fail2ban: backport openssh 9.8 fixes + move to by-name

See [1]. [1]: https://discourse.nixos.org/t/fail2ban-is-not-working-for-sshd-with-systemd-backend/48972/3?u=vs49688
2024-10-05 12:08:02 +03:00 · 2024-07-31 19:18:45 +10:00 · 2024-07-31 19:18:45 +10:00 · df951077f3
commit df951077f3
parent e20e12a9c7
2 changed files with 17 additions and 3 deletions
--- a/pkgs/tools/security/fail2ban/default.nix
+++ b/pkgs/tools/security/fail2ban/default.nix
@ -1,4 +1,7 @@
-{ lib, stdenv, fetchFromGitHub
+{ lib
+, stdenv
+, fetchFromGitHub
+, fetchpatch
 , python3
 , installShellFiles
 }:
@ -39,6 +42,19 @@ python3.pkgs.buildPythonApplication rec {

  doCheck = false;

+  patches = [
+    # Adjust sshd filter for OpenSSH 9.8 new daemon name - remove next release
+    (fetchpatch {
+      url = "https://github.com/fail2ban/fail2ban/commit/2fed408c05ac5206b490368d94599869bd6a056d.patch";
+      hash = "sha256-uyrCdcBm0QyA97IpHzuGfiQbSSvhGH6YaQluG5jVIiI=";
+    })
+    # filter.d/sshd.conf: ungroup (unneeded for _daemon) - remove next release
+    (fetchpatch {
+      url = "https://github.com/fail2ban/fail2ban/commit/50ff131a0fd8f54fdeb14b48353f842ee8ae8c1a.patch";
+      hash = "sha256-YGsUPfQRRDVqhBl7LogEfY0JqpLNkwPjihWIjfGdtnQ=";
+    })
+  ];
+
  preInstall = ''
    substituteInPlace setup.py --replace /usr/share/doc/ share/doc/

--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -7720,8 +7720,6 @@ with pkgs;

  Fabric = with python3Packages; toPythonApplication fabric;

-  fail2ban = callPackage ../tools/security/fail2ban { };
-
  fakeroot = callPackage ../tools/system/fakeroot { };

  fakeroute = callPackage ../tools/networking/fakeroute { };