The einfo for net-analyzer/fail2ban-0.9.0-r1 states that python should be built with USE=sqlite in order to use the persistent database for bans. However, I've found that fail2ban fails2start even when disabling this feature in /etc/fail2ban/fail2ban.local like so: [Definition] dbfile = None Running "fail2ban-client -v start" dies with this output: INFO [ # ] Waiting on the server...Traceback (most recent call last): File "/usr/lib64/python-exec/python2.7/fail2ban-server", line 28, in <module> from fail2ban.server.server import Server File "/usr/lib64/python2.7/site-packages/fail2ban/server/server.py", line 34, in <module> from .database import Fail2BanDb File "/usr/lib64/python2.7/site-packages/fail2ban/server/database.py", line 27, in <module> import sqlite3 ImportError: No module named sqlite3 This makes dev-lang/python[sqlite] a non-optional dependency.
Which version of dev-lang/python is fail2ban using there? 1) Please post your `emerge --info dev-lang/python' output in a comment. 2) Please post your `eselect python list' output in a comment.
hazel ~ # emerge --info dev-lang/python Portage 2.2.10 (default/linux/amd64/13.0, gcc-4.8.2, glibc-2.19, 3.14.0-gentoo x86_64) ================================================================= System Settings ================================================================= System uname: Linux-3.14.0-gentoo-x86_64-AMD_Turion-tm-_II_Neo_N40L_Dual-Core_Processor-with-gentoo-2.2 KiB Mem: 3905468 total, 50124 free KiB Swap: 6141692 total, 5725264 free Timestamp of tree: Wed, 09 Apr 2014 19:15:01 +0000 ld GNU ld (GNU Binutils) 2.24 distcc 3.1 x86_64-pc-linux-gnu [disabled] ccache version 3.1.9 [enabled] app-shells/bash: 4.2_p46-r1 dev-java/java-config: 2.2.0 dev-lang/python: 2.7.6, 3.2.5-r3, 3.3.5, 3.4.0 dev-util/ccache: 3.1.9-r3 dev-util/cmake: 2.8.12.2 dev-util/pkgconfig: 0.28-r1 sys-apps/baselayout: 2.2 sys-apps/openrc: 0.12.4 sys-apps/sandbox: 2.6-r1 sys-devel/autoconf: 2.13, 2.69 sys-devel/automake: 1.11.6, 1.12.6, 1.13.4, 1.14.1 sys-devel/binutils: 2.24-r2 sys-devel/gcc: 4.7.3, 4.8.2 sys-devel/gcc-config: 1.8 sys-devel/libtool: 2.4.2 sys-devel/make: 4.0-r1 sys-kernel/linux-headers: 3.14 (virtual/os-headers) sys-libs/glibc: 2.19 Repositories: gentoo belak squeezebox x-portage ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /etc/make.conf /usr/bin/vncserver /usr/lib/X11/xdm/Xsetup_0 /usr/share/easy-rsa /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/hp/hplip.conf /etc/php/apache2-php5.3/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/mnt/media/cache/distfiles" EMERGE_DEFAULT_OPTS="--nospinner --quiet-build=n" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs ccache distlocks ebuild-locks fail-clean fixlafiles merge-sync news preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://gentoo.blueyonder.co.uk/" LANG="en_GB.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j20 -l3.0" PKGDIR="/mnt/media/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/tmp" PORTDIR="/mnt/media/portage" PORTDIR_OVERLAY="/var/lib/layman/belak /var/lib/layman/squeezebox /usr/local/portage" SYNC="rsync://rsync.uk.gentoo.org/gentoo-portage" USE="3dnow 3dnowext X509 a52 aac accessibility acl acpi alsa amd64 apache2 bash-completion berkdb bzip2 clamav cli consolekit cracklib crypt curl curlwrappers cxx dbm dbus dbx dri dv enca encode exif fam fastcgi fat ffmpeg flac foomaticdb fortran ftp gd gd-external gdbm gnutls gudev hardened hwdb iconv imagemagick imap imlib innodb java javascript jpeg lcms ldap libkms libwww lzo mad matroska mdadm minimal mmx mmxext modules mp3 multilib mysql ncurses network nls nptl nsplugin ntfs offensive ogg openmp optimized-qmake pam pcre php png policykit posix qt4 raw readline rtmp samba scanner session sharedmem snmp soap sse sse2 sse4a ssl startup-notification tcpd theora threads tidy tiff tokenizer tordns udev unicode usb vdpau vhosts win32codecs x264 xinetd xmlrpc xsl xv xvid xvmc xz zip zlib" ABI_X86="64" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgid dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" APACHE2_MPMS="worker" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="pc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="en_GB" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-3" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_3" RUBY_TARGETS="ruby19 ruby20" SANE_BACKENDS="hp net" USERLAND="GNU" VIDEO_CARDS="radeon r600 vesa" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON ================================================================= Package Settings ================================================================= dev-lang/python-2.7.6 was built with the following: USE="gdbm hardened ncurses readline sqlite ssl threads tk (wide-unicode) xml -berkdb -build -doc -examples -ipv6 -wininst" ABI_X86="64" CFLAGS="-march=native -O2 -pipe -fwrapv" CXXFLAGS="-march=native -O2 -pipe -fwrapv" LDFLAGS="-Wl,-O1 -Wl,--as-needed -L." dev-lang/python-3.2.5-r3 was built with the following: USE="gdbm hardened ncurses readline ssl threads tk (wide-unicode) xml -build -doc -examples -ipv6 -sqlite -wininst" ABI_X86="64" CFLAGS="-march=native -O2 -pipe -fwrapv" CXXFLAGS="-march=native -O2 -pipe -fwrapv" LDFLAGS="-Wl,-O1 -Wl,--as-needed -L." dev-lang/python-3.3.5 was built with the following: USE="gdbm hardened ncurses readline ssl threads tk xml -build -doc -examples -ipv6 -sqlite -wininst" ABI_X86="64" CFLAGS="-march=native -O2 -pipe -fwrapv" CXXFLAGS="-march=native -O2 -pipe -fwrapv" LDFLAGS="-Wl,-O1 -Wl,--as-needed -L." dev-lang/python-3.4.0 was built with the following: USE="gdbm hardened ncurses readline ssl threads tk xml -build -examples -ipv6 -sqlite -wininst" ABI_X86="64" CFLAGS="-march=native -O2 -pipe -fwrapv" CXXFLAGS="-march=native -O2 -pipe -fwrapv" LDFLAGS="-Wl,-O1 -Wl,--as-needed -L." (Note: have just rebuilt python-2.7 to get f2b working again.) hazel ~ # eselect python list Available Python interpreters: [1] python2.7 * [2] python3.2 [3] python3.3 [4] python3.4
Yes, in fail2ban/server/server.py, we have: from .database import Fail2BanDb and fail2ban/server/database.py in turn has import sqlite3 So sqlite3 is required even when dbfile = None. This is an upstream problem but I can't find a bug report there.
+ 12 Jul 2014; Jeroen Roovers <jer@gentoo.org> fail2ban-0.9.0-r1.ebuild: + Set USE=sqlite dependency on dev-lang/python (bug #507306). It has been months without a release that fixes this bug or a clean patch for 0.9.0, so I have added the obvious workaround. It should be removed in the next release, so this bug should stay open as a reminder.
Fixed in 0.9.1, I should think.
got at the unstable amd64 chroot image 17.0-desktop-plasma-systemd_test_20180117-215521 this : ImportError: No module named sqlite3
Created attachment 515468 [details] emerge-info.txt
Created attachment 515470 [details] emerge-history.txt
Created attachment 515472 [details] environment
Created attachment 515474 [details] etc.portage.tbz2
Created attachment 515476 [details] logs.tbz2
Created attachment 515478 [details] net-analyzer:fail2ban-0.10.1:20180120-102123.log
Created attachment 515480 [details] temp.tbz2
Gentoo should require python[sqlite] for fail2ban because default /etc/fail2ban/fail2ban.conf match: # Options: dbfile # Notes.: Set the file for the fail2ban persistent data to be stored. # A value of ":memory:" means database is only stored in memory # and data is lost when fail2ban is stopped. # A value of "None" disables the database. # Values: [ None :memory: FILE ] Default: /var/lib/fail2ban/fail2ban.sqlite3 dbfile = /var/lib/fail2ban/fail2ban.sqlite3 That cause ERROR in logs but start fail2ban with *logic malfunction* (skip backlog thinking that he will return it from sqlite) Gentoo should require python[sqlite] or patch fail2ban.conf
