From patchwork Sat May 3 14:00:00 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Graves X-Patchwork-Id: 42265 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 3F02F27BC4A; Sat, 3 May 2025 15:05:40 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.4 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED, RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE, SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id F314127BC49 for ; Sat, 3 May 2025 15:05:37 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uBDUV-0001te-KY; Sat, 03 May 2025 10:05:19 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uBDUE-0001nQ-9b for guix-patches@gnu.org; Sat, 03 May 2025 10:05:04 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1uBDUE-0007OL-0c for guix-patches@gnu.org; Sat, 03 May 2025 10:05:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=iRySs+D6MhLWY0avMzAesIlko/QcFKgGeshvq/VKeC0=; b=FFKSPEzcIR5tnFSTKJYIBa7vZwrSwYnyVyqoTOBbxjj4kDwjPvbNaH40iDpZbtQhBJO05zoMbfhktC8Yrx5KIAcYPuBCl3vfAV+aWiCxS7Nh2EJ63SmcXyaEFcoD2QgTGzo8hxKg9esMviP9pl96WmgmgK6RTTf0f9P1PrUOJsG586/ADaSCnV67U+SMp14kQlydhWvYY+nGR5YH3pueojNoYHjCrtAA1ZkrVTy1+7WQgjfOcV9vxAK9jt2Sv20fhUEJzsiCNk6NB4miLfuH0n58xLvup1AfYMZIt2fY137MLLjPzsjrHXtvXQDv8F8MAAYqHm1ERhR8OFsl3TGymA==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1uBDUD-0000pS-N4 for guix-patches@gnu.org; Sat, 03 May 2025 10:05:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#78066] [PATCH v2 4/6] gnu: fail2ban: Improve style. Resent-From: Nicolas Graves Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 03 May 2025 14:05:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 78066 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 78066@debbugs.gnu.org Cc: Nicolas Graves Received: via spool by 78066-submit@debbugs.gnu.org id=B78066.17462810453063 (code B ref 78066); Sat, 03 May 2025 14:05:01 +0000 Received: (at 78066) by debbugs.gnu.org; 3 May 2025 14:04:05 +0000 Received: from localhost ([127.0.0.1]:41876 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uBDTE-0000mq-Vn for submit@debbugs.gnu.org; Sat, 03 May 2025 10:04:05 -0400 Received: from 3.mo563.mail-out.ovh.net ([46.105.40.8]:37553) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uBDTA-0000mX-HN for 78066@debbugs.gnu.org; Sat, 03 May 2025 10:03:58 -0400 Received: from director3.derp.mail-out.ovh.net (director3.derp.mail-out.ovh.net [152.228.215.222]) by mo563.mail-out.ovh.net (Postfix) with ESMTPS id 4ZqTzZ75YZz1f71; Sat, 3 May 2025 14:03:54 +0000 (UTC) Received: from director3.derp.mail-out.ovh.net (director3.derp.mail-out.ovh.net. [127.0.0.1]) by director3.derp.mail-out.ovh.net (inspect_sender_mail_agent) with SMTP for <78066@debbugs.gnu.org>; Sat, 3 May 2025 14:03:54 +0000 (UTC) Received: from mta11.priv.ovhmail-u1.ea.mail.ovh.net (unknown [10.109.139.248]) by director3.derp.mail-out.ovh.net (Postfix) with ESMTPS id 4ZqTzZ60drz5vLG; Sat, 3 May 2025 14:03:54 +0000 (UTC) Received: from ngraves.fr (unknown [10.1.6.5]) by mta11.priv.ovhmail-u1.ea.mail.ovh.net (Postfix) with ESMTPSA id 3B93F263AA5; Sat, 3 May 2025 14:03:54 +0000 (UTC) Authentication-Results: garm.ovh; auth=pass (GARM-108S002557457a9-1ff6-46ef-b190-7b3c162bd913, 2C797D8F94FD4BAB69F3C297EB7FEDCEB15A77A0) smtp.auth=ngraves@ngraves.fr X-OVh-ClientIp: 89.207.175.193 Date: Sat, 3 May 2025 16:00:00 +0200 Message-ID: <20250503140234.9752-5-ngraves@ngraves.fr> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250503140234.9752-1-ngraves@ngraves.fr> References: <20250503140234.9752-1-ngraves@ngraves.fr> MIME-Version: 1.0 X-Ovh-Tracer-Id: 2470787347007726306 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: 0 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgddvjeehhedvucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucenucfjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpefpihgtohhlrghsucfirhgrvhgvshcuoehnghhrrghvvghssehnghhrrghvvghsrdhfrheqnecuggftrfgrthhtvghrnhepvdehleeiffehtedvlefhffffjeefgfduhfetkeevheeiteduiedugfekuedtheejnecuffhomhgrihhnpehgihhthhhusgdrtghomhenucfkphepuddvjedrtddrtddruddpkeelrddvtdejrddujeehrdduleefnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepuddvjedrtddrtddruddpmhgrihhlfhhrohhmpehnghhrrghvvghssehnghhrrghvvghsrdhfrhdpnhgspghrtghpthhtohepvddprhgtphhtthhopeejkedtieeiseguvggssghughhsrdhgnhhurdhorhhgpdhrtghpthhtohepnhhgrhgrvhgvshesnhhgrhgrvhgvshdrfhhrpdfovfetjfhoshhtpehmohehieefmgdpmhhouggvpehsmhhtphhouhht DKIM-Signature: a=rsa-sha256; bh=iRySs+D6MhLWY0avMzAesIlko/QcFKgGeshvq/VKeC0=; c=relaxed/relaxed; d=ngraves.fr; h=From; s=ovhmo4487190-selector1; t=1746281035; v=1; b=wM6Q4T/z9TjS2aYE51iKAS9UfLd/58o932XXx653erTYVJrpQGV9JtYMV5ewbkdNBkCsTd0i CGsQUzEzd6FW/+hO9Kv5CGnmq98vFtwiSkzivTxGyHbnTu+C5wgy6r7XizNupiRtsAl7mcaVCW2 JCAyEUPp5LrAjRTfEoq49HXJFU6Ng/SKwVJXNyBxrJvVxyQmLWIcgXlY27zoX4f7NEbwVcOcpuB P9wRlAbYqqYn0kdmsCemXA3f8BkFm93andDXxARpTHiVkDZFnh/YHTGv88kNxnYdofnDwnxvKQO eknRj/x55lnXyhtNgrY9Xag9teubP72T/Ck4QF4vtfrnA== X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Nicolas Graves X-ACL-Warn: , Nicolas Graves via Guix-patches X-Patchwork-Original-From: Nicolas Graves via Guix-patches via From: Nicolas Graves Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/packages/admin.scm (fail2ban): Use gexps and run guix style. --- gnu/packages/admin.scm | 338 ++++++++++++++++++++--------------------- 1 file changed, 164 insertions(+), 174 deletions(-) diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index 342d11e49e..1f99059e4f 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -6232,182 +6232,172 @@ (define-public fail2ban (package (name "fail2ban") (version "1.1.0") - (source (origin - (method git-fetch) - (uri (git-reference - (url "https://github.com/fail2ban/fail2ban") - (commit version))) - (file-name (git-file-name name version)) - (sha256 - (base32 - "0lfakna6ad2xwz95sjxzkavipcsxiy7ybavkdkf9zzmspf2ws4yk")) - (modules '((guix build utils))) - (snippet - '(begin - ;; Replacing those by our own paths-guix.conf - (with-directory-excursion "config" - (for-each delete-file - '("paths-arch.conf" - "paths-debian.conf" - "paths-fedora.conf" - "paths-freebsd.conf" - "paths-opensuse.conf" - "paths-osx.conf"))))) - (patches (search-patches "fail2ban-paths-guix-conf.patch")))) + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/fail2ban/fail2ban") + (commit version))) + (file-name (git-file-name name version)) + (sha256 + (base32 "0lfakna6ad2xwz95sjxzkavipcsxiy7ybavkdkf9zzmspf2ws4yk")) + (modules '((guix build utils))) + (snippet #~(begin + ;; Replacing those by our own paths-guix.conf + (with-directory-excursion "config" + (for-each delete-file + '("paths-arch.conf" "paths-debian.conf" + "paths-fedora.conf" "paths-freebsd.conf" + "paths-opensuse.conf" "paths-osx.conf"))))) + (patches (search-patches "fail2ban-paths-guix-conf.patch")))) (build-system pyproject-build-system) (arguments - '(#:phases (modify-phases %standard-phases - (add-after 'unpack 'avoid-external-binary-in-/bin - (lambda _ - (delete-file "fail2ban/setup.py") - (substitute* '("bin/fail2ban-testcases" - "setup.py") - ((".*updatePyExec.*") "")))) - (add-after 'unpack 'patch-setup.py - (lambda _ - ;; Get rid of absolute file names. - (substitute* "setup.py" - (("/etc/fail2ban") - "etc/fail2ban") - (("/var/lib/fail2ban") - "var/lib/fail2ban") - (("\"/usr/bin/\"") - "\"usr/bin/\"") - (("\"/usr/lib/fail2ban/\"") - "\"usr/lib/fail2ban/\"") - (("'/usr/share/doc/fail2ban'") - "'usr/share/doc/fail2ban'")))) - (add-after 'unpack 'disable-some-tests - (lambda _ - (define (make-suite str) - (string-append "tests.addTest\\(loadTests\\(" str "\\)\\)")) - ;; disable tests performing unacceptable side-effects - (substitute* "fail2ban/tests/utils.py" - (((make-suite "actiontestcase.CommandActionTest")) - "") - (((make-suite "misctestcase.SetupTest")) - "") - (((make-suite "filtertestcase.DNSUtilsNetworkTests")) - "") - (((make-suite "filtertestcase.IgnoreIPDNS")) - "") - (((make-suite "filtertestcase.GetFailures")) - "") - (((make-suite "fail2banclienttestcase.Fail2banServerTest")) - "") - (((make-suite "servertestcase.ServerConfigReaderTests")) - "")))) - (add-before 'install 'fix-default-config - (lambda* (#:key outputs #:allow-other-keys) - (substitute* '("config/paths-common.conf" - "fail2ban/tests/utils.py" - "fail2ban/client/configreader.py" - "fail2ban/client/fail2bancmdline.py" - "fail2ban/client/fail2banregex.py") - (("/etc/fail2ban") - (string-append (assoc-ref outputs "out") - "/etc/fail2ban"))))) - (add-after 'fix-default-config 'set-action-dependencies - (lambda* (#:key inputs #:allow-other-keys) - ;; deleting things that are not feasible to fix - ;; or won't be used any way - (with-directory-excursion "config/action.d" - (for-each delete-file - '("apf.conf" - "bsd-ipfw.conf" - "dshield.conf" - "ipfilter.conf" - "ipfw.conf" - "firewallcmd-allports.conf" - "firewallcmd-common.conf" - "firewallcmd-ipset.conf" - "firewallcmd-multiport.conf" - "firewallcmd-new.conf" - "firewallcmd-rich-logging.conf" - "firewallcmd-rich-rules.conf" - "osx-afctl.conf" - "osx-ipfw.conf" - "pf.conf" - "nginx-block-map.conf" - "npf.conf" - "shorewall.conf" - "shorewall-ipset-proto6.conf" - "ufw.conf"))) - (let* ((lookup-cmd (lambda (i) - (search-input-file inputs i))) - (bin (lambda (i) - (lookup-cmd (string-append "/bin/" i)))) - (sbin (lambda (i) - (lookup-cmd (string-append "/sbin/" i)))) - (ip (sbin "ip")) - (sendmail (sbin "sendmail"))) - (substitute* (find-files "config/action.d" "\\.conf$") - ;; TODO: deal with geoiplookup .. - (("(awk|curl|dig|jq)" all cmd) - (bin cmd)) - (("(cat|echo|grep|head|printf|wc) " all - cmd) - (string-append (bin cmd) " ")) - ((" (date|rm|sed|tail|touch|tr) " all - cmd) - (string-append " " - (bin cmd) " ")) - (("cut -d") - (string-append (bin "cut") " -d")) - (("`date`") - (string-append "`" - (bin "date") "`")) - (("id -") - (string-append (bin "id") " -")) - (("ip -([46]) addr" all ver) - (string-append ip " -" ver " addr")) - (("ip route") - (string-append ip " route")) - (("ipset ") - (string-append (sbin "ipset") " ")) - (("(iptables|ip6tables) <" all cmd) - (string-append (sbin cmd) " <")) - (("/usr/bin/nsupdate") - (bin "nsupdate")) - (("mail -E") - (string-append sendmail " -E")) - (("nftables = nft") - (string-append "nftables = " (sbin "nft"))) - (("perl -e") - (string-append (bin "perl") " -e")) - (("/usr/sbin/sendmail") - sendmail) - (("test -e") - (string-append (bin "test") " -e")) - (("_whois = whois") - (string-append "_whois = " (bin "whois"))))) - (substitute* "config/jail.conf" - (("before = paths-debian.conf") - "before = paths-guix.conf")))) - (add-after 'install 'copy-man-pages - (lambda* (#:key outputs #:allow-other-keys) - (let* ((man (string-append (assoc-ref outputs "out") - "/man")) - (install-man (lambda (m) - (lambda (f) - (install-file (string-append f - "." m) - (string-append man - "/man" m))))) - (install-man1 (install-man "1")) - (install-man5 (install-man "5"))) - (with-directory-excursion "man" - (for-each install-man1 - '("fail2ban" - "fail2ban-client" - "fail2ban-python" - "fail2ban-regex" - "fail2ban-server" - "fail2ban-testcases")) - (for-each install-man5 - '("jail.conf"))))))))) - (native-inputs - (list python-setuptools python-wheel)) + (list + #:phases + #~(modify-phases %standard-phases + (add-after 'unpack 'avoid-external-binary-in-/bin + (lambda _ + (delete-file "fail2ban/setup.py") + (substitute* '("bin/fail2ban-testcases" "setup.py") + ((".*updatePyExec.*") + "")))) + (add-after 'unpack 'patch-setup.py + (lambda _ + ;; Get rid of absolute file names. + (substitute* "setup.py" + (("/etc/fail2ban") + "etc/fail2ban") + (("/var/lib/fail2ban") + "var/lib/fail2ban") + (("\"/usr/bin/\"") + "\"usr/bin/\"") + (("\"/usr/lib/fail2ban/\"") + "\"usr/lib/fail2ban/\"") + (("'/usr/share/doc/fail2ban'") + "'usr/share/doc/fail2ban'")))) + (add-after 'unpack 'disable-some-tests + (lambda _ + (define (make-suite str) + (string-append "tests.addTest\\(loadTests\\(" str "\\)\\)")) + ;; disable tests performing unacceptable side-effects + (substitute* "fail2ban/tests/utils.py" + (((make-suite "actiontestcase.CommandActionTest")) + "") + (((make-suite "misctestcase.SetupTest")) + "") + (((make-suite "filtertestcase.DNSUtilsNetworkTests")) + "") + (((make-suite "filtertestcase.IgnoreIPDNS")) + "") + (((make-suite "filtertestcase.GetFailures")) + "") + (((make-suite "fail2banclienttestcase.Fail2banServerTest")) + "") + (((make-suite "servertestcase.ServerConfigReaderTests")) + "")))) + (add-before 'install 'fix-default-config + (lambda* (#:key outputs #:allow-other-keys) + (substitute* '("config/paths-common.conf" + "fail2ban/tests/utils.py" + "fail2ban/client/configreader.py" + "fail2ban/client/fail2bancmdline.py" + "fail2ban/client/fail2banregex.py") + (("/etc/fail2ban") + (string-append (assoc-ref outputs "out") "/etc/fail2ban"))))) + (add-after 'fix-default-config 'set-action-dependencies + (lambda* (#:key inputs #:allow-other-keys) + ;; deleting things that are not feasible to fix + ;; or won't be used any way + (with-directory-excursion "config/action.d" + (for-each delete-file + '("apf.conf" "bsd-ipfw.conf" + "dshield.conf" + "ipfilter.conf" + "ipfw.conf" + "firewallcmd-allports.conf" + "firewallcmd-common.conf" + "firewallcmd-ipset.conf" + "firewallcmd-multiport.conf" + "firewallcmd-new.conf" + "firewallcmd-rich-logging.conf" + "firewallcmd-rich-rules.conf" + "osx-afctl.conf" + "osx-ipfw.conf" + "pf.conf" + "nginx-block-map.conf" + "npf.conf" + "shorewall.conf" + "shorewall-ipset-proto6.conf" + "ufw.conf"))) + (let* ((lookup-cmd (lambda (i) + (search-input-file inputs i))) + (bin (lambda (i) + (lookup-cmd (string-append "/bin/" i)))) + (sbin (lambda (i) + (lookup-cmd (string-append "/sbin/" i)))) + (ip (sbin "ip")) + (sendmail (sbin "sendmail"))) + (substitute* (find-files "config/action.d" "\\.conf$") + ;; TODO: deal with geoiplookup .. + (("(awk|curl|dig|jq)" all cmd) + (bin cmd)) + (("(cat|echo|grep|head|printf|wc) " all cmd) + (string-append (bin cmd) " ")) + ((" (date|rm|sed|tail|touch|tr) " all cmd) + (string-append " " + (bin cmd) " ")) + (("cut -d") + (string-append (bin "cut") " -d")) + (("`date`") + (string-append "`" + (bin "date") "`")) + (("id -") + (string-append (bin "id") " -")) + (("ip -([46]) addr" all ver) + (string-append ip " -" ver " addr")) + (("ip route") + (string-append ip " route")) + (("ipset ") + (string-append (sbin "ipset") " ")) + (("(iptables|ip6tables) <" all cmd) + (string-append (sbin cmd) " <")) + (("/usr/bin/nsupdate") + (bin "nsupdate")) + (("mail -E") + (string-append sendmail " -E")) + (("nftables = nft") + (string-append "nftables = " + (sbin "nft"))) + (("perl -e") + (string-append (bin "perl") " -e")) + (("/usr/sbin/sendmail") + sendmail) + (("test -e") + (string-append (bin "test") " -e")) + (("_whois = whois") + (string-append "_whois = " + (bin "whois"))))) + (substitute* "config/jail.conf" + (("before = paths-debian.conf") + "before = paths-guix.conf")))) + (add-after 'install 'copy-man-pages + (lambda* (#:key outputs #:allow-other-keys) + (let* ((man (string-append (assoc-ref outputs "out") "/man")) + (install-man (lambda (m) + (lambda (f) + (install-file (string-append f "." m) + (string-append man "/man" + m))))) + (install-man1 (install-man "1")) + (install-man5 (install-man "5"))) + (with-directory-excursion "man" + (for-each install-man1 + '("fail2ban" "fail2ban-client" "fail2ban-python" + "fail2ban-regex" "fail2ban-server" + "fail2ban-testcases")) + (for-each install-man5 + '("jail.conf"))))))))) + (native-inputs (list python-setuptools python-wheel)) (inputs (list gawk coreutils-minimal curl