diff --git a/2605.patch b/2605.patch new file mode 100644 index 0000000..05e5646 --- /dev/null +++ b/2605.patch @@ -0,0 +1,152 @@ +From 3965d690b137152b2a0a6a46989178b5566cfd8e Mon Sep 17 00:00:00 2001 +From: Angelo Compagnucci +Date: Thu, 16 Jan 2020 12:05:13 +0100 +Subject: [PATCH 1/2] Revert "setup.py: adding option to install without tests" + +Test should actually removed from the stup data in finalize_options +instead of being added back. + +This reverts commit 9b918bba2f672780fb4469294d80ba7deb6b8cab. + +Signed-off-by: Angelo Compagnucci +--- + setup.py | 41 ++++++++++++++++------------------------- + 1 file changed, 16 insertions(+), 25 deletions(-) + +diff --git a/setup.py b/setup.py +index e476c5dd6..8da292683 100755 +--- a/setup.py ++++ b/setup.py +@@ -119,11 +119,9 @@ def update_scripts(self, dry_run=False): + class install_command_f2b(install): + user_options = install.user_options + [ + ('disable-2to3', None, 'Specify to deactivate 2to3, e.g. if the install runs from fail2ban test-cases.'), +- ('without-tests', None, 'without tests files installation'), + ] + def initialize_options(self): + self.disable_2to3 = None +- self.without_tests = None + install.initialize_options(self) + def finalize_options(self): + global _2to3 +@@ -134,28 +132,6 @@ def finalize_options(self): + cmdclass = self.distribution.cmdclass + cmdclass['build_py'] = build_py_2to3 + cmdclass['build_scripts'] = build_scripts_2to3 +- if not self.without_tests: +- self.distribution.scripts += [ +- 'bin/fail2ban-testcases', +- ] +- +- self.distribution.packages += [ +- 'fail2ban.tests', +- 'fail2ban.tests.action_d', +- ] +- +- self.distribution.package_data = { +- 'fail2ban.tests': +- [ join(w[0], f).replace("fail2ban/tests/", "", 1) +- for w in os.walk('fail2ban/tests/files') +- for f in w[2]] + +- [ join(w[0], f).replace("fail2ban/tests/", "", 1) +- for w in os.walk('fail2ban/tests/config') +- for f in w[2]] + +- [ join(w[0], f).replace("fail2ban/tests/", "", 1) +- for w in os.walk('fail2ban/tests/action_d') +- for f in w[2]] +- } + install.finalize_options(self) + def run(self): + install.run(self) +@@ -232,20 +208,35 @@ def run(self): + license = "GPL", + platforms = "Posix", + cmdclass = { +- 'build_py': build_py, 'build_scripts': build_scripts, ++ 'build_py': build_py, 'build_scripts': build_scripts, + 'install_scripts': install_scripts_f2b, 'install': install_command_f2b + }, + scripts = [ + 'bin/fail2ban-client', + 'bin/fail2ban-server', + 'bin/fail2ban-regex', ++ 'bin/fail2ban-testcases', + # 'bin/fail2ban-python', -- link (binary), will be installed via install_scripts_f2b wrapper + ], + packages = [ + 'fail2ban', + 'fail2ban.client', + 'fail2ban.server', ++ 'fail2ban.tests', ++ 'fail2ban.tests.action_d', + ], ++ package_data = { ++ 'fail2ban.tests': ++ [ join(w[0], f).replace("fail2ban/tests/", "", 1) ++ for w in os.walk('fail2ban/tests/files') ++ for f in w[2]] + ++ [ join(w[0], f).replace("fail2ban/tests/", "", 1) ++ for w in os.walk('fail2ban/tests/config') ++ for f in w[2]] + ++ [ join(w[0], f).replace("fail2ban/tests/", "", 1) ++ for w in os.walk('fail2ban/tests/action_d') ++ for f in w[2]] ++ }, + data_files = [ + ('/etc/fail2ban', + glob("config/*.conf") + +From 5fa1f69264d3c23793f64c03c96737d54555e919 Mon Sep 17 00:00:00 2001 +From: Angelo Compagnucci +Date: Thu, 16 Jan 2020 12:28:42 +0100 +Subject: [PATCH 2/2] setup.py: adding option to install without tests + +Tests files are not always needed especially when installing on low +resource systems like an embedded one. +This patch adds the --without-tests option to skip installing the +tests files. + +Signed-off-by: Angelo Compagnucci +--- + setup.py | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/setup.py b/setup.py +index 8da292683..ce1eedf68 100755 +--- a/setup.py ++++ b/setup.py +@@ -119,9 +119,11 @@ def update_scripts(self, dry_run=False): + class install_command_f2b(install): + user_options = install.user_options + [ + ('disable-2to3', None, 'Specify to deactivate 2to3, e.g. if the install runs from fail2ban test-cases.'), ++ ('without-tests', None, 'without tests files installation'), + ] + def initialize_options(self): + self.disable_2to3 = None ++ self.without_tests = None + install.initialize_options(self) + def finalize_options(self): + global _2to3 +@@ -132,6 +134,13 @@ def finalize_options(self): + cmdclass = self.distribution.cmdclass + cmdclass['build_py'] = build_py_2to3 + cmdclass['build_scripts'] = build_scripts_2to3 ++ if self.without_tests: ++ self.distribution.scripts.remove('bin/fail2ban-testcases') ++ ++ self.distribution.packages.remove('fail2ban.tests') ++ self.distribution.packages.remove('fail2ban.tests.action_d') ++ ++ del self.distribution.package_data['fail2ban.tests'] + install.finalize_options(self) + def run(self): + install.run(self) +@@ -208,7 +217,7 @@ def run(self): + license = "GPL", + platforms = "Posix", + cmdclass = { +- 'build_py': build_py, 'build_scripts': build_scripts, ++ 'build_py': build_py, 'build_scripts': build_scripts, + 'install_scripts': install_scripts_f2b, 'install': install_command_f2b + }, + scripts = [ diff --git a/8dc6f30cdd855c41b80ebdde3fe2bc91cc94e594.patch b/8dc6f30cdd855c41b80ebdde3fe2bc91cc94e594.patch new file mode 100644 index 0000000..de372f3 --- /dev/null +++ b/8dc6f30cdd855c41b80ebdde3fe2bc91cc94e594.patch @@ -0,0 +1,233 @@ +From 8dc6f30cdd855c41b80ebdde3fe2bc91cc94e594 Mon Sep 17 00:00:00 2001 +From: sebres +Date: Wed, 15 Jan 2020 19:22:53 +0100 +Subject: [PATCH] closes #2596: fixed supplying of backend-related `logtype` to + the jail filter - don't merge it (provide as init parameter if not set in + definition section), init parameters don't affect config-cache (better + implementation as in #2387 and it covered now with new test) + +--- + MANIFEST | 2 ++ + fail2ban/client/configreader.py | 8 +++-- + fail2ban/client/fail2banregex.py | 7 ++--- + fail2ban/client/filterreader.py | 8 +++++ + fail2ban/client/jailreader.py | 7 ++--- + fail2ban/tests/clientreadertestcase.py | 17 +++++++++- + .../tests/config/filter.d/checklogtype.conf | 31 +++++++++++++++++++ + .../config/filter.d/checklogtype_test.conf | 12 +++++++ + fail2ban/tests/config/jail.conf | 25 +++++++++++++++ + 9 files changed, 104 insertions(+), 13 deletions(-) + create mode 100644 fail2ban/tests/config/filter.d/checklogtype.conf + create mode 100644 fail2ban/tests/config/filter.d/checklogtype_test.conf + +diff --git a/MANIFEST b/MANIFEST +index dbcc2f602..5680492af 100644 +--- a/MANIFEST ++++ b/MANIFEST +@@ -226,6 +226,8 @@ fail2ban/tests/clientreadertestcase.py + fail2ban/tests/config/action.d/action.conf + fail2ban/tests/config/action.d/brokenaction.conf + fail2ban/tests/config/fail2ban.conf ++fail2ban/tests/config/filter.d/checklogtype.conf ++fail2ban/tests/config/filter.d/checklogtype_test.conf + fail2ban/tests/config/filter.d/simple.conf + fail2ban/tests/config/filter.d/test.conf + fail2ban/tests/config/filter.d/test.local +diff --git a/fail2ban/client/configreader.py b/fail2ban/client/configreader.py +index 66b987b28..20709b724 100644 +--- a/fail2ban/client/configreader.py ++++ b/fail2ban/client/configreader.py +@@ -120,6 +120,10 @@ def has_section(self, sec): + except AttributeError: + return False + ++ def has_option(self, sec, opt, withDefault=True): ++ return self._cfg.has_option(sec, opt) if withDefault \ ++ else opt in self._cfg._sections.get(sec, {}) ++ + def merge_defaults(self, d): + self._cfg.get_defaults().update(d) + +@@ -261,8 +265,8 @@ def getOptions(self, sec, options, pOptions=None, shouldExist=False): + logSys.warning("'%s' not defined in '%s'. Using default one: %r" + % (optname, sec, optvalue)) + values[optname] = optvalue +- elif logSys.getEffectiveLevel() <= logLevel: +- logSys.log(logLevel, "Non essential option '%s' not defined in '%s'.", optname, sec) ++ # elif logSys.getEffectiveLevel() <= logLevel: ++ # logSys.log(logLevel, "Non essential option '%s' not defined in '%s'.", optname, sec) + except ValueError: + logSys.warning("Wrong value for '" + optname + "' in '" + sec + + "'. Using default one: '" + repr(optvalue) + "'") +diff --git a/fail2ban/client/fail2banregex.py b/fail2ban/client/fail2banregex.py +index f6a4b141c..334c031f4 100644 +--- a/fail2ban/client/fail2banregex.py ++++ b/fail2ban/client/fail2banregex.py +@@ -372,11 +372,8 @@ def readRegex(self, value, regextype): + if not ret: + output( "ERROR: failed to load filter %s" % value ) + return False +- # overwrite default logtype (considering that the filter could specify this too in Definition/Init sections): +- if not fltOpt.get('logtype'): +- reader.merge_defaults({ +- 'logtype': ['file','journal'][int(self._backend.startswith("systemd"))] +- }) ++ # set backend-related options (logtype): ++ reader.applyAutoOptions(self._backend) + # get, interpolate and convert options: + reader.getOptions(None) + # show real options if expected: +diff --git a/fail2ban/client/filterreader.py b/fail2ban/client/filterreader.py +index ede18dca2..413f125e6 100644 +--- a/fail2ban/client/filterreader.py ++++ b/fail2ban/client/filterreader.py +@@ -53,6 +53,14 @@ def setFile(self, fileName): + def getFile(self): + return self.__file + ++ def applyAutoOptions(self, backend): ++ # set init option to backend-related logtype, considering ++ # that the filter settings may be overwritten in its local: ++ if (not self._initOpts.get('logtype') and ++ not self.has_option('Definition', 'logtype', False) ++ ): ++ self._initOpts['logtype'] = ['file','journal'][int(backend.startswith("systemd"))] ++ + def convert(self): + stream = list() + opts = self.getCombined() +diff --git a/fail2ban/client/jailreader.py b/fail2ban/client/jailreader.py +index 917a562ce..1d7db0dc9 100644 +--- a/fail2ban/client/jailreader.py ++++ b/fail2ban/client/jailreader.py +@@ -142,11 +142,8 @@ def getOptions(self): + ret = self.__filter.read() + if not ret: + raise JailDefError("Unable to read the filter %r" % filterName) +- if not filterOpt.get('logtype'): +- # overwrite default logtype backend-related (considering that the filter settings may be overwritten): +- self.__filter.merge_defaults({ +- 'logtype': ['file','journal'][int(self.__opts.get('backend', '').startswith("systemd"))] +- }) ++ # set backend-related options (logtype): ++ self.__filter.applyAutoOptions(self.__opts.get('backend', '')) + # merge options from filter as 'known/...' (all options unfiltered): + self.__filter.getOptions(self.__opts, all=True) + ConfigReader.merge_section(self, self.__name, self.__filter.getCombined(), 'known/') +diff --git a/fail2ban/tests/clientreadertestcase.py b/fail2ban/tests/clientreadertestcase.py +index d39860f47..2c1d0a0e4 100644 +--- a/fail2ban/tests/clientreadertestcase.py ++++ b/fail2ban/tests/clientreadertestcase.py +@@ -328,7 +328,22 @@ def testOverrideFilterOptInJail(self): + self.assertFalse(len(o) > 2 and o[2].endswith('regex')) + i += 1 + if i > usednsidx: break +- ++ ++ def testLogTypeOfBackendInJail(self): ++ unittest.F2B.SkipIfCfgMissing(stock=True); # expected include of common.conf ++ # test twice to check cache works peoperly: ++ for i in (1, 2): ++ # backend-related, overwritten in definition, specified in init parameters: ++ for prefline in ('JRNL', 'FILE', 'TEST', 'INIT'): ++ jail = JailReader('checklogtype_'+prefline.lower(), basedir=IMPERFECT_CONFIG, ++ share_config=IMPERFECT_CONFIG_SHARE_CFG, force_enable=True) ++ self.assertTrue(jail.read()) ++ self.assertTrue(jail.getOptions()) ++ stream = jail.convert() ++ # 'JRNL' for systemd, 'FILE' for file backend, 'TEST' for custom logtype (overwrite it): ++ self.assertEqual([['set', jail.getName(), 'addfailregex', '^%s failure from $' % prefline]], ++ [o for o in stream if len(o) > 2 and o[2] == 'addfailregex']) ++ + def testSplitOption(self): + # Simple example + option = "mail-whois[name=SSH]" +diff --git a/fail2ban/tests/config/filter.d/checklogtype.conf b/fail2ban/tests/config/filter.d/checklogtype.conf +new file mode 100644 +index 000000000..4d700fffa +--- /dev/null ++++ b/fail2ban/tests/config/filter.d/checklogtype.conf +@@ -0,0 +1,31 @@ ++# Fail2Ban configuration file ++# ++ ++[INCLUDES] ++ ++# Read common prefixes (logtype is set in default section) ++before = ../../../../config/filter.d/common.conf ++ ++[Definition] ++ ++_daemon = test ++ ++failregex = ^/__prefix_line> failure from $ ++ignoreregex = ++ ++# following sections define prefix line considering logtype: ++ ++# backend-related (retrieved from backend, overwrite default): ++[lt_file] ++__prefix_line = FILE ++ ++[lt_journal] ++__prefix_line = JRNL ++ ++# specified in definition section of filter (see filter checklogtype_test.conf): ++[lt_test] ++__prefix_line = TEST ++ ++# specified in init parameter of jail (see ../jail.conf, jail checklogtype_init): ++[lt_init] ++__prefix_line = INIT +diff --git a/fail2ban/tests/config/filter.d/checklogtype_test.conf b/fail2ban/tests/config/filter.d/checklogtype_test.conf +new file mode 100644 +index 000000000..a76f5fcfb +--- /dev/null ++++ b/fail2ban/tests/config/filter.d/checklogtype_test.conf +@@ -0,0 +1,12 @@ ++# Fail2Ban configuration file ++# ++ ++[INCLUDES] ++ ++# Read common prefixes (logtype is set in default section) ++before = checklogtype.conf ++ ++[Definition] ++ ++# overwrite logtype in definition (no backend anymore): ++logtype = test +\ No newline at end of file +diff --git a/fail2ban/tests/config/jail.conf b/fail2ban/tests/config/jail.conf +index de5bbbdc5..b1a1707b6 100644 +--- a/fail2ban/tests/config/jail.conf ++++ b/fail2ban/tests/config/jail.conf +@@ -74,3 +74,28 @@ journalmatch = _COMM=test + maxlines = 2 + usedns = no + enabled = false ++ ++[checklogtype_jrnl] ++filter = checklogtype ++backend = systemd ++action = action ++enabled = false ++ ++[checklogtype_file] ++filter = checklogtype ++backend = polling ++logpath = README.md ++action = action ++enabled = false ++ ++[checklogtype_test] ++filter = checklogtype_test ++backend = systemd ++action = action ++enabled = false ++ ++[checklogtype_init] ++filter = checklogtype_test[logtype=init] ++backend = systemd ++action = action ++enabled = false diff --git a/fail2ban.spec b/fail2ban.spec index 1125bfa..e238742 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -13,8 +13,12 @@ Patch0: fail2ban-partof.patch Patch1: https://github.com/fail2ban/fail2ban/commit/ec37b1942c4da76f7a0f71efe81bea6835466648.patch # testIPAddr_CompareDNS: add missing network constraint Patch2: https://github.com/fail2ban/fail2ban/commit/b158f83aa3795f387c8475ceb48df197a94a37e8.patch -# FIx test thread stack size on aarch64 +# Fix test thread stack size on aarch64 Patch3: https://github.com/fail2ban/fail2ban/commit/8694c547285c4030d4bf7661981673038e6e9829.patch +# Fix handling of journal in tests +Patch4: https://github.com/fail2ban/fail2ban/commit/8dc6f30cdd855c41b80ebdde3fe2bc91cc94e594.patch +# Fix test install +Patch5: https://patch-diff.githubusercontent.com/raw/fail2ban/fail2ban/pull/2605.patch BuildRequires: python3-devel BuildRequires: /usr/bin/2to3 @@ -170,6 +174,9 @@ find -type f -exec sed -i -e '1s,^#!/usr/bin/python *,#!/usr/bin/python%{python3 %install %py3_install +# Make symbolic link relative +ln -fs python3 %{buildroot}%{_bindir}/fail2ban-python + %if 0%{?fedora} || 0%{?rhel} >= 7 mkdir -p %{buildroot}%{_unitdir} cp -p build/fail2ban.service %{buildroot}%{_unitdir}/ @@ -214,10 +221,10 @@ EOF # Remove installed doc, use doc macro instead rm -r %{buildroot}%{_docdir}/%{name} + %check -# testSampleRegexsSSHD fails for some reason when run alongside all other tests -%python3 bin/fail2ban-testcases --no-network testSampleRegexsSSHD -%python3 bin/fail2ban-testcases --no-network -i testSampleRegexsSSHD +%python3 bin/fail2ban-testcases --verbosity=2 --no-network + %post server %if 0%{?fedora} || 0%{?rhel} >= 7