Created attachment 147288 [details] Patch to server/server.py fail2ban uses /dev/log rather than /var/run/log, per an email from stavros@staff.esc.net.au. As we're just starting integration testing we thought we'd enhance the application with Stavros suggestion (Thank-you for sharing). There are two server.py's in the distfile, the patch's name identifies which one. Upstream should address, however in the interim, please refer to patch.
Created attachment 147301 [details] patch for syslog socket and missing /var/run/fail2ban I changed the patch to do it inline in the Makefile. I also added a patch to create the /var/run/fail2ban directory via a start_precmd in the rc file: as it was pointed out to me by Andrey Chernov it is not sufficient to create directories under /var/run in pkg-plist because anything under /var/run may be removed at a reboot. I hope I did it the correct way in the rc file ...
I think what Andrey is referring to is /etc/rc.d/cleanvar, but that only removes files under /var/run, not directories.
Yes, that's right, he was referring to cleanvar. And I didn't try to understand what cleanvar will do in detail ... But the problem remains that pkg_plist has to add a dummy file (.keep_me) so that the installation creates the directory, but cleanvar would remove that file which will cause an error in pkg check -Ba. And I just found a comment from him, stating that cleanvar removes files and empty directories from /var/run. So the first call would remove .keep_me, leaving behind an empty directory, a second call would remove the directory if it were not populated by fail2ban in the meantime.
With pkg you no longer need .keep_me files for emtpy directories and cleanvar does not delete directories. There's no "rmdir" or "rm -d" in the script and only one "rm -r" unrelated to /var/run. It would be damaging to several ports if cleanvar deleted directories.
So, what is then the canonical way to create /var/run/fail2ban?
Just add this to pkg-plist: @dirrm /var/run/fail2ban Your pkg-plist already has this. You just need to remove the .keep_me files (also from the post-install target in the Makefile).
Created attachment 147320 [details] Same as above, but without the precmd Thanks for your patience. I attach a patch which just removes the /var/run/fail2ban/.keep_me from pkg-plist. And fixes that syslog error, or course.
Does /var/log work instead of /var/run/log?
Ugh, never mind, you need /var/run/log
A commit references this bug: Author: tijl Date: Sun Sep 14 19:31:17 UTC 2014 New revision: 368222 URL: http://svnweb.freebsd.org/changeset/ports/368222 Log: - Patch a script to use the right syslogd socket (/var/run/log) - Remove .keep_me files because pkg can handle empty directories PR: 193621 Submitted by: theis@gmx.at (maintainer) Changes: head/security/py-fail2ban/Makefile head/security/py-fail2ban/pkg-plist