Bug#968607: [pkg-apparmor] Bug#968607: Bug#968607: pidgin-openpgp: AppArmor profil prevents execution of XEP-0027.pl
Hi Seth, Seth Arnold (2020-10-30): > On Thu, Oct 29, 2020 at 09:14:55AM +0100, intrigeri wrote: >> I believe that in practice, during a Buster → Bullseye upgrade, >> pidgin-openpgp will be removed anyway because libgtk2-perl will get >> removed. So in this context, having this Conflicts or not does not >> matter much. (I understand Ubuntu adopted a different strategy wrt. >> deprecating libgtk2-perl so things would look different there.) > > Oh curious, I'm not accustomed to 'leaf' packages being removed on > upgrades; for example, on my Focal system now, I've got eight packages > installed that aren't available for download. They're not removed as long as they're still co-installable with more important packages, i.e. they don't block the rest of the upgrade. In the case at hand case, during a Buster → Bullseye upgrade, the previously installed libgtk2-perl from Buster: - won't have upgrades available - depends on perlapi-5.28.0, which is a virtual package perl-base (5.28.1-6) - perl-base will need to be upgraded to 5.3x from Bullseye So it won't be co-installable with the newer perl-base. Then I expect the package manager to offer, as a resolution, to remove libgtk2-perl, and in turn, its reverse-dependencies, such as pidgin-openpgp. > Anyway, thanks for the quick turnaround. :) I appreciate it. You're welcome, thank *you* for paying attention :)
Bug#968607: [pkg-apparmor] Bug#968607: Bug#968607: pidgin-openpgp: AppArmor profil prevents execution of XEP-0027.pl
On Thu, Oct 29, 2020 at 09:14:55AM +0100, intrigeri wrote: > Seth Arnold (2020-10-29): > > Hello intrigeri, I'm not comfortable with this approach. > Thanks for sharing. I hear you and it matters to me. <3 :D > Works for me. I've just uploaded 1.29 that drops the problematic > Conflicts :) Thanks! > I believe that in practice, during a Buster → Bullseye upgrade, > pidgin-openpgp will be removed anyway because libgtk2-perl will get > removed. So in this context, having this Conflicts or not does not > matter much. (I understand Ubuntu adopted a different strategy wrt. > deprecating libgtk2-perl so things would look different there.) Oh curious, I'm not accustomed to 'leaf' packages being removed on upgrades; for example, on my Focal system now, I've got eight packages installed that aren't available for download. (I used to have a lot more, either I didn't notice them being removed some other time, or I actively cleaned up my mess.) Anyway, thanks for the quick turnaround. :) I appreciate it. Thanks signature.asc Description: PGP signature
Bug#968607: [pkg-apparmor] Bug#968607: pidgin-openpgp: AppArmor profil prevents execution of XEP-0027.pl
Hi Seth, Seth Arnold (2020-10-29): > Hello intrigeri, I'm not comfortable with this approach. Thanks for sharing. I hear you and it matters to me. > apparmor-profiles-extra is just text files. > > I don't know what merits or demerits pidgin-openpgp actually has, but if > an administrator installed it and hasn't purged it themselves when it was > removed from the repos, they may actually use it. > > There's no compelling technical reason why both packages can't exist at > once on one system. A site admin could easily add necessary lines to > /etc/apparmor.d/local/usr.bin.pidgin to fix this without incurring > the wrath of dpkg's configuration file handling. > > I'd rather this bug be closed wontfix with "since pidgin-openpgp was > removed from Debian we don't see a pressing need to fix the profiles" and > take no other action. Works for me. I've just uploaded 1.29 that drops the problematic Conflicts :) I believe that in practice, during a Buster → Bullseye upgrade, pidgin-openpgp will be removed anyway because libgtk2-perl will get removed. So in this context, having this Conflicts or not does not matter much. (I understand Ubuntu adopted a different strategy wrt. deprecating libgtk2-perl so things would look different there.) Cheers!
Bug#968607: [pkg-apparmor] Bug#968607: pidgin-openpgp: AppArmor profil prevents execution of XEP-0027.pl
On Sat, Oct 24, 2020 at 06:27:08PM +0200, intrigeri wrote: > Given pidgin-openpgp was removed from testing and sid, > IMO it's not worth adding support for it in the AppArmor profile, > so let's instead ensure the obsolete pidgin-openpgp package > gets removed if apparmor-profiles-extra is installed: > > https://salsa.debian.org/apparmor-team/apparmor-profiles-extra/-/commit/eedb248ece01e65ce5572f5cc0b1a59c1bfc8f06 Hello intrigeri, I'm not comfortable with this approach. apparmor-profiles-extra is just text files. I don't know what merits or demerits pidgin-openpgp actually has, but if an administrator installed it and hasn't purged it themselves when it was removed from the repos, they may actually use it. There's no compelling technical reason why both packages can't exist at once on one system. A site admin could easily add necessary lines to /etc/apparmor.d/local/usr.bin.pidgin to fix this without incurring the wrath of dpkg's configuration file handling. I'd rather this bug be closed wontfix with "since pidgin-openpgp was removed from Debian we don't see a pressing need to fix the profiles" and take no other action. Thanks signature.asc Description: PGP signature
Bug#968607: pidgin-openpgp: AppArmor profil prevents execution of XEP-0027.pl
Control: tag -1 + pending Hi, Henning Follmann (2020-08-18): > On start of pidgin I get this error: > Can't locate strict.pm: /usr/share/perl/5.28/strict.pm: Permission denied > at /usr/lib/purple-2/XEP-0027.pl line 31. > BEGIN failed--compilation aborted at /usr/lib/purple-2/XEP-0027.pl line 31. > > Journalctl info: > Aug 18 09:58:17 typer audit[2790]: AVC apparmor="DENIED" operation="open" > profile="/usr/bin/pidgin" name="/usr/share/perl/5.28.1/strict.pm" pid=2790 > comm= > Aug 18 09:58:17 typer kernel: audit: type=1400 audit(1597759097.069:42): > apparmor="DENIED" operation="open" profile="/usr/bin/pidgin" > name="/usr/share/per Given pidgin-openpgp was removed from testing and sid, IMO it's not worth adding support for it in the AppArmor profile, so let's instead ensure the obsolete pidgin-openpgp package gets removed if apparmor-profiles-extra is installed: https://salsa.debian.org/apparmor-team/apparmor-profiles-extra/-/commit/eedb248ece01e65ce5572f5cc0b1a59c1bfc8f06 Cheers!
Bug#968607: pidgin-openpgp: AppArmor profil prevents execution of XEP-0027.pl
Package: pidgin-openpgp Version: 0.1-2 Severity: normal Dear Maintainer, On start of pidgin I get this error: Can't locate strict.pm: /usr/share/perl/5.28/strict.pm: Permission denied at /usr/lib/purple-2/XEP-0027.pl line 31. BEGIN failed--compilation aborted at /usr/lib/purple-2/XEP-0027.pl line 31. Journalctl info: Aug 18 09:58:17 typer audit[2790]: AVC apparmor="DENIED" operation="open" profile="/usr/bin/pidgin" name="/usr/share/perl/5.28.1/strict.pm" pid=2790 comm= Aug 18 09:58:17 typer kernel: audit: type=1400 audit(1597759097.069:42): apparmor="DENIED" operation="open" profile="/usr/bin/pidgin" name="/usr/share/per -- System Information: Debian Release: 10.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-10-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages pidgin-openpgp depends on: ii gnupg2.2.12-1+deb10u1 ii gpg-agent [gnupg-agent] 2.2.12-1+deb10u1 ii libconfig-tiny-perl 2.23-1 ii libfile-touch-perl 0.11-1 ii libgtk2-perl 2:1.24992-1+b2 ii pidgin 2.13.0-2+b1 pidgin-openpgp recommends no packages. pidgin-openpgp suggests no packages. -- no debconf information
