From patchwork Sun Apr 27 09:08:10 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Graves X-Patchwork-Id: 42038 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 12C3027BC4B; Sun, 27 Apr 2025 10:10:45 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.4 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED, RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE, SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 22A7827BC49 for ; Sun, 27 Apr 2025 10:10:44 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1u8y1Y-000437-00; Sun, 27 Apr 2025 05:10:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1u8y1U-00042A-5K for guix-patches@gnu.org; Sun, 27 Apr 2025 05:10:05 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1u8y1T-0002py-QM for guix-patches@gnu.org; Sun, 27 Apr 2025 05:10:03 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=Q8x4XcFHnEHMsuRnRGuaYF7W8MA+fka6A1j+60JW7Yw=; b=mcQfr4FxSNJWYrIjVj4e2nGjtsr5vyZyEoCrPF+0FuHF8E+xqSrqrYkzChlZcfXT18Ajm366d5+1u70bB7pZv4ke+ea6H71IE3wJ43LaLF6PFw/vVdASrfty0WEMnQf7WvCy4FxCnGU4yX7cfmIgtzIFah948qcMrJywUatJwdfq7ACVWPigvalRfgP7TPtKMKqsnUBYbpNxV4JT3674luU1d3kGDquLULSIXhoQBGey8x4AVHkUmt+UtW5z8TIFh/MHCluXMKXFucpZR+2bOnSYnrkNFbJ45aTdYHRjhXK6raSVS+h9Utzpau7NrC8aRNmE/I8UBcN8WRoFbvhN9Q==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1u8y1T-0002Jg-Ju for guix-patches@gnu.org; Sun, 27 Apr 2025 05:10:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#78066] [PATCH v2 3/5] gnu: fail2ban: Improve style. Resent-From: Nicolas Graves Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 27 Apr 2025 09:10:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 78066 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 78066@debbugs.gnu.org Cc: Nicolas Graves Received: via spool by 78066-submit@debbugs.gnu.org id=B78066.17457449928840 (code B ref 78066); Sun, 27 Apr 2025 09:10:03 +0000 Received: (at 78066) by debbugs.gnu.org; 27 Apr 2025 09:09:52 +0000 Received: from localhost ([127.0.0.1]:38995 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1u8y1G-0002II-HL for submit@debbugs.gnu.org; Sun, 27 Apr 2025 05:09:51 -0400 Received: from 8.mo563.mail-out.ovh.net ([46.105.60.197]:59957) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1u8y16-0002HC-3E for 78066@debbugs.gnu.org; Sun, 27 Apr 2025 05:09:41 -0400 Received: from director4.derp.mail-out.ovh.net (director4.derp.mail-out.ovh.net [79.137.60.37]) by mo563.mail-out.ovh.net (Postfix) with ESMTPS id 4Zlgkp36bvz1Rjw; Sun, 27 Apr 2025 09:09:38 +0000 (UTC) Received: from director4.derp.mail-out.ovh.net (director4.derp.mail-out.ovh.net. [127.0.0.1]) by director4.derp.mail-out.ovh.net (inspect_sender_mail_agent) with SMTP for <78066@debbugs.gnu.org>; Sun, 27 Apr 2025 09:09:38 +0000 (UTC) Received: from mta7.priv.ovhmail-u1.ea.mail.ovh.net (unknown [10.109.148.241]) by director4.derp.mail-out.ovh.net (Postfix) with ESMTPS id 4Zlgkp2FVszyB8; Sun, 27 Apr 2025 09:09:38 +0000 (UTC) Received: from ngraves.fr (unknown [10.1.6.7]) by mta7.priv.ovhmail-u1.ea.mail.ovh.net (Postfix) with ESMTPSA id BE7E9C3A63; Sun, 27 Apr 2025 09:09:37 +0000 (UTC) Authentication-Results: garm.ovh; auth=pass (GARM-105G006a5444ff9-dda1-49e0-8021-eadc252f6010, 9AB25D737CCC7858AAE0948041C432A519AE1DDE) smtp.auth=ngraves@ngraves.fr X-OVh-ClientIp: 89.207.171.153 Date: Sun, 27 Apr 2025 11:08:10 +0200 Message-ID: <20250427090915.11846-4-ngraves@ngraves.fr> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250427090915.11846-1-ngraves@ngraves.fr> References: <20250427090915.11846-1-ngraves@ngraves.fr> MIME-Version: 1.0 X-Ovh-Tracer-Id: 17605133894011380450 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: 0 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgddvheejieekucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucenucfjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpefpihgtohhlrghsucfirhgrvhgvshcuoehnghhrrghvvghssehnghhrrghvvghsrdhfrheqnecuggftrfgrthhtvghrnhepvdehleeiffehtedvlefhffffjeefgfduhfetkeevheeiteduiedugfekuedtheejnecuffhomhgrihhnpehgihhthhhusgdrtghomhenucfkphepuddvjedrtddrtddruddpkeelrddvtdejrddujedurdduheefnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepuddvjedrtddrtddruddpmhgrihhlfhhrohhmpehnghhrrghvvghssehnghhrrghvvghsrdhfrhdpnhgspghrtghpthhtohepvddprhgtphhtthhopeejkedtieeiseguvggssghughhsrdhgnhhurdhorhhgpdhrtghpthhtohepnhhgrhgrvhgvshesnhhgrhgrvhgvshdrfhhrpdfovfetjfhoshhtpehmohehieefmgdpmhhouggvpehsmhhtphhouhht DKIM-Signature: a=rsa-sha256; bh=Q8x4XcFHnEHMsuRnRGuaYF7W8MA+fka6A1j+60JW7Yw=; c=relaxed/relaxed; d=ngraves.fr; h=From; s=ovhmo4487190-selector1; t=1745744978; v=1; b=CUGWE+qX61KMDWbQ6w4WKeYAhcQ8HPZpLURrOR0rvwyrRzAps9AxAKjU4Y98HZ/ikHYQ2Ief 723RR4ycuvHKt0kOZsOVVGS3K1E7incaO8ZlUs7tjft6imUcy+/9qwGCusEB1h+ro8kWJiaJd9a Ew2Nh413ardFR2m6aNAFnf4TAT6dObU08E7NpwQFkNqmqKT78SEmmRczMm8LOxgNY6GiHBjikOF uFcMgdJutUmYGsBWPH1mLZGiHB1EWnRXcc5FHc2s5HB6gIJggapBh1hr/+E878/gaIuRXd3Jc4C WPYN8cn1EsI0VdDyM8te72FWv8x9Sn+SrFFgBYr1dMtOQ== X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Nicolas Graves X-ACL-Warn: , Nicolas Graves via Guix-patches X-Patchwork-Original-From: Nicolas Graves via Guix-patches via From: Nicolas Graves Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/packages/admin.scm (fail2ban): Improve style (through guix-style). [arguments]: Rewrite using gexps. Rewrite phases 'set-action-dependencies and copy-man-pages for readability. --- gnu/packages/admin.scm | 321 +++++++++++++++++++---------------------- 1 file changed, 148 insertions(+), 173 deletions(-) diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index 689e9bcd4a..1f48eb264d 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -6232,181 +6232,156 @@ (define-public fail2ban (package (name "fail2ban") (version "1.1.0") - (source (origin - (method git-fetch) - (uri (git-reference - (url "https://github.com/fail2ban/fail2ban") - (commit version))) - (file-name (git-file-name name version)) - (sha256 - (base32 - "0lfakna6ad2xwz95sjxzkavipcsxiy7ybavkdkf9zzmspf2ws4yk")) - (modules '((guix build utils) (srfi srfi-26))) - (snippet - '(begin - ;; deleting things that are not feasible to fix - ;; or won't be used any way - (with-directory-excursion "config" - (for-each delete-file - '("paths-arch.conf" - "paths-debian.conf" - "paths-fedora.conf" - "paths-freebsd.conf" - "paths-opensuse.conf" - "paths-osx.conf"))) - (with-directory-excursion "config/action.d" - (for-each delete-file - '("apf.conf" - "bsd-ipfw.conf" - "dshield.conf" - "ipfilter.conf" - "ipfw.conf" - "firewallcmd-allports.conf" - "firewallcmd-common.conf" - "firewallcmd-ipset.conf" - "firewallcmd-multiport.conf" - "firewallcmd-new.conf" - "firewallcmd-rich-logging.conf" - "firewallcmd-rich-rules.conf" - "osx-afctl.conf" - "osx-ipfw.conf" - "pf.conf" - "nginx-block-map.conf" - "npf.conf" - "shorewall.conf" - "shorewall-ipset-proto6.conf" - "ufw.conf"))) - ;; Get rid of absolute file names. - (substitute* "setup.py" - (("/etc/fail2ban") - "etc/fail2ban") - (("/var/lib/fail2ban") - "var/lib/fail2ban") - (("\"/usr/bin/\"") - "\"usr/bin/\"") - (("\"/usr/lib/fail2ban/\"") - "\"usr/lib/fail2ban/\"") - (("'/usr/share/doc/fail2ban'") - "'usr/share/doc/fail2ban'")) - ;; disable tests performing unacceptable side-effects - (let ((make-suite (cut string-append - "tests.addTest\\(loadTests\\(" - <> "\\)\\)"))) - (substitute* "fail2ban/tests/utils.py" - (((make-suite "actiontestcase.CommandActionTest")) - "") - (((make-suite "misctestcase.SetupTest")) - "") - (((make-suite - "filtertestcase.DNSUtilsNetworkTests")) - "") - (((make-suite "filtertestcase.IgnoreIPDNS")) - "") - (((make-suite "filtertestcase.GetFailures")) - "") - (((make-suite - "fail2banclienttestcase.Fail2banServerTest")) - "") - (((make-suite - "servertestcase.ServerConfigReaderTests")) - ""))))) - (patches (search-patches "fail2ban-paths-guix-conf.patch")))) + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/fail2ban/fail2ban") + (commit version))) + (file-name (git-file-name name version)) + (sha256 + (base32 "0lfakna6ad2xwz95sjxzkavipcsxiy7ybavkdkf9zzmspf2ws4yk")) + (modules '((guix build utils) + (srfi srfi-26))) + (snippet '(begin + ;; deleting things that are not feasible to fix + ;; or won't be used any way + (with-directory-excursion "config" + (for-each delete-file + '("paths-arch.conf" "paths-debian.conf" + "paths-fedora.conf" "paths-freebsd.conf" + "paths-opensuse.conf" "paths-osx.conf"))) + (with-directory-excursion "config/action.d" + (for-each delete-file + '("apf.conf" "bsd-ipfw.conf" + "dshield.conf" + "ipfilter.conf" + "ipfw.conf" + "firewallcmd-allports.conf" + "firewallcmd-common.conf" + "firewallcmd-ipset.conf" + "firewallcmd-multiport.conf" + "firewallcmd-new.conf" + "firewallcmd-rich-logging.conf" + "firewallcmd-rich-rules.conf" + "osx-afctl.conf" + "osx-ipfw.conf" + "pf.conf" + "nginx-block-map.conf" + "npf.conf" + "shorewall.conf" + "shorewall-ipset-proto6.conf" + "ufw.conf"))) + ;; Get rid of absolute file names. + (substitute* "setup.py" + (("/etc/fail2ban") + "etc/fail2ban") + (("/var/lib/fail2ban") + "var/lib/fail2ban") + (("\"/usr/bin/\"") + "\"usr/bin/\"") + (("\"/usr/lib/fail2ban/\"") + "\"usr/lib/fail2ban/\"") + (("'/usr/share/doc/fail2ban'") + "'usr/share/doc/fail2ban'")) + ;; disable tests performing unacceptable side-effects + (let ((make-suite (cut string-append + "tests.addTest\\(loadTests\\(" <> + "\\)\\)"))) + (substitute* "fail2ban/tests/utils.py" + (((make-suite "actiontestcase.CommandActionTest")) + "") + (((make-suite "misctestcase.SetupTest")) + "") + (((make-suite "filtertestcase.DNSUtilsNetworkTests")) + "") + (((make-suite "filtertestcase.IgnoreIPDNS")) + "") + (((make-suite "filtertestcase.GetFailures")) + "") + (((make-suite + "fail2banclienttestcase.Fail2banServerTest")) + "") + (((make-suite "servertestcase.ServerConfigReaderTests")) + ""))))) + (patches (search-patches "fail2ban-paths-guix-conf.patch")))) (build-system pyproject-build-system) (arguments - '(#:phases (modify-phases %standard-phases - (add-after 'unpack 'avoid-external-binary-in-/bin - (lambda _ - (delete-file "fail2ban/setup.py") - (substitute* '("bin/fail2ban-testcases" - "setup.py") - ((".*updatePyExec.*") "")))) - (add-before 'install 'fix-default-config - (lambda* (#:key outputs #:allow-other-keys) - (substitute* '("config/paths-common.conf" - "fail2ban/tests/utils.py" - "fail2ban/client/configreader.py" - "fail2ban/client/fail2bancmdline.py" - "fail2ban/client/fail2banregex.py") - (("/etc/fail2ban") - (string-append (assoc-ref outputs "out") - "/etc/fail2ban"))))) - (add-after 'fix-default-config 'set-action-dependencies - (lambda* (#:key inputs #:allow-other-keys) - (let* ((lookup-cmd (lambda (i) - (search-input-file inputs i))) - (bin (lambda (i) - (lookup-cmd (string-append "/bin/" i)))) - (sbin (lambda (i) - (lookup-cmd (string-append "/sbin/" i)))) - (ip (sbin "ip")) - (sendmail (sbin "sendmail"))) - (substitute* (find-files "config/action.d" "\\.conf$") - ;; TODO: deal with geoiplookup .. - (("(awk|curl|dig|jq)" all cmd) - (bin cmd)) - (("(cat|echo|grep|head|printf|wc) " all - cmd) - (string-append (bin cmd) " ")) - ((" (date|rm|sed|tail|touch|tr) " all - cmd) - (string-append " " - (bin cmd) " ")) - (("cut -d") - (string-append (bin "cut") " -d")) - (("`date`") - (string-append "`" - (bin "date") "`")) - (("id -") - (string-append (bin "id") " -")) - (("ip -([46]) addr" all ver) - (string-append ip " -" ver " addr")) - (("ip route") - (string-append ip " route")) - (("ipset ") - (string-append (sbin "ipset") " ")) - (("(iptables|ip6tables) <" all cmd) - (string-append (sbin cmd) " <")) - (("/usr/bin/nsupdate") - (bin "nsupdate")) - (("mail -E") - (string-append sendmail " -E")) - (("nftables = nft") - (string-append "nftables = " (sbin "nft"))) - (("perl -e") - (string-append (bin "perl") " -e")) - (("/usr/sbin/sendmail") - sendmail) - (("test -e") - (string-append (bin "test") " -e")) - (("_whois = whois") - (string-append "_whois = " (bin "whois"))))) - (substitute* "config/jail.conf" - (("before = paths-debian.conf") - "before = paths-guix.conf")))) - (add-after 'install 'copy-man-pages - (lambda* (#:key outputs #:allow-other-keys) - (let* ((man (string-append (assoc-ref outputs "out") - "/man")) - (install-man (lambda (m) - (lambda (f) - (install-file (string-append f - "." m) - (string-append man - "/man" m))))) - (install-man1 (install-man "1")) - (install-man5 (install-man "5"))) - (with-directory-excursion "man" - (for-each install-man1 - '("fail2ban" - "fail2ban-client" - "fail2ban-python" - "fail2ban-regex" - "fail2ban-server" - "fail2ban-testcases")) - (for-each install-man5 - '("jail.conf"))))))))) - (native-inputs - (list python-setuptools python-wheel)) + (list + #:phases + #~(modify-phases %standard-phases + (add-after 'unpack 'avoid-external-binary-in-/bin + (lambda _ + (delete-file "fail2ban/setup.py") + (substitute* '("bin/fail2ban-testcases" "setup.py") + ((".*updatePyExec.*") + "")))) + (add-before 'install 'fix-default-config + (lambda _ + (substitute* '("config/paths-common.conf" + "fail2ban/tests/utils.py" + "fail2ban/client/configreader.py" + "fail2ban/client/fail2bancmdline.py" + "fail2ban/client/fail2banregex.py") + (("/etc/fail2ban") + (string-append #$output "/etc/fail2ban"))))) + (add-after 'fix-default-config 'set-action-dependencies + (lambda* (#:key inputs #:allow-other-keys) + (define (lookup dir file) + (search-input-file inputs (string-append "/" dir "/" file))) + + (substitute* (find-files "config/action.d" "\\.conf$") + ;; TODO: deal with geoiplookup .. + (("(awk|curl|dig|jq)" all cmd) + (lookup "bin" cmd)) + (("(cat|echo|grep|head|printf|wc) " all cmd) + (string-append (lookup "bin" cmd) " ")) + ((" (date|rm|sed|tail|touch|tr) " all cmd) + (string-append " " (lookup "bin" cmd) " ")) + (("cut -d") + (string-append (lookup "bin" "cut") " -d")) + (("`date`") + (string-append "`" (lookup "bin" "date") "`")) + (("id -") + (string-append (lookup "bin" "id") " -")) + (("ip (route|-[46] addr)" all rest) + (string-append (lookup "sbin" "ip") rest)) + (("ipset ") + (string-append (lookup "sbin" "ipset") " ")) + (("(iptables|ip6tables) <" all cmd) + (string-append (lookup "sbin" cmd) " <")) + (("/usr/bin/nsupdate") + (lookup "bin" "nsupdate")) + (("mail -E") + (string-append (lookup "sbin" "sendmail") " -E")) + (("nftables = nft") + (string-append "nftables = " (lookup "sbin" "nft"))) + (("perl -e") + (string-append (lookup "bin" "perl") " -e")) + (("/usr/sbin/sendmail") + (lookup "sbin" "sendmail")) + (("test -e") + (string-append (lookup "bin" "test") " -e")) + (("_whois = whois") + (string-append "_whois = " (lookup "bin" "whois")))) + + (substitute* "config/jail.conf" + (("before = paths-debian.conf") + "before = paths-guix.conf")))) + (add-after 'install 'copy-man-pages + (lambda _ + (define (install-man m) + (lambda (f) + (install-file (string-append f "." m) + (string-append #$output "man/man" m)))) + + (with-directory-excursion "man" + (for-each (install-man "1") + '("fail2ban" "fail2ban-client" "fail2ban-python" + "fail2ban-regex" "fail2ban-server" + "fail2ban-testcases")) + ((install-man "5") "jail.conf"))))))) + (native-inputs (list python-setuptools python-wheel)) (inputs (list gawk coreutils-minimal curl