File denyhosts.spec of Package denyhosts

#
# spec file for package denyhosts
#
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#


%if 0%{?suse_version} < 1120
%define python_sitelib	%{py_sitedir}
%endif

%if 0%{?suse_version} >= 1210
%bcond_without systemd
%else
%bcond_with systemd
%endif


Name:           denyhosts
Version:        3.1
Release:        0
Summary:        Utility to help system administrators thwart brute-force ssh hackers
License:        GPL-2.0-only
Group:          Productivity/Networking/Security
Url:            https://github.com/denyhosts/denyhosts
Source:         %{name}-%{version}.tar.gz
Source2:        denyhosts.init
Source3:        logrotate.denyhosts
Source4:        denyhosts-dh_reenable
Source5:        denyhosts.README
BuildRequires:  perl
BuildRequires:  python-devel
BuildRequires:	python-ipaddr
Requires:	python-ipaddr
Requires:       logrotate
Requires:       python
Requires:       rsyslog
%if %{with systemd}
BuildRequires:  systemd-rpm-macros
%{?systemd_requires}
%else
PreReq:         %insserv_prereq
%endif
%py_requires
%if 0%{?suse_version} > 1110
BuildArch:      noarch
%endif
BuildRoot:      %{_tmppath}/%{name}-%{version}-build


%description
DenyHosts is a python program that automatically blocks ssh attacks by adding
entries to %{_sysconfdir}/hosts.deny. DenyHosts will also inform Linux 
administrators about offending hosts, attacked users and suspicious logins.

%prep
%setup -q

%build
export CFLAGS="%{optflags}"
python setup.py build

%install
python setup.py install \
	--root=%{buildroot} \
	--prefix=%{_prefix} \
    --install-scripts=%{_sbindir}

#remove bytecode (wrong mtime)
find %{buildroot}%{python_sitelib} -name "*.pyc" -delete

# create work directory
mkdir -p %{buildroot}%{_localstatedir}/lib/denyhosts
# install denyhosts-reenable script
install -D -m755 %{SOURCE4} %{buildroot}%{_sbindir}/dh_reenable
# file containing blocked IP addresses - track it for the user 
# ('rpm -qf /etc/blacklist' should give a hint)
touch %{buildroot}%{_sysconfdir}/blacklist

# configuration file
sed -i "s|^#SECURE_LOG = /var/log/messages|SECURE_LOG = /var/log/messages|g; \
		s|^SECURE_LOG = /var/log/auth.log|#SECURE_LOG = /var/log/auth.log|g; \
		s|^IPTABLES = /sbin/iptables|IPTABLES = /usr/sbin/iptables|g;" \
		%{buildroot}%{_sysconfdir}/denyhosts.conf

# daemon-control-dist
sed -i "s|/usr/bin/env python|%{_bindir}/python|g" %{buildroot}%{_sbindir}/daemon-control-dist

# init script / systemd service
%if %{with systemd}
install -D -m644 denyhosts.service %{buildroot}%{_unitdir}/denyhosts.service
ln -s /usr/sbin/service %{buildroot}%{_sbindir}/rcdenyhosts
%else
install -D -m755 %{SOURCE2} %{buildroot}%{_sysconfdir}/init.d/denyhosts
ln -s %{_sysconfdir}/init.d/denyhosts %{buildroot}%{_sbindir}/rcdenyhosts
%endif

# logfile handling
install -D -m644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/denyhosts
mkdir -p %{buildroot}%{_localstatedir}/log
touch %{buildroot}%{_localstatedir}/log/denyhosts

# move the main app
mv %{buildroot}%{_sbindir}/denyhosts.py %{buildroot}%{_sbindir}/denyhosts
sed -i "s|/usr/bin/denyhosts.py|/usr/sbin/denyhosts|g"  %{buildroot}%{_unitdir}/denyhosts.service

# fix wrong env-path
pushd %{buildroot} >/dev/null
for i in `find -name "*.py"`; do
	sed -i "s@\!.*/bin/env.*@\!%{_bindir}/python@g" $i
done
popd >/dev/null

# handle plugins
mkdir -p %{buildroot}%{_datadir}/%{name}
install -m0755 plugins/*{.sh,py} %{buildroot}%{_datadir}/%{name}

# move some files to the documentation directory
install -D -m644 %{SOURCE5} %{buildroot}%{_defaultdocdir}/%{name}/README.SUSE
install -m0644 plugins/README.contrib %{buildroot}%{_defaultdocdir}/%{name}/
install -m0644 *.txt  %{buildroot}%{_defaultdocdir}/%{name}/
install -m0644 *.md   %{buildroot}%{_defaultdocdir}/%{name}/
install -m0644 *.conf %{buildroot}%{_defaultdocdir}/%{name}/

%if %{with systemd}
%pre
%service_add_pre %{name}.service
%endif

%post
%if %{with systemd}
%service_add_post %{name}.service
%else
%{fillup_and_insserv -f denyhosts}
%endif

%preun
%if %{with systemd}
%service_del_preun %{name}.service
%else
%stop_on_removal denyhosts
%endif

%postun
%if %{with systemd}
%service_del_postun %{name}.service
%else
%insserv_cleanup
%endif


%files
%doc %{_defaultdocdir}/%{name}
%if 0%{?suse_version} > 1315
%license LICENSE.txt
%endif
%{_sbindir}/daemon-control-dist
%{_sbindir}/denyhosts
%{_sbindir}/rcdenyhosts
%{_sbindir}/dh_reenable
%{python_sitelib}/DenyHosts*
%{_mandir}/man8/denyhosts.8.gz
%dir %{_localstatedir}/lib/denyhosts
%{_datadir}/%{name}
%ghost %{_localstatedir}/log/denyhosts
%ghost %config(noreplace) %{_sysconfdir}/blacklist
%config(noreplace) %{_sysconfdir}/logrotate.d/denyhosts
%config(noreplace) %{_sysconfdir}/denyhosts.conf
%if %{with systemd}
%{_unitdir}/denyhosts.service
%else
%attr(755,root,root) %{_sysconfdir}/init.d/denyhosts
%endif

%changelog