Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Have app-code depend on apparmor in noble #7319

Merged
merged 1 commit into from
Nov 4, 2024
Merged

Have app-code depend on apparmor in noble #7319

merged 1 commit into from
Nov 4, 2024

Conversation

legoktm
Copy link
Member

@legoktm legoktm commented Oct 31, 2024
edited by zenmonkeykstop
Loading

Status

Ready for review

Description of Changes

During a system upgrade, the securedrop-app-code postinst tries to enable the apparmor profiles for apache2 and tor, except it uses newer apparmor syntax, which can fail if apparmor hasn't already been upgraded.

The easiest and correct way to ensure that securedrop-app-code is upgraded after apparmor is by setting a versioned dependency. We need to do a bit of makefile magic so it only applies to noble builds though, and a test verifies that.

Testing

How should the reviewer test this PR?

Deployment

Any special considerations for deployment? n/a

Checklist

@legoktm
Have app-code depend on apparmor in noble
e3d197d 
During a system upgrade, the securedrop-app-code postinst tries to
enable the apparmor profiles for apache2 and tor, except it uses newer
apparmor syntax, which can fail if apparmor hasn't already been
upgraded.

The easiest and correct way to ensure that securedrop-app-code is
upgraded after apparmor is by setting a versioned dependency. We need to
do a bit of makefile magic so it only applies to noble builds though,
and a test verifies that.
@legoktm legoktm added the noble Ubuntu Noble related work label Oct 31, 2024
@legoktm legoktm requested a review from a team as a code owner October 31, 2024 21:18
zenmonkeykstop
zenmonkeykstop approved these changes Nov 4, 2024
View reviewed changes
Copy link
Contributor

@zenmonkeykstop zenmonkeykstop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM based on visual review.

@zenmonkeykstop zenmonkeykstop added this pull request to the merge queue Nov 4, 2024
Merged via the queue into develop with commit f04dc8b Nov 4, 2024
45 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zenmonkeykstop zenmonkeykstop zenmonkeykstop approved these changes

Assignees
No one assigned
Labels
noble Ubuntu Noble related work
Projects
SecureDrop dev cycle
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@legoktm @zenmonkeykstop