gnu: tests: Fix fail2ban tests.

As discussed here: https://github.com/fail2ban/fail2ban/issues/1593, the monitored file has to be present before the fail2ban service starts. Create this file in a dedicated activation service. * gnu/tests/security.scm (%auth-log-activation-service): New variable. (run-fail2ban-basic-test, run-fail2ban-simple-test) (run-fail2ban-extension-test): Use it. Fixes: guix/guix#3645 Change-Id: Ic12891cc5438abbd041ceb19e1d22dae51c7c848
author: Mathieu Othacehe <othacehe@gnu.org> 2025-11-06 15:31:03 +0100
committer: Mathieu Othacehe <othacehe@gnu.org> 2025-11-08 11:25:55 +0100
commit: 23fce946eba82434900e95c4ca13bc575932b014 (patch)
tree: 6afaec893257ef165d36db72d18a5453618ad2fd /gnu/tests/security.scm
parent: efb910877f6ddf415519c66a2f305c00fb070454 (diff)
1 files changed, 22 insertions, 6 deletions
diff --git a/gnu/tests/security.scm b/gnu/tests/security.scm
index 93cbe4a9772..8887396b89b 100644
--- a/gnu/tests/security.scm
+++ b/gnu/tests/security.scm
@@ -97,6 +97,17 @@
 
     (gexp->derivation test-name test)))
 
+;; The /var/log/secure file that is monitored by fail2ban has to be present
+;; before the service starts. This limitation is discussed here:
+;; https://github.com/fail2ban/fail2ban/issues/1593.
+(define %auth-log-activation-service
+  (simple-service 'create-authlog-file
+                  activation-service-type
+                  #~(begin
+                      (call-with-output-file "/var/log/secure"
+                        (lambda (port)
+                          (display "" port))))))
+
 (define run-fail2ban-basic-test
   (fail2ban-test
    "fail2ban-basic-test"
@@ -121,12 +132,14 @@
 
 (define run-fail2ban-simple-test
   (fail2ban-test
-   "fail2ban-basic-test"
+   "fail2ban-simple-test"
 
    (simple-operating-system
-    (service fail2ban-service-type (fail2ban-configuration
-                                    (jails (list (fail2ban-jail-configuration
-                                                  (name "sshd")))))))
+    %auth-log-activation-service
+    (service fail2ban-service-type
+             (fail2ban-configuration
+               (jails (list (fail2ban-jail-configuration
+                              (name "sshd")))))))
 
    (test-equal "fail2ban sshd jail running status output"
      '("Status for the jail: sshd"
@@ -175,8 +188,11 @@
    "fail2ban-extension-test"
 
    (simple-operating-system
-    (service (fail2ban-jail-service openssh-service-type (fail2ban-jail-configuration
-                                                          (name "sshd") (enabled? #t)))
+    %auth-log-activation-service
+    (service (fail2ban-jail-service openssh-service-type
+                                    (fail2ban-jail-configuration
+                                      (name "sshd")
+                                      (enabled? #t)))
              (openssh-configuration))
     (service static-networking-service-type
              (list %qemu-static-networking)))
author	Mathieu Othacehe <othacehe@gnu.org>	2025-11-06 15:31:03 +0100
committer	Mathieu Othacehe <othacehe@gnu.org>	2025-11-08 11:25:55 +0100
commit	23fce946eba82434900e95c4ca13bc575932b014 (patch)
tree	6afaec893257ef165d36db72d18a5453618ad2fd /gnu/tests/security.scm
parent	efb910877f6ddf415519c66a2f305c00fb070454 (diff)