Differences between revisions 1 and 42 (spanning 41 versions)
Revision 1 as of 2013-04-05 15:27:11
Size: 1942
Editor: ?IntRigeri
Comment: Import content from the main AppArmor page.
Revision 42 as of 2015-02-02 16:04:37
Size: 3253
Editor: UlrikeUhlig
Comment: add mailing list link
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
<<Navigation(siblings,1)>>
----
<<TableOfContents>>

This page explains how to contribute to !AppArmor in Debian.

== Infrastructure ==

 * [[http://anonscm.debian.org/gitweb/?p=collab-maint/apparmor-profiles-extra.git;a=summary|Git repository for extra profiles]]
 * [[https://alioth.debian.org/projects/pkg-apparmor/|Alioth project]]
 * [[https://udd.debian.org/bugs.cgi?release=jessie&merged=ign&fnewerval=7&flastmodval=7&apparmor=1&sortby=id&sorto=asc|Bugs in the packages we maintain]]

<<Anchor(contactteam)>>
== Interacting with the team ==

 * '''Email''': pkg-apparmor-team@lists.alioth.debian.org (see https://lists.alioth.debian.org/mailman/listinfo/pkg-apparmor-team for mailing list archives)
 * '''IRC''': ''#apparmor'' on irc.oftc.net (general AppArmor discussion channel)
Line 4: Line 22:
 * Some of us test a few AppArmor profiles, mainly grabbed from Ubuntu.
 * Patches to add profiles to Debian packages are being filed: [[http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=new-profile;users=apparmor@packages.debian.org|Bugs tagged with "new-profile" (used for adding profiles to packages)]].
 * See the [[AppArmor/Progress|progress tracking page]].
Line 7: Line 24:
== Next goals == == How to participate ==
Line 9: Line 26:
For Jessie, we'd like AppArmor enabled by default and more enforced profiles; specifically
(in decreasing order of priority):
=== Ship an AppArmor profile in "your" package ===
 * [[AppArmor/Contribute/ImportProfileFromUpstream | Import a profile from upstream]]
 * [[AppArmor/Contribute/ImportProfileFromExtra | Import a profile from apparmor-profiles-extra]] to the package to the package you maintain
 * [[AppArmor/Contribute/PackageMaintainers | Learn how to package using dh_apparmor]], ie. if your upstream provides an !AppArmor profile for the packaged software
 * To create a completely new profile, see section "Create new profiles" on this page.
 * [[AppArmor/Debug | Debug and test]]
Line 12: Line 33:
 1. some of the Usual Suspects™ on the Desktop: evince, iceweasel, isc-dhcp-client, pidgin;
 2. some software that is particularly important in the context of Tails and other privacy-sensitive contexts: Tor, Vidalia;
 3. some low-hanging fruits from Ubuntu's [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles|Supported profiles in main]] list: apache2, libvirt, ntp...
=== Improve quality of AppArmor profiles ===
Line 16: Line 35:
The general workflow wrt. profiles is to find existing profiles, test them in the context of Debian sid, adapt them if needed, and propose them to Debian package maintainers. ==== Use AppArmor ====
Line 18: Line 37:
At some point, it would be great to share the profiles maintenance e.g. with Ubuntu. [[AppArmor/HowToUse|Enable AppArmor]], enforce a bunch of profiles, [[AppArmor/Debug | test]] and [[AppArmor/Reportbug | report and triage bugs]] and/or happiness.
Line 20: Line 39:
== How to help == ==== Upstream Debian changes to AppArmor profiles ====
Line 22: Line 41:
 * '''Test''': [[AppArmor/HowTo|enable AppArmor]], enforce a bunch of profiles, report bugs and/or happiness.
 * '''Fix bugs''' tagged "new-profile".
 * '''Fix bugs''' in the apparmor source package.
 * '''Import''' profiles from Ubuntu: get the latest version, test, prepare Debian patch, file bug tagged "new-profile".
 * '''Documentation''': write documentation about the user side of things.
 * '''Convince''' Ubuntu to upstream their AppArmor profiles to Debian.
We want to keep our delta with upstream as low as possible. That is why we encourage you to patch profiles upstream: [[AppArmor/Contribute/Upstream|Contribute to Upstream]].
Line 29: Line 43:
== Contact Information == ==== Create new profiles ====
Line 31: Line 45:
We have no mailing-list yet, but once you and others tell us you want to join the dance, it may be worth creating one;
in the meantime:
We want to keep our delta with upstream as low as possible. If you want to submit a new profile, this should be done upstream first. Create or patch profiles: [[AppArmor/Contribute/Upstream|Contribute to Upstream]].
Line 34: Line 47:
 * intrigeri (intrigeri@debian.org)
 * AppArmor maintainers (apparmor@packages.debian.org)
==== Import Upstream changes to Debian ====

[[AppArmor/Contribute/MergeProfileFromUpstream | Update profiles shipped in apparmor-profiles-extra to the latest upstream version]]


=== Debug, report triage and fix bugs ===
 * [[AppArmor/Debug | Debug AppArmor profiles]]
 * [[AppArmor/Reportbug | Report and triage bugs]] and/or happiness.
 * '''Fix bugs''' in [[https://udd.debian.org/bugs.cgi?release=jessie&merged=ign&fnewerval=7&flastmodval=7&apparmor=1&sortby=id&sorto=asc|the packages we maintain]]
 * '''Fix bugs''' in the DebianPts:apparmor package.
 * '''Fix usertagged''' [[https://udd.debian.org/cgi-bin/bts-usertags.cgi?user=pkg-apparmor-team@lists.alioth.debian.org|bugs]]

=== Miscellaneous ===
 * '''Convince''' Ubuntu to upstream their !AppArmor profiles to Debian.
 * '''Organize''' by keeping the [[AppArmor/Progress|progress tracking page]] up-to-date.
 * '''Documentation''': improve the [[AppArmor/HowToUse|documentation about the user side of things]].


This page explains how to contribute to AppArmor in Debian.

Infrastructure

Interacting with the team

Current status

How to participate

Ship an AppArmor profile in "your" package

  • ?Import a profile from upstream

  • ?Import a profile from apparmor-profiles-extra to the package to the package you maintain

  • ?Learn how to package using dh_apparmor, ie. if your upstream provides an AppArmor profile for the packaged software

  • To create a completely new profile, see section "Create new profiles" on this page.
  • Debug and test

Improve quality of AppArmor profiles

Use AppArmor

Enable AppArmor, enforce a bunch of profiles, test and report and triage bugs and/or happiness.

Upstream Debian changes to AppArmor profiles

We want to keep our delta with upstream as low as possible. That is why we encourage you to patch profiles upstream: Contribute to Upstream.

Create new profiles

We want to keep our delta with upstream as low as possible. If you want to submit a new profile, this should be done upstream first. Create or patch profiles: Contribute to Upstream.

Import Upstream changes to Debian

Update profiles shipped in apparmor-profiles-extra to the latest upstream version

Debug, report triage and fix bugs

Miscellaneous