| Message ID | 20250909065853.1959573-1-yi.zhao@windriver.com |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-security,scarthgap] fail2ban: update to 1.1.0+ | expand |
Hi Team, Any update on this ? Thanks & Regards, Vijay On Tue, Sep 9, 2025 at 12:29 PM Yi Zhao via lists.yoctoproject.org <yi.zhao= eng.windriver.com@lists.yoctoproject.org> wrote: > From: Rasmus Villemoes <rasmus.villemoes@prevas.dk> > > Current 1.0.2 version does not work with scarthgap or later releases, > as the asynchat module has been removed (as scheduled) from python's > stdlib as of v3.12. > > fail2ban 1.1.0 also does not work out-of-the-box, as the distutils > module which the pyinotify and systemd backends depend has also been > removed. > > So update the recipe to point at commit ac62658c10f4, which fixes > those two backends to no longer depend on distutils. > > Upstream's out-of-the-box ban action now uses the 'nft' > command. People can still override and customize that in > jail.conf/jail.local, but to make the recipe useful without > customizing things back to use iptables, change the dependency > iptables->nftables. > > Since 1.1.0, fail2ban has been python3-only, so the recipe becomes > somewhat simpler since the whole do_compile preparation step can be > removed. > > Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk> > Signed-off-by: Armin Kuster <akuster808@gmail.com> > Signed-off-by: Yi Zhao <yi.zhao@windriver.com> > --- > ...fail2ban_1.0.2.bb => python3-fail2ban_git.bb} | 16 ++++------------ > 1 file changed, 4 insertions(+), 12 deletions(-) > rename dynamic-layers/meta-python/recipes-security/fail2ban/{ > python3-fail2ban_1.0.2.bb => python3-fail2ban_git.bb} (89%) > > diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/ > python3-fail2ban_1.0.2.bb > b/dynamic-layers/meta-python/recipes-security/fail2ban/ > python3-fail2ban_git.bb > similarity index 89% > rename from dynamic-layers/meta-python/recipes-security/fail2ban/ > python3-fail2ban_1.0.2.bb > rename to dynamic-layers/meta-python/recipes-security/fail2ban/ > python3-fail2ban_git.bb > index bf5f87d..1d0fb62 100644 > --- a/dynamic-layers/meta-python/recipes-security/fail2ban/ > python3-fail2ban_1.0.2.bb > +++ b/dynamic-layers/meta-python/recipes-security/fail2ban/ > python3-fail2ban_git.bb > @@ -11,12 +11,14 @@ LIC_FILES_CHKSUM = > "file://COPYING;md5=ecabc31e90311da843753ba772885d9f" > > DEPENDS = "python3-native" > > -SRCREV = "e1d3006b0330e9777705a7baafe3989d442ed120" > +SRCREV = "ac62658c10f492911f8a0037a0bcf97c8521cd78" > SRC_URI = "git:// > github.com/fail2ban/fail2ban.git;branch=master;protocol=https \ > file://initd \ > file://run-ptest \ > " > > +PV = "1.1.0+git" > + > UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)" > > inherit update-rc.d ptest setuptools3_legacy > @@ -26,16 +28,6 @@ SYSTEMD_SERVICE:${PN} = "fail2ban.service" > > S = "${WORKDIR}/git" > > -do_compile () { > - cd ${S} > - > - #remove symlink to python3 > - # otherwise 2to3 is run against it > - rm -f bin/fail2ban-python > - > - ./fail2ban-2to3 > -} > - > do_install:append () { > rm -f ${D}/${bindir}/fail2ban-python > install -d ${D}/${sysconfdir}/fail2ban > @@ -66,7 +58,7 @@ INITSCRIPT_PARAMS = "defaults 25" > > INSANE_SKIP:${PN}:append = "already-stripped" > > -RDEPENDS:${PN} = "${VIRTUAL-RUNTIME_base-utils-syslog} iptables > python3-core python3-pyinotify" > +RDEPENDS:${PN} = "${VIRTUAL-RUNTIME_base-utils-syslog} nftables > python3-core python3-pyinotify" > RDEPENDS:${PN} += "python3-sqlite3" > RDEPENDS:${PN} += " python3-logging python3-fcntl python3-json" > RDEPENDS:${PN}-ptest = "python3-core python3-io python3-modules > python3-fail2ban" > -- > 2.34.1 > > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#2148): > https://lists.yoctoproject.org/g/yocto-patches/message/2148 > Mute This Topic: https://lists.yoctoproject.org/mt/115146393/7301997 > Group Owner: yocto-patches+owner@lists.yoctoproject.org > Unsubscribe: > https://lists.yoctoproject.org/g/yocto-patches/leave/13419208/7301997/1335553898/xyzzy > [vanusuri@mvista.com] > -=-=-=-=-=-=-=-=-=-=-=- > > >
On Fri, 7 Nov 2025, Vijay Anusuri wrote: > Hi Team, > > Any update on this ? Sorry for the delay, I'm working up a patch series for master, should be out in the next few days. Thanks, Scott > Thanks & Regards, > Vijay > > On Tue, Sep 9, 2025 at 12:29 PM Yi Zhao via lists.yoctoproject.org <yi.zhao= > eng.windriver.com@lists.yoctoproject.org> wrote: > > > From: Rasmus Villemoes <rasmus.villemoes@prevas.dk> > > > > Current 1.0.2 version does not work with scarthgap or later releases, > > as the asynchat module has been removed (as scheduled) from python's > > stdlib as of v3.12. > > > > fail2ban 1.1.0 also does not work out-of-the-box, as the distutils > > module which the pyinotify and systemd backends depend has also been > > removed. > > > > So update the recipe to point at commit ac62658c10f4, which fixes > > those two backends to no longer depend on distutils. > > > > Upstream's out-of-the-box ban action now uses the 'nft' > > command. People can still override and customize that in > > jail.conf/jail.local, but to make the recipe useful without > > customizing things back to use iptables, change the dependency > > iptables->nftables. > > > > Since 1.1.0, fail2ban has been python3-only, so the recipe becomes > > somewhat simpler since the whole do_compile preparation step can be > > removed. > > > > Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk> > > Signed-off-by: Armin Kuster <akuster808@gmail.com> > > Signed-off-by: Yi Zhao <yi.zhao@windriver.com> > > --- > > ...fail2ban_1.0.2.bb => python3-fail2ban_git.bb} | 16 ++++------------ > > 1 file changed, 4 insertions(+), 12 deletions(-) > > rename dynamic-layers/meta-python/recipes-security/fail2ban/{ > > python3-fail2ban_1.0.2.bb => python3-fail2ban_git.bb} (89%) > > > > diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/ > > python3-fail2ban_1.0.2.bb > > b/dynamic-layers/meta-python/recipes-security/fail2ban/ > > python3-fail2ban_git.bb > > similarity index 89% > > rename from dynamic-layers/meta-python/recipes-security/fail2ban/ > > python3-fail2ban_1.0.2.bb > > rename to dynamic-layers/meta-python/recipes-security/fail2ban/ > > python3-fail2ban_git.bb > > index bf5f87d..1d0fb62 100644 > > --- a/dynamic-layers/meta-python/recipes-security/fail2ban/ > > python3-fail2ban_1.0.2.bb > > +++ b/dynamic-layers/meta-python/recipes-security/fail2ban/ > > python3-fail2ban_git.bb > > @@ -11,12 +11,14 @@ LIC_FILES_CHKSUM = > > "file://COPYING;md5=ecabc31e90311da843753ba772885d9f" > > > > DEPENDS = "python3-native" > > > > -SRCREV = "e1d3006b0330e9777705a7baafe3989d442ed120" > > +SRCREV = "ac62658c10f492911f8a0037a0bcf97c8521cd78" > > SRC_URI = "git:// > > github.com/fail2ban/fail2ban.git;branch=master;protocol=https \ > > file://initd \ > > file://run-ptest \ > > " > > > > +PV = "1.1.0+git" > > + > > UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)" > > > > inherit update-rc.d ptest setuptools3_legacy > > @@ -26,16 +28,6 @@ SYSTEMD_SERVICE:${PN} = "fail2ban.service" > > > > S = "${WORKDIR}/git" > > > > -do_compile () { > > - cd ${S} > > - > > - #remove symlink to python3 > > - # otherwise 2to3 is run against it > > - rm -f bin/fail2ban-python > > - > > - ./fail2ban-2to3 > > -} > > - > > do_install:append () { > > rm -f ${D}/${bindir}/fail2ban-python > > install -d ${D}/${sysconfdir}/fail2ban > > @@ -66,7 +58,7 @@ INITSCRIPT_PARAMS = "defaults 25" > > > > INSANE_SKIP:${PN}:append = "already-stripped" > > > > -RDEPENDS:${PN} = "${VIRTUAL-RUNTIME_base-utils-syslog} iptables > > python3-core python3-pyinotify" > > +RDEPENDS:${PN} = "${VIRTUAL-RUNTIME_base-utils-syslog} nftables > > python3-core python3-pyinotify" > > RDEPENDS:${PN} += "python3-sqlite3" > > RDEPENDS:${PN} += " python3-logging python3-fcntl python3-json" > > RDEPENDS:${PN}-ptest = "python3-core python3-io python3-modules > > python3-fail2ban" > > -- > > 2.34.1 > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > > Links: You receive all messages sent to this group. > > View/Reply Online (#2148): > > https://lists.yoctoproject.org/g/yocto-patches/message/2148 > > Mute This Topic: https://lists.yoctoproject.org/mt/115146393/7301997 > > Group Owner: yocto-patches+owner@lists.yoctoproject.org > > Unsubscribe: > > https://lists.yoctoproject.org/g/yocto-patches/leave/13419208/7301997/1335553898/xyzzy > > [vanusuri@mvista.com] > > -=-=-=-=-=-=-=-=-=-=-=- > > > > > > >
diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb b/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb similarity index 89% rename from dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb rename to dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb index bf5f87d..1d0fb62 100644 --- a/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb +++ b/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb @@ -11,12 +11,14 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=ecabc31e90311da843753ba772885d9f" DEPENDS = "python3-native" -SRCREV = "e1d3006b0330e9777705a7baafe3989d442ed120" +SRCREV = "ac62658c10f492911f8a0037a0bcf97c8521cd78" SRC_URI = "git://github.com/fail2ban/fail2ban.git;branch=master;protocol=https \ file://initd \ file://run-ptest \ " +PV = "1.1.0+git" + UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)" inherit update-rc.d ptest setuptools3_legacy @@ -26,16 +28,6 @@ SYSTEMD_SERVICE:${PN} = "fail2ban.service" S = "${WORKDIR}/git" -do_compile () { - cd ${S} - - #remove symlink to python3 - # otherwise 2to3 is run against it - rm -f bin/fail2ban-python - - ./fail2ban-2to3 -} - do_install:append () { rm -f ${D}/${bindir}/fail2ban-python install -d ${D}/${sysconfdir}/fail2ban @@ -66,7 +58,7 @@ INITSCRIPT_PARAMS = "defaults 25" INSANE_SKIP:${PN}:append = "already-stripped" -RDEPENDS:${PN} = "${VIRTUAL-RUNTIME_base-utils-syslog} iptables python3-core python3-pyinotify" +RDEPENDS:${PN} = "${VIRTUAL-RUNTIME_base-utils-syslog} nftables python3-core python3-pyinotify" RDEPENDS:${PN} += "python3-sqlite3" RDEPENDS:${PN} += " python3-logging python3-fcntl python3-json" RDEPENDS:${PN}-ptest = "python3-core python3-io python3-modules python3-fail2ban"