extra/fail2ban/PKGBUILD

# Maintainer: Jesus E. <heckyel@riseup.net>

pkgname=fail2ban
pkgver=0.11.2
_debver=$pkgver
_debrel=2
pkgrel=2
pkgdesc="Bans IPs after too many failed authentication attempts"
url='https://www.fail2ban.org/'
license=('GPL-2')
arch=('any')
depends=('nftables' 'python-pyinotify' 'whois' 'sqlite' 'logrotate')
makedepends=('python-setuptools' 'quilt')
backup=(etc/fail2ban/fail2ban.conf
        etc/fail2ban/jail.conf
        etc/logrotate.d/fail2ban
        etc/conf.d/fail2ban)
source=("${pkgname}-${pkgver}.tar.gz::https://github.com/fail2ban/$pkgname/archive/${pkgver}.tar.gz"
        "https://deb.debian.org/debian/pool/main/f/fail2ban/fail2ban_${_debver}-${_debrel}.debian.tar.xz"
        "fail2ban-0.11.2_CVE-2021-32749.patch"
        "fail2ban.confd"
        "fail2ban.logrotate"
        "fail2ban.initd"
        "fail2ban.run"
	"jail.conf.patch"
        "ssh.jaild"
        "sshd.filterd"
        "sshd-ddos.filterd"
        "paths-hyperbola.conf")
sha512sums=('46b27abd947b00ea64106dbac563ef8afef38eec86684024d47d9a0e8c1969ff864ad6df7f4f8de2aa3eb1af6d769fb6796592d9f0e35521d5f95f17b8cade97'
            '59229a28ee7bab521a1422b245f0dd970db172c8878346779340b6c574979b5bbd0cfbef1316c22d9546922c28029e3273159189974e4a3a53226b6e50149b91'
            '994de8a4fdd4535607cd1b21553266de015b57bdb7f84f931973cb4b3cadd93fb2fda2d402a4ecccf505dffabf146cd9eae2cd0b635c3cb3dfa2d312539d41be'
            'f23df51fe1d2ef89448529e16bca61a2acaa9967490724c2dab559d7d601784057fb77e84343687f36cf57dc035f01b84405d7e48f1706942f7671ab528be858'
            'ee1c229db970239ebc707cd484a650fcf2347c70b411728ee2a4a35a72f4118cfccecf2a221275603320e0332efcc16e4979201933cec1aef1c5d5a082fc4940'
            '5c3fad0a89b43853f00689a3ecafeeef889f3057999eafc66aceaaf92e8081ca9a126dadbf7f6724ba769436954f878e3a564479288cf8c4a606f1b1ac5342da'
            '1b10bd72966f15512a8db7aec4025b3bd4e1d4065b6da4f3b9bc0f9e1e8fe09b1dbcffb81acc89151e54e8061bd79cc3f22af68e431a623dbec8456bd7c0bbd7'
            '84d10adb43e68ea2786621b39ae5faa7425c7bff0bfc747528df54d1bb1f40cd62678afaaa794e5d4a3c2d22cdf3eb73f19f71c19206484f4cdf0294f2b253e0'
            '5ed2c3641650bbf35962d7616e93649e82af48778d8eeca96f47cb50ede4cd81173454ca422c032809d79b317718c7b1e3386e6fbbf7e24df87e64a37cb552a5'
            '3e8e08d5e349e857b51ce34a9d968f16661b34e1cec06bec0aa9a32723bbe9be5a9890dd479331a9cc860821d33b1bf3b8e995182e319dead5a3d434b1816304'
            '36a81b771be0b36fe0dfb5ee4c72c9cb5b504e110618a8eb6f0f241b4e57d92df01dc5cc04b6b68d5bc6a5e6d68de1000092770285d7a328e5937e50b4b226a3'
            '911178352bd41e1d2428097758278424c712ece8150de10abf9e0ade52a97ad975634342b3ff422ee4851364d61d7a1546e75a27fe7270bea88dc2b9d8dee99a')

prepare() {
  cd $pkgname-$pkgver

  if [[ $pkgver = $_debver ]]; then
    # Debian patches
    export QUILT_PATCHES=debian/patches
    export QUILT_REFRESH_ARGS='-p ab --no-timestamps --no-index'
    export QUILT_DIFF_ARGS='--no-timestamps'

    mv "$srcdir"/debian .

    # Doesn't apply
    rm -v debian/patches/deb_manpages_reportbug || true
    rm -v debian/patches/deb_no_iptables_service || true
    rm -v debian/patches/python3-test-suite.diff || true
    rm -v debian/patches/fix-mail.patch || true

    quilt push -av
  fi

  sed -i 's/^before = paths-debian.conf/before = paths-hyperbola.conf/' config/jail.conf
  sed -i 's|self.install_dir|"/usr/bin"|' setup.py
  patch -Np1 -i "$srcdir/fail2ban-0.11.2_CVE-2021-32749.patch"

  # Use nftables by default
  patch -Np1 -i "$srcdir/jail.conf.patch"
}

build() {
  cd $pkgname-$pkgver
  ./fail2ban-2to3
  python setup.py build
}

package() {
  cd $pkgname-$pkgver
  python setup.py install --prefix /usr --root "$pkgdir" --optimize=1

  install -Dm0755 "$srcdir"/fail2ban.run \
    "$pkgdir"/etc/sv/fail2ban/run
  install -Dm755 $srcdir/fail2ban.initd \
    "$pkgdir"/etc/init.d/fail2ban
  install -Dm644 "$srcdir"/fail2ban.confd \
    "$pkgdir"/etc/conf.d/fail2ban
  install -Dm644 "$srcdir"/fail2ban.logrotate \
    "$pkgdir"/etc/logrotate.d/fail2ban
  install -Dm644 files/bash-completion \
    "$pkgdir"/usr/share/bash-completion/completions/fail2ban
  install -Dm644 "$srcdir"/ssh.jaild \
    "$pkgdir"/etc/fail2ban/jail.d/ssh.conf
  install -Dm644 "$srcdir"/sshd.filterd \
    "$pkgdir"/etc/fail2ban/filter.d/sshd.conf
  install -Dm644 "$srcdir"/sshd-ddos.filterd \
    "$pkgdir"/etc/fail2ban/filter.d/sshd-ddos.conf

  chmod o+r "$pkgdir"/usr/lib/python3*/site-packages/fail2ban*.egg-info/*

  install -Dm644 man/fail2ban.1 "$pkgdir"/usr/share/man/man1/fail2ban.1
  install -Dm644 man/fail2ban-client.1 \
    "$pkgdir"/usr/share/man/man1/fail2ban-client.1
  install -Dm644 man/fail2ban-regex.1 \
    "$pkgdir"/usr/share/man/man1/fail2ban-regex.1
  install -Dm644 man/fail2ban-server.1 \
    "$pkgdir"/usr/share/man/man1/fail2ban-server.1
  install -Dm644 man/jail.conf.5 "$pkgdir"/usr/share/man/man5/jail.conf.5

  cp "$srcdir"/paths-hyperbola.conf "$pkgdir"/etc/$pkgname
  rm "$pkgdir"/etc/$pkgname/paths-{osx,debian,freebsd,arch,fedora,opensuse}.conf
  rm -r "$pkgdir/run"
  install -Dm644 COPYING -t $pkgdir/usr/share/licenses/$pkgname
}