From 82f72cc45094d5e339561f525a61b7815b5ff7b9 Mon Sep 17 00:00:00 2001 From: Mario Fetka Date: Thu, 23 Apr 2026 00:33:02 +0200 Subject: [PATCH] correct warning --- debian/README.Debian | 24 ++++++++----- debian/README.source | 18 +++++++--- debian/changelog | 70 +++++++++++++++++++++++++++++++++---- debian/control | 7 ++-- debian/copyright | 45 ++++++++++++++++-------- debian/fail2ban-p2p.default | 11 ++++-- debian/fail2ban-p2p.install | 1 - debian/fail2ban-p2p.service | 16 +++++---- debian/postinst | 29 +++++++++++---- debian/preinst | 40 ++++++++++++++++----- debian/watch | 4 +++ 11 files changed, 203 insertions(+), 62 deletions(-) create mode 100644 debian/watch diff --git a/debian/README.Debian b/debian/README.Debian index 43292e1..b894a78 100644 --- a/debian/README.Debian +++ b/debian/README.Debian @@ -1,11 +1,19 @@ fail2ban-p2p for Debian -======================= +----------------------- -This package installs the fail2ban-p2p daemon, default configuration under -/etc/fail2ban-p2p and a systemd unit named fail2ban-p2p.service. +This package ships the legacy fail2ban-p2p daemon and client, updated to run +with Python 3. The upstream project is old and its packaging layout is unusual, +so this Debian packaging intentionally keeps the service wiring conservative. -After installation: - 1. Review /etc/fail2ban-p2p/fail2ban-p2p.conf - 2. Create or install the node key pair - 3. Add friend configuration files under /etc/fail2ban-p2p/friends/ - 4. Start the service with: systemctl enable --now fail2ban-p2p.service +Operational notes: + + * The daemon is disabled by default. Enable it in /etc/default/fail2ban-p2p. + * Configuration lives in /etc/fail2ban-p2p/. + * The package creates a dedicated system user: fail2ban-p2p. + * A local keypair can be generated with: + fail2ban-p2p.py -K -c /etc/fail2ban-p2p + * The daemon log file is: + /var/log/fail2ban-p2p.log + +The shipped init script is retained for compatibility with older setups. For +new deployments, a native systemd unit would be preferable. diff --git a/debian/README.source b/debian/README.source index e4ef1fe..ac5c015 100644 --- a/debian/README.source +++ b/debian/README.source @@ -1,6 +1,14 @@ -This package is maintained directly from the upstream source tree. +fail2ban-p2p source package for Debian +-------------------------------------- -Bookworm and newer packaging notes: - - debhelper compat level 13 - - Python 3 only - - systemd service installation via dh_installsystemd +This package is maintained as a minimal refresh of the historical Debian +packaging while the upstream codebase is being ported to Python 3. + +Notes for maintainers: + + * The package still installs the application using setup.py because the + upstream layout is not yet a standard Python package layout. + * Many files generated by dh_make and debhelper were intentionally removed + from debian/ because they were examples or build artefacts. + * If the upstream package layout is modernized later, debian/rules should be + simplified further to use pybuild directly. diff --git a/debian/changelog b/debian/changelog index 370b0d4..4faac64 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,8 +1,66 @@ -fail2ban-p2p (0.1.2+py3+1) unstable; urgency=medium +fail2ban-p2p (0.1.2+py3) unstable; urgency=medium - * Port package metadata to Python 3 only. - * Switch packaging to debhelper compat 13. - * Install systemd service for Bookworm and newer. - * Drop obsolete Python 2 substitution variables and legacy init handling. + * Port package and installed scripts to Python 3. + * Replace Python 2 packaging metadata with dh-python based dependencies. + * Update debhelper compatibility for current Debian packaging. + * Refresh maintainer scripts and service metadata for current policy. + * Convert debian/copyright to machine-readable DEP-5 format. - -- Manuel Munz Wed, 22 Apr 2026 22:30:00 +0200 + -- Manuel Munz Wed, 22 Apr 2026 12:00:00 +0200 + +fail2ban-p2p (0.1.2) precise; urgency=low + + * Better input filtering and error messages for invalid messages + * document classes and functions in code + * add sphinx for generating documentation + * reorder modules to resolve circular imports + * general cleanups + * client: fix an exception when the message received from the server was not valid json + + -- Manuel Munz Fri, 24 May 2013 15:23:49 +0200 + +fail2ban-p2p (0.1.1) precise; urgency=low + + * 0.1.1 Fix problem with table dump in fail2ban-p2p-client + + -- Manuel Munz Tue, 16 Apr 2013 18:00:24 +0200 + +fail2ban-p2p (0.1.0) precise; urgency=low + + * fix trustlevels handling + * pull banlists from friends when starting the node + + -- Manuel Munz Thu, 11 Apr 2013 16:14:53 +0200 + +fail2ban-p2p (0.0.5-1) oneiric; urgency=low + + * Change in message protocol. Use JSON encoded messages now. + * Warning: This beraks compatibility with earlier versions. + + -- Manuel Munz Thu, 21 Mar 2013 18:42:32 +0100 + +fail2ban-p2p (0.0.4-1) oneiric; urgency=low + + * removed dummy signature check, fixes crash when 'signature' was sent as signature + * fix permissions on private keyfile + * more log output + + -- Manuel Munz Wed, 23 Jan 2013 16:07:55 +0100 + +fail2ban-p2p (0.0.3-1) oneiric; urgency=low + + * Update to 0.0.3 + + -- Manuel Munz Wed, 23 Jan 2013 15:53:43 +0100 + +fail2ban-p2p (0.0.2-1) oneiric; urgency=low + + * Update to 0.0.2 + + -- Manuel Munz Wed, 23 Jan 2013 15:53:30 +0100 + +fail2ban-p2p (0.0.1-1) unstable; urgency=low + + * Initial release (Closes: #nnnn) + + -- Manuel Munz Wed, 07 Nov 2012 16:40:08 +0100 diff --git a/debian/control b/debian/control index bc8f329..66fac80 100644 --- a/debian/control +++ b/debian/control @@ -3,7 +3,7 @@ Section: net Priority: optional Maintainer: Manuel Munz Build-Depends: - debhelper-compat (= 13), + debhelper (>= 13), dh-python, python3-all, python3-setuptools @@ -19,5 +19,6 @@ Depends: adduser, python3-m2crypto Description: Distribute attacker information from fail2ban via a p2p network - Fail2ban-p2p can be used to distribute information about attackers in a - p2p/f2f network to ban these attackers on all hosts. + fail2ban-p2p distributes attacker information from fail2ban between hosts + in a peer-to-peer or friend-to-friend network so attackers can be blocked + across multiple systems. diff --git a/debian/copyright b/debian/copyright index ecd1920..a6db773 100644 --- a/debian/copyright +++ b/debian/copyright @@ -3,8 +3,8 @@ Upstream-Name: fail2ban-p2p Source: https://github.com/mmunz/fail2ban-p2p Files: * -Copyright: 2013 Johannes Fuermann - 2013 Manuel Munz +Copyright: 2012-2013 Johannes Fuermann + 2012-2013 Manuel Munz License: GPL-3+ This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -18,24 +18,39 @@ License: GPL-3+ . You should have received a copy of the GNU General Public License along with this program. If not, see . +Comment: + The upstream source files state that fail2ban-p2p is licensed under the + GNU General Public License Version 3. -Files: fail2ban-p2p/odict.py -Copyright: 2009 Raymond Hettinger and contributors +Files: odict.py +Copyright: 2009 Raymond Hettinger License: MIT - Permission is hereby granted, free of charge, to any person obtaining a copy - of this software and associated documentation files (the "Software"), to deal - in the Software without restriction, including without limitation the rights - to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - copies of the Software, and to permit persons to whom the Software is - furnished to do so, subject to the following conditions: + Permission is hereby granted, free of charge, to any person obtaining a + copy of this software and associated documentation files (the "Software"), + to deal in the Software without restriction, including without limitation + the rights to use, copy, modify, merge, publish, distribute, sublicense, + and/or sell copies of the Software, and to permit persons to whom the + Software is furnished to do so, subject to the following conditions: . - The above copyright notice and this permission notice shall be included in all - copies or substantial portions of the Software. + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. . THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - SOFTWARE. + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + DEALINGS IN THE SOFTWARE. + +Files: debian/* +Copyright: 2012-2026 Manuel Munz +License: GPL-3+ + +License: GPL-3+ + On Debian systems, the full text of the GNU General Public License + version 3 can be found in /usr/share/common-licenses/GPL-3. + +License: MIT + On Debian systems, the full text of the MIT license can be found in + /usr/share/common-licenses/MIT. diff --git a/debian/fail2ban-p2p.default b/debian/fail2ban-p2p.default index 92bbe5d..0a883e9 100644 --- a/debian/fail2ban-p2p.default +++ b/debian/fail2ban-p2p.default @@ -1,3 +1,10 @@ -# Defaults for fail2ban-p2p -# Additional daemon options can be set here. +# Defaults for fail2ban-p2p initscript +# sourced by /etc/init.d/fail2ban-p2p + +# Additional options passed to the daemon. DAEMON_OPTS="" + +# Set to true to start the daemon at boot. +# Leave disabled by default so the service is only started after +# configuration and key material have been created by the administrator. +START_DAEMON=false diff --git a/debian/fail2ban-p2p.install b/debian/fail2ban-p2p.install index 3065f38..4389480 100644 --- a/debian/fail2ban-p2p.install +++ b/debian/fail2ban-p2p.install @@ -1,2 +1 @@ debian/fail2ban-p2p.service lib/systemd/system/ -debian/fail2ban-p2p.default etc/default/ diff --git a/debian/fail2ban-p2p.service b/debian/fail2ban-p2p.service index 6ac6544..671ac2f 100644 --- a/debian/fail2ban-p2p.service +++ b/debian/fail2ban-p2p.service @@ -1,23 +1,25 @@ [Unit] -Description=fail2ban-p2p daemon -Documentation=file:/usr/share/doc/fail2ban-p2p/README.Debian -Wants=network-online.target +Description=fail2ban-p2p distributed ban exchange daemon +Documentation=man:systemd.service(5) After=network-online.target +Wants=network-online.target [Service] Type=simple User=fail2ban-p2p Group=fail2ban-p2p EnvironmentFile=-/etc/default/fail2ban-p2p -RuntimeDirectory=fail2ban-p2p -StateDirectory=fail2ban-p2p -ExecStart=/usr/bin/python3 /usr/bin/fail2ban-p2p.py -c /etc/fail2ban-p2p $DAEMON_OPTS +ExecStart=/usr/bin/python3 /usr/share/fail2ban-p2p/fail2ban-p2p.py -c /etc/fail2ban-p2p $DAEMON_OPTS Restart=on-failure -RestartSec=5 +RestartSec=5s NoNewPrivileges=true PrivateTmp=true ProtectSystem=full ProtectHome=true +ReadWritePaths=/etc/fail2ban-p2p /var/log/fail2ban-p2p.log +WorkingDirectory=/var/lib/fail2ban-p2p +StateDirectory=fail2ban-p2p +RuntimeDirectory=fail2ban-p2p [Install] WantedBy=multi-user.target diff --git a/debian/postinst b/debian/postinst index 7c096a2..d942544 100755 --- a/debian/postinst +++ b/debian/postinst @@ -1,14 +1,31 @@ #!/bin/sh set -e +PACKAGE=fail2ban-p2p +SERVER_USER=${SERVER_USER:-fail2ban-p2p} +SERVER_GROUP=${SERVER_GROUP:-fail2ban-p2p} +SERVER_HOME=${SERVER_HOME:-/var/lib/fail2ban-p2p} +LOGFILE=/var/log/fail2ban-p2p.log +CONFDIR=/etc/fail2ban-p2p + case "$1" in configure) - install -d -o fail2ban-p2p -g fail2ban-p2p -m 0750 /var/lib/fail2ban-p2p - install -d -o fail2ban-p2p -g fail2ban-p2p -m 0750 /run/fail2ban-p2p - install -d -o fail2ban-p2p -g adm -m 0755 /var/log - touch /var/log/fail2ban-p2p.log - chown fail2ban-p2p:adm /var/log/fail2ban-p2p.log - chmod 0640 /var/log/fail2ban-p2p.log + install -d -o "$SERVER_USER" -g "$SERVER_GROUP" -m 0750 "$SERVER_HOME" + if [ -d "$CONFDIR" ]; then + chgrp "$SERVER_GROUP" "$CONFDIR" || true + chmod 0750 "$CONFDIR" || true + find "$CONFDIR" -type d -exec chmod 0750 {} \; || true + fi + if [ -f "$LOGFILE" ]; then + chown "$SERVER_USER":adm "$LOGFILE" || true + chmod 0640 "$LOGFILE" || true + fi + ;; + abort-upgrade|abort-remove|abort-deconfigure) + ;; + *) + echo "postinst called with unknown argument '$1'" >&2 + exit 1 ;; esac diff --git a/debian/preinst b/debian/preinst index 1c24683..3e67409 100755 --- a/debian/preinst +++ b/debian/preinst @@ -1,22 +1,44 @@ #!/bin/sh set -e +PACKAGE=fail2ban-p2p +SERVER_USER=${SERVER_USER:-fail2ban-p2p} +SERVER_GROUP=${SERVER_GROUP:-fail2ban-p2p} +SERVER_HOME=${SERVER_HOME:-/var/lib/fail2ban-p2p} +LOGFILE=/var/log/fail2ban-p2p.log + case "$1" in install|upgrade) - if ! getent group fail2ban-p2p >/dev/null; then - addgroup --system fail2ban-p2p >/dev/null + if ! getent group "$SERVER_GROUP" >/dev/null; then + addgroup --quiet --system "$SERVER_GROUP" || true fi - if ! getent passwd fail2ban-p2p >/dev/null; then - adduser \ + + if ! getent passwd "$SERVER_USER" >/dev/null; then + adduser --quiet \ --system \ - --ingroup fail2ban-p2p \ - --home /var/lib/fail2ban-p2p \ + --ingroup "$SERVER_GROUP" \ + --home "$SERVER_HOME" \ --no-create-home \ - --shell /usr/sbin/nologin \ - --gecos "fail2ban-p2p daemon" \ - fail2ban-p2p >/dev/null + --disabled-password \ + --gecos "Fail2ban P2P service user" \ + "$SERVER_USER" || true fi + + install -d -o "$SERVER_USER" -g "$SERVER_GROUP" -m 0750 "$SERVER_HOME" + install -d -o root -g "$SERVER_GROUP" -m 0750 /etc/fail2ban-p2p + install -d -o root -g adm -m 0755 /var/log + touch "$LOGFILE" + chown "$SERVER_USER":adm "$LOGFILE" + chmod 0640 "$LOGFILE" + ;; + abort-upgrade) + ;; + *) + echo "preinst called with unknown argument '$1'" >&2 + exit 1 ;; esac +#DEBHELPER# + exit 0 diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..fb7a06b --- /dev/null +++ b/debian/watch @@ -0,0 +1,4 @@ +version=4 +opts="filenamemangle=s%(?:.*?)?v?([\d\.]+)\.tar\.gz%fail2ban-p2p-$1.tar.gz%" \ + https://github.com/mmunz/fail2ban-p2p/tags \ + (?:.*?/archive/refs/tags/)?v?([\d\.]+)\.tar\.gz