tjh.dev / nixpkgs
nixpkgs mirror (for testing) github.com/NixOS/nixpkgs
nix
fork

Configure Feed

Select the types of activity you want to include in your feed.

fail2ban: 0.11.2 -> 1.0.2

Update to 1.0.2: https://github.com/fail2ban/fail2ban/blob/1.0.2/ChangeLog#ver-102-20221109---finally-war-game-test-tape-not-a-nuclear-alarm
1.0.1 contained a few breaking changes, but I think they have little
impact.

I changed the module to use the systemd service shipping with fail2ban
(now added to the package).

Flakebi 12db8314 d917136f

+12 -38
+2
nixos/doc/manual/release-notes/rl-2305.section.md
··· 95 95 96 96 - The EC2 image module previously detected and activated swap-formatted instance store devices and partitions in stage-1 (initramfs). This behaviour has been removed. Users relying on this should provide their own implementation. 97 97 98 + - `fail2ban` has been updated to 1.0.2, which has a few breaking changes compared to 0.11.2 ([changelog for 1.0.1](https://github.com/fail2ban/fail2ban/blob/1.0.1/ChangeLog), [changelog for 1.0.2](https://github.com/fail2ban/fail2ban/blob/1.0.2/ChangeLog)) 99 + 98 100 - Calling `makeSetupHook` without passing a `name` argument is deprecated. 99 101 100 102 - Qt 5.12 and 5.14 have been removed, as the corresponding branches have been EOL upstream for a long time. This affected under 10 packages in nixpkgs, largely unmaintained upstream as well, however, out-of-tree package expressions may need to be updated manually.
+1 -11
nixos/modules/services/security/fail2ban.nix
··· 273 273 "fail2ban/filter.d".source = "${cfg.package}/etc/fail2ban/filter.d/*.conf"; 274 274 }; 275 275 276 + systemd.packages = [ cfg.package ]; 276 277 systemd.services.fail2ban = { 277 - description = "Fail2ban Intrusion Prevention System"; 278 - 279 278 wantedBy = [ "multi-user.target" ]; 280 - after = [ "network.target" ]; 281 279 partOf = optional config.networking.firewall.enable "firewall.service"; 282 280 283 281 restartTriggers = [ fail2banConf jailConf pathsConf ]; 284 282 285 283 path = [ cfg.package cfg.packageFirewall pkgs.iproute2 ] ++ cfg.extraPackages; 286 284 287 - unitConfig.Documentation = "man:fail2ban(1)"; 288 - 289 285 serviceConfig = { 290 - ExecStart = "${cfg.package}/bin/fail2ban-server -xf start"; 291 - ExecStop = "${cfg.package}/bin/fail2ban-server stop"; 292 - ExecReload = "${cfg.package}/bin/fail2ban-server reload"; 293 - Type = "simple"; 294 - Restart = "on-failure"; 295 - PIDFile = "/run/fail2ban/fail2ban.pid"; 296 286 # Capabilities 297 287 CapabilityBoundingSet = [ "CAP_AUDIT_READ" "CAP_DAC_READ_SEARCH" "CAP_NET_ADMIN" "CAP_NET_RAW" ]; 298 288 # Security
+9 -27
pkgs/tools/security/fail2ban/default.nix
··· 1 1 { lib, stdenv, fetchFromGitHub 2 2 , python3 3 - , fetchpatch 4 3 , installShellFiles 5 4 }: 6 5 7 6 python3.pkgs.buildPythonApplication rec { 8 7 pname = "fail2ban"; 9 - version = "0.11.2"; 8 + version = "1.0.2"; 10 9 11 10 src = fetchFromGitHub { 12 11 owner = "fail2ban"; 13 12 repo = "fail2ban"; 14 13 rev = version; 15 - sha256 = "q4U9iWCa1zg8sA+6pPNejt6v/41WGIKN5wITJCrCqQE="; 14 + hash = "sha256-Zd8zLkFlvXTbeInEkNFyHgcAiOsX4WwF6hf5juSQvbY="; 16 15 }; 17 16 18 17 outputs = [ "out" "man" ]; ··· 24 25 pyinotify 25 26 ]; 26 27 27 - patches = [ 28 - # remove references to use_2to3, for setuptools>=58 29 - # has been merged into master, remove next release 30 - (fetchpatch { 31 - url = "https://github.com/fail2ban/fail2ban/commit/5ac303df8a171f748330d4c645ccbf1c2c7f3497.patch"; 32 - sha256 = "sha256-aozQJHwPcJTe/D/PLQzBk1YH3OAP6Qm7wO7cai5CVYI="; 33 - }) 34 - # fix use of MutableMapping with Python >= 3.10 35 - # https://github.com/fail2ban/fail2ban/issues/3142 36 - (fetchpatch { 37 - url = "https://github.com/fail2ban/fail2ban/commit/294ec73f629d0e29cece3a1eb5dd60b6fccea41f.patch"; 38 - sha256 = "sha256-Eimm4xjBDYNn5QdTyMqGgT5EXsZdd/txxcWJojXlsFE="; 39 - }) 40 - ]; 41 - 42 28 preConfigure = '' 43 - # workaround for setuptools 58+ 44 - # https://github.com/fail2ban/fail2ban/issues/3098 45 29 patchShebangs fail2ban-2to3 46 30 ./fail2ban-2to3 47 31 48 32 for i in config/action.d/sendmail*.conf; do 49 33 substituteInPlace $i \ 50 - --replace /usr/sbin/sendmail sendmail \ 51 - --replace /usr/bin/whois whois 34 + --replace /usr/sbin/sendmail sendmail 52 35 done 53 36 54 37 substituteInPlace config/filter.d/dovecot.conf \ ··· 46 65 ${python3.interpreter} setup.py install_data --install-dir=$out --root=$out 47 66 ''; 48 67 49 - postPatch = '' 50 - ${stdenv.shell} ./fail2ban-2to3 51 - ''; 52 - 53 68 postInstall = 54 69 let 55 70 sitePackages = "$out/${python3.sitePackages}"; 56 71 in 57 72 '' 73 + install -m 644 -D -t "$out/lib/systemd/system" build/fail2ban.service 74 + # Replace binary paths 75 + sed -i "s#build/bdist.*/wheel/fail2ban.*/scripts/#$out/bin/#g" $out/lib/systemd/system/fail2ban.service 76 + # Delete creating the runtime directory, systemd does that 77 + sed -i "/ExecStartPre/d" $out/lib/systemd/system/fail2ban.service 78 + 58 79 # see https://github.com/NixOS/nixpkgs/issues/4968 59 80 rm -r "${sitePackages}/etc" 60 81 ··· 71 88 description = "A program that scans log files for repeated failing login attempts and bans IP addresses"; 72 89 license = licenses.gpl2Plus; 73 90 maintainers = with maintainers; [ eelco lovek323 ]; 74 - platforms = platforms.unix; 75 91 }; 76 92 }