From 67e79a14624c496f740ed3c63ae28788c6e3b346 Mon Sep 17 00:00:00 2001 From: Yaroslav Halchenko Date: Tue, 30 Dec 2014 16:50:46 -0500 Subject: [PATCH] changelog and now we will use upstream's init for debian --- debian/changelog | 10 +- debian/fail2ban.init | 248 ---------------------------------- debian/patches/deb_init_paths | 11 ++ debian/patches/series | 1 + debian/rules | 2 + 5 files changed, 22 insertions(+), 250 deletions(-) delete mode 100755 debian/fail2ban.init create mode 100644 debian/patches/deb_init_paths diff --git a/debian/changelog b/debian/changelog index 5d8f3dfe..8fa69b9e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -fail2ban (0.9.1-1.1) UNRELEASED; urgency=medium +fail2ban (0.9.1+git44-gd65c4f8-1) experimental; urgency=medium [ Christoph Anton Mitterer ] * Do not install the following configuration files which are not used within @@ -8,7 +8,13 @@ fail2ban (0.9.1-1.1) UNRELEASED; urgency=medium /etc/fail2ban/paths-osx.conf Closes: #767123 - -- Christoph Anton Mitterer Wed, 12 Nov 2014 05:20:20 +0100 + [ Yaroslav Halchenko ] + * New upstream snapshot from 0.9.1-44-gd65c4f8 + - carries a lot of fixes and improvements. Consult upstream ChangeLog + - debian's init file is now maintained in upstream codebase (for manual + deployments) + + -- Yaroslav Halchenko Tue, 30 Dec 2014 16:46:26 -0500 fail2ban (0.9.1-1) unstable; urgency=medium diff --git a/debian/fail2ban.init b/debian/fail2ban.init deleted file mode 100755 index d9bb3f50..00000000 --- a/debian/fail2ban.init +++ /dev/null @@ -1,248 +0,0 @@ -#! /bin/sh -### BEGIN INIT INFO -# Provides: fail2ban -# Required-Start: $local_fs $remote_fs -# Required-Stop: $local_fs $remote_fs -# Should-Start: $time $network $syslog iptables firehol shorewall ipmasq arno-iptables-firewall iptables-persistent ferm -# Should-Stop: $network $syslog iptables firehol shorewall ipmasq arno-iptables-firewall iptables-persistent ferm -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Start/stop fail2ban -# Description: Start/stop fail2ban, a daemon scanning the log files and -# banning potential attackers. -### END INIT INFO - -# Author: Aaron Isotton -# Modified: by Yaroslav Halchenko -# reindented + minor corrections + to work on sarge without modifications -# Modified: by Glenn Aaldering -# added exit codes for status command -# Modified: by Juan Karlo de Guzman -# corrected the DAEMON's path and the SOCKFILE -# rename this file: (sudo) mv /etc/init.d/fail2ban.init /etc/init.d/fail2ban -# same with the logrotate file: (sudo) mv /etc/logrotate.d/fail2ban.logrotate /etc/logrotate.d/fail2ban -# -PATH=/usr/sbin:/usr/bin:/sbin:/bin -DESC="authentication failure monitor" -NAME=fail2ban - -# fail2ban-client is not a daemon itself but starts a daemon and -# loads its with configuration -DAEMON=/usr/local/bin/$NAME-client -SCRIPTNAME=/etc/init.d/$NAME - -# Ad-hoc way to parse out socket file name -SOCKFILE=`grep -h '^[^#]*socket *=' /etc/$NAME/$NAME.conf /etc/$NAME/$NAME.local 2>/dev/null \ - | tail -n 1 | sed -e 's/.*socket *= *//g' -e 's/ *$//g'` -[ -z "$SOCKFILE" ] && SOCKFILE='/var/run/fail2ban.sock' - -# Exit if the package is not installed -[ -x "$DAEMON" ] || exit 0 - -# Run as root by default. -FAIL2BAN_USER=root - -# Read configuration variable file if it is present -[ -r /etc/default/$NAME ] && . /etc/default/$NAME -DAEMON_ARGS="$FAIL2BAN_OPTS" - -# Load the VERBOSE setting and other rcS variables -[ -f /etc/default/rcS ] && . /etc/default/rcS - -# Predefine what can be missing from lsb source later on -- necessary to run -# on sarge. Just present it in a bit more compact way from what was shipped -log_daemon_msg () { - [ -z "$1" ] && return 1 - echo -n "$1:" - [ -z "$2" ] || echo -n " $2" -} - -# Define LSB log_* functions. -# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. -# Actually has to (>=2.0-7) present in sarge. log_daemon_msg is predefined -# so we must be ok -. /lib/lsb/init-functions - -# -# Shortcut function for abnormal init script interruption -# -report_bug() -{ - echo $* - echo "Please submit a bug report to Debian BTS (reportbug fail2ban)" - exit 1 -} - -# -# Helper function to check if socket is present, which is often left after -# abnormal exit of fail2ban and needs to be removed -# -check_socket() -{ - # Return - # 0 if socket is present and readable - # 1 if socket file is not present - # 2 if socket file is present but not readable - # 3 if socket file is present but is not a socket - [ -e "$SOCKFILE" ] || return 1 - [ -r "$SOCKFILE" ] || return 2 - [ -S "$SOCKFILE" ] || return 3 - return 0 -} - -# -# Function that starts the daemon/service -# -do_start() -{ - # Return - # 0 if daemon has been started - # 1 if daemon was already running - # 2 if daemon could not be started - do_status && return 1 - - if [ -e "$SOCKFILE" ]; then - log_failure_msg "Socket file $SOCKFILE is present" - [ "$1" = "force-start" ] \ - && log_success_msg "Starting anyway as requested" \ - || return 2 - DAEMON_ARGS="$DAEMON_ARGS -x" - fi - - # Assure that /var/run/fail2ban exists - [ -d /var/run/fail2ban ] || mkdir -p /var/run/fail2ban - - if [ "$FAIL2BAN_USER" != "root" ]; then - # Make the socket directory, IP lists and fail2ban log - # files writable by fail2ban - chown "$FAIL2BAN_USER" /var/run/fail2ban - # Create the logfile if it doesn't exist - touch /var/log/fail2ban.log - chown "$FAIL2BAN_USER" /var/log/fail2ban.log - find /proc/net/xt_recent -name 'fail2ban-*' -exec chown "$FAIL2BAN_USER" {} \; - fi - - start-stop-daemon --start --quiet --chuid "$FAIL2BAN_USER" --exec $DAEMON -- \ - $DAEMON_ARGS start > /dev/null\ - || return 2 - - return 0 -} - - -# -# Function that checks the status of fail2ban and returns -# corresponding code -# -do_status() -{ - $DAEMON ping > /dev/null 2>&1 - return $? -} - -# -# Function that stops the daemon/service -# -do_stop() -{ - # Return - # 0 if daemon has been stopped - # 1 if daemon was already stopped - # 2 if daemon could not be stopped - # other if a failure occurred - $DAEMON status > /dev/null 2>&1 || return 1 - $DAEMON stop > /dev/null || return 2 - - # now we need actually to wait a bit since it might take time - # for server to react on client's stop request. Especially - # important for restart command on slow boxes - count=1 - while do_status && [ $count -lt 60 ]; do - sleep 1 - count=$(($count+1)) - done - [ $count -lt 60 ] || return 3 # failed to stop - - return 0 -} - -# -# Function to reload configuration -# -do_reload() { - $DAEMON reload > /dev/null && return 0 || return 1 - return 0 -} - -# yoh: -# shortcut function to don't duplicate case statements and to don't use -# bashisms (arrays). Fixes #368218 -# -log_end_msg_wrapper() -{ - if [ "$3" != "no" ]; then - [ $1 -lt $2 ] && value=0 || value=1 - log_end_msg $value - fi -} - -command="$1" -case "$command" in - start|force-start) - [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" - do_start "$command" - log_end_msg_wrapper $? 2 "$VERBOSE" - ;; - - stop) - [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" - do_stop - log_end_msg_wrapper $? 2 "$VERBOSE" - ;; - - restart|force-reload) - log_daemon_msg "Restarting $DESC" "$NAME" - do_stop - case "$?" in - 0|1) - do_start - log_end_msg_wrapper $? 1 "always" - ;; - *) - # Failed to stop - log_end_msg 1 - ;; - esac - ;; - - reload|force-reload) - log_daemon_msg "Reloading $DESC" "$NAME" - do_reload - log_end_msg $? - ;; - - status) - log_daemon_msg "Status of $DESC" - do_status - case $? in - 0) log_success_msg " $NAME is running" ;; - 255) - check_socket - case $? in - 1) log_failure_msg " $NAME is not running" && exit 3 ;; - 0) log_failure_msg " $NAME is not running but $SOCKFILE exists" && exit 3 ;; - 2) log_failure_msg " $SOCKFILE not readable, status of $NAME is unknown" && exit 3 ;; - 3) log_failure_msg " $SOCKFILE exists but not a socket, status of $NAME is unknown" && exit 3 ;; - *) report_bug "Unknown return code from $NAME:check_socket." && exit 4 ;; - esac - ;; - *) report_bug "Unknown $NAME status code" && exit 4 - esac - ;; - *) - echo "Usage: $SCRIPTNAME {start|force-start|stop|restart|force-reload|status}" >&2 - exit 3 - ;; -esac - -: diff --git a/debian/patches/deb_init_paths b/debian/patches/deb_init_paths new file mode 100644 index 00000000..f39df27c --- /dev/null +++ b/debian/patches/deb_init_paths @@ -0,0 +1,11 @@ +--- a/files/debian-initd ++++ b/files/debian-initd +@@ -28,7 +28,7 @@ NAME=fail2ban + + # fail2ban-client is not a daemon itself but starts a daemon and + # loads its with configuration +-DAEMON=/usr/local/bin/$NAME-client ++DAEMON=/usr/bin/$NAME-client + SCRIPTNAME=/etc/init.d/$NAME + + # Ad-hoc way to parse out socket file name diff --git a/debian/patches/series b/debian/patches/series index b7728eee..7438f9f3 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1 +1,2 @@ +deb_init_paths deb_manpages_reportbug diff --git a/debian/rules b/debian/rules index c2dc3b1f..a1200cca 100755 --- a/debian/rules +++ b/debian/rules @@ -19,6 +19,7 @@ PYVERSION=$(shell py3versions -dv) override_dh_clean: rm -rf fail2ban.egg-info + -rm debian/fail2ban.init dh_clean override_dh_install: @@ -52,6 +53,7 @@ override_dh_installexamples: dh_installexamples files/ipmasq-* files/nagios files/cacti override_dh_installinit: + cp -p files/debian-initd debian/fail2ban.init dh_installinit -- defaults 99 override_dh_installman: