Fedora Account System
Red Hat Associate
Red Hat Customer
Please branch and build tcp_wrappers in epel10. If you do not wish to maintain tcp_wrappers in epel10, or do not think you will be able to do this in a timely manner, the EPEL Packagers SIG would be happy to be a co-maintainer of the package; please add the epel-packagers-sig group through https://src.fedoraproject.org/rpms/tcp_wrappers/addgroup and grant it commit access, or collaborator access on epel* branches. I would also be happy to be a co-maintainer (FAS: orion).
Missing a dep: DEBUG util.py:461: No matching package to install: 'libnsl2-devel'
Branches created, "orion" added with permissions "commit" to the project. Hopefully you can solve the issue easily.
Thanks. I'm going to leave this open until I manage to get it built.
I thought tcp_wrappers was not a thing anymore. And actually I found trace of it being deprecated since Fedora 28 : https://fedoraproject.org/wiki/Changes/Deprecate_TCP_wrappers Are you sure you really want to carry this piece of code for the next 10 years ?
Strangely, despite that change proposal being accepted, tcp_wrappers does not provide deprecated() like it should. https://docs.fedoraproject.org/en-US/packaging-guidelines/deprecating-packages/ It seems that all the work focused on removing dependencies on libwrap.so from packages in Fedora, but the package leading to this request (fail2ban-hostsdeny) is using an explicit requires instead. https://src.fedoraproject.org/rpms/fail2ban/blob/rawhide/f/fail2ban.spec#_189 Could this be as simple as removing that explicit requires to avoid shipping tcp_wrappers in EPEL 10?
On a second look, fail2ban-hostsdeny only has the file /etc/fail2ban/action.d/hostsdeny.conf, which seems pretty closely tied to tcp_wrappers. Maybe a better approach would be to remove (or conditionally disable) that subpackage.
(In reply to Xavier Bachelot from comment #4) > I thought tcp_wrappers was not a thing anymore. > And actually I found trace of it being deprecated since Fedora 28 : > https://fedoraproject.org/wiki/Changes/Deprecate_TCP_wrappers Do you know about any flexible alternative, protecting a designated services by combination of - white/blacklisting IPv4/IPv6 - white/blacklisting by reverse lookup of IPv4/IPv6 - using script for country code lookup and block/allow by e.g. https://www.axllent.org/docs/ssh-geoip/ (I have an improved version active since years) > Are you sure you really want to carry this piece of code for the next 10 > years ? Why not if at least somehow maintained?
According to the CHANGES file, the last release was in 1997. It is very clearly no longer maintained. I can't even find an issue tracker. Let's say a critical security vulnerability was discovered in the software tomorrow. How would you handle this?
pkgs.org shows a bunch of current distribution still packaging tcp_wrappers It has a homepage: http://ftp.porcupine.org/pub/security/index.html And the author is very well known: Wietse Venema (postfix and others) At least FreeBSD has an issue tracker And it looks like it has still a user community Also there are some interesting filter scripts available: https://github.com/topics/tcp-wrappers Looks like the only thing missing is a repository somehow...will try to contact author.
Wietse successfully contacted, he pushed now code to GitHub: https://github.com/tcp-wrappers/code And also he uploaded the tarballs into a dedicated project: https://github.com/tcp-wrappers/tarballs So someone can also start submitting the bunch of patches on-top as PRs from https://src.fedoraproject.org/rpms/tcp_wrappers/tree/rawhide