Fail2ban packaging for OpenWrt and python3

erdoukki · March 9, 2021, 8:15am

may be redundant with Fail2ban package, guidelines for Python3 but it is a new attempt to package fail2ban for OpenWrt.
My work is based on : https://github.com/peci1/fail2ban_openwrt/issues/4#
The actual fork is here : https://github.com/erdoukki/fail2ban_openwrt/tree/master/package/fail2ban

Actually I cannot compile it, because of a build error.
I have question about python3 packages for OpenWrt, is there any guidelines ?
I try to check some new packages from the repository but all looks like taking different methods...
I also have a python3-pip dependence from fail2ban, how can I achieved it ?
With another package of the pip library ? so any guidelines again about it ? or directly from my main makefile ???

For reference, the official fail2ban wiki is here ; https://github.com/fail2ban/fail2ban/wiki/How-to-test-newer-fail2ban-version-resp.-use-fail2ban-standalone-instance

erdoukki · March 9, 2021, 11:10am

gerald@P3530:/media/gerald/EBINDEV/DEVEL/OWRT/snapshot/openwrt$ make package/fail2ban/compile -j9
Makefile:138: warning: overriding recipe for target '/media/gerald/EBINDEV/DEVEL/OWRT/snapshot/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-mvebu_cortexa53/tmp/openwrt-snapshot-mvebu-cortexa53-methode_udpu-firmware.tgz'
Makefile:138: warning: ignoring old recipe for target '/media/gerald/EBINDEV/DEVEL/OWRT/snapshot/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-mvebu_cortexa53/tmp/openwrt-snapshot-mvebu-cortexa53-methode_udpu-firmware.tgz'
Makefile:138: warning: overriding recipe for target '/media/gerald/EBINDEV/DEVEL/OWRT/snapshot/openwrt/bin/targets/mvebu/cortexa53/openwrt-snapshot-mvebu-cortexa53-methode_udpu-firmware.tgz.gz'
Makefile:138: warning: ignoring old recipe for target '/media/gerald/EBINDEV/DEVEL/OWRT/snapshot/openwrt/bin/targets/mvebu/cortexa53/openwrt-snapshot-mvebu-cortexa53-methode_udpu-firmware.tgz.gz'
Makefile:138: warning: overriding recipe for target '/media/gerald/EBINDEV/DEVEL/OWRT/snapshot/openwrt/bin/targets/mvebu/cortexa53/openwrt-snapshot-mvebu-cortexa53-methode_udpu-firmware.tgz'
Makefile:138: warning: ignoring old recipe for target '/media/gerald/EBINDEV/DEVEL/OWRT/snapshot/openwrt/bin/targets/mvebu/cortexa53/openwrt-snapshot-mvebu-cortexa53-methode_udpu-firmware.tgz'
Makefile:138: warning: overriding recipe for target '/media/gerald/EBINDEV/DEVEL/OWRT/snapshot/openwrt/build_dir/target-aarch64_cortex-a53_musl/json_info_files/openwrt-snapshot-mvebu-cortexa53-methode_udpu-firmware.tgz.json'
Makefile:138: warning: ignoring old recipe for target '/media/gerald/EBINDEV/DEVEL/OWRT/snapshot/openwrt/build_dir/target-aarch64_cortex-a53_musl/json_info_files/openwrt-snapshot-mvebu-cortexa53-methode_udpu-firmware.tgz.json'
time: target/linux/prereq#0.08#0.05#0.12
 make[1] package/fail2ban/compile
 make[2] -C package/utils/bzip2 host-compile
 make[2] -C feeds/packages/libs/libffi host-compile
 make[2] -C feeds/packages/libs/expat host-compile
 make[2] -C package/libs/ncurses host-compile
 make[2] -C package/libs/toolchain compile
 make[2] -C feeds/packages/lang/python/python3 host-compile
 make[2] -C feeds/packages/lang/python/python-pip-conf compile
 make[2] -C feeds/packages/libs/gdbm clean-build
 make[2] -C feeds/packages/utils/xz clean-build
 make[2] -C package/libs/openssl clean-build
 make[2] -C package/libs/zlib clean-build
 make[2] -C feeds/packages/libs/libffi clean-build
 make[2] -C feeds/packages/utils/xz compile
 make[2] -C package/libs/openssl compile
 make[2] -C feeds/packages/libs/gdbm compile
 make[2] -C package/libs/zlib compile
 make[2] -C feeds/packages/libs/libffi compile
 make[2] -C package/libs/gettext compile
 make[2] -C package/libs/libiconv compile
 make[2] -C package/system/ca-certificates clean-build
 make[2] -C package/utils/bzip2 clean-build
 make[2] -C package/system/ca-certificates compile
 make[2] -C package/utils/bzip2 compile
 make[2] -C feeds/packages/utils/inotify-tools clean-build
 make[2] -C feeds/packages/utils/inotify-tools compile
 make[2] -C feeds/packages/libs/sqlite3 clean-build
 make[2] -C feeds/packages/libs/libxml2 clean-build
 make[2] -C feeds/packages/libs/sqlite3 compile
 make[2] -C feeds/packages/libs/libxml2 compile
 make[2] -C package/libs/ncurses clean-build
 make[2] -C package/libs/ncurses compile
 make[2] -C package/utils/util-linux clean-build
 make[2] -C package/utils/util-linux compile
 make[2] -C feeds/packages/libs/db47 clean-build
 make[2] -C feeds/packages/libs/db47 compile
 make[2] -C feeds/packages/lang/python/python3 clean-build
 make[2] -C feeds/packages/lang/python/python3 compile
 make[2] -C feeds/packages/lang/python/python-dns clean-build
 make[2] -C /media/gerald/EBINDEV/DEVEL/OWRT/fail2ban/fail2ban_openwrt/package/pyinotify clean-build
 make[2] -C /media/gerald/EBINDEV/DEVEL/OWRT/fail2ban/fail2ban_openwrt/package/pyinotify compile
 make[2] -C feeds/packages/lang/python/python-dns compile
 make[2] -C /media/gerald/EBINDEV/DEVEL/OWRT/fail2ban/fail2ban_openwrt/package/fail2ban clean-build
 make[2] -C /media/gerald/EBINDEV/DEVEL/OWRT/fail2ban/fail2ban_openwrt/package/fail2ban compile

all works fine now...

working Makefile

#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#

include $(TOPDIR)/rules.mk

PKG_NAME:=fail2ban
PKG_VERSION:=0.11.2
PKG_RELEASE:=1

PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=$(PKG_VERSION)
PKG_SOURCE_URL:=https://github.com/fail2ban/fail2ban
PKG_MIRROR_HASH:=1899888a178e2a7d8b7234afcd96387559a7781fb4aa621c9288258e74753f47

PKG_MAINTAINER:=Gerald Kerma <gandalf@gk2.net>
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=LICENSE.txt

include $(INCLUDE_DIR)/package.mk
include $(TOPDIR)/feeds/packages/lang/python/python3-package.mk

define Package/fail2ban
	SECTION:=net
	CATEGORY:=Network
	TITLE:=ban hosts that cause multiple authentication errors
	URL:=https://www.fail2ban.org/
	DEPENDS:= \
		+libinotifytools	\
		+python3-pyinotify	\
		+python3-light		\
		+python3-dns		\
		+python3-ctypes		\
		+python3-distutils	\
		+python3-email		\
		+python3-logging	\
		+python3-sqlite3	\
		+python3-urllib		\
		+python3-lib2to3	\
		+python3-setuptools
endef

define Package/fail2ban/description
Fail2Ban scans log files like /var/log/auth.log and bans IP addresses conducting too many failed login attempts.
endef

define Package/fail2ban/conffiles
/etc/fail2ban/
/etc/config/fail2ban
endef

define Py3Package/fail2ban/install
	$(INSTALL_DIR) $(1)/usr/bin
	$(CP) $(PKG_INSTALL_DIR)/usr/bin/* $(1)/usr/bin/

	$(INSTALL_DIR) $(1)/etc/fail2ban/action.d
	$(CP) ./files/etc/fail2ban/action.d/* $(1)/etc/fail2ban/action.d/

	$(INSTALL_DIR) $(1)/etc/init.d
	$(CP) ./files/etc/init.d/fail2ban.init $(1)/etc/init.d/fail2ban

	$(INSTALL_DIR) $(1)/etc/fail2ban/fail2ban.d
	$(CP) ./files/etc/fail2ban/fail2ban.d/uci.conf $(1)/etc/fail2ban/fail2ban.d/uci.conf

	$(INSTALL_DIR) $(1)/etc/config
	$(INSTALL_CONF) ./files/etc/config/fail2ban $(1)/etc/config/fail2ban
endef

define Package/fail2ban/postinst
#!/bin/sh
[ -n "$${IPKG_INSTROOT}" ] || {
        /etc/init.d/fail2ban enable
        /etc/init.d/fail2ban restart 2>/dev/null
}
endef

define Package/fail2ban/prerm
#!/bin/sh
[ -n "$${IPKG_INSTROOT}" ] || {
        /etc/init.d/fail2ban disable
        /etc/init.d/fail2ban stop
}
endef

$(eval $(call Py3Package,fail2ban))
$(eval $(call BuildPackage,fail2ban))
$(eval $(call BuildPackage,fail2ban-src))

here somes first tests and issues :

root@BORNE3:~# ls -hal /usr/bin/fail2ban-python 
lrwxrwxrwx    1 root     root          83 Mar  9 17:11 /usr/bin/fail2ban-python -> /media/gerald/EBINDEV/DEVEL/OWRT/snapshot/openwrt/staging_dir/hostpkg/bin/python3.9

root@BORNE3:~# rm /usr/bin/fail2ban-python
root@BORNE3:~# ln -s /usr/bin/python3 /usr/bin/fail2ban-python
root@BORNE3:~# fail2ban-python --version
Python 3.7.10
root@BORNE3:~# fail2ban-server 
Traceback (most recent call last):
  File "/usr/bin/fail2ban-server", line 34, in <module>
    from fail2ban.client.fail2banserver import exec_command_line, sys
ModuleNotFoundError: No module named 'fail2ban'
root@BORNE3:~# fail2ban-server --version
Traceback (most recent call last):
  File "/usr/bin/fail2ban-server", line 34, in <module>
    from fail2ban.client.fail2banserver import exec_command_line, sys
ModuleNotFoundError: No module named 'fail2ban'
root@BORNE3:~#

erdoukki · March 10, 2021, 5:41pm

mixing package with different version of python is a bad idea...

I have the packages fail2ban and pyinotify ok with the snapshot build, but I want them for 19.07 and I cannot get these two packages to build.

Anyone have advice of the differences between 19.07 and snapshot, for python packages ?

In case of upstream proposal, do I need to do two different PR and maintain also as so much as differents pacakges ?

erdoukki · March 11, 2021, 9:10am

fixed and proposed upstream https://github.com/openwrt/packages/pull/15095 for 19.07...
Will do another PR for master (21.02)...
Binaries available for testing !

erdoukki · March 14, 2021, 10:14am

PR : https://github.com/openwrt/packages/pull/15098
issue : https://github.com/openwrt/packages/issues/15099

erdoukki · March 24, 2021, 9:19am

Still waiting for review...
And testing from users and developpers...

system · April 3, 2021, 9:19am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.