From a764533c20c9cedf0834138076d38d329982e1af Mon Sep 17 00:00:00 2001
From: Armin Kuster <akuster808@gmail.com>
Date: Tue, 3 May 2022 14:31:21 -0700
Subject: meta-security: move perl and python recipes to dynamic layers
 structure

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../files/0001-To-fix-build-error-of-xrang.patch   | 28 +++++++
 .../recipes-security/fail2ban/files/initd          | 98 ++++++++++++++++++++++
 .../recipes-security/fail2ban/files/run-ptest      |  3 +
 .../fail2ban/python3-fail2ban_0.11.2.bb            | 60 +++++++++++++
 .../mfa/python3-privacyidea_3.6.2.bb               | 38 +++++++++
 .../python/python3-oauth2client_4.1.3.bb           | 11 +++
 6 files changed, 238 insertions(+)
 create mode 100644 dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-To-fix-build-error-of-xrang.patch
 create mode 100644 dynamic-layers/meta-python/recipes-security/fail2ban/files/initd
 create mode 100644 dynamic-layers/meta-python/recipes-security/fail2ban/files/run-ptest
 create mode 100644 dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
 create mode 100644 dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.6.2.bb
 create mode 100644 dynamic-layers/meta-python/recipes-security/python/python3-oauth2client_4.1.3.bb

(limited to 'dynamic-layers/meta-python')

diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-To-fix-build-error-of-xrang.patch b/dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-To-fix-build-error-of-xrang.patch
new file mode 100644
index 0000000..7f0812c
--- /dev/null
+++ b/dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-To-fix-build-error-of-xrang.patch
@@ -0,0 +1,28 @@
+From fe3436d65518099d35c643848cba50253abc249c Mon Sep 17 00:00:00 2001
+From: Lei Maohui <leimaohui@cn.fujitsu.com>
+Date: Thu, 9 May 2019 14:44:51 +0900
+Subject: [PATCH] To fix build error of xrange.
+
+NameError: name 'xrange' is not defined
+
+Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com>
+---
+ fail2ban/__init__.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fail2ban/__init__.py b/fail2ban/__init__.py
+index fa6dcf7..61789a4 100644
+--- a/fail2ban/__init__.py
++++ b/fail2ban/__init__.py
+@@ -82,7 +82,7 @@ strptime("2012", "%Y")
+ 
+ # short names for pure numeric log-level ("Level 25" could be truncated by short formats):
+ def _init():
+-	for i in xrange(50):
++	for i in range(50):
+ 		if logging.getLevelName(i).startswith('Level'):
+ 			logging.addLevelName(i, '#%02d-Lev.' % i)
+ _init()
+-- 
+2.7.4
+
diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/files/initd b/dynamic-layers/meta-python/recipes-security/fail2ban/files/initd
new file mode 100644
index 0000000..586b3da
--- /dev/null
+++ b/dynamic-layers/meta-python/recipes-security/fail2ban/files/initd
@@ -0,0 +1,98 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: fail2ban
+# Required-Start: $local_fs $remote_fs
+# Required-Stop: $local_fs $remote_fs
+# Should-Start: $time $network $syslog iptables firehol shorewall ferm
+# Should-Stop: $network $syslog iptables firehol shorewall ferm
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Start/Stop fail2ban
+# Description: Start/Stop fail2ban, a daemon to ban hosts that cause multiple authentication errors
+### END INIT INFO
+
+# Source function library.
+. /etc/init.d/functions
+
+# Check that the config file exists
+[ -f /etc/fail2ban/fail2ban.conf ] || exit 0
+
+check_privsep_dir() {                                                              
+    # Create the PrivSep empty dir if necessary
+    if [ ! -d /var/run/fail2ban ]; then            
+        mkdir /var/run/fail2ban                    
+        chmod 0755 /var/run/fail2ban
+    fi                                         
+}         
+
+FAIL2BAN="/usr/bin/fail2ban-client"
+prog=fail2ban-server
+lockfile=${LOCKFILE-/var/lock/subsys/fail2ban}
+socket=${SOCKET-/var/run/fail2ban/fail2ban.sock}
+pidfile=${PIDFILE-/var/run/fail2ban/fail2ban.pid}
+RETVAL=0
+
+start() {
+    echo -n $"Starting fail2ban: "
+    check_privsep_dir
+    ${FAIL2BAN} -x start > /dev/null
+    RETVAL=$?
+    if [ $RETVAL = 0 ]; then
+        touch ${lockfile}
+        success
+    else
+        failure
+    fi
+    echo
+    return $RETVAL
+}
+
+stop() {
+    echo -n $"Stopping fail2ban: "
+    ${FAIL2BAN} stop > /dev/null
+    RETVAL=$?
+    if [ $RETVAL = 0 ]; then
+        rm -f ${lockfile} ${pidfile}
+        success
+    else
+        failure
+    fi
+    echo
+    return $RETVAL
+}
+
+reload() {
+    echo "Reloading fail2ban: "
+    ${FAIL2BAN} reload
+    RETVAL=$?
+    echo
+    return $RETVAL
+}
+
+# See how we were called.
+case "$1" in
+    start)
+        status -p ${pidfile} ${prog} >/dev/null 2>&1 && exit 0
+        start
+        ;;
+    stop)
+        stop
+        ;;
+    reload)
+        reload
+        ;;
+    restart)
+        stop
+        start
+        ;;
+    status)
+        status -p ${pidfile} ${prog}
+        RETVAL=$?
+        [ $RETVAL = 0 ] && ${FAIL2BAN} status
+        ;;
+    *)
+        echo $"Usage: fail2ban {start|stop|restart|reload|status}"
+        RETVAL=2
+esac
+
+exit $RETVAL
diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/files/run-ptest b/dynamic-layers/meta-python/recipes-security/fail2ban/files/run-ptest
new file mode 100644
index 0000000..64d07d5
--- /dev/null
+++ b/dynamic-layers/meta-python/recipes-security/fail2ban/files/run-ptest
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+##PYTHON## bin/fail2ban-testcases
diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb b/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
new file mode 100644
index 0000000..96e17b7
--- /dev/null
+++ b/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
@@ -0,0 +1,60 @@
+SUMMARY = "Daemon to ban hosts that cause multiple authentication errors."
+DESCRIPTION = "Fail2Ban scans log files like /var/log/auth.log and bans IP addresses having too \
+many failed login attempts. It does this by updating system firewall rules to reject new \
+connections from those IP addresses, for a configurable amount of time. Fail2Ban comes \
+out-of-the-box ready to read many standard log files, such as those for sshd and Apache, \
+and is easy to configure to read any log file you choose, for any error you choose."
+HOMEPAGE = "http://www.fail2ban.org"
+
+LICENSE = "GPL-2.0-only"
+LIC_FILES_CHKSUM = "file://COPYING;md5=ecabc31e90311da843753ba772885d9f"
+
+DEPENDS = "python3-native"
+
+SRCREV ="4fe4ac8dde6ba14841da598ec37f8c6911fe0f64"
+SRC_URI = " git://github.com/fail2ban/fail2ban.git;branch=0.11;protocol=https \
+        file://initd \
+        file://run-ptest \
+"
+
+inherit update-rc.d ptest setuptools3_legacy
+
+S = "${WORKDIR}/git"
+
+do_compile () {
+    cd ${S}
+
+    #remove symlink to python3
+    # otherwise 2to3 is run against it
+    rm -f bin/fail2ban-python
+
+    ./fail2ban-2to3
+}
+
+do_install:append () {
+    rm  -f ${D}/${bindir}/fail2ban-python
+    install -d ${D}/${sysconfdir}/fail2ban
+    install -d ${D}/${sysconfdir}/init.d
+    install -m 0755 ${WORKDIR}/initd ${D}${sysconfdir}/init.d/fail2ban-server
+    chown -R root:root ${D}/${bindir}
+    rm -rf ${D}/run
+}
+
+do_install_ptest:append () {
+    install -d ${D}${PTEST_PATH}
+    install -d ${D}${PTEST_PATH}/bin
+    sed -i -e 's/##PYTHON##/${PYTHON_PN}/g' ${D}${PTEST_PATH}/run-ptest
+    install -D ${S}/bin/* ${D}${PTEST_PATH}/bin
+    rm -f ${D}${PTEST_PATH}/bin/fail2ban-python
+}
+
+
+INITSCRIPT_PACKAGES = "${PN}"
+INITSCRIPT_NAME = "fail2ban-server"
+INITSCRIPT_PARAMS = "defaults 25"
+
+INSANE_SKIP:${PN}:append = "already-stripped"
+
+RDEPENDS:${PN} = "${VIRTUAL-RUNTIME_base-utils-syslog} iptables sqlite3 python3-core python3-pyinotify"
+RDEPENDS:${PN} += " python3-logging python3-fcntl python3-json"
+RDEPENDS:${PN}-ptest = "python3-core python3-io python3-modules python3-fail2ban"
diff --git a/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.6.2.bb b/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.6.2.bb
new file mode 100644
index 0000000..40f6d15
--- /dev/null
+++ b/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.6.2.bb
@@ -0,0 +1,38 @@
+SUMMARY = "identity, multifactor authentication (OTP), authorization, audit"
+DESCRIPTION = "privacyIDEA is an open solution for strong two-factor authentication like OTP tokens, SMS, smartphones or SSH keys. Using privacyIDEA you can enhance your existing applications like local login (PAM, Windows Credential Provider), VPN, remote access, SSH connections, access to web sites or web portals with a second factor during authentication. Thus boosting the security of your existing applications."
+
+HOMEPAGE = "http://www.privacyidea.org/"
+LICENSE = "AGPL-3.0-only"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=c0acfa7a8a03b718abee9135bc1a1c55"
+
+PYPI_PACKAGE = "privacyIDEA"
+SRC_URI[sha256sum] = "4441282d086331dac0aee336286de8262d9ac8eb11e14b7f9aa69f865caebe17"
+
+inherit pypi setuptools3
+
+do_install:append () {
+    rm -fr ${D}${libdir}/${PYTHON_DIR}/site-packages/tests
+}
+
+USERADD_PACKAGES = "${PN}"
+GROUPADD_PARAM:${PN} = "--system privacyidea"
+USERADD_PARAM:${PN} = "--system -g privacyidea -o -r -d /opt/${BPN}  \
+    --shell /bin/false privacyidea"
+
+FILES:${PN} += " ${prefix}/etc/privacyidea/* ${datadir}/lib/privacyidea/*"
+
+RDEPENDS:${PN} += " bash perl freeradius-mysql freeradius-utils"
+
+RDEPENDS:${PN} += "python3 python3-alembic python3-babel python3-bcrypt"
+RDEPENDS:${PN} += "python3-beautifulsoup4 python3-cbor2 python3-certifi python3-cffi python3-chardet"
+RDEPENDS:${PN} += "python3-click python3-configobj python3-croniter python3-cryptography python3-defusedxml"
+RDEPENDS:${PN} += "python3-ecdsa  python3-flask python3-flask-babel python3-flask-migrate"
+RDEPENDS:${PN} += "python3-flask-script python3-flask-sqlalchemy python3-flask-versioned"
+RDEPENDS:${PN} += "python3-future python3-httplib2 python3-huey python3-idna python3-ipaddress"
+RDEPENDS:${PN} += "python3-itsdangerous python3-jinja2 python3-ldap python3-lxml python3-mako"
+RDEPENDS:${PN} += "python3-markupsafe python3-netaddr python3-oauth2client python3-passlib python3-pillow"
+RDEPENDS:${PN} += "python3-pyasn1 python3-pyasn1-modules python3-pycparser python3-pyjwt python3-pymysql"
+RDEPENDS:${PN} += "python3-pyopenssl python3-pyrad python3-dateutil python3-editor python3-gnupg"
+RDEPENDS:${PN} += "python3-pytz python3-pyyaml python3-qrcode python3-redis python3-requests python3-rsa"
+RDEPENDS:${PN} += "python3-six python3-smpplib python3-soupsieve python3-soupsieve "
+RDEPENDS:${PN} += "python3-sqlalchemy python3-sqlsoup python3-urllib3 python3-werkzeug"
diff --git a/dynamic-layers/meta-python/recipes-security/python/python3-oauth2client_4.1.3.bb b/dynamic-layers/meta-python/recipes-security/python/python3-oauth2client_4.1.3.bb
new file mode 100644
index 0000000..3a07461
--- /dev/null
+++ b/dynamic-layers/meta-python/recipes-security/python/python3-oauth2client_4.1.3.bb
@@ -0,0 +1,11 @@
+SUMMARY = "Add version info to file paths."
+SECTION = "devel/python"
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=038e1390e94fe637991fa5569daa62bc"
+
+PYPI_PACKAGE = "oauth2client"
+SRC_URI[sha256sum] = "d486741e451287f69568a4d26d70d9acd73a2bbfa275746c535b4209891cccc6"
+
+inherit pypi setuptools3
+
+RDEPENDS:${PN} = "python3-six python3-rsa python3-httplib2 python3-pyasn1 python3-pyasn1-modules"
-- 
cgit v1.2.3-54-g00ecf