Re: [meta-security][PATCH] fail2ban: update to 1.1.0+

[Rasmus Villemoes <rasmus.villemoes@prevas.dk>]

akuster808 <akuster808@gmail.com> writes:

> On 7/8/24 9:11 AM, Rasmus Villemoes wrote:
>> From: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
>>
>> Current 1.0.2 version does not work with scarthgap or later releases,
>> as the asynchat module has been removed (as scheduled) from python's
>> stdlib as of v3.12.
>>
>> fail2ban 1.1.0 also does not work out-of-the-box, as the distutils
>> module which the pyinotify and systemd backends depend has also been
>> removed.
>>
>> So update the recipe to point at commit ac62658c10f4, which fixes
>> those two backends to no longer depend on distutils.
>>
>> Upstream's out-of-the-box ban action now uses the 'nft'
>> command. People can still override and customize that in
>> jail.conf/jail.local, but to make the recipe useful without
>> customizing things back to use iptables, change the dependency
>> iptables->nftables.
>>
>> Since 1.1.0, fail2ban has been python3-only, so the recipe becomes
>> somewhat simpler since the whole do_compile preparation step can be
>> removed.
>
> I am seeing an install error, see:
> https://errors.yoctoproject.org/Errors/Details/791129/

Hm, I assume that's a WORKDIR->UNPACKDIR fallout. I'm on scarthgap,
where UNPACKDIR doesn't exist, so I think my patch is correct for that
branch. I'm happy to send a separate version for master, but I can't
test that myself currently.

I do think it's simply a matter of replacing the WORKDIR in
${WORKDIR}/initd by UNPACKDIR, but I'm not completely sure.

Rasmus