Accepting request 200162 from security

I've added a systemd service file for openSUSE >= 12.3. Previous systemd based versions would require an additional variant of the service file, because SuSEfirewall2.service (which is an ordering dependency) used to be named SuSEfirewall2_setup.service in these versions. I don't think it would be worth the trouble of adding yet another switch, but I can of course do so if desired. (forwarded request 199913 from marc_schuetz) OBS-URL: https://build.opensuse.org/request/show/200162 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/fail2ban?expand=0&rev=29
2013-09-23 14:04:07 +00:00 · 2013-09-23 14:04:07 +00:00 · 7831ea0a7a
commit 7831ea0a7a
parent 4b07b21ccb afdd4dcfb1
4 changed files with 65 additions and 2 deletions
--- a/fail2ban.changes
+++ b/fail2ban.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Sat Sep 21 11:38:29 UTC 2013 - schuetzm@gmx.net
+
+- Added systemd service file and systemd-tmpfiles configuration
+
 -------------------------------------------------------------------
 Thu Jun 13 08:58:53 UTC 2013 - jweberhofer@weberhofer.at

--- a/fail2ban.service
+++ b/fail2ban.service
@ -0,0 +1,15 @@
+[Unit]
+Description=Bans IPs with too many authentication failures
+After=network.target SuSEfirewall2.service
+
+[Service]
+Type=forking
+EnvironmentFile=-/etc/sysconfig/fail2ban
+PIDFile=/run/fail2ban/fail2ban.pid
+ExecStart=/usr/bin/fail2ban-client -x $FAIL2BAN_OPTIONS start
+ExecReload=/usr/bin/fail2ban-client reload
+ExecStop=/usr/bin/fail2ban-client stop
+
+[Install]
+WantedBy=multi-user.target
+
--- a/fail2ban.spec
+++ b/fail2ban.spec
@ -28,6 +28,10 @@ Requires:       python-pyinotify
 %if 0%{?suse_version} >= 1220
 Requires:       python-gamin
 %endif
+%if 0%{?suse_version} >= 1230
+%{?systemd_requires}
+BuildRequires:  systemd
+%endif
 BuildRequires:  logrotate
 BuildRequires:  python-devel
 PreReq:         %fillup_prereq
@ -41,9 +45,15 @@ License:        GPL-2.0+
 Group:          Productivity/Networking/Security
 #URL            https://codeload.github.com/fail2ban/fail2ban/tar.gz/0.8.9
 Source0:        %{name}-%{version}.tar.gz
+%if 0%{?suse_version} < 1230
 Source1:        %{name}.init
+%endif
 Source2:        %{name}.sysconfig
 Source3:        %{name}.logrotate
+%if 0%{?suse_version} >= 1230
+Source4:        %{name}.service
+Source5:        %{name}.tmpfiles
+%endif

 %description
 Fail2ban scans log files like /var/log/messages and bans IP addresses
@ -72,23 +82,50 @@ for i in fail2ban-client fail2ban-regex fail2ban-server; do
 done
 install -d -m755 $RPM_BUILD_ROOT/%{_initrddir}
 install -d -m755 $RPM_BUILD_ROOT/%{_sbindir}
+%if 0%{?suse_version} < 1230
 install -m755 %{SOURCE1} $RPM_BUILD_ROOT/%{_initrddir}/%{name}
 ln -sf %{_initrddir}/%{name} ${RPM_BUILD_ROOT}%{_sbindir}/rc%{name}
+%endif
 install -d -m755 $RPM_BUILD_ROOT/var/adm/fillup-templates
 install -m 644 %{SOURCE2} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.%{name}

 install -d -m755 $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d
 install -m 644 %{SOURCE3}  $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/fail2ban

+%if 0%{?suse_version} >= 1230
+install -d -m755 $RPM_BUILD_ROOT/%{_unitdir}
+install -m644 %{SOURCE4} $RPM_BUILD_ROOT/%{_unitdir}/%{name}.service
+
+install -d -m755 $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/
+install -m644 %{SOURCE5} $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/%{name}.conf
+%endif
+
+%pre
+%if 0%{?suse_version} >= 1230
+%service_add_pre %{name}.service
+%endif
+
 %post
 %{fillup_only}
+%if 0%{?suse_version} >= 1230
+systemd-tmpfiles --create /usr/lib/tmpfiles.d/%{name}.conf
+%service_add_post %{name}.service
+%endif

 %preun
+%if 0%{?suse_version} >= 1230
+%service_del_preun %{name}.service
+%else
 %stop_on_removal %{name}
+%endif

 %postun
+%if 0%{?suse_version} >= 1230
+%service_del_postun %{name}.service
+%else
 %restart_on_update %{name}
 %insserv_cleanup
+%endif

 %files
 %defattr(-, root, root)
@ -99,11 +136,16 @@ install -m 644 %{SOURCE3}  $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/fail2ban
 %config(noreplace) %{_sysconfdir}/%{name}/action.d/*.conf
 %config(noreplace) %{_sysconfdir}/%{name}/filter.d/*.conf
 %config %{_sysconfdir}/logrotate.d/fail2ban
+%if 0%{?suse_version} >= 1230
+%{_unitdir}/%{name}.service
+/usr/lib/tmpfiles.d/%{name}.conf
+%else
 %{_initrddir}/%{name}
-%{_bindir}/%{name}*
 %{_sbindir}/rc%{name}
-%{_datadir}/%{name}
 %dir %ghost /var/run/%{name}
+%endif
+%{_bindir}/%{name}*
+%{_datadir}/%{name}
 /var/adm/fillup-templates/sysconfig.%{name}
 %doc %{_mandir}/man1/*
 %doc COPYING ChangeLog DEVELOP README.md TODO files/cacti
--- a/fail2ban.tmpfiles
+++ b/fail2ban.tmpfiles
@ -0,0 +1 @@
+d /run/fail2ban 0755 root root