From b950fbc28a9daf5acb80f9a73c92ceec59276d784c01aec64a377d3c3e74a2dc Mon Sep 17 00:00:00 2001
From: Christian Boltz <suse-beta@cboltz.de>
Date: Fri, 13 Sep 2013 11:53:29 +0000
Subject: [PATCH] Accepting request 198933 from home:cboltz

- add apparmor-abstractions-r2089-r2090.diff (from upstream 2.8 branch)
  - p11-kit needs access to /usr/share/p11-kit/modules
  - allow reading /etc/machine-id in the dbus-session abstraction
- add apparmor-init.py-gsoc.diff - make apparmor/__init__.py ready for
  the new tools developed in GSoC

OBS-URL: https://build.opensuse.org/request/show/198933
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=44
---
 apparmor-abstractions-r2089-r2090.diff | 59 ++++++++++++++++++++++++++
 apparmor-init.py-gsoc.diff             | 39 +++++++++++++++++
 apparmor.changes                       |  9 ++++
 apparmor.spec                          |  8 ++++
 4 files changed, 115 insertions(+)
 create mode 100644 apparmor-abstractions-r2089-r2090.diff
 create mode 100644 apparmor-init.py-gsoc.diff

diff --git a/apparmor-abstractions-r2089-r2090.diff b/apparmor-abstractions-r2089-r2090.diff
new file mode 100644
index 0000000..583386f
--- /dev/null
+++ b/apparmor-abstractions-r2089-r2090.diff
@@ -0,0 +1,59 @@
+from 2.8 branch:
+
+------------------------------------------------------------
+revno: 2090
+committer: Jamie Strandboge <jamie@canonical.com>
+branch nick: 2.8
+timestamp: Thu 2013-09-12 09:25:56 -0500
+message:
+  p11-kit needs access to /usr/share/p11-kit/modules
+  
+  Acked-By: Jamie Strandboge <jamie@canonical.com>
+  Acked-by: Steve Beattie <steve@nxnw.org> (for trunk and 2.8)
+modified:
+  profiles/apparmor.d/abstractions/p11-kit
+------------------------------------------------------------
+revno: 2089
+committer: Steve Beattie <sbeattie@ubuntu.com>
+branch nick: 2.8
+timestamp: Wed 2013-09-11 16:05:13 -0700
+message:
+  profiles - Allow reading /etc/machine-id in the dbus-session abstraction.
+  Merge from trunk commit rev 2181
+  From: intrigeri <intrigeri@boum.org>
+  
+  D-Bus now uses /etc/machine-id in some cases:
+  https://bugs.freedesktop.org/show_bug.cgi?id=35228
+  
+  Acked-by: Steve Beattie <steve@nxnw.org>
+modified:
+  profiles/apparmor.d/abstractions/dbus-session
+------------------------------------------------------------
+
+
+=== modified file 'profiles/apparmor.d/abstractions/dbus-session'
+--- profiles/apparmor.d/abstractions/dbus-session	2011-05-09 16:09:24 +0000
++++ profiles/apparmor.d/abstractions/dbus-session	2013-09-11 23:05:13 +0000
+@@ -10,4 +10,7 @@
+ # ------------------------------------------------------------------
+ 
+   /usr/bin/dbus-launch ix,
++
++  # unique per-machine identifier
++  /etc/machine-id r,
+   /var/lib/dbus/machine-id r,
+
+=== modified file 'profiles/apparmor.d/abstractions/p11-kit'
+--- profiles/apparmor.d/abstractions/p11-kit	2012-01-18 22:22:08 +0000
++++ profiles/apparmor.d/abstractions/p11-kit	2013-09-12 14:25:56 +0000
+@@ -16,6 +16,9 @@
+   /usr/lib{,32,64}/pkcs11/*.so mr,
+   /usr/lib/@{multiarch}/pkcs11/*.so mr,
+ 
++  /usr/share/p11-kit/modules/  r,
++  /usr/share/p11-kit/modules/* r,
++
+   # p11-kit also supports reading user configuration from ~/.pkcs11 depending
+   # on how /etc/pkcs11/pkcs11.conf is configured. This should generally not be
+   # included in this abstraction.
+
diff --git a/apparmor-init.py-gsoc.diff b/apparmor-init.py-gsoc.diff
new file mode 100644
index 0000000..b1144e3
--- /dev/null
+++ b/apparmor-init.py-gsoc.diff
@@ -0,0 +1,39 @@
+to make testing Kshitij's new tools easier, merge his code in
+utils/apparmor/__init__.py - that's the only filename conflict (at 
+least in the 2.8 branch). If we do this, we can ship his new tools 
+in a testing package that can be installed on top of the 2.8.x packages 
+without problems
+
+This patch slightly differs from Kshitij's code to avoid problems with
+explicit LANG=C
+
+=== modified file 'utils/apparmor/__init__.py'
+--- utils/apparmor/__init__.py	2012-05-08 05:37:48 +0000
++++ utils/apparmor/__init__.py	2013-09-12 15:10:50 +0000
+@@ -1,9 +1,25 @@
+ # ------------------------------------------------------------------
+ #
+ #    Copyright (C) 2011-2012 Canonical Ltd.
++#    Copyright (C) 2013 Kshitij Gupta
+ #
+ #    This program is free software; you can redistribute it and/or
+ #    modify it under the terms of version 2 of the GNU General Public
+ #    License published by the Free Software Foundation.
+ #
+ # ------------------------------------------------------------------
++
++import gettext
++import locale
++
++def init_localisation():
++    locale.setlocale(locale.LC_ALL, '')
++    #cur_locale = locale.getlocale()
++    try:
++        filename = '/usr/share/locale/%s/LC_MESSAGES/apparmor-utils.mo' % locale.getlocale()[0][0:2]
++        trans = gettext.GNUTranslations(open( filename, 'rb'))
++    except: # IOError:
++        trans = gettext.NullTranslations()
++    trans.install()
++    
++init_localisation()
+
diff --git a/apparmor.changes b/apparmor.changes
index 7ea2446..1633bd7 100644
--- a/apparmor.changes
+++ b/apparmor.changes
@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Thu Sep 12 20:40:38 UTC 2013 - opensuse@cboltz.de
+
+- add apparmor-abstractions-r2089-r2090.diff (from upstream 2.8 branch)
+  - p11-kit needs access to /usr/share/p11-kit/modules
+  - allow reading /etc/machine-id in the dbus-session abstraction
+- add apparmor-init.py-gsoc.diff - make apparmor/__init__.py ready for
+  the new tools developed in GSoC
+
 -------------------------------------------------------------------
 Fri Aug 23 20:09:59 UTC 2013 - opensuse@cboltz.de
 
diff --git a/apparmor.spec b/apparmor.spec
index 38c870d..522df9b 100644
--- a/apparmor.spec
+++ b/apparmor.spec
@@ -88,9 +88,15 @@ Patch2:         apparmor-samba-include-permissions-for-shares.diff
 # use grep instead of ~~ (smartmatch) because ~~ was marked as experimental again in perl 5.18 (upstream trunk r2158, 2.8 r2088)
 Patch3:         apparmor-no-perl-smartmatch-r2088.diff
 
+# abstractions/p11-kit and abstractions/dbus-session update (upstream trunk r2181 and r2182 , 2.8 r2089 and r2090)
+Patch4:         apparmor-abstractions-r2089-r2090.diff
+
 # split a long string in AppArmor.pm. Not accepted upstream because they want a solution without hardcoded width.
 Patch5:         apparmor-utils-string-split
 
+# make apparmor/__init__.py ready for the new tools developed in GSoC. Submitted upstream 2013-09-12
+Patch6:         apparmor-init.py-gsoc.diff
+
 # Add support for eDirectory calls in abstractions/nameservice. Not accepted upstream (yet) because of open questions
 Patch12:        apparmor-2.5.1-edirectory-profile
 
@@ -458,7 +464,9 @@ SubDomain.
 %patch1 -p1
 %patch2 -p0
 %patch3
+%patch4
 %patch5 -p1
+%patch6
 %patch12 -p1
 
 # only create Immunix::SubDomain perl module for openSUSE <= 12.1