Accepting request 453533 from home:cboltz

- add upstream-changes-r3616..3628.diff:
  - update abstractions/base, abstractions/apache2-common and dovecot profiles
  - merge ask_the_questions() of aa-logprof and aa-mergeprof
  - pass LDFLAGS when building parser, libapparmor perl bindings and pam_apparmor
- adjust deleting the cache in profiles %post to the new cache location
- silence errors when deleting the cache (boo#976914)

- split libapparmor into separate spec to get rid of build loop
  involving mariadb, systemd, apparmor, libapr and mariadb again
  (see the discussion in SR 448871 for details)

- libapparmor.spec is based on the AppArmor 2.11 apparmor.spec, but
  with minimum BuildRequires

OBS-URL: https://build.opensuse.org/request/show/453533
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=166

apparmor.changes

@@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Mon Jan 30 21:37:48 UTC 2017 - suse-beta@cboltz.de
+
+- add upstream-changes-r3616..3628.diff:
+  - update abstractions/base, abstractions/apache2-common and dovecot profiles
+  - merge ask_the_questions() of aa-logprof and aa-mergeprof
+  - pass LDFLAGS when building parser, libapparmor perl bindings and pam_apparmor
+- adjust deleting the cache in profiles %post to the new cache location
+- silence errors when deleting the cache (boo#976914)
+
+-------------------------------------------------------------------
+Sat Jan 28 21:40:11 UTC 2017 - suse-beta@cboltz.de
+
+- split libapparmor into separate spec to get rid of build loop
+  involving mariadb, systemd, apparmor, libapr and mariadb again
+  (see the discussion in SR 448871 for details)
+
 -------------------------------------------------------------------
 Fri Jan 27 20:08:03 UTC 2017 - suse-beta@cboltz.de
 

apparmor.spec

@@ -82,6 +82,9 @@ Patch7:         apparmor-lessopen-profile.patch
 # drop local/ include from sshd profile to prevent failure in "make check" (taken from upstream bzr trunk r3615)
 Patch8:         sshd-profile-drop-local-include-r3615.diff
 
+# upstream changes (trunk r3616..3628)
+Patch9:         upstream-changes-r3616..3628.diff
+
 PreReq:         sed
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %if %{distro} == "suse"
@@ -188,33 +191,6 @@ The documentation is in the apparmor-admin_en package.
 
 %endif
 
-%package -n libapparmor1
-Summary:        Utility library for AppArmor
-License:        LGPL-2.1+
-Group:          Development/Libraries/C and C++
-%ifarch ppc64
-Obsoletes:      libapparmor-64bit < 2.9
-Provides:       libapparmor-64bit = %{version}
-%endif
-Provides:       libapparmor = %{version}
-Obsoletes:      libapparmor < 2.9
-
-%description -n libapparmor1
-This package provides the libapparmor library, which contains the
-change_hat(2) symbol, used for sub-process confinement by AppArmor, as
-well as functions to parse AppArmor log messages.
-
-%package -n libapparmor-devel
-Summary:        Development headers and libraries for libapparmor
-License:        LGPL-2.1+
-Group:          Development/Libraries/C and C++
-Requires:       libapparmor1 = %{version}
-Provides:       libapparmor:/usr/include/sys/apparmor.h
-
-%description -n libapparmor-devel
-These libraries are needed for developing software that makes use of the
-AppArmor API.
-
 %if %{with perl}
 
 %package -n perl-apparmor
@@ -415,6 +391,7 @@ SubDomain.
 %patch6
 %patch7 -p1
 %patch8
+%patch9
 
 # search for left-over multiline rules
 test -z "$(grep -r '^\s*\(unix\|dbus\)[^,]\(([^)]*)\)*[^,]*$' profiles/apparmor.d/)"
@@ -511,10 +488,8 @@ make check -C utils
 export PYTHON=/usr/bin/python3
 %endif
 
-# libapparmor
-%makeinstall -C libraries/libapparmor
-# create symlink for old change_hat(2) manpage
-( cd %{buildroot}/%{_mandir}/man2/ && ln -s aa_change_hat.2 change_hat.2 )
+# libapparmor: swig bindings only, libapparmor is packaged via libapparmor.spec
+%makeinstall -C libraries/libapparmor/swig
 
 # utilities
 %makeinstall -C utils
@@ -638,31 +613,6 @@ fi
 %files parser-lang -f apparmor-parser.lang -f aa-binutils.lang
 %defattr(-,root,root)
 
-%files -n libapparmor1
-%defattr(-,root,root)
-%{_libdir}/libapparmor.so.*
-
-%files -n libapparmor-devel
-%defattr(-,root,root)
-%{_libdir}/libapparmor.a
-%{_libdir}/libapparmor.so
-%{_libdir}/pkgconfig/libapparmor.pc
-%doc %{_mandir}/man2/aa_change_hat.2.gz
-%doc %{_mandir}/man2/aa_change_profile.2.gz
-%doc %{_mandir}/man2/aa_stack_profile.2.gz
-%doc %{_mandir}/man2/change_hat.2.gz
-%doc %{_mandir}/man2/aa_find_mountpoint.2.gz
-%doc %{_mandir}/man2/aa_getcon.2.gz
-%doc %{_mandir}/man2/aa_query_label.2.gz
-%doc %{_mandir}/man3/aa_features.3.gz
-%doc %{_mandir}/man3/aa_kernel_interface.3.gz
-%doc %{_mandir}/man3/aa_policy_cache.3.gz
-%doc %{_mandir}/man3/aa_splitcon.3.gz
-%dir %{_includedir}/aalogparse
-%{_includedir}/sys/apparmor.h
-%{_includedir}/sys/apparmor_private.h
-%{_includedir}/aalogparse/*
-
 %files abstractions
 %defattr(644,root,root,755)
 %dir %{_sysconfdir}/apparmor.d/
@@ -875,7 +825,7 @@ export DISABLE_RESTART_ON_UPDATE="yes"
 %post profiles
 %if %{distro} == "suse"
   # workaround for bnc#904620#c8 / lp#1392042
-  rm -f /var/cache/apparmor/*
+  rm -f /var/lib/apparmor/cache/* 2>/dev/null
   #restart_on_update boot.apparmor - but non-broken (bnc#853019)
   # (copy&paste from parser postun script)
   test -n "$FIRST_ARG" || FIRST_ARG=$1
@@ -887,10 +837,6 @@ export DISABLE_RESTART_ON_UPDATE="yes"
   fi
 %endif
 
-%post -n libapparmor1 -p /sbin/ldconfig
-
-%postun -n libapparmor1 -p /sbin/ldconfig
-
 %if %{with tomcat}
 
 %post -n tomcat_apparmor -p /sbin/ldconfig

libapparmor.changes

@@ -0,0 +1,11 @@
+-------------------------------------------------------------------
+Sat Jan 28 21:40:11 UTC 2017 - suse-beta@cboltz.de
+
+- split libapparmor into separate spec to get rid of build loop
+  involving mariadb, systemd, apparmor, libapr and mariadb again
+  (see the discussion in SR 448871 for details)
+- libapparmor.spec is based on the AppArmor 2.11 apparmor.spec, but
+  with minimum BuildRequires
+
+
+

libapparmor.spec

@@ -0,0 +1,122 @@
+#
+# spec file for package libapparmor
+#
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2011-2017 Christian Boltz
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
+#
+
+
+Name:           libapparmor
+Version:        2.11.0
+Release:        0
+Summary:        Utility library for AppArmor
+License:        LGPL-2.1+
+Group:          Development/Libraries/C and C++
+Url:            https://launchpad.net/apparmor
+Source0:        apparmor-%{version}.tar.gz
+Source1:        apparmor-%{version}.tar.gz.asc
+BuildRequires:  bison
+BuildRequires:  dejagnu
+BuildRequires:  flex
+BuildRequires:  pkg-config
+BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+
+%description
+This package provides the libapparmor library, which contains the
+change_hat(2) symbol, used for sub-process confinement by AppArmor, as
+well as functions to parse AppArmor log messages.
+
+
+%package -n libapparmor1
+Summary:        Utility library for AppArmor
+Group:          Development/Libraries/C and C++
+%ifarch ppc64
+Obsoletes:      libapparmor-64bit < 2.9
+Provides:       libapparmor-64bit = %{version}
+%endif
+Provides:       libapparmor = %{version}
+Obsoletes:      libapparmor < 2.9
+
+%description -n libapparmor1
+This package provides the libapparmor library, which contains the
+change_hat(2) symbol, used for sub-process confinement by AppArmor, as
+well as functions to parse AppArmor log messages.
+
+%package -n libapparmor-devel
+Summary:        Development headers and libraries for libapparmor
+Group:          Development/Libraries/C and C++
+Requires:       libapparmor1 = %{version}
+Provides:       libapparmor:/usr/include/sys/apparmor.h
+
+%description -n libapparmor-devel
+These libraries are needed for developing software that makes use of the
+AppArmor API.
+
+
+
+%prep
+%setup -q -n apparmor-%{version}
+
+%build
+(
+  cd ./libraries/libapparmor
+  %configure \
+  --without-perl \
+  --without-python \
+  --without-ruby \
+
+  make
+)
+
+%check
+make check -C libraries/libapparmor
+
+%install
+%makeinstall -C libraries/libapparmor
+# create symlink for old change_hat(2) manpage
+( cd %{buildroot}/%{_mandir}/man2/ && ln -s aa_change_hat.2 change_hat.2 )
+
+# remove *.la files
+rm -fv %{buildroot}%{_libdir}/libapparmor.la
+
+%post -n libapparmor1 -p /sbin/ldconfig
+
+%postun -n libapparmor1 -p /sbin/ldconfig
+
+%files -n libapparmor1
+%defattr(-,root,root)
+%{_libdir}/libapparmor.so.*
+
+%files -n libapparmor-devel
+%defattr(-,root,root)
+%{_libdir}/libapparmor.a
+%{_libdir}/libapparmor.so
+%{_libdir}/pkgconfig/libapparmor.pc
+%doc %{_mandir}/man2/aa_change_hat.2.gz
+%doc %{_mandir}/man2/aa_change_profile.2.gz
+%doc %{_mandir}/man2/aa_stack_profile.2.gz
+%doc %{_mandir}/man2/change_hat.2.gz
+%doc %{_mandir}/man2/aa_find_mountpoint.2.gz
+%doc %{_mandir}/man2/aa_getcon.2.gz
+%doc %{_mandir}/man2/aa_query_label.2.gz
+%doc %{_mandir}/man3/aa_features.3.gz
+%doc %{_mandir}/man3/aa_kernel_interface.3.gz
+%doc %{_mandir}/man3/aa_policy_cache.3.gz
+%doc %{_mandir}/man3/aa_splitcon.3.gz
+%dir %{_includedir}/aalogparse
+%{_includedir}/sys/apparmor.h
+%{_includedir}/sys/apparmor_private.h
+%{_includedir}/aalogparse/*
+
+%changelog