Add upstream patches to fix testcase install and tests; Fix fail2ban-python symlink

2605.patch

@@ -0,0 +1,152 @@
+From 3965d690b137152b2a0a6a46989178b5566cfd8e Mon Sep 17 00:00:00 2001
+From: Angelo Compagnucci <angelo@amarulasolutions.com>
+Date: Thu, 16 Jan 2020 12:05:13 +0100
+Subject: [PATCH 1/2] Revert "setup.py: adding option to install without tests"
+
+Test should actually removed from the stup data in finalize_options
+instead of being added back.
+
+This reverts commit 9b918bba2f672780fb4469294d80ba7deb6b8cab.
+
+Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
+---
+ setup.py | 41 ++++++++++++++++-------------------------
+ 1 file changed, 16 insertions(+), 25 deletions(-)
+
+diff --git a/setup.py b/setup.py
+index e476c5dd6..8da292683 100755
+--- a/setup.py
++++ b/setup.py
+@@ -119,11 +119,9 @@ def update_scripts(self, dry_run=False):
+ class install_command_f2b(install):
+ 	user_options = install.user_options + [
+ 		('disable-2to3', None, 'Specify to deactivate 2to3, e.g. if the install runs from fail2ban test-cases.'),
+-		('without-tests', None, 'without tests files installation'),
+ 	]
+ 	def initialize_options(self):
+ 		self.disable_2to3 = None
+-		self.without_tests = None
+ 		install.initialize_options(self)
+ 	def finalize_options(self):
+ 		global _2to3
+@@ -134,28 +132,6 @@ def finalize_options(self):
+ 			cmdclass = self.distribution.cmdclass
+ 			cmdclass['build_py'] = build_py_2to3
+ 			cmdclass['build_scripts'] = build_scripts_2to3
+-		if not self.without_tests:
+-			self.distribution.scripts += [
+-				'bin/fail2ban-testcases',
+-			]
+-
+-			self.distribution.packages += [
+-				'fail2ban.tests',
+-				'fail2ban.tests.action_d',
+-			]
+-
+-			self.distribution.package_data = {
+-				'fail2ban.tests':
+-					[ join(w[0], f).replace("fail2ban/tests/", "", 1)
+-						for w in os.walk('fail2ban/tests/files')
+-						for f in w[2]] +
+-					[ join(w[0], f).replace("fail2ban/tests/", "", 1)
+-						for w in os.walk('fail2ban/tests/config')
+-						for f in w[2]] +
+-					[ join(w[0], f).replace("fail2ban/tests/", "", 1)
+-						for w in os.walk('fail2ban/tests/action_d')
+-						for f in w[2]]
+-			}
+ 		install.finalize_options(self)
+ 	def run(self):
+ 		install.run(self)
+@@ -232,20 +208,35 @@ def run(self):
+ 	license = "GPL",
+ 	platforms = "Posix",
+ 	cmdclass = {
+-		'build_py': build_py, 'build_scripts': build_scripts,
++		'build_py': build_py, 'build_scripts': build_scripts, 
+ 		'install_scripts': install_scripts_f2b, 'install': install_command_f2b
+ 	},
+ 	scripts = [
+ 		'bin/fail2ban-client',
+ 		'bin/fail2ban-server',
+ 		'bin/fail2ban-regex',
++		'bin/fail2ban-testcases',
+ 		# 'bin/fail2ban-python', -- link (binary), will be installed via install_scripts_f2b wrapper
+ 	],
+ 	packages = [
+ 		'fail2ban',
+ 		'fail2ban.client',
+ 		'fail2ban.server',
++		'fail2ban.tests',
++		'fail2ban.tests.action_d',
+ 	],
++	package_data = {
++		'fail2ban.tests':
++			[ join(w[0], f).replace("fail2ban/tests/", "", 1)
++				for w in os.walk('fail2ban/tests/files')
++				for f in w[2]] +
++			[ join(w[0], f).replace("fail2ban/tests/", "", 1)
++				for w in os.walk('fail2ban/tests/config')
++				for f in w[2]] +
++			[ join(w[0], f).replace("fail2ban/tests/", "", 1)
++				for w in os.walk('fail2ban/tests/action_d')
++				for f in w[2]]
++	},
+ 	data_files = [
+ 		('/etc/fail2ban',
+ 			glob("config/*.conf")
+
+From 5fa1f69264d3c23793f64c03c96737d54555e919 Mon Sep 17 00:00:00 2001
+From: Angelo Compagnucci <angelo@amarulasolutions.com>
+Date: Thu, 16 Jan 2020 12:28:42 +0100
+Subject: [PATCH 2/2] setup.py: adding option to install without tests
+
+Tests files are not always needed especially when installing on low
+resource systems like an embedded one.
+This patch adds the --without-tests option to skip installing the
+tests files.
+
+Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
+---
+ setup.py | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/setup.py b/setup.py
+index 8da292683..ce1eedf68 100755
+--- a/setup.py
++++ b/setup.py
+@@ -119,9 +119,11 @@ def update_scripts(self, dry_run=False):
+ class install_command_f2b(install):
+ 	user_options = install.user_options + [
+ 		('disable-2to3', None, 'Specify to deactivate 2to3, e.g. if the install runs from fail2ban test-cases.'),
++		('without-tests', None, 'without tests files installation'),
+ 	]
+ 	def initialize_options(self):
+ 		self.disable_2to3 = None
++		self.without_tests = None
+ 		install.initialize_options(self)
+ 	def finalize_options(self):
+ 		global _2to3
+@@ -132,6 +134,13 @@ def finalize_options(self):
+ 			cmdclass = self.distribution.cmdclass
+ 			cmdclass['build_py'] = build_py_2to3
+ 			cmdclass['build_scripts'] = build_scripts_2to3
++		if self.without_tests:
++			self.distribution.scripts.remove('bin/fail2ban-testcases')
++
++			self.distribution.packages.remove('fail2ban.tests')
++			self.distribution.packages.remove('fail2ban.tests.action_d')
++
++			del self.distribution.package_data['fail2ban.tests']
+ 		install.finalize_options(self)
+ 	def run(self):
+ 		install.run(self)
+@@ -208,7 +217,7 @@ def run(self):
+ 	license = "GPL",
+ 	platforms = "Posix",
+ 	cmdclass = {
+-		'build_py': build_py, 'build_scripts': build_scripts, 
++		'build_py': build_py, 'build_scripts': build_scripts,
+ 		'install_scripts': install_scripts_f2b, 'install': install_command_f2b
+ 	},
+ 	scripts = [

8dc6f30cdd855c41b80ebdde3fe2bc91cc94e594.patch

@@ -0,0 +1,233 @@
+From 8dc6f30cdd855c41b80ebdde3fe2bc91cc94e594 Mon Sep 17 00:00:00 2001
+From: sebres <serg.brester@sebres.de>
+Date: Wed, 15 Jan 2020 19:22:53 +0100
+Subject: [PATCH] closes #2596: fixed supplying of backend-related `logtype` to
+ the jail filter - don't merge it (provide as init parameter if not set in
+ definition section), init parameters don't affect config-cache (better
+ implementation as in #2387 and it covered now with new test)
+
+---
+ MANIFEST                                      |  2 ++
+ fail2ban/client/configreader.py               |  8 +++--
+ fail2ban/client/fail2banregex.py              |  7 ++---
+ fail2ban/client/filterreader.py               |  8 +++++
+ fail2ban/client/jailreader.py                 |  7 ++---
+ fail2ban/tests/clientreadertestcase.py        | 17 +++++++++-
+ .../tests/config/filter.d/checklogtype.conf   | 31 +++++++++++++++++++
+ .../config/filter.d/checklogtype_test.conf    | 12 +++++++
+ fail2ban/tests/config/jail.conf               | 25 +++++++++++++++
+ 9 files changed, 104 insertions(+), 13 deletions(-)
+ create mode 100644 fail2ban/tests/config/filter.d/checklogtype.conf
+ create mode 100644 fail2ban/tests/config/filter.d/checklogtype_test.conf
+
+diff --git a/MANIFEST b/MANIFEST
+index dbcc2f602..5680492af 100644
+--- a/MANIFEST
++++ b/MANIFEST
+@@ -226,6 +226,8 @@ fail2ban/tests/clientreadertestcase.py
+ fail2ban/tests/config/action.d/action.conf
+ fail2ban/tests/config/action.d/brokenaction.conf
+ fail2ban/tests/config/fail2ban.conf
++fail2ban/tests/config/filter.d/checklogtype.conf
++fail2ban/tests/config/filter.d/checklogtype_test.conf
+ fail2ban/tests/config/filter.d/simple.conf
+ fail2ban/tests/config/filter.d/test.conf
+ fail2ban/tests/config/filter.d/test.local
+diff --git a/fail2ban/client/configreader.py b/fail2ban/client/configreader.py
+index 66b987b28..20709b724 100644
+--- a/fail2ban/client/configreader.py
++++ b/fail2ban/client/configreader.py
+@@ -120,6 +120,10 @@ def has_section(self, sec):
+ 		except AttributeError:
+ 			return False
+ 
++	def has_option(self, sec, opt, withDefault=True):
++		return self._cfg.has_option(sec, opt) if withDefault \
++			else opt in self._cfg._sections.get(sec, {})
++
+ 	def merge_defaults(self, d):
+ 		self._cfg.get_defaults().update(d)
+ 
+@@ -261,8 +265,8 @@ def getOptions(self, sec, options, pOptions=None, shouldExist=False):
+ 					logSys.warning("'%s' not defined in '%s'. Using default one: %r"
+ 								% (optname, sec, optvalue))
+ 					values[optname] = optvalue
+-				elif logSys.getEffectiveLevel() <= logLevel:
+-					logSys.log(logLevel, "Non essential option '%s' not defined in '%s'.", optname, sec)
++				# elif logSys.getEffectiveLevel() <= logLevel:
++				# 	logSys.log(logLevel, "Non essential option '%s' not defined in '%s'.", optname, sec)
+ 			except ValueError:
+ 				logSys.warning("Wrong value for '" + optname + "' in '" + sec +
+ 							"'. Using default one: '" + repr(optvalue) + "'")
+diff --git a/fail2ban/client/fail2banregex.py b/fail2ban/client/fail2banregex.py
+index f6a4b141c..334c031f4 100644
+--- a/fail2ban/client/fail2banregex.py
++++ b/fail2ban/client/fail2banregex.py
+@@ -372,11 +372,8 @@ def readRegex(self, value, regextype):
+ 			if not ret:
+ 				output( "ERROR: failed to load filter %s" % value )
+ 				return False
+-			# overwrite default logtype (considering that the filter could specify this too in Definition/Init sections):
+-			if not fltOpt.get('logtype'):
+-				reader.merge_defaults({
+-					'logtype': ['file','journal'][int(self._backend.startswith("systemd"))]
+-				})
++			# set backend-related options (logtype):
++			reader.applyAutoOptions(self._backend)
+ 			# get, interpolate and convert options:
+ 			reader.getOptions(None)
+ 			# show real options if expected:
+diff --git a/fail2ban/client/filterreader.py b/fail2ban/client/filterreader.py
+index ede18dca2..413f125e6 100644
+--- a/fail2ban/client/filterreader.py
++++ b/fail2ban/client/filterreader.py
+@@ -53,6 +53,14 @@ def setFile(self, fileName):
+ 	def getFile(self):
+ 		return self.__file
+ 
++	def applyAutoOptions(self, backend):
++		# set init option to backend-related logtype, considering
++		# that the filter settings may be overwritten in its local:
++		if (not self._initOpts.get('logtype') and 
++		    not self.has_option('Definition', 'logtype', False)
++		  ):
++			self._initOpts['logtype'] = ['file','journal'][int(backend.startswith("systemd"))]
++
+ 	def convert(self):
+ 		stream = list()
+ 		opts = self.getCombined()
+diff --git a/fail2ban/client/jailreader.py b/fail2ban/client/jailreader.py
+index 917a562ce..1d7db0dc9 100644
+--- a/fail2ban/client/jailreader.py
++++ b/fail2ban/client/jailreader.py
+@@ -142,11 +142,8 @@ def getOptions(self):
+ 				ret = self.__filter.read()
+ 				if not ret:
+ 					raise JailDefError("Unable to read the filter %r" % filterName)
+-				if not filterOpt.get('logtype'):
+-					# overwrite default logtype backend-related (considering that the filter settings may be overwritten):
+-					self.__filter.merge_defaults({
+-						'logtype': ['file','journal'][int(self.__opts.get('backend', '').startswith("systemd"))]
+-					})
++				# set backend-related options (logtype):
++				self.__filter.applyAutoOptions(self.__opts.get('backend', ''))
+ 				# merge options from filter as 'known/...' (all options unfiltered):
+ 				self.__filter.getOptions(self.__opts, all=True)
+ 				ConfigReader.merge_section(self, self.__name, self.__filter.getCombined(), 'known/')
+diff --git a/fail2ban/tests/clientreadertestcase.py b/fail2ban/tests/clientreadertestcase.py
+index d39860f47..2c1d0a0e4 100644
+--- a/fail2ban/tests/clientreadertestcase.py
++++ b/fail2ban/tests/clientreadertestcase.py
+@@ -328,7 +328,22 @@ def testOverrideFilterOptInJail(self):
+ 			self.assertFalse(len(o) > 2 and o[2].endswith('regex'))
+ 			i += 1
+ 			if i > usednsidx: break
+-		
++
++	def testLogTypeOfBackendInJail(self):
++		unittest.F2B.SkipIfCfgMissing(stock=True); # expected include of common.conf
++		# test twice to check cache works peoperly:
++		for i in (1, 2):
++			# backend-related, overwritten in definition, specified in init parameters:
++			for prefline in ('JRNL', 'FILE', 'TEST', 'INIT'):
++				jail = JailReader('checklogtype_'+prefline.lower(), basedir=IMPERFECT_CONFIG,
++					share_config=IMPERFECT_CONFIG_SHARE_CFG, force_enable=True)
++				self.assertTrue(jail.read())
++				self.assertTrue(jail.getOptions())
++				stream = jail.convert()
++				# 'JRNL' for systemd, 'FILE' for file backend, 'TEST' for custom logtype (overwrite it):
++				self.assertEqual([['set', jail.getName(), 'addfailregex', '^%s failure from <HOST>$' % prefline]],
++					[o for o in stream if len(o) > 2 and o[2] == 'addfailregex'])
++
+ 	def testSplitOption(self):
+ 		# Simple example
+ 		option = "mail-whois[name=SSH]"
+diff --git a/fail2ban/tests/config/filter.d/checklogtype.conf b/fail2ban/tests/config/filter.d/checklogtype.conf
+new file mode 100644
+index 000000000..4d700fffa
+--- /dev/null
++++ b/fail2ban/tests/config/filter.d/checklogtype.conf
+@@ -0,0 +1,31 @@
++# Fail2Ban configuration file
++#
++
++[INCLUDES]
++
++# Read common prefixes (logtype is set in default section)
++before = ../../../../config/filter.d/common.conf
++
++[Definition]
++
++_daemon = test
++
++failregex = ^<lt_<logtype>/__prefix_line> failure from <HOST>$
++ignoreregex = 
++
++# following sections define prefix line considering logtype:
++
++# backend-related (retrieved from backend, overwrite default):
++[lt_file]
++__prefix_line = FILE
++
++[lt_journal]
++__prefix_line = JRNL
++
++# specified in definition section of filter (see filter checklogtype_test.conf):
++[lt_test]
++__prefix_line = TEST
++
++# specified in init parameter of jail (see ../jail.conf, jail checklogtype_init):
++[lt_init]
++__prefix_line = INIT
+diff --git a/fail2ban/tests/config/filter.d/checklogtype_test.conf b/fail2ban/tests/config/filter.d/checklogtype_test.conf
+new file mode 100644
+index 000000000..a76f5fcfb
+--- /dev/null
++++ b/fail2ban/tests/config/filter.d/checklogtype_test.conf
+@@ -0,0 +1,12 @@
++# Fail2Ban configuration file
++#
++
++[INCLUDES]
++
++# Read common prefixes (logtype is set in default section)
++before = checklogtype.conf
++
++[Definition]
++
++# overwrite logtype in definition (no backend anymore):
++logtype = test
+\ No newline at end of file
+diff --git a/fail2ban/tests/config/jail.conf b/fail2ban/tests/config/jail.conf
+index de5bbbdc5..b1a1707b6 100644
+--- a/fail2ban/tests/config/jail.conf
++++ b/fail2ban/tests/config/jail.conf
+@@ -74,3 +74,28 @@ journalmatch = _COMM=test
+ maxlines = 2
+ usedns = no
+ enabled = false
++
++[checklogtype_jrnl]
++filter = checklogtype
++backend = systemd
++action = action
++enabled = false
++
++[checklogtype_file]
++filter = checklogtype
++backend = polling
++logpath = README.md
++action = action
++enabled = false
++
++[checklogtype_test]
++filter = checklogtype_test
++backend = systemd
++action = action
++enabled = false
++
++[checklogtype_init]
++filter = checklogtype_test[logtype=init]
++backend = systemd
++action = action
++enabled = false

fail2ban.spec

@@ -13,8 +13,12 @@ Patch0: fail2ban-partof.patch
 Patch1: https://github.com/fail2ban/fail2ban/commit/ec37b1942c4da76f7a0f71efe81bea6835466648.patch
 # testIPAddr_CompareDNS: add missing network constraint
 Patch2: https://github.com/fail2ban/fail2ban/commit/b158f83aa3795f387c8475ceb48df197a94a37e8.patch
-# FIx test thread stack size on aarch64
+# Fix test thread stack size on aarch64
 Patch3: https://github.com/fail2ban/fail2ban/commit/8694c547285c4030d4bf7661981673038e6e9829.patch
+# Fix handling of journal in tests
+Patch4: https://github.com/fail2ban/fail2ban/commit/8dc6f30cdd855c41b80ebdde3fe2bc91cc94e594.patch
+# Fix test install
+Patch5: https://patch-diff.githubusercontent.com/raw/fail2ban/fail2ban/pull/2605.patch
 
 BuildRequires: python3-devel
 BuildRequires: /usr/bin/2to3
@@ -170,6 +174,9 @@ find -type f -exec sed -i -e '1s,^#!/usr/bin/python *,#!/usr/bin/python%{python3
 %install
 %py3_install
 
+# Make symbolic link relative
+ln -fs python3 %{buildroot}%{_bindir}/fail2ban-python
+
 %if 0%{?fedora} || 0%{?rhel} >= 7
 mkdir -p %{buildroot}%{_unitdir}
 cp -p build/fail2ban.service %{buildroot}%{_unitdir}/
@@ -214,10 +221,10 @@ EOF
 # Remove installed doc, use doc macro instead
 rm -r %{buildroot}%{_docdir}/%{name}
 
+
 %check
-# testSampleRegexsSSHD fails for some reason when run alongside all other tests
+%python3 bin/fail2ban-testcases --verbosity=2 --no-network
-%python3 bin/fail2ban-testcases --no-network testSampleRegexsSSHD
+
-%python3 bin/fail2ban-testcases --no-network -i testSampleRegexsSSHD
 
 %post server
 %if 0%{?fedora} || 0%{?rhel} >= 7