From 34766a711df9968e750c42e8495a43d56e269ab1 Mon Sep 17 00:00:00 2001 From: kth5 Date: Mon, 18 Nov 2024 16:30:54 +0100 Subject: [PATCH] * add fail2ban --- fail2ban/.SRCINFO | 30 ++++++ fail2ban/.nvchecker.toml | 3 + fail2ban/PKGBUILD | 97 +++++++++++++++++++ fail2ban/extend-tmpfiles.patch | 11 +++ ...C3F631FBDA716B070C6ED94141C485A81A88CB.asc | 30 ++++++ 5 files changed, 171 insertions(+) create mode 100644 fail2ban/.SRCINFO create mode 100644 fail2ban/.nvchecker.toml create mode 100644 fail2ban/PKGBUILD create mode 100644 fail2ban/extend-tmpfiles.patch create mode 100644 fail2ban/keys/pgp/E6C3F631FBDA716B070C6ED94141C485A81A88CB.asc diff --git a/fail2ban/.SRCINFO b/fail2ban/.SRCINFO new file mode 100644 index 0000000000..54d4438a6c --- /dev/null +++ b/fail2ban/.SRCINFO @@ -0,0 +1,30 @@ +pkgbase = fail2ban + pkgdesc = Bans IPs after too many failed authentication attempts + pkgver = 1.1.0 + pkgrel = 7 + url = https://www.fail2ban.org/ + arch = any + license = GPL-2.0-or-later + makedepends = git + makedepends = python-build + makedepends = python-installer + makedepends = python-setuptools + makedepends = python-wheel + depends = python-pyinotify + depends = python-systemd + depends = sqlite + depends = whois + optdepends = firewalld: for a firewall backend + optdepends = ipset: for a firewall backend + optdepends = iptables: for a firewall backend + optdepends = nftables: for a firewall backend + backup = etc/fail2ban/fail2ban.conf + backup = etc/fail2ban/jail.conf + backup = etc/logrotate.d/fail2ban + source = git+https://github.com/fail2ban/fail2ban.git#tag=1.1.0?signed + source = extend-tmpfiles.patch + validpgpkeys = E6C3F631FBDA716B070C6ED94141C485A81A88CB + b2sums = c2859a151abd906ceadc8549a4d337b01b037793e7d9285d44f08405695bdcb1b7dc88998cb7eed0321cacdce1d3fca29e55c63f5f60dadbb15f217f6cbe92d3 + b2sums = 74a3385159cdcc525c0704a46406e63d3a96fbea045c6a4f56f861c3fbaeefdcf96e11b9da7f84634316c78b5a4410b956644ffba1337f91d28350d443dd69a9 + +pkgname = fail2ban diff --git a/fail2ban/.nvchecker.toml b/fail2ban/.nvchecker.toml new file mode 100644 index 0000000000..13fafb38a1 --- /dev/null +++ b/fail2ban/.nvchecker.toml @@ -0,0 +1,3 @@ +[fail2ban] +source = "git" +git = "https://github.com/fail2ban/fail2ban.git" diff --git a/fail2ban/PKGBUILD b/fail2ban/PKGBUILD new file mode 100644 index 0000000000..473e6586d7 --- /dev/null +++ b/fail2ban/PKGBUILD @@ -0,0 +1,97 @@ +# POWER Maintainer: Alexander Baldeck +# Maintainer: Felix Yan +# Maintainer: Daniel M. Capella +# Contributor: Bartłomiej Piotrowski +# Contributor: Geoffroy Carrier +# Contributor: michalzxc +# Contributor: nbags + +pkgname=fail2ban +pkgver=1.1.0 +pkgrel=7 +pkgdesc='Bans IPs after too many failed authentication attempts' +arch=('any') +url='https://www.fail2ban.org/' +license=('GPL-2.0-or-later') +depends=( + 'python-pyinotify' + 'python-systemd' + 'sqlite' + 'whois' +) +makedepends=( + 'git' + 'python-build' + 'python-installer' + 'python-setuptools' + 'python-wheel' +) +optdepends=( + 'firewalld: for a firewall backend' + 'ipset: for a firewall backend' + 'iptables: for a firewall backend' + 'nftables: for a firewall backend' +) +backup=( + 'etc/fail2ban/fail2ban.conf' + 'etc/fail2ban/jail.conf' + 'etc/logrotate.d/fail2ban' +) +source=( + "git+https://github.com/$pkgname/$pkgname.git#tag=$pkgver?signed" + 'extend-tmpfiles.patch' +) +b2sums=('c2859a151abd906ceadc8549a4d337b01b037793e7d9285d44f08405695bdcb1b7dc88998cb7eed0321cacdce1d3fca29e55c63f5f60dadbb15f217f6cbe92d3' + '74a3385159cdcc525c0704a46406e63d3a96fbea045c6a4f56f861c3fbaeefdcf96e11b9da7f84634316c78b5a4410b956644ffba1337f91d28350d443dd69a9') +validpgpkeys=('E6C3F631FBDA716B070C6ED94141C485A81A88CB') # Sergey G. Brester (sebres) + +prepare() { + cd $pkgname + # distutils removal + git cherry-pick -n -m 1 ac62658c10f492911f8a0037a0bcf97c8521cd78 + + # openssh 9.8 compatibility + git cherry-pick -n 2fed408c05ac5206b490368d94599869bd6a056d + + # restore directories no longer installed after switch to PEP 517 + patch --forward --strip=1 --input=../extend-tmpfiles.patch + + sed -i 's|self.install_dir|"/usr/bin"|' setup.py + sed -i 's/^before = paths-debian.conf/before = paths-arch.conf/' config/jail.conf +} + +build() { + cd $pkgname + python -m build --wheel --skip-dependency-check --no-isolation +} + +# ignore test that imports smtpd module (removed in Python 3.12) +check() { + cd $pkgname + ./bin/fail2ban-testcases --ignore unittest.loader._FailedTest.test_smtp +} + +package() { + cd $pkgname + python -m installer --destdir="$pkgdir" dist/*.whl + + install -Dm644 build/fail2ban.service \ + "$pkgdir"/usr/lib/systemd/system/$pkgname.service + install -Dm644 files/fail2ban-tmpfiles.conf \ + "$pkgdir"/usr/lib/tmpfiles.d/$pkgname.conf + install -Dm644 files/fail2ban-logrotate \ + "$pkgdir"/etc/logrotate.d/fail2ban + install -Dm644 files/bash-completion \ + "$pkgdir"/usr/share/bash-completion/completions/fail2ban + + install -Dm644 -t "$pkgdir"/usr/share/man/man1 man/*.1 + install -Dm644 -t "$pkgdir"/usr/share/man/man5 man/*.5 + + cd "$pkgdir" + local site_packages=$(python -c "import site; print(site.getsitepackages()[0])") + cp -rl ./"$site_packages"/{etc,usr} . + rm -r ./"$site_packages"/{etc,usr} + + # fix sendmail location + sed -i 's/sbin/bin/g' etc/fail2ban/action.d/sendmail*.conf +} diff --git a/fail2ban/extend-tmpfiles.patch b/fail2ban/extend-tmpfiles.patch new file mode 100644 index 0000000000..48d0c9b392 --- /dev/null +++ b/fail2ban/extend-tmpfiles.patch @@ -0,0 +1,11 @@ +diff --git a/files/fail2ban-tmpfiles.conf b/files/fail2ban-tmpfiles.conf +index 68f8e345..f1308582 100644 +--- a/files/fail2ban-tmpfiles.conf ++++ b/files/fail2ban-tmpfiles.conf +@@ -1 +1,4 @@ +-D /run/fail2ban 0755 root root - +\ No newline at end of file ++D /run/fail2ban 0755 root root ++d /etc/fail2ban/fail2ban.d 0755 root root ++d /etc/fail2ban/jail.d 0755 root root ++d /var/lib/fail2ban 0755 root root diff --git a/fail2ban/keys/pgp/E6C3F631FBDA716B070C6ED94141C485A81A88CB.asc b/fail2ban/keys/pgp/E6C3F631FBDA716B070C6ED94141C485A81A88CB.asc new file mode 100644 index 0000000000..fbdd15764c --- /dev/null +++ b/fail2ban/keys/pgp/E6C3F631FBDA716B070C6ED94141C485A81A88CB.asc @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQENBFrFH5QBCACcx+ULHcFAvvQFhFj+HEeFZwPKUfaSmeyk5a/NAoxPg+J2TMbj +/pBrsBq94lwwt22LeT57ViENjKNH2mue2kXUzT9VzW0SwkYML6N6BOl+6RipEeVP +zUNtFNfgZmKarVvsqsOmUQSnlKAGVvk/FjjfsDjgtlpwa7ydkHNvRgqNm2QxCjL4 +8CJ+IfWkp5C8rRLLVsfno920D1Vy4RgaKtq3mSfeqhjZCsOKvPshUXO3t+E89lqC +xNzvcR2091oqhaTEBgsEnxkQ4+euDgwzAl9SWet97QGj9r1dQfzDZVnz3o+eNXdN +woBOEPcAqJQzCdoQgEsgAf2uFaRONEFKrDUrABEBAAG0M1NlcmdleSBHLiBCcmVz +dGVyIChzZWJyZXMpIDxzZXJnLmJyZXN0ZXJAc2VicmVzLmRlPokBOAQTAQIAIgUC +WsUflAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQQUHEhagaiMsOEwf+ +OPcKVlQW6EW3meGIS+8K3XasQDam9bAGecLfOi+UGafxyV778AKOzbWbrQBPlnA1 +CWPkVibjPzQFmLB9sH9IO76CVqoGGgDrY/5FyM4N7NgzVbofgRKuZswlHgc4lsjO +HeIjdE5ZFxPVIsd9Zq5VylUcQ5gGymSK/ynNM0bkojVgMS/JLMr/vom92fAjRnil +KNMUQJu59Yy84uwKPnXM3e+R3SFutCdXFuQr+oEptJkb/cG1QAwpcJxbmH9i7tmR +NDywQXRJGL1dtXdqlNLonp9n5buVYBBhs+xVKiUyk+ic2N0nu52E5nGVd/03hxyt +cHj8zdIbTQscF9wxRgZP67kBDQRaxR+UAQgArJsC/X9PWSG/30hn21hNOZ6WNcwr +qBwbJ/lKEOCuT4cslVlKTji0BLTHW9coEakO4aoIjw6VN9KUY0eSmznX7Z30bzkT +wXnWUgsrSqQH8VZagiM84Jj2rKE37A55yp0iCDyf1gH8p6ZH4HwoS3NXlhrDexxm +4nGPOe4u6vR2AcbINhGmHP6nmiYihcnuaG0nu5CL7klAWtlZnDdzMXLyXfWADNJz +Lft/srhpBVCUYMjXO/ZHGq3h1coX3QNiw2OB56CucpSSBV9qRy25IOTCb9Lavbmf +wRVriCkvHNclsPHFEziEgyv7VJAXOXgd8dp4PGwMkRAbKHF4i6q1RG1leQARAQAB +iQEfBBgBAgAJBQJaxR+UAhsMAAoJEEFBxIWoGojL8/gH/iY+zEwAUNGzcpsEX0+Q +1P8j6Sy8XhYdR3/kyjmr5bjGrEHtZYueNomlBnQ9xEBr9emWc1vsXC/bxLwEWi3u +XSiQdS/hpQvxKN3T5sNUUedwic5MmwUos9B4aFHga29OHS5g7pnbhhKSLuLT4S2y +9FUGk4waeDcRmKG1BzIw5L1Oug0TZWANsJtv9WNyjuvlH5wII4Fp+hP1+ffEL5FY +r92k59Ux3D2Wf5BHKckOMEh0qZHNTf+nIxSI+dKgdCSKA8+WRoq6kfZKp+7peh8w +Owg8cHbCFk+9IM3JeUJwmuSvnzDNGyUSgcH8EYWdqB1LzLTM5WJBzhlS1nEnzxpW +urM= +=kGzg +-----END PGP PUBLIC KEY BLOCK-----