Hello community, here is the log from the commit of package apparmor for openSUSE:Factory checked in at Mon Oct 10 14:10:12 CEST 2011.
-------- --- openSUSE:Factory/apparmor/apparmor.changes 2011-09-23 01:51:55.000000000 +0200 +++ /mounts/work_src_done/STABLE/apparmor/apparmor.changes 2011-10-09 21:48:38.000000000 +0200 @@ -1,0 +2,17 @@ +Sun Oct 9 19:42:05 UTC 2011 - [email protected] + +- add patch with upstream changes since 2.7.0 beta2 release + - add example parser.conf + - print warning if profile cache directory doesn't exist + - remove initscript for no longer existing aa-eventd (bnc#720617) + - set correct $HOME in aa-notify +- enable caching of profiles (= massive speedup) (bnc#689458) +- add comments for patches in .spec and comments in some patches +- run spec-cleaner + +------------------------------------------------------------------- +Fri Sep 30 20:07:41 UTC 2011 - [email protected] + +- add libtool as buildrequire to make the spec file more reliable + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- apparmor-2.7-changes-since-beta2.diff apparmor-enable-profile-cache.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apparmor.spec ++++++ --- /var/tmp/diff_new_pack.a6Djgs/_old 2011-10-10 14:10:07.000000000 +0200 +++ /var/tmp/diff_new_pack.a6Djgs/_new 2011-10-10 14:10:07.000000000 +0200 @@ -53,7 +53,13 @@ Source2: %{name}-profile-editor.desktop Source3: update-trans.sh -# PATCH-MISSING-TAG -- See http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines +# upstream changes since 2.7beta2 release +Patch: apparmor-2.7-changes-since-beta2.diff + +# enable caching of profiles (= massive performance speedup when loading profiles) +Patch1: apparmor-enable-profile-cache.diff + +# split a long string in AppArmor.pm. Not accepted upstream because they want a solution without hardcoded width. Patch5: apparmor-utils-string-split # use autobuild everywhere. Patch applies to 2.6.1 only and probably won't be accepted upstream. @@ -61,15 +67,15 @@ # requires Patch10 Patch11: apparmor-2.5.1-rpmlint-asprintf -# PATCH-MISSING-TAG -- See http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines +# Add support for eDirectory calls in abstractions/nameservice. Not accepted upstream (yet) because of open questions Patch12: apparmor-2.5.1-edirectory-profile -# PATCH-MISSING-TAG -- See http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines +# split ldap related things from abstractions/nameservice to abstractions/ldapclient and add sasl support. TODO: send upstream Patch13: apparmor-2.5.1-ldapclient-profile # obsolete, upstream implemented this in another way Patch15: apparmor-remove-repo -# PATCH-MISSING-TAG -- See http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines +# remove after 12.1 release - bnc#720617 #c7 Patch21: apparmor-utils-subdomain-compat License: GPLv2+ @@ -85,6 +91,7 @@ BuildRequires: flex BuildRequires: gcc-c++ BuildRequires: latex2html +BuildRequires: libtool BuildRequires: pcre-devel BuildRequires: pkg-config BuildRequires: texlive-latex @@ -225,13 +232,13 @@ Requires: libapparmor1 = %{version} Requires: perl = %{perl_version} Requires: perl(DBD::SQLite) +Requires: perl(Locale::gettext) Requires: perl(RPC::XML) +Requires: perl(RPC::XML) +Requires: perl(Term::ReadKey) Requires: perl(Term::ReadKey) Provides: perl-libapparmor Obsoletes: perl-libapparmor < 2.5 -Requires: perl(Locale::gettext) -Requires: perl(RPC::XML) -Requires: perl(Term::ReadKey) %description -n perl-apparmor This package provides the perl interface to AppArmor. It is used for perl @@ -302,9 +309,8 @@ %description utils This package provides the aa-logprof, aa-genprof, aa-autodep, aa-enforce, and aa-complain tools to assist with profile authoring. -Besides it provides the aa-unconfined server information tool and the -aa-eventd event reporting system. It is part of a suite of tools that -used to be named SubDomain. +Besides it provides the aa-unconfined server information tool. +It is part of a suite of tools that used to be named SubDomain. %if %{with tomcat} @@ -397,6 +403,8 @@ %prep %setup -q -n %{name}-%{versiondir} +%patch -p0 +%patch1 -p1 %patch5 -p1 #%patch10 -p1 # disabled, see above #%patch11 -p1 # disabled, see above @@ -482,9 +490,16 @@ # utilities %makeinstall -C utils -mkdir -p %{buildroot}/var/log/apparmor +mkdir -p %{buildroot}%{_localstatedir}/log/apparmor + +%makeinstall -C profiles +mkdir %{buildroot}%{_sysconfdir}/apparmor.d/disable %makeinstall -C parser +# default cache dir is /etc/apparmor.d/cache - not the best location. +# Use /var/cache/apparmor and make /etc/apparmor.d/cache a symlink to it +mkdir -p %{buildroot}%{_localstatedir}/cache/apparmor +( cd %{buildroot}/%{_sysconfdir}/apparmor.d/ && ln -s ../../%{_localstatedir}/cache/apparmor cache ) %if %{with apache} %makeinstall -C changehat/mod_apparmor @@ -494,8 +509,6 @@ %makeinstall -C changehat/pam_apparmor SECDIR=%{buildroot}%{_libdir}/security %endif -%makeinstall -C profiles - %if %{with tomcat} mkdir -p %{buildroot}/%{CATALINA_HOME} %makeinstall -C changehat/tomcat_apparmor/tomcat_5_5 CATALINA_HOME=%{buildroot}/%{CATALINA_HOME} @@ -549,18 +562,19 @@ %doc parser/README parser/COPYING.GPL /sbin/apparmor_parser %dir %attr(-, root, root) %{_sysconfdir}/apparmor +%dir %{_sysconfdir}/apparmor.d +%{_sysconfdir}/apparmor.d/cache +%dir %{_localstatedir}/cache/apparmor %if %{distro} == "suse" /sbin/rcsubdomain /sbin/rcapparmor %{_sysconfdir}/init.d/boot.apparmor - /sbin/rcaaeventd - %{_sysconfdir}/init.d/aaeventd %else %{_sysconfdir}/init.d/apparmor - %{_sysconfdir}/init.d/aaeventd %endif %config(noreplace) %{_sysconfdir}/apparmor/subdomain.conf -/var/lib/apparmor +%config(noreplace) %{_sysconfdir}/apparmor/parser.conf +%{_localstatedir}/lib/apparmor %dir %attr(-, root, root) %{apparmor_bin_prefix} %{apparmor_bin_prefix}/rc.apparmor.functions %doc %{_mandir}/man5/apparmor.d.5.gz @@ -605,6 +619,7 @@ %files profiles %defattr(644,root,root,755) %config(noreplace) %{_sysconfdir}/apparmor.d/ +%exclude %{_sysconfdir}/apparmor.d/cache %dir %{_sysconfdir}/apparmor/ %dir %{_sysconfdir}/apparmor/profiles %config %{_sysconfdir}/apparmor/profiles/extras/ @@ -616,8 +631,8 @@ %config(noreplace) %{_sysconfdir}/apparmor/notify.conf %config(noreplace) %{_sysconfdir}/apparmor/severity.db %config(noreplace) %{_sysconfdir}/apparmor/subdomain.conf -%{_prefix}/sbin/* -%dir /var/log/apparmor +%{_sbindir}/* +%dir %{_localstatedir}/log/apparmor %doc %{_mandir}/man2/aa_change_profile.2.gz %doc %{_mandir}/man5/logprof.conf.5.gz %doc %{_mandir}/man8/apparmor_notify.8.gz @@ -749,10 +764,12 @@ %preun parser if [ "$1" = 0 ] ; then %if %{distro} == "suse" + # TODO: aaeventd no longer exists - how to handle it? %{stop_on_removal aaeventd} %{stop_on_removal boot.apparmor} %endif %if %{distro} == "redhat" || %{distro} == "rhel4" + # TODO: aaeventd no longer exists - how to handle it? chkconfig --del aaeventd chkconfig --del apparmor %endif @@ -760,7 +777,7 @@ %postun parser %if %{distro} == "suse" - %restart_on_update aaeventd boot.apparmor + %restart_on_update boot.apparmor %{insserv_cleanup} || true %endif ++++++ apparmor-2.5.1-ldapclient-profile ++++++ --- /var/tmp/diff_new_pack.a6Djgs/_old 2011-10-10 14:10:07.000000000 +0200 +++ /var/tmp/diff_new_pack.a6Djgs/_new 2011-10-10 14:10:07.000000000 +0200 @@ -1,3 +1,9 @@ +Thu Jan 6 16:23:19 UTC 2011 - [email protected] + +- Splitted ldap related things from nameservice into separate + profile and added some missing paths (bnc#662761) + + --- profiles/apparmor.d/abstractions/ldapclient | 21 +++++++++++++++++++++ profiles/apparmor.d/abstractions/nameservice | 8 +++----- ++++++ apparmor-2.7-changes-since-beta2.diff ++++++ bzr diff -r1829..1834 also create parser/parser.conf (forgotten in r1834, will probably be in r1835) === modified file 'parser/Makefile' --- parser/Makefile 2011-09-01 18:57:54 +0000 +++ parser/Makefile 2011-10-07 21:43:54 +0000 @@ -246,17 +246,14 @@ install-redhat: install -m 755 -d $(DESTDIR)/etc/init.d install -m 755 rc.apparmor.$(subst install-,,$@) $(DESTDIR)/etc/init.d/apparmor - install -m 755 rc.aaeventd.redhat $(DESTDIR)/etc/init.d/aaeventd .PHONY: install-suse install-suse: install -m 755 -d $(DESTDIR)/etc/init.d install -m 755 rc.apparmor.$(subst install-,,$(@)) $(DESTDIR)/etc/init.d/boot.apparmor - install -m 755 rc.aaeventd.$(subst install-,,$(@)) $(DESTDIR)/etc/init.d/aaeventd install -m 755 -d $(DESTDIR)/sbin ln -sf /etc/init.d/boot.apparmor $(DESTDIR)/sbin/rcapparmor ln -sf rcapparmor $(DESTDIR)/sbin/rcsubdomain - ln -sf /etc/init.d/aaeventd $(DESTDIR)/sbin/rcaaeventd .PHONY: install-slackware install-slackware: @@ -288,6 +285,7 @@ install-indep: install -m 755 -d $(INSTALL_CONFDIR) install -m 644 subdomain.conf $(INSTALL_CONFDIR) + install -m 644 parser.conf $(INSTALL_CONFDIR) install -m 755 -d ${DESTDIR}/var/lib/apparmor install -m 755 -d $(APPARMOR_BIN_PREFIX) install -m 755 rc.apparmor.functions $(APPARMOR_BIN_PREFIX) === modified file 'parser/apparmor-parser.spec.in' --- parser/apparmor-parser.spec.in 2010-12-20 20:29:10 +0000 +++ parser/apparmor-parser.spec.in 2011-10-07 21:43:54 +0000 @@ -103,6 +103,7 @@ /etc/init.d/aaeventd %endif %config(noreplace) /etc/apparmor/subdomain.conf +%config(noreplace) /etc/apparmor/parser.conf /var/lib/apparmor %dir %attr(-, root, root) %{apparmor_bin_prefix} %{apparmor_bin_prefix}/rc.apparmor.functions === modified file 'parser/parser_main.c' --- parser/parser_main.c 2011-08-09 13:52:43 +0000 +++ parser/parser_main.c 2011-10-07 21:42:55 +0000 @@ -1007,8 +1007,7 @@ } else { unlink(cachetemp); - if (show_cache) - PERROR("Removed cache attempt: %s\n", cachetemp); + PERROR("Warning failed to create cache: %s\n", basename); } free(cachetemp); } --- /dev/null +++ parser/parser.conf @@ -0,0 +1,58 @@ +# parser.conf is a global AppArmor config file for the apparmor_parser +# +# It can be used to specify the default options for the parser, which +# can then be overriden by options passed on the command line. +# +# Leading whitespace is ignored and lines that begin with # are treated +# as comments. +# +# Config options are specified one per line using the same format as the +# longform command line options (without the preceding --). +# +# If a value is specified twice the last version to appear is used. + +## Suppress Warnings +#quiet + +## Be verbose +#verbose + +## Set include path +#Include /etc/apparmor.d/abstractions + +## Set location of apparmor filesystem +#subdomainfs /sys/kernel/security/apparmor + +## Set match-string to use - for forcing compiler to treat different kernels +## the same +# match-string "pattern=aadfa audit perms=crwxamlk/ user::other" + +## Turn creating/updating of the cache on by default +#write-cache + +## Show cache hits +#show-cache + +## skip cached policy +#skip-cache + +## skip reading cache but allow updating +#skip-read-cache + + +#### Set Optimizaions. Multiple Optimizations can be set, one per line #### +# For supported optimizations see +# apparmor_parser --help=O + +## Turn on equivalence classes +#equiv + +## Turn off expr tree simplification +#Optimize=no-expr-simplify + +## Turn off DFA minimization +#Optimize=no-minimize + +## Adjust compression +#Optimize=compress-small +#Optimize=compress-fast === modified file 'utils/aa-notify' --- utils/aa-notify 2011-08-17 14:48:12 +0000 +++ utils/aa-notify 2011-09-30 23:00:52 +0000 @@ -36,6 +36,8 @@ my $conf = "/etc/apparmor/notify.conf"; my $user_conf = "$ENV{HOME}/.apparmor/notify.conf"; my $notify_exe = "/usr/bin/notify-send"; +my $notify_home = ""; +my $notify_display = ""; my $last_exe = "/usr/bin/last"; my $ps_exe = "/bin/ps"; my $url = "https://wiki.ubuntu.com/DebuggingApparmor";; @@ -154,6 +156,12 @@ if ($opt_p) { -x "$notify_exe" or _error("Could not find '$notify_exe'. Please install libnotify-bin. Aborting"); + + # we need correct values for $HOME and $DISPLAY environment variables, + # otherwise $notify_exe won't be able to connect to DBUS to display the + # message. Do this here to avoid excessive lookups. + $notify_home = (getpwuid $>)[7]; # homedir of the user +# TODO: set $notify_display; } elsif ($opt_l) { -x "$last_exe" or _error("Could not find '$last_exe'. Aborting"); } @@ -305,6 +313,9 @@ # notify-send needs $< to be the unprivileged user $< = $>; + $notify_home ne "" and $ENV{'HOME'} = $notify_home; + $notify_display ne "" and $ENV{'DISPLAY'} = $notify_display; + # 'system' uses execvp() so no shell metacharacters here. # $notify_exe is an absolute path so execvp won't search PATH. system "$notify_exe", "-i", "gtk-dialog-warning", "-u", "critical", "--", "AppArmor Message", "$msg"; ++++++ apparmor-enable-profile-cache.diff ++++++ Enable caching of profiles. This speeds up loading the (unchanged) profiles about 20 times. Upstream doesn't enable caching because the cache directory is not writeable at the time profiles are loaded in Ubuntu. See also bnc#689458 Signed-off by: Christian Boltz <[email protected]> --- a/parser/parser.conf_ORIG 2011-10-09 20:59:31.000000000 +0200 +++ b/parser/parser.conf 2011-10-09 21:00:15.000000000 +0200 @@ -28,7 +28,7 @@ # match-string "pattern=aadfa audit perms=crwxamlk/ user::other" ## Turn creating/updating of the cache on by default -#write-cache +write-cache ## Show cache hits #show-cache ++++++ apparmor-utils-string-split ++++++ --- /var/tmp/diff_new_pack.a6Djgs/_old 2011-10-10 14:10:08.000000000 +0200 +++ /var/tmp/diff_new_pack.a6Djgs/_new 2011-10-10 14:10:08.000000000 +0200 @@ -1,5 +1,5 @@ From: Jeff Mahoney <[email protected]> -Subject: SubDomain.pm: Split long string +Subject: AppArmor.pm: Split long string The string split here ends up not displaying well in yast. --- continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
