diff --git a/fail2ban-exclude-ExecuteTimeoutWithNastyChildren-test.patch b/fail2ban-exclude-ExecuteTimeoutWithNastyChildren-test.patch deleted file mode 100644 index e55f400..0000000 --- a/fail2ban-exclude-ExecuteTimeoutWithNastyChildren-test.patch +++ /dev/null @@ -1,86 +0,0 @@ -diff -ur fail2ban-0.9.3-orig/fail2ban/tests/actiontestcase.py fail2ban-0.9.3/fail2ban/tests/actiontestcase.py ---- fail2ban-0.9.3-orig/fail2ban/tests/actiontestcase.py 2015-08-01 03:32:13.000000000 +0200 -+++ fail2ban-0.9.3/fail2ban/tests/actiontestcase.py 2015-09-07 08:37:30.842249270 +0200 -@@ -204,44 +204,44 @@ - or self._is_logged('sleep 60 -- timed out after 3 seconds')) - self.assertTrue(self._is_logged('sleep 60 -- killed with SIGTERM')) - -- def testExecuteTimeoutWithNastyChildren(self): -- # temporary file for a nasty kid shell script -- tmpFilename = tempfile.mktemp(".sh", "fail2ban_") -- # Create a nasty script which would hang there for a while -- with open(tmpFilename, 'w') as f: -- f.write("""#!/bin/bash -- trap : HUP EXIT TERM -- -- echo "$$" > %s.pid -- echo "my pid $$ . sleeping lo-o-o-ong" -- sleep 10000 -- """ % tmpFilename) -- -- def getnastypid(): -- with open(tmpFilename + '.pid') as f: -- return int(f.read()) -- -- # First test if can kill the bastard -- self.assertRaises( -- RuntimeError, CommandAction.executeCmd, 'bash %s' % tmpFilename, timeout=.1) -- # Verify that the proccess itself got killed -- self.assertFalse(pid_exists(getnastypid())) # process should have been killed -- self.assertTrue(self._is_logged('timed out')) -- self.assertTrue(self._is_logged('killed with SIGTERM')) -- -- # A bit evolved case even though, previous test already tests killing children processes -- self.assertRaises( -- RuntimeError, CommandAction.executeCmd, 'out=`bash %s`; echo ALRIGHT' % tmpFilename, -- timeout=.2) -- # Verify that the proccess itself got killed -- self.assertFalse(pid_exists(getnastypid())) -- self.assertTrue(self._is_logged('timed out')) -- self.assertTrue(self._is_logged('killed with SIGTERM')) -- -- os.unlink(tmpFilename) -- os.unlink(tmpFilename + '.pid') -- -- -+# def testExecuteTimeoutWithNastyChildren(self): -+# # temporary file for a nasty kid shell script -+# tmpFilename = tempfile.mktemp(".sh", "fail2ban_") -+# # Create a nasty script which would hang there for a while -+# with open(tmpFilename, 'w') as f: -+# f.write("""#!/bin/bash -+# trap : HUP EXIT TERM -+# -+# echo "$$" > %s.pid -+# echo "my pid $$ . sleeping lo-o-o-ong" -+# sleep 10000 -+# """ % tmpFilename) -+# -+# def getnastypid(): -+# with open(tmpFilename + '.pid') as f: -+# return int(f.read()) -+# -+# # First test if can kill the bastard -+# self.assertRaises( -+# RuntimeError, CommandAction.executeCmd, 'bash %s' % tmpFilename, timeout=.1) -+# # Verify that the proccess itself got killed -+# self.assertFalse(pid_exists(getnastypid())) # process should have been killed -+# self.assertTrue(self._is_logged('timed out')) -+# self.assertTrue(self._is_logged('killed with SIGTERM')) -+# -+# # A bit evolved case even though, previous test already tests killing children processes -+# self.assertRaises( -+# RuntimeError, CommandAction.executeCmd, 'out=`bash %s`; echo ALRIGHT' % tmpFilename, -+# timeout=.2) -+# # Verify that the proccess itself got killed -+# self.assertFalse(pid_exists(getnastypid())) -+# self.assertTrue(self._is_logged('timed out')) -+# self.assertTrue(self._is_logged('killed with SIGTERM')) -+# -+# os.unlink(tmpFilename) -+# os.unlink(tmpFilename + '.pid') -+# -+# - def testCaptureStdOutErr(self): - CommandAction.executeCmd('echo "How now brown cow"') - self.assertTrue(self._is_logged("'How now brown cow\\n'")) diff --git a/fail2ban-upstream-fix-ExecuteTimeoutWithNastyChildren-test.patch b/fail2ban-upstream-fix-ExecuteTimeoutWithNastyChildren-test.patch new file mode 100644 index 0000000..83a46fa --- /dev/null +++ b/fail2ban-upstream-fix-ExecuteTimeoutWithNastyChildren-test.patch @@ -0,0 +1,120 @@ +Only in fail2ban-0.9.3/: ChangeLog.orig +diff -ur fail2ban-0.9.3.orig/fail2ban/server/action.py fail2ban-0.9.3/fail2ban/server/action.py +--- fail2ban-0.9.3.orig/fail2ban/server/action.py 2015-08-01 03:32:13.000000000 +0200 ++++ fail2ban-0.9.3/fail2ban/server/action.py 2015-09-23 11:54:38.066927465 +0200 +@@ -560,32 +560,33 @@ + return True + + _cmd_lock.acquire() +- try: # Try wrapped within another try needed for python version < 2.5 ++ try: ++ retcode = None # to guarantee being defined upon early except + stdout = tempfile.TemporaryFile(suffix=".stdout", prefix="fai2ban_") + stderr = tempfile.TemporaryFile(suffix=".stderr", prefix="fai2ban_") +- try: +- popen = subprocess.Popen( +- realCmd, stdout=stdout, stderr=stderr, shell=True, +- preexec_fn=os.setsid # so that killpg does not kill our process +- ) +- stime = time.time() ++ ++ popen = subprocess.Popen( ++ realCmd, stdout=stdout, stderr=stderr, shell=True, ++ preexec_fn=os.setsid # so that killpg does not kill our process ++ ) ++ stime = time.time() ++ retcode = popen.poll() ++ while time.time() - stime <= timeout and retcode is None: ++ time.sleep(0.1) + retcode = popen.poll() +- while time.time() - stime <= timeout and retcode is None: +- time.sleep(0.1) +- retcode = popen.poll() +- if retcode is None: +- logSys.error("%s -- timed out after %i seconds." % +- (realCmd, timeout)) +- pgid = os.getpgid(popen.pid) +- os.killpg(pgid, signal.SIGTERM) # Terminate the process ++ if retcode is None: ++ logSys.error("%s -- timed out after %i seconds." % ++ (realCmd, timeout)) ++ pgid = os.getpgid(popen.pid) ++ os.killpg(pgid, signal.SIGTERM) # Terminate the process ++ time.sleep(0.1) ++ retcode = popen.poll() ++ if retcode is None: # Still going... ++ os.killpg(pgid, signal.SIGKILL) # Kill the process + time.sleep(0.1) + retcode = popen.poll() +- if retcode is None: # Still going... +- os.killpg(pgid, signal.SIGKILL) # Kill the process +- time.sleep(0.1) +- retcode = popen.poll() +- except OSError, e: +- logSys.error("%s -- failed with %s" % (realCmd, e)) ++ except OSError as e: ++ logSys.error("%s -- failed with %s" % (realCmd, e)) + finally: + _cmd_lock.release() + +@@ -603,15 +604,16 @@ + return True + elif retcode is None: + logSys.error("%s -- unable to kill PID %i" % (realCmd, popen.pid)) +- elif retcode < 0: +- logSys.error("%s -- killed with %s" % +- (realCmd, signame.get(-retcode, "signal %i" % -retcode))) ++ elif retcode < 0 or retcode > 128: ++ # dash would return negative while bash 128 + n ++ sigcode = -retcode if retcode < 0 else retcode - 128 ++ logSys.error("%s -- killed with %s (return code: %s)" % ++ (realCmd, signame.get(sigcode, "signal %i" % sigcode), retcode)) + else: + msg = _RETCODE_HINTS.get(retcode, None) + logSys.error("%s -- returned %i" % (realCmd, retcode)) + if msg: + logSys.info("HINT on %i: %s" + % (retcode, msg % locals())) +- return False +- raise RuntimeError("Command execution failed: %s" % realCmd) ++ return False + +diff -ur fail2ban-0.9.3.orig/fail2ban/tests/actiontestcase.py fail2ban-0.9.3/fail2ban/tests/actiontestcase.py +--- fail2ban-0.9.3.orig/fail2ban/tests/actiontestcase.py 2015-08-01 03:32:13.000000000 +0200 ++++ fail2ban-0.9.3/fail2ban/tests/actiontestcase.py 2015-09-23 11:54:38.074927626 +0200 +@@ -196,11 +196,10 @@ + def testExecuteTimeout(self): + stime = time.time() + # Should take a minute +- self.assertRaises( +- RuntimeError, CommandAction.executeCmd, 'sleep 60', timeout=2) ++ self.assertFalse(CommandAction.executeCmd('sleep 60', timeout=2)) + # give a test still 1 second, because system could be too busy + self.assertTrue(time.time() >= stime + 2 and time.time() <= stime + 3) +- self.assertTrue(self._is_logged('sleep 60 -- timed out after 2 seconds') ++ self.assertTrue(self._is_logged('sleep 60 -- timed out after 2 seconds') + or self._is_logged('sleep 60 -- timed out after 3 seconds')) + self.assertTrue(self._is_logged('sleep 60 -- killed with SIGTERM')) + +@@ -222,17 +221,16 @@ + return int(f.read()) + + # First test if can kill the bastard +- self.assertRaises( +- RuntimeError, CommandAction.executeCmd, 'bash %s' % tmpFilename, timeout=.1) ++ self.assertFalse(CommandAction.executeCmd( ++ 'bash %s' % tmpFilename, timeout=.1)) + # Verify that the proccess itself got killed + self.assertFalse(pid_exists(getnastypid())) # process should have been killed + self.assertTrue(self._is_logged('timed out')) + self.assertTrue(self._is_logged('killed with SIGTERM')) + + # A bit evolved case even though, previous test already tests killing children processes +- self.assertRaises( +- RuntimeError, CommandAction.executeCmd, 'out=`bash %s`; echo ALRIGHT' % tmpFilename, +- timeout=.2) ++ self.assertFalse(CommandAction.executeCmd( ++ 'out=`bash %s`; echo ALRIGHT' % tmpFilename, timeout=.2)) + # Verify that the proccess itself got killed + self.assertFalse(pid_exists(getnastypid())) + self.assertTrue(self._is_logged('timed out')) diff --git a/fail2ban.changes b/fail2ban.changes index 213ed88..90e4936 100644 --- a/fail2ban.changes +++ b/fail2ban.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Wed Sep 23 10:10:17 UTC 2015 - jweberhofer@weberhofer.at + +- Added fail2ban-upstream-fix-ExecuteTimeoutWithNastyChildren-test.patch + to fix the former failing test and removed + fail2ban-exclude-ExecuteTimeoutWithNastyChildren-test.patch + +- Do not longer create test-package. Developers should not use the packaged + version of fail2ban. + ------------------------------------------------------------------- Mon Sep 7 09:45:56 UTC 2015 - jweberhofer@weberhofer.at diff --git a/fail2ban.spec b/fail2ban.spec index dd16bcb..5803e2b 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -37,8 +37,8 @@ Source200: %{name}-rpmlintrc Patch100: fail2ban-opensuse-locations.patch # PATCH-FIX-OPENSUSE fail2ban-opensuse-service.patch jweberhofer@weberhofer.at -- openSUSE modifications to the service file Patch101: fail2ban-opensuse-service.patch -# PATCH-FIX-OPENSUSE fail2ban-exclude-ExecuteTimeoutWithNastyChildren-test.patch jweberhofer@weberhofer.at -- disable test which currently fails on some systems -Patch102: fail2ban-exclude-ExecuteTimeoutWithNastyChildren-test.patch +# PATCH-FIX-UPSTREAM fail2ban-upstream-fix-ExecuteTimeoutWithNastyChildren-test.patch jweberhofer@weberhofer.at -- fix failing test +Patch102: fail2ban-upstream-fix-ExecuteTimeoutWithNastyChildren-test.patch # PATCH-FIX-OPENSUSE fail2ban-disable-iptables-w-option.patch jweberhofer@weberhofer.at -- disable iptables "-w" option for older releases Patch200: fail2ban-disable-iptables-w-option.patch # PATCH-FIX-OPENSUSE fail2ban-exclude-dev-log-tests.patch jweberhofer@weberhofer.at -- remove tests that can't work on opensuse < 13.3 @@ -82,13 +82,6 @@ reject the IP address, can send e-mails, or set host.deny entries. These rules can be defined by the user. Fail2Ban can read multiple log files such as sshd or Apache web server ones. -%package tests -Summary: Test-cases for fail2ban -Group: System/Monitoring - -%description tests -This package contains fail2ban's testcases - %package -n SuSEfirewall2-fail2ban Summary: Files for integrating fail2ban into SuSEfirewall2 via systemd Group: Productivity/Networking/Security @@ -265,6 +258,10 @@ systemd-tmpfiles --create %{_libexecdir}/tmpfiles.d/%{name}.conf %{_mandir}/man5/* %doc README.md TODO ChangeLog COPYING doc/*.txt +# do not include tests as they are executed during the build process +%exclude %{_bindir}/fail2ban-testcases +%exclude %{python_sitelib}/%{name}/tests + %if 0%{?_unitdir:1} %files -n SuSEfirewall2-fail2ban %defattr(-,root,root) @@ -272,11 +269,6 @@ systemd-tmpfiles --create %{_libexecdir}/tmpfiles.d/%{name}.conf %{_unitdir}/fail2ban.service.d %endif -%files tests -%defattr(-,root,root) -%{_bindir}/fail2ban-testcases -%{python_sitelib}/%{name}/tests - %files -n nagios-plugins-fail2ban %defattr(-,root,root) %doc files/nagios/README COPYING