Accepting request 865955 from home:cboltz

- add apache-extra-profile-include-if-exists.diff: make <apache2.d> include in apache extra profile optional to avoid problems with empty profile directory (boo#1178527) OBS-URL: https://build.opensuse.org/request/show/865955 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=287
2021-01-22 11:50:03 +00:00 · 2021-01-22 11:50:03 +00:00 · cbfc4c18e3
commit cbfc4c18e3
parent 052f1da54b
4 changed files with 38 additions and 3 deletions
--- a/apache-extra-profile-include-if-exists.diff
+++ b/apache-extra-profile-include-if-exists.diff
@ -0,0 +1,23 @@
+Make the <apache2.d> include optional to avoid problems with empty profile dir.
+Probably doesn't happen on real systems, but openQA uses an empty profile dir
+for some tests.
+
+Note: the patch gets applied before moving the profile to the extra directory
+because quilt doesn't run the 'mv' command and therefore fails to patch the
+profile at its new location (extra profiles directory)
+
+Fixes https://bugzilla.opensuse.org/show_bug.cgi?id=1178527
+
+Index: profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2
+===================================================================
+--- profiles/apparmor.d//usr.lib.apache2.mpm-prefork.apache2.orig	2020-12-02 12:01:37.000000000 +0100
+++ profiles/apparmor.d//usr.lib.apache2.mpm-prefork.apache2	2021-01-22 12:19:45.964708670 +0100
+@@ -75,7 +75,7 @@ include <tunables/global>
+   # This directory contains web application
+   # package-specific apparmor files.
+ 
+-  include <apache2.d>
+  include if exists <apache2.d>
+ 
+   # Site-specific additions and overrides. See local/README for details.
+   include if exists <local/usr.lib.apache2.mpm-prefork.apache2>
--- a/apparmor.changes
+++ b/apparmor.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Jan 22 11:23:59 UTC 2021 - Christian Boltz <suse-beta@cboltz.de>
+
+- add apache-extra-profile-include-if-exists.diff: make <apache2.d>
+  include in apache extra profile optional to avoid problems with empty
+  profile directory (boo#1178527)
+
 -------------------------------------------------------------------
 Wed Dec  2 19:29:34 UTC 2020 - Christian Boltz <suse-beta@cboltz.de>

--- a/apparmor.spec
+++ b/apparmor.spec
@ -1,8 +1,8 @@
 #
 # spec file for package apparmor
 #
-# Copyright (c) 2020 SUSE LLC
-# Copyright (c) 2011-2020 Christian Boltz
+# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2011-2021 Christian Boltz
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -64,6 +64,9 @@ Patch4:         apparmor-lessopen-profile.patch
 # workaround for boo#1119937 / lp#1784499 - allow network access for reading files on NFS (proper solution needs kernel fix)
 Patch5:         apparmor-lessopen-nfs-workaround.diff

+# make <apache2.d> include in apache extra profile optional to make openQA happy (boo#1178527)
+Patch6:         apache-extra-profile-include-if-exists.diff
+
 PreReq:         sed
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define apparmor_bin_prefix /lib/apparmor
@ -318,6 +321,8 @@ SubDomain.
 %setup -q

 # very loose profile that doesn't even match the apache2 binary path in openSUSE. Move it away instead of confusing people (boo#872984)
+# (patch to change <apache.d> include to "include if exists" needs to be applied before moving the file to avoid breaking quilt)
+%patch6
 mv -v profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 profiles/apparmor/profiles/extras/

 %patch1
--- a/libapparmor.spec
+++ b/libapparmor.spec
@ -1,7 +1,7 @@
 #
 # spec file for package libapparmor
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 # Copyright (c) 2011-2020 Christian Boltz
 #
 # All modifications and additions to the file contributed by third parties