From 08c9ad24ff11e8ed253b967e8c0040bb3d75a501 Mon Sep 17 00:00:00 2001 From: Mario Fetka Date: Wed, 22 Apr 2026 23:56:12 +0200 Subject: [PATCH] Bookworm+ update --- debian/README.Debian | 24 +++++-------- debian/README.source | 18 +++------- debian/changelog | 70 ++++--------------------------------- debian/compat | 1 - debian/control | 7 ++-- debian/copyright | 45 ++++++++---------------- debian/fail2ban-p2p.default | 11 ++---- debian/fail2ban-p2p.install | 3 +- debian/fail2ban-p2p.service | 16 ++++----- debian/postinst | 29 ++++----------- debian/preinst | 40 +++++---------------- debian/rules | 10 ++++-- debian/watch | 4 --- 13 files changed, 70 insertions(+), 208 deletions(-) delete mode 100644 debian/compat delete mode 100644 debian/watch diff --git a/debian/README.Debian b/debian/README.Debian index b894a78..43292e1 100644 --- a/debian/README.Debian +++ b/debian/README.Debian @@ -1,19 +1,11 @@ fail2ban-p2p for Debian ------------------------ +======================= -This package ships the legacy fail2ban-p2p daemon and client, updated to run -with Python 3. The upstream project is old and its packaging layout is unusual, -so this Debian packaging intentionally keeps the service wiring conservative. +This package installs the fail2ban-p2p daemon, default configuration under +/etc/fail2ban-p2p and a systemd unit named fail2ban-p2p.service. -Operational notes: - - * The daemon is disabled by default. Enable it in /etc/default/fail2ban-p2p. - * Configuration lives in /etc/fail2ban-p2p/. - * The package creates a dedicated system user: fail2ban-p2p. - * A local keypair can be generated with: - fail2ban-p2p.py -K -c /etc/fail2ban-p2p - * The daemon log file is: - /var/log/fail2ban-p2p.log - -The shipped init script is retained for compatibility with older setups. For -new deployments, a native systemd unit would be preferable. +After installation: + 1. Review /etc/fail2ban-p2p/fail2ban-p2p.conf + 2. Create or install the node key pair + 3. Add friend configuration files under /etc/fail2ban-p2p/friends/ + 4. Start the service with: systemctl enable --now fail2ban-p2p.service diff --git a/debian/README.source b/debian/README.source index ac5c015..e4ef1fe 100644 --- a/debian/README.source +++ b/debian/README.source @@ -1,14 +1,6 @@ -fail2ban-p2p source package for Debian --------------------------------------- +This package is maintained directly from the upstream source tree. -This package is maintained as a minimal refresh of the historical Debian -packaging while the upstream codebase is being ported to Python 3. - -Notes for maintainers: - - * The package still installs the application using setup.py because the - upstream layout is not yet a standard Python package layout. - * Many files generated by dh_make and debhelper were intentionally removed - from debian/ because they were examples or build artefacts. - * If the upstream package layout is modernized later, debian/rules should be - simplified further to use pybuild directly. +Bookworm and newer packaging notes: + - debhelper compat level 13 + - Python 3 only + - systemd service installation via dh_installsystemd diff --git a/debian/changelog b/debian/changelog index 4faac64..370b0d4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,66 +1,8 @@ -fail2ban-p2p (0.1.2+py3) unstable; urgency=medium +fail2ban-p2p (0.1.2+py3+1) unstable; urgency=medium - * Port package and installed scripts to Python 3. - * Replace Python 2 packaging metadata with dh-python based dependencies. - * Update debhelper compatibility for current Debian packaging. - * Refresh maintainer scripts and service metadata for current policy. - * Convert debian/copyright to machine-readable DEP-5 format. + * Port package metadata to Python 3 only. + * Switch packaging to debhelper compat 13. + * Install systemd service for Bookworm and newer. + * Drop obsolete Python 2 substitution variables and legacy init handling. - -- Manuel Munz Wed, 22 Apr 2026 12:00:00 +0200 - -fail2ban-p2p (0.1.2) precise; urgency=low - - * Better input filtering and error messages for invalid messages - * document classes and functions in code - * add sphinx for generating documentation - * reorder modules to resolve circular imports - * general cleanups - * client: fix an exception when the message received from the server was not valid json - - -- Manuel Munz Fri, 24 May 2013 15:23:49 +0200 - -fail2ban-p2p (0.1.1) precise; urgency=low - - * 0.1.1 Fix problem with table dump in fail2ban-p2p-client - - -- Manuel Munz Tue, 16 Apr 2013 18:00:24 +0200 - -fail2ban-p2p (0.1.0) precise; urgency=low - - * fix trustlevels handling - * pull banlists from friends when starting the node - - -- Manuel Munz Thu, 11 Apr 2013 16:14:53 +0200 - -fail2ban-p2p (0.0.5-1) oneiric; urgency=low - - * Change in message protocol. Use JSON encoded messages now. - * Warning: This beraks compatibility with earlier versions. - - -- Manuel Munz Thu, 21 Mar 2013 18:42:32 +0100 - -fail2ban-p2p (0.0.4-1) oneiric; urgency=low - - * removed dummy signature check, fixes crash when 'signature' was sent as signature - * fix permissions on private keyfile - * more log output - - -- Manuel Munz Wed, 23 Jan 2013 16:07:55 +0100 - -fail2ban-p2p (0.0.3-1) oneiric; urgency=low - - * Update to 0.0.3 - - -- Manuel Munz Wed, 23 Jan 2013 15:53:43 +0100 - -fail2ban-p2p (0.0.2-1) oneiric; urgency=low - - * Update to 0.0.2 - - -- Manuel Munz Wed, 23 Jan 2013 15:53:30 +0100 - -fail2ban-p2p (0.0.1-1) unstable; urgency=low - - * Initial release (Closes: #nnnn) - - -- Manuel Munz Wed, 07 Nov 2012 16:40:08 +0100 + -- Manuel Munz Wed, 22 Apr 2026 22:30:00 +0200 diff --git a/debian/compat b/debian/compat deleted file mode 100644 index b1bd38b..0000000 --- a/debian/compat +++ /dev/null @@ -1 +0,0 @@ -13 diff --git a/debian/control b/debian/control index 66fac80..bc8f329 100644 --- a/debian/control +++ b/debian/control @@ -3,7 +3,7 @@ Section: net Priority: optional Maintainer: Manuel Munz Build-Depends: - debhelper (>= 13), + debhelper-compat (= 13), dh-python, python3-all, python3-setuptools @@ -19,6 +19,5 @@ Depends: adduser, python3-m2crypto Description: Distribute attacker information from fail2ban via a p2p network - fail2ban-p2p distributes attacker information from fail2ban between hosts - in a peer-to-peer or friend-to-friend network so attackers can be blocked - across multiple systems. + Fail2ban-p2p can be used to distribute information about attackers in a + p2p/f2f network to ban these attackers on all hosts. diff --git a/debian/copyright b/debian/copyright index a6db773..ecd1920 100644 --- a/debian/copyright +++ b/debian/copyright @@ -3,8 +3,8 @@ Upstream-Name: fail2ban-p2p Source: https://github.com/mmunz/fail2ban-p2p Files: * -Copyright: 2012-2013 Johannes Fuermann - 2012-2013 Manuel Munz +Copyright: 2013 Johannes Fuermann + 2013 Manuel Munz License: GPL-3+ This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -18,39 +18,24 @@ License: GPL-3+ . You should have received a copy of the GNU General Public License along with this program. If not, see . -Comment: - The upstream source files state that fail2ban-p2p is licensed under the - GNU General Public License Version 3. -Files: odict.py -Copyright: 2009 Raymond Hettinger +Files: fail2ban-p2p/odict.py +Copyright: 2009 Raymond Hettinger and contributors License: MIT - Permission is hereby granted, free of charge, to any person obtaining a - copy of this software and associated documentation files (the "Software"), - to deal in the Software without restriction, including without limitation - the rights to use, copy, modify, merge, publish, distribute, sublicense, - and/or sell copies of the Software, and to permit persons to whom the - Software is furnished to do so, subject to the following conditions: + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: . - The above copyright notice and this permission notice shall be included in - all copies or substantial portions of the Software. + The above copyright notice and this permission notice shall be included in all + copies or substantial portions of the Software. . THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING - FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER - DEALINGS IN THE SOFTWARE. - -Files: debian/* -Copyright: 2012-2026 Manuel Munz -License: GPL-3+ - -License: GPL-3+ - On Debian systems, the full text of the GNU General Public License - version 3 can be found in /usr/share/common-licenses/GPL-3. - -License: MIT - On Debian systems, the full text of the MIT license can be found in - /usr/share/common-licenses/MIT. + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE. diff --git a/debian/fail2ban-p2p.default b/debian/fail2ban-p2p.default index 0a883e9..92bbe5d 100644 --- a/debian/fail2ban-p2p.default +++ b/debian/fail2ban-p2p.default @@ -1,10 +1,3 @@ -# Defaults for fail2ban-p2p initscript -# sourced by /etc/init.d/fail2ban-p2p - -# Additional options passed to the daemon. +# Defaults for fail2ban-p2p +# Additional daemon options can be set here. DAEMON_OPTS="" - -# Set to true to start the daemon at boot. -# Leave disabled by default so the service is only started after -# configuration and key material have been created by the administrator. -START_DAEMON=false diff --git a/debian/fail2ban-p2p.install b/debian/fail2ban-p2p.install index 6814485..3065f38 100644 --- a/debian/fail2ban-p2p.install +++ b/debian/fail2ban-p2p.install @@ -1 +1,2 @@ -fail2ban-p2p.service lib/systemd/system/ +debian/fail2ban-p2p.service lib/systemd/system/ +debian/fail2ban-p2p.default etc/default/ diff --git a/debian/fail2ban-p2p.service b/debian/fail2ban-p2p.service index 671ac2f..6ac6544 100644 --- a/debian/fail2ban-p2p.service +++ b/debian/fail2ban-p2p.service @@ -1,25 +1,23 @@ [Unit] -Description=fail2ban-p2p distributed ban exchange daemon -Documentation=man:systemd.service(5) -After=network-online.target +Description=fail2ban-p2p daemon +Documentation=file:/usr/share/doc/fail2ban-p2p/README.Debian Wants=network-online.target +After=network-online.target [Service] Type=simple User=fail2ban-p2p Group=fail2ban-p2p EnvironmentFile=-/etc/default/fail2ban-p2p -ExecStart=/usr/bin/python3 /usr/share/fail2ban-p2p/fail2ban-p2p.py -c /etc/fail2ban-p2p $DAEMON_OPTS +RuntimeDirectory=fail2ban-p2p +StateDirectory=fail2ban-p2p +ExecStart=/usr/bin/python3 /usr/bin/fail2ban-p2p.py -c /etc/fail2ban-p2p $DAEMON_OPTS Restart=on-failure -RestartSec=5s +RestartSec=5 NoNewPrivileges=true PrivateTmp=true ProtectSystem=full ProtectHome=true -ReadWritePaths=/etc/fail2ban-p2p /var/log/fail2ban-p2p.log -WorkingDirectory=/var/lib/fail2ban-p2p -StateDirectory=fail2ban-p2p -RuntimeDirectory=fail2ban-p2p [Install] WantedBy=multi-user.target diff --git a/debian/postinst b/debian/postinst index d942544..7c096a2 100755 --- a/debian/postinst +++ b/debian/postinst @@ -1,31 +1,14 @@ #!/bin/sh set -e -PACKAGE=fail2ban-p2p -SERVER_USER=${SERVER_USER:-fail2ban-p2p} -SERVER_GROUP=${SERVER_GROUP:-fail2ban-p2p} -SERVER_HOME=${SERVER_HOME:-/var/lib/fail2ban-p2p} -LOGFILE=/var/log/fail2ban-p2p.log -CONFDIR=/etc/fail2ban-p2p - case "$1" in configure) - install -d -o "$SERVER_USER" -g "$SERVER_GROUP" -m 0750 "$SERVER_HOME" - if [ -d "$CONFDIR" ]; then - chgrp "$SERVER_GROUP" "$CONFDIR" || true - chmod 0750 "$CONFDIR" || true - find "$CONFDIR" -type d -exec chmod 0750 {} \; || true - fi - if [ -f "$LOGFILE" ]; then - chown "$SERVER_USER":adm "$LOGFILE" || true - chmod 0640 "$LOGFILE" || true - fi - ;; - abort-upgrade|abort-remove|abort-deconfigure) - ;; - *) - echo "postinst called with unknown argument '$1'" >&2 - exit 1 + install -d -o fail2ban-p2p -g fail2ban-p2p -m 0750 /var/lib/fail2ban-p2p + install -d -o fail2ban-p2p -g fail2ban-p2p -m 0750 /run/fail2ban-p2p + install -d -o fail2ban-p2p -g adm -m 0755 /var/log + touch /var/log/fail2ban-p2p.log + chown fail2ban-p2p:adm /var/log/fail2ban-p2p.log + chmod 0640 /var/log/fail2ban-p2p.log ;; esac diff --git a/debian/preinst b/debian/preinst index 3e67409..1c24683 100755 --- a/debian/preinst +++ b/debian/preinst @@ -1,44 +1,22 @@ #!/bin/sh set -e -PACKAGE=fail2ban-p2p -SERVER_USER=${SERVER_USER:-fail2ban-p2p} -SERVER_GROUP=${SERVER_GROUP:-fail2ban-p2p} -SERVER_HOME=${SERVER_HOME:-/var/lib/fail2ban-p2p} -LOGFILE=/var/log/fail2ban-p2p.log - case "$1" in install|upgrade) - if ! getent group "$SERVER_GROUP" >/dev/null; then - addgroup --quiet --system "$SERVER_GROUP" || true + if ! getent group fail2ban-p2p >/dev/null; then + addgroup --system fail2ban-p2p >/dev/null fi - - if ! getent passwd "$SERVER_USER" >/dev/null; then - adduser --quiet \ + if ! getent passwd fail2ban-p2p >/dev/null; then + adduser \ --system \ - --ingroup "$SERVER_GROUP" \ - --home "$SERVER_HOME" \ + --ingroup fail2ban-p2p \ + --home /var/lib/fail2ban-p2p \ --no-create-home \ - --disabled-password \ - --gecos "Fail2ban P2P service user" \ - "$SERVER_USER" || true + --shell /usr/sbin/nologin \ + --gecos "fail2ban-p2p daemon" \ + fail2ban-p2p >/dev/null fi - - install -d -o "$SERVER_USER" -g "$SERVER_GROUP" -m 0750 "$SERVER_HOME" - install -d -o root -g "$SERVER_GROUP" -m 0750 /etc/fail2ban-p2p - install -d -o root -g adm -m 0755 /var/log - touch "$LOGFILE" - chown "$SERVER_USER":adm "$LOGFILE" - chmod 0640 "$LOGFILE" - ;; - abort-upgrade) - ;; - *) - echo "preinst called with unknown argument '$1'" >&2 - exit 1 ;; esac -#DEBHELPER# - exit 0 diff --git a/debian/rules b/debian/rules index 1a1a9c8..df4e5cf 100755 --- a/debian/rules +++ b/debian/rules @@ -1,6 +1,6 @@ #!/usr/bin/make -f -export PYBUILD_NAME=fail2ban-p2p +export PYBUILD_DISABLE=test %: dh $@ --with python3 @@ -11,5 +11,9 @@ override_dh_auto_build: override_dh_auto_install: python3 setup.py install \ --root=$(CURDIR)/debian/fail2ban-p2p \ - --install-layout=deb \ - --no-compile + --no-compile \ + --install-layout=deb + +override_dh_auto_clean: + -python3 setup.py clean --all + rm -rf build .pybuild diff --git a/debian/watch b/debian/watch deleted file mode 100644 index fb7a06b..0000000 --- a/debian/watch +++ /dev/null @@ -1,4 +0,0 @@ -version=4 -opts="filenamemangle=s%(?:.*?)?v?([\d\.]+)\.tar\.gz%fail2ban-p2p-$1.tar.gz%" \ - https://github.com/mmunz/fail2ban-p2p/tags \ - (?:.*?/archive/refs/tags/)?v?([\d\.]+)\.tar\.gz