite "servertestcase.ServerConfigReaderTests"))
- "")))))
+ (modules '((guix build utils)))
+ (snippet #~(begin
+ ;; deleting things that are not feasible to fix
+ ;; or won't be used any way
+ (with-directory-excursion "config"
+ (for-each delete-file
+ '("paths-arch.conf" "paths-debian.conf"
+ "paths-fedora.conf" "paths-freebsd.conf"
+ "paths-opensuse.conf" "paths-osx.conf")))
+ (with-directory-excursion "config/action.d"
+ (for-each delete-file
+ '("apf.conf" "bsd-ipfw.conf"
+ "dshield.conf"
+ "ipfilter.conf"
+ "ipfw.conf"
+ "firewallcmd-allports.conf"
+ "firewallcmd-common.conf"
+ "firewallcmd-ipset.conf"
+ "firewallcmd-multiport.conf"
+ "firewallcmd-new.conf"
+ "firewallcmd-rich-logging.conf"
+ "firewallcmd-rich-rules.conf"
+ "osx-afctl.conf"
+ "osx-ipfw.conf"
+ "pf.conf"
+ "nginx-block-map.conf"
+ "npf.conf"
+ "shorewall.conf"
+ "shorewall-ipset-proto6.conf"
+ "ufw.conf")))))
(patches (search-patches "fail2ban-paths-guix-conf.patch"))))
(build-system pyproject-build-system)
(arguments
@@ -6316,6 +6283,40 @@ (define-public fail2ban
(substitute* '("bin/fail2ban-testcases" "setup.py")
((".*updatePyExec.*")
""))))
+ (add-after 'unpack 'patch-setup.py
+ (lambda _
+ ;; Get rid of absolute file names.
+ (substitute* "setup.py"
+ (("/etc/fail2ban")
+ "etc/fail2ban")
+ (("/var/lib/fail2ban")
+ "var/lib/fail2ban")
+ (("\"/usr/bin/\"")
+ "\"usr/bin/\"")
+ (("\"/usr/lib/fail2ban/\"")
+ "\"usr/lib/fail2ban/\"")
+ (("'/usr/share/doc/fail2ban'")
+ "'usr/share/doc/fail2ban'"))))
+ (add-after 'unpack 'disable-some-tests
+ (lambda _
+ (define (make-suite str)
+ (string-append "tests.addTest\\(loadTests\\(" str "\\)\\)"))
+ ;; disable tests performing unacceptable side-effects
+ (substitute* "fail2ban/tests/utils.py"
+ (((make-suite "actiontestcase.CommandActionTest"))
+ "")
+ (((make-suite "misctestcase.SetupTest"))
+ "")
+ (((make-suite "filtertestcase.DNSUtilsNetworkTests"))
+ "")
+ (((make-suite "filtertestcase.IgnoreIPDNS"))
+ "")
+ (((make-suite "filtertestcase.GetFailures"))
+ "")
+ (((make-suite "fail2banclienttestcase.Fail2banServerTest"))
+ "")
+ (((make-suite "servertestcase.ServerConfigReaderTests"))
+ ""))))
(add-before 'install 'fix-default-config
(lambda _
(substitute* '("config/paths-common.conf"
--
2.49.0
N
N
Nicolas Graves wrote on 27 Apr 02:08 -0700
[PATCH v2 5/5] gnu: fail2ban: Improve style.
(address . 78066@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20250427090915.11846-6-ngraves@ngraves.fr
* gnu/packages/admin.scm (fail2ban)[arguments]<phases>: Rewrite phase
'disable-some-tests.
---
gnu/packages/admin.scm | 26 +++++++++++---------------
1 file changed, 11 insertions(+), 15 deletions(-)

Toggle diff (41 lines)
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 25bce63aaf..777d0abb47 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -6299,23 +6299,19 @@ (define-public fail2ban
"'usr/share/doc/fail2ban'"))))
(add-after 'unpack 'disable-some-tests
(lambda _
- (define (make-suite str)
- (string-append "tests.addTest\\(loadTests\\(" str "\\)\\)"))
+ (define (make-suite-regex tests)
+ (string-append "tests.addTest\\(loadTests\\(("
+ (string-join tests "|")
+ ")\\)\\)"))
;; disable tests performing unacceptable side-effects
(substitute* "fail2ban/tests/utils.py"
- (((make-suite "actiontestcase.CommandActionTest"))
- "")
- (((make-suite "misctestcase.SetupTest"))
- "")
- (((make-suite "filtertestcase.DNSUtilsNetworkTests"))
- "")
- (((make-suite "filtertestcase.IgnoreIPDNS"))
- "")
- (((make-suite "filtertestcase.GetFailures"))
- "")
- (((make-suite "fail2banclienttestcase.Fail2banServerTest"))
- "")
- (((make-suite "servertestcase.ServerConfigReaderTests"))
+ (((make-suite-regex (list "actiontestcase.CommandActionTest"
+ "misctestcase.SetupTest"
+ "filtertestcase.DNSUtilsNetworkTests"
+ "filtertestcase.IgnoreIPDNS"
+ "filtertestcase.GetFailures"
+ "fail2banclienttestcase.Fail2banServerTest"
+ "servertestcase.ServerConfigReaderTests")))
""))))
(add-before 'install 'fix-default-config
(lambda _
--
2.49.0
A
A
Andreas Enge wrote on 29 Apr 01:00 -0700
Re: [PATCH v2 1/5] gnu: fail2ban: Move file deletion to source snippet.
(name . Nicolas Graves)(address . ngraves@ngraves.fr)
aBCHGCBL2P1elG-1@jurong
Hello Nicolas,

thanks for the update!

Am Sun, Apr 27, 2025 at 11:08:08AM +0200 schrieb Nicolas Graves:
Toggle quote (6 lines)
> * gnu/packages/admin.scm (fail2ban)
> [arguments]<phases>: Move multiple file deletion from here...
> [source]<snippet>: ...to here.
> + ;; deleting things that are not feasible to fix
> + ;; or won't be used any way

What is the motivation for this change? I think we always remove
non-free code and often bundled libraries in a snippet, but changes only
related to the idiosyncrasies of Guix usually occur in the phases. In this
way, "guix build -S" returns essentially the source code of a package.

But this is not written policy, so no hard obstacle to pushing the
commit; I just do not see why a snippet would be better than a phase.

Andreas
R
R
Rodion Goritskov wrote on 29 Apr 14:26 -0700
Re: [bug#78066] [PATCH v2 0/5] Update fail2ban.
(address . 78066@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
86o6wed5gh.fsf@goritskov.com
Hi Nicolas!

Thank you for your patch, it is great to have the updated version of
fail2ban.

I quickly tried to run available tests for fail2ban (it appears that
Guix has some).

I applied your patches and tried running:

Toggle quote (3 lines)
> make check-system TESTS="fail2ban-basic fail2ban-extension
> fail2ban-simple"

To find out that tests are failing:

Toggle quote (9 lines)
> /gnu/store/amc2p1x9gkgn6q6arak7ki4yxzcbs2cc-fail2ban-basic-test-builder:1: FAIL fail2ban running
> /gnu/store/amc2p1x9gkgn6q6arak7ki4yxzcbs2cc-fail2ban-basic-test-builder:1: FAIL fail2ban socket ready
> PASS: fail2ban running after restart
> /gnu/store/amc2p1x9gkgn6q6arak7ki4yxzcbs2cc-fail2ban-basic-test-builder:1: FAIL fail2ban socket ready after restart
> /gnu/store/amc2p1x9gkgn6q6arak7ki4yxzcbs2cc-fail2ban-basic-test-builder:1: FAIL fail2ban pid ready
> /gnu/store/amc2p1x9gkgn6q6arak7ki4yxzcbs2cc-fail2ban-basic-test-builder:1: FAIL fail2ban log file
> /gnu/store/amc2p1x9gkgn6q6arak7ki4yxzcbs2cc-fail2ban-basic-test-builder:1: FAIL fail2ban sshd jail running status output
> /gnu/store/amc2p1x9gkgn6q6arak7ki4yxzcbs2cc-fail2ban-basic-test-builder:1: FAIL fail2ban sshd jail running exit code

I have not investigated this problem yet, will try to do it tomorrow
evening.

Looks like "simple" and "extension" tests were already unstable (as per
ci.guix.gnu.org), but "basic" was passing before the Python upgrade and
the following changes.
N
N
Nicolas Graves wrote on 30 Apr 00:59 -0700
Re: [bug#78066] [PATCH v2 1/5] gnu: fail2ban: Move file deletion to source snippet.
(name . Andreas Enge)(address . andreas@enge.fr)
87v7qm9j0o.fsf@ngraves.fr
On 2025-04-29 10:00, Andreas Enge wrote:

Toggle quote (19 lines)
> Hello Nicolas,
>
> thanks for the update!
>
> Am Sun, Apr 27, 2025 at 11:08:08AM +0200 schrieb Nicolas Graves:
>> * gnu/packages/admin.scm (fail2ban)
>> [arguments]<phases>: Move multiple file deletion from here...
>> [source]<snippet>: ...to here.
>> + ;; deleting things that are not feasible to fix
>> + ;; or won't be used any way
>
> What is the motivation for this change? I think we always remove
> non-free code and often bundled libraries in a snippet, but changes only
> related to the idiosyncrasies of Guix usually occur in the phases. In this
> way, "guix build -S" returns essentially the source code of a package.
>
> But this is not written policy, so no hard obstacle to pushing the
> commit; I just do not see why a snippet would be better than a phase.

My rationale was that those files are not going to be used and are
replaced by a guix alternative file, provided as a patch. Since they
are removed anyway, it's arguably better to remove them from source too,
as not to download them when not needed. It might also be better for
readability of the phases replacement.

But it's not also an issue if we prefer to keep them in phases, I don't
really care.

--
Best regards,
Nicolas Graves
N
N
Nicolas Graves wrote on 30 Apr 01:41 -0700
(name . Andreas Enge)(address . andreas@enge.fr)
87cycu9h3a.fsf@ngraves.fr
On 2025-04-30 09:59, Nicolas Graves wrote:

Toggle quote (30 lines)
> On 2025-04-29 10:00, Andreas Enge wrote:
>
>> Hello Nicolas,
>>
>> thanks for the update!
>>
>> Am Sun, Apr 27, 2025 at 11:08:08AM +0200 schrieb Nicolas Graves:
>>> * gnu/packages/admin.scm (fail2ban)
>>> [arguments]<phases>: Move multiple file deletion from here...
>>> [source]<snippet>: ...to here.
>>> + ;; deleting things that are not feasible to fix
>>> + ;; or won't be used any way
>>
>> What is the motivation for this change? I think we always remove
>> non-free code and often bundled libraries in a snippet, but changes only
>> related to the idiosyncrasies of Guix usually occur in the phases. In this
>> way, "guix build -S" returns essentially the source code of a package.
>>
>> But this is not written policy, so no hard obstacle to pushing the
>> commit; I just do not see why a snippet would be better than a phase.
>
> My rationale was that those files are not going to be used and are
> replaced by a guix alternative file, provided as a patch. Since they
> are removed anyway, it's arguably better to remove them from source too,
> as not to download them when not needed. It might also be better for
> readability of the phases replacement.
>
> But it's not also an issue if we prefer to keep them in phases, I don't
> really care.

Maybe it's better to only remove files for other distros in snippet, and
remove files in action.d in phases, that would make better sense overall
IMO.

I'll change that.

--
Best regards,
Nicolas Graves
N
N
Nicolas Graves wrote on 3 May 06:59 -0700
[PATCH v2 1/6] gnu: fail2ban: Move file deletion to source snippet.
(address . 78066@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20250503140234.9752-2-ngraves@ngraves.fr
* gnu/packages/admin.scm (fail2ban)
[arguments]<phases>: Move multiple file deletion from here...
[source]<snippet>: ...to here.
---
gnu/packages/admin.scm | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)

Toggle diff (37 lines)
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index d7ae926809..bd07a73c99 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -6244,6 +6244,15 @@ (define-public fail2ban
(modules '((guix build utils)))
(snippet
'(begin
+ ;; Replacing those by our own paths-guix.conf
+ (with-directory-excursion "config"
+ (for-each delete-file
+ '("paths-arch.conf"
+ "paths-debian.conf"
+ "paths-fedora.conf"
+ "paths-freebsd.conf"
+ "paths-opensuse.conf"
+ "paths-osx.conf")))
;; Get rid of absolute file names.
(substitute* "setup.py"
(("/etc/fail2ban")
@@ -6307,14 +6316,6 @@ (define-public fail2ban
(lambda* (#:key inputs #:allow-other-keys)
;; deleting things that are not feasible to fix
;; or won't be used any way
- (with-directory-excursion "config"
- (for-each delete-file
- '("paths-arch.conf"
- "paths-debian.conf"
- "paths-fedora.conf"
- "paths-freebsd.conf"
- "paths-opensuse.conf"
- "paths-osx.conf")))
(with-directory-excursion "config/action.d"
(for-each delete-file
'("apf.conf"
--
2.49.0
N
N
Nicolas Graves wrote on 3 May 06:59 -0700
[PATCH v2 2/6] gnu: fail2ban: Move setup and test patches to phases.
(address . 78066@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20250503140234.9752-3-ngraves@ngraves.fr
* gnu/packages/admin.scm (fail2ban)
[source]<snippet>: Move setup and test substitutions...
[arguments]<phases>: ...to phases 'patch-setup.py and
'disable-some-tests.
---
gnu/packages/admin.scm | 71 +++++++++++++++++++++---------------------
1 file changed, 35 insertions(+), 36 deletions(-)

Toggle diff (91 lines)
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index bd07a73c99..ee428c00df 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -6252,42 +6252,7 @@ (define-public fail2ban
"paths-fedora.conf"
"paths-freebsd.conf"
"paths-opensuse.conf"
- "paths-osx.conf")))
- ;; Get rid of absolute file names.
- (substitute* "setup.py"
- (("/etc/fail2ban")
- "etc/fail2ban")
- (("/var/lib/fail2ban")
- "var/lib/fail2ban")
- (("\"/usr/bin/\"")
- "\"usr/bin/\"")
- (("\"/usr/lib/fail2ban/\"")
- "\"usr/lib/fail2ban/\"")
- (("'/usr/share/doc/fail2ban'")
- "'usr/share/doc/fail2ban'"))
- ;; disable tests performing unacceptable side-effects
- (let ((make-suite (lambda (t)
- (string-append
- "tests.addTest.unittest.makeSuite."
- t ".."))))
- (substitute* "fail2ban/tests/utils.py"
- (((make-suite "actiontestcase.CommandActionTest"))
- "")
- (((make-suite "misctestcase.SetupTest"))
- "")
- (((make-suite
- "filtertestcase.DNSUtilsNetworkTests"))
- "")
- (((make-suite "filtertestcase.IgnoreIPDNS"))
- "")
- (((make-suite "filtertestcase.GetFailures"))
- "")
- (((make-suite
- "fail2banclienttestcase.Fail2banServerTest"))
- "")
- (((make-suite
- "servertestcase.ServerConfigReaderTests"))
- "")))))
+ "paths-osx.conf")))))
(patches (search-patches
"fail2ban-0.11.2_fix-setuptools-drop-2to3.patch"
"fail2ban-python310-server-action.patch"
@@ -6302,6 +6267,40 @@ (define-public fail2ban
(add-before 'build 'invoke-2to3
(lambda _
(invoke "./fail2ban-2to3")))
+ (add-after 'unpack 'patch-setup.py
+ (lambda _
+ ;; Get rid of absolute file names.
+ (substitute* "setup.py"
+ (("/etc/fail2ban")
+ "etc/fail2ban")
+ (("/var/lib/fail2ban")
+ "var/lib/fail2ban")
+ (("\"/usr/bin/\"")
+ "\"usr/bin/\"")
+ (("\"/usr/lib/fail2ban/\"")
+ "\"usr/lib/fail2ban/\"")
+ (("'/usr/share/doc/fail2ban'")
+ "'usr/share/doc/fail2ban'"))))
+ (add-after 'unpack 'disable-some-tests
+ (lambda _
+ (define (make-suite str)
+ (string-append "tests.addTest.unittest.makeSuite." str ".."))
+ ;; disable tests performing unacceptable side-effects
+ (substitute* "fail2ban/tests/utils.py"
+ (((make-suite "actiontestcase.CommandActionTest"))
+ "")
+ (((make-suite "misctestcase.SetupTest"))
+ "")
+ (((make-suite "filtertestcase.DNSUtilsNetworkTests"))
+ "")
+ (((make-suite "filtertestcase.IgnoreIPDNS"))
+ "")
+ (((make-suite "filtertestcase.GetFailures"))
+ "")
+ (((make-suite "fail2banclienttestcase.Fail2banServerTest"))
+ "")
+ (((make-suite "servertestcase.ServerConfigReaderTests"))
+ ""))))
(add-before 'install 'fix-default-config
(lambda* (#:key outputs #:allow-other-keys)
(substitute* '("config/paths-common.conf"
--
2.49.0
N
N
Nicolas Graves wrote on 3 May 06:59 -0700
[PATCH v2 0/6] Fix fail2ban build.
(address . 78066@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20250503140234.9752-1-ngraves@ngraves.fr
Haven't fixed tests yet, but this new version should a bit easier to review.

I don't know if/how it's possible to get shepherd's side details while testing, so I'll probably end up trying the service myself to see what's wrong before trying to dig in tests.

Nicolas Graves (6):
gnu: fail2ban: Move file deletion to source snippet.
gnu: fail2ban: Move setup and test patches to phases.
gnu: fail2ban: Update to 1.1.0.
gnu: fail2ban: Improve style.
gnu: fail2ban: Improve style.
gnu: fail2ban: Improve snippet.

gnu/local.mk | 6 -
gnu/packages/admin.scm | 327 ++++++++----------
.../fail2ban-0.11.2_CVE-2021-32749.patch | 155 ---------
...2ban-0.11.2_fix-setuptools-drop-2to3.patch | 64 ----
.../fail2ban-0.11.2_fix-test-suite.patch | 48 ---
.../fail2ban-python310-server-action.patch | 27 --
.../fail2ban-python310-server-actions.patch | 25 --
.../fail2ban-python310-server-jails.patch | 25 --
8 files changed, 149 insertions(+), 528 deletions(-)
delete mode 100644 gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch
delete mode 100644 gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch
delete mode 100644 gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch
delete mode 100644 gnu/packages/patches/fail2ban-python310-server-action.patch
delete mode 100644 gnu/packages/patches/fail2ban-python310-server-actions.patch
delete mode 100644 gnu/packages/patches/fail2ban-python310-server-jails.patch

--
2.49.0
N
N
Nicolas Graves wrote on 3 May 06:59 -0700
[PATCH v2 3/6] gnu: fail2ban: Update to 1.1.0.
(address . 78066@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20250503140234.9752-4-ngraves@ngraves.fr
* gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch,
gnu/packages/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch,
gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch,
gnu/packages/patches/fail2ban-python310-server-action.patch,
gnu/packages/fail2ban-python310-server-actions.patch: Delete patches.

* gnu/local.mk: Deregister patches.

* gnu/packages/admin.scm (fail2ban): Update to 1.1.0.
[source]<snippet>: Use (srfi srfi-26) for readability.
<patches>: Deregister patches.
[build-system]: Switch to pyproject-build-system.
[arguments]<phases>: Remove phase 'invoke-2to3. Add phase
'avoid-external-binary-in-/bin to avoid creating a symlink to
python-wrapper binary during installation (current 'install phase
breaks otherwise).
[native-inputs]: Add python-setuptools, python-wheel.
---
gnu/local.mk | 6 -
gnu/packages/admin.scm | 26 ++-
.../fail2ban-0.11.2_CVE-2021-32749.patch | 155 ------------------
...2ban-0.11.2_fix-setuptools-drop-2to3.patch | 64 --------
.../fail2ban-0.11.2_fix-test-suite.patch | 48 ------
.../fail2ban-python310-server-action.patch | 27 ---
.../fail2ban-python310-server-actions.patch | 25 ---
.../fail2ban-python310-server-jails.patch | 25 ---
8 files changed, 12 insertions(+), 364 deletions(-)
delete mode 100644 gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch
delete mode 100644 gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch
delete mode 100644 gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch
delete mode 100644 gnu/packages/patches/fail2ban-python310-server-action.patch
delete mode 100644 gnu/packages/patches/fail2ban-python310-server-actions.patch
delete mode 100644 gnu/packages/patches/fail2ban-python310-server-jails.patch

Toggle diff (271 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index 3f5e4cec38..be2639eeb4 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1259,13 +1259,7 @@ dist_patch_DATA = \
%D%/packages/patches/expat-CVE-2024-45492.patch \
%D%/packages/patches/extempore-unbundle-external-dependencies.patch \
%D%/packages/patches/extundelete-e2fsprogs-1.44.patch \
- %D%/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch \
- %D%/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch \
- %D%/packages/patches/fail2ban-0.11.2_fix-test-suite.patch \
%D%/packages/patches/fail2ban-paths-guix-conf.patch \
- %D%/packages/patches/fail2ban-python310-server-action.patch \
- %D%/packages/patches/fail2ban-python310-server-actions.patch \
- %D%/packages/patches/fail2ban-python310-server-jails.patch \
%D%/packages/patches/faiss-tests-CMakeLists-find-googletest.patch \
%D%/packages/patches/falcosecurity-libs-shared-build.patch \
%D%/packages/patches/farstream-gupnp.patch \
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index ee428c00df..342d11e49e 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -6231,7 +6231,7 @@ (define-public sysdig
(define-public fail2ban
(package
(name "fail2ban")
- (version "0.11.2")
+ (version "1.1.0")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -6240,7 +6240,7 @@ (define-public fail2ban
(file-name (git-file-name name version))
(sha256
(base32
- "00d9q8m284q2wy6q462nipzszplfbvrs9fhgn0y3imwsc24kv1db"))
+ "0lfakna6ad2xwz95sjxzkavipcsxiy7ybavkdkf9zzmspf2ws4yk"))
(modules '((guix build utils)))
(snippet
'(begin
@@ -6253,20 +6253,16 @@ (define-public fail2ban
"paths-freebsd.conf"
"paths-opensuse.conf"
"paths-osx.conf")))))
- (patches (search-patches
- "fail2ban-0.11.2_fix-setuptools-drop-2to3.patch"
- "fail2ban-python310-server-action.patch"
- "fail2ban-python310-server-actions.patch"
- "fail2ban-python310-server-jails.patch"
- "fail2ban-0.11.2_fix-test-suite.patch"
- "fail2ban-0.11.2_CVE-2021-32749.patch"
- "fail2ban-paths-guix-conf.patch"))))
- (build-system python-build-system)
+ (patches (search-patches "fail2ban-paths-guix-conf.patch"))))
+ (build-system pyproject-build-system)
(arguments
'(#:phases (modify-phases %standard-phases
- (add-before 'build 'invoke-2to3
+ (add-after 'unpack 'avoid-external-binary-in-/bin
(lambda _
- (invoke "./fail2ban-2to3")))
+ (delete-file "fail2ban/setup.py")
+ (substitute* '("bin/fail2ban-testcases"
+ "setup.py")
+ ((".*updatePyExec.*") ""))))
(add-after 'unpack 'patch-setup.py
(lambda _
;; Get rid of absolute file names.
@@ -6284,7 +6280,7 @@ (define-public fail2ban
(add-after 'unpack 'disable-some-tests
(lambda _
(define (make-suite str)
- (string-append "tests.addTest.unittest.makeSuite." str ".."))
+ (string-append "tests.addTest\\(loadTests\\(" str "\\)\\)"))
;; disable tests performing unacceptable side-effects
(substitute* "fail2ban/tests/utils.py"
(((make-suite "actiontestcase.CommandActionTest"))
@@ -6410,6 +6406,8 @@ (define (make-suite str)
"fail2ban-testcases"))
(for-each install-man5
'("jail.conf")))))))))
+ (native-inputs
+ (list python-setuptools python-wheel))
(inputs (list gawk
coreutils-minimal
curl
diff --git a/gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch b/gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch
deleted file mode 100644
index d3c677918c..0000000000
--- a/gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch
+++ /dev/null
@@ -1,155 +0,0 @@
-From 410a6ce5c80dd981c22752da034f2529b5eee844 Mon Sep 17 00:00:00 2001
-From: sebres <serg.brester@sebres.de>
-Date: Mon, 21 Jun 2021 17:12:53 +0200
-Subject: [PATCH] fixed possible RCE vulnerability, unset escape variable
- (default tilde) stops consider "~" char after new-line as composing escape
- sequence
-
----
- config/action.d/complain.conf | 2 +-
- config/action.d/dshield.conf | 2 +-
- config/action.d/mail-buffered.conf | 8 ++++----
- config/action.d/mail-whois-lines.conf | 2 +-
- config/action.d/mail-whois.conf | 6 +++---
- config/action.d/mail.conf | 6 +++---
- 6 files changed, 13 insertions(+), 13 deletions(-)
-
-diff --git a/config/action.d/complain.conf b/config/action.d/complain.conf
-index 3a5f882c9f..4d73b05859 100644
---- a/config/action.d/complain.conf
-+++ b/config/action.d/complain.conf
-@@ -102,7 +102,7 @@ logpath = /dev/null
- # Notes.: Your system mail command. Is passed 2 args: subject and recipient
- # Values: CMD
- #
--mailcmd = mail -s
-+mailcmd = mail -E 'set escape' -s
-
- # Option: mailargs
- # Notes.: Additional arguments to mail command. e.g. for standard Unix mail:
-diff --git a/config/action.d/dshield.conf b/config/action.d/dshield.conf
-index c128bef348..3d5a7a53a9 100644
---- a/config/action.d/dshield.conf
-+++ b/config/action.d/dshield.conf
-@@ -179,7 +179,7 @@ tcpflags =
- # Notes.: Your system mail command. Is passed 2 args: subject and recipient
- # Values: CMD
- #
--mailcmd = mail -s
-+mailcmd = mail -E 'set escape' -s
-
- # Option: mailargs
- # Notes.: Additional arguments to mail command. e.g. for standard Unix mail:
-diff --git a/config/action.d/mail-buffered.conf b/config/action.d/mail-buffered.conf
-index 325f185b2f..79b841049c 100644
---- a/config/action.d/mail-buffered.conf
-+++ b/config/action.d/mail-buffered.conf
-@@ -17,7 +17,7 @@ actionstart = printf %%b "Hi,\n
- The jail <name> has been started successfully.\n
- Output will be buffered until <lines> lines are available.\n
- Regards,\n
-- Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
-+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
-
- # Option: actionstop
- # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
-@@ -28,13 +28,13 @@ actionstop = if [ -f <tmpfile> ]; then
- These hosts have been banned by Fail2Ban.\n
- `cat <tmpfile>`
- Regards,\n
-- Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary from <fq-hostname>" <dest>
-+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: Summary from <fq-hostname>" <dest>
- rm <tmpfile>
- fi
- printf %%b "Hi,\n
- The jail <name> has been stopped.\n
- Regards,\n
-- Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
-+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
-
- # Option: actioncheck
- # Notes.: command executed once before each actionban command
-@@ -55,7 +55,7 @@ actionban = printf %%b "`date`: <ip> (<failures> failures)\n" >> <tmpfile>
- These hosts have been banned by Fail2Ban.\n
- `cat <tmpfile>`
- \nRegards,\n
-- Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary" <dest>
-+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: Summary" <dest>
- rm <tmpfile>
- fi
-
-diff --git a/config/action.d/mail-whois-lines.conf b/config/action.d/mail-whois-lines.conf
-index 3a3e56b2c7..d2818cb9b9 100644
---- a/config/action.d/mail-whois-lines.conf
-+++ b/config/action.d/mail-whois-lines.conf
-@@ -72,7 +72,7 @@ actionunban =
- # Notes.: Your system mail command. Is passed 2 args: subject and recipient
- # Values: CMD
- #
--mailcmd = mail -s
-+mailcmd = mail -E 'set escape' -s
-
- # Default name of the chain
- #
-diff --git a/config/action.d/mail-whois.conf b/config/action.d/mail-whois.conf
-index 7fea34c40d..ab33b616dc 100644
---- a/config/action.d/mail-whois.conf
-+++ b/config/action.d/mail-whois.conf
-@@ -20,7 +20,7 @@ norestored = 1
- actionstart = printf %%b "Hi,\n
- The jail <name> has been started successfully.\n
- Regards,\n
-- Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
-+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
-
- # Option: actionstop
- # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
-@@ -29,7 +29,7 @@ actionstart = printf %%b "Hi,\n
- actionstop = printf %%b "Hi,\n
- The jail <name> has been stopped.\n
- Regards,\n
-- Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
-+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
-
- # Option: actioncheck
- # Notes.: command executed once before each actionban command
-@@ -49,7 +49,7 @@ actionban = printf %%b "Hi,\n
- Here is more information about <ip> :\n
- `%(_whois_command)s`\n
- Regards,\n
-- Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
-+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
-
- # Option: actionunban
- # Notes.: command executed when unbanning an IP. Take care that the
-diff --git a/config/action.d/mail.conf b/config/action.d/mail.conf
-index 5d8c0e154c..f4838ddcb6 100644
---- a/config/action.d/mail.conf
-+++ b/config/action.d/mail.conf
-@@ -16,7 +16,7 @@ norestored = 1
- actionstart = printf %%b "Hi,\n
- The jail <name> has been started successfully.\n
- Regards,\n
-- Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
-+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
-
- # Option: actionstop
- # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
-@@ -25,7 +25,7 @@ actionstart = printf %%b "Hi,\n
- actionstop = printf %%b "Hi,\n
- The jail <name> has been stopped.\n
- Regards,\n
-- Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
-+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
-
- # Option: actioncheck
- # Notes.: command executed once before each actionban command
-@@ -43,7 +43,7 @@ actionban = printf %%b "Hi,\n
- The IP <ip> has just been banned by Fail2Ban after
- <failures> attempts against <name>.\n
- Regards,\n
-- Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
-+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
-
- # Option: actionunban
- # Notes.: command executed when unbanning an IP. Take care that the
diff --git a/gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch b/gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch
deleted file mode 100644
index b0b14364b1..0000000000
--- a/gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From 5ac303df8a171f748330d4c645ccbf1c2c7f3497 Mon Sep 17 00:00:00 2001
-From: sebres <info@sebres.de>
-Date: Sun, 19 Sep 2021 18:49:18 +0200
-Subject: [PATCH] fix gh-3098: build fails with error in fail2ban setup
- command: use_2to3 is invalid (setuptools 58+)
-
----
- setup.py | 16 +---------------
- 1 file changed, 1 insertion(+), 15 deletions(-)
-
-diff --git a/setup.py b/setup.py
-index f4c2550f6f..98413273c5 100755
---- a/setup.py
-+++ b/setup.py
-@@ -48,7 +48,7 @@
- from glob import glob
-
- from fail2ban.setup import updatePyExec
--
-+from fail2ban.version import version
-
- source_dir = os.path.realpath(os.path.dirname(
- # __file__ seems to be overwritten sometimes on some python versions (e.g. bug of 2.6 by running under cProfile, etc.):
-@@ -112,22 +112,12 @@ def update_scripts(self, dry_run=False):
- # Wrapper to specify fail2ban own options:
- class install_command_f2b(install):
- user_options = install.user_options + [
-- ('disable-2to3', None, 'Specify to deactivate 2to3, e.g. if the install runs from fail2ban test-cases.'),
- ('without-tests', None, 'without tests files installation'),
- ]
- def initialize_options(self):
-- self.disable_2to3 = None
- self.without_tests = not with_tests
- install.initialize_options(self)
- def finalize_options(self):
-- global _2to3
-- ## in the test cases 2to3 should be already done (fail2ban-2to3):
-- if self.disable_2to3:
-- _2to3 = False
-- if _2to3:
-- cmdclass = self.distribution.cmdclass
-- cmdclass['build_py'] = build_py_2to3
-- cmdclass['build_scripts'] = build_scripts_2to3
- if self.without_tests:
- self.distribution.scripts.remove('bin/fail2ban-testcases')
-
-@@ -178,7 +168,6 @@ def run(self):
- if setuptools:
- setup_extra = {
- 'test_suite': "fail2ban.tests.utils.gatherTests",
-- 'use_2to3': True,
- }
- else:
- setup_extra = {}
-@@ -202,9 +191,6 @@ def run(self):
- ('/usr/share/doc/fail2ban', doc_files)
- )
-
--# Get version number, avoiding importing fail2ban.
--# This is due to tests not functioning for python3 as 2to3 takes place later
--exec(open(join("fail2ban", "version.py")).read())
-
- setup(
- name = "fail2ban",
Toggle diff (104 lines)
diff --git a/gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch b/gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch
deleted file mode 100644
index 91d973e72e..0000000000
--- a/gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 747d4683221b5584f9663695fb48145689b42ceb Mon Sep 17 00:00:00 2001
-From: sebres <info@sebres.de>
-Date: Mon, 4 Jan 2021 02:42:38 +0100
-Subject: [PATCH] fixes century selector of %ExY and %Exy in datepattern for
- tests, considering interval from 2005 (alternate now) to now; + better
- grouping algorithm for resulting century RE
-
----
- fail2ban/server/strptime.py | 24 ++++++++++++++++++++++--
- 1 file changed, 22 insertions(+), 2 deletions(-)
-
-diff --git a/fail2ban/server/strptime.py b/fail2ban/server/strptime.py
-index 1464a96d1f..39fc795865 100644
---- a/fail2ban/server/strptime.py
-+++ b/fail2ban/server/strptime.py
-@@ -36,10 +36,30 @@ def _getYearCentRE(cent=(0,3), distance=3, now=(MyTime.now(), MyTime.alternateNo
- Thereby respect possible run in the test-cases (alternate date used there)
- """
- cent = lambda year, f=cent[0], t=cent[1]: str(year)[f:t]
-+ def grp(exprset):
-+ c = None
-+ if len(exprset) > 1:
-+ for i in exprset:
-+ if c is None or i[0:-1] == c:
-+ c = i[0:-1]
-+ else:
-+ c = None
-+ break
-+ if not c:
-+ for i in exprset:
-+ if c is None or i[0] == c:
-+ c = i[0]
-+ else:
-+ c = None
-+ break
-+ if c:
-+ return "%s%s" % (c, grp([i[len(c):] for i in exprset]))
-+ return ("(?:%s)" % "|".join(exprset) if len(exprset[0]) > 1 else "[%s]" % "".join(exprset)) \
-+ if len(exprset) > 1 else "".join(exprset)
- exprset = set( cent(now[0].year + i) for i in (-1, distance) )
- if len(now) and now[1]:
-- exprset |= set( cent(now[1].year + i) for i in (-1, distance) )
-- return "(?:%s)" % "|".join(exprset) if len(exprset) > 1 else "".join(exprset)
-+ exprset |= set( cent(now[1].year + i) for i in xrange(-1, now[0].year-now[1].year+1, distance) )
-+ return grp(sorted(list(exprset)))
-
- timeRE = TimeRE()
-
diff --git a/gnu/packages/patches/fail2ban-python310-server-action.patch b/gnu/packages/patches/fail2ban-python310-server-action.patch
deleted file mode 100644
index 723d7f7aa6..0000000000
--- a/gnu/packages/patches/fail2ban-python310-server-action.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 2b6bb2c1bed8f7009631e8f8c306fa3160324a49 Mon Sep 17 00:00:00 2001
-From: "Sergey G. Brester" <serg.brester@sebres.de>
-Date: Mon, 8 Feb 2021 17:19:24 +0100
-Subject: [PATCH] follow bpo-37324: :ref:`collections-abstract-base-classes`
- moved to the :mod:`collections.abc` module
-
-(since 3.10-alpha.5 `MutableMapping` is missing in collections module)
----
- fail2ban/server/action.py | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/fail2ban/server/action.py b/fail2ban/server/action.py
-index 3bc48fe046..f0f1e6f59a 100644
---- a/fail2ban/server/action.py
-+++ b/fail2ban/server/action.py
-@@ -30,7 +30,10 @@
- import threading
- import time
- from abc import ABCMeta
--from collections import MutableMapping
-+try:
-+ from collections.abc import MutableMapping
-+except ImportError:
-+ from collections import MutableMapping
-
- from .failregex import mapTag2Opt
- from .ipdns import DNSUtils
diff --git a/gnu/packages/patches/fail2ban-python310-server-actions.patch b/gnu/packages/patches/fail2ban-python310-server-actions.patch
deleted file mode 100644
index e31316d28b..0000000000
--- a/gnu/packages/patches/fail2ban-python310-server-actions.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 42dee38ad2ac5c3f23bdf297d824022923270dd9 Mon Sep 17 00:00:00 2001
-From: "Sergey G. Brester" <serg.brester@sebres.de>
-Date: Mon, 8 Feb 2021 17:25:45 +0100
-Subject: [PATCH] amend for `Mapping`
-
----
- fail2ban/server/actions.py | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/fail2ban/server/actions.py b/fail2ban/server/actions.py
-index b7b9
This message was truncated. Download the full message here.
N
N
Nicolas Graves wrote on 3 May 07:00 -0700
[PATCH v2 4/6] gnu: fail2ban: Improve style.
(address . 78066@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20250503140234.9752-5-ngraves@ngraves.fr
* gnu/packages/admin.scm (fail2ban): Use gexps and run guix style.
---
gnu/packages/admin.scm | 338 ++++++++++++++++++++---------------------
1 file changed, 164 insertions(+), 174 deletions(-)

Toggle diff (353 lines)
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 342d11e49e..1f99059e4f 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -6232,182 +6232,172 @@ (define-public fail2ban
(package
(name "fail2ban")
(version "1.1.0")
- (source (origin
- (method git-fetch)
- (uri (git-reference
- (url "https://github.com/fail2ban/fail2ban")
- (commit version)))
- (file-name (git-file-name name version))
- (sha256
- (base32
- "0lfakna6ad2xwz95sjxzkavipcsxiy7ybavkdkf9zzmspf2ws4yk"))
- (modules '((guix build utils)))
- (snippet
- '(begin
- ;; Replacing those by our own paths-guix.conf
- (with-directory-excursion "config"
- (for-each delete-file
- '("paths-arch.conf"
- "paths-debian.conf"
- "paths-fedora.conf"
- "paths-freebsd.conf"
- "paths-opensuse.conf"
- "paths-osx.conf")))))
- (patches (search-patches "fail2ban-paths-guix-conf.patch"))))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/fail2ban/fail2ban")
+ (commit version)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "0lfakna6ad2xwz95sjxzkavipcsxiy7ybavkdkf9zzmspf2ws4yk"))
+ (modules '((guix build utils)))
+ (snippet #~(begin
+ ;; Replacing those by our own paths-guix.conf
+ (with-directory-excursion "config"
+ (for-each delete-file
+ '("paths-arch.conf" "paths-debian.conf"
+ "paths-fedora.conf" "paths-freebsd.conf"
+ "paths-opensuse.conf" "paths-osx.conf")))))
+ (patches (search-patches "fail2ban-paths-guix-conf.patch"))))
(build-system pyproject-build-system)
(arguments
- '(#:phases (modify-phases %standard-phases
- (add-after 'unpack 'avoid-external-binary-in-/bin
- (lambda _
- (delete-file "fail2ban/setup.py")
- (substitute* '("bin/fail2ban-testcases"
- "setup.py")
- ((".*updatePyExec.*") ""))))
- (add-after 'unpack 'patch-setup.py
- (lambda _
- ;; Get rid of absolute file names.
- (substitute* "setup.py"
- (("/etc/fail2ban")
- "etc/fail2ban")
- (("/var/lib/fail2ban")
- "var/lib/fail2ban")
- (("\"/usr/bin/\"")
- "\"usr/bin/\"")
- (("\"/usr/lib/fail2ban/\"")
- "\"usr/lib/fail2ban/\"")
- (("'/usr/share/doc/fail2ban'")
- "'usr/share/doc/fail2ban'"))))
- (add-after 'unpack 'disable-some-tests
- (lambda _
- (define (make-suite str)
- (string-append "tests.addTest\\(loadTests\\(" str "\\)\\)"))
- ;; disable tests performing unacceptable side-effects
- (substitute* "fail2ban/tests/utils.py"
- (((make-suite "actiontestcase.CommandActionTest"))
- "")
- (((make-suite "misctestcase.SetupTest"))
- "")
- (((make-suite "filtertestcase.DNSUtilsNetworkTests"))
- "")
- (((make-suite "filtertestcase.IgnoreIPDNS"))
- "")
- (((make-suite "filtertestcase.GetFailures"))
- "")
- (((make-suite "fail2banclienttestcase.Fail2banServerTest"))
- "")
- (((make-suite "servertestcase.ServerConfigReaderTests"))
- ""))))
- (add-before 'install 'fix-default-config
- (lambda* (#:key outputs #:allow-other-keys)
- (substitute* '("config/paths-common.conf"
- "fail2ban/tests/utils.py"
- "fail2ban/client/configreader.py"
- "fail2ban/client/fail2bancmdline.py"
- "fail2ban/client/fail2banregex.py")
- (("/etc/fail2ban")
- (string-append (assoc-ref outputs "out")
- "/etc/fail2ban")))))
- (add-after 'fix-default-config 'set-action-dependencies
- (lambda* (#:key inputs #:allow-other-keys)
- ;; deleting things that are not feasible to fix
- ;; or won't be used any way
- (with-directory-excursion "config/action.d"
- (for-each delete-file
- '("apf.conf"
- "bsd-ipfw.conf"
- "dshield.conf"
- "ipfilter.conf"
- "ipfw.conf"
- "firewallcmd-allports.conf"
- "firewallcmd-common.conf"
- "firewallcmd-ipset.conf"
- "firewallcmd-multiport.conf"
- "firewallcmd-new.conf"
- "firewallcmd-rich-logging.conf"
- "firewallcmd-rich-rules.conf"
- "osx-afctl.conf"
- "osx-ipfw.conf"
- "pf.conf"
- "nginx-block-map.conf"
- "npf.conf"
- "shorewall.conf"
- "shorewall-ipset-proto6.conf"
- "ufw.conf")))
- (let* ((lookup-cmd (lambda (i)
- (search-input-file inputs i)))
- (bin (lambda (i)
- (lookup-cmd (string-append "/bin/" i))))
- (sbin (lambda (i)
- (lookup-cmd (string-append "/sbin/" i))))
- (ip (sbin "ip"))
- (sendmail (sbin "sendmail")))
- (substitute* (find-files "config/action.d" "\\.conf$")
- ;; TODO: deal with geoiplookup ..
- (("(awk|curl|dig|jq)" all cmd)
- (bin cmd))
- (("(cat|echo|grep|head|printf|wc) " all
- cmd)
- (string-append (bin cmd) " "))
- ((" (date|rm|sed|tail|touch|tr) " all
- cmd)
- (string-append " "
- (bin cmd) " "))
- (("cut -d")
- (string-append (bin "cut") " -d"))
- (("`date`")
- (string-append "`"
- (bin "date") "`"))
- (("id -")
- (string-append (bin "id") " -"))
- (("ip -([46]) addr" all ver)
- (string-append ip " -" ver " addr"))
- (("ip route")
- (string-append ip " route"))
- (("ipset ")
- (string-append (sbin "ipset") " "))
- (("(iptables|ip6tables) <" all cmd)
- (string-append (sbin cmd) " <"))
- (("/usr/bin/nsupdate")
- (bin "nsupdate"))
- (("mail -E")
- (string-append sendmail " -E"))
- (("nftables = nft")
- (string-append "nftables = " (sbin "nft")))
- (("perl -e")
- (string-append (bin "perl") " -e"))
- (("/usr/sbin/sendmail")
- sendmail)
- (("test -e")
- (string-append (bin "test") " -e"))
- (("_whois = whois")
- (string-append "_whois = " (bin "whois")))))
- (substitute* "config/jail.conf"
- (("before = paths-debian.conf")
- "before = paths-guix.conf"))))
- (add-after 'install 'copy-man-pages
- (lambda* (#:key outputs #:allow-other-keys)
- (let* ((man (string-append (assoc-ref outputs "out")
- "/man"))
- (install-man (lambda (m)
- (lambda (f)
- (install-file (string-append f
- "." m)
- (string-append man
- "/man" m)))))
- (install-man1 (install-man "1"))
- (install-man5 (install-man "5")))
- (with-directory-excursion "man"
- (for-each install-man1
- '("fail2ban"
- "fail2ban-client"
- "fail2ban-python"
- "fail2ban-regex"
- "fail2ban-server"
- "fail2ban-testcases"))
- (for-each install-man5
- '("jail.conf")))))))))
- (native-inputs
- (list python-setuptools python-wheel))
+ (list
+ #:phases
+ #~(modify-phases %standard-phases
+ (add-after 'unpack 'avoid-external-binary-in-/bin
+ (lambda _
+ (delete-file "fail2ban/setup.py")
+ (substitute* '("bin/fail2ban-testcases" "setup.py")
+ ((".*updatePyExec.*")
+ ""))))
+ (add-after 'unpack 'patch-setup.py
+ (lambda _
+ ;; Get rid of absolute file names.
+ (substitute* "setup.py"
+ (("/etc/fail2ban")
+ "etc/fail2ban")
+ (("/var/lib/fail2ban")
+ "var/lib/fail2ban")
+ (("\"/usr/bin/\"")
+ "\"usr/bin/\"")
+ (("\"/usr/lib/fail2ban/\"")
+ "\"usr/lib/fail2ban/\"")
+ (("'/usr/share/doc/fail2ban'")
+ "'usr/share/doc/fail2ban'"))))
+ (add-after 'unpack 'disable-some-tests
+ (lambda _
+ (define (make-suite str)
+ (string-append "tests.addTest\\(loadTests\\(" str "\\)\\)"))
+ ;; disable tests performing unacceptable side-effects
+ (substitute* "fail2ban/tests/utils.py"
+ (((make-suite "actiontestcase.CommandActionTest"))
+ "")
+ (((make-suite "misctestcase.SetupTest"))
+ "")
+ (((make-suite "filtertestcase.DNSUtilsNetworkTests"))
+ "")
+ (((make-suite "filtertestcase.IgnoreIPDNS"))
+ "")
+ (((make-suite "filtertestcase.GetFailures"))
+ "")
+ (((make-suite "fail2banclienttestcase.Fail2banServerTest"))
+ "")
+ (((make-suite "servertestcase.ServerConfigReaderTests"))
+ ""))))
+ (add-before 'install 'fix-default-config
+ (lambda* (#:key outputs #:allow-other-keys)
+ (substitute* '("config/paths-common.conf"
+ "fail2ban/tests/utils.py"
+ "fail2ban/client/configreader.py"
+ "fail2ban/client/fail2bancmdline.py"
+ "fail2ban/client/fail2banregex.py")
+ (("/etc/fail2ban")
+ (string-append (assoc-ref outputs "out") "/etc/fail2ban")))))
+ (add-after 'fix-default-config 'set-action-dependencies
+ (lambda* (#:key inputs #:allow-other-keys)
+ ;; deleting things that are not feasible to fix
+ ;; or won't be used any way
+ (with-directory-excursion "config/action.d"
+ (for-each delete-file
+ '("apf.conf" "bsd-ipfw.conf"
+ "dshield.conf"
+ "ipfilter.conf"
+ "ipfw.conf"
+ "firewallcmd-allports.conf"
+ "firewallcmd-common.conf"
+ "firewallcmd-ipset.conf"
+ "firewallcmd-multiport.conf"
+ "firewallcmd-new.conf"
+ "firewallcmd-rich-logging.conf"
+ "firewallcmd-rich-rules.conf"
+ "osx-afctl.conf"
+ "osx-ipfw.conf"
+ "pf.conf"
+ "nginx-block-map.conf"
+ "npf.conf"
+ "shorewall.conf"
+ "shorewall-ipset-proto6.conf"
+ "ufw.conf")))
+ (let* ((lookup-cmd (lambda (i)
+ (search-input-file inputs i)))
+ (bin (lambda (i)
+ (lookup-cmd (string-append "/bin/" i))))
+ (sbin (lambda (i)
+ (lookup-cmd (string-append "/sbin/" i))))
+ (ip (sbin "ip"))
+ (sendmail (sbin "sendmail")))
+ (substitute* (find-files "config/action.d" "\\.conf$")
+ ;; TODO: deal with geoiplookup ..
+ (("(awk|curl|dig|jq)" all cmd)
+ (bin cmd))
+ (("(cat|echo|grep|head|printf|wc) " all cmd)
+ (string-append (bin cmd) " "))
+ ((" (date|rm|sed|tail|touch|tr) " all cmd)
+ (string-append " "
+ (bin cmd) " "))
+ (("cut -d")
+ (string-append (bin "cut") " -d"))
+ (("`date`")
+ (string-append "`"
+ (bin "date") "`"))
+ (("id -")
+ (string-append (bin "id") " -"))
+ (("ip -([46]) addr" all ver)
+ (string-append ip " -" ver " addr"))
+ (("ip route")
+ (string-append ip " route"))
+ (("ipset ")
+ (string-append (sbin "ipset") " "))
+ (("(iptables|ip6tables) <" all cmd)
+ (string-append (sbin cmd) " <"))
+ (("/usr/bin/nsupdate")
+ (bin "nsupdate"))
+ (("mail -E")
+ (string-append sendmail " -E"))
+ (("nftables = nft")
+ (string-append "nftables = "
+ (sbin "nft")))
+ (("perl -e")
+ (string-append (bin "perl") " -e"))
+ (("/usr/sbin/sendmail")
+ sendmail)
+ (("test -e")
+ (string-append (bin "test") " -e"))
+ (("_whois = whois")
+ (string-append "_whois = "
+ (bin "whois")))))
+ (substitute* "config/jail.conf"
+ (("before = paths-debian.conf")
+ "before = paths-guix.conf"))))
+ (add-after 'install 'copy-man-pages
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((man (string-append (assoc-ref outputs "out") "/man"))
+ (install-man (lambda (m)
+ (lambda (f)
+ (install-file (string-append f "." m)
+ (string-append man "/man"
+ m)))))
+ (install-man1 (install-man "1"))
+ (install-man5 (install-man "5")))
+ (with-directory-excursion "man"
+ (for-each install-man1
+ '("fail2ban" "fail2ban-client" "fail2ban-python"
+ "fail2ban-regex" "fail2ban-server"
+ "fail2ban-testcases"))
+ (for-each install-man5
+ '("jail.conf")))))))))
+ (native-inputs (list python-setuptools python-wheel))
(inputs (list gawk
coreutils-minimal
curl
--
2.49.0
N
N
Nicolas Graves wrote on 3 May 07:00 -0700
[PATCH v2 5/6] gnu: fail2ban: Improve style.
(address . 78066@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20250503140234.9752-6-ngraves@ngraves.fr
* gnu/packages/admin.scm (fail2ban):
[arguments]<phases>: Rewrite phases 'set-action-dependencies and
copy-man-pages for readability.
---
gnu/packages/admin.scm | 121 ++++++++++++++++++-----------------------
1 file changed, 54 insertions(+), 67 deletions(-)

Toggle diff (157 lines)
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 1f99059e4f..b808a3b6c5 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -6296,21 +6296,22 @@ (define (make-suite str)
(((make-suite "servertestcase.ServerConfigReaderTests"))
""))))
(add-before 'install 'fix-default-config
- (lambda* (#:key outputs #:allow-other-keys)
+ (lambda _
(substitute* '("config/paths-common.conf"
"fail2ban/tests/utils.py"
"fail2ban/client/configreader.py"
"fail2ban/client/fail2bancmdline.py"
"fail2ban/client/fail2banregex.py")
(("/etc/fail2ban")
- (string-append (assoc-ref outputs "out") "/etc/fail2ban")))))
+ (string-append #$output "/etc/fail2ban")))))
(add-after 'fix-default-config 'set-action-dependencies
(lambda* (#:key inputs #:allow-other-keys)
;; deleting things that are not feasible to fix
;; or won't be used any way
(with-directory-excursion "config/action.d"
(for-each delete-file
- '("apf.conf" "bsd-ipfw.conf"
+ '("apf.conf"
+ "bsd-ipfw.conf"
"dshield.conf"
"ipfilter.conf"
"ipfw.conf"
@@ -6329,74 +6330,60 @@ (define (make-suite str)
"shorewall.conf"
"shorewall-ipset-proto6.conf"
"ufw.conf")))
- (let* ((lookup-cmd (lambda (i)
- (search-input-file inputs i)))
- (bin (lambda (i)
- (lookup-cmd (string-append "/bin/" i))))
- (sbin (lambda (i)
- (lookup-cmd (string-append "/sbin/" i))))
- (ip (sbin "ip"))
- (sendmail (sbin "sendmail")))
- (substitute* (find-files "config/action.d" "\\.conf$")
- ;; TODO: deal with geoiplookup ..
- (("(awk|curl|dig|jq)" all cmd)
- (bin cmd))
- (("(cat|echo|grep|head|printf|wc) " all cmd)
- (string-append (bin cmd) " "))
- ((" (date|rm|sed|tail|touch|tr) " all cmd)
- (string-append " "
- (bin cmd) " "))
- (("cut -d")
- (string-append (bin "cut") " -d"))
- (("`date`")
- (string-append "`"
- (bin "date") "`"))
- (("id -")
- (string-append (bin "id") " -"))
- (("ip -([46]) addr" all ver)
- (string-append ip " -" ver " addr"))
- (("ip route")
- (string-append ip " route"))
- (("ipset ")
- (string-append (sbin "ipset") " "))
- (("(iptables|ip6tables) <" all cmd)
- (string-append (sbin cmd) " <"))
- (("/usr/bin/nsupdate")
- (bin "nsupdate"))
- (("mail -E")
- (string-append sendmail " -E"))
- (("nftables = nft")
- (string-append "nftables = "
- (sbin "nft")))
- (("perl -e")
- (string-append (bin "perl") " -e"))
- (("/usr/sbin/sendmail")
- sendmail)
- (("test -e")
- (string-append (bin "test") " -e"))
- (("_whois = whois")
- (string-append "_whois = "
- (bin "whois")))))
+ (define (lookup dir file)
+ (search-input-file inputs (string-append "/" dir "/" file)))
+
+ (substitute* (find-files "config/action.d" "\\.conf$")
+ ;; TODO: deal with geoiplookup ..
+ (("(awk|curl|dig|jq)" all cmd)
+ (lookup "bin" cmd))
+ (("(cat|echo|grep|head|printf|wc) " all cmd)
+ (string-append (lookup "bin" cmd) " "))
+ ((" (date|rm|sed|tail|touch|tr) " all cmd)
+ (string-append " " (lookup "bin" cmd) " "))
+ (("cut -d")
+ (string-append (lookup "bin" "cut") " -d"))
+ (("`date`")
+ (string-append "`" (lookup "bin" "date") "`"))
+ (("id -")
+ (string-append (lookup "bin" "id") " -"))
+ (("ip (route|-[46] addr)" all rest)
+ (string-append (lookup "sbin" "ip") rest))
+ (("ipset ")
+ (string-append (lookup "sbin" "ipset") " "))
+ (("(iptables|ip6tables) <" all cmd)
+ (string-append (lookup "sbin" cmd) " <"))
+ (("/usr/bin/nsupdate")
+ (lookup "bin" "nsupdate"))
+ (("mail -E")
+ (string-append (lookup "sbin" "sendmail") " -E"))
+ (("nftables = nft")
+ (string-append "nftables = " (lookup "sbin" "nft")))
+ (("perl -e")
+ (string-append (lookup "bin" "perl") " -e"))
+ (("/usr/sbin/sendmail")
+ (lookup "sbin" "sendmail"))
+ (("test -e")
+ (string-append (lookup "bin" "test") " -e"))
+ (("_whois = whois")
+ (string-append "_whois = " (lookup "bin" "whois"))))
+
(substitute* "config/jail.conf"
(("before = paths-debian.conf")
"before = paths-guix.conf"))))
(add-after 'install 'copy-man-pages
- (lambda* (#:key outputs #:allow-other-keys)
- (let* ((man (string-append (assoc-ref outputs "out") "/man"))
- (install-man (lambda (m)
- (lambda (f)
- (install-file (string-append f "." m)
- (string-append man "/man"
- m)))))
- (install-man1 (install-man "1"))
- (install-man5 (install-man "5")))
- (with-directory-excursion "man"
- (for-each install-man1
- '("fail2ban" "fail2ban-client" "fail2ban-python"
- "fail2ban-regex" "fail2ban-server"
- "fail2ban-testcases"))
- (for-each install-man5
- '("jail.conf")))))))))
+ (lambda _
+ (define (install-man m)
+ (lambda (f)
+ (install-file (string-append f "." m)
+ (string-append #$output "man/man" m))))
+
+ (with-directory-excursion "man"
+ (for-each (install-man "1")
+ '("fail2ban" "fail2ban-client" "fail2ban-python"
+ "fail2ban-regex" "fail2ban-server"
+ "fail2ban-testcases"))
+ ((install-man "5") "jail.conf")))))))
(native-inputs (list python-setuptools python-wheel))
(inputs (list gawk
coreutils-minimal
--
2.49.0
N
N
Nicolas Graves wrote on 3 May 07:00 -0700
[PATCH v2 6/6] gnu: fail2ban: Improve snippet.
(address . 78066@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20250503140234.9752-7-ngraves@ngraves.fr
* gnu/packages/admin.scm (fail2ban)
[source]<modules>: Remove (srfi srfi-26).
<snippet>: Use gexp. Move substitute* patches...
[arguments]<phases>: ...to phases 'patch-setup.py and 'disable-some-tests.
---
gnu/packages/admin.scm | 26 +++++++++++---------------
1 file changed, 11 insertions(+), 15 deletions(-)

Toggle diff (41 lines)
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index b808a3b6c5..7492de3a32 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -6277,23 +6277,19 @@ (define-public fail2ban
"'usr/share/doc/fail2ban'"))))
(add-after 'unpack 'disable-some-tests
(lambda _
- (define (make-suite str)
- (string-append "tests.addTest\\(loadTests\\(" str "\\)\\)"))
+ (define (make-suite-regex tests)
+ (string-append "tests.addTest\\(loadTests\\(("
+ (string-join tests "|")
+ ")\\)\\)"))
;; disable tests performing unacceptable side-effects
(substitute* "fail2ban/tests/utils.py"
- (((make-suite "actiontestcase.CommandActionTest"))
- "")
- (((make-suite "misctestcase.SetupTest"))
- "")
- (((make-suite "filtertestcase.DNSUtilsNetworkTests"))
- "")
- (((make-suite "filtertestcase.IgnoreIPDNS"))
- "")
- (((make-suite "filtertestcase.GetFailures"))
- "")
- (((make-suite "fail2banclienttestcase.Fail2banServerTest"))
- "")
- (((make-suite "servertestcase.ServerConfigReaderTests"))
+ (((make-suite-regex (list "actiontestcase.CommandActionTest"
+ "misctestcase.SetupTest"
+ "filtertestcase.DNSUtilsNetworkTests"
+ "filtertestcase.IgnoreIPDNS"
+ "filtertestcase.GetFailures"
+ "fail2banclienttestcase.Fail2banServerTest"
+ "servertestcase.ServerConfigReaderTests")))
""))))
(add-before 'install 'fix-default-config
(lambda _
--
2.49.0
N
N
Nicolas Graves wrote on 4 May 01:56 -0700
[PATCH v3 0/6] Fix fail2ban build
(address . 78066@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20250504085747.6387-1-ngraves@ngraves.fr
I think the fail2ban tests were broken before the Python@3.10 update.
The -basic test runs properly, but the other tests do not.

I focussed on fixing the -basic test because I don't understand why
the other tests fail (socket is not found, but when I try it in real
conditions, it is).

The main issue was that the paths-debian.conf in jail.conf was
substituted after the wheel was built, so the change didn't make it in
the output. Probably related to the migration to the
pyproject-build-system.

So now the -basic test passes, but the -simple and -extension tests
don't, but I guess it's because tests rather than the package are
broken. Ready to be merged IMHO.

Nicolas Graves (6):
gnu: fail2ban: Move file deletion to source snippet.
gnu: fail2ban: Move setup and test patches to phases.
gnu: fail2ban: Update to 1.1.0.
gnu: fail2ban: Improve style.
gnu: fail2ban: Improve style.
gnu: fail2ban: Improve snippet.

gnu/local.mk | 6 -
gnu/packages/admin.scm | 327 ++++++++----------
.../fail2ban-0.11.2_CVE-2021-32749.patch | 155 ---------
...2ban-0.11.2_fix-setuptools-drop-2to3.patch | 64 ----
.../fail2ban-0.11.2_fix-test-suite.patch | 48 ---
.../fail2ban-python310-server-action.patch | 27 --
.../fail2ban-python310-server-actions.patch | 25 --
.../fail2ban-python310-server-jails.patch | 25 --
8 files changed, 149 insertions(+), 528 deletions(-)
delete mode 100644 gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch
delete mode 100644 gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch
delete mode 100644 gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch
delete mode 100644 gnu/packages/patches/fail2ban-python310-server-action.patch
delete mode 100644 gnu/packages/patches/fail2ban-python310-server-actions.patch
delete mode 100644 gnu/packages/patches/fail2ban-python310-server-jails.patch

--
2.49.0
N
N
Nicolas Graves wrote on 4 May 01:56 -0700
[PATCH v3 1/6] gnu: fail2ban: Move file deletion to source snippet.
(address . 78066@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20250504085747.6387-2-ngraves@ngraves.fr
* gnu/packages/admin.scm (fail2ban)
[arguments]<phases>: Move multiple file deletion from here...
[source]<snippet>: ...to here.
---
gnu/packages/admin.scm | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)

Toggle diff (37 lines)
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 1d0ec121ff..216776e62c 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -6185,6 +6185,15 @@ (define-public fail2ban
(modules '((guix build utils)))
(snippet
'(begin
+ ;; Replacing those by our own paths-guix.conf
+ (with-directory-excursion "config"
+ (for-each delete-file
+ '("paths-arch.conf"
+ "paths-debian.conf"
+ "paths-fedora.conf"
+ "paths-freebsd.conf"
+ "paths-opensuse.conf"
+ "paths-osx.conf")))
;; Get rid of absolute file names.
(substitute* "setup.py"
(("/etc/fail2ban")
@@ -6248,14 +6257,6 @@ (define-public fail2ban
(lambda* (#:key inputs #:allow-other-keys)
;; deleting things that are not feasible to fix
;; or won't be used any way
- (with-directory-excursion "config"
- (for-each delete-file
- '("paths-arch.conf"
- "paths-debian.conf"
- "paths-fedora.conf"
- "paths-freebsd.conf"
- "paths-opensuse.conf"
- "paths-osx.conf")))
(with-directory-excursion "config/action.d"
(for-each delete-file
'("apf.conf"
--
2.49.0
N
N
Nicolas Graves wrote on 4 May 01:56 -0700
[PATCH v3 6/6] gnu: fail2ban: Improve snippet.
(address . 78066@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20250504085747.6387-7-ngraves@ngraves.fr
* gnu/packages/admin.scm (fail2ban)
[source]<modules>: Remove (srfi srfi-26).
<snippet>: Use gexp. Move substitute* patches...
[arguments]<phases>: ...to phases 'patch-setup.py and 'disable-some-tests.
---
gnu/packages/admin.scm | 26 +++++++++++---------------
1 file changed, 11 insertions(+), 15 deletions(-)

Toggle diff (41 lines)
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index e508340ef0..8fee710c7f 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -6218,23 +6218,19 @@ (define-public fail2ban
"'usr/share/doc/fail2ban'"))))
(add-after 'unpack 'disable-some-tests
(lambda _
- (define (make-suite str)
- (string-append "tests.addTest\\(loadTests\\(" str "\\)\\)"))
+ (define (make-suite-regex tests)
+ (string-append "tests.addTest\\(loadTests\\(("
+ (string-join tests "|")
+ ")\\)\\)"))
;; disable tests performing unacceptable side-effects
(substitute* "fail2ban/tests/utils.py"
- (((make-suite "actiontestcase.CommandActionTest"))
- "")
- (((make-suite "misctestcase.SetupTest"))
- "")
- (((make-suite "filtertestcase.DNSUtilsNetworkTests"))
- "")
- (((make-suite "filtertestcase.IgnoreIPDNS"))
- "")
- (((make-suite "filtertestcase.GetFailures"))
- "")
- (((make-suite "fail2banclienttestcase.Fail2banServerTest"))
- "")
- (((make-suite "servertestcase.ServerConfigReaderTests"))
+ (((make-suite-regex (list "actiontestcase.CommandActionTest"
+ "misctestcase.SetupTest"
+ "filtertestcase.DNSUtilsNetworkTests"
+ "filtertestcase.IgnoreIPDNS"
+ "filtertestcase.GetFailures"
+ "fail2banclienttestcase.Fail2banServerTest"
+ "servertestcase.ServerConfigReaderTests")))
""))))
(add-before 'build 'fix-default-config
(lambda _
--
2.49.0
N
N
Nicolas Graves wrote on 4 May 01:56 -0700
[PATCH v3 2/6] gnu: fail2ban: Move setup and test patches to phases.
(address . 78066@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20250504085747.6387-3-ngraves@ngraves.fr
* gnu/packages/admin.scm (fail2ban)
[source]<snippet>: Move setup and test substitutions...
[arguments]<phases>: ...to phases 'patch-setup.py and
'disable-some-tests.
---
gnu/packages/admin.scm | 71 +++++++++++++++++++++---------------------
1 file changed, 35 insertions(+), 36 deletions(-)

Toggle diff (91 lines)
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 216776e62c..d47a1935c3 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -6193,42 +6193,7 @@ (define-public fail2ban
"paths-fedora.conf"
"paths-freebsd.conf"
"paths-opensuse.conf"
- "paths-osx.conf")))
- ;; Get rid of absolute file names.
- (substitute* "setup.py"
- (("/etc/fail2ban")
- "etc/fail2ban")
- (("/var/lib/fail2ban")
- "var/lib/fail2ban")
- (("\"/usr/bin/\"")
- "\"usr/bin/\"")
- (("\"/usr/lib/fail2ban/\"")
- "\"usr/lib/fail2ban/\"")
- (("'/usr/share/doc/fail2ban'")
- "'usr/share/doc/fail2ban'"))
- ;; disable tests performing unacceptable side-effects
- (let ((make-suite (lambda (t)
- (string-append
- "tests.addTest.unittest.makeSuite."
- t ".."))))
- (substitute* "fail2ban/tests/utils.py"
- (((make-suite "actiontestcase.CommandActionTest"))
- "")
- (((make-suite "misctestcase.SetupTest"))
- "")
- (((make-suite
- "filtertestcase.DNSUtilsNetworkTests"))
- "")
- (((make-suite "filtertestcase.IgnoreIPDNS"))
- "")
- (((make-suite "filtertestcase.GetFailures"))
- "")
- (((make-suite
- "fail2banclienttestcase.Fail2banServerTest"))
- "")
- (((make-suite
- "servertestcase.ServerConfigReaderTests"))
- "")))))
+ "paths-osx.conf")))))
(patches (search-patches
"fail2ban-0.11.2_fix-setuptools-drop-2to3.patch"
"fail2ban-python310-server-action.patch"
@@ -6243,6 +6208,40 @@ (define-public fail2ban
(add-before 'build 'invoke-2to3
(lambda _
(invoke "./fail2ban-2to3")))
+ (add-after 'unpack 'patch-setup.py
+ (lambda _
+ ;; Get rid of absolute file names.
+ (substitute* "setup.py"
+ (("/etc/fail2ban")
+ "etc/fail2ban")
+ (("/var/lib/fail2ban")
+ "var/lib/fail2ban")
+ (("\"/usr/bin/\"")
+ "\"usr/bin/\"")
+ (("\"/usr/lib/fail2ban/\"")
+ "\"usr/lib/fail2ban/\"")
+ (("'/usr/share/doc/fail2ban'")
+ "'usr/share/doc/fail2ban'"))))
+ (add-after 'unpack 'disable-some-tests
+ (lambda _
+ (define (make-suite str)
+ (string-append "tests.addTest.unittest.makeSuite." str ".."))
+ ;; disable tests performing unacceptable side-effects
+ (substitute* "fail2ban/tests/utils.py"
+ (((make-suite "actiontestcase.CommandActionTest"))
+ "")
+ (((make-suite "misctestcase.SetupTest"))
+ "")
+ (((make-suite "filtertestcase.DNSUtilsNetworkTests"))
+ "")
+ (((make-suite "filtertestcase.IgnoreIPDNS"))
+ "")
+ (((make-suite "filtertestcase.GetFailures"))
+ "")
+ (((make-suite "fail2banclienttestcase.Fail2banServerTest"))
+ "")
+ (((make-suite "servertestcase.ServerConfigReaderTests"))
+ ""))))
(add-before 'install 'fix-default-config
(lambda* (#:key outputs #:allow-other-keys)
(substitute* '("config/paths-common.conf"
--
2.49.0
N
N
Nicolas Graves wrote on 4 May 01:56 -0700
[PATCH v3 5/6] gnu: fail2ban: Improve style.
(address . 78066@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20250504085747.6387-6-ngraves@ngraves.fr
* gnu/packages/admin.scm (fail2ban):
[arguments]<phases>: Rewrite phases 'set-action-dependencies and
copy-man-pages for readability.
---
gnu/packages/admin.scm | 121 ++++++++++++++++++-----------------------
1 file changed, 54 insertions(+), 67 deletions(-)

Toggle diff (157 lines)
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index c9dd154313..e508340ef0 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -6237,21 +6237,22 @@ (define (make-suite str)
(((make-suite "servertestcase.ServerConfigReaderTests"))
""))))
(add-before 'build 'fix-default-config
- (lambda* (#:key outputs #:allow-other-keys)
+ (lambda _
(substitute* '("config/paths-common.conf"
"fail2ban/tests/utils.py"
"fail2ban/client/configreader.py"
"fail2ban/client/fail2bancmdline.py"
"fail2ban/client/fail2banregex.py")
(("/etc/fail2ban")
- (string-append (assoc-ref outputs "out") "/etc/fail2ban")))))
+ (string-append #$output "/etc/fail2ban")))))
(add-after 'fix-default-config 'set-action-dependencies
(lambda* (#:key inputs #:allow-other-keys)
;; deleting things that are not feasible to fix
;; or won't be used any way
(with-directory-excursion "config/action.d"
(for-each delete-file
- '("apf.conf" "bsd-ipfw.conf"
+ '("apf.conf"
+ "bsd-ipfw.conf"
"dshield.conf"
"ipfilter.conf"
"ipfw.conf"
@@ -6270,74 +6271,60 @@ (define (make-suite str)
"shorewall.conf"
"shorewall-ipset-proto6.conf"
"ufw.conf")))
- (let* ((lookup-cmd (lambda (i)
- (search-input-file inputs i)))
- (bin (lambda (i)
- (lookup-cmd (string-append "/bin/" i))))
- (sbin (lambda (i)
- (lookup-cmd (string-append "/sbin/" i))))
- (ip (sbin "ip"))
- (sendmail (sbin "sendmail")))
- (substitute* (find-files "config/action.d" "\\.conf$")
- ;; TODO: deal with geoiplookup ..
- (("(awk|curl|dig|jq)" all cmd)
- (bin cmd))
- (("(cat|echo|grep|head|printf|wc) " all cmd)
- (string-append (bin cmd) " "))
- ((" (date|rm|sed|tail|touch|tr) " all cmd)
- (string-append " "
- (bin cmd) " "))
- (("cut -d")
- (string-append (bin "cut") " -d"))
- (("`date`")
- (string-append "`"
- (bin "date") "`"))
- (("id -")
- (string-append (bin "id") " -"))
- (("ip -([46]) addr" all ver)
- (string-append ip " -" ver " addr"))
- (("ip route")
- (string-append ip " route"))
- (("ipset ")
- (string-append (sbin "ipset") " "))
- (("(iptables|ip6tables) <" all cmd)
- (string-append (sbin cmd) " <"))
- (("/usr/bin/nsupdate")
- (bin "nsupdate"))
- (("mail -E")
- (string-append sendmail " -E"))
- (("nftables = nft")
- (string-append "nftables = "
- (sbin "nft")))
- (("perl -e")
- (string-append (bin "perl") " -e"))
- (("/usr/sbin/sendmail")
- sendmail)
- (("test -e")
- (string-append (bin "test") " -e"))
- (("_whois = whois")
- (string-append "_whois = "
- (bin "whois")))))
+ (define (lookup dir file)
+ (search-input-file inputs (string-append "/" dir "/" file)))
+
+ (substitute* (find-files "config/action.d" "\\.conf$")
+ ;; TODO: deal with geoiplookup ..
+ (("(awk|curl|dig|jq)" all cmd)
+ (lookup "bin" cmd))
+ (("(cat|echo|grep|head|printf|wc) " all cmd)
+ (string-append (lookup "bin" cmd) " "))
+ ((" (date|rm|sed|tail|touch|tr) " all cmd)
+ (string-append " " (lookup "bin" cmd) " "))
+ (("cut -d")
+ (string-append (lookup "bin" "cut") " -d"))
+ (("`date`")
+ (string-append "`" (lookup "bin" "date") "`"))
+ (("id -")
+ (string-append (lookup "bin" "id") " -"))
+ (("ip (route|-[46] addr)" all rest)
+ (string-append (lookup "sbin" "ip") rest))
+ (("ipset ")
+ (string-append (lookup "sbin" "ipset") " "))
+ (("(iptables|ip6tables) <" all cmd)
+ (string-append (lookup "sbin" cmd) " <"))
+ (("/usr/bin/nsupdate")
+ (lookup "bin" "nsupdate"))
+ (("mail -E")
+ (string-append (lookup "sbin" "sendmail") " -E"))
+ (("nftables = nft")
+ (string-append "nftables = " (lookup "sbin" "nft")))
+ (("perl -e")
+ (string-append (lookup "bin" "perl") " -e"))
+ (("/usr/sbin/sendmail")
+ (lookup "sbin" "sendmail"))
+ (("test -e")
+ (string-append (lookup "bin" "test") " -e"))
+ (("_whois = whois")
+ (string-append "_whois = " (lookup "bin" "whois"))))
+
(substitute* "config/jail.conf"
(("before = paths-debian\\.conf")
"before = paths-guix.conf"))))
(add-after 'install 'copy-man-pages
- (lambda* (#:key outputs #:allow-other-keys)
- (let* ((man (string-append (assoc-ref outputs "out") "/man"))
- (install-man (lambda (m)
- (lambda (f)
- (install-file (string-append f "." m)
- (string-append man "/man"
- m)))))
- (install-man1 (install-man "1"))
- (install-man5 (install-man "5")))
- (with-directory-excursion "man"
- (for-each install-man1
- '("fail2ban" "fail2ban-client" "fail2ban-python"
- "fail2ban-regex" "fail2ban-server"
- "fail2ban-testcases"))
- (for-each install-man5
- '("jail.conf")))))))))
+ (lambda _
+ (define (install-man m)
+ (lambda (f)
+ (install-file (string-append f "." m)
+ (string-append #$output "man/man" m))))
+
+ (with-directory-excursion "man"
+ (for-each (install-man "1")
+ '("fail2ban" "fail2ban-client" "fail2ban-python"
+ "fail2ban-regex" "fail2ban-server"
+ "fail2ban-testcases"))
+ ((install-man "5") "jail.conf")))))))
(native-inputs (list python-setuptools python-wheel))
(inputs (list gawk
coreutils-minimal
--
2.49.0
N
N
Nicolas Graves wrote on 4 May 01:56 -0700
[PATCH v3 4/6] gnu: fail2ban: Improve style.
(address . 78066@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20250504085747.6387-5-ngraves@ngraves.fr
* gnu/packages/admin.scm (fail2ban): Use gexps and run guix style.
---
gnu/packages/admin.scm | 338 ++++++++++++++++++++---------------------
1 file changed, 164 insertions(+), 174 deletions(-)

Toggle diff (353 lines)
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index c6dc8ff43c..c9dd154313 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -6173,182 +6173,172 @@ (define-public fail2ban
(package
(name "fail2ban")
(version "1.1.0")
- (source (origin
- (method git-fetch)
- (uri (git-reference
- (url "https://github.com/fail2ban/fail2ban")
- (commit version)))
- (file-name (git-file-name name version))
- (sha256
- (base32
- "0lfakna6ad2xwz95sjxzkavipcsxiy7ybavkdkf9zzmspf2ws4yk"))
- (modules '((guix build utils)))
- (snippet
- '(begin
- ;; Replacing those by our own paths-guix.conf
- (with-directory-excursion "config"
- (for-each delete-file
- '("paths-arch.conf"
- "paths-debian.conf"
- "paths-fedora.conf"
- "paths-freebsd.conf"
- "paths-opensuse.conf"
- "paths-osx.conf")))))
- (patches (search-patches "fail2ban-paths-guix-conf.patch"))))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/fail2ban/fail2ban")
+ (commit version)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "0lfakna6ad2xwz95sjxzkavipcsxiy7ybavkdkf9zzmspf2ws4yk"))
+ (modules '((guix build utils)))
+ (snippet #~(begin
+ ;; Replacing those by our own paths-guix.conf
+ (with-directory-excursion "config"
+ (for-each delete-file
+ '("paths-arch.conf" "paths-debian.conf"
+ "paths-fedora.conf" "paths-freebsd.conf"
+ "paths-opensuse.conf" "paths-osx.conf")))))
+ (patches (search-patches "fail2ban-paths-guix-conf.patch"))))
(build-system pyproject-build-system)
(arguments
- '(#:phases (modify-phases %standard-phases
- (add-after 'unpack 'avoid-external-binary-in-/bin
- (lambda _
- (delete-file "fail2ban/setup.py")
- (substitute* '("bin/fail2ban-testcases"
- "setup.py")
- ((".*updatePyExec.*") ""))))
- (add-after 'unpack 'patch-setup.py
- (lambda _
- ;; Get rid of absolute file names.
- (substitute* "setup.py"
- (("/etc/fail2ban")
- "etc/fail2ban")
- (("/var/lib/fail2ban")
- "var/lib/fail2ban")
- (("\"/usr/bin/\"")
- "\"usr/bin/\"")
- (("\"/usr/lib/fail2ban/\"")
- "\"usr/lib/fail2ban/\"")
- (("'/usr/share/doc/fail2ban'")
- "'usr/share/doc/fail2ban'"))))
- (add-after 'unpack 'disable-some-tests
- (lambda _
- (define (make-suite str)
- (string-append "tests.addTest\\(loadTests\\(" str "\\)\\)"))
- ;; disable tests performing unacceptable side-effects
- (substitute* "fail2ban/tests/utils.py"
- (((make-suite "actiontestcase.CommandActionTest"))
- "")
- (((make-suite "misctestcase.SetupTest"))
- "")
- (((make-suite "filtertestcase.DNSUtilsNetworkTests"))
- "")
- (((make-suite "filtertestcase.IgnoreIPDNS"))
- "")
- (((make-suite "filtertestcase.GetFailures"))
- "")
- (((make-suite "fail2banclienttestcase.Fail2banServerTest"))
- "")
- (((make-suite "servertestcase.ServerConfigReaderTests"))
- ""))))
- (add-before 'build 'fix-default-config
- (lambda* (#:key outputs #:allow-other-keys)
- (substitute* '("config/paths-common.conf"
- "fail2ban/tests/utils.py"
- "fail2ban/client/configreader.py"
- "fail2ban/client/fail2bancmdline.py"
- "fail2ban/client/fail2banregex.py")
- (("/etc/fail2ban")
- (string-append (assoc-ref outputs "out")
- "/etc/fail2ban")))))
- (add-after 'fix-default-config 'set-action-dependencies
- (lambda* (#:key inputs #:allow-other-keys)
- ;; deleting things that are not feasible to fix
- ;; or won't be used any way
- (with-directory-excursion "config/action.d"
- (for-each delete-file
- '("apf.conf"
- "bsd-ipfw.conf"
- "dshield.conf"
- "ipfilter.conf"
- "ipfw.conf"
- "firewallcmd-allports.conf"
- "firewallcmd-common.conf"
- "firewallcmd-ipset.conf"
- "firewallcmd-multiport.conf"
- "firewallcmd-new.conf"
- "firewallcmd-rich-logging.conf"
- "firewallcmd-rich-rules.conf"
- "osx-afctl.conf"
- "osx-ipfw.conf"
- "pf.conf"
- "nginx-block-map.conf"
- "npf.conf"
- "shorewall.conf"
- "shorewall-ipset-proto6.conf"
- "ufw.conf")))
- (let* ((lookup-cmd (lambda (i)
- (search-input-file inputs i)))
- (bin (lambda (i)
- (lookup-cmd (string-append "/bin/" i))))
- (sbin (lambda (i)
- (lookup-cmd (string-append "/sbin/" i))))
- (ip (sbin "ip"))
- (sendmail (sbin "sendmail")))
- (substitute* (find-files "config/action.d" "\\.conf$")
- ;; TODO: deal with geoiplookup ..
- (("(awk|curl|dig|jq)" all cmd)
- (bin cmd))
- (("(cat|echo|grep|head|printf|wc) " all
- cmd)
- (string-append (bin cmd) " "))
- ((" (date|rm|sed|tail|touch|tr) " all
- cmd)
- (string-append " "
- (bin cmd) " "))
- (("cut -d")
- (string-append (bin "cut") " -d"))
- (("`date`")
- (string-append "`"
- (bin "date") "`"))
- (("id -")
- (string-append (bin "id") " -"))
- (("ip -([46]) addr" all ver)
- (string-append ip " -" ver " addr"))
- (("ip route")
- (string-append ip " route"))
- (("ipset ")
- (string-append (sbin "ipset") " "))
- (("(iptables|ip6tables) <" all cmd)
- (string-append (sbin cmd) " <"))
- (("/usr/bin/nsupdate")
- (bin "nsupdate"))
- (("mail -E")
- (string-append sendmail " -E"))
- (("nftables = nft")
- (string-append "nftables = " (sbin "nft")))
- (("perl -e")
- (string-append (bin "perl") " -e"))
- (("/usr/sbin/sendmail")
- sendmail)
- (("test -e")
- (string-append (bin "test") " -e"))
- (("_whois = whois")
- (string-append "_whois = " (bin "whois")))))
- (substitute* "config/jail.conf"
- (("before = paths-debian\\.conf")
- "before = paths-guix.conf"))))
- (add-after 'install 'copy-man-pages
- (lambda* (#:key outputs #:allow-other-keys)
- (let* ((man (string-append (assoc-ref outputs "out")
- "/man"))
- (install-man (lambda (m)
- (lambda (f)
- (install-file (string-append f
- "." m)
- (string-append man
- "/man" m)))))
- (install-man1 (install-man "1"))
- (install-man5 (install-man "5")))
- (with-directory-excursion "man"
- (for-each install-man1
- '("fail2ban"
- "fail2ban-client"
- "fail2ban-python"
- "fail2ban-regex"
- "fail2ban-server"
- "fail2ban-testcases"))
- (for-each install-man5
- '("jail.conf")))))))))
- (native-inputs
- (list python-setuptools python-wheel))
+ (list
+ #:phases
+ #~(modify-phases %standard-phases
+ (add-after 'unpack 'avoid-external-binary-in-/bin
+ (lambda _
+ (delete-file "fail2ban/setup.py")
+ (substitute* '("bin/fail2ban-testcases" "setup.py")
+ ((".*updatePyExec.*")
+ ""))))
+ (add-after 'unpack 'patch-setup.py
+ (lambda _
+ ;; Get rid of absolute file names.
+ (substitute* "setup.py"
+ (("/etc/fail2ban")
+ "etc/fail2ban")
+ (("/var/lib/fail2ban")
+ "var/lib/fail2ban")
+ (("\"/usr/bin/\"")
+ "\"usr/bin/\"")
+ (("\"/usr/lib/fail2ban/\"")
+ "\"usr/lib/fail2ban/\"")
+ (("'/usr/share/doc/fail2ban'")
+ "'usr/share/doc/fail2ban'"))))
+ (add-after 'unpack 'disable-some-tests
+ (lambda _
+ (define (make-suite str)
+ (string-append "tests.addTest\\(loadTests\\(" str "\\)\\)"))
+ ;; disable tests performing unacceptable side-effects
+ (substitute* "fail2ban/tests/utils.py"
+ (((make-suite "actiontestcase.CommandActionTest"))
+ "")
+ (((make-suite "misctestcase.SetupTest"))
+ "")
+ (((make-suite "filtertestcase.DNSUtilsNetworkTests"))
+ "")
+ (((make-suite "filtertestcase.IgnoreIPDNS"))
+ "")
+ (((make-suite "filtertestcase.GetFailures"))
+ "")
+ (((make-suite "fail2banclienttestcase.Fail2banServerTest"))
+ "")
+ (((make-suite "servertestcase.ServerConfigReaderTests"))
+ ""))))
+ (add-before 'build 'fix-default-config
+ (lambda* (#:key outputs #:allow-other-keys)
+ (substitute* '("config/paths-common.conf"
+ "fail2ban/tests/utils.py"
+ "fail2ban/client/configreader.py"
+ "fail2ban/client/fail2bancmdline.py"
+ "fail2ban/client/fail2banregex.py")
+ (("/etc/fail2ban")
+ (string-append (assoc-ref outputs "out") "/etc/fail2ban")))))
+ (add-after 'fix-default-config 'set-action-dependencies
+ (lambda* (#:key inputs #:allow-other-keys)
+ ;; deleting things that are not feasible to fix
+ ;; or won't be used any way
+ (with-directory-excursion "config/action.d"
+ (for-each delete-file
+ '("apf.conf" "bsd-ipfw.conf"
+ "dshield.conf"
+ "ipfilter.conf"
+ "ipfw.conf"
+ "firewallcmd-allports.conf"
+ "firewallcmd-common.conf"
+ "firewallcmd-ipset.conf"
+ "firewallcmd-multiport.conf"
+ "firewallcmd-new.conf"
+ "firewallcmd-rich-logging.conf"
+ "firewallcmd-rich-rules.conf"
+ "osx-afctl.conf"
+ "osx-ipfw.conf"
+ "pf.conf"
+ "nginx-block-map.conf"
+ "npf.conf"
+ "shorewall.conf"
+ "shorewall-ipset-proto6.conf"
+ "ufw.conf")))
+ (let* ((lookup-cmd (lambda (i)
+ (search-input-file inputs i)))
+ (bin (lambda (i)
+ (lookup-cmd (string-append "/bin/" i))))
+ (sbin (lambda (i)
+ (lookup-cmd (string-append "/sbin/" i))))
+ (ip (sbin "ip"))
+ (sendmail (sbin "sendmail")))
+ (substitute* (find-files "config/action.d" "\\.conf$")
+ ;; TODO: deal with geoiplookup ..
+ (("(awk|curl|dig|jq)" all cmd)
+ (bin cmd))
+ (("(cat|echo|grep|head|printf|wc) " all cmd)
+ (string-append (bin cmd) " "))
+ ((" (date|rm|sed|tail|touch|tr) " all cmd)
+ (string-append " "
+ (bin cmd) " "))
+ (("cut -d")
+ (string-append (bin "cut") " -d"))
+ (("`date`")
+ (string-append "`"
+ (bin "date") "`"))
+ (("id -")
+ (string-append (bin "id") " -"))
+ (("ip -([46]) addr" all ver)
+ (string-append ip " -" ver " addr"))
+ (("ip route")
+ (string-append ip " route"))
+ (("ipset ")
+ (string-append (sbin "ipset") " "))
+ (("(iptables|ip6tables) <" all cmd)
+ (string-append (sbin cmd) " <"))
+ (("/usr/bin/nsupdate")
+ (bin "nsupdate"))
+ (("mail -E")
+ (string-append sendmail " -E"))
+ (("nftables = nft")
+ (string-append "nftables = "
+ (sbin "nft")))
+ (("perl -e")
+ (string-append (bin "perl") " -e"))
+ (("/usr/sbin/sendmail")
+ sendmail)
+ (("test -e")
+ (string-append (bin "test") " -e"))
+ (("_whois = whois")
+ (string-append "_whois = "
+ (bin "whois")))))
+ (substitute* "config/jail.conf"
+ (("before = paths-debian\\.conf")
+ "before = paths-guix.conf"))))
+ (add-after 'install 'copy-man-pages
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((man (string-append (assoc-ref outputs "out") "/man"))
+ (install-man (lambda (m)
+ (lambda (f)
+ (install-file (string-append f "." m)
+ (string-append man "/man"
+ m)))))
+ (install-man1 (install-man "1"))
+ (install-man5 (install-man "5")))
+ (with-directory-excursion "man"
+ (for-each install-man1
+ '("fail2ban" "fail2ban-client" "fail2ban-python"
+ "fail2ban-regex" "fail2ban-server"
+ "fail2ban-testcases"))
+ (for-each install-man5
+ '("jail.conf")))))))))
+ (native-inputs (list python-setuptools python-wheel))
(inputs (list gawk
coreutils-minimal
curl
--
2.49.0
N
N
Nicolas Graves wrote on 4 May 01:56 -0700
[PATCH v3 3/6] gnu: fail2ban: Update to 1.1.0.
(address . 78066@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20250504085747.6387-4-ngraves@ngraves.fr
* gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch,
gnu/packages/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch,
gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch,
gnu/packages/patches/fail2ban-python310-server-action.patch,
gnu/packages/fail2ban-python310-server-actions.patch: Delete patches.

* gnu/local.mk: Deregister patches.

* gnu/packages/admin.scm (fail2ban): Update to 1.1.0.
[source]<snippet>: Use (srfi srfi-26) for readability.
<patches>: Deregister patches.
[build-system]: Switch to pyproject-build-system.
[arguments]<phases>: Remove phase 'invoke-2to3. Add phase
'avoid-external-binary-in-/bin to avoid creating a symlink to
python-wrapper binary during installation (current 'install phase
breaks otherwise). Run phases 'fix-default-config and
'set-action-dependencies before 'build phase (needed for pyproject).
[native-inputs]: Add python-setuptools, python-wheel.
---
gnu/local.mk | 6 -
gnu/packages/admin.scm | 30 ++--
.../fail2ban-0.11.2_CVE-2021-32749.patch | 155 ------------------
...2ban-0.11.2_fix-setuptools-drop-2to3.patch | 64 --------
.../fail2ban-0.11.2_fix-test-suite.patch | 48 ------
.../fail2ban-python310-server-action.patch | 27 ---
.../fail2ban-python310-server-actions.patch | 25 ---
.../fail2ban-python310-server-jails.patch | 25 ---
8 files changed, 14 insertions(+), 366 deletions(-)
delete mode 100644 gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch
delete mode 100644 gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch
delete mode 100644 gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch
delete mode 100644 gnu/packages/patches/fail2ban-python310-server-action.patch
delete mode 100644 gnu/packages/patches/fail2ban-python310-server-actions.patch
delete mode 100644 gnu/packages/patches/fail2ban-python310-server-jails.patch

Toggle diff (289 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index f6f95bbf10..5269bfe5ee 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1259,13 +1259,7 @@ dist_patch_DATA = \
%D%/packages/patches/expat-CVE-2024-45492.patch \
%D%/packages/patches/extempore-unbundle-external-dependencies.patch \
%D%/packages/patches/extundelete-e2fsprogs-1.44.patch \
- %D%/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch \
- %D%/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch \
- %D%/packages/patches/fail2ban-0.11.2_fix-test-suite.patch \
%D%/packages/patches/fail2ban-paths-guix-conf.patch \
- %D%/packages/patches/fail2ban-python310-server-action.patch \
- %D%/packages/patches/fail2ban-python310-server-actions.patch \
- %D%/packages/patches/fail2ban-python310-server-jails.patch \
%D%/packages/patches/faiss-tests-CMakeLists-find-googletest.patch \
%D%/packages/patches/falcosecurity-libs-shared-build.patch \
%D%/packages/patches/farstream-gupnp.patch \
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index d47a1935c3..c6dc8ff43c 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -6172,7 +6172,7 @@ (define-public sysdig
(define-public fail2ban
(package
(name "fail2ban")
- (version "0.11.2")
+ (version "1.1.0")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -6181,7 +6181,7 @@ (define-public fail2ban
(file-name (git-file-name name version))
(sha256
(base32
- "00d9q8m284q2wy6q462nipzszplfbvrs9fhgn0y3imwsc24kv1db"))
+ "0lfakna6ad2xwz95sjxzkavipcsxiy7ybavkdkf9zzmspf2ws4yk"))
(modules '((guix build utils)))
(snippet
'(begin
@@ -6194,20 +6194,16 @@ (define-public fail2ban
"paths-freebsd.conf"
"paths-opensuse.conf"
"paths-osx.conf")))))
- (patches (search-patches
- "fail2ban-0.11.2_fix-setuptools-drop-2to3.patch"
- "fail2ban-python310-server-action.patch"
- "fail2ban-python310-server-actions.patch"
- "fail2ban-python310-server-jails.patch"
- "fail2ban-0.11.2_fix-test-suite.patch"
- "fail2ban-0.11.2_CVE-2021-32749.patch"
- "fail2ban-paths-guix-conf.patch"))))
- (build-system python-build-system)
+ (patches (search-patches "fail2ban-paths-guix-conf.patch"))))
+ (build-system pyproject-build-system)
(arguments
'(#:phases (modify-phases %standard-phases
- (add-before 'build 'invoke-2to3
+ (add-after 'unpack 'avoid-external-binary-in-/bin
(lambda _
- (invoke "./fail2ban-2to3")))
+ (delete-file "fail2ban/setup.py")
+ (substitute* '("bin/fail2ban-testcases"
+ "setup.py")
+ ((".*updatePyExec.*") ""))))
(add-after 'unpack 'patch-setup.py
(lambda _
;; Get rid of absolute file names.
@@ -6225,7 +6221,7 @@ (define-public fail2ban
(add-after 'unpack 'disable-some-tests
(lambda _
(define (make-suite str)
- (string-append "tests.addTest.unittest.makeSuite." str ".."))
+ (string-append "tests.addTest\\(loadTests\\(" str "\\)\\)"))
;; disable tests performing unacceptable side-effects
(substitute* "fail2ban/tests/utils.py"
(((make-suite "actiontestcase.CommandActionTest"))
@@ -6242,7 +6238,7 @@ (define (make-suite str)
"")
(((make-suite "servertestcase.ServerConfigReaderTests"))
""))))
- (add-before 'install 'fix-default-config
+ (add-before 'build 'fix-default-config
(lambda* (#:key outputs #:allow-other-keys)
(substitute* '("config/paths-common.conf"
"fail2ban/tests/utils.py"
@@ -6327,7 +6323,7 @@ (define (make-suite str)
(("_whois = whois")
(string-append "_whois = " (bin "whois")))))
(substitute* "config/jail.conf"
- (("before = paths-debian.conf")
+ (("before = paths-debian\\.conf")
"before = paths-guix.conf"))))
(add-after 'install 'copy-man-pages
(lambda* (#:key outputs #:allow-other-keys)
@@ -6351,6 +6347,8 @@ (define (make-suite str)
"fail2ban-testcases"))
(for-each install-man5
'("jail.conf")))))))))
+ (native-inputs
+ (list python-setuptools python-wheel))
(inputs (list gawk
coreutils-minimal
curl
diff --git a/gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch b/gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch
deleted file mode 100644
index d3c677918c..0000000000
--- a/gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch
+++ /dev/null
@@ -1,155 +0,0 @@
-From 410a6ce5c80dd981c22752da034f2529b5eee844 Mon Sep 17 00:00:00 2001
-From: sebres <serg.brester@sebres.de>
-Date: Mon, 21 Jun 2021 17:12:53 +0200
-Subject: [PATCH] fixed possible RCE vulnerability, unset escape variable
- (default tilde) stops consider "~" char after new-line as composing escape
- sequence
-
----
- config/action.d/complain.conf | 2 +-
- config/action.d/dshield.conf | 2 +-
- config/action.d/mail-buffered.conf | 8 ++++----
- config/action.d/mail-whois-lines.conf | 2 +-
- config/action.d/mail-whois.conf | 6 +++---
- config/action.d/mail.conf | 6 +++---
- 6 files changed, 13 insertions(+), 13 deletions(-)
-
-diff --git a/config/action.d/complain.conf b/config/action.d/complain.conf
-index 3a5f882c9f..4d73b05859 100644
---- a/config/action.d/complain.conf
-+++ b/config/action.d/complain.conf
-@@ -102,7 +102,7 @@ logpath = /dev/null
- # Notes.: Your system mail command. Is passed 2 args: subject and recipient
- # Values: CMD
- #
--mailcmd = mail -s
-+mailcmd = mail -E 'set escape' -s
-
- # Option: mailargs
- # Notes.: Additional arguments to mail command. e.g. for standard Unix mail:
-diff --git a/config/action.d/dshield.conf b/config/action.d/dshield.conf
-index c128bef348..3d5a7a53a9 100644
---- a/config/action.d/dshield.conf
-+++ b/config/action.d/dshield.conf
-@@ -179,7 +179,7 @@ tcpflags =
- # Notes.: Your system mail command. Is passed 2 args: subject and recipient
- # Values: CMD
- #
--mailcmd = mail -s
-+mailcmd = mail -E 'set escape' -s
-
- # Option: mailargs
- # Notes.: Additional arguments to mail command. e.g. for standard Unix mail:
-diff --git a/config/action.d/mail-buffered.conf b/config/action.d/mail-buffered.conf
-index 325f185b2f..79b841049c 100644
---- a/config/action.d/mail-buffered.conf
-+++ b/config/action.d/mail-buffered.conf
-@@ -17,7 +17,7 @@ actionstart = printf %%b "Hi,\n
- The jail <name> has been started successfully.\n
- Output will be buffered until <lines> lines are available.\n
- Regards,\n
-- Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
-+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
-
- # Option: actionstop
- # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
-@@ -28,13 +28,13 @@ actionstop = if [ -f <tmpfile> ]; then
- These hosts have been banned by Fail2Ban.\n
- `cat <tmpfile>`
- Regards,\n
-- Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary from <fq-hostname>" <dest>
-+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: Summary from <fq-hostname>" <dest>
- rm <tmpfile>
- fi
- printf %%b "Hi,\n
- The jail <name> has been stopped.\n
- Regards,\n
-- Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
-+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
-
- # Option: actioncheck
- # Notes.: command executed once before each actionban command
-@@ -55,7 +55,7 @@ actionban = printf %%b "`date`: <ip> (<failures> failures)\n" >> <tmpfile>
- These hosts have been banned by Fail2Ban.\n
- `cat <tmpfile>`
- \nRegards,\n
-- Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary" <dest>
-+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: Summary" <dest>
- rm <tmpfile>
- fi
-
-diff --git a/config/action.d/mail-whois-lines.conf b/config/action.d/mail-whois-lines.conf
-index 3a3e56b2c7..d2818cb9b9 100644
---- a/config/action.d/mail-whois-lines.conf
-+++ b/config/action.d/mail-whois-lines.conf
-@@ -72,7 +72,7 @@ actionunban =
- # Notes.: Your system mail command. Is passed 2 args: subject and recipient
- # Values: CMD
- #
--mailcmd = mail -s
-+mailcmd = mail -E 'set escape' -s
-
- # Default name of the chain
- #
-diff --git a/config/action.d/mail-whois.conf b/config/action.d/mail-whois.conf
-index 7fea34c40d..ab33b616dc 100644
---- a/config/action.d/mail-whois.conf
-+++ b/config/action.d/mail-whois.conf
-@@ -20,7 +20,7 @@ norestored = 1
- actionstart = printf %%b "Hi,\n
- The jail <name> has been started successfully.\n
- Regards,\n
-- Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
-+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
-
- # Option: actionstop
- # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
-@@ -29,7 +29,7 @@ actionstart = printf %%b "Hi,\n
- actionstop = printf %%b "Hi,\n
- The jail <name> has been stopped.\n
- Regards,\n
-- Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
-+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
-
- # Option: actioncheck
- # Notes.: command executed once before each actionban command
-@@ -49,7 +49,7 @@ actionban = printf %%b "Hi,\n
- Here is more information about <ip> :\n
- `%(_whois_command)s`\n
- Regards,\n
-- Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
-+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
-
- # Option: actionunban
- # Notes.: command executed when unbanning an IP. Take care that the
-diff --git a/config/action.d/mail.conf b/config/action.d/mail.conf
-index 5d8c0e154c..f4838ddcb6 100644
---- a/config/action.d/mail.conf
-+++ b/config/action.d/mail.conf
-@@ -16,7 +16,7 @@ norestored = 1
- actionstart = printf %%b "Hi,\n
- The jail <name> has been started successfully.\n
- Regards,\n
-- Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
-+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
-
- # Option: actionstop
- # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
-@@ -25,7 +25,7 @@ actionstart = printf %%b "Hi,\n
- actionstop = printf %%b "Hi,\n
- The jail <name> has been stopped.\n
- Regards,\n
-- Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
-+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
-
- # Option: actioncheck
- # Notes.: command executed once before each actionban command
-@@ -43,7 +43,7 @@ actionban = printf %%b "Hi,\n
- The IP <ip> has just been banned by Fail2Ban after
- <failures> attempts against <name>.\n
- Regards,\n
-- Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
-+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
-
- # Option: actionunban
- # Notes.: command executed when unbanning an IP. Take care that the
diff --git a/gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch b/gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch
deleted file mode 100644
index b0b14364b1..0000000000
--- a/gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From 5ac303df8a171f748330d4c645ccbf1c2c7f3497 Mon Sep 17 00:00:00 2001
-From: sebres <info@sebres.de>
-Date: Sun, 19 Sep 2021 18:49:18 +0200
-Subject: [PATCH] fix gh-3098: build fails with error in fail2ban setup
- command: use_2to3 is invalid (setuptools 58+)
-
----
- setup.py | 16 +---------------
- 1 file changed, 1 insertion(+), 15 deletions(-)
-
-diff --git a/setup.py b/setup.py
-index f4c2550f6f..98413273c5 100755
---- a/setup.py
-+++ b/setup.py
-@@ -48,7 +48,7 @@
- from glob import glob
-
- from fail2ban.setup import updatePyExec
--
-+from fail2ban.version import version
-
- source_dir = os.path.realpath(os.path.dirname(
- # __file__ seems to be overwritten sometimes on some python versions (e.g. bug of 2.6 by running under cProfile, etc.):
-@@ -112,22 +112,12 @@ def update_scripts(self, dry_run=False):
- # Wrapper to specify fail2ban own options:
- class install_command_f2b(install):
- user_options = install.user_options + [
-- ('disable-2to3', None, 'Specify to deactivate 2to3, e.g. if the install runs from fail2ban test-cases.'),
- ('without-tests', None, 'without tests files installation'),
- ]
- def initialize_options(self):
-- self.disable_2to3 = None
- self.without_tests = not with_tests
- install.initialize_options(self)
- def finalize_options(self):
-- global _2to3
-- ## in the test cases 2to3 should be already done (fail2ban-2to3):
-- if self.disable_2to3:
-- _2to3 = False
-- if _2to3:
-- cmdclass = self.distribution.cmdclass
-- cmdclass['build_py'] = build_py_2to3
-- cmdclass['build_scripts'] = build_scripts_2to3
- if self.without_tests:
- self.distribution.scripts.remove('bin/fail2ban-testcases')
-
-@@ -178,7 +168,6 @@ def run(self):
- if setuptools:
- setup_extra = {
- 'test_suite': "fail2ban.tests.utils.gatherTests",
-- 'use_2to3': True,
- }
- else:
- setup_extra = {}
-@@ -202,9 +191,6 @@ def run(self):
- ('/usr/share/doc/fail2ban', doc_files)
- )
-
--# Get version number, avoiding importing fail2ban.
--# This is due to tests not functioning for python3 as 2to3 takes place later
--exec(open(join("fail2ban", "version.py")).read())
-
- setup(
- name = "fail2ban",
Toggle diff (72 lines)
diff --git a/gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch b/gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch
deleted file mode 100644
index 91d973e72e..0000000000
--- a/gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 747d4683221b5584f9663695fb48145689b42ceb Mon Sep 17 00:00:00 2001
-From: sebres <info@sebres.de>
-Date: Mon, 4 Jan 2021 02:42:38 +0100
-Subject: [PATCH] fixes century selector of %ExY and %Exy in datepattern for
- tests, considering interval from 2005 (alternate now) to now; + better
- grouping algorithm for resulting century RE
-
----
- fail2ban/server/strptime.py | 24 ++++++++++++++++++++++--
- 1 file changed, 22 insertions(+), 2 deletions(-)
-
-diff --git a/fail2ban/server/strptime.py b/fail2ban/server/strptime.py
-index 1464a96d1f..39fc795865 100644
---- a/fail2ban/server/strptime.py
-+++ b/fail2ban/server/strptime.py
-@@ -36,10 +36,30 @@ def _getYearCentRE(cent=(0,3), distance=3, now=(MyTime.now(), MyTime.alternateNo
- Thereby respect possible run in the test-cases (alternate date used there)
- """
- cent = lambda year, f=cent[0], t=cent[1]: str(year)[f:t]
-+ def grp(exprset):
-+ c = None
-+ if len(exprset) > 1:
-+ for i in exprset:
-+ if c is None or i[0:-1] == c:
-+ c = i[0:-1]
-+ else:
-+ c = None
-+ break
-+ if not c:
-+ for i in exprset:
-+ if c is None or i[0] == c:
-+ c = i[0]
-+ else:
-+ c = None
-+ break
-+ if c:
-+ return "%s%s" % (c, grp([i[len(c):] for i in exprset]))
-+ return ("(?:%s)" % "|".join(exprset) if len(exprset[0]) > 1 else "[%s]" % "".join(exprset)) \
-+ if len(exprset) > 1 else "".join(exprset)
- exprset = set( cent(now[0].year + i) for i in (-1, distance) )
- if len(now) and now[1]:
-- exprset |= set( cent(now[1].year + i) for i in (-1, distance) )
-- return "(?:%s)" % "|".join(exprset) if len(exprset) > 1 else "".join(exprset)
-+ exprset |= set( cent(now[1].year + i) for i in xrange(-1, now[0].year-now[1].year+1, distance) )
-+ return grp(sorted(list(exprset)))
-
- timeRE = TimeRE()
-
diff --git a/gnu/packages/patches/fail2ban-python310-server-action.patch b/gnu/packages/patches/fail2ban-python310-server-action.patch
deleted file mode 100644
index 723d7f7aa6..0000000000
--- a/gnu/packages/patches/fail2ban-python310-server-action.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 2b6bb2c1bed8f7009631e8f8c306fa3160324a49 Mon Sep 17 00:00:00 2001
-From: "Sergey G. Brester" <serg.brester@sebres.de>
-Date: Mon, 8 Feb 2021 17:19:24 +0100
-Subject: [PATCH] follow bpo-37324: :ref:`collections-abstract-base-classes`
- moved to the :mod:`collections.abc` module
-
-(since 3.10-alpha.5 `MutableMapping` is missing in collections module)
----
- fail2ban/server/action.py | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/fai
This message was truncated. Download the full message here.
L
L
Ludovic Courtès wrote on 6 May 03:29 -0700
Re: [bug#78066] [PATCH v3 0/6] Fix fail2ban build
(name . Nicolas Graves)(address . ngraves@ngraves.fr)(address . 78066-done@debbugs.gnu.org)
87a57qvxqj.fsf@gnu.org
Nicolas Graves <ngraves@ngraves.fr> writes:

Toggle quote (24 lines)
> I think the fail2ban tests were broken before the Python@3.10 update.
> The -basic test runs properly, but the other tests do not.
>
> I focussed on fixing the -basic test because I don't understand why
> the other tests fail (socket is not found, but when I try it in real
> conditions, it is).
>
> The main issue was that the paths-debian.conf in jail.conf was
> substituted after the wheel was built, so the change didn't make it in
> the output. Probably related to the migration to the
> pyproject-build-system.
>
> So now the -basic test passes, but the -simple and -extension tests
> don't, but I guess it's because tests rather than the package are
> broken. Ready to be merged IMHO.
>
> Nicolas Graves (6):
> gnu: fail2ban: Move file deletion to source snippet.
> gnu: fail2ban: Move setup and test patches to phases.
> gnu: fail2ban: Update to 1.1.0.
> gnu: fail2ban: Improve style.
> gnu: fail2ban: Improve style.
> gnu: fail2ban: Improve snippet.

Applied, thanks!

Ludo'.
Closed
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 78066@patchwise.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 78066
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch