From 331fc679d0981e7939d3be4ca0d4213f84c8f712694a4020a73b083d90aa08c9 Mon Sep 17 00:00:00 2001 From: Johannes Meixner Date: Tue, 16 Mar 2021 11:26:35 +0000 Subject: [PATCH 1/6] Accepting request 877992 from home:dimstar:Factory - Do not require apparmor-abstractions: with the mini package being used only during build (and never on end user workstations), apparmor is not going to be anabled (build is in chroot/vm). Keeping the dep-chain of the -mini flavor as small as possible. - Add extra safeguard Requires: this-is-only-for-build-envs: this symbol is not provided by any package outside of OBS, but OBS knows to ignore this dependency. This is just an additional safe-guard to stop users from installing this package, besides it not being part of the published distro repositories. OBS-URL: https://build.opensuse.org/request/show/877992 OBS-URL: https://build.opensuse.org/package/show/Printing/ghostscript?expand=0&rev=135 --- ghostscript-mini.changes | 13 +++++++++++++ ghostscript-mini.spec | 4 +++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/ghostscript-mini.changes b/ghostscript-mini.changes index caa6e16..79c34d3 100644 --- a/ghostscript-mini.changes +++ b/ghostscript-mini.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Tue Mar 9 12:34:30 UTC 2021 - Dominique Leuenberger + +- Do not require apparmor-abstractions: with the mini package being + used only during build (and never on end user workstations), + apparmor is not going to be anabled (build is in chroot/vm). + Keeping the dep-chain of the -mini flavor as small as possible. +- Add extra safeguard Requires: this-is-only-for-build-envs: this + symbol is not provided by any package outside of OBS, but OBS + knows to ignore this dependency. This is just an additional + safe-guard to stop users from installing this package, besides it + not being part of the published distro repositories. + ------------------------------------------------------------------- Fri Mar 5 12:35:16 UTC 2021 - Dominique Leuenberger diff --git a/ghostscript-mini.spec b/ghostscript-mini.spec index a45800a..e94769c 100644 --- a/ghostscript-mini.spec +++ b/ghostscript-mini.spec @@ -29,7 +29,6 @@ BuildRequires: zlib-devel %if 0%{?suse_version} >= 1500 BuildRequires: apparmor-abstractions BuildRequires: apparmor-rpm-macros -Requires: apparmor-abstractions %endif Requires(post): update-alternatives Requires(preun): update-alternatives @@ -103,6 +102,9 @@ Patch101: ijs_exec_server_dont_use_sh.patch # because ghostscript-mini (and ghostscript-mini-devel) are not published # in openSUSE products, cf. https://build.opensuse.org/request/show/877083 Provides: ghostscript_any = %{version} +# the "this-is-only-for-build-envs" dependency is an additional safegaurd to ensure this +# package never finds its way onto a productive workstation +Requires: this-is-only-for-build-envs Conflicts: ghostscript Conflicts: ghostscript-x11 Conflicts: ghostscript-devel From 8c4dc16072cd946135856fcc36c8ac257561ef1f0cc49d12b3e9390dbf70a303 Mon Sep 17 00:00:00 2001 From: Johannes Meixner Date: Tue, 16 Mar 2021 11:50:30 +0000 Subject: [PATCH 2/6] Disabled 'Requires: this-is-only-for-build-envs' because this lets build of other packages fail in OBS projects where that stuff is not provided cf. https://build.opensuse.org/request/show/877992 OBS-URL: https://build.opensuse.org/package/show/Printing/ghostscript?expand=0&rev=136 --- ghostscript-mini.spec | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ghostscript-mini.spec b/ghostscript-mini.spec index e94769c..010b2e8 100644 --- a/ghostscript-mini.spec +++ b/ghostscript-mini.spec @@ -104,7 +104,9 @@ Patch101: ijs_exec_server_dont_use_sh.patch Provides: ghostscript_any = %{version} # the "this-is-only-for-build-envs" dependency is an additional safegaurd to ensure this # package never finds its way onto a productive workstation -Requires: this-is-only-for-build-envs +# Disabled because this lets build of other packages fail in OBS projects +# where that stuff is not provided +#Requires: this-is-only-for-build-envs Conflicts: ghostscript Conflicts: ghostscript-x11 Conflicts: ghostscript-devel From 44a55a5b9bc3f40d555feb934e5f846bc71fb6cdf36ca8f4bd76f9475299f5dd Mon Sep 17 00:00:00 2001 From: Johannes Meixner Date: Tue, 16 Mar 2021 12:10:05 +0000 Subject: [PATCH 3/6] OBS-URL: https://build.opensuse.org/package/show/Printing/ghostscript?expand=0&rev=137 --- ghostscript-mini.spec | 5 ----- 1 file changed, 5 deletions(-) diff --git a/ghostscript-mini.spec b/ghostscript-mini.spec index 010b2e8..fdaaeea 100644 --- a/ghostscript-mini.spec +++ b/ghostscript-mini.spec @@ -102,11 +102,6 @@ Patch101: ijs_exec_server_dont_use_sh.patch # because ghostscript-mini (and ghostscript-mini-devel) are not published # in openSUSE products, cf. https://build.opensuse.org/request/show/877083 Provides: ghostscript_any = %{version} -# the "this-is-only-for-build-envs" dependency is an additional safegaurd to ensure this -# package never finds its way onto a productive workstation -# Disabled because this lets build of other packages fail in OBS projects -# where that stuff is not provided -#Requires: this-is-only-for-build-envs Conflicts: ghostscript Conflicts: ghostscript-x11 Conflicts: ghostscript-devel From 008b8cb457aaaf6b8c2e2ae5273df5ce2e2a9d1af6985b546074d8a94e77d711 Mon Sep 17 00:00:00 2001 From: Johannes Meixner Date: Tue, 16 Mar 2021 12:10:33 +0000 Subject: [PATCH 4/6] OBS-URL: https://build.opensuse.org/package/show/Printing/ghostscript?expand=0&rev=138 --- ghostscript-mini.changes | 5 ----- 1 file changed, 5 deletions(-) diff --git a/ghostscript-mini.changes b/ghostscript-mini.changes index 79c34d3..d6b3025 100644 --- a/ghostscript-mini.changes +++ b/ghostscript-mini.changes @@ -5,11 +5,6 @@ Tue Mar 9 12:34:30 UTC 2021 - Dominique Leuenberger used only during build (and never on end user workstations), apparmor is not going to be anabled (build is in chroot/vm). Keeping the dep-chain of the -mini flavor as small as possible. -- Add extra safeguard Requires: this-is-only-for-build-envs: this - symbol is not provided by any package outside of OBS, but OBS - knows to ignore this dependency. This is just an additional - safe-guard to stop users from installing this package, besides it - not being part of the published distro repositories. ------------------------------------------------------------------- Fri Mar 5 12:35:16 UTC 2021 - Dominique Leuenberger From 295bf608933d023e0c4590ae008efa38d88a01f05caeca6610ce4a1b50fa88fa Mon Sep 17 00:00:00 2001 From: Johannes Meixner Date: Tue, 16 Mar 2021 12:11:47 +0000 Subject: [PATCH 5/6] OBS-URL: https://build.opensuse.org/package/show/Printing/ghostscript?expand=0&rev=139 --- ghostscript-mini.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ghostscript-mini.changes b/ghostscript-mini.changes index d6b3025..8f095f0 100644 --- a/ghostscript-mini.changes +++ b/ghostscript-mini.changes @@ -3,7 +3,7 @@ Tue Mar 9 12:34:30 UTC 2021 - Dominique Leuenberger - Do not require apparmor-abstractions: with the mini package being used only during build (and never on end user workstations), - apparmor is not going to be anabled (build is in chroot/vm). + apparmor is not going to be enabled (build is in chroot/vm). Keeping the dep-chain of the -mini flavor as small as possible. ------------------------------------------------------------------- From a660ee5ba62ebeaa765a96c31b9be720fa2050acb5d627e40018498ca8103a3a Mon Sep 17 00:00:00 2001 From: Johannes Meixner Date: Mon, 29 Mar 2021 08:29:21 +0000 Subject: [PATCH 6/6] Accepting request 881509 from home:dimstar:Factory - Do not rely on apparmor at all for the -mini flavor: + Drop apparmor-abstraction and apparmor-rpm-macros BuildRequires. + Do not package apparmor files. Shame on me - this should have been included in the previous submission already Sure, apparmor is a great thing for security with ghostscript, but considering the -mini flavor only ever exists inside OBS during package builds, we can perfectly get away with this. Users will only ever get 'ghostscript' - the full version. OBS-URL: https://build.opensuse.org/request/show/881509 OBS-URL: https://build.opensuse.org/package/show/Printing/ghostscript?expand=0&rev=141 --- ghostscript-mini.changes | 8 ++++++++ ghostscript-mini.spec | 18 +++--------------- ghostscript.spec | 2 +- 3 files changed, 12 insertions(+), 16 deletions(-) diff --git a/ghostscript-mini.changes b/ghostscript-mini.changes index 8f095f0..a9160a4 100644 --- a/ghostscript-mini.changes +++ b/ghostscript-mini.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Fri Mar 26 13:42:05 UTC 2021 - Dominique Leuenberger + +- Do not rely on apparmor at all for the -mini flavor: + + Drop apparmor-abstraction and apparmor-rpm-macros + BuildRequires. + + Do not package apparmor files. + ------------------------------------------------------------------- Tue Mar 9 12:34:30 UTC 2021 - Dominique Leuenberger diff --git a/ghostscript-mini.spec b/ghostscript-mini.spec index fdaaeea..00bf008 100644 --- a/ghostscript-mini.spec +++ b/ghostscript-mini.spec @@ -26,12 +26,8 @@ BuildRequires: libtool BuildRequires: pkg-config BuildRequires: update-alternatives BuildRequires: zlib-devel -%if 0%{?suse_version} >= 1500 -BuildRequires: apparmor-abstractions -BuildRequires: apparmor-rpm-macros -%endif Requires(post): update-alternatives -Requires(preun): update-alternatives +Requires(preun):update-alternatives Summary: Minimal Ghostscript for minimal build requirements License: AGPL-3.0-only Group: Productivity/Office/Other @@ -103,9 +99,9 @@ Patch101: ijs_exec_server_dont_use_sh.patch # in openSUSE products, cf. https://build.opensuse.org/request/show/877083 Provides: ghostscript_any = %{version} Conflicts: ghostscript -Conflicts: ghostscript-x11 Conflicts: ghostscript-devel Conflicts: ghostscript-library +Conflicts: ghostscript-x11 # Install into this non-root directory (required when norootforbuild is used): BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -148,9 +144,9 @@ Summary: Development files for Minimal Ghostscript Group: Development/Libraries/C and C++ Requires: ghostscript-mini = %{version} Conflicts: ghostscript -Conflicts: ghostscript-x11 Conflicts: ghostscript-devel Conflicts: ghostscript-library +Conflicts: ghostscript-x11 %description devel This package contains the development files for Minimal Ghostscript. @@ -348,7 +344,6 @@ done # Switch back to the usual build log messages: set -x install -m 644 catalog.devices $DOCDIR -install -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/apparmor.d/ghostscript # Move /usr/bin/gs to /usr/bin/gs.bin to be able to use update-alternatives install -d %buildroot%{_sysconfdir}/alternatives @@ -358,9 +353,6 @@ ln -sf %{_sysconfdir}/alternatives/gs %{buildroot}%{_bindir}/gs %post /sbin/ldconfig -%if 0%{?suse_version} >= 1500 -%apparmor_reload /etc/apparmor.d/ghostscript -%endif %{_sbindir}/update-alternatives \ --install %{_bindir}/gs gs %{_bindir}/gs.bin 15 @@ -448,10 +440,6 @@ fi %{_libdir}/libgs.so.* %{_libdir}/ghostscript/ %{_libdir}/libijs-0.35.so -%if 0%{?suse_version} < 1500 -%dir %{_sysconfdir}/apparmor.d -%endif -%{_sysconfdir}/apparmor.d/ghostscript %files devel %defattr(-,root,root) diff --git a/ghostscript.spec b/ghostscript.spec index 4063c3d..85f325f 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -56,7 +56,7 @@ BuildRequires: apparmor-rpm-macros Requires: apparmor-abstractions %endif Requires(post): update-alternatives -Requires(preun): update-alternatives +Requires(preun):update-alternatives Summary: The Ghostscript interpreter for PostScript and PDF License: AGPL-3.0-only Group: Productivity/Office/Other