~ruther/guix-local

30f240b034457e51a6c1fe2209ecb57aa875393d — Nicolas Graves 1 year, 2 months ago 6567fd4
gnu: fail2ban: Improve style.

* gnu/packages/admin.scm (fail2ban): Use gexps and run guix style.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
1 files changed, 164 insertions(+), 174 deletions(-)

M gnu/packages/admin.scm
M gnu/packages/admin.scm => gnu/packages/admin.scm +164 -174
@@ 6173,182 6173,172 @@ alias cysdig=sudo csysdig --modern-bpf
  (package
    (name "fail2ban")
    (version "1.1.0")
    (source (origin
              (method git-fetch)
              (uri (git-reference
                    (url "https://github.com/fail2ban/fail2ban")
                    (commit version)))
              (file-name (git-file-name name version))
              (sha256
               (base32
                "0lfakna6ad2xwz95sjxzkavipcsxiy7ybavkdkf9zzmspf2ws4yk"))
              (modules '((guix build utils)))
              (snippet
               '(begin
                  ;; Replacing those by our own paths-guix.conf
                  (with-directory-excursion "config"
                    (for-each delete-file
                              '("paths-arch.conf"
                                "paths-debian.conf"
                                "paths-fedora.conf"
                                "paths-freebsd.conf"
                                "paths-opensuse.conf"
                                "paths-osx.conf")))))
              (patches (search-patches "fail2ban-paths-guix-conf.patch"))))
    (source
     (origin
       (method git-fetch)
       (uri (git-reference
             (url "https://github.com/fail2ban/fail2ban")
             (commit version)))
       (file-name (git-file-name name version))
       (sha256
        (base32 "0lfakna6ad2xwz95sjxzkavipcsxiy7ybavkdkf9zzmspf2ws4yk"))
       (modules '((guix build utils)))
       (snippet #~(begin
                    ;; Replacing those by our own paths-guix.conf
                    (with-directory-excursion "config"
                      (for-each delete-file
                                '("paths-arch.conf" "paths-debian.conf"
                                  "paths-fedora.conf" "paths-freebsd.conf"
                                  "paths-opensuse.conf" "paths-osx.conf")))))
       (patches (search-patches "fail2ban-paths-guix-conf.patch"))))
    (build-system pyproject-build-system)
    (arguments
     '(#:phases (modify-phases %standard-phases
                  (add-after 'unpack 'avoid-external-binary-in-/bin
                    (lambda _
                      (delete-file "fail2ban/setup.py")
                      (substitute* '("bin/fail2ban-testcases"
                                     "setup.py")
                        ((".*updatePyExec.*") ""))))
                  (add-after 'unpack 'patch-setup.py
                    (lambda _
                      ;; Get rid of absolute file names.
                      (substitute* "setup.py"
                        (("/etc/fail2ban")
                         "etc/fail2ban")
                        (("/var/lib/fail2ban")
                         "var/lib/fail2ban")
                        (("\"/usr/bin/\"")
                         "\"usr/bin/\"")
                        (("\"/usr/lib/fail2ban/\"")
                         "\"usr/lib/fail2ban/\"")
                        (("'/usr/share/doc/fail2ban'")
                         "'usr/share/doc/fail2ban'"))))
                  (add-after 'unpack 'disable-some-tests
                    (lambda _
                      (define (make-suite str)
                        (string-append "tests.addTest\\(loadTests\\(" str "\\)\\)"))
                      ;; disable tests performing unacceptable side-effects
                      (substitute* "fail2ban/tests/utils.py"
                        (((make-suite "actiontestcase.CommandActionTest"))
                         "")
                        (((make-suite "misctestcase.SetupTest"))
                         "")
                        (((make-suite "filtertestcase.DNSUtilsNetworkTests"))
                         "")
                        (((make-suite "filtertestcase.IgnoreIPDNS"))
                         "")
                        (((make-suite "filtertestcase.GetFailures"))
                         "")
                        (((make-suite "fail2banclienttestcase.Fail2banServerTest"))
                         "")
                        (((make-suite "servertestcase.ServerConfigReaderTests"))
                         ""))))
                  (add-before 'build 'fix-default-config
                    (lambda* (#:key outputs #:allow-other-keys)
                      (substitute* '("config/paths-common.conf"
                                     "fail2ban/tests/utils.py"
                                     "fail2ban/client/configreader.py"
                                     "fail2ban/client/fail2bancmdline.py"
                                     "fail2ban/client/fail2banregex.py")
                        (("/etc/fail2ban")
                         (string-append (assoc-ref outputs "out")
                                        "/etc/fail2ban")))))
                  (add-after 'fix-default-config 'set-action-dependencies
                    (lambda* (#:key inputs #:allow-other-keys)
                      ;; deleting things that are not feasible to fix
                      ;; or won't be used any way
                      (with-directory-excursion "config/action.d"
                        (for-each delete-file
                                  '("apf.conf"
                                    "bsd-ipfw.conf"
                                    "dshield.conf"
                                    "ipfilter.conf"
                                    "ipfw.conf"
                                    "firewallcmd-allports.conf"
                                    "firewallcmd-common.conf"
                                    "firewallcmd-ipset.conf"
                                    "firewallcmd-multiport.conf"
                                    "firewallcmd-new.conf"
                                    "firewallcmd-rich-logging.conf"
                                    "firewallcmd-rich-rules.conf"
                                    "osx-afctl.conf"
                                    "osx-ipfw.conf"
                                    "pf.conf"
                                    "nginx-block-map.conf"
                                    "npf.conf"
                                    "shorewall.conf"
                                    "shorewall-ipset-proto6.conf"
                                    "ufw.conf")))
                      (let* ((lookup-cmd (lambda (i)
                                           (search-input-file inputs i)))
                             (bin (lambda (i)
                                    (lookup-cmd (string-append "/bin/" i))))
                             (sbin (lambda (i)
                                     (lookup-cmd (string-append "/sbin/" i))))
                             (ip (sbin "ip"))
                             (sendmail (sbin "sendmail")))
                        (substitute* (find-files "config/action.d" "\\.conf$")
                          ;; TODO: deal with geoiplookup ..
                          (("(awk|curl|dig|jq)" all cmd)
                           (bin cmd))
                          (("(cat|echo|grep|head|printf|wc) " all
                            cmd)
                           (string-append (bin cmd) " "))
                          ((" (date|rm|sed|tail|touch|tr) " all
                            cmd)
                           (string-append " "
                                          (bin cmd) " "))
                          (("cut -d")
                           (string-append (bin "cut") " -d"))
                          (("`date`")
                           (string-append "`"
                                          (bin "date") "`"))
                          (("id -")
                           (string-append (bin "id") " -"))
                          (("ip -([46]) addr" all ver)
                           (string-append ip " -" ver " addr"))
                          (("ip route")
                           (string-append ip " route"))
                          (("ipset ")
                           (string-append (sbin "ipset") " "))
                          (("(iptables|ip6tables) <" all cmd)
                           (string-append (sbin cmd) " <"))
                          (("/usr/bin/nsupdate")
                           (bin "nsupdate"))
                          (("mail -E")
                           (string-append sendmail " -E"))
                          (("nftables = nft")
                           (string-append "nftables = " (sbin "nft")))
                          (("perl -e")
                           (string-append (bin "perl") " -e"))
                          (("/usr/sbin/sendmail")
                           sendmail)
                          (("test -e")
                           (string-append (bin "test") " -e"))
                          (("_whois = whois")
                           (string-append "_whois = " (bin "whois")))))
                      (substitute* "config/jail.conf"
                        (("before = paths-debian\\.conf")
                         "before = paths-guix.conf"))))
                  (add-after 'install 'copy-man-pages
                    (lambda* (#:key outputs #:allow-other-keys)
                      (let* ((man (string-append (assoc-ref outputs "out")
                                                 "/man"))
                             (install-man (lambda (m)
                                            (lambda (f)
                                              (install-file (string-append f
                                                             "." m)
                                                            (string-append man
                                                             "/man" m)))))
                             (install-man1 (install-man "1"))
                             (install-man5 (install-man "5")))
                        (with-directory-excursion "man"
                          (for-each install-man1
                                    '("fail2ban"
                                      "fail2ban-client"
                                      "fail2ban-python"
                                      "fail2ban-regex"
                                      "fail2ban-server"
                                      "fail2ban-testcases"))
                          (for-each install-man5
                                    '("jail.conf")))))))))
    (native-inputs
     (list python-setuptools python-wheel))
     (list
      #:phases
      #~(modify-phases %standard-phases
          (add-after 'unpack 'avoid-external-binary-in-/bin
            (lambda _
              (delete-file "fail2ban/setup.py")
              (substitute* '("bin/fail2ban-testcases" "setup.py")
                ((".*updatePyExec.*")
                 ""))))
          (add-after 'unpack 'patch-setup.py
            (lambda _
              ;; Get rid of absolute file names.
              (substitute* "setup.py"
                (("/etc/fail2ban")
                 "etc/fail2ban")
                (("/var/lib/fail2ban")
                 "var/lib/fail2ban")
                (("\"/usr/bin/\"")
                 "\"usr/bin/\"")
                (("\"/usr/lib/fail2ban/\"")
                 "\"usr/lib/fail2ban/\"")
                (("'/usr/share/doc/fail2ban'")
                 "'usr/share/doc/fail2ban'"))))
          (add-after 'unpack 'disable-some-tests
            (lambda _
              (define (make-suite str)
                (string-append "tests.addTest\\(loadTests\\(" str "\\)\\)"))
              ;; disable tests performing unacceptable side-effects
              (substitute* "fail2ban/tests/utils.py"
                (((make-suite "actiontestcase.CommandActionTest"))
                 "")
                (((make-suite "misctestcase.SetupTest"))
                 "")
                (((make-suite "filtertestcase.DNSUtilsNetworkTests"))
                 "")
                (((make-suite "filtertestcase.IgnoreIPDNS"))
                 "")
                (((make-suite "filtertestcase.GetFailures"))
                 "")
                (((make-suite "fail2banclienttestcase.Fail2banServerTest"))
                 "")
                (((make-suite "servertestcase.ServerConfigReaderTests"))
                 ""))))
          (add-before 'build 'fix-default-config
            (lambda* (#:key outputs #:allow-other-keys)
              (substitute* '("config/paths-common.conf"
                             "fail2ban/tests/utils.py"
                             "fail2ban/client/configreader.py"
                             "fail2ban/client/fail2bancmdline.py"
                             "fail2ban/client/fail2banregex.py")
                (("/etc/fail2ban")
                 (string-append (assoc-ref outputs "out") "/etc/fail2ban")))))
          (add-after 'fix-default-config 'set-action-dependencies
            (lambda* (#:key inputs #:allow-other-keys)
              ;; deleting things that are not feasible to fix
              ;; or won't be used any way
              (with-directory-excursion "config/action.d"
                (for-each delete-file
                          '("apf.conf" "bsd-ipfw.conf"
                            "dshield.conf"
                            "ipfilter.conf"
                            "ipfw.conf"
                            "firewallcmd-allports.conf"
                            "firewallcmd-common.conf"
                            "firewallcmd-ipset.conf"
                            "firewallcmd-multiport.conf"
                            "firewallcmd-new.conf"
                            "firewallcmd-rich-logging.conf"
                            "firewallcmd-rich-rules.conf"
                            "osx-afctl.conf"
                            "osx-ipfw.conf"
                            "pf.conf"
                            "nginx-block-map.conf"
                            "npf.conf"
                            "shorewall.conf"
                            "shorewall-ipset-proto6.conf"
                            "ufw.conf")))
              (let* ((lookup-cmd (lambda (i)
                                   (search-input-file inputs i)))
                     (bin (lambda (i)
                            (lookup-cmd (string-append "/bin/" i))))
                     (sbin (lambda (i)
                             (lookup-cmd (string-append "/sbin/" i))))
                     (ip (sbin "ip"))
                     (sendmail (sbin "sendmail")))
                (substitute* (find-files "config/action.d" "\\.conf$")
                  ;; TODO: deal with geoiplookup ..
                  (("(awk|curl|dig|jq)" all cmd)
                   (bin cmd))
                  (("(cat|echo|grep|head|printf|wc) " all cmd)
                   (string-append (bin cmd) " "))
                  ((" (date|rm|sed|tail|touch|tr) " all cmd)
                   (string-append " "
                                  (bin cmd) " "))
                  (("cut -d")
                   (string-append (bin "cut") " -d"))
                  (("`date`")
                   (string-append "`"
                                  (bin "date") "`"))
                  (("id -")
                   (string-append (bin "id") " -"))
                  (("ip -([46]) addr" all ver)
                   (string-append ip " -" ver " addr"))
                  (("ip route")
                   (string-append ip " route"))
                  (("ipset ")
                   (string-append (sbin "ipset") " "))
                  (("(iptables|ip6tables) <" all cmd)
                   (string-append (sbin cmd) " <"))
                  (("/usr/bin/nsupdate")
                   (bin "nsupdate"))
                  (("mail -E")
                   (string-append sendmail " -E"))
                  (("nftables = nft")
                   (string-append "nftables = "
                                  (sbin "nft")))
                  (("perl -e")
                   (string-append (bin "perl") " -e"))
                  (("/usr/sbin/sendmail")
                   sendmail)
                  (("test -e")
                   (string-append (bin "test") " -e"))
                  (("_whois = whois")
                   (string-append "_whois = "
                                  (bin "whois")))))
              (substitute* "config/jail.conf"
                (("before = paths-debian\\.conf")
                 "before = paths-guix.conf"))))
          (add-after 'install 'copy-man-pages
            (lambda* (#:key outputs #:allow-other-keys)
              (let* ((man (string-append (assoc-ref outputs "out") "/man"))
                     (install-man (lambda (m)
                                    (lambda (f)
                                      (install-file (string-append f "." m)
                                                    (string-append man "/man"
                                                                   m)))))
                     (install-man1 (install-man "1"))
                     (install-man5 (install-man "5")))
                (with-directory-excursion "man"
                  (for-each install-man1
                            '("fail2ban" "fail2ban-client" "fail2ban-python"
                              "fail2ban-regex" "fail2ban-server"
                              "fail2ban-testcases"))
                  (for-each install-man5
                            '("jail.conf")))))))))
    (native-inputs (list python-setuptools python-wheel))
    (inputs (list gawk
                  coreutils-minimal
                  curl