# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4

PortSystem              1.0
PortGroup               github 1.0
PortGroup               python 1.0

github.setup            fail2ban fail2ban 0.9.4
# Change github.tarball_from to 'releases' or 'archive' next update
github.tarball_from     tarball
categories              security python
license                 GPL-2+
maintainers             nomaintainer
platforms               {darwin any}
supported_archs         noarch

description             Fail2ban protects computer against brute-force attacks

long_description        Fail2ban scans log files (e.g. /var/log/apache/error_log) and \
                        bans IPs that show the malicious signs -- too many password failures, \
                        seeking for exploits, etc. Generally Fail2Ban then used to update \
                        firewall rules to reject the IP addresses for a specified amount \
                        of time, although any arbitrary other action (e.g. sending an email, \
                        or ejecting CD-ROM tray) could also be configured. Out of the box \
                        Fail2Ban comes with filters for various services (apache, curier, ssh, etc).

homepage                https://www.fail2ban.org/

distname                ${version}

checksums               rmd160  05ae35c2dc03f04e474985b394193b92029f8ca9 \
                        sha256  9a4a6402f8e6bda15ef8b5a848ce8d91d80735356b52dfac0d7612cdd2fbcaf3

python.default_version  27

set f2bconfdir          ${prefix}/etc/${name}
set f2bbindir           ${prefix}/bin
set f2brundir           ${prefix}/var/run/${name}
set f2bsock             ${f2brundir}/${name}.sock
set f2bpid              ${f2brundir}/${name}.pid

patchfiles              patch-setup.py.diff \
                        patch-fail2ban-client-configreader.py.diff \
                        patch-fail2ban-tests-misctestcase.py.diff \
                        patch-fail2ban-tests-utils.py.diff \
                        patch-config-fail2ban.conf.diff \
                        patch-config-jail.conf.diff \
                        patch-config-paths-common.conf.diff \
                        patch-config-paths-osx.conf.diff \
                        patch-config-action.d-osx-afctl.conf.diff \
                        patch-bin-fail2ban-client.diff \
                        patch-bin-fail2ban-server.diff \
                        patch-fail2ban-server-filterpoll.py.diff

post-patch   {
    reinplace "s|@@PREFIX@@|${prefix}|g"    ${worksrcpath}/setup.py \
                                            ${worksrcpath}/fail2ban/client/configreader.py \
                                            ${worksrcpath}/fail2ban/tests/misctestcase.py \
                                            ${worksrcpath}/fail2ban/tests/utils.py \
                                            ${worksrcpath}/config/fail2ban.conf \
                                            ${worksrcpath}/config/paths-common.conf \
                                            ${worksrcpath}/bin/fail2ban-client \
                                            ${worksrcpath}/bin/fail2ban-server
}

startupitem.create      yes
startupitem.start       "export LANG=en_GB.UTF-8; if \[ -r ${f2bsock} -a ! -r ${f2bpid} \]; then rm ${f2bsock}; fi; ${f2bbindir}/${name}-client start"
startupitem.stop        "${f2bbindir}/${name}-client stop"

destroot.keepdirs       ${destroot}${f2brundir}

post-destroot {
    # Adding dedicated OSX pf-icefloor action file
    xinstall -m 644 ${filespath}/pf-icefloor.conf ${destroot}${f2bconfdir}/action.d/
    # Adding a suffix to config files
    set cfgfiles [concat [glob ${destroot}${f2bconfdir}/*.conf] [glob ${destroot}${f2bconfdir}/action.d/*.conf] [glob ${destroot}${f2bconfdir}/filter.d/*.conf]]
    foreach cfgfile ${cfgfiles} {
        move ${cfgfile} ${cfgfile}.${version}
    }
}

post-activate {
    # If not already present we put default config files
    set cfgfiles [concat [glob ${f2bconfdir}/*.conf.${version}] [glob ${f2bconfdir}/action.d/*.conf.${version}] [glob ${f2bconfdir}/filter.d/*.conf.${version}]]
    foreach cfgfile ${cfgfiles} {
        regsub "\.${version}" ${cfgfile} {} origcfgfile
        if {![file exists ${origcfgfile}]} {
            file copy ${cfgfile} ${origcfgfile}
        }
    }
}

notes "
Next step is to configure fail2ban.
Start to read:
${f2bconfdir}/fail2ban.conf
${f2bconfdir}/jail.conf
and create your own fail2ban.local and jail.local

Start/stop fail2ban with: sudo port \[un\]load fail2ban

More info at ${homepage}
"

livecheck.type          regexm
livecheck.url           ${homepage}wiki/index.php/Downloads
livecheck.regex         <i>stable</i>.*?>${name}-(\[0-9.\]+)<