Report from DebCamp18
source link: https://www.tuicool.com/articles/hit/ee6vUzJ
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Report from DebCamp18
This was a nice DebCamp! Here is what I've been up to.
AppArmor
Packaging and distro integration
-
Uploaded 2.13-3 to sid after along review process by the Ubuntu maintainers (Salsa FTW!). Highlights:
- Yay for cross-distro collaborative maintenance :)
- New upstream 2.13 release
- Lots of packaging cleanups, getting closer to upstream and aiming at closingDebian bug #870697 some day.
- Please set proper SELinux labels : applied patch by Laurent [email protected].
- Fixed A reload deletes /etc/apparmor.d/cache/CACHEDIR.TAG .
-
Made
aa-notify
point to Debian documentation (Debian bug #904436).
-
Move the binary cache from /etc to /var/cache : reached conclusions on the upstream discussion, implemented and sent amerge request.
-
Don't include python-apparmor nor python-libapparmor in Buster : submitted amerge request, promptly merged by one of the Ubuntu maintainers of the package.
-
Please make apparmor Multi-Arch: foreign : learned a little bit about Multi-Arch, documented my findings on the bug and requested more information from better skilled people.
-
Submitted amerge request to mark
libapparmor-perl
Multi-Arch: same
, promptly merged by one of the Ubuntu maintainers for the package. -
Relaunched , with a concrete proposal, the discussion about reconciling Apertis' packaging Git repository for
src:apparmor
with the Vcs-Git now shared by Debian and Ubuntu.
-
abstractions/freedesktop.org: treat Flatpak exports the same way as bits shipped by the distro aka.Debian bug #865206: improved my merge request based on Simon McVittie's feedback (thanks!).
-
clamav-freshclam: AppArmor denies access to /proc//status : had a quick look and provided hints for further debugging.
-
thunderbird: missing AppArmor entries : proposed cheap solutions.
-
tor: Tor doesn't start because of AppArmor : initial triaging.
-
usr.bin.chromium-browser: Cumulative update for Bionic / Chromium 65 : did a few more rounds of review and finally merged.
-
openntpd: Apparmor denies logging : confirmed that the proposed solution is good enough IMO.
-
Please support AppArmor network rules : clarified status (tl;dr: this was merged in mainline Linux but the userspace to benefit from it is not ready yet).
-
Played with Thunderbird 60 from experimental, looking for necessary updates of the corresponding AppArmor policy… and found none. In passing, found a few minor issues with Enigmail ( merge request ) and reporteda bug that makes Thunderbird 60 unusable for me.
-
Totem and GStreamer : the way we've historically confined Totem programs and their relationship to GStreamer conflicts by design with the sandboxing that was recently implemented in Totem . So I've proposed upstream to lower our expectations a bit and simplify the AppArmor policy accordingly. In passing, I've noticed an issue with Totem vs. recent Mesa and proposed a merge request to fix it.
-
Tried to give Thunderbird
a custom reportbug script that includes
the status of the AppArmor profile in bug reports, in order to ease
the Thunderbird
maintainers' task when triaging newly reported bugs.
Sadly, computing this status requires root credentials so this won't
work. Instead, explained in
README.apparmor
how to get this information, so that the Thunderbird maintainers can point users there when they have a doubt.
Perl team
- Triaged and investigated a few packages that don't build reproducibly.
- Identified a few new candidates for removal from sid.
-
Removing packages that depend on obsolete libraries from the GNOME 2
area:
- updated status of this process that I've started at DebCamp17 last year ⇒ filed a bunch of removal bugs;
- filed RC bugs to prevent a number of other packages from being shipped in Buster.
-
ubuntu-archive-keyring: Adds
ubuntu-archive-keyring.gpg
to/etc/apt/trusted.gpg.d/
without my consent ): proposed phrasing for a new debconf question and the corresponding documentation.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK