gnu: tests: Fix fail2ban tests.

As discussed here: https://github.com/fail2ban/fail2ban/issues/1593, the monitored file has to be present before the fail2ban service starts. Create this file in a dedicated activation service. * gnu/tests/security.scm (%auth-log-activation-service): New variable. (run-fail2ban-basic-test, run-fail2ban-simple-test) (run-fail2ban-extension-test): Use it. Fixes: guix/guix#3645 Change-Id: Ic12891cc5438abbd041ceb19e1d22dae51c7c848
2026-04-06 21:20:33 +02:00 · 2025-11-06 15:31:03 +01:00
parent efb910877f
commit 23fce946eb
1 changed files with 22 additions and 6 deletions
--- a/gnu/tests/security.scm
+++ b/gnu/tests/security.scm
@@ -97,6 +97,17 @@

    (gexp->derivation test-name test)))

+;; The /var/log/secure file that is monitored by fail2ban has to be present
+;; before the service starts. This limitation is discussed here:
+;; https://github.com/fail2ban/fail2ban/issues/1593.
+(define %auth-log-activation-service
+  (simple-service 'create-authlog-file
+                  activation-service-type
+                  #~(begin
+                      (call-with-output-file "/var/log/secure"
+                        (lambda (port)
+                          (display "" port))))))
+
 (define run-fail2ban-basic-test
  (fail2ban-test
   "fail2ban-basic-test"
@@ -121,12 +132,14 @@

 (define run-fail2ban-simple-test
  (fail2ban-test
-   "fail2ban-basic-test"
+   "fail2ban-simple-test"

   (simple-operating-system
-    (service fail2ban-service-type (fail2ban-configuration
-                                    (jails (list (fail2ban-jail-configuration
-                                                  (name "sshd")))))))
+    %auth-log-activation-service
+    (service fail2ban-service-type
+             (fail2ban-configuration
+               (jails (list (fail2ban-jail-configuration
+                              (name "sshd")))))))

   (test-equal "fail2ban sshd jail running status output"
     '("Status for the jail: sshd"
@@ -175,8 +188,11 @@
   "fail2ban-extension-test"

   (simple-operating-system
-    (service (fail2ban-jail-service openssh-service-type (fail2ban-jail-configuration
-                                                          (name "sshd") (enabled? #t)))
+    %auth-log-activation-service
+    (service (fail2ban-jail-service openssh-service-type
+                                    (fail2ban-jail-configuration
+                                      (name "sshd")
+                                      (enabled? #t)))
             (openssh-configuration))
    (service static-networking-service-type
             (list %qemu-static-networking)))