ivuorinen/f2b
1
0
Fork 0
mirror of https://github.com/ivuorinen/f2b.git synced 2026-03-07 15:58:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
d9ad4ae24be3fed5b0131382068d6fcf51d4c392
f2b/CHANGELOG.md
Ismo Vuorinen 98b53d84b5 fix: repair Renovate config, convert Makefile to go run, update GitHub Actions (#120) 
* fix: repair Renovate config and convert Makefile to go run (#117)

- Remove non-existent `github>renovatebot/presets:golang` preset that
  broke Renovate PR creation
- Replace deprecated `fileMatch` with `managerFilePatterns` in
  customManagers
- Rewrite regex to match new Makefile pattern (renovate comment above
  version variable assignment)
- Fix `matchFileNames` glob pattern (`*.mk` -> `**/*.mk`)
- Convert all tool invocations from `go install` + global binary to
  `go run tool@version` for reproducible builds
- Convert npm global tools to `npx --yes` invocations
- Remove `dev-deps` and `check-deps` targets (tools auto-download)
- Add mdformat pre-commit hook with GFM support and config
- Add `fmt-md` Makefile target for manual markdown formatting
- Update local golangci-lint pre-commit hook to use `go run`
- Apply golangci-lint v2.10.1 auto-fixes (fmt.Fprintf optimization)
- Add nolint:gosec annotations for legitimate exec.Command usage
- Exclude .serena/ from mdformat and megalinter
- Add markdown indent_size=unset in .editorconfig for CommonMark compat

* chore(deps): update GitHub Actions to latest versions

- anthropics/claude-code-action: v1.0.34 -> v1.0.64
- actions/setup-go: v6.2.0 -> v6.3.0
- actions/upload-artifact: v6.0.0 -> v7.0.0
- goreleaser/goreleaser-action: v6.4.0 -> v7.0.0
- docker/login-action: v3.6.0 -> v3.7.0
- ivuorinen/actions: v2026.01.21 -> v2026.02.24

* fix: address code review feedback

- Fix issue template YAML frontmatter (replace underscore separators
  with proper --- delimiters); exclude templates from mdformat
- Replace string(rune(n)) with strconv.Itoa(n) in test files to produce
  deterministic numeric directory names instead of Unicode characters
- Remove stale `make dev-deps` reference in README, replace with
  `make dev-setup`
- Extract ban/unban format strings into shared.MetricsFmtBanOperations
  and shared.MetricsFmtUnbanOperations constants
- Replace hardcoded coverage percentages in README with evergreen
  phrasing

* fix: address round 2 code review feedback for PR #120

- Fix corrupted path traversal example in docs/security.md
- Fix Renovate .mk regex to match nested paths (.*\.mk$)
- Update checkmake pre-commit hook to v0.3.2 to match Makefile
- Add sync.WaitGroup to unsynchronized goroutines in security tests
- Fix fmt-md target to use pre-commit run mdformat
- Pin markdownlint-cli2 to v0.21.0 in lint-md target
- Standardize //nolint:gosec to // #nosec annotations for gosec CLI

* fix(ci): install PyYAML dependency for PR lint workflow

The pr-lint workflow uses ivuorinen/actions/pr-lint which internally
calls validate-inputs running a Python script that imports yaml.
Python was set up but PyYAML was never installed, causing
ModuleNotFoundError at runtime.

* fix: address round 3 code review feedback for PR #120

- Wrap Windows-style path traversal example in backtick code span so
  backslashes render literally in docs/security.md
- Add Renovate-managed MARKDOWNLINT_CLI2_VERSION variable in Makefile
  to match the pattern used by all other tool versions
2026-03-01 19:09:17 +02:00

3.2 KiB
Raw Blame History

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

Added

  • Initial public release of f2b Go CLI.
  • Support for listing jails, banning/unbanning IPs, checking status, viewing logs, testing filters, and controlling the Fail2Ban service.
  • Configuration via environment variables and CLI flags.
  • Basic test suite and CI workflows.
  • Comprehensive sudo privilege management system for secure fail2ban operations:
    • Automatic detection of root users, sudo group membership, and sudo capabilities
    • Smart command classification (which commands require sudo vs. read-only)
    • Automatic sudo escalation for privileged operations when user has permissions
    • Clear error messages with helpful hints when sudo privileges are missing
    • Support for testing with comprehensive mock sudo checkers
  • Shell completion command for bash, zsh, fish, and PowerShell.
  • Command aliases for common commands (list-jails, ban, unban, status).
  • Log level configuration via --log-level flag and F2B_LOG_LEVEL env var.
  • Log file output support via --log-file flag and F2B_LOG_FILE env var.
  • Consistent output and error handling using logrus and helpers.
  • Pagination/tailing for logs with --limit flag.
  • JSON output for all commands via --format=json.
  • Extensive input validation for all user-supplied data.
  • Modular, testable architecture with dependency injection.
  • .github/AGENTS.md for LLM/AI agent contribution guidelines.
  • Initial CHANGELOG.md for tracking releases and changes.
  • Comprehensive documentation updates across all markdown files.

Changed

  • Enhanced Runner interface to support both regular and sudo command execution
  • Updated all fail2ban operations to use appropriate privilege escalation
  • Improved client initialization to check sudo requirements upfront
  • Enhanced error messages for privilege-related failures with actionable hints
  • Comprehensive documentation updates:
    • Updated README.md with complete feature overview and security guidance
    • Enhanced CONTRIBUTING.md with security and testing guidelines
    • Expanded docs/faq.md with sudo troubleshooting and new features
    • Updated .github/README.md to reflect modern Go implementation
    • Enhanced .github/AGENTS.md with privilege handling guidelines
  • Refactored CLI to use dependency injection for all commands.
  • Enhanced security and error handling throughout the codebase.

Security

  • Privilege validation: All user input validated before privilege escalation
  • Secure command execution: Uses argument arrays instead of shell string concatenation
  • Test isolation: Comprehensive mocking prevents accidental privileged operations in tests
  • Principle of least privilege: Only escalates privileges when required for specific commands

Fixed

  • Various minor bug fixes and improved test coverage.
  • Test safety: Eliminated potential for real sudo execution during testing