From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id QFZpKJu1DWOQkAAAbAwnHQ (envelope-from ) for ; Tue, 30 Aug 2022 09:00:43 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id CPprKJu1DWOGBAAA9RJhRA (envelope-from ) for ; Tue, 30 Aug 2022 09:00:43 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 4017DED56 for ; Tue, 30 Aug 2022 09:00:43 +0200 (CEST) Received: from localhost ([::1]:35152 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oSvEo-0001zV-1U for larch@yhetil.org; Tue, 30 Aug 2022 03:00:42 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:48586) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oSvEB-0001xx-6w for guix-patches@gnu.org; Tue, 30 Aug 2022 03:00:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:44807) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oSvEA-0006QW-Md for guix-patches@gnu.org; Tue, 30 Aug 2022 03:00:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1oSvEA-0004R6-Ib for guix-patches@gnu.org; Tue, 30 Aug 2022 03:00:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#57473] [PATCH v2 3/4] gnu: fail2ban-service-type: Fix type of enabled? field. Resent-From: muradm Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 30 Aug 2022 07:00:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 57473 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Maxim Cournoyer Cc: 57473@debbugs.gnu.org Received: via spool by 57473-submit@debbugs.gnu.org id=B57473.166184279817014 (code B ref 57473); Tue, 30 Aug 2022 07:00:02 +0000 Received: (at 57473) by debbugs.gnu.org; 30 Aug 2022 06:59:58 +0000 Received: from localhost ([127.0.0.1]:34556 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oSvE6-0004QM-6f for submit@debbugs.gnu.org; Tue, 30 Aug 2022 02:59:58 -0400 Received: from nomad-cl1.staging.muradm.net ([139.162.159.157]:34274 helo=nomad-cl1.muradm.net) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oSvE3-0004Q9-Vw for 57473@debbugs.gnu.org; Tue, 30 Aug 2022 02:59:56 -0400 Received: from localhost ([127.0.0.1]:45078) by nomad-cl1.muradm.net with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1oSvDw-00015i-2v; Tue, 30 Aug 2022 06:59:48 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=muradm.net; s=mail; h=Content-Type:MIME-Version:Message-ID:In-reply-to:Date:Subject:Cc:To :From:References:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Nles0YVmZssMj412C7r+8n1BdExTzopJ/m2EbqiZ4H0=; b=OLbcYwzhfEFLsgCnDfEuvgItCE x3V0Sa8SVd2GsqMsVRdcaP/XsoBJ/LwJjtcCwZkGzVOxNNaZMaJMLLsYQJjNK4w45n7hOegyOtC95 SGGRvuH4pe4TELf0jxHkxQZjm/pGSTik8K6+jHESk6AYESa/7l57LAJTQf1ViYBOOPKdrGICV5bfI BKsRejaWerLOoNW3eOp7sfdK/uu/Z1Ai0STI6EWcdldIU/f5cL0BySc4ZPK0aP4cRzGDGisuk9oAn EBDR+ZruJ4BoiMrqjTVjxSVuevieMOnvdxEo6RFUAbjF8ACMjEuSVi8vXbB7y87CoK6sqFKymGhbr it+XTlZWqOT2h4Oy8jBcAZfMd6gyOtF1tPR7QY3sEH8V+dXV8bO0kJOZM5UXqrUjLqGSRuduLNFjX X8KaDxXKMzV/stX/S2rB9KWHT9ft6jv4tBmOrvd5qCtCzQYbe+PgQKOEWlqyKUUnWy7Wwc4JXFBcc rUfErrA+lXfsduoearlImEtw; Received: from muradm by localhost with local (Exim 4.96) (envelope-from ) id 1oSvDv-0000NG-1B; Tue, 30 Aug 2022 09:59:47 +0300 References: <20220829094205.15595-1-mail@muradm.net> <20220829135121.23392-1-mail@muradm.net> <20220829135121.23392-3-mail@muradm.net> <877d2qbwfl.fsf@gmail.com> User-agent: mu4e 1.8.9; emacs 29.0.50 From: muradm Date: Tue, 30 Aug 2022 09:42:16 +0300 In-reply-to: <877d2qbwfl.fsf@gmail.com> Message-ID: <877d2qmd25.fsf@muradm.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1661842843; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=Nles0YVmZssMj412C7r+8n1BdExTzopJ/m2EbqiZ4H0=; b=Eu1yU4ad80CLDVllahzs4w+Hg0tb/juNFZYZ9G3abIKmlCBW5xXp2+OBLTo/r7uBiUy7cB EZePXAzi81ovOw6/nbXXbumMlXVjLL6/Uvhm86bqQRE9T83DFl3ial8TTUR10mWYMMb8F7 KvhygwmQWwPQo6iqqLN/uxzHynivPYzCRC9zj5mzo4Ju492ibBKrddo9pZJ23LuBDobq3R 3Als5S2h4CWG4vw75boHlJfE8DjpIU/caZrKsusR4VOI9ykR3HMPQ9sdq3XCHY0bKn/NQz eUix/NYn76gZKfMEwn7XZZn8+m+ef8gd18ZY+/rt3PifLOi3LpZAJZJW1JNQfQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1661842843; a=rsa-sha256; cv=none; b=BsfN5Uimf4uGkXMZT8wv2bdJO4UzSq3fWreeHy/g8+qDdveum0zI9kcmZmFC6VicVfjmzN 82TpgTatpJbi+vHWVSj9uV07rEtQwxcDTTssgyRniUx31KOstZntb6ETDu0yYgqK3U06V9 J0WOzbI0xA3leJHAxqg0x2DuH1jDKHUvOGZ1XYCuBOfcwWjgqsQtB1v8HfkOXoIbVpMYj3 2065cemBGCXIDEW1JQQiI48vt6e24YLTnqHXsmdetZ2/B0i3K4yX4f+8vmz/W/pDdTRPzH 6jlCGJXml8O9xzHhTxqa5Eae+rXCSVVz8LchcnFdL4bekV2la+zvkprKxwQnqQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=muradm.net header.s=mail header.b=OLbcYwzh; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -1.69 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=muradm.net header.s=mail header.b=OLbcYwzh; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 4017DED56 X-Spam-Score: -1.69 X-Migadu-Scanner: scn0.migadu.com X-TUID: zYTo5+AxXbSr --=-=-= Content-Type: text/plain; format=flowed Hi, Maxim Cournoyer writes: > Hi, > > muradm writes: > >> * gnu/services/security.scm (fail2ban-jail-configuration) >> [enabled?]: Should be maybe-boolean, which is how normaly >> fail2ban >> is configured. This also allows sections without enabled field >> like @samp{[DEFAULT]}. >> * doc/guix.texi: Type of enabled? is maybe-boolean. >> --- [...] >> @@ -197,7 +197,7 @@ (define-configuration >> fail2ban-jail-configuration >> "Required name of this jail configuration." >> empty-serializer) >> (enabled? >> - (boolean #t) >> + maybe-boolean > > I made this change willingly, because it doesn't make sense to > me to > define a jail configuration that is disabled by default. > > Does that make sense? When I was implementing configuration, I was thinking the same. However, while trying to find sensible or hardcoded defaults, looking at code and usage examples, I found that configuration of fail2ban is quite loose, than one can anticipiate. Variables can be overriden from many places, so absence of variable also becomes as important. So I decided to opt-in for most fields as maybe-. IMHO, this is why they had to make --d/--dp flags to dump effective configuration :) I actually mention that in the docs, where it says that unspecified values are not serialized in favor of whatever are defaults and/or values specified elsewhere. Which are basically hard to track. And finally there is a [DEFAULT] section which applies to all jails. But it is not a jail by itself. So if there is "enabled = false" or "enabled = true", fail2ban fails to start, because of unexpected variable for that section. I hope it is clear enough. Thanks in advance, muradm > > Thanks, > > Maxim --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEESPY5lma9A9l5HGLP6M7O0mLOBeIFAmMNtWMACgkQ6M7O0mLO BeIgxg/9G6Le0sIvpvdj7NPxtPY5kBB30679u1V2QEZ+iUsQlQ3w4KcrHCY4dYnn EvVShII+osWPK7dG5mTFhyKJrIDbqJLuYv75og28cji4CRdYN8ZoXTgiJpgiOBzp Nrgo79Q2bz5B1Y6Z8+GqiMDEraftqYe1EkPxw9MXkQgUIr3RtLcWSdy9RWx90ZCp XWG2UEmyICr2g4W3K8nn0L6Ple8UzaG2TXgQFpIdzji6NIuShCKoPL9G7CM7vSS/ W4IxJX8Imf8AH73XUi7h2JoQzeHXL5fE9JQeLPXR0EvymJ0ikKgT72t8HvJESGyI Rfg5DEyU2tlZfcQdv1e5r/mluQ8Mm+AXnVcDt7Jm6Hhp9yB47rTk+dgsW7vqmeCj c2b5j3kHc2GlqVp0b0V8xTpaM961y/KPIpBFD9udp5P36MJpxc/CP9yJFAmfrRi4 EiNx9amC0Zyrb9yuxkjwnbCYiMs00MRnWPf5Nd8QYY8cxWVjpAwkQAU6DsX2OqIG ul59gPyDinSzwYpdcqj2q05Pztwe/T+F/augzzUueOVi6Bv7nsEaUKr17Pqy2lI0 6HURjqgLRPhzDaz0+Khmcc4EXpccWo4PZK0jDZdAeRqpg6Mjh7Go3Frdu2sWJPvm wOx/FCLsg2fzuElpKkahyO78WkpcnzRIcBXUQsRD2dS92lxh3Dc= =9dne -----END PGP SIGNATURE----- --=-=-=--