From: voidlinux-github@inbox.vuxu.org
To: ml@inbox.vuxu.org
Subject: [PR PATCH] sshguard: support dynamic firewall config and remove iptables dependency
Date: Wed, 22 Jan 2020 22:41:15 +0100 [thread overview]
Message-ID: <gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-18477@inbox.vuxu.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 955 bytes --]
There is a new pull request by ahesford against master on the void-packages repository
https://github.com/ahesford/void-packages sshguard
https://github.com/void-linux/void-packages/pull/18477
sshguard: support dynamic firewall config and remove iptables dependency
sshguard uses iptables as an optional firewall backend, but also natively supports the nftables firewall. I removed the explicit iptables dependency from this package and added support for a "conf" file in the service (renamed to "sshguard" from "sshguard-socklog" because it is not inextricably linked to socklog) to allow the firewall and logger service dependencies to be dynamically changed. By default, the service still expects socklog-unix and iptables.
The rename will break /var/service links to the existing "sshguard-socklog", but the post-change behavior seems to make more sense.
A patch file from https://github.com/void-linux/void-packages/pull/18477.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sshguard-18477.patch --]
[-- Type: text/x-diff, Size: 2347 bytes --]
From 88c16f4d19b32f12e1086063f94ef6814cef0568 Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 22 Jan 2020 16:35:49 -0500
Subject: [PATCH] sshguard: support dynamic firewall config and remove iptables
dependency
---
srcpkgs/sshguard/files/sshguard-socklog/run | 5 -----
srcpkgs/sshguard/files/sshguard/run | 11 +++++++++++
srcpkgs/sshguard/template | 5 ++---
3 files changed, 13 insertions(+), 8 deletions(-)
delete mode 100755 srcpkgs/sshguard/files/sshguard-socklog/run
create mode 100755 srcpkgs/sshguard/files/sshguard/run
diff --git a/srcpkgs/sshguard/files/sshguard-socklog/run b/srcpkgs/sshguard/files/sshguard-socklog/run
deleted file mode 100755
index 720e4676785..00000000000
--- a/srcpkgs/sshguard/files/sshguard-socklog/run
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/sh
-sv check iptables >/dev/null || exit 1
-sv check socklog-unix >/dev/null || exit 1
-
-exec sshguard -l /var/log/socklog/secure/current -b 200:/var/db/sshguard/blacklist.db 2>&1
diff --git a/srcpkgs/sshguard/files/sshguard/run b/srcpkgs/sshguard/files/sshguard/run
new file mode 100755
index 00000000000..a63f90834fb
--- /dev/null
+++ b/srcpkgs/sshguard/files/sshguard/run
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+# Allow the firewall and logger backends to be specified
+[ -f ./conf ] && . ./conf
+
+sv check "${FIREWALL:-iptables}" >/dev/null || exit 1
+
+sv check "${LOGGER:-socklog-unix}" >/dev/null || exit 1
+LOGFILE="${LOGFILE:-/var/log/socklog/secure/current}"
+
+exec sshguard -l "$LOGFILE" -b 200:/var/db/sshguard/blacklist.db $OPTS 2>&1
diff --git a/srcpkgs/sshguard/template b/srcpkgs/sshguard/template
index 8c08d1f1120..0d3a5506373 100644
--- a/srcpkgs/sshguard/template
+++ b/srcpkgs/sshguard/template
@@ -1,10 +1,9 @@
# Template file for 'sshguard'
pkgname=sshguard
version=2.4.0
-revision=1
+revision=2
build_style=gnu-configure
hostmakedepends="flex"
-depends="iptables"
short_desc="Protects networked hosts from brute force attacks"
maintainer="Lodvær <lodvaer@gmail.com>"
license="BSD-3-Clause"
@@ -16,7 +15,7 @@ make_dirs="/var/db/sshguard 0755 root root"
conf_files="/etc/sshguard.conf"
post_install() {
- vsv sshguard-socklog
+ vsv sshguard
vconf examples/sshguard.conf.sample sshguard.conf
vsed -i 's@/usr/local/@/usr/@g' ${DESTDIR}/etc/sshguard.conf
vlicense COPYING
next reply other threads:[~2020-01-22 21:41 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-22 21:41 voidlinux-github [this message]
2020-01-22 21:49 ` voidlinux-github
2020-01-23 0:54 ` [PR PATCH] [Updated] " voidlinux-github
2020-01-23 1:03 ` voidlinux-github
2020-01-23 10:53 ` [PR PATCH] [Merged]: " voidlinux-github
2020-01-23 10:53 ` voidlinux-github
2020-01-23 14:31 ` voidlinux-github
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-18477@inbox.vuxu.org \
--to=voidlinux-github@inbox.vuxu.org \
--cc=ml@inbox.vuxu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).