Differences between revisions 1 and 56 (spanning 55 versions)
Revision 1 as of 2013-04-05 15:27:11
Size: 1942
Editor: ?IntRigeri
Comment: Import content from the main AppArmor page.
Revision 56 as of 2017-06-30 21:05:34
Size: 3326
Editor: ?IntRigeri
Comment: Make it feel less like Wheezy is the current thing
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
<<Navigation(siblings,1)>>
----
<<TableOfContents>>

This page explains how to contribute to !AppArmor in Debian.

== Infrastructure ==

 * [[http://anonscm.debian.org/gitweb/?p=collab-maint/apparmor-profiles-extra.git;a=summary|Git repository for extra profiles]]
 * [[https://alioth.debian.org/projects/pkg-apparmor/|Alioth project]]
 * [[https://alioth.debian.org/scm/browser.php?group_id=100952| Git repository for UDD usertag script]]
 * [[https://udd.debian.org/bugs.cgi?release=jessie&merged=ign&fnewerval=7&flastmodval=7&apparmor=1&sortby=id&sorto=asc|Bugs in the packages we maintain]]

<<Anchor(contactteam)>>
== Interacting with the team ==

 * '''Email''': pkg-apparmor-team@lists.alioth.debian.org (see https://lists.alioth.debian.org/mailman/listinfo/pkg-apparmor-team for mailing list archives)
 * '''IRC''': ''#apparmor'' on irc.oftc.net (general AppArmor discussion channel)
Line 3: Line 22:
 * Debian Wheezy supports AppArmor.
 * Some of us test a few AppArmor profiles, mainly grabbed from Ubuntu.
 * Patches to add profiles to Debian packages are being filed: [[http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=new-profile;users=apparmor@packages.debian.org|Bugs tagged with "new-profile" (used for adding profiles to packages)]].
 * AppArmor is supported since Debian 7 (Wheezy).
 * See the [[AppArmor/Progress|progress tracking page]].
Line 7: Line 25:
== Next goals == == How to participate ==
Line 9: Line 27:
For Jessie, we'd like AppArmor enabled by default and more enforced profiles; specifically
(in decreasing order of priority):
=== Ship an AppArmor profile in "your" package ===
Line 12: Line 29:
 1. some of the Usual Suspects™ on the Desktop: evince, iceweasel, isc-dhcp-client, pidgin;
 2. some software that is particularly important in the context of Tails and other privacy-sensitive contexts: Tor, Vidalia;
 3. some low-hanging fruits from Ubuntu's [[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles|Supported profiles in main]] list: apache2, libvirt, ntp...
 * [[AppArmor/Contribute/ImportProfileFromExtra | Import a profile from apparmor-profiles-extra]] into a package you maintain
 * [[AppArmor/Contribute/FirstTimeProfileImport | Import a profile to a package for the first time]], that is learn how to package using `dh_apparmor`
 * To create a completely new profile, see the [[AppArmor/Contribute#Create_new_profiles | "Create new profiles" section]].
 * [[AppArmor/Debug | Debug and test]]
Line 16: Line 34:
The general workflow wrt. profiles is to find existing profiles, test them in the context of Debian sid, adapt them if needed, and propose them to Debian package maintainers. === Improve quality of AppArmor profiles ===
Line 18: Line 36:
At some point, it would be great to share the profiles maintenance e.g. with Ubuntu. ==== Use AppArmor ====
Line 20: Line 38:
== How to help == [[AppArmor/HowToUse|Enable AppArmor]], enforce a bunch of profiles, [[AppArmor/Debug | test]] and [[AppArmor/Reportbug | report bugs]] and/or happiness.
Line 22: Line 40:
 * '''Test''': [[AppArmor/HowTo|enable AppArmor]], enforce a bunch of profiles, report bugs and/or happiness.
 * '''Fix bugs''' tagged "new-profile".
 * '''Fix bugs''' in the apparmor source package.
 * '''Import''' profiles from Ubuntu: get the latest version, test, prepare Debian patch, file bug tagged "new-profile".
 * '''Documentation''': write documentation about the user side of things.
 * '''Convince''' Ubuntu to upstream their AppArmor profiles to Debian.
==== Upstream Debian changes to AppArmor profiles ====
Line 29: Line 42:
== Contact Information == Profiles, which have been patched in Debian, should also [[AppArmor/Contribute/MergeToUpstream|be merged upstream]].
Line 31: Line 44:
We have no mailing-list yet, but once you and others tell us you want to join the dance, it may be worth creating one;
in the meantime:
==== Create new profiles ====
Line 34: Line 46:
 * intrigeri (intrigeri@debian.org)
 * AppArmor maintainers (apparmor@packages.debian.org)
We want to keep our delta with upstream as low as possible. If you want to submit a new profile, this [[AppArmor/Contribute/Upstream|should be done upstream first]].

==== Import Upstream changes to Debian ====

[[AppArmor/Contribute/MergeProfileFromUpstream | Update profiles shipped in apparmor-profiles-extra to the latest upstream version]]


=== Debug, report triage and fix bugs ===

 * [[AppArmor/Debug | Debug AppArmor profiles]]
 * [[AppArmor/Reportbug | Report and triage bugs]] and/or happiness
 * '''Fix bugs''' in [[https://udd.debian.org/bugs.cgi?release=jessie&merged=ign&fnewerval=7&flastmodval=7&apparmor=1&sortby=id&sorto=asc|the packages we maintain]]
 * '''Fix bugs''' in the DebianPts:apparmor package
 * '''Fix usertagged''' [[https://udd.debian.org/cgi-bin/bts-usertags.cgi?user=pkg-apparmor-team@lists.alioth.debian.org|bugs]]

=== Miscellaneous ===

 * '''Convince''' Ubuntu to upstream their !AppArmor profiles to Debian
 * '''Organize''' by keeping the [[AppArmor/Progress|progress tracking page]] up-to-date
 * '''Documentation''': improve the [[AppArmor/HowToUse|documentation about the user side of things]]

== Tools ==

In order to organize the Debian Wiki documentation about !AppArmor, we have set up a set of [[AppArmor/UserStories | user stories]].


This page explains how to contribute to AppArmor in Debian.

Infrastructure

Interacting with the team

Current status

How to participate

Ship an AppArmor profile in "your" package

Improve quality of AppArmor profiles

Use AppArmor

Enable AppArmor, enforce a bunch of profiles, test and report bugs and/or happiness.

Upstream Debian changes to AppArmor profiles

Profiles, which have been patched in Debian, should also ?be merged upstream.

Create new profiles

We want to keep our delta with upstream as low as possible. If you want to submit a new profile, this should be done upstream first.

Import Upstream changes to Debian

Update profiles shipped in apparmor-profiles-extra to the latest upstream version

Debug, report triage and fix bugs

Miscellaneous

Tools

In order to organize the Debian Wiki documentation about AppArmor, we have set up a set of user stories.