diff --git a/.gitignore b/.gitignore index 7fbd936..e633b53 100644 --- a/.gitignore +++ b/.gitignore @@ -1,26 +1,2 @@ -fail2ban-FAIL2BAN-0_8.tar.bz2 -fail2ban-0.8.4.tar.bz2 -/fail2ban_0.8.7.1.orig.tar.gz -/fail2ban_0.8.8.orig.tar.gz -/fail2ban-0.8.10.tar.gz -/fail2ban-0.8.11.tar.gz -/fail2ban-0.9-d529151.tar.xz -/fail2ban-0.9-1f1a561.tar.xz -/fail2ban-0.9.tar.gz -/fail2ban-0.9.1.tar.gz -/fail2ban-0.9.2.tar.gz -/fail2ban-0.9.3.tar.gz -/fail2ban-0.9.4.tar.gz -/fail2ban-0.9.5.tar.gz -/fail2ban-0.9.6.tar.gz -/fail2ban-0.9.7.tar.gz -/fail2ban-0.10.0.tar.gz -/fail2ban-0.10.1.tar.gz -/fail2ban-0.10.2.tar.gz -/fail2ban-0.10.3.1.tar.gz -/fail2ban-0.10.4.tar.gz -/fail2ban-0.10.5.tar.gz -/fail2ban-0.11.1.tar.gz -/fail2ban-0.11.2.tar.gz -/fail2ban-1.0.1.tar.gz -/fail2ban-1.0.2.tar.gz +/fail2ban-*/ +/fail2ban-*.tar.gz* diff --git a/fail2ban.spec b/fail2ban.spec index 266ad11..51b8f91 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -1,16 +1,27 @@ Name: fail2ban Version: 1.0.2 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Daemon to ban hosts that cause multiple authentication errors License: GPLv2+ URL: http://fail2ban.sourceforge.net/ Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz +Source1: https://github.com/%{name}/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz.asc +# Releases are signed by Serg G. Brester (sebres) . The +# fingerprint can be found in a signature file: +# gpg --list-packets fail2ban-1.0.2.tar.gz.asc | grep 'issuer fpr' +# +# The following commands can be used to fetch the signing key via fingerprint +# and extract it: +# fpr=8738559E26F671DF9E2C6D9E683BF1BEBD0A882C +# gpg --receive-keys $fpr +# gpg -a --export-options export-minimal --export $fpr >gpgkey-$fpr.asc +Source2: gpgkey-8738559E26F671DF9E2C6D9E683BF1BEBD0A882C.asc # SELinux policy -Source1: fail2ban.fc -Source2: fail2ban.if -Source3: fail2ban.te -Source4: Makefile +Source3: fail2ban.fc +Source4: fail2ban.if +Source5: fail2ban.te +Source6: Makefile # Give up being PartOf iptables and ipset for now # https://bugzilla.redhat.com/show_bug.cgi?id=1379141 @@ -43,6 +54,7 @@ BuildRequires: systemd BuildRequires: selinux-policy-devel BuildRequires: make BuildRequires: bash-completion +BuildRequires: gnupg2 # Default components Requires: %{name}-firewalld = %{version}-%{release} @@ -206,6 +218,7 @@ by default. %prep +%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' %autosetup -p1 # Use Fedora paths @@ -216,7 +229,7 @@ find -type f -exec sed -i -e '1s,^#!/usr/bin/python *,#!/usr/bin/python%{python3 %endif # SELinux sources -cp -p %SOURCE1 %SOURCE2 %SOURCE3 . +cp -p %SOURCE3 %SOURCE4 %SOURCE5 . # 2to3 has been removed from setuptools and we already use the binary in # %%prep. @@ -229,7 +242,7 @@ sed -i "/use_2to3/d" setup.py %else %py3_build %endif -make -f %SOURCE4 +make -f %SOURCE6 %install @@ -411,6 +424,9 @@ fi %changelog +* Sun Apr 02 2023 Todd Zullinger - 1.0.2-4 +- verify upstream source signature + * Thu Mar 30 2023 Orion Poplawski - 1.0.2-3 - Add upstream patch to remove warning about allowipv6 (bz#2160781) diff --git a/gpgkey-8738559E26F671DF9E2C6D9E683BF1BEBD0A882C.asc b/gpgkey-8738559E26F671DF9E2C6D9E683BF1BEBD0A882C.asc new file mode 100644 index 0000000..14da565 --- /dev/null +++ b/gpgkey-8738559E26F671DF9E2C6D9E683BF1BEBD0A882C.asc @@ -0,0 +1,29 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQENBFeHbzIBCACWgr54J4t2fpI7EIrMTqso5kqPRTSY7eO2T0965JW6Zl4C0HZT +Wz+9c5aGlKeotf4Fv7zOhpUwULFSGAq3tVbxAxW9++LAXPGad6uE4aPsXoQ6+0RV +lJozNclURRal46vz3uuGLiSJ5+VQ1WD1sFLuw2/bMzE4GFR0z4w4UOc3ufAQ3obC +i5szSy5JWtCsmvCdNlhXTxa66aUddN8/8IHJSB6QZabGEcG4WfsfhUiH38KUuqrO +hYvT9ROY74pwSsHuWEzVRE00eJB4uxngsKHAGMYhkNxdKCG7Blu2IbJRcBE8QAs3 +BGqJR8FBify86COZYUZ7CuAyLyo1U6BZd7ohABEBAAG0KVNlcmcgRy4gQnJlc3Rl +ciAoc2VicmVzKSA8aW5mb0BzZWJyZXMuZGU+iQE4BBMBAgAiBQJXh28yAhsDBgsJ +CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBoO/G+vQqILMThB/0YUr7Y+urJChgm +NG9exjjmTayoNb+XiMR5T2+A919NrKulEaH2mb51B7XBmFuCj8x5O1wA3xYo7B6h +RVuNyb2eI3+bRD33QsKcs6NsgK/I1xLD15NrEftPckWqYypR6//u9Tmz5o9n9+/n +2dH7SU7UPW468/bRUhFp+SQ70B0XLdyDgGLEN9TNsAvnEi30Vtjbia4Lp/NXYRkq +GEzvpgZ7Dt9YhT+qdSs6AwyN0ZhnvX+zqXi+Q18xlbnuq2ZZkwK8Es/HdEDu2HNJ +3nn3l15pyMe/OxYhg646NcqGR6j1rEZ7jXyN2i5sEdspXfwv0lGtLr7ANElWqOvX +XYBAspRvuQENBFeHbzIBCACyCMv4CQ+blzj53ZLPyBMnj38oQ7bbpAtDThfB8hEZ +uk6Kmo799Zo2rLG2iqvy8SEuN/bLQKyzFTiB4UYWvRxne792N0nWLU24/bd7j/Gh +Q4EHUhs38WRSYtu93XCKzvyzn5s3504luOBF6czNrLeDfWXGVGosBsBoASY7de7a +kiXb7a28dNDSG0JaR+QwONjmde9hAzqOX0iOYHvJeu68UKaUp4IrJ+nTMHFhwUbf +awCmz+NPPrm360j4BuvYSWhS06tM7c6+gfvXHOTtJ5TEGbrm+I8d2q7nhxg3nku6 +7qnddkW2OS8EQVlw7XFox929mTLzw0MEmjqmSRTx2Qk3ABEBAAGJAR8EGAECAAkF +AleHbzICGwwACgkQaDvxvr0KiCwdxQf7BM7jo6v7uU7324ZkLQmtZndcXnXZMbSw +2pDzR2h01Vx7dHppzNOkyv8DvUWttwaMaTU57cdzThTkQPk8Lx8sCvi40RmWS2vs +IArgTS1HNStprPUg4sk99JOZg2y4LBqkLUxZveDsH+rXdFA/fp8048/M4ss6qj4O +ySe4crABbbv5yRADBJZt4LQdFoNGEpSaOtcxJmwJ7hrV+wQhVMm9m+/JpgzNT4rb +muPgveqzmSiTGJ6Yy2bEKyY0dCyPuWbWWPt4mCcT+9emZC1O8EjST0i9f9EUUU6c +6UCy7zi5EQ9CVv1Dlz1qefm/5/iFAAFQ5DtYC3cwDq8CqgqzoHMtNg== +=vqSW +-----END PGP PUBLIC KEY BLOCK----- diff --git a/sources b/sources index 6655594..0300c30 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ SHA512 (fail2ban-1.0.2.tar.gz) = 688a84361b5794e1658f53d2d200ce752fe1e3320ddb1742c32c4b4b82a79ace16ae464e7ea3eeb94a0e862bcac73c2d3a0e61dd7b28e179a4c857f950d74dbb +SHA512 (fail2ban-1.0.2.tar.gz.asc) = 1c0af7e454d52879788d9728010a68159a94668d93799da5533999e8c821db87f651b3606347af16fd92a4540a7a343dc682f72bb3bab14e3666f848883d8644