Bug#1104790: marked as done (fail2ban crashes on startup in trixie (no module named distutils?))

Fri, 09 May 2025 03:42:17 -0700 

Your message dated Fri, 09 May 2025 10:39:14 +0000
with message-id <e1udl8m-007djm...@fasolo.debian.org>
and subject line Bug#1104790: fixed in fail2ban 1.1.0-8
has caused the Debian Bug report #1104790,
regarding fail2ban crashes on startup in trixie (no module named distutils?)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1104790: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104790
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: fail2ban
Version: 1.1.0-7
Severity: grave

Since we upgraded a server to trixie, fail2ban completely fails to
start:

root@submit-01:~# /usr/bin/fail2ban-server -xf start
Server ready
root@submit-01:~# echo $?
255

What's confusing is it doesn't actually show the error message on
startup. The logs do tell the story though:

2025-05-06 13:57:47,549 fail2ban.server         [10131]: INFO    
--------------------------------------------------
2025-05-06 13:57:47,549 fail2ban.server         [10131]: INFO    Starting 
Fail2ban v1.1.0
2025-05-06 13:57:47,550 fail2ban.observer       [10131]: INFO    Observer 
start...
2025-05-06 13:57:47,553 fail2ban.database       [10131]: INFO    Connected to 
fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2025-05-06 13:57:47,554 fail2ban.jail           [10131]: INFO    Creating new 
jail 'postfix-sasl'
2025-05-06 13:57:47,554 fail2ban.jail           [10131]: ERROR   Backend 
'systemd' failed to initialize due to No module named 'distutils'
2025-05-06 13:57:47,554 fail2ban.jail           [10131]: ERROR   Failed to 
initialize any backend for Jail 'postfix-sasl'
2025-05-06 13:57:47,554 fail2ban.transmitter    [10131]: ERROR   Command 
['server-stream', [['set', 'thread', {'stacksize': 0}], ['set', 'syslogsocket', 
'auto'], ['set', 'loglevel', 'INFO'], ['set', 'logtarget', 
'/var/log/fail2ban.log'], ['set', 'allowipv6', 'auto'], ['set', 'dbfile', 
'/var/lib/fail2ban/fail2ban.sqlite3'], ['set', 'dbmaxmatches', 10], ['set', 
'dbpurgeage', '86400'], ['add', 'postfix-sasl', 'systemd'], ['set', 
'postfix-sasl', 'usedns', 'warn'], ['set', 'postfix-sasl', 'prefregex', 
'^\\s*(?:\\S+\\s+)?(?:postfix(-\\w+)?/[^/\\[:\\s]+(?:/smtp[ds])?(?:\\[\\d+\\])?:?\\s+)?(?:kernel:\\s?\\[
 *\\d+\\.\\d+\\]:?\\s+)?warning: <F-CONTENT>.+</F-CONTENT>$'], ['set', 
'postfix-sasl', 'addfailregex', '^[^[]*\\[<HOST>\\](?::\\d+)?: SASL 
((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed:(?! Connection lost 
to authentication server| Invalid authentication mechanism)'], ['set', 
'postfix-sasl', 'datepattern', '{^LN-BEG}'], ['set', 'postfix-sasl', 
'addjournalmatch', '_SYSTEMD_UNIT=postfix.service', 
'_SYSTEMD_UNIT=postfix@-.service'], ['set', 'postfix-sasl', 'maxretry', 5], 
['set', 'postfix-sasl', 'maxmatches', 5], ['set', 'postfix-sasl', 'findtime', 
'3m'], ['set', 'postfix-sasl', 'bantime', '10m'], ['set', 'postfix-sasl', 
'ignorecommand', ''], ['set', 'postfix-sasl', 'ignoreself', True], ['set', 
'postfix-sasl', 'addignoreip', '127.0.0.1'], ['set', 'postfix-sasl', 
'logencoding', 'auto'], ['set', 'postfix-sasl', 'addaction', 
'iptables-multiport'], ['multi-set', 'postfix-sasl', 'action', 
'iptables-multiport', [['actionstart', "{ <iptables> -C f2b-postfix-sasl -j 
RETURN >/dev/null 2>&1; } || { <iptables> -N f2b-postfix-sasl || true; 
<iptables> -A f2b-postfix-sasl -j RETURN; }\nfor proto in $(echo 'tcp' | sed 
's/,/ /g'); do\n{ <iptables> -C INPUT -p $proto -m multiport --dports 0:65535 
-j f2b-postfix-sasl >/dev/null 2>&1; } || { <iptables> -I INPUT -p $proto -m 
multiport --dports 0:65535 -j f2b-postfix-sasl; }\ndone"], ['actionstop', "for 
proto in $(echo 'tcp' | sed 's/,/ /g'); do\n<iptables> -D INPUT -p $proto -m 
multiport --dports 0:65535 -j f2b-postfix-sasl\ndone\n<iptables> -F 
f2b-postfix-sasl\n<iptables> -X f2b-postfix-sasl"], ['actionflush', '<iptables> 
-F f2b-postfix-sasl'], ['actioncheck', "for proto in $(echo 'tcp' | sed 's/,/ 
/g'); do\n<iptables> -C INPUT -p $proto -m multiport --dports 0:65535 -j 
f2b-postfix-sasl\ndone"], ['actionban', '<iptables> -I f2b-postfix-sasl 1 -s 
<ip> -j <blocktype>'], ['actionunban', '<iptables> -D f2b-postfix-sasl -s <ip> 
-j <blocktype>'], ['port', '0:65535'], ['protocol', 'tcp'], ['chain', 'INPUT'], 
['name', 'postfix-sasl'], ['actname', 'iptables-multiport'], ['blocktype', 
'REJECT --reject-with icmp-port-unreachable'], ['returntype', 'RETURN'], 
['lockingopt', '-w'], ['iptables', 'iptables <lockingopt>'], 
['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'], 
['iptables?family=inet6', 'ip6tables <lockingopt>']]], ['start', 
'postfix-sasl']]] has failed. Received RuntimeError("Failed to initialize any 
backend for Jail 'postfix-sasl'")
2025-05-06 13:57:47,554 fail2ban                [10131]: ERROR   NOK: ("Failed 
to initialize any backend for Jail 'postfix-sasl'",)
2025-05-06 13:57:47,554 fail2ban.server         [10131]: INFO    Shutdown in 
progress...
2025-05-06 13:57:47,554 fail2ban.observer       [10131]: INFO    Observer stop 
... try to end queue 5 seconds
2025-05-06 13:57:47,575 fail2ban.observer       [10131]: INFO    Observer 
stopped, 0 events remaining.
2025-05-06 13:57:47,615 fail2ban.server         [10131]: INFO    Stopping all 
jails
2025-05-06 13:57:47,615 fail2ban.database       [10131]: INFO    Connection to 
database closed.
2025-05-06 13:57:47,615 fail2ban.asyncserver    [10131]: WARNING Accept socket 
error: cannot unpack non-iterable NoneType object
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/fail2ban/server/asyncserver.py", line 
218, in handle_accept
    conn, addr = self.accept()
    ^^^^^^^^^^
TypeError: cannot unpack non-iterable NoneType object
2025-05-06 13:57:47,817 fail2ban.server         [10131]: INFO    Exiting 
Fail2ban

The `postfix-sasl` jail looks like:

```
[postfix-sasl]
enabled = true
mode = auth
backend = %(postfix_backend)s
filter = postfix[mode=%(mode)s]
logpath = %(postfix_log)s
maxretry = 5
findtime = 3m
```

and postfix_backend is:

paths-debian.conf:postfix_backend = systemd

... which is where that systemd comes from. I bet it's this line in
filtersystemd.py that's causing trouble:

from distutils.version import LooseVersion

This was fixed upstream in:

https://github.com/fail2ban/fail2ban/commit/a763fbbdfd6486e372965b4009eb3fe5db346718

... shortly *after* the last release, which is present in Debian.

I applied parts of the above patch here and things seem to go back to normal.

--- End Message ---
--- Begin Message --- 
Source: fail2ban
Source-Version: 1.1.0-8
Done: Colin Watson <cjwat...@debian.org>

We believe that the bug you reported is fixed in the latest version of
fail2ban, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1104...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwat...@debian.org> (supplier of updated fail2ban package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 09 May 2025 11:19:16 +0100
Source: fail2ban
Architecture: source
Version: 1.1.0-8
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <team+pyt...@tracker.debian.org>
Changed-By: Colin Watson <cjwat...@debian.org>
Closes: 1104790
Changes:
 fail2ban (1.1.0-8) unstable; urgency=medium
 .
   * Team upload.
 .
   [ Sylvestre Ledru ]
   * Add autopkgtest testing.  Thanks to Zaiba Sanglikar for the patch
   * Remove patch deb_path_to_common. Thanks to Zaiba Sanglikar
     for the patch
 .
   [ Colin Watson ]
   * Revert patch to fail on any invalid ssh public key, since this would ban
     legitimate users with multiple public keys.  See
     https://github.com/fail2ban/fail2ban/issues/3922 for the rationale.
 .
   [ Antoine Beaupré ]
   * Remove runtime calls to distutils, crashing in trixie (Closes: #1104790)
 .
   [ MichaIng ]
   * Fix log identifier for OpenSSH 10.0.
Checksums-Sha1:
 0da278e56c8d6eb6a917dbb58e365aba84732bc1 2319 fail2ban_1.1.0-8.dsc
 aebe1efb597e1d1876483b67c7fe993a76c2466e 31388 fail2ban_1.1.0-8.debian.tar.xz
Checksums-Sha256:
 ae88563ebc9b6416583ac0fe2a94a6f586e37b528ea6a52185d3d864e913de84 2319 
fail2ban_1.1.0-8.dsc
 48427f0a83b9bccd6fa1d16bec86646e78ebfd3c342a9142444e75f9102ab6ae 31388 
fail2ban_1.1.0-8.debian.tar.xz
Files:
 3bb032642874b45671add84b966549dd 2319 net optional fail2ban_1.1.0-8.dsc
 94ad20eeac98e948adbe49d54ecbe839 31388 net optional 
fail2ban_1.1.0-8.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmgd1zYACgkQOTWH2X2G
UAv9OA//Up59HBXAWAjwRTWdbqNOB+EbZwZaq2agYoTM86mG6xAVagQYJsbwB5Ty
tnFc+eoLOS51wMqz26symQ8iJJaWOY2e7c9uEnuSvQ1vvof/6Q8zGxT9nhSwCJgS
3Guk8XJ/p9jyEVqUwwoB6eSfzu5V1v9cbfJSkPzO0gSZUgFgnyofRliWt+lWneVa
XXaZjZ3p2kdnYxEsFrzuMJ4tU5rq7QsBOBMCzet1a9BEaBvvocp9wbjGnIkBP1sy
jj6A7kURasR/SW4U9CvPj1jq32LbX/CPQ/MMTmRkPs4jQs+cpUU5jXlxXWuQO5Ih
VitWDqsI8gCfyZJvRqYeT+6feLnk018ieUdzl/zz0AFh1pdTu4Y2/R2g2hiXUtE/
AYYrRh9ddOMdp3E0RqxopB2rNPZVoCBcben2NCl6vkoC+xkl7PYqA9Zit3r5xSpj
OI0GfNOx+nkOQAR+TsYz2xya2Ww1/H/NgszXMsu3c+WmuA8GKLreqEMuv5FXe8i7
Ai03GVIg3Qs4BGtHcUDKMj9x7lAo0jNpkaMCz8QWzIl2kH9nXTAviaFaiMRu6dMy
smKYelx2uWQsKXBdEBc92AYJR6kSvgtYGxAryRwgOaJpyVxdTC2G8B61Q7FP68Iz
w2KM220ajrqFoTEY8VWs9mqrpMQ3DzOFzvV9IRUDGOFs8Pe7zQ8=
=lSOH
-----END PGP SIGNATURE-----

Attachment: pgprcYfB2dn3q.pgp
Description: PGP signature


--- End Message ---

Reply via email to