diff options
Diffstat (limited to 'net-analyzer/fail2ban')
| -rw-r--r-- | net-analyzer/fail2ban/Manifest | 4 | ||||
| -rw-r--r-- | net-analyzer/fail2ban/fail2ban-0.11.2-r3.ebuild | 134 | ||||
| -rw-r--r-- | net-analyzer/fail2ban/fail2ban-9999.ebuild | 27 | ||||
| -rw-r--r-- | net-analyzer/fail2ban/files/fail2ban-0.11.2-upstream-openrc.patch | 247 |
4 files changed, 397 insertions, 15 deletions
diff --git a/net-analyzer/fail2ban/Manifest b/net-analyzer/fail2ban/Manifest index c8cd38e9f6fd..ae3f333ae567 100644 --- a/net-analyzer/fail2ban/Manifest +++ b/net-analyzer/fail2ban/Manifest @@ -3,9 +3,11 @@ AUX fail2ban-0.11.2-fix-2to3-usage.patch 3905 BLAKE2B f159ac35845bb32f71e5f24e8e AUX fail2ban-0.11.2-fix-py3.10-collections.patch 949 BLAKE2B eebed48d15c6a1dcbe00744794c47b460d12cdaee408bd19a48f333aeb6bb5aaedc2ec5d3ce46f32b3830d9ad97a98a635d9822b397d1cce0522936c073f63bd SHA512 ec778e5924253a4f1ebb18c49193e9b2db3a9dc18fd239af582d2b6eb3cbc7aafc12008fe008d0e56bfd345709c6aac9388127650dd52e0f3401746f11ba1179 AUX fail2ban-0.11.2-fix-systemd-test.patch 863 BLAKE2B 4f506097ceb1d62a076d695a5286075847e1f5757603c2c670f7bfdfd9c5ab6e4844300ff2488c0e5ee9a357a79cbdabaca9c591bc3d664f2f548c57b6638810 SHA512 d47b081f4271a645f56a0ccebbb2af67a0b0e278c192cf12345bb22a988330dff59fcbb0ee838245bbcfe1bf69c1dcc8355ef714a48cf2104c154673dc8a47b6 AUX fail2ban-0.11.2-fix-tests-for-2021.patch 1821 BLAKE2B 52fae8ace32d6205d290d7e3a57378e10398742a735e9bf734d1ba4c6ff73abeb7bff8d0f76924c815a1dcdd7e57bf1a584956e1c03ff0db93f20ce68f1c8176 SHA512 a3db4065b5e815d409318c7aeb0f2fac87b2f91f7b1923a4c1684cbc97eb086ccd0fab993270d8c84d6f9da911f467d391689f312d89cea7cc6d59c20cfd39b0 +AUX fail2ban-0.11.2-upstream-openrc.patch 8205 BLAKE2B ee85888dbd5ed9b7aa5b8edaba7a0eff430df4677b33c37223d04b46d8b39ff29ded81be8fdd77d0e92e14654e2fb9726064772232af393a053bd3234843218b SHA512 bc4d3ba2c8c1008efe128abe07f6c5125479bf4fb5b96c38b9e5e6401da30faf1a58242b1e01e71638ff922c7e020e16b789f013a0227a8aa6f5bba232dacfd4 DIST fail2ban-0.11.2.tar.gz 559552 BLAKE2B 0c61c1d5f6eb23d585533fbb84e69343cb305df188537a97002489318292c6056447c4c221c9d4d4cde6cca52f0c2fb877b597957f703e4d6707801a646e52b0 SHA512 46b27abd947b00ea64106dbac563ef8afef38eec86684024d47d9a0e8c1969ff864ad6df7f4f8de2aa3eb1af6d769fb6796592d9f0e35521d5f95f17b8cade97 EBUILD fail2ban-0.11.2-r1.ebuild 3765 BLAKE2B 01ce7f4b17f4a0aae2961ddbb245039fa321be59ae33f2c92484727ea4fd66ef9e7256b1e47ab715b22fe1754837abcfd18d4ae99c617ff5b809133e12bd3ca2 SHA512 7b38b4e8a5c9b0e604ee713e064ec246e7d1ce1b0d07c0e04111a267672c3270b9c8f378dcac9a2f8f0f43a51d9b363d4d76da6e354cf76f9974ecad89375206 EBUILD fail2ban-0.11.2-r2.ebuild 3824 BLAKE2B d36184227c44053704df6abcf4055992d24a54e0bfdf30c1412d9bf0e73773590933a77e730e1a3ec33a1034819c99e6f51db8a6451c10e8fffaff1aaac7d0a5 SHA512 0dc0efe83b81a2fcdc01e94ee299f08785f0d0da8b69c5ef8e69535dd0250996a4be1104d6ea22b49fb79e1b5ec16aca4e30c635b57388e5ad3569681783b7e6 +EBUILD fail2ban-0.11.2-r3.ebuild 3812 BLAKE2B cf8ef1ffe073bd274e0a95728b2c5999eb7a8bfbfcf5db961188e8ffc985c5581d57d8b8ad48e1022deccc9c758d94bec8d88314623b9cb2861c404bba6a027c SHA512 c8593db77a44135af70ea63f5ab0c9e98202689c6003946d6cd44f4eb279b6fd81d5113aa5cda0ea85ac855be25637fce6165c6810a4ac836b6106368ed40d21 EBUILD fail2ban-0.11.2.ebuild 3624 BLAKE2B d0329d4f393ff4fad9d8a89ea297d1105f50b1756448b5c22df469a01d6f2d07c87b2d0bb7d2c399235a3a06831ef4b11f1bfeaa98c47bc855837037641eee1f SHA512 87b1a06d7ea32e04fd5422bbf4f7845e318fc9938101e1e6b3a39988aa752c2a15d75cffb1c0de47ad0c3ab1202b5a32c26e2f85314b68737aebd395487e7642 -EBUILD fail2ban-9999.ebuild 3647 BLAKE2B d8f991763425786647a84c1323ab5c660be6bf5accbe2a3d97b771b55f83880d59b40205fa4dd70699a15f04c5ab6ef634fc00962b8ed8018da668b6fbf71f08 SHA512 95d57eb6462f8907a9c9bc0632213935f62a8741350c0b8878765399bf413496ece5b1e0b1cf7a3d58e5b7fba0730ff3261e5201f346c11f779eb7973bcc8174 +EBUILD fail2ban-9999.ebuild 3642 BLAKE2B 09655e688c3157bb524b66edf8ff159ba8327fb765dbe6df9ad5c7f0a4be7bda1090e70640bc1f993df46296043c3d0faf1d2cc2d04e808beae836752338f53a SHA512 3cc3a9f0837c1e1f9c7fa987b7c87c57a58664555b4a023d7c13074453fe5657d5d00f605822f8416b2c0194dc09fc67436f863159d797d92ab6153ed9efc97b MISC metadata.xml 357 BLAKE2B a5dee8c760b80bbfad6bca9a7adae797eda34b9db80716db8842c6813b4ed25ed4707290756dc869a7db4163de1ff6114c1995fcc2c485df1bcc6cad9c9a8f14 SHA512 9877a507bd3617c33351036317c5dc7855a1024d8f04f76a57edb93bd80e62b2b7c4f35784f447e94497305eab33246ae5913ba36ea001aa9068d1f91aeee9f0 diff --git a/net-analyzer/fail2ban/fail2ban-0.11.2-r3.ebuild b/net-analyzer/fail2ban/fail2ban-0.11.2-r3.ebuild new file mode 100644 index 000000000000..1390bc1bdc39 --- /dev/null +++ b/net-analyzer/fail2ban/fail2ban-0.11.2-r3.ebuild @@ -0,0 +1,134 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{8..10} ) +DISTUTILS_SINGLE_IMPL=1 + +inherit bash-completion-r1 distutils-r1 systemd tmpfiles + +DESCRIPTION="Scans log files and bans IPs that show malicious signs" +HOMEPAGE="https://www.fail2ban.org/" +if [[ ${PV} == *9999 ]] ; then + EGIT_REPO_URI="https://github.com/${PN}/${PN}" + inherit git-r3 +else + SRC_URI="https://github.com/${PN}/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~sparc ~x86" +fi + +LICENSE="GPL-2" +SLOT="0" +IUSE="selinux systemd" + +RDEPEND=" + virtual/logger + virtual/mta + selinux? ( sec-policy/selinux-fail2ban ) + systemd? ( + $(python_gen_cond_dep ' + || ( + dev-python/python-systemd[${PYTHON_USEDEP}] + sys-apps/systemd[python(-),${PYTHON_USEDEP}] + )' 'python*' ) + ) +" + +DOCS=( ChangeLog DEVELOP README.md THANKS TODO doc/run-rootless.txt ) + +PATCHES=( + "${FILESDIR}"/${P}-fix-tests-for-2021.patch + "${FILESDIR}"/${PN}-0.11.2-adjust-apache-logs-paths.patch + "${FILESDIR}"/${P}-fix-2to3-usage.patch + "${FILESDIR}"/${P}-fix-systemd-test.patch + "${FILESDIR}"/${P}-fix-py3.10-collections.patch + "${FILESDIR}"/${P}-upstream-openrc.patch +) + +python_prepare_all() { + distutils-r1_python_prepare_all + + # Replace /var/run with /run, but not in the top source directory + find . -mindepth 2 -type f -exec \ + sed -i -e 's|/var\(/run/fail2ban\)|\1|g' {} + || die +} + +python_compile() { + ./fail2ban-2to3 || die + distutils-r1_python_compile +} + +python_test() { + bin/fail2ban-testcases \ + --no-network \ + --no-gamin \ + --verbosity=4 || die "Tests failed with ${EPYTHON}" +} + +python_install_all() { + distutils-r1_python_install_all + + rm -rf "${ED}"/usr/share/doc/${PN} "${ED}"/run || die + + newconfd files/fail2ban-openrc.conf ${PN} + + # These two are placed in the ${BUILD_DIR} after being "built" + # in install_scripts(). + newinitd "${BUILD_DIR}/fail2ban-openrc.init" "${PN}" + systemd_dounit "${BUILD_DIR}/${PN}.service" + + dotmpfiles files/${PN}-tmpfiles.conf + + doman man/*.{1,5} + + # Use INSTALL_MASK if you do not want to touch /etc/logrotate.d. + # See http://thread.gmane.org/gmane.linux.gentoo.devel/35675 + insinto /etc/logrotate.d + newins files/${PN}-logrotate ${PN} + + keepdir /var/lib/${PN} + + newbashcomp files/bash-completion ${PN}-client + bashcomp_alias ${PN}-client ${PN}-server ${PN}-regex +} + +pkg_preinst() { + has_version "<${CATEGORY}/${PN}-0.7" + previous_less_than_0_7=$? +} + +pkg_postinst() { + tmpfiles_process ${PN}-tmpfiles.conf + + if [[ ${previous_less_than_0_7} = 0 ]] ; then + elog + elog "Configuration files are now in /etc/fail2ban/" + elog "You probably have to manually update your configuration" + elog "files before restarting Fail2Ban!" + elog + elog "Fail2Ban is not installed under /usr/lib anymore. The" + elog "new location is under /usr/share." + elog + elog "You are upgrading from version 0.6.x, please see:" + elog "http://www.fail2ban.org/wiki/index.php/HOWTO_Upgrade_from_0.6_to_0.8" + fi + + if ! has_version dev-python/pyinotify && ! has_version app-admin/gamin ; then + elog "For most jail.conf configurations, it is recommended you install either" + elog "dev-python/pyinotify or app-admin/gamin (in order of preference)" + elog "to control how log file modifications are detected" + fi + + if ! has_version dev-lang/python[sqlite] ; then + elog "If you want to use ${PN}'s persistent database, then reinstall" + elog "dev-lang/python with USE=sqlite. If you do not use the" + elog "persistent database feature, then you should set" + elog "dbfile = :memory: in fail2ban.conf accordingly." + fi + + if has_version sys-apps/systemd[-python] ; then + elog "If you want to track logins through sys-apps/systemd's" + elog "journal backend, then reinstall sys-apps/systemd with USE=python" + fi +} diff --git a/net-analyzer/fail2ban/fail2ban-9999.ebuild b/net-analyzer/fail2ban/fail2ban-9999.ebuild index 9d117cebef47..59203cfb4af6 100644 --- a/net-analyzer/fail2ban/fail2ban-9999.ebuild +++ b/net-analyzer/fail2ban/fail2ban-9999.ebuild @@ -1,9 +1,9 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 -PYTHON_COMPAT=( python3_{8,9} ) +PYTHON_COMPAT=( python3_{8..10} ) DISTUTILS_SINGLE_IMPL=1 inherit bash-completion-r1 distutils-r1 systemd tmpfiles @@ -31,8 +31,7 @@ RDEPEND=" || ( dev-python/python-systemd[${PYTHON_USEDEP}] sys-apps/systemd[python(-),${PYTHON_USEDEP}] - ) - ' 'python*') + )' 'python*' ) ) " @@ -40,16 +39,15 @@ DOCS=( ChangeLog DEVELOP README.md THANKS TODO doc/run-rootless.txt ) PATCHES=( "${FILESDIR}"/${PN}-0.11.2-adjust-apache-logs-paths.patch + "${FILESDIR}"/${PN}-0.11.2-upstream-openrc.patch ) python_prepare_all() { + distutils-r1_python_prepare_all + # Replace /var/run with /run, but not in the top source directory find . -mindepth 2 -type f -exec \ sed -i -e 's|/var\(/run/fail2ban\)|\1|g' {} + || die - - sed -i -e 's|runscript|openrc-run|g' files/gentoo-initd || die - - distutils-r1_python_prepare_all } python_compile() { @@ -69,12 +67,13 @@ python_install_all() { rm -rf "${ED}"/usr/share/doc/${PN} "${ED}"/run || die - # Not ${FILESDIR} - newconfd files/gentoo-confd ${PN} - newinitd files/gentoo-initd ${PN} + newconfd files/fail2ban-openrc.conf ${PN} + + # These two are placed in the ${BUILD_DIR} after being "built" + # in install_scripts(). + newinitd "${BUILD_DIR}/fail2ban-openrc.init" "${PN}" + systemd_dounit "${BUILD_DIR}/${PN}.service" - sed -e "s:@BINDIR@:${EPREFIX}/usr/bin:g" files/${PN}.service.in > "${T}"/${PN}.service || die - systemd_dounit "${T}"/${PN}.service dotmpfiles files/${PN}-tmpfiles.conf doman man/*.{1,5} @@ -98,7 +97,7 @@ pkg_preinst() { pkg_postinst() { tmpfiles_process ${PN}-tmpfiles.conf - if [[ ${previous_less_than_0_7} == 0 ]] ; then + if [[ ${previous_less_than_0_7} = 0 ]] ; then elog elog "Configuration files are now in /etc/fail2ban/" elog "You probably have to manually update your configuration" diff --git a/net-analyzer/fail2ban/files/fail2ban-0.11.2-upstream-openrc.patch b/net-analyzer/fail2ban/files/fail2ban-0.11.2-upstream-openrc.patch new file mode 100644 index 000000000000..bbe655124d36 --- /dev/null +++ b/net-analyzer/fail2ban/files/fail2ban-0.11.2-upstream-openrc.patch @@ -0,0 +1,247 @@ +https://github.com/fail2ban/fail2ban/pull/2182 + +diff --git a/MANIFEST b/MANIFEST +index 48c751a0..c2df1e51 100644 +--- a/MANIFEST ++++ b/MANIFEST +@@ -393,8 +393,8 @@ files/fail2ban.service.in + files/fail2ban-tmpfiles.conf + files/fail2ban.upstart + files/gen_badbots +-files/gentoo-confd +-files/gentoo-initd ++files/fail2ban-openrc.conf ++files/fail2ban-openrc.init.in + files/ipmasq-ZZZzzz_fail2ban.rul + files/logwatch/fail2ban + files/logwatch/fail2ban-0.8.log +diff --git a/files/fail2ban-openrc.conf b/files/fail2ban-openrc.conf +new file mode 100644 +index 00000000..9454ef68 +--- /dev/null ++++ b/files/fail2ban-openrc.conf +@@ -0,0 +1,2 @@ ++# For available options, please run "fail2ban-server --help". ++#FAIL2BAN_OPTIONS="-x" +diff --git a/files/fail2ban-openrc.init.in b/files/fail2ban-openrc.init.in +new file mode 100755 +index 00000000..2c56ee3a +--- /dev/null ++++ b/files/fail2ban-openrc.init.in +@@ -0,0 +1,86 @@ ++#!/sbin/openrc-run ++# This file is part of Fail2Ban. ++# ++# Fail2Ban is free software; you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 2 of the License, or ++# (at your option) any later version. ++# ++# Fail2Ban is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with Fail2Ban; if not, write to the Free Software ++# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. ++# ++# Author: Sireyessire, Cyril Jaquier ++# ++ ++description="Ban hosts that cause multiple authentication errors" ++description_reload="reload configuration without dropping bans" ++extra_started_commands="reload" ++ ++# Can't (and shouldn't) be changed by the end-user. ++# ++# Note that @BINDIR@ is already supplied by the build system. Some ++# day, it might be nice to have @RUNDIR@ supplied by the build system ++# as well, so that we don't have to hard-code /run here. ++FAIL2BAN_RUNDIR="/run/${RC_SVCNAME}" ++FAIL2BAN_SOCKET="${FAIL2BAN_RUNDIR}/${RC_SVCNAME}.sock" ++ ++# The fail2ban-client program is also capable of starting and stopping ++# the server, but things are simpler if we let start-stop-daemon do it. ++command="@BINDIR@/fail2ban-server" ++pidfile="${FAIL2BAN_RUNDIR}/${RC_SVCNAME}.pid" ++ ++# We force the pidfile/socket location in this service script because ++# we're taking responsibility for ensuring that their parent directory ++# exists and has the correct permissions (which we can't do if the ++# user is allowed to change them). ++command_args="${FAIL2BAN_OPTIONS} -p ${pidfile} -s ${FAIL2BAN_SOCKET}" ++retry="30" ++ ++depend() { ++ use logger ++ after iptables ++} ++ ++checkconfig() { ++ "${command}" ${command_args} --test ++} ++ ++start_pre() { ++ # If this isn't a restart, make sure that the user's config isn't ++ # busted before we try to start the daemon (this will produce ++ # better error messages than if we just try to start it blindly). ++ # ++ # If, on the other hand, this *is* a restart, then the stop_pre ++ # action will have ensured that the config is usable and we don't ++ # need to do that again. ++ if [ "${RC_CMD}" != "restart" ] ; then ++ checkconfig || return $? ++ fi ++ checkpath -d "${FAIL2BAN_RUNDIR}" ++} ++ ++stop_pre() { ++ # If this is a restart, check to make sure the user's config ++ # isn't busted before we stop the running daemon. ++ if [ "${RC_CMD}" = "restart" ] ; then ++ checkconfig || return $? ++ fi ++} ++ ++reload() { ++ # The fail2ban-client uses an undocumented protocol to tell ++ # the server to reload(), so we have to use it here rather ++ # than e.g. sending a signal to the server daemon. Note that ++ # the reload will fail (on the server side) if the new config ++ # is invalid; we therefore don't need to test it ourselves ++ # with checkconfig() before initiating the reload. ++ ebegin "Reloading ${RC_SVCNAME}" ++ "@BINDIR@/fail2ban-client" ${command_args} reload ++ eend $? "Failed to reload ${RC_SVCNAME}" ++} +diff --git a/files/gentoo-confd b/files/gentoo-confd +deleted file mode 100644 +index 00d19f8b..00000000 +--- a/files/gentoo-confd ++++ /dev/null +@@ -1,8 +0,0 @@ +-# Config file for /etc/init.d/fail2ban +-# +-# For information on options, see "/usr/bin/fail2ban-client -h". +- +-FAIL2BAN_OPTIONS="" +- +-# Force execution of the server even if the socket already exists: +-#FAIL2BAN_OPTIONS="-x" +diff --git a/files/gentoo-initd b/files/gentoo-initd +deleted file mode 100755 +index 0fb157cd..00000000 +--- a/files/gentoo-initd ++++ /dev/null +@@ -1,60 +0,0 @@ +-#!/sbin/openrc-run +-# This file is part of Fail2Ban. +-# +-# Fail2Ban is free software; you can redistribute it and/or modify +-# it under the terms of the GNU General Public License as published by +-# the Free Software Foundation; either version 2 of the License, or +-# (at your option) any later version. +-# +-# Fail2Ban is distributed in the hope that it will be useful, +-# but WITHOUT ANY WARRANTY; without even the implied warranty of +-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +-# GNU General Public License for more details. +-# +-# You should have received a copy of the GNU General Public License +-# along with Fail2Ban; if not, write to the Free Software +-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +-# +-# Author: Sireyessire, Cyril Jaquier +-# +- +-description="Daemon to ban hosts that cause multiple authentication errors" +-description_reload="reload configuration" +-description_showlog="show fail2ban logs" +-extra_started_commands="reload showlog" +- +-FAIL2BAN="/usr/bin/fail2ban-client ${FAIL2BAN_OPTIONS}" +- +-depend() { +- need net +- need logger +- after iptables +-} +- +-start() { +- ebegin "Starting fail2ban" +- mkdir -p /var/run/fail2ban || return 1 +- # remove stalled sock file after system crash +- # bug 347477 +- rm -f /var/run/fail2ban/fail2ban.sock || return 1 +- start-stop-daemon --start --pidfile /var/run/fail2ban/fail2ban.pid \ +- -- ${FAIL2BAN} start +- eend $? "Failed to start fail2ban" +-} +- +-stop() { +- ebegin "Stopping fail2ban" +- start-stop-daemon --stop --pidfile /var/run/fail2ban/fail2ban.pid --retry 30 \ +- -- ${FAIL2BAN} stop +- eend $? "Failed to stop fail2ban" +-} +- +-reload() { +- ebegin "Reloading fail2ban" +- ${FAIL2BAN} reload +- eend $? "Failed to reload fail2ban" +-} +- +-showlog(){ +- less /var/log/fail2ban.log +-} +diff --git a/setup.py b/setup.py +index 98413273..91f71cf2 100755 +--- a/setup.py ++++ b/setup.py +@@ -89,24 +89,27 @@ class install_scripts_f2b(install_scripts): + if install_dir.startswith(root): + install_dir = install_dir[len(root):] + except: # pragma: no cover +- print('WARNING: Cannot find root-base option, check the bin-path to fail2ban-scripts in "fail2ban.service".') +- print('Creating %s/fail2ban.service (from fail2ban.service.in): @BINDIR@ -> %s' % (buildroot, install_dir)) +- with open(os.path.join(source_dir, 'files/fail2ban.service.in'), 'r') as fn: +- lines = fn.readlines() +- fn = None +- if not dry_run: +- fn = open(os.path.join(buildroot, 'fail2ban.service'), 'w') +- try: +- for ln in lines: +- ln = re.sub(r'@BINDIR@', lambda v: install_dir, ln) +- if dry_run: +- sys.stdout.write(' | ' + ln) +- continue +- fn.write(ln) +- finally: +- if fn: fn.close() +- if dry_run: +- print(' `') ++ print('WARNING: Cannot find root-base option, check the bin-path to fail2ban-scripts in "fail2ban.service" and "fail2ban-openrc.init".') ++ ++ scripts = ['fail2ban.service', 'fail2ban-openrc.init'] ++ for script in scripts: ++ print('Creating %s/%s (from %s.in): @BINDIR@ -> %s' % (buildroot, script, script, install_dir)) ++ with open(os.path.join(source_dir, 'files/%s.in' % script), 'r') as fn: ++ lines = fn.readlines() ++ fn = None ++ if not dry_run: ++ fn = open(os.path.join(buildroot, script), 'w') ++ try: ++ for ln in lines: ++ ln = re.sub(r'@BINDIR@', lambda v: install_dir, ln) ++ if dry_run: ++ sys.stdout.write(' | ' + ln) ++ continue ++ fn.write(ln) ++ finally: ++ if fn: fn.close() ++ if dry_run: ++ print(' `') + + + # Wrapper to specify fail2ban own options: |