of Buster. Unless someone provides a patch in the meantime.
Makes sense to me.
Cheers,
--
intrigeri
sadmins,
which is somewhat frustrating to everyone involved.
Cheers,
--
intrigeri
papercuts that make our
git-remote-gcrypt experience more painful than it should be :)
Cheers,
--
intrigeri
guess not everyone wants to pull its
dependency on grub-common)
Thoughts?
[1]
https://salsa.debian.org/installer-team/clock-setup/blob/master/finish-install.d/10clock-setup#L69
Cheers,
--
intrigeri
nt automatic discovery
of "is RTC in UTC?", which I'm very interested in: that's why
I landed here in the first place, will file a wishlist bug blocked
by this one shortly.
So I would recommend trying (1) and if that fails, trying (2).
Meta: is this something you're interested in working on
further yourself?
Cheers,
--
intrigeri
I should add that I'm not running away because maintaining metche is
particularly troublesome: it is pretty stable software, does its
intended job pretty well, hasn't bitrotted, and does not require much
maintenance work (maybe 4-12 hours a year).
I'm simply cleaning up my plate of things I don't
upstream and package maintenance are taken over by July 2019,
I'll orphan the package or request it to be removed from sid (I'm
undecided yet, opinions welcome).
Cheers,
--
intrigeri
Hi,
Sebastian Andrzej Siewior:
> intrigeri, I added you on Cc since you were a help the last time
> apparmor came around.
Thanks! Sure, happy to give a hand. I've usertagged this bug so it's
on the AppArmor team's radar (and not just on mine). See the
corresponding documentation:
xec" info="label not found" error=-2
> profile="lxc-container-default-cgns" name="system_tor" pid=1881 comm="(tor)"
Now this gets interesting:
> 96 processes are in enforce mode.
> […]
>/usr/bin/tor (1881) lxc-container-default-cgns
>/usr/lib/dovecot/anvil (1884) lxc-container-default-cgns
>/usr/lib/dovecot/log (1885) lxc-container-default-cgns
… and many more processes confined under the
lxc-container-default-cgns profile.
Are you actually running dovecot, tor, postgres, sshd, smdb, Postfix,
dhclient etc. in LXC containers? Or is the lxc-container-default-cgns
profile somehow erroneously applied to these processes?
Cheers,
--
intrigeri
d can wait until close to the Bullseye freeze:
I want to give reverse-deps authors and maintainers as much time as
I can to do the porting, while allowing to keep the GTK+ 2 version in
sid in the meantime.
Cheers,
--
intrigeri
I've filed bug reports against all reverse dependencies (normal
severity for now), tracked using the gtk2-removal usertag:
https://udd.debian.org/cgi-bin/bts-usertags.cgi?tag=gtk2-removal=debian-perl%40lists.debian.org
All reverse dependencies are leaf packages. The vast majority are
either dead
active upstream.
If this does not happen, then I think we should remove this package
from the archive.
Cheers!
--
intrigeri
to add
missing bits to the bindings.
This being said, the package was orphaned last year and the current
"votes" count on popcon is 2. So I think should remove it from the
archive if/once it's clear that it won't be ported to GTK+ 3.
Cheers!
--
intrigeri
Source: odot
Severity: normal
The URL found in the Upstream control field
(http://home.arcor.de/kaffeetisch/odot.html) now redirects to
https://www.arcor.de/, which as far as I can tell is a generic news
site and not the homepage of odot.
:)
Cheers!
--
intrigeri
of moot :/
- There are other options for this use case nowadays, such as OTR,
which are probably better for most use cases.
So perhaps it would be best to remove this package from Debian.
Cheers!
--
intrigeri
and happy to add
missing bits to the bindings.
Cheers!
--
intrigeri
and happy to add
missing bits to the bindings.
Cheers!
--
intrigeri
and happy to add
missing bits to the bindings.
FWIW I've tried to check whether upstream was already on it, but the
link to their issue tracker [1] is broken: it points to a service that
was closed 1.5 years ago.
[1] http://www.gcstar.org/contribute.en.php#tasks
Cheers!
--
intrigeri
://bugs.debian.org/912860
FTR this port has been requested upstream back in 2013:
https://github.com/squentin/gmusicbrowser/issues/57
Cheers!
--
intrigeri
and happy to add
missing bits to the bindings.
Cheers!
--
intrigeri
is
responsive and happy to add missing bits to the bindings.
Cheers!
--
intrigeri
and happy to add
missing bits to the bindings.
Otherwise, #885741 and #912382 suggest that this package should
probably be removed from the archive.
Cheers!
--
intrigeri
:) Otherwise, I think the best course of action
will be to remove this package from the archive.
Cheers!
--
intrigeri
filed back
in July.
So I guess that what this app needs is a new upstream maintainer.
If that does not happen, I think we should remove this package
from the archive.
Cheers!
--
intrigeri
bindings is responsive and happy to add
missing bits to the bindings.
Cheers!
--
intrigeri
is responsive and happy to add
missing bits to the bindings.
Cheers!
--
intrigeri
and happy to add
missing bits to the bindings.
I see that upstream is active so I expect this port should be totally
doable in this timeframe.
Cheers!
--
intrigeri
and happy to add
missing bits to the bindings.
Alternatively, as suggested on #904557 a few months ago,
I think this package should be removed from the archive.
Cheers!
--
intrigeri
and happy to add
missing bits to the bindings.
Cheers!
--
intrigeri
. Upstream for libgtk3-perl and
libglib-object-introspection-perl is responsive and happy to add any
bits that may be missing.
If critical bits of Debian still depend on libgtk2-perl (d-i?),
please let me know :)
Cheers,
--
intrigeri
: Suggests but not Depends. I'm using the
resulting binary package in production, it Works on my Machine™.
(Jeremy: do you use usertags or something to track your "no GTK+2
installed by default" efforts?)
Cheers,
--
intrigeri
>From 37b366ac2be68751c5e2a7c59cb8ac4384622b13 Mon Sep 17
Control: found -1 2.2.0-2
Ouch :/ Reproduced on sid. I see a few potentially related changes in
upstream Git, might be worth trying to import them and see what happens.
Cheers,
--
intrigeri
Jonas Smedegaard:
> Please drop it. Thanks!
Thanks for the quick reply! Filed #912830.
Cheers,
--
intrigeri
to a newly added dependency that
was never packaged. The uploader agrees we should drop it.
Reference: https://bugs.debian.org/840305
Thanks in advance!
Cheers,
--
intrigeri
Hi,
as announced in July, I've requested the removal of this package from
sid: #912744
Cheers,
--
intrigeri
m the archive; happy to deal with the paperwork myself (except
moving to "attic" or whatever it's called in the Salsa days, which
I've consistently forgotten).
Cheers,
--
intrigeri
Package: ftp.debian.org
Severity: normal
Hi,
we (pkg-perl team) would like to remove this RC-buggy package from
the archive.
Reference: https://bugs.debian.org/832127
Cheers,
--
intrigeri
Hi,
as announced in July, I've requested this package to be removed from
sid: https://bugs.debian.org/912743
Cheers,
--
intrigeri
Package: ftp.debian.org
Severity: normal
Hi,
we (pkg-perl team) would like to remove this RC-buggy package from
the archive.
References: https://bugs.debian.org/825231 and
https://bugs.debian.org/904402
Thanks in advance!
Cheers,
--
intrigeri
Source: apparmor-profiles-extra
Version: 1.24
Severity: normal
A few months ago I've copied and adjusted the GitLab CI configuration
found in salsa-ci-team/pipeline. Since then, a better way was created
to handle this: one can now subscribe a package to the Salsa pipeline,
which will manage the
Source: apparmor
Version: 2.13.1-3
Severity: normal
A few months ago I've copied and adjusted the GitLab CI configuration
found in salsa-ci-team/pipeline. Since then, a better way was created
to handle this: one can now subscribe a package to the Salsa pipeline,
which will manage the GitLab CI
(and
> drop the break on surf-apparmor, which will not exist).
Done (1.24). Thanks for this nice piece of cross-package
collaboration, much appreciated :)
Cheers,
--
intrigeri
Reiner Herrmann:
>> How do i reload after changing an apparmor profile?
> Try /etc/init.d/apparmor reload.
This will do something closer to what you want in many cases:
sudo apparmor_parser -r /path/to/the/profile
Cheers,
--
intrigeri
quot; requested_mask="read" denied_mask="read"
> peer="firejail-default"
⇒ reassigning to firejail.
> For now my solution is to remove apparmor,
I would instead suggest:
sudo aa-disable /etc/apparmor.d/firejail-default
… until that profile is fixed.
So that in the meantime, you keep benefiting from other AppArmor
profiles :)
@firejail maintainers: happy to help if you wish so!
Cheers,
--
intrigeri
Vincas Dargis:
> intrigeri, what is rationale for upping it to "normal"?
What do you mean? Today I merely tagged this bug "upstream".
> Maybe you would like/expect to have it in Buster?
Absolutely not.
> I kinda feel if we can't make Thunderbird profile actual
Osamu Aoki:
> On Sat, Jun 30, 2018 at 12:06:18PM +0200, intrigeri wrote:
>> Hi,
>>
>> do you plan to fix #899958 and #899538 soon? I could not find updates
>> nor any Git repo on Salsa.
Thanks for fixing these! Glad to see these two packages back in
testing :)
in the Uploaders
+field who did most of the recent uploads: the team mailing list
+is deprecated (Closes: #899616).
+
+ -- intrigeri Tue, 30 Oct 2018 18:33:51 +
+
myspell-fa (0.20070816-3) unstable; urgency=low
* Switch to dpkg-source 3.0 (quilt) format
diff -Nru myspell-fa
of the recent uploads: the team mailing list
+is deprecated (Closes: #899539).
+
+ -- intrigeri Tue, 30 Oct 2018 18:31:07 +
+
hunspell-ar (3.2-1) unstable; urgency=low
* New upstream release
diff -Nru hunspell-ar-3.2/debian/control hunspell-ar-3.2/debian/control
--- hunspell-ar-3.2
s just an
> incredibly stupid idea.
I'll happily let you reuse the parcimonie name once you have it
working with good enough™ backwards compatibility with the
current interfaces.
> Thanks, and sorry for hijacking this thread with such wild ideas. :)
By all means, please keep going wild :)
Cheers,
--
intrigeri
the initscript:
https://salsa.debian.org/apparmor-team/apparmor/merge_requests/11
Cheers,
--
intrigeri
intrigeri:
> On https://salsa.debian.org/apparmor-team/apparmor/merge_requests/6
> I've discussed with Jamie how to more fully align with upstream, which
> is required to fix this bug. See the "resolved" discussions there.
… more specifically the discussion that
Hi,
intrigeri (2018-01-29):
> Three action items were identified on this bug report. One has been
> done, another is pending review upstream, and the third one remains to
> be tackled:
[...]
> 2. have apparmor(7) clarify that reloading a profile immediately takes
>effec
straction with the one shipped by current
apparmor-profiles-extra and raises a visible warning when they
differ
Cheers,
--
intrigeri
uccessfully".
Cheers,
--
intrigeri
,
will this work for you?
And if on #901416 you decide against moving the AppArmor profile to
a new binary package, things will be much simpler: just upload to sid
and I'll upload apparmor-profiles-extra ASAP to minimize
installability issues :)
Cheers,
--
intrigeri
>F
Control: severity -1 normal
intrigeri:
> Due to this bug, merely installing the surf package on a default
> Debian testing/sid system breaks unrelated functionality, which is RC
> ⇒ bumping severity.
I was wrong: failure to load one AppArmor profile only affects this
profile, but
intrigeri:
> s/Apparmor/AppArmor/ :)
There was another similar typo, attached patch fixes both.
Cheers,
--
intrigeri
>From 97cbdd10a4f9af31d78136a1f1c76f2a4126b806 Mon Sep 17 00:00:00 2001
From: intrigeri
Date: Sat, 27 Oct 2018 09:34:33 +
Subject: [PATCH 2/3] Fix spelling of &qu
kage: if that
policy breaks functionality or the maintainers don't wish to support
it, fine; otherwise, I'd rather see it installed by default.
> + This package provides an Apparmor policy for confining Surf.
s/Apparmor/AppArmor/ :)
Cheers,
--
intrigeri
Ivan Sergio Borgonovo:
> If you've any suggest to collect any information that could be useful
> let me know.
Let's start with the info I've requested the day after you've filed
the initial bug report: https://bugs.debian.org/905342#10 :)
Hi LXC maintainers,
intrigeri:
>Ideally, picking the best strategy and implementing it would be
>a matter of coordination between LXC and systemd (ideally upstream,
>but quite possibly distro maintainers will need to be involved
>here). I'll raise this issue to th
,
--
intrigeri
le/Po4a/Sgml.pm line 566.
This was fixed by upstream commit
02d5102cfc11f33e0bfc5e2cad26ee842ac9b999 (not part of any release yet).
Cheers,
--
intrigeri
Dear LXC maintainers,
johnw:
> I think it's not bug.
> Because I removed systemd, either if I reinstall systemd, or I add
> some mount rules to apparmor , then the denied messages gone.
Given my own test results and John's feedback, I suggest closing
this bug.
Cheers,
--
intrigeri
mor policy stacking support
in the kernel + userspace we will ship in Buster. I gave it a quick
try (using the lxc-ubuntu template) and was not able to load AppArmor
policy inside a LXC container running on sid.)
Cheers,
--
intrigeri
ntu:~$ mount | grep pstore
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
And there's no single AppArmor denial in the host system's logs.
aa-status confirms that this container is running under the
lxc-container-default-cgns profile.
So, can you still reproduce this on current testing/sid?
If yes, can you please share a simple reproducer similar to the one
I've tried to provide above?
Cheers,
--
intrigeri
let you be the judge of whether the issue is in apparmor or in
> adequate.
It seems that the problem either was in adequate (but cannot be
reproduced anymore so I doubt it's worth relaying this to the adequate
maintainers), or was somehow resolved by a more recent upload
⇒ closing.
Cheers,
--
intrigeri
ng
a default configuration that breaks when a non-SELinux LSM is enabled
will provide a pretty bad user experience (and will likely become RC
at some point).
Cheers,
--
intrigeri
too often so I've installed adequate in the
VM where I test AppArmor upgrades before uploads. Hopefully its
APT/dpkg integration will avoid such errors in the future. I'd welcome
pointers to check this automatically via GitLab CI on Salsa.)
Cheers,
--
intrigeri
t action you are expecting us to take: it
looks like you're asking us to remove a file that does not exist on
your system, which is of course impossible.
Might this be a bug in adequate?
Can you please share the output of:
dpkg-query -W -f='${Conffiles}\n' apparmor
?
Thanks in advance!
Cheers,
--
intrigeri
Package: apparmor
Version: 2.13.1-1
Severity: normal
Goal: remove the migration delay bonus on success.
See #904979 for details.
Package: apparmor-profiles-extra
Version: 1.21
Severity: normal
Goal: remove the migration delay bonus on success.
See #904979 for details.
be re-enabled, with a value that works with AppArmor
(probably not "system_u:system_r:cachefiles_kernel_t:s0").
Cheers,
--
intrigeri
or extending the tor
abstraction, as designed (but not implemented yet) on
https://bugs.debian.org/795475. And then you folks can ship an
additional AppArmor policy snippet to in whatever way you see fit.
So personally I would reject this request in favour of #795475.
Cheers,
--
intrigeri
Control: tag -1 + patch
Control: found -1 0.3.5.3-alpha-2
Jakub Wilk:
> Adding "#include " to /etc/apparmor.d/local/system_tor
> fixed it for me.
Confirmed, thanks! (git format-)patch attached.
Cheers,
--
intrigeri
>From 94d9290c32677477c87b074894edefc935fdf43b Mon Sep 17
nts passed in without checking if there
> are aliases involved
> what should happen: is torify should be alias-aware.
Cheers,
--
intrigeri
Control: notforwarded -1
Vincas Dargis:
> On 6/13/18 6:00 PM, intrigeri wrote:
>> For the record, with 2.13-1 I see a different error:
>>
>># aa-complain thunderbird
>>Setting /usr/bin/thunderbird to complain mode.
>>
>>ERROR: Path doesn't s
/apparmor-profiles-extra/blob/debian/master/debian/rules#L25
Cheers,
--
intrigeri
arlier after testing the
proposed command line. Bonus points if you submit the changes in your
upload as a merge request against
https://salsa.debian.org/apparmor-team/apparmor :)
Cheers,
--
intrigeri
is going to switch to Buster very soon),
I say don't bother and feel free to drop it from the "Other packages
we might want to update in stretch" list.
Cheers,
--
intrigeri
> I was using torbrowser-launcher and updated it to torbrowser 8.0.2 .
> When the torbrowser restarted it gave me a message stating it could
> not find my profile.
This is probably fixed by one of the commits in
https://github.com/micahflee/torbrowser-launcher/pull/360
Hi Georg,
Georg Faerber:
> Currently, we don't ship the logo, but I'm unsure if this matters?
We do ship the logo in the source package so it does matter :)
Cheers,
--
intrigeri
on the ITP (trimming down ideas that don't make sense
anymore):
intrigeri:
> What matters to me is the users' perspective. I think we should
> provide a clear, unambiguous transition path and avoid leaking
> technical details to users. So once MAT2 reaches feature parity with
> MAT (I think t
Package: mat2
Version: 0.4.0-1
Severity: wishlist
Hi,
I'm filing this bug mostly to document the current state of things.
This is currently blocked by #907591.
Cheers,
--
intrigeri
Hi,
FTR I've "solved" this by disabling the "GNOME Keyring integration"
add-on. Then I got asked for the missing passwords, which was not the
best upgrade path ever, but at least I have a working Thunderbird
again :)
Cheers,
--
intrigeri
Control: tag -1 + wishlist
Control: tag -1 + upstream
Mikko Viinamäki:
> Provided an URL argument it will not point tor browser to the URL
> requested.
Indeed. Can you please check if there's already an upstream feature
request about this, and if not, create one? Thanks!
ge.
To reproduce, I think you need 1. adequate installed;
2. upgrading from a specific version of the package.
Cheers,
--
intrigeri
is Totem profile update will require backporting the mesa
abstraction, that's currently in the upstream apparmor.git master
branch only. To start with I've requested its backport into the
upstream apparmor-2.13 maintenance branch:
https://gitlab.com/apparmor/apparmor/merge_requests/189
Cheers,
--
intrigeri
Note to whoever tackles this first: this new test should depend on
src:linux somehow, so that it's triggered on ci.debian.net whenever
Linux is upgraded, which would catch an entire class of regressions.
Control: tag -1 + moreinfo
Hi John,
does this break functionality for you or is it "merely" causing noise
in the logs / apparmor-notify?
Cheers!
--
intrigeri
o open the 2nd PDF.
Worst case I'll look into it within a month but help is welcome.
Vincas, maybe? :)
Cheers,
--
intrigeri
!
Cheers,
--
intrigeri
ot allowed to start
any "Web Content" process.
Cheers,
--
intrigeri
I have a fix ready somewhere, not sure I've pushed this to the
upstream Git repo yet. I'll try to fix that upstream by the end of
the week.
s mutt to be installed by default in some setups since
1.7.2-1+deb9u1 was uploaded, which was not the case before 2018-08-17.
Is there anything a DD who's not on the ftpmaster team can do to help
fix that? (I was not able to find the relevant file that needs to
be updated.)
Cheers,
--
intrigeri
Hi,
Thanks for working on this!
- s/enebled/enabled/
- "use Ubuntu archive as same as Debian archive" is hard to
understand for me; I'm not sure it's correct English;
it might be useful to ask the debian-l10n-english team to review the
new strings.
More generally, regarding the
Good catch!
FTR this got reported to Tails as well a couple days ago:
https://labs.riseup.net/code/issues/15841
I expect this will be fixed upstream by Tails folks soon
and then the fix will flow into Debian sid and eventually testing.
Elana Hashman:
> This is ready to migrate down to testing now.
Great news!
> I was waiting for two things:
> - ensure 1.9 and 1.8 can be simultaneously installed (required fixing
> the alternatives logic)
> - piuparts tests actually passed
> These are both fixed so let us loose 1.9 on the
Control: tag -1 + moreinfo
Hi Paul,
intrigeri:
>>> - Don't bloat the logs with fingerprints of keys that could not
>>>be found (Closes: #900388). Also, hide spurious
>>>"dirmngr:Network:/usr/bin/dirmngr:1:1:" output.
>> This do
Vincas Dargis:
> Cool, I will work on MR.
:)))
Also, would be good to have a 2.13.x upstream release with the
fixes/improvements we need.
> "Why not" could be "don't want to manage backports too much" :) .
Right, at least not without being aware of a real need.
Cheers,
--
intrigeri
501 - 600 of 3753 matches
Mail list logo
