diff options
| author | Ludovic Courtès <ludo@gnu.org> | 2022-12-06 17:46:45 +0100 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2022-12-06 17:49:50 +0100 |
| commit | a420b4f34e7449319f6ec73301ffb932845b66d6 (patch) | |
| tree | b6cd10f34e9d096bf08e952288f2e5a61cad5f6d /gnu/services/security.scm | |
| parent | a508b5c7785bcd040c5a9e890be71ccd97f198fb (diff) | |
| download | guix-a420b4f34e7449319f6ec73301ffb932845b66d6.tar.gz | |
services: fail2ban: Start server in the foreground.
Previously, we were passing '-b', thereby starting the server in the background. Consequently the 'start' method could complete before the server was ready to accept connections on its socket, leading to non-deterministic test failures. Reported by Mathieu Othacehe <othacehe@gnu.org>. * gnu/services/security.scm (fail2ban-shepherd-service): Change FAIL2BAN-ACTION to invoke 'fail2ban-client'. Change 'start' method to use 'make-forkexec-constructor'; start the server in the foreground with '-f' and pass '-x' to force execution of the server, as done upstream in 'fail2ban.service.in'.
Diffstat (limited to 'gnu/services/security.scm')
| -rw-r--r-- | gnu/services/security.scm | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/gnu/services/security.scm b/gnu/services/security.scm index 2010f9143a..50111455fb 100644 --- a/gnu/services/security.scm +++ b/gnu/services/security.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2022 muradm <mail@muradm.net> +;;; Copyright © 2022 Ludovic Courtès <ludo@gnu.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -351,25 +352,24 @@ provided as a list of file-like objects.")) (match-record config <fail2ban-configuration> (fail2ban run-directory) (let* ((fail2ban-server (file-append fail2ban "/bin/fail2ban-server")) + (fail2ban-client (file-append fail2ban "/bin/fail2ban-client")) (pid-file (in-vicinity run-directory "fail2ban.pid")) (socket-file (in-vicinity run-directory "fail2ban.sock")) (config-dir (file-append (config->fail2ban-etc-directory config) "/etc/fail2ban")) (fail2ban-action (lambda args - #~(invoke #$fail2ban-server - "-c" #$config-dir - "-p" #$pid-file - "-s" #$socket-file - "-b" - #$@args)))) - - ;; TODO: Add 'reload' action. + #~(invoke #$fail2ban-client #$@args)))) + + ;; TODO: Add 'reload' action (see 'fail2ban.service.in' in the source). (list (shepherd-service (provision '(fail2ban)) (documentation "Run the fail2ban daemon.") (requirement '(user-processes)) - (start #~(lambda () - #$(fail2ban-action "start"))) + (start #~(make-forkexec-constructor + (list #$fail2ban-server + "-c" #$config-dir "-s" #$socket-file + "-p" #$pid-file "-xf" "start") + #:pid-file #$pid-file)) (stop #~(lambda (_) #$(fail2ban-action "stop") #f))))))) ;successfully stopped |