Accepting request 1176730 from security:apparmor

- fix bashism in %post profiles

- Update to AppArmor 4.0.1
  Too many changes to list them here. See
  https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0.1
  for the detailed upstream release notes
- add tools-fix-redefinition.diff: fix redefinition of _ in tools
- add test-aa-notify.diff: relax test-aa-notify to avoid a mismatch
  with argparse on Leap 15.5
- drop upstreamed patches:
  - apparmor-abstractions-openssl-allow-version-specific-en.patch
  - dovecot-unix_chkpwd.diff
  - smbd-unix_chkpwd.diff
- apparmor-lessopen-profile.patch: update lessopen profile to
  abi/4.0
- mark local/* as %ghost so that these dummy files don't get
  installed anymore (changed existing local/files will be kept,
  unchanged files will be deleted)
- switch to gitlab tarballs (without pregenerated libapparmor
  configure script and prebuilt techdoc.pdf)
  - run libapparmor autogen.sh (needs additional BuildRequires
    autoconf, autoconf-archive, automake and libtool)
  - no longer package techdoc.pdf - old documentation, not worth
    the texlive BuildRequires we would need to build it
- drop old (up to 2.12) cache location /var/lib/apparmor/ and the
  /etc/apparmor.d/cache symlink pointing to it
- drop apparmor-samba-include-permissions-for-shares.diff - no
  longer needed, update-apparmor-samba-profile in Tumbleweed works
  without a pre-existing local/usr.sbin.smbd-shares file
- drop ruby-2_0-mkmf-destdir.patch - this ancient patch doesn't
  change a single bit in the resulting build (anymore?)
- drop apparmor-lessopen-nfs-workaround.diff - no longer needed
  since Kernel 6.0 (see https://bugs.launchpad.net/bugs/1784499)
- drop ancient, unused update-trans.sh


Note: %post profiles contains a for loop calling "rm" (to delete unchanged /etc/apparmor.d/local/* files). Please double-check for possible side effects I didn't consider.

OBS-URL: https://build.opensuse.org/request/show/1176730
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=206

apparmor-3.1.7.tar.gz.asc

@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQJOBAABCgA4FiEEPs3Lpfs00lSWHMU/ZonmTj02ZLsFAmXBWL0aHGFwcGFybW9y
-QGxpc3RzLnVidW50dS5jb20ACgkQZonmTj02ZLuerQ//QCW7GNO++nu3fv4lH7qy
-Fz8FRIdbzsZx0jnWcj07xoRBiGhPijdGXzv7SH0PQL2rBhIZqXUZO/nEAzkJzwXd
-DUIFyospmNTcd+CXd+Xj6u/oq7lSWu+XxcepWWyw5I9mU+IdpGhIhW5RtgMl/khx
-sSfhPgO5mymnQ6CZBazTnxmKlIvyuqO+TAZTupK7ce1ld+dETDM8XzAnbwAYHocl
-tELqIoQyGCyicdFHDEJM5aDJGyY8pWVaOblLmlB0xBPuyL1reaUyVv1Ru097E/5n
-TRPAEtlFBlMFAQs19sY7lXbM4vTmuZP6nAn2A3sQMqTwBqaJ/DRi2ujrE++hYFmF
-ltQQ8UwUKf2PsUfCUp9kvVjyL3orGal3vhbSn+6ohpRVzzmF4I23gLiV8bS1dod9
-FUKcMpN+8qffowgCaTo6GwbNW4vD6nqQkfIwJaY+TjVN2TMwskfj/XUulwSiYicT
-wycP8rWdKCbZ/HXZlYEOVs/tS3pEDlU3fLIYzEJ9m857rYb1etldN8zR8ws5cuQy
-ZBbAqmpB8QRh4tvGbysqLLxQZYfUWDotKI/IStHLZ2MfWFiQNR6lCawpptC/ah4C
-T4OruJAByicSiDI1ini41UwD53sgEZ2SOXdaB5DjGfLDzzw36JfFpYNKLRSiJuW2
-6fXO9jCqPrweMYfr6ImGBF4=
-=C8pg
------END PGP SIGNATURE-----

apparmor-abstractions-openssl-allow-version-specific-en.patch

@@ -1,43 +0,0 @@
-From 00efed1f35e2bb3f01c1914a4968e48562612fd4 Mon Sep 17 00:00:00 2001
-From: Christian Boltz <apparmor@cboltz.de>
-Date: Wed, 7 Feb 2024 08:49:58 +0000
-Subject: [PATCH] Merge abstractions/openssl: allow version specific engdef &
- engines paths
-
-Some openssl distributions use version specific engdef and engines paths
-to support multi-version installations.
-
-Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1219571
-
-Signed-off-by: David Disseldorp <ddiss@suse.de>
-
-MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1147
-Approved-by: Christian Boltz <apparmor@cboltz.de>
-Merged-by: Christian Boltz <apparmor@cboltz.de>
-
-
-(cherry picked from commit 2577fbf0770784e531f9210856208a774ae92af0)
-
-2b8cf1be abstractions/openssl: allow version specific engdef & engines paths
----
- profiles/apparmor.d/abstractions/openssl | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/profiles/apparmor.d/abstractions/openssl b/profiles/apparmor.d/abstractions/openssl
-index 65939ae4..e2c5955c 100644
---- a/profiles/apparmor.d/abstractions/openssl
-+++ b/profiles/apparmor.d/abstractions/openssl
-@@ -12,8 +12,8 @@
- 
-   /etc/ssl/openssl.cnf r,
-   /etc/ssl/openssl-*.cnf r,
--  /etc/ssl/{engdef,engines}.d/ r,
--  /etc/ssl/{engdef,engines}.d/*.cnf r,
-+  /etc/ssl/{engdef*,engines*}.d/ r,
-+  /etc/ssl/{engdef*,engines*}.d/*.cnf r,
-   /usr/share/ssl/openssl.cnf r,
- 
-   # Include additions to the abstraction
--- 
-2.35.3
-

apparmor-lessopen-nfs-workaround.diff

@@ -1,17 +0,0 @@
-Index: profiles/apparmor.d/usr.bin.lessopen.sh
-===================================================================
---- profiles/apparmor.d/usr.bin.lessopen.sh.orig	2021-09-18 15:15:00.967216031 +0200
-+++ profiles/apparmor.d/usr.bin.lessopen.sh	2021-09-18 15:18:35.731065782 +0200
-@@ -13,6 +13,12 @@ abi <abi/3.0>,
-   capability dac_override,
-   capability dac_read_search,
- 
-+  # workaround for https://bugzilla.opensuse.org/show_bug.cgi?id=1119937 / http://bugzilla.opensuse.org/show_bug.cgi?id=1190552 / https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1784499
-+  network inet dgram,
-+  network inet6 dgram,
-+  network inet stream,
-+  network inet6 stream,
-+
-   /** rk,
-   /{usr/,}bin/bash mrix,
-   /{usr/,}bin/rpm mrix,

apparmor-lessopen-profile.patch

@@ -5,7 +5,7 @@ Index: profiles/apparmor.d/usr.bin.lessopen.sh
 @@ -0,0 +1,52 @@
 +# vim: ft=apparmor
 +
-+abi <abi/3.0>,
++abi <abi/4.0>,
 +
 +#include <tunables/global>
 +

apparmor-samba-include-permissions-for-shares.diff

@@ -1,26 +0,0 @@
-Samba generates a profile sniplet with permissions for all shares at
-start using the update-apparmor-samba-profile script.
-
-After the include rules were upstreamed in AppArmor 3.0.5 (MR 838), this
-patch was shortened. Now it "only" creates a dummy profile sniplet
-because update-apparmor-samba-profiles on Leap 15.3 and 15.4 aborts if
-the local/ sniplet doesn't exist.
-
-Tumbleweed does not rely on a pre-existing local/usr.sbin.smbd-shares
-anymore, therefore the patch gets skipped there in the spec.
-
-
-References: https://bugzilla.novell.com/show_bug.cgi?id=688040
-
-
-Signed-off-by: Christian Boltz <apparmor@cboltz.de>
-
-
-=== added file 'profiles/apparmor.d/local/usr.sbin.smbd-shares'
---- profiles/apparmor.d/local/usr.sbin.smbd-shares	1970-01-01 00:00:00 +0000
-+++ profiles/apparmor.d/local/usr.sbin.smbd-shares	2011-10-19 09:40:05 +0000
-@@ -0,0 +1,2 @@
-+# This file will be replaced by rules for all samba shares at samba start.
-+# Do not edit!
-
-

apparmor-v4.0.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b0d72cedc48e533d189ea415bde721ad597101c77fa398fdd2858ec4f58f7e26
+size 6984984

apparmor-v4.0.1.tar.gz.asc

@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJOBAABCgA4FiEEPs3Lpfs00lSWHMU/ZonmTj02ZLsFAmYYxToaHGFwcGFybW9y
+QGxpc3RzLnVidW50dS5jb20ACgkQZonmTj02ZLuLfBAA1lpdyEcNhLvw0Ff0rkt7
+Zoj/TgxYal/6FwuJ10eUnHrZhwGjhiX8zin2gbZaM7X8kscsSwelEqquSliu6lqp
+O63B8cGa6/eu0CnJ2s5aLteeEDWqt1SjD9CBufGtTjNpCvSKR59Hl4quj2zwGF8P
++XHAxpnXOzdaxZtbi8h18ehtOxz23A2QJvKJYavIpTNwVPIvwnS2ryKrXnF8NjH+
+s89xMc2ZE1JT+bjWA+DwcvjXPGmMBacijbfuKLrV77dYoML2dmPNvDJyuJpnvKQU
+5FhfUjUILHmRYZJF5eT9f2KVt6cYzVlIUP9yxjbkrGoaAHGYijcASNZSQeRWvGER
+S9T6TW7QO2TzetBT68xstHZBmcSEyKF+uQ9hoJjGAJJo6L1R2SQK8ILg3voyoF48
+Hi+Ud5i9w7vF+UFVphVt+904nmruVzJ57oLlDts+q0jEODM6+YwQODgBR4JeXF6T
+PJAXKpUBmYc12GzRSu6zlTDQIGJ0LewKtt/u1NLEDym3hWHs/2P2ISAO+/RLDv0U
+klc3MndlgH1Ua9Gu6crLg9YrDxIguCooT1GQKnpOiic80n8VgMMViT3FsnMVGtmK
+VQ9XVyotbZrni7ctWRywPpQIwZuKEs3J9A3wbCX/fwuKgTiB5XQvl7EHLypAbWUp
+6X11aT86R3L9vOckHjywgLY=
+=eji6
+-----END PGP SIGNATURE-----
+

apparmor.changes

@@ -1,3 +1,44 @@
+-------------------------------------------------------------------
+Fri May 24 12:21:18 UTC 2024 - Christian Boltz <suse-beta@cboltz.de>
+
+- fix bashism in %post profiles
+
+-------------------------------------------------------------------
+Sun May  5 19:53:21 UTC 2024 - Christian Boltz <suse-beta@cboltz.de>
+
+- Update to AppArmor 4.0.1
+  Too many changes to list them here. See
+  https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0.1
+  for the detailed upstream release notes
+- add tools-fix-redefinition.diff: fix redefinition of _ in tools
+- add test-aa-notify.diff: relax test-aa-notify to avoid a mismatch
+  with argparse on Leap 15.5
+- drop upstreamed patches:
+  - apparmor-abstractions-openssl-allow-version-specific-en.patch
+  - dovecot-unix_chkpwd.diff
+  - smbd-unix_chkpwd.diff
+- apparmor-lessopen-profile.patch: update lessopen profile to
+  abi/4.0
+- mark local/* as %ghost so that these dummy files don't get
+  installed anymore (changed existing local/files will be kept,
+  unchanged files will be deleted)
+- switch to gitlab tarballs (without pregenerated libapparmor
+  configure script and prebuilt techdoc.pdf)
+  - run libapparmor autogen.sh (needs additional BuildRequires
+    autoconf, autoconf-archive, automake and libtool)
+  - no longer package techdoc.pdf - old documentation, not worth
+    the texlive BuildRequires we would need to build it
+- drop old (up to 2.12) cache location /var/lib/apparmor/ and the
+  /etc/apparmor.d/cache symlink pointing to it
+- drop apparmor-samba-include-permissions-for-shares.diff - no
+  longer needed, update-apparmor-samba-profile in Tumbleweed works
+  without a pre-existing local/usr.sbin.smbd-shares file
+- drop ruby-2_0-mkmf-destdir.patch - this ancient patch doesn't
+  change a single bit in the resulting build (anymore?)
+- drop apparmor-lessopen-nfs-workaround.diff - no longer needed
+  since Kernel 6.0 (see https://bugs.launchpad.net/bugs/1784499)
+- drop ancient, unused update-trans.sh
+
 -------------------------------------------------------------------
 Fri Apr  5 15:16:04 UTC 2024 - Atri Bhattacharya <badshah400@gmail.com>
 

apparmor.spec

@@ -49,22 +49,23 @@
 %endif
 
 %define CATALINA_HOME /usr/share/tomcat6
-#define APPARMOR_DOC_DIR /usr/share/doc/packages/apparmor-docs/
-#define JNI_SO libJNIChangeHat.so
 %define JAR_FILE changeHatValve.jar
 
+%define tarversion v4.0.1
+%define pyeggversion 4.0.1
+
 Name:           apparmor
-Version:        3.1.7
+Version:        4.0.1
 Release:        0
 Summary:        AppArmor userlevel parser utility
 License:        GPL-2.0-or-later
 Group:          Productivity/Networking/Security
-URL:            https://launchpad.net/apparmor
-Source0:        https://launchpad.net/apparmor/3.1/%{version}/+download/apparmor-%{version}.tar.gz
-Source1:        https://launchpad.net/apparmor/3.1/%{version}/+download/apparmor-%{version}.tar.gz.asc
+URL:            https://gitlab.com/apparmor/apparmor/
+Source0:        https://gitlab.com/apparmor/apparmor/-/archive/%{tarversion}/apparmor-%{tarversion}.tar.gz
+# from https://gitlab.com/apparmor/apparmor/-/wikis/%{version}_Signatures
+Source1:        apparmor-%{tarversion}.tar.gz.asc
 Source2:        %{name}.keyring
 
-Source5:        update-trans.sh
 Source6:        baselibs.conf
 Source7:        apparmor-rpmlintrc
 
@@ -72,49 +73,37 @@ Source7:        apparmor-rpmlintrc
 # and set cache-loc in parser.conf and apparmor.service accordingly
 Patch1:         apparmor-enable-profile-cache.diff
 
-# include autogenerated profile sniplet for samba shares (bnc#688040) - include rule upstreamed in 3.0.5 (MR 838), now "just" creates the local/ sniplet
-# (technically only needed in Leap 15.x, the samba script in Tumbleweed also works if the local/ sniplet doesn't exist - but dropping the local/ sniplet will move existing autogenerated sniplets to *.rpmsave)
-Patch2:         apparmor-samba-include-permissions-for-shares.diff
-
-# Ruby 2.0 mkmf prefixes everything with $(DESTDIR), bnc#822277, kkaempf@suse.de
-Patch3:         ruby-2_0-mkmf-destdir.patch
-
 # bug 906858 - confine lessopen.sh (submitted upstream 2014-12-21)
 Patch4:         apparmor-lessopen-profile.patch
 
-# workaround for boo#1119937 / lp#1784499 - allow network access for reading files on NFS (proper solution needs kernel fix)
-# fixed in Kernel 6.0 and later (see comment in https://bugs.launchpad.net/bugs/1784499)
-Patch5:         apparmor-lessopen-nfs-workaround.diff
-
 # make <apache2.d> include in apache extra profile optional to make openQA happy (boo#1178527)
 Patch6:         apache-extra-profile-include-if-exists.diff
 
 # add path for precompiled cache (only done/applied if precompiled_cache is enabled)
 Patch7:         apparmor-enable-precompiled-cache.diff
 
-# allow dovecot-auth to execute unix_chkpwd, and add a profile for unix_chkpwd. This is needed for PAM 1.6 (boo#1219139)
-Patch9:         dovecot-unix_chkpwd.diff
+# fix redefinition of _ in tools (merged upstream 2024-04-22 https://gitlab.com/apparmor/apparmor/-/merge_requests/1218)
+Patch10:        tools-fix-redefinition.diff
 
-# abstractions/openssl: allow version specific engdef & engines paths (boo#1219571)
-Patch10:        apparmor-abstractions-openssl-allow-version-specific-en.patch
-
-# allow smbd to execute unix_chkpwd (boo#1220032)
-# https://gitlab.com/apparmor/apparmor/-/merge_requests/1159
-Patch11:        smbd-unix_chkpwd.diff
+# make test-aa-notify a bit more relaxed to allow different argparse wording on Leap 15.5 (merged upstream 2024-05-06 (4.0 and master) https://gitlab.com/apparmor/apparmor/-/merge_requests/1226)
+Patch11:        test-aa-notify.diff
 
 PreReq:         sed
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+BuildRequires:  autoconf
+BuildRequires:  autoconf-archive
+BuildRequires:  automake
 BuildRequires:  bison
 BuildRequires:  dejagnu
 BuildRequires:  flex
 BuildRequires:  gcc-c++
 BuildRequires:  iproute2
+BuildRequires:  libtool
 BuildRequires:  pcre-devel
 BuildRequires:  pkg-config
 BuildRequires:  python3
-BuildRequires:  perl(Locale::gettext)
-
 BuildRequires:  swig
+BuildRequires:  perl(Locale::gettext)
 
 %if %{with python3}
 BuildRequires:  python-rpm-macros
@@ -355,21 +344,17 @@ SubDomain.
 %lang_package -n apparmor-parser
 
 %prep
-%setup -q
+%setup -q -n %{name}-%{tarversion}
 
 # very loose profile that doesn't even match the apache2 binary path in openSUSE. Move it away instead of confusing people (boo#872984)
 mv -v profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 profiles/apparmor/profiles/extras/
 
 %patch -P 1
-%patch -P 2
-%patch -P 3 -p1
 %patch -P 4
-%patch -P 5
 %patch -P 6
 %if %{with precompiled_cache}
 %patch -P 7
 %endif
-%patch -P 9 -p1
 %patch -P 10 -p1
 %patch -P 11 -p1
 
@@ -379,6 +364,7 @@ export SUSE_ASNEEDED=0
 # libapparmor:
 (
   cd ./libraries/libapparmor
+  sh ./autogen.sh && \
   %configure \
 %if %{with perl}
   --with-perl \
@@ -429,6 +415,20 @@ make -C profiles
 parser/apparmor_parser --config-file $(pwd)/parser/parser.conf --write-cache -QT  -L $(pwd)/profiles/cache -I profiles/apparmor.d/ profiles/apparmor.d/
 %endif
 
+# create filelist of previously (up to 3.1.x) shipped local/* files
+# (adding them as %ghost prevents modified files from being moved to *.rpmsave)
+for oldlocal in \
+    bin.ping lsb_release nvidia_modprobe php-fpm samba-bgqd samba-dcerpcd samba-rpcd samba-rpcd-classic samba-rpcd-spoolss sbin.klogd sbin.syslogd sbin.syslog-ng \
+    usr.bin.lessopen.sh usr.lib.dovecot.anvil usr.lib.dovecot.auth usr.lib.dovecot.config usr.lib.dovecot.deliver usr.lib.dovecot.dict usr.lib.dovecot.director \
+    usr.lib.dovecot.doveadm-server usr.lib.dovecot.dovecot-auth usr.lib.dovecot.dovecot-lda usr.lib.dovecot.imap usr.lib.dovecot.imap-login usr.lib.dovecot.lmtp \
+    usr.lib.dovecot.log usr.lib.dovecot.managesieve usr.lib.dovecot.managesieve-login usr.lib.dovecot.pop3 usr.lib.dovecot.pop3-login usr.lib.dovecot.replicator \
+    usr.lib.dovecot.script-login usr.lib.dovecot.ssl-params usr.lib.dovecot.stats usr.sbin.apache2 usr.sbin.avahi-daemon usr.sbin.dnsmasq usr.sbin.dovecot \
+    usr.sbin.identd usr.sbin.mdnsd usr.sbin.nmbd usr.sbin.nscd usr.sbin.ntpd usr.sbin.smbd usr.sbin.smbd-shares usr.sbin.smbldap-useradd  usr.sbin.traceroute \
+    usr.sbin.winbindd zgrep
+do
+    echo "%ghost /etc/apparmor.d/local/$oldlocal"
+done > oldlocal.files
+
 %check
 make check -C libraries/libapparmor
 make check -C parser
@@ -479,10 +479,6 @@ test -f %{buildroot}/usr/share/apparmor/cache/*/bin.ping
 %endif
 
 %makeinstall SBINDIR="%{buildroot}%{sbindir}" APPARMOR_BIN_PREFIX="%{buildroot}%{apparmor_bin_prefix}" -C parser
-# default cache dir (up to 2.12) is /etc/apparmor.d/cache - not the best location.
-# Use /var/lib/apparmor/cache and make /etc/apparmor.d/cache a symlink to it
-mkdir -p %{buildroot}%{_localstatedir}/lib/apparmor/cache
-( cd %{buildroot}/%{_sysconfdir}/apparmor.d/ && ln -s ../../%{_localstatedir}/lib/apparmor/cache cache )
 # default cache dir (starting with 2.13) is /etc/apparmor.d/cache.d - also not the best location
 # Use /var/cache/apparmor and make /etc/apparmor.d/cache.d a symlink to it
 mkdir -p %{buildroot}%{_localstatedir}/cache/apparmor
@@ -535,7 +531,7 @@ rm -fv %{buildroot}%{_libdir}/libapparmor.la
 %doc parser/*.[1-9].html
 %doc utils/vim/apparmor.vim.5.html
 %doc common/apparmor.css
-%doc parser/techdoc.pdf
+#doc parser/techdoc.pdf
 # apparmor.vim is included in the vim package. Ideally it should be in a -devel package, but that's overmuch for one file
 %dir %{_datadir}/apparmor
 %{_datadir}/apparmor/apparmor.vim
@@ -548,6 +544,7 @@ rm -fv %{buildroot}%{_libdir}/libapparmor.la
 %{_bindir}/aa-enabled
 %{_bindir}/aa-exec
 %{_bindir}/aa-features-abi
+%{_sbindir}/aa-load
 %{_sbindir}/aa-status
 %{_sbindir}/apparmor_status
 %{_sbindir}/status
@@ -555,12 +552,10 @@ rm -fv %{buildroot}%{_libdir}/libapparmor.la
 %{_sbindir}/exec
 %dir %attr(-, root, root) %{_sysconfdir}/apparmor
 %dir %{_sysconfdir}/apparmor.d
-%{_sysconfdir}/apparmor.d/cache
 %{_sysconfdir}/apparmor.d/cache.d
 %{sbindir}/rcapparmor
 %{_unitdir}/apparmor.service
 %config(noreplace) %{_sysconfdir}/apparmor/parser.conf
-%{_localstatedir}/lib/apparmor
 %{_localstatedir}/cache/apparmor
 %dir %attr(-, root, root) %{apparmor_bin_prefix}
 %{apparmor_bin_prefix}/rc.apparmor.functions
@@ -590,6 +585,7 @@ rm -fv %{buildroot}%{_libdir}/libapparmor.la
 %dir %{_sysconfdir}/apparmor.d/
 %dir %{_sysconfdir}/apparmor.d/abi
 %config(noreplace) %{_sysconfdir}/apparmor.d/abi/3.0
+%config(noreplace) %{_sysconfdir}/apparmor.d/abi/4.0
 %config(noreplace) %{_sysconfdir}/apparmor.d/abi/kernel-5.4-outoftree-network
 %config(noreplace) %{_sysconfdir}/apparmor.d/abi/kernel-5.4-vanilla
 %dir %{_sysconfdir}/apparmor.d/abstractions
@@ -599,23 +595,117 @@ rm -fv %{buildroot}%{_libdir}/libapparmor.la
 %dir %{_sysconfdir}/apparmor.d/tunables
 %config(noreplace) %{_sysconfdir}/apparmor.d/tunables/*
 
-%files profiles
+%files profiles -f oldlocal.files
 %defattr(644,root,root,755)
 %dir %{_sysconfdir}/apparmor.d/apache2.d
-%config(noreplace) %{_sysconfdir}/apparmor.d/apache2.d/phpsysinfo
 %config(noreplace) %{_sysconfdir}/apparmor.d/bin.*
 %config(noreplace) %{_sysconfdir}/apparmor.d/sbin.*
 %config(noreplace) %{_sysconfdir}/apparmor.d/usr.*
+
+%config(noreplace) %{_sysconfdir}/apparmor.d/1password
+%config(noreplace) %{_sysconfdir}/apparmor.d/Discord
+%config(noreplace) %{_sysconfdir}/apparmor.d/MongoDB_Compass
+%config(noreplace) %{_sysconfdir}/apparmor.d/QtWebEngineProcess
+%config(noreplace) %{_sysconfdir}/apparmor.d/brave
+%config(noreplace) %{_sysconfdir}/apparmor.d/buildah
+%config(noreplace) %{_sysconfdir}/apparmor.d/busybox
+%config(noreplace) %{_sysconfdir}/apparmor.d/cam
+%config(noreplace) %{_sysconfdir}/apparmor.d/ch-checkns
+%config(noreplace) %{_sysconfdir}/apparmor.d/ch-run
+%config(noreplace) %{_sysconfdir}/apparmor.d/chrome
+%config(noreplace) %{_sysconfdir}/apparmor.d/code
+%config(noreplace) %{_sysconfdir}/apparmor.d/crun
+%config(noreplace) %{_sysconfdir}/apparmor.d/devhelp
+%config(noreplace) %{_sysconfdir}/apparmor.d/element-desktop
+%config(noreplace) %{_sysconfdir}/apparmor.d/epiphany
+%config(noreplace) %{_sysconfdir}/apparmor.d/evolution
+%config(noreplace) %{_sysconfdir}/apparmor.d/firefox
+%config(noreplace) %{_sysconfdir}/apparmor.d/flatpak
+%config(noreplace) %{_sysconfdir}/apparmor.d/foliate
+%config(noreplace) %{_sysconfdir}/apparmor.d/geary
+%config(noreplace) %{_sysconfdir}/apparmor.d/github-desktop
+%config(noreplace) %{_sysconfdir}/apparmor.d/goldendict
+%config(noreplace) %{_sysconfdir}/apparmor.d/ipa_verify
+%config(noreplace) %{_sysconfdir}/apparmor.d/kchmviewer
+%config(noreplace) %{_sysconfdir}/apparmor.d/keybase
+%config(noreplace) %{_sysconfdir}/apparmor.d/lc-compliance
+%config(noreplace) %{_sysconfdir}/apparmor.d/libcamerify
+%config(noreplace) %{_sysconfdir}/apparmor.d/linux-sandbox
+%config(noreplace) %{_sysconfdir}/apparmor.d/loupe
 %config(noreplace) %{_sysconfdir}/apparmor.d/lsb_release
+%config(noreplace) %{_sysconfdir}/apparmor.d/lxc-attach
+%config(noreplace) %{_sysconfdir}/apparmor.d/lxc-create
+%config(noreplace) %{_sysconfdir}/apparmor.d/lxc-destroy
+%config(noreplace) %{_sysconfdir}/apparmor.d/lxc-execute
+%config(noreplace) %{_sysconfdir}/apparmor.d/lxc-stop
+%config(noreplace) %{_sysconfdir}/apparmor.d/lxc-unshare
+%config(noreplace) %{_sysconfdir}/apparmor.d/lxc-usernsexec
+%config(noreplace) %{_sysconfdir}/apparmor.d/mmdebstrap
+%config(noreplace) %{_sysconfdir}/apparmor.d/msedge
+%config(noreplace) %{_sysconfdir}/apparmor.d/nautilus
+%config(noreplace) %{_sysconfdir}/apparmor.d/notepadqq
 %config(noreplace) %{_sysconfdir}/apparmor.d/nvidia_modprobe
+%config(noreplace) %{_sysconfdir}/apparmor.d/obsidian
+%config(noreplace) %{_sysconfdir}/apparmor.d/opam
+%config(noreplace) %{_sysconfdir}/apparmor.d/opera
+%config(noreplace) %{_sysconfdir}/apparmor.d/pageedit
+%config(noreplace) %{_sysconfdir}/apparmor.d/plasmashell
 %config(noreplace) %{_sysconfdir}/apparmor.d/php-fpm
+%config(noreplace) %{_sysconfdir}/apparmor.d/podman
+%config(noreplace) %{_sysconfdir}/apparmor.d/polypane
+%config(noreplace) %{_sysconfdir}/apparmor.d/privacybrowser
+%config(noreplace) %{_sysconfdir}/apparmor.d/qcam
+%config(noreplace) %{_sysconfdir}/apparmor.d/qmapshack
+%config(noreplace) %{_sysconfdir}/apparmor.d/qutebrowser
+%config(noreplace) %{_sysconfdir}/apparmor.d/rootlesskit
+%config(noreplace) %{_sysconfdir}/apparmor.d/rpm
+%config(noreplace) %{_sysconfdir}/apparmor.d/rssguard
+%config(noreplace) %{_sysconfdir}/apparmor.d/runc
 %config(noreplace) %{_sysconfdir}/apparmor.d/samba-bgqd
 %config(noreplace) %{_sysconfdir}/apparmor.d/samba-dcerpcd
 %config(noreplace) %{_sysconfdir}/apparmor.d/samba-rpcd
 %config(noreplace) %{_sysconfdir}/apparmor.d/samba-rpcd-*
+%config(noreplace) %{_sysconfdir}/apparmor.d/sbuild
+%config(noreplace) %{_sysconfdir}/apparmor.d/sbuild-abort
+%config(noreplace) %{_sysconfdir}/apparmor.d/sbuild-adduser
+%config(noreplace) %{_sysconfdir}/apparmor.d/sbuild-apt
+%config(noreplace) %{_sysconfdir}/apparmor.d/sbuild-checkpackages
+%config(noreplace) %{_sysconfdir}/apparmor.d/sbuild-clean
+%config(noreplace) %{_sysconfdir}/apparmor.d/sbuild-createchroot
+%config(noreplace) %{_sysconfdir}/apparmor.d/sbuild-destroychroot
+%config(noreplace) %{_sysconfdir}/apparmor.d/sbuild-distupgrade
+%config(noreplace) %{_sysconfdir}/apparmor.d/sbuild-hold
+%config(noreplace) %{_sysconfdir}/apparmor.d/sbuild-shell
+%config(noreplace) %{_sysconfdir}/apparmor.d/sbuild-unhold
+%config(noreplace) %{_sysconfdir}/apparmor.d/sbuild-update
+%config(noreplace) %{_sysconfdir}/apparmor.d/sbuild-upgrade
+%config(noreplace) %{_sysconfdir}/apparmor.d/scide
+%config(noreplace) %{_sysconfdir}/apparmor.d/signal-desktop
+%config(noreplace) %{_sysconfdir}/apparmor.d/slack
+%config(noreplace) %{_sysconfdir}/apparmor.d/slirp4netns
+%config(noreplace) %{_sysconfdir}/apparmor.d/steam
+%config(noreplace) %{_sysconfdir}/apparmor.d/stress-ng
+%config(noreplace) %{_sysconfdir}/apparmor.d/surfshark
+%config(noreplace) %{_sysconfdir}/apparmor.d/systemd-coredump
+%config(noreplace) %{_sysconfdir}/apparmor.d/thunderbird
+%config(noreplace) %{_sysconfdir}/apparmor.d/toybox
+%config(noreplace) %{_sysconfdir}/apparmor.d/transmission
+%config(noreplace) %{_sysconfdir}/apparmor.d/trinity
+%config(noreplace) %{_sysconfdir}/apparmor.d/tup
+%config(noreplace) %{_sysconfdir}/apparmor.d/tuxedo-control-center
 %config(noreplace) %{_sysconfdir}/apparmor.d/unix-chkpwd
+%config(noreplace) %{_sysconfdir}/apparmor.d/unprivileged_userns
+%config(noreplace) %{_sysconfdir}/apparmor.d/userbindmount
+%config(noreplace) %{_sysconfdir}/apparmor.d/uwsgi-core
+%config(noreplace) %{_sysconfdir}/apparmor.d/vdens
+%config(noreplace) %{_sysconfdir}/apparmor.d/virtiofsd
+%config(noreplace) %{_sysconfdir}/apparmor.d/vivaldi-bin
+%config(noreplace) %{_sysconfdir}/apparmor.d/vpnns
+%config(noreplace) %{_sysconfdir}/apparmor.d/wpcom
 %config(noreplace) %{_sysconfdir}/apparmor.d/zgrep
-%config(noreplace) %{_sysconfdir}/apparmor.d/local/*
+
+%config(noreplace) %{_sysconfdir}/apparmor.d/apache2.d/phpsysinfo
+%config(noreplace) %{_sysconfdir}/apparmor.d/local/README
 %dir /usr/share/apparmor/
 %if %{with precompiled_cache}
 /usr/share/apparmor/cache/
@@ -697,7 +787,7 @@ rm -fv %{buildroot}%{_libdir}/libapparmor.la
 
 %files -n python3-apparmor
 %defattr(-,root,root)
-%{python3_sitearch}/LibAppArmor-%{version}-py*.egg-info
+%{python3_sitearch}/LibAppArmor-%{pyeggversion}-py*.egg-info
 %dir %{python3_sitearch}/LibAppArmor
 %dir %{python3_sitearch}/LibAppArmor/__pycache__
 %{python3_sitearch}/LibAppArmor/_LibAppArmor.cpython-*.so
@@ -706,7 +796,7 @@ rm -fv %{buildroot}%{_libdir}/libapparmor.la
 %{python3_sitearch}/LibAppArmor/__init__.py
 %{python3_sitearch}/LibAppArmor/LibAppArmor.py
 %{python3_sitelib}/apparmor/
-%{python3_sitelib}/apparmor-%{version}-py*.egg-info
+%{python3_sitelib}/apparmor-%{pyeggversion}-py*.egg-info
 %endif
 
 %if %{with ruby}
@@ -758,24 +848,38 @@ rm -f /var/cache/apparmor/* 2>/dev/null
 #restart_on_update apparmor - but non-broken (bnc#853019)
 systemctl is-active -q apparmor && systemctl reload apparmor ||:
 
+%post profiles
+# delete old cache (location up to 2.12)
+rm -f /var/lib/apparmor/cache/* 2>/dev/null
+
+# cleanup old, unchanged local/* files
+for oldlocal in \
+    bin.ping lsb_release nvidia_modprobe php-fpm samba-bgqd samba-dcerpcd samba-rpcd samba-rpcd-classic samba-rpcd-spoolss sbin.klogd sbin.syslogd sbin.syslog-ng \
+    usr.bin.lessopen.sh usr.lib.dovecot.anvil usr.lib.dovecot.auth usr.lib.dovecot.config usr.lib.dovecot.deliver usr.lib.dovecot.dict usr.lib.dovecot.director \
+    usr.lib.dovecot.doveadm-server usr.lib.dovecot.dovecot-auth usr.lib.dovecot.dovecot-lda usr.lib.dovecot.imap usr.lib.dovecot.imap-login usr.lib.dovecot.lmtp \
+    usr.lib.dovecot.log usr.lib.dovecot.managesieve usr.lib.dovecot.managesieve-login usr.lib.dovecot.pop3 usr.lib.dovecot.pop3-login usr.lib.dovecot.replicator \
+    usr.lib.dovecot.script-login usr.lib.dovecot.ssl-params usr.lib.dovecot.stats usr.sbin.apache2 usr.sbin.avahi-daemon usr.sbin.dnsmasq usr.sbin.dovecot \
+    usr.sbin.identd usr.sbin.mdnsd usr.sbin.nmbd usr.sbin.nscd usr.sbin.ntpd usr.sbin.smbd usr.sbin.smbd-shares usr.sbin.smbldap-useradd  usr.sbin.traceroute \
+    usr.sbin.winbindd zgrep
+do
+    if [ -f "/etc/apparmor.d/local/$oldlocal" ] && [ "$(cat /etc/apparmor.d/local/$oldlocal)" = "# Site-specific additions and overrides for '$oldlocal'" ] ; then
+        rm "/etc/apparmor.d/local/$oldlocal" || :
+    fi
+done
+
 %posttrans profiles
 # workaround for bnc#904620#c8 / lp#1392042
-# old cache location up to 2.12
-rm -f /var/lib/apparmor/cache/* 2>/dev/null
-# cache location starting with 2.13
 rm -f /var/cache/apparmor/* 2>/dev/null
 #restart_on_update apparmor - but non-broken (bnc#853019)
 systemctl is-active -q apparmor && systemctl reload apparmor ||:
 
 %if %{with tomcat}
-
 %post -n tomcat_apparmor -p /sbin/ldconfig
 
 %postun -n tomcat_apparmor -p /sbin/ldconfig
 %endif
 
 %if %{with pam}
-
 %post -n pam_apparmor
 if [ $1 -eq 1 ]; then
         pam-config --add --apparmor || :

dovecot-unix_chkpwd.diff

@@ -1,57 +0,0 @@
-Index: apparmor-3.1.7/profiles/apparmor.d/unix-chkpwd
-===================================================================
---- /dev/null
-+++ apparmor-3.1.7/profiles/apparmor.d/unix-chkpwd
-@@ -0,0 +1,35 @@
-+# apparmor.d - Full set of apparmor profiles
-+# Copyright (C) 2019-2021 Mikhail Morfikov
-+# SPDX-License-Identifier: GPL-2.0-only
-+
-+# The apparmor.d project comes with several variables and abstractions
-+# that are not part of upstream AppArmor yet. Therefore this profile was
-+# adopted to use abstractions and variables that are available.
-+# Copyright (C) Christian Boltz 2024
-+
-+abi <abi/3.0>,
-+
-+include <tunables/global>
-+
-+profile unix-chkpwd /{,usr/}{,s}bin/unix_chkpwd {
-+  include <abstractions/base>
-+  include <abstractions/nameservice>
-+
-+  # To write records to the kernel auditing log.
-+  capability audit_write,
-+
-+  network netlink raw,
-+
-+  /{,usr/}{,s}bin/unix_chkpwd mr,
-+
-+  /etc/shadow r,
-+
-+  # systemd userdb, used in nspawn
-+  /run/host/userdb/*.user r,
-+  /run/host/userdb/*.user-privileged r,
-+
-+  # file_inherit
-+  owner /dev/tty[0-9]* rw,
-+
-+  include if exists <local/unix-chkpwd>
-+}
-Index: apparmor-3.1.7/profiles/apparmor.d/usr.lib.dovecot.auth
-===================================================================
---- apparmor-3.1.7.orig/profiles/apparmor.d/usr.lib.dovecot.auth
-+++ apparmor-3.1.7/profiles/apparmor.d/usr.lib.dovecot.auth
-@@ -52,8 +52,12 @@ profile dovecot-auth /usr/lib*/dovecot/a
-   @{run}/dovecot/stats-user rw,
-   @{run}/dovecot/anvil-auth-penalty rw,
- 
-+  owner /proc/@{pid}/loginuid r,
-+
-   /var/spool/postfix/private/auth rw,
- 
-+  /usr/sbin/unix_chkpwd Px,
-+
-   # Site-specific additions and overrides. See local/README for details.
-   include if exists <local/usr.lib.dovecot.auth>
- }

libapparmor.spec

@@ -17,18 +17,26 @@
 #
 
 
+%define tarversion v4.0.1
+
 Name:           libapparmor
-Version:        3.1.7
+Version:        4.0.1
 Release:        0
 Summary:        Utility library for AppArmor
 License:        LGPL-2.1-or-later
 Group:          Development/Libraries/C and C++
-URL:            https://launchpad.net/apparmor
-Source0:        https://launchpad.net/apparmor/3.1/%{version}/+download/apparmor-%{version}.tar.gz
-Source1:        https://launchpad.net/apparmor/3.1/%{version}/+download/apparmor-%{version}.tar.gz.asc
+URL:            https://gitlab.com/apparmor/apparmor/
+Source0:        https://gitlab.com/apparmor/apparmor/-/archive/%{tarversion}/apparmor-%{tarversion}.tar.gz
+# from https://gitlab.com/apparmor/apparmor/-/wikis/%{version}_Signatures
+Source1:        apparmor-%{tarversion}.tar.gz.asc
+Source2:        apparmor.keyring
+BuildRequires:  autoconf
+BuildRequires:  autoconf-archive
+BuildRequires:  automake
 BuildRequires:  bison
 BuildRequires:  dejagnu
 BuildRequires:  flex
+BuildRequires:  libtool
 BuildRequires:  pkg-config
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
@@ -63,11 +71,12 @@ These libraries are needed for developing software that makes use of the
 AppArmor API.
 
 %prep
-%setup -q -n apparmor-%{version}
+%setup -q -n apparmor-%{tarversion}
 
 %build
 (
   cd ./libraries/libapparmor
+  sh ./autogen.sh &&
   %configure \
   --without-perl \
   --without-python \

ruby-2_0-mkmf-destdir.patch

@@ -1,20 +0,0 @@
-Index: libraries/libapparmor/swig/ruby/extconf.rb
-===================================================================
---- a/libraries/libapparmor/swig/ruby/extconf.rb.orig	2022-02-10 17:54:05.008544807 +0100
-+++ b/libraries/libapparmor/swig/ruby/extconf.rb	2022-02-10 17:54:21.792506325 +0100
-@@ -20,7 +20,14 @@ if find_library('apparmor', 'parse_recor
-   # hack 2: strip all rpath references
-   open('Makefile.ruby', 'w') do |out|
-     IO.foreach('Makefile') do |line|
--      out.puts line.gsub(/-Wl,-R'[^']*'/, '')
-+      l = line.gsub(/-Wl,-R'[^']*'/, '')
-+      # oldincludedir = $(DESTDIR)/usr/include
-+      # -> oldincludedir = /usr/include
-+      l = l.gsub(/(oldincludedir)\s+=\s+\$\(DESTDIR\)(.*)/) {  |m| "#{$1} = #{$2}" }
-+      # hdrdir = $(includedir)/$(RUBY_VERSION_NAME)
-+      #  -> hdrdir = $(oldincludedir)/$(RUBY_VERSION_NAME)
-+      l = l.gsub(/(hdrdir)\s+=\s+\$\(includedir\)(.*)/) {  |m| "#{$1} = $(oldincludedir)#{$2}" }
-+      out.puts l
-     end
-   end
- else

smbd-unix_chkpwd.diff

@@ -1,31 +0,0 @@
-Index: apparmor-3.1.7/profiles/apparmor.d/usr.sbin.smbd
-===================================================================
---- apparmor-3.1.7.orig/profiles/apparmor.d/usr.sbin.smbd
-+++ apparmor-3.1.7/profiles/apparmor.d/usr.sbin.smbd
-@@ -33,6 +33,9 @@ profile smbd /usr/{bin,sbin}/smbd {
-   /etc/samba/* rwk,
-   @{PROC}/@{pid}/mounts r,
-   @{PROC}/sys/kernel/core_pattern r,
-+  /usr/etc/environment r,
-+  /usr/etc/security/limits.d/ r,
-+  /usr/etc/security/limits.d/*.conf  r,
-   /usr/lib*/samba/vfs/*.so mr,
-   /usr/lib*/samba/auth/*.so mr,
-   /usr/lib*/samba/charset/*.so mr,
-@@ -47,6 +50,7 @@ profile smbd /usr/{bin,sbin}/smbd {
-   /usr/share/samba/** r,
-   /usr/{bin,sbin}/smbd mr,
-   /usr/{bin,sbin}/smbldap-useradd Px,
-+  /usr/sbin/unix_chkpwd Px,
-   /var/cache/samba/** rwk,
-   /var/{cache,lib}/samba/printing/printers.tdb mrw,
-   /var/lib/nscd/netgroup r,
-@@ -59,6 +63,8 @@ profile smbd /usr/{bin,sbin}/smbd {
-   @{run}/samba/ncalrpc/** rw,
-   /var/spool/samba/** rw,
- 
-+  owner /proc/@{pid}/loginuid r,
-+
-   @{HOMEDIRS}/** lrwk,
-   /var/lib/samba/usershares/{,**} lrwk,
- 

test-aa-notify.diff

@@ -0,0 +1,30 @@
+https://gitlab.com/apparmor/apparmor/-/merge_requests/1226
+
+From 715cb711ba26d3ccff490f35f80721cf3678abb6 Mon Sep 17 00:00:00 2001
+From: Christian Boltz <apparmor@cboltz.de>
+Date: Sun, 5 May 2024 22:05:43 +0200
+Subject: [PATCH] Don't rely on argparse saying "options:"
+
+Some argparse versions (for example on openSUSE Leap 15.5) instead say
+"optional arguments:"
+
+Don't rely on the "options:" line to allow both wordings.
+---
+ utils/test/test-aa-notify.py | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/utils/test/test-aa-notify.py b/utils/test/test-aa-notify.py
+index 4f3e540e9..abffd0631 100644
+--- a/utils/test/test-aa-notify.py
++++ b/utils/test/test-aa-notify.py
+@@ -194,7 +194,6 @@ Display AppArmor notifications or messages for DENIED entries.
+ 
+         expected_output_2 = \
+ '''
+-options:
+   -h, --help            show this help message and exit
+   -p, --poll            poll AppArmor logs and display notifications
+   --display DISPLAY     set the DISPLAY environment variable (might be needed if
+-- 
+GitLab
+

tools-fix-redefinition.diff

@@ -0,0 +1,39 @@
+From 553acd22324ed013d9f468aa8585518cf68b34f7 Mon Sep 17 00:00:00 2001
+From: Christian Boltz <apparmor@cboltz.de>
+Date: Sun, 21 Apr 2024 17:32:24 +0200
+Subject: [PATCH] Fix redefinition of _
+
+... which unsurprisingly broke using the translations.
+
+This was a regression introduced in 4f51c93f9dc2516a32bfccc79b4dcf4985e61f47
+
+Fixes: https://gitlab.com/apparmor/apparmor/-/issues/387
+---
+ utils/apparmor/tools.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/utils/apparmor/tools.py b/utils/apparmor/tools.py
+index e8a99bbe6..f7d4a0d36 100644
+--- a/utils/apparmor/tools.py
++++ b/utils/apparmor/tools.py
+@@ -90,7 +90,7 @@ class aa_tools:
+     def get_next_for_modechange(self):
+         """common code for mode/flags changes"""
+ 
+-        for (program, _, prof_filename) in self.get_next_to_profile():
++        for (program, ignored, prof_filename) in self.get_next_to_profile():
+             output_name = prof_filename if program is None else program
+ 
+             if not os.path.isfile(prof_filename) or is_skippable_file(prof_filename):
+@@ -162,7 +162,7 @@ class aa_tools:
+     def cmd_autodep(self):
+         apparmor.loadincludes()
+ 
+-        for (program, _, prof_filename) in self.get_next_to_profile():
++        for (program, ignored, prof_filename) in self.get_next_to_profile():
+             if not program:
+                 aaui.UI_Info(_('Please pass an application to generate a profile for, not a profile itself - skipping %s.') % prof_filename)
+                 continue
+-- 
+GitLab
+

update-trans.sh

@@ -1,71 +0,0 @@
-
-CFILES="
-deprecated/management/applets/apparmorapplet-gnome/src/apparmor-applet.c
-deprecated/management/applets/apparmorapplet-gnome/src/preferences_dialog.c
-deprecated/management/applets/apparmorapplet-gnome/src/reject_list.c
-parser/parser_alias.c
-parser/parser_include.c
-parser/parser_interface.c
-parser/parser_lex.l
-parser/parser_main.c
-parser/parser_merge.c
-parser/parser_misc.c
-parser/parser_policy.c
-parser/parser_regex.c
-parser/parser_symtab.c
-parser/parser_variable.c
-parser/parser_yacc.y
-"
-
-CPPFILES="
-deprecated/management/profile-editor/src/AboutDialog.cpp
-deprecated/management/profile-editor/src/AboutDialog.h
-deprecated/management/profile-editor/src/Configuration.cpp
-deprecated/management/profile-editor/src/Preferences.cpp
-deprecated/management/profile-editor/src/Preferences.h
-deprecated/management/profile-editor/src/profileeditor.cpp
-deprecated/management/profile-editor/src/SearchAllProfiles.cpp
-deprecated/management/profile-editor/src/SearchAllProfiles.h
-parser/libapparmor_re/regexp.yy
-"
-
-PERLFILES="
-utils/aa-repo.pl
-utils/audit
-utils/autodep
-utils/complain
-utils/enforce
-utils/genprof
-utils/logprof
-utils/Reports.pm
-utils/SubDomain.pm
-utils/unconfined
-"
-
-ARGS="--keyword=_ --keyword=N_ -n --force-po"
-
-xgettext $ARGS --output=apparmor-C.pot -L C $CFILES
-xgettext $ARGS --output=apparmor-CPP.pot -L C++ $CPPFILES
-xgettext $ARGS --output=apparmor-PERL.pot -L Perl $PERLFILES
-msgcat apparmor-*.pot > apparmor.pot
-
-sed  \
-  -e 's/Project-Id-Version: PACKAGE VERSION/Project-Id-Version: apparmor/g' \
-  -e 's/PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE/PO-Revision-Date: 2009-02-05 13:38/' \
-  -e 's/Report-Msgid-Bugs-To: /Report-Msgid-Bugs-To: apparmor-general@forge.novell.com/' \
-  -e 's/Last-Translator: FULL NAME <EMAIL@ADDRESS>/Last-Translator: Novell Language <language@novell.com>/' \
-  -e 's/Language-Team: LANGUAGE <LL@li.org>/Language-Team: Novell Language <language@novell.com>/' \
-  -e 's/Content-Type: text\/plain; charset=CHARSET/Content-Type: text\/plain; charset=UTF-8/' \
-  < apparmor.pot > apparmor.pot.new
-  mv apparmor.pot.new apparmor.pot
-
-for file in $(find . -name '*.po'); do
-	f=$(basename $file)
-	msgmerge -U apparmor.pot $file
-	if [ -e "po/$f" ]; then
-		msgcat $file po/$f > $f
-		mv $f po/$f
-	else
-		cp $file po/$f
-	fi
-done