Accepting request 733857 from home:cboltz

- add abstractions-ssl-certbot-paths.diff - add certbot paths to abstractions/ssl_certs and abstractions/ssl_keys OBS-URL: https://build.opensuse.org/request/show/733857 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=250
2019-09-28 15:36:36 +00:00 · 2019-09-28 15:36:36 +00:00 · 433977903f
commit 433977903f
parent 34919fc720
3 changed files with 49 additions and 1 deletions
--- a/abstractions-ssl-certbot-paths.diff
+++ b/abstractions-ssl-certbot-paths.diff
@ -0,0 +1,38 @@
+commit b5772e29efbc3c2325b4a2ba312bb4cf0c78f181
+Author: Christian Boltz <gitlab2@cboltz.de>
+Date:   Sun Jun 30 07:14:42 2019 +0000
+
+    Merge branch 'cboltz-2.13-certbot' into 'apparmor-2.13'
+    
+    [2.10..2.13] Add for Certbot on openSUSE Leap
+    
+    See merge request apparmor/apparmor!398
+    
+    Acked-by: John Johansen <john.johansen@canonical.com> for 2.10..2.13
+    
+    (cherry picked from commit 14a11e67a5b8e06a5ba5080d9824df8010e28552)
+    
+    8b766451 Add for Certbot on openSUSE Leap
+
+diff --git a/profiles/apparmor.d/abstractions/ssl_certs b/profiles/apparmor.d/abstractions/ssl_certs
+index b5382ec9..789efc58 100644
+--- a/profiles/apparmor.d/abstractions/ssl_certs
+++ b/profiles/apparmor.d/abstractions/ssl_certs
+@@ -38,3 +38,7 @@
+   /etc/letsencrypt/archive/*/cert*.pem r,
+   /etc/letsencrypt/archive/*/chain*.pem r,
+   /etc/letsencrypt/archive/*/fullchain*.pem r,
+
+  /etc/certbot/archive/*/cert*.pem r,
+  /etc/certbot/archive/*/chain*.pem r,
+  /etc/certbot/archive/*/fullchain*.pem r,
+diff --git a/profiles/apparmor.d/abstractions/ssl_keys b/profiles/apparmor.d/abstractions/ssl_keys
+index 84f5c503..2de760b5 100644
+--- a/profiles/apparmor.d/abstractions/ssl_keys
+++ b/profiles/apparmor.d/abstractions/ssl_keys
+@@ -26,3 +26,5 @@
+ 
+   # certbot / letsencrypt
+   /etc/letsencrypt/archive/*/privkey*.pem r,
+
+  /etc/certbot/archive/*/privkey*.pem r,
--- a/apparmor.changes
+++ b/apparmor.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Sat Sep 28 15:20:10 UTC 2019 - Christian Boltz <suse-beta@cboltz.de>
+
+- add abstractions-ssl-certbot-paths.diff - add certbot paths to
+  abstractions/ssl_certs and abstractions/ssl_keys
+
 -------------------------------------------------------------------
 Fri Sep 27 21:43:55 UTC 2019 - Luiz Angelo Daros de Luca <luizluca@tre-sc.jus.br>

--- a/apparmor.spec
+++ b/apparmor.spec
@ -65,9 +65,12 @@ Patch4:         apparmor-lessopen-profile.patch
 # workaround for boo#1119937 / lp#1784499 - allow network access for reading files on NFS (proper solution needs kernel fix)
 Patch5:         apparmor-lessopen-nfs-workaround.diff

-# allow /etc/krb5.conf.d/ for kerberos client
+# allow /etc/krb5.conf.d/ for kerberos client (submitted upstream 2019-09-28 https://gitlab.com/apparmor/apparmor/merge_requests/425)
 Patch6:         apparmor-krb5-conf-d.diff

+# add certbot paths to abstractions/ssl_keys and abstractions/ssl_certs (from upstream https://gitlab.com/apparmor/apparmor/merge_requests/398, merged 2019-06-30)
+Patch7:         abstractions-ssl-certbot-paths.diff
+
 PreReq:         sed
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define apparmor_bin_prefix /lib/apparmor
@ -357,6 +360,7 @@ SubDomain.
 %patch4
 %patch5
 %patch6 -p1
+%patch7 -p1

 %build
 %define _lto_cflags %{nil}