futurile/guix-play
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

gnu: Add fail2ban.

Browse Source 
* gnu/packages/admin.scm (fail2ban): New variable.
* gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch,
gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch,
gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch,
gnu/packages/patches/fail2ban-paths-guix-conf.patch,
gnu/packages/patches/fail2ban-python310-server-action.patch,
gnu/packages/patches/fail2ban-python310-server-actions.patch,
gnu/packages/patches/fail2ban-python310-server-jails.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.

Co-authored-by: Ludovic Courtès <ludo@gnu.org>
This commit is contained in:
muradm 2022-07-17 05:30:40 +03:00 committed by Ludovic Courtès
parent 18d998ffdb
commit d7e7494bc4
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5
9 changed files with 600 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
gnu/local.mk
View File

@ -1049,6 +1049,13 @@ dist_patch_DATA = \
%D%/packages/patches/exercism-disable-self-update.patch \ %D%/packages/patches/exercism-disable-self-update.patch \
%D%/packages/patches/extempore-unbundle-external-dependencies.patch \ %D%/packages/patches/extempore-unbundle-external-dependencies.patch \
%D%/packages/patches/extundelete-e2fsprogs-1.44.patch \ %D%/packages/patches/extundelete-e2fsprogs-1.44.patch \
%D%/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch \
%D%/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch \
%D%/packages/patches/fail2ban-0.11.2_fix-test-suite.patch \
%D%/packages/patches/fail2ban-paths-guix-conf.patch \
%D%/packages/patches/fail2ban-python310-server-action.patch \
%D%/packages/patches/fail2ban-python310-server-actions.patch \
%D%/packages/patches/fail2ban-python310-server-jails.patch \
%D%/packages/patches/farstream-gupnp.patch \ %D%/packages/patches/farstream-gupnp.patch \
%D%/packages/patches/farstream-make.patch \ %D%/packages/patches/farstream-make.patch \
%D%/packages/patches/fastcap-mulGlobal.patch \ %D%/packages/patches/fastcap-mulGlobal.patch \

217
gnu/packages/admin.scm
View File

@ -100,6 +100,7 @@
#:use-module (gnu packages cross-base) #:use-module (gnu packages cross-base)
#:use-module (gnu packages crypto) #:use-module (gnu packages crypto)
#:use-module (gnu packages cryptsetup) #:use-module (gnu packages cryptsetup)
#:use-module (gnu packages curl)
#:use-module (gnu packages cyrus-sasl) #:use-module (gnu packages cyrus-sasl)
#:use-module (gnu packages dns) #:use-module (gnu packages dns)
#:use-module (gnu packages elf) #:use-module (gnu packages elf)
@ -134,6 +135,7 @@
#:use-module (gnu packages mcrypt) #:use-module (gnu packages mcrypt)
#:use-module (gnu packages mpi) #:use-module (gnu packages mpi)
#:use-module (gnu packages ncurses) #:use-module (gnu packages ncurses)
#:use-module (gnu packages networking)
#:use-module (gnu packages openldap) #:use-module (gnu packages openldap)
#:use-module (gnu packages patchutils) #:use-module (gnu packages patchutils)
#:use-module (gnu packages pciutils) #:use-module (gnu packages pciutils)
@ -152,6 +154,7 @@
#:use-module (gnu packages ruby) #:use-module (gnu packages ruby)
#:use-module (gnu packages selinux) #:use-module (gnu packages selinux)
#:use-module (gnu packages serialization) #:use-module (gnu packages serialization)
#:use-module (gnu packages sqlite)
#:use-module (gnu packages ssh) #:use-module (gnu packages ssh)
#:use-module (gnu packages sphinx) #:use-module (gnu packages sphinx)
#:use-module (gnu packages tcl) #:use-module (gnu packages tcl)
@ -5230,3 +5233,217 @@ allows applications to use whatever seat management is available.")
mediate access to shared devices, such as graphics and input, for applications mediate access to shared devices, such as graphics and input, for applications
that require it.") that require it.")
(license license:expat))) (license license:expat)))
(define-public fail2ban
(package
(name "fail2ban")
(version "0.11.2")
(source (origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/fail2ban/fail2ban")
(commit version)))
(file-name (git-file-name name version))
(sha256
(base32
"00d9q8m284q2wy6q462nipzszplfbvrs9fhgn0y3imwsc24kv1db"))
(modules '((guix build utils)))
(snippet
'(begin
;; Get rid of absolute file names.
(substitute* "setup.py"
(("/etc/fail2ban")
"etc/fail2ban")
(("/var/lib/fail2ban")
"var/lib/fail2ban")
(("\"/usr/bin/\"")
"\"usr/bin/\"")
(("\"/usr/lib/fail2ban/\"")
"\"usr/lib/fail2ban/\"")
(("'/usr/share/doc/fail2ban'")
"'usr/share/doc/fail2ban'"))
;; disable tests performing unacceptable side-effects
(let ((make-suite (lambda (t)
(string-append
"tests.addTest.unittest.makeSuite."
t ".."))))
(substitute* "fail2ban/tests/utils.py"
(((make-suite "actiontestcase.CommandActionTest"))
"")
(((make-suite "misctestcase.SetupTest"))
"")
(((make-suite
"filtertestcase.DNSUtilsNetworkTests"))
"")
(((make-suite "filtertestcase.IgnoreIPDNS"))
"")
(((make-suite "filtertestcase.GetFailures"))
"")
(((make-suite
"fail2banclienttestcase.Fail2banServerTest"))
"")
(((make-suite
"servertestcase.ServerConfigReaderTests"))
"")))))
(patches (search-patches
"fail2ban-0.11.2_fix-setuptools-drop-2to3.patch"
"fail2ban-python310-server-action.patch"
"fail2ban-python310-server-actions.patch"
"fail2ban-python310-server-jails.patch"
"fail2ban-0.11.2_fix-test-suite.patch"
"fail2ban-0.11.2_CVE-2021-32749.patch"
"fail2ban-paths-guix-conf.patch"))))
(build-system python-build-system)
(arguments
'(#:phases (modify-phases %standard-phases
(add-before 'build 'invoke-2to3
(lambda _
(invoke "./fail2ban-2to3")))
(add-before 'install 'fix-default-config
(lambda* (#:key outputs #:allow-other-keys)
(substitute* '("config/paths-common.conf"
"fail2ban/tests/utils.py"
"fail2ban/client/configreader.py"
"fail2ban/client/fail2bancmdline.py"
"fail2ban/client/fail2banregex.py")
(("/etc/fail2ban")
(string-append (assoc-ref outputs "out")
"/etc/fail2ban")))))
(add-after 'fix-default-config 'set-action-dependencies
(lambda* (#:key inputs #:allow-other-keys)
;; deleting things that are not feasible to fix
;; or won't be used any way
(with-directory-excursion "config"
(for-each delete-file
'("paths-arch.conf"
"paths-debian.conf"
"paths-fedora.conf"
"paths-freebsd.conf"
"paths-opensuse.conf"
"paths-osx.conf")))
(with-directory-excursion "config/action.d"
(for-each delete-file
'("apf.conf"
"bsd-ipfw.conf"
"dshield.conf"
"ipfilter.conf"
"ipfw.conf"
"firewallcmd-allports.conf"
"firewallcmd-common.conf"
"firewallcmd-ipset.conf"
"firewallcmd-multiport.conf"
"firewallcmd-new.conf"
"firewallcmd-rich-logging.conf"
"firewallcmd-rich-rules.conf"
"osx-afctl.conf"
"osx-ipfw.conf"
"pf.conf"
"nginx-block-map.conf"
"npf.conf"
"shorewall.conf"
"shorewall-ipset-proto6.conf"
"ufw.conf")))
(let* ((lookup-cmd (lambda (i)
(search-input-file inputs i)))
(bin (lambda (i)
(lookup-cmd (string-append "/bin/" i))))
(sbin (lambda (i)
(lookup-cmd (string-append "/sbin/" i))))
(ip (sbin "ip"))
(sendmail (sbin "sendmail")))
(substitute* (find-files "config/action.d" "\\.conf$")
;; TODO: deal with geoiplookup ..
(("(awk|curl|dig|jq)" all cmd)
(bin cmd))
(("(cat|echo|grep|head|printf|wc) " all
cmd)
(string-append (bin cmd) " "))
((" (date|rm|sed|tail|touch|tr) " all
cmd)
(string-append " "
(bin cmd) " "))
(("cut -d")
(string-append (bin "cut") " -d"))
(("`date`")
(string-append "`"
(bin "date") "`"))
(("id -")
(string-append (bin "id") " -"))
(("ip -([46]) addr" all ver)
(string-append ip " -" ver " addr"))
(("ip route")
(string-append ip " route"))
(("ipset ")
(string-append (sbin "ipset") " "))
(("(iptables|ip6tables) <" all cmd)
(string-append (sbin cmd) " <"))
(("/usr/bin/nsupdate")
(bin "nsupdate"))
(("mail -E")
(string-append sendmail " -E"))
(("nftables = nft")
(string-append "nftables = " (sbin "nft")))
(("perl -e")
(string-append (bin "perl") " -e"))
(("/usr/sbin/sendmail")
sendmail)
(("test -e")
(string-append (bin "test") " -e"))
(("_whois = whois")
(string-append "_whois = " (bin "whois")))))
(substitute* "config/jail.conf"
(("before = paths-debian.conf")
"before = paths-guix.conf"))))
(add-after 'install 'copy-man-pages
(lambda* (#:key outputs #:allow-other-keys)
(let* ((man (string-append (assoc-ref outputs "out")
"/man"))
(install-man (lambda (m)
(lambda (f)
(install-file (string-append f
"." m)
(string-append man
"/man" m)))))
(install-man1 (install-man "1"))
(install-man5 (install-man "5")))
(with-directory-excursion "man"
(for-each install-man1
'("fail2ban"
"fail2ban-client"
"fail2ban-python"
"fail2ban-regex"
"fail2ban-server"
"fail2ban-testcases"))
(for-each install-man5
'("jail.conf")))))))))
(inputs (list gawk
coreutils-minimal
curl
grep
jq
iproute
ipset
iptables
`(,isc-bind "utils")
nftables
perl
python-pyinotify
sed
sendmail
sqlite
whois))
(home-page "http://www.fail2ban.org")
(synopsis "Daemon to ban hosts that cause multiple authentication errors")
(description
"Fail2Ban scans log files like @file{/var/log/auth.log} and bans IP
addresses conducting too many failed login attempts. It does this by updating
system firewall rules to reject new connections from those IP addresses, for a
configurable amount of time. Fail2Ban comes out-of-the-box ready to read many
standard log files, such as those for sshd and Apache, and is easily
configured to read any log file of your choosing, for any error you wish.
Though Fail2Ban is able to reduce the rate of incorrect authentication
attempts, it cannot eliminate the risk presented by weak authentication. Set
up services to use only two factor, or public/private authentication
mechanisms if you really want to protect services.")
(license license:gpl2+)))

155
gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch Normal file
View File

@ -0,0 +1,155 @@
From 410a6ce5c80dd981c22752da034f2529b5eee844 Mon Sep 17 00:00:00 2001
From: sebres <serg.brester@sebres.de>
Date: Mon, 21 Jun 2021 17:12:53 +0200
Subject: [PATCH] fixed possible RCE vulnerability, unset escape variable
(default tilde) stops consider "~" char after new-line as composing escape
sequence
---
config/action.d/complain.conf | 2 +-
config/action.d/dshield.conf | 2 +-
config/action.d/mail-buffered.conf | 8 ++++----
config/action.d/mail-whois-lines.conf | 2 +-
config/action.d/mail-whois.conf | 6 +++---
config/action.d/mail.conf | 6 +++---
6 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/config/action.d/complain.conf b/config/action.d/complain.conf
index 3a5f882c9f..4d73b05859 100644
--- a/config/action.d/complain.conf
+++ b/config/action.d/complain.conf
@@ -102,7 +102,7 @@ logpath = /dev/null
# Notes.: Your system mail command. Is passed 2 args: subject and recipient
# Values: CMD
#
-mailcmd = mail -s
+mailcmd = mail -E 'set escape' -s
# Option: mailargs
# Notes.: Additional arguments to mail command. e.g. for standard Unix mail:
diff --git a/config/action.d/dshield.conf b/config/action.d/dshield.conf
index c128bef348..3d5a7a53a9 100644
--- a/config/action.d/dshield.conf
+++ b/config/action.d/dshield.conf
@@ -179,7 +179,7 @@ tcpflags =
# Notes.: Your system mail command. Is passed 2 args: subject and recipient
# Values: CMD
#
-mailcmd = mail -s
+mailcmd = mail -E 'set escape' -s
# Option: mailargs
# Notes.: Additional arguments to mail command. e.g. for standard Unix mail:
diff --git a/config/action.d/mail-buffered.conf b/config/action.d/mail-buffered.conf
index 325f185b2f..79b841049c 100644
--- a/config/action.d/mail-buffered.conf
+++ b/config/action.d/mail-buffered.conf
@@ -17,7 +17,7 @@ actionstart = printf %%b "Hi,\n
The jail <name> has been started successfully.\n
Output will be buffered until <lines> lines are available.\n
Regards,\n
- Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
# Option: actionstop
# Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
@@ -28,13 +28,13 @@ actionstop = if [ -f <tmpfile> ]; then
These hosts have been banned by Fail2Ban.\n
`cat <tmpfile>`
Regards,\n
- Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary from <fq-hostname>" <dest>
+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: Summary from <fq-hostname>" <dest>
rm <tmpfile>
fi
printf %%b "Hi,\n
The jail <name> has been stopped.\n
Regards,\n
- Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
# Option: actioncheck
# Notes.: command executed once before each actionban command
@@ -55,7 +55,7 @@ actionban = printf %%b "`date`: <ip> (<failures> failures)\n" >> <tmpfile>
These hosts have been banned by Fail2Ban.\n
`cat <tmpfile>`
\nRegards,\n
- Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary" <dest>
+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: Summary" <dest>
rm <tmpfile>
fi
diff --git a/config/action.d/mail-whois-lines.conf b/config/action.d/mail-whois-lines.conf
index 3a3e56b2c7..d2818cb9b9 100644
--- a/config/action.d/mail-whois-lines.conf
+++ b/config/action.d/mail-whois-lines.conf
@@ -72,7 +72,7 @@ actionunban =
# Notes.: Your system mail command. Is passed 2 args: subject and recipient
# Values: CMD
#
-mailcmd = mail -s
+mailcmd = mail -E 'set escape' -s
# Default name of the chain
#
diff --git a/config/action.d/mail-whois.conf b/config/action.d/mail-whois.conf
index 7fea34c40d..ab33b616dc 100644
--- a/config/action.d/mail-whois.conf
+++ b/config/action.d/mail-whois.conf
@@ -20,7 +20,7 @@ norestored = 1
actionstart = printf %%b "Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
- Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
# Option: actionstop
# Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
@@ -29,7 +29,7 @@ actionstart = printf %%b "Hi,\n
actionstop = printf %%b "Hi,\n
The jail <name> has been stopped.\n
Regards,\n
- Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
# Option: actioncheck
# Notes.: command executed once before each actionban command
@@ -49,7 +49,7 @@ actionban = printf %%b "Hi,\n
Here is more information about <ip> :\n
`%(_whois_command)s`\n
Regards,\n
- Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
diff --git a/config/action.d/mail.conf b/config/action.d/mail.conf
index 5d8c0e154c..f4838ddcb6 100644
--- a/config/action.d/mail.conf
+++ b/config/action.d/mail.conf
@@ -16,7 +16,7 @@ norestored = 1
actionstart = printf %%b "Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
- Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
# Option: actionstop
# Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
@@ -25,7 +25,7 @@ actionstart = printf %%b "Hi,\n
actionstop = printf %%b "Hi,\n
The jail <name> has been stopped.\n
Regards,\n
- Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
# Option: actioncheck
# Notes.: command executed once before each actionban command
@@ -43,7 +43,7 @@ actionban = printf %%b "Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n
Regards,\n
- Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the

64
gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch Normal file
View File

@ -0,0 +1,64 @@
From 5ac303df8a171f748330d4c645ccbf1c2c7f3497 Mon Sep 17 00:00:00 2001
From: sebres <info@sebres.de>
Date: Sun, 19 Sep 2021 18:49:18 +0200
Subject: [PATCH] fix gh-3098: build fails with error in fail2ban setup
command: use_2to3 is invalid (setuptools 58+)
---
setup.py | 16 +---------------
1 file changed, 1 insertion(+), 15 deletions(-)
diff --git a/setup.py b/setup.py
index f4c2550f6f..98413273c5 100755
--- a/setup.py
+++ b/setup.py
@@ -48,7 +48,7 @@
from glob import glob
from fail2ban.setup import updatePyExec
-
+from fail2ban.version import version
source_dir = os.path.realpath(os.path.dirname(
# __file__ seems to be overwritten sometimes on some python versions (e.g. bug of 2.6 by running under cProfile, etc.):
@@ -112,22 +112,12 @@ def update_scripts(self, dry_run=False):
# Wrapper to specify fail2ban own options:
class install_command_f2b(install):
user_options = install.user_options + [
- ('disable-2to3', None, 'Specify to deactivate 2to3, e.g. if the install runs from fail2ban test-cases.'),
('without-tests', None, 'without tests files installation'),
]
def initialize_options(self):
- self.disable_2to3 = None
self.without_tests = not with_tests
install.initialize_options(self)
def finalize_options(self):
- global _2to3
- ## in the test cases 2to3 should be already done (fail2ban-2to3):
- if self.disable_2to3:
- _2to3 = False
- if _2to3:
- cmdclass = self.distribution.cmdclass
- cmdclass['build_py'] = build_py_2to3
- cmdclass['build_scripts'] = build_scripts_2to3
if self.without_tests:
self.distribution.scripts.remove('bin/fail2ban-testcases')
@@ -178,7 +168,6 @@ def run(self):
if setuptools:
setup_extra = {
'test_suite': "fail2ban.tests.utils.gatherTests",
- 'use_2to3': True,
}
else:
setup_extra = {}
@@ -202,9 +191,6 @@ def run(self):
('/usr/share/doc/fail2ban', doc_files)
)
-# Get version number, avoiding importing fail2ban.
-# This is due to tests not functioning for python3 as 2to3 takes place later
-exec(open(join("fail2ban", "version.py")).read())
setup(
name = "fail2ban",

48
gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch Normal file
View File

@ -0,0 +1,48 @@
From 747d4683221b5584f9663695fb48145689b42ceb Mon Sep 17 00:00:00 2001
From: sebres <info@sebres.de>
Date: Mon, 4 Jan 2021 02:42:38 +0100
Subject: [PATCH] fixes century selector of %ExY and %Exy in datepattern for
tests, considering interval from 2005 (alternate now) to now; + better
grouping algorithm for resulting century RE
---
fail2ban/server/strptime.py | 24 ++++++++++++++++++++++--
1 file changed, 22 insertions(+), 2 deletions(-)
diff --git a/fail2ban/server/strptime.py b/fail2ban/server/strptime.py
index 1464a96d1f..39fc795865 100644
--- a/fail2ban/server/strptime.py
+++ b/fail2ban/server/strptime.py
@@ -36,10 +36,30 @@ def _getYearCentRE(cent=(0,3), distance=3, now=(MyTime.now(), MyTime.alternateNo
Thereby respect possible run in the test-cases (alternate date used there)
"""
cent = lambda year, f=cent[0], t=cent[1]: str(year)[f:t]
+ def grp(exprset):
+ c = None
+ if len(exprset) > 1:
+ for i in exprset:
+ if c is None or i[0:-1] == c:
+ c = i[0:-1]
+ else:
+ c = None
+ break
+ if not c:
+ for i in exprset:
+ if c is None or i[0] == c:
+ c = i[0]
+ else:
+ c = None
+ break
+ if c:
+ return "%s%s" % (c, grp([i[len(c):] for i in exprset]))
+ return ("(?:%s)" % "|".join(exprset) if len(exprset[0]) > 1 else "[%s]" % "".join(exprset)) \
+ if len(exprset) > 1 else "".join(exprset)
exprset = set( cent(now[0].year + i) for i in (-1, distance) )
if len(now) and now[1]:
- exprset |= set( cent(now[1].year + i) for i in (-1, distance) )
- return "(?:%s)" % "|".join(exprset) if len(exprset) > 1 else "".join(exprset)
+ exprset |= set( cent(now[1].year + i) for i in xrange(-1, now[0].year-now[1].year+1, distance) )
+ return grp(sorted(list(exprset)))
timeRE = TimeRE()

32
gnu/packages/patches/fail2ban-paths-guix-conf.patch Normal file
View File

@ -0,0 +1,32 @@
From ef28dcf7a5bdbfd8ba586bb066d5ec53188a6bf9 Mon Sep 17 00:00:00 2001
From: muradm <mail@muradm.net>
Date: Fri, 15 Jul 2022 20:08:14 +0300
Subject: [PATCH] Add paths-guix.conf file.
---
config/paths-guix.conf | 13 +++++++++++++
1 file changed, 13 insertions(+)
create mode 100644 config/paths-guix.conf
diff --git a/config/paths-guix.conf b/config/paths-guix.conf
new file mode 100644
index 00000000..b4a2e9f5
--- /dev/null
+++ b/config/paths-guix.conf
@@ -0,0 +1,13 @@
+# Guix
+
+[INCLUDES]
+
+before = paths-common.conf
+after = paths-overrides.local
+
+
+[DEFAULT]
+
+syslog_authpriv = /var/log/secure
+syslog_mail = /var/log/maillog
+syslog_mail_warn = /var/log/maillog
--
2.36.1

27
gnu/packages/patches/fail2ban-python310-server-action.patch Normal file
View File

@ -0,0 +1,27 @@
From 2b6bb2c1bed8f7009631e8f8c306fa3160324a49 Mon Sep 17 00:00:00 2001
From: "Sergey G. Brester" <serg.brester@sebres.de>
Date: Mon, 8 Feb 2021 17:19:24 +0100
Subject: [PATCH] follow bpo-37324: :ref:`collections-abstract-base-classes`
moved to the :mod:`collections.abc` module
(since 3.10-alpha.5 `MutableMapping` is missing in collections module)
---
fail2ban/server/action.py | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/fail2ban/server/action.py b/fail2ban/server/action.py
index 3bc48fe046..f0f1e6f59a 100644
--- a/fail2ban/server/action.py
+++ b/fail2ban/server/action.py
@@ -30,7 +30,10 @@
import threading
import time
from abc import ABCMeta
-from collections import MutableMapping
+try:
+ from collections.abc import MutableMapping
+except ImportError:
+ from collections import MutableMapping
from .failregex import mapTag2Opt
from .ipdns import DNSUtils

25
gnu/packages/patches/fail2ban-python310-server-actions.patch Normal file
View File

@ -0,0 +1,25 @@
From 42dee38ad2ac5c3f23bdf297d824022923270dd9 Mon Sep 17 00:00:00 2001
From: "Sergey G. Brester" <serg.brester@sebres.de>
Date: Mon, 8 Feb 2021 17:25:45 +0100
Subject: [PATCH] amend for `Mapping`
---
fail2ban/server/actions.py | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/fail2ban/server/actions.py b/fail2ban/server/actions.py
index b7b95b445a..897d907c1a 100644
--- a/fail2ban/server/actions.py
+++ b/fail2ban/server/actions.py
@@ -28,7 +28,10 @@
import os
import sys
import time
-from collections import Mapping
+try:
+ from collections.abc import Mapping
+except ImportError:
+ from collections import Mapping
try:
from collections import OrderedDict
except ImportError:

25
gnu/packages/patches/fail2ban-python310-server-jails.patch Normal file
View File

@ -0,0 +1,25 @@
From 9f1d1f4fbd0804695a976beb191f2c49a2739834 Mon Sep 17 00:00:00 2001
From: "Sergey G. Brester" <serg.brester@sebres.de>
Date: Mon, 8 Feb 2021 17:35:59 +0100
Subject: [PATCH] amend for `Mapping` (jails)
---
fail2ban/server/jails.py | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/fail2ban/server/jails.py b/fail2ban/server/jails.py
index 972a8c4bd2..27e12ddf65 100644
--- a/fail2ban/server/jails.py
+++ b/fail2ban/server/jails.py
@@ -22,7 +22,10 @@
__license__ = "GPL"
from threading import Lock
-from collections import Mapping
+try:
+ from collections.abc import Mapping
+except ImportError:
+ from collections import Mapping
from ..exceptions import DuplicateJailException, UnknownJailException
from .jail import Jail