[PR PATCH] sshguard: support dynamic firewall config and remove iptables dependency

[voidlinux-github@inbox.vuxu.org]

[-- Attachment #1: Type: text/plain, Size: 955 bytes --]

There is a new pull request by ahesford against master on the void-packages repository

https://github.com/ahesford/void-packages sshguard
https://github.com/void-linux/void-packages/pull/18477

sshguard: support dynamic firewall config and remove iptables dependency
sshguard uses iptables as an optional firewall backend, but also natively supports the nftables firewall. I removed the explicit iptables dependency from this package and added support for a "conf" file in the service (renamed to "sshguard" from "sshguard-socklog" because it is not inextricably linked to socklog) to allow the firewall and logger service dependencies to be dynamically changed. By default, the service still expects socklog-unix and iptables.

The rename will break /var/service links to the existing "sshguard-socklog", but the post-change behavior seems to make more sense.

A patch file from https://github.com/void-linux/void-packages/pull/18477.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sshguard-18477.patch --]
[-- Type: text/x-diff, Size: 2347 bytes --]

From 88c16f4d19b32f12e1086063f94ef6814cef0568 Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 22 Jan 2020 16:35:49 -0500
Subject: [PATCH] sshguard: support dynamic firewall config and remove iptables
 dependency

---
 srcpkgs/sshguard/files/sshguard-socklog/run |  5 -----
 srcpkgs/sshguard/files/sshguard/run         | 11 +++++++++++
 srcpkgs/sshguard/template                   |  5 ++---
 3 files changed, 13 insertions(+), 8 deletions(-)
 delete mode 100755 srcpkgs/sshguard/files/sshguard-socklog/run
 create mode 100755 srcpkgs/sshguard/files/sshguard/run

diff --git a/srcpkgs/sshguard/files/sshguard-socklog/run b/srcpkgs/sshguard/files/sshguard-socklog/run
deleted file mode 100755
index 720e4676785..00000000000
--- a/srcpkgs/sshguard/files/sshguard-socklog/run
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/sh
-sv check iptables >/dev/null || exit 1
-sv check socklog-unix >/dev/null || exit 1
-
-exec sshguard -l /var/log/socklog/secure/current -b 200:/var/db/sshguard/blacklist.db 2>&1
diff --git a/srcpkgs/sshguard/files/sshguard/run b/srcpkgs/sshguard/files/sshguard/run
new file mode 100755
index 00000000000..a63f90834fb
--- /dev/null
+++ b/srcpkgs/sshguard/files/sshguard/run
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+# Allow the firewall and logger backends to be specified
+[ -f ./conf ] && . ./conf
+
+sv check "${FIREWALL:-iptables}" >/dev/null || exit 1
+
+sv check "${LOGGER:-socklog-unix}" >/dev/null || exit 1
+LOGFILE="${LOGFILE:-/var/log/socklog/secure/current}"
+
+exec sshguard -l "$LOGFILE" -b 200:/var/db/sshguard/blacklist.db $OPTS 2>&1
diff --git a/srcpkgs/sshguard/template b/srcpkgs/sshguard/template
index 8c08d1f1120..0d3a5506373 100644
--- a/srcpkgs/sshguard/template
+++ b/srcpkgs/sshguard/template
@@ -1,10 +1,9 @@
 # Template file for 'sshguard'
 pkgname=sshguard
 version=2.4.0
-revision=1
+revision=2
 build_style=gnu-configure
 hostmakedepends="flex"
-depends="iptables"
 short_desc="Protects networked hosts from brute force attacks"
 maintainer="Lodvær <lodvaer@gmail.com>"
 license="BSD-3-Clause"
@@ -16,7 +15,7 @@ make_dirs="/var/db/sshguard 0755 root root"
 conf_files="/etc/sshguard.conf"
 
 post_install() {
-	vsv sshguard-socklog
+	vsv sshguard
 	vconf examples/sshguard.conf.sample sshguard.conf
 	vsed -i 's@/usr/local/@/usr/@g' ${DESTDIR}/etc/sshguard.conf
 	vlicense COPYING