diff --git a/debian/changelog b/debian/changelog index 2fbef8b8..4513f21b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -13,6 +13,8 @@ fail2ban (0.11.2-3) unstable; urgency=medium * Fix the roundcube debian custom path (Closes: #988323) Thanks to Kurt Fitzner for the patch * Do not fail the postinst if chown/chmod are failing (Closes: #926237) + * Adjust the systemd path from /var/run => /run + (Closes: #902413) -- Sylvestre Ledru Sat, 23 Oct 2021 16:09:47 +0200 diff --git a/debian/patches/series b/debian/patches/series index e496baa2..d2ea6aeb 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -8,3 +8,4 @@ no-python-user.diff roundcube.diff fix-mail.patch debian_roundcube.diff +systemd-run.diff diff --git a/debian/patches/systemd-run.diff b/debian/patches/systemd-run.diff new file mode 100644 index 00000000..061b4bf6 --- /dev/null +++ b/debian/patches/systemd-run.diff @@ -0,0 +1,49 @@ + +Index: fail2ban/files/fail2ban.service.in +=================================================================== +--- fail2ban.orig/files/fail2ban.service.in ++++ fail2ban/files/fail2ban.service.in +@@ -7,12 +7,12 @@ PartOf=firewalld.service + [Service] + Type=simple + Environment="PYTHONNOUSERSITE=1" +-ExecStartPre=/bin/mkdir -p /run/fail2ban + ExecStart=@BINDIR@/fail2ban-server -xf start + # if should be logged in systemd journal, use following line or set logtarget to sysout in fail2ban.local + # ExecStart=@BINDIR@/fail2ban-server -xf --logtarget=sysout start + ExecStop=@BINDIR@/fail2ban-client stop + ExecReload=@BINDIR@/fail2ban-client reload ++RuntimeDirectory=fail2ban + PIDFile=/run/fail2ban/fail2ban.pid + Restart=on-failure + RestartPreventExitStatus=0 255 +Index: fail2ban/files/debian-initd +=================================================================== +--- fail2ban.orig/files/debian-initd ++++ fail2ban/files/debian-initd +@@ -34,7 +34,7 @@ SCRIPTNAME="/etc/init.d/$NAME" + # Ad-hoc way to parse out socket file name + SOCKFILE="$(grep -h '^[^#]*socket *=' "/etc/$NAME/$NAME.conf" "/etc/$NAME/$NAME.local" 2>/dev/null \ + | tail -n 1 | sed -e 's/.*socket *= *//g' -e 's/ *$//g')" +-[ -z "$SOCKFILE" ] && SOCKFILE="/var/run/fail2ban.sock" ++[ -z "$SOCKFILE" ] && SOCKFILE="/run/fail2ban.sock" + + # Exit if the package is not installed + [ -x "$DAEMON" ] || exit 0 +@@ -110,13 +110,13 @@ do_start() + DAEMON_ARGS="$DAEMON_ARGS -x" + fi + +- # Assure that /var/run/fail2ban exists +- [ -d /var/run/fail2ban ] || mkdir -p /var/run/fail2ban ++ # Assure that /run/fail2ban exists ++ [ -d /run/fail2ban ] || mkdir -p /run/fail2ban + + if [ "$FAIL2BAN_USER" != root ]; then + # Make the socket directory, IP lists and fail2ban log + # files writable by fail2ban +- chown "$FAIL2BAN_USER" /var/run/fail2ban ++ chown "$FAIL2BAN_USER" /run/fail2ban + # Create the logfile if it doesn't exist + touch /var/log/fail2ban.log + chown "$FAIL2BAN_USER" /var/log/fail2ban.log