kumquat-buildroot/package/fail2ban/fail2ban.mk

################################################################################
#
# fail2ban
#
################################################################################

FAIL2BAN_VERSION = 0.11.2
FAIL2BAN_SITE = $(call github,fail2ban,fail2ban,$(FAIL2BAN_VERSION))
FAIL2BAN_LICENSE = GPL-2.0+
FAIL2BAN_LICENSE_FILES = COPYING
FAIL2BAN_CPE_ID_VENDOR = fail2ban
FAIL2BAN_SELINUX_MODULES = fail2ban
FAIL2BAN_SETUP_TYPE = distutils

# 0001-fixed-possible-RCE-vulnerability-unset-escape-variable.patch
FAIL2BAN_IGNORE_CVES += CVE-2021-32749

ifeq ($(BR2_PACKAGE_PYTHON3),y)
define FAIL2BAN_PYTHON_2TO3
	$(HOST_DIR)/bin/2to3 --write --nobackups --no-diffs $(@D)/bin/* $(@D)/fail2ban
endef
FAIL2BAN_DEPENDENCIES += host-python3
# We can't use _POST_PATCH_HOOKS because dependencies are not guaranteed
# to build and install before _POST_PATCH_HOOKS run.
FAIL2BAN_PRE_CONFIGURE_HOOKS += FAIL2BAN_PYTHON_2TO3
endif

define FAIL2BAN_FIX_DEFAULT_CONFIG
	$(SED) '/^socket/c\socket = /run/fail2ban.sock' $(TARGET_DIR)/etc/fail2ban/fail2ban.conf
	$(SED) '/^pidfile/c\pidfile = /run/fail2ban.pid' $(TARGET_DIR)/etc/fail2ban/fail2ban.conf
	$(SED) '/^dbfile/c\dbfile = None' $(TARGET_DIR)/etc/fail2ban/fail2ban.conf
endef
FAIL2BAN_POST_INSTALL_TARGET_HOOKS += FAIL2BAN_FIX_DEFAULT_CONFIG

# fail2ban-python points to host python
define FAIL2BAN_FIX_FAIL2BAN_PYTHON_SYMLINK
	ln -snf $(if $(BR2_PACKAGE_PYTHON),python,python3) \
		$(TARGET_DIR)/usr/bin/fail2ban-python
endef
FAIL2BAN_POST_INSTALL_TARGET_HOOKS += FAIL2BAN_FIX_FAIL2BAN_PYTHON_SYMLINK

define FAIL2BAN_INSTALL_INIT_SYSV
	$(INSTALL) -D -m 755 package/fail2ban/S60fail2ban \
		$(TARGET_DIR)/etc/init.d/S60fail2ban
endef

define FAIL2BAN_INSTALL_INIT_SYSTEMD
	$(INSTALL) -D -m 0644 $(@D)/files/fail2ban.service.in \
		$(TARGET_DIR)/usr/lib/systemd/system/fail2ban.service
	$(SED) 's,@BINDIR@,/usr/bin,g' $(TARGET_DIR)/usr/lib/systemd/system/fail2ban.service
	$(SED) '/^PIDFile/c\PIDFile=/run/fail2ban.pid' $(TARGET_DIR)/usr/lib/systemd/system/fail2ban.service
endef

$(eval $(python-package))