From afb4a4e330a6d18a4a2ee6e8dc670de74635cce9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20F=C3=B6rster?= <Dessa@gmake.de>
Date: Sat, 18 Apr 2026 21:19:54 +0200
Subject: [PATCH] [net-analyzer/fail2ban] delete tmpfiles.d, no longer included
 upstream

---
 net-analyzer/fail2ban/fail2ban-9999.ebuild    | 143 ++++++++++++++++++
 ...2ban-0.11.2-adjust-apache-logs-paths.patch |  29 ++++
 .../files/fail2ban-1.0.2-umask-tests.patch    |  45 ++++++
 .../files/fail2ban-1.1.0-systemd-order.patch  |  14 ++
 net-analyzer/fail2ban/metadata.xml            |  12 ++
 5 files changed, 243 insertions(+)
 create mode 100644 net-analyzer/fail2ban/fail2ban-9999.ebuild
 create mode 100644 net-analyzer/fail2ban/files/fail2ban-0.11.2-adjust-apache-logs-paths.patch
 create mode 100644 net-analyzer/fail2ban/files/fail2ban-1.0.2-umask-tests.patch
 create mode 100644 net-analyzer/fail2ban/files/fail2ban-1.1.0-systemd-order.patch
 create mode 100644 net-analyzer/fail2ban/metadata.xml

diff --git a/net-analyzer/fail2ban/fail2ban-9999.ebuild b/net-analyzer/fail2ban/fail2ban-9999.ebuild
new file mode 100644
index 0000000..b3a4286
--- /dev/null
+++ b/net-analyzer/fail2ban/fail2ban-9999.ebuild
@@ -0,0 +1,143 @@
+# Copyright 1999-2026 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{12..14} )
+
+inherit bash-completion-r1 edo python-single-r1 systemd
+
+DESCRIPTION="Scans log files and bans IPs that show malicious signs"
+HOMEPAGE="https://www.fail2ban.org/"
+
+if [[ ${PV} == *9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/fail2ban/fail2ban"
+	inherit git-r3
+else
+	SRC_URI="https://github.com/fail2ban/fail2ban/archive/${PV}.tar.gz -> ${P}.tar.gz"
+	KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86"
+fi
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="selinux systemd test"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+
+RDEPEND="
+	${PYTHON_DEPS}
+	$(python_gen_cond_dep '
+		dev-python/pyasyncore[${PYTHON_USEDEP}]
+		dev-python/pyasynchat[${PYTHON_USEDEP}]
+	' 3.12)
+	virtual/logger
+	virtual/mta
+	selinux? ( sec-policy/selinux-fail2ban )
+	systemd? (
+		$(python_gen_cond_dep '
+			dev-python/python-systemd[${PYTHON_USEDEP}]
+		')
+	)
+"
+BDEPEND="
+	$(python_gen_cond_dep '
+		dev-python/setuptools[${PYTHON_USEDEP}]
+	')
+	test? (
+		$(python_gen_cond_dep '
+			dev-python/aiosmtpd[${PYTHON_USEDEP}]
+		')
+	)
+"
+
+DOCS=( ChangeLog DEVELOP README.md THANKS TODO doc/run-rootless.txt )
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-0.11.2-adjust-apache-logs-paths.patch
+	"${FILESDIR}"/${PN}-1.0.2-umask-tests.patch
+	"${FILESDIR}"/${PN}-1.1.0-systemd-order.patch
+)
+
+src_prepare() {
+	default
+
+	# Replace /var/run with /run, but not in the top source directory
+	find . -mindepth 2 -type f -exec \
+		sed -i -e 's|/var\(/run/fail2ban\)|\1|g' {} + || die
+}
+
+src_compile() {
+	edo ${EPYTHON} setup.py build
+}
+
+src_test() {
+	# Skip testRepairDb for bug #907348 (didn't always fail..)
+	# https://github.com/fail2ban/fail2ban/issues/3586
+	bin/fail2ban-testcases \
+		--no-network \
+		--ignore databasetestcase.DatabaseTest.testRepairDb \
+		--verbosity=4 || die "Tests failed with ${EPYTHON}"
+
+	# Workaround for bug #790251
+	rm -rf fail2ban.egg-info || die
+}
+
+src_install() {
+	edo ${EPYTHON} setup.py install --prefix="${EPREFIX}/usr" --root="${D}"
+	python_fix_shebang "${ED}"/usr/bin
+	python_optimize
+
+	einstalldocs
+
+	rm -rf "${ED}"/usr/share/doc/${PN} "${ED}"/run || die
+
+	newconfd files/fail2ban-openrc.conf ${PN}
+	# These two are placed in the ${BUILD_DIR} after being "built"
+	# in install_scripts().
+	newinitd "${S}"/build/fail2ban-openrc.init ${PN}
+	systemd_dounit "${S}"/build/${PN}.service
+
+	doman man/*.{1,5}
+
+	# Use INSTALL_MASK if you do not want to touch /etc/logrotate.d.
+	# See http://thread.gmane.org/gmane.linux.gentoo.devel/35675
+	insinto /etc/logrotate.d
+	newins files/${PN}-logrotate ${PN}
+
+	keepdir /var/lib/${PN}
+
+	newbashcomp files/bash-completion ${PN}-client
+	bashcomp_alias ${PN}-client ${PN}-server ${PN}-regex
+}
+
+pkg_preinst() {
+	has_version "<${CATEGORY}/${PN}-0.7"
+	previous_less_than_0_7=$?
+}
+
+pkg_postinst() {
+	if [[ ${previous_less_than_0_7} == 0 ]] ; then
+		elog
+		elog "Configuration files are now in /etc/fail2ban/"
+		elog "You probably have to manually update your configuration"
+		elog "files before restarting Fail2Ban!"
+		elog
+		elog "Fail2Ban is not installed under /usr/lib anymore. The"
+		elog "new location is under /usr/share."
+		elog
+		elog "You are upgrading from version 0.6.x, please see:"
+		elog "http://www.fail2ban.org/wiki/index.php/HOWTO_Upgrade_from_0.6_to_0.8"
+	fi
+
+	if ! has_version dev-python/pyinotify ; then
+		elog "For most jail.conf configurations, it is recommended you install"
+		elog "dev-python/pyinotify to control how log file modifications are detected"
+	fi
+
+	if ! has_version dev-lang/python[sqlite] ; then
+		elog "If you want to use ${PN}'s persistent database, then reinstall"
+		elog "dev-lang/python with USE=sqlite. If you do not use the"
+		elog "persistent database feature, then you should set"
+		elog "dbfile = :memory: in fail2ban.conf accordingly."
+	fi
+}
diff --git a/net-analyzer/fail2ban/files/fail2ban-0.11.2-adjust-apache-logs-paths.patch b/net-analyzer/fail2ban/files/fail2ban-0.11.2-adjust-apache-logs-paths.patch
new file mode 100644
index 0000000..3017883
--- /dev/null
+++ b/net-analyzer/fail2ban/files/fail2ban-0.11.2-adjust-apache-logs-paths.patch
@@ -0,0 +1,29 @@
+From bda9b88e883207b99781352c68610980e23fa62f Mon Sep 17 00:00:00 2001
+From: Sam James <sam@gentoo.org>
+Date: Wed, 11 Aug 2021 01:58:05 +0100
+Subject: [PATCH] Adjust Apache log paths for Gentoo
+
+Closes: https://bugs.gentoo.org/805485
+---
+ config/paths-common.conf | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/config/paths-common.conf b/config/paths-common.conf
+index 7383caf..4f4a6e1 100644
+--- a/config/paths-common.conf
++++ b/config/paths-common.conf
+@@ -36,9 +36,9 @@ sshd_backend = %(default_backend)s
+ dropbear_log = %(syslog_authpriv)s
+ dropbear_backend = %(default_backend)s
+ 
+-apache_error_log = /var/log/apache2/*error.log
++apache_error_log = /var/log/apache2/*error_log
+ 
+-apache_access_log = /var/log/apache2/*access.log
++apache_access_log = /var/log/apache2/*access_log
+ 
+ # from /etc/audit/auditd.conf
+ auditd_log = /var/log/audit/audit.log
+-- 
+2.32.0
+
diff --git a/net-analyzer/fail2ban/files/fail2ban-1.0.2-umask-tests.patch b/net-analyzer/fail2ban/files/fail2ban-1.0.2-umask-tests.patch
new file mode 100644
index 0000000..8feca43
--- /dev/null
+++ b/net-analyzer/fail2ban/files/fail2ban-1.0.2-umask-tests.patch
@@ -0,0 +1,45 @@
+Avoid corrupting umask permanently in the testdir because of fail2ban/server/server.py::start.
+
+In particular:
+* https://bugs.gentoo.org/659010#c11
+* https://bugs.gentoo.org/790251#c10
+* https://bugs.gentoo.org/907350
+
+But see also the many dupes.
+--- a/fail2ban/tests/fail2banclienttestcase.py
++++ b/fail2ban/tests/fail2banclienttestcase.py
+@@ -23,6 +23,7 @@ __author__ = "Serg Brester"
+ __copyright__ = "Copyright (c) 2014- Serg G. Brester (sebres), 2008- Fail2Ban Contributors"
+ __license__ = "GPL"
+ 
++import atexit
+ import fileinput
+ import os
+ import re
+@@ -40,6 +41,14 @@ from ..client.fail2bancmdline import Fail2banCmdLine
+ from ..client.fail2banclient import exec_command_line as _exec_client, CSocket, VisualWait
+ from ..client.fail2banserver import Fail2banServer, exec_command_line as _exec_server
+ from .. import protocol
++
++def current_umask():
++	tmp = os.umask(0o022)
++	os.umask(tmp)
++	return tmp
++
++old_umask = current_umask()
++
+ from ..server import server
+ from ..server.mytime import MyTime
+ from ..server.utils import Utils
+@@ -48,6 +57,11 @@ from .utils import LogCaptureTestCase, logSys as DefLogSys, with_tmpdir, shutil,
+ 
+ from ..helpers import getLogger
+ 
++def restore_umask():
++	os.umask(old_umask)
++
++atexit.register(restore_umask)
++
+ # Gets the instance of the logger.
+ logSys = getLogger(__name__)
+ 
diff --git a/net-analyzer/fail2ban/files/fail2ban-1.1.0-systemd-order.patch b/net-analyzer/fail2ban/files/fail2ban-1.1.0-systemd-order.patch
new file mode 100644
index 0000000..39da720
--- /dev/null
+++ b/net-analyzer/fail2ban/files/fail2ban-1.1.0-systemd-order.patch
@@ -0,0 +1,14 @@
+https://bugs.gentoo.org/871996
+--- a/files/fail2ban.service.in
++++ b/files/fail2ban.service.in
+@@ -1,7 +1,10 @@
+ [Unit]
+ Description=Fail2Ban Service
+ Documentation=man:fail2ban(1)
++
++Before=iptables-store.service ip6tables-store.service
+ After=network.target iptables.service firewalld.service ip6tables.service ipset.service nftables.service
++After=iptables-restore.service ip6tables-restore.service
+ PartOf=iptables.service firewalld.service ip6tables.service ipset.service nftables.service
+
+ [Service]
diff --git a/net-analyzer/fail2ban/metadata.xml b/net-analyzer/fail2ban/metadata.xml
new file mode 100644
index 0000000..12bbcac
--- /dev/null
+++ b/net-analyzer/fail2ban/metadata.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+  <maintainer type="person">
+    <email>sam@gentoo.org</email>
+    <name>Sam James</name>
+  </maintainer>
+  <stabilize-allarches/>
+  <upstream>
+    <remote-id type="github">fail2ban/fail2ban</remote-id>
+  </upstream>
+</pkgmetadata>