Bookworm+ update

This commit is contained in:
Mario Fetka
2026-04-22 23:56:12 +02:00
parent 2230ffdadd
commit 08c9ad24ff
13 changed files with 70 additions and 208 deletions

24
debian/README.Debian vendored
View File

@@ -1,19 +1,11 @@
fail2ban-p2p for Debian
-----------------------
=======================
This package ships the legacy fail2ban-p2p daemon and client, updated to run
with Python 3. The upstream project is old and its packaging layout is unusual,
so this Debian packaging intentionally keeps the service wiring conservative.
This package installs the fail2ban-p2p daemon, default configuration under
/etc/fail2ban-p2p and a systemd unit named fail2ban-p2p.service.
Operational notes:
* The daemon is disabled by default. Enable it in /etc/default/fail2ban-p2p.
* Configuration lives in /etc/fail2ban-p2p/.
* The package creates a dedicated system user: fail2ban-p2p.
* A local keypair can be generated with:
fail2ban-p2p.py -K -c /etc/fail2ban-p2p
* The daemon log file is:
/var/log/fail2ban-p2p.log
The shipped init script is retained for compatibility with older setups. For
new deployments, a native systemd unit would be preferable.
After installation:
1. Review /etc/fail2ban-p2p/fail2ban-p2p.conf
2. Create or install the node key pair
3. Add friend configuration files under /etc/fail2ban-p2p/friends/
4. Start the service with: systemctl enable --now fail2ban-p2p.service

18
debian/README.source vendored
View File

@@ -1,14 +1,6 @@
fail2ban-p2p source package for Debian
--------------------------------------
This package is maintained directly from the upstream source tree.
This package is maintained as a minimal refresh of the historical Debian
packaging while the upstream codebase is being ported to Python 3.
Notes for maintainers:
* The package still installs the application using setup.py because the
upstream layout is not yet a standard Python package layout.
* Many files generated by dh_make and debhelper were intentionally removed
from debian/ because they were examples or build artefacts.
* If the upstream package layout is modernized later, debian/rules should be
simplified further to use pybuild directly.
Bookworm and newer packaging notes:
- debhelper compat level 13
- Python 3 only
- systemd service installation via dh_installsystemd

70
debian/changelog vendored
View File

@@ -1,66 +1,8 @@
fail2ban-p2p (0.1.2+py3) unstable; urgency=medium
fail2ban-p2p (0.1.2+py3+1) unstable; urgency=medium
* Port package and installed scripts to Python 3.
* Replace Python 2 packaging metadata with dh-python based dependencies.
* Update debhelper compatibility for current Debian packaging.
* Refresh maintainer scripts and service metadata for current policy.
* Convert debian/copyright to machine-readable DEP-5 format.
* Port package metadata to Python 3 only.
* Switch packaging to debhelper compat 13.
* Install systemd service for Bookworm and newer.
* Drop obsolete Python 2 substitution variables and legacy init handling.
-- Manuel Munz <manu@somakoma.de> Wed, 22 Apr 2026 12:00:00 +0200
fail2ban-p2p (0.1.2) precise; urgency=low
* Better input filtering and error messages for invalid messages
* document classes and functions in code
* add sphinx for generating documentation
* reorder modules to resolve circular imports
* general cleanups
* client: fix an exception when the message received from the server was not valid json
-- Manuel Munz <manu@somakoma.de> Fri, 24 May 2013 15:23:49 +0200
fail2ban-p2p (0.1.1) precise; urgency=low
* 0.1.1 Fix problem with table dump in fail2ban-p2p-client
-- Manuel Munz <manu@somakoma.de> Tue, 16 Apr 2013 18:00:24 +0200
fail2ban-p2p (0.1.0) precise; urgency=low
* fix trustlevels handling
* pull banlists from friends when starting the node
-- Manuel Munz <manu@somakoma.de> Thu, 11 Apr 2013 16:14:53 +0200
fail2ban-p2p (0.0.5-1) oneiric; urgency=low
* Change in message protocol. Use JSON encoded messages now.
* Warning: This beraks compatibility with earlier versions.
-- Manuel Munz <manu@somakoma.de> Thu, 21 Mar 2013 18:42:32 +0100
fail2ban-p2p (0.0.4-1) oneiric; urgency=low
* removed dummy signature check, fixes crash when 'signature' was sent as signature
* fix permissions on private keyfile
* more log output
-- Manuel Munz <manu@somakoma.de> Wed, 23 Jan 2013 16:07:55 +0100
fail2ban-p2p (0.0.3-1) oneiric; urgency=low
* Update to 0.0.3
-- Manuel Munz <manu@somakoma.de> Wed, 23 Jan 2013 15:53:43 +0100
fail2ban-p2p (0.0.2-1) oneiric; urgency=low
* Update to 0.0.2
-- Manuel Munz <manu@somakoma.de> Wed, 23 Jan 2013 15:53:30 +0100
fail2ban-p2p (0.0.1-1) unstable; urgency=low
* Initial release (Closes: #nnnn) <nnnn is the bug number of your ITP>
-- Manuel Munz <manu@somakoma.de> Wed, 07 Nov 2012 16:40:08 +0100
-- Manuel Munz <manu@somakoma.de> Wed, 22 Apr 2026 22:30:00 +0200

1
debian/compat vendored
View File

@@ -1 +0,0 @@
13

7
debian/control vendored
View File

@@ -3,7 +3,7 @@ Section: net
Priority: optional
Maintainer: Manuel Munz <manu@somakoma.de>
Build-Depends:
debhelper (>= 13),
debhelper-compat (= 13),
dh-python,
python3-all,
python3-setuptools
@@ -19,6 +19,5 @@ Depends:
adduser,
python3-m2crypto
Description: Distribute attacker information from fail2ban via a p2p network
fail2ban-p2p distributes attacker information from fail2ban between hosts
in a peer-to-peer or friend-to-friend network so attackers can be blocked
across multiple systems.
Fail2ban-p2p can be used to distribute information about attackers in a
p2p/f2f network to ban these attackers on all hosts.

45
debian/copyright vendored
View File

@@ -3,8 +3,8 @@ Upstream-Name: fail2ban-p2p
Source: https://github.com/mmunz/fail2ban-p2p
Files: *
Copyright: 2012-2013 Johannes Fuermann <johannes at fuermann.cc>
2012-2013 Manuel Munz <manu@somakoma.de>
Copyright: 2013 Johannes Fuermann <johannes at fuermann.cc>
2013 Manuel Munz <manu at somakoma.de>
License: GPL-3+
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -18,39 +18,24 @@ License: GPL-3+
.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
Comment:
The upstream source files state that fail2ban-p2p is licensed under the
GNU General Public License Version 3.
Files: odict.py
Copyright: 2009 Raymond Hettinger
Files: fail2ban-p2p/odict.py
Copyright: 2009 Raymond Hettinger and contributors
License: MIT
Permission is hereby granted, free of charge, to any person obtaining a
copy of this software and associated documentation files (the "Software"),
to deal in the Software without restriction, including without limitation
the rights to use, copy, modify, merge, publish, distribute, sublicense,
and/or sell copies of the Software, and to permit persons to whom the
Software is furnished to do so, subject to the following conditions:
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
.
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
DEALINGS IN THE SOFTWARE.
Files: debian/*
Copyright: 2012-2026 Manuel Munz <manu@somakoma.de>
License: GPL-3+
License: GPL-3+
On Debian systems, the full text of the GNU General Public License
version 3 can be found in /usr/share/common-licenses/GPL-3.
License: MIT
On Debian systems, the full text of the MIT license can be found in
/usr/share/common-licenses/MIT.
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

View File

@@ -1,10 +1,3 @@
# Defaults for fail2ban-p2p initscript
# sourced by /etc/init.d/fail2ban-p2p
# Additional options passed to the daemon.
# Defaults for fail2ban-p2p
# Additional daemon options can be set here.
DAEMON_OPTS=""
# Set to true to start the daemon at boot.
# Leave disabled by default so the service is only started after
# configuration and key material have been created by the administrator.
START_DAEMON=false

View File

@@ -1 +1,2 @@
fail2ban-p2p.service lib/systemd/system/
debian/fail2ban-p2p.service lib/systemd/system/
debian/fail2ban-p2p.default etc/default/

View File

@@ -1,25 +1,23 @@
[Unit]
Description=fail2ban-p2p distributed ban exchange daemon
Documentation=man:systemd.service(5)
After=network-online.target
Description=fail2ban-p2p daemon
Documentation=file:/usr/share/doc/fail2ban-p2p/README.Debian
Wants=network-online.target
After=network-online.target
[Service]
Type=simple
User=fail2ban-p2p
Group=fail2ban-p2p
EnvironmentFile=-/etc/default/fail2ban-p2p
ExecStart=/usr/bin/python3 /usr/share/fail2ban-p2p/fail2ban-p2p.py -c /etc/fail2ban-p2p $DAEMON_OPTS
RuntimeDirectory=fail2ban-p2p
StateDirectory=fail2ban-p2p
ExecStart=/usr/bin/python3 /usr/bin/fail2ban-p2p.py -c /etc/fail2ban-p2p $DAEMON_OPTS
Restart=on-failure
RestartSec=5s
RestartSec=5
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=full
ProtectHome=true
ReadWritePaths=/etc/fail2ban-p2p /var/log/fail2ban-p2p.log
WorkingDirectory=/var/lib/fail2ban-p2p
StateDirectory=fail2ban-p2p
RuntimeDirectory=fail2ban-p2p
[Install]
WantedBy=multi-user.target

29
debian/postinst vendored
View File

@@ -1,31 +1,14 @@
#!/bin/sh
set -e
PACKAGE=fail2ban-p2p
SERVER_USER=${SERVER_USER:-fail2ban-p2p}
SERVER_GROUP=${SERVER_GROUP:-fail2ban-p2p}
SERVER_HOME=${SERVER_HOME:-/var/lib/fail2ban-p2p}
LOGFILE=/var/log/fail2ban-p2p.log
CONFDIR=/etc/fail2ban-p2p
case "$1" in
configure)
install -d -o "$SERVER_USER" -g "$SERVER_GROUP" -m 0750 "$SERVER_HOME"
if [ -d "$CONFDIR" ]; then
chgrp "$SERVER_GROUP" "$CONFDIR" || true
chmod 0750 "$CONFDIR" || true
find "$CONFDIR" -type d -exec chmod 0750 {} \; || true
fi
if [ -f "$LOGFILE" ]; then
chown "$SERVER_USER":adm "$LOGFILE" || true
chmod 0640 "$LOGFILE" || true
fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument '$1'" >&2
exit 1
install -d -o fail2ban-p2p -g fail2ban-p2p -m 0750 /var/lib/fail2ban-p2p
install -d -o fail2ban-p2p -g fail2ban-p2p -m 0750 /run/fail2ban-p2p
install -d -o fail2ban-p2p -g adm -m 0755 /var/log
touch /var/log/fail2ban-p2p.log
chown fail2ban-p2p:adm /var/log/fail2ban-p2p.log
chmod 0640 /var/log/fail2ban-p2p.log
;;
esac

40
debian/preinst vendored
View File

@@ -1,44 +1,22 @@
#!/bin/sh
set -e
PACKAGE=fail2ban-p2p
SERVER_USER=${SERVER_USER:-fail2ban-p2p}
SERVER_GROUP=${SERVER_GROUP:-fail2ban-p2p}
SERVER_HOME=${SERVER_HOME:-/var/lib/fail2ban-p2p}
LOGFILE=/var/log/fail2ban-p2p.log
case "$1" in
install|upgrade)
if ! getent group "$SERVER_GROUP" >/dev/null; then
addgroup --quiet --system "$SERVER_GROUP" || true
if ! getent group fail2ban-p2p >/dev/null; then
addgroup --system fail2ban-p2p >/dev/null
fi
if ! getent passwd "$SERVER_USER" >/dev/null; then
adduser --quiet \
if ! getent passwd fail2ban-p2p >/dev/null; then
adduser \
--system \
--ingroup "$SERVER_GROUP" \
--home "$SERVER_HOME" \
--ingroup fail2ban-p2p \
--home /var/lib/fail2ban-p2p \
--no-create-home \
--disabled-password \
--gecos "Fail2ban P2P service user" \
"$SERVER_USER" || true
--shell /usr/sbin/nologin \
--gecos "fail2ban-p2p daemon" \
fail2ban-p2p >/dev/null
fi
install -d -o "$SERVER_USER" -g "$SERVER_GROUP" -m 0750 "$SERVER_HOME"
install -d -o root -g "$SERVER_GROUP" -m 0750 /etc/fail2ban-p2p
install -d -o root -g adm -m 0755 /var/log
touch "$LOGFILE"
chown "$SERVER_USER":adm "$LOGFILE"
chmod 0640 "$LOGFILE"
;;
abort-upgrade)
;;
*)
echo "preinst called with unknown argument '$1'" >&2
exit 1
;;
esac
#DEBHELPER#
exit 0

10
debian/rules vendored
View File

@@ -1,6 +1,6 @@
#!/usr/bin/make -f
export PYBUILD_NAME=fail2ban-p2p
export PYBUILD_DISABLE=test
%:
dh $@ --with python3
@@ -11,5 +11,9 @@ override_dh_auto_build:
override_dh_auto_install:
python3 setup.py install \
--root=$(CURDIR)/debian/fail2ban-p2p \
--install-layout=deb \
--no-compile
--no-compile \
--install-layout=deb
override_dh_auto_clean:
-python3 setup.py clean --all
rm -rf build .pybuild

4
debian/watch vendored
View File

@@ -1,4 +0,0 @@
version=4
opts="filenamemangle=s%(?:.*?)?v?([\d\.]+)\.tar\.gz%fail2ban-p2p-$1.tar.gz%" \
https://github.com/mmunz/fail2ban-p2p/tags \
(?:.*?/archive/refs/tags/)?v?([\d\.]+)\.tar\.gz