2890
Comment:
|
← Revision 77 as of 2020-02-01 13:10:37 ⇥
6737
move all content from Contribute/Upstream
|
Deletions are marked like this. | Additions are marked like this. |
Line 1: | Line 1: |
<<Navigation(siblings,1)>> ---- |
#language en ~-[[DebianWiki/EditorGuide#translation|Translation(s)]]: none-~ This page describes how to contribute to [[AppArmor]], both upstream and in Debian packages. There are several ways to do this: * [[AppArmor/HowToUse|Enable AppArmor]], enforce a bunch of profiles, [[AppArmor/Debug|test]] and [[AppArmor/Reportbug|report bugs]] and/or happiness. * [[#Contribute_to_upstream_AppArmor_profiles|Contribute to upstream profiles]] * [[AppArmor/Debug#Edit_AppArmor_profiles|Create your own profiles]] * [[AppArmor/Contribute/MergeProfileFromUpstream|Update profiles shipped in apparmor-profiles-extra to the latest upstream version]] * Fix bugs in [[https://udd.debian.org/bugs.cgi?release=sid&merged=ign&fnewerval=7&flastmodval=7&apparmor=1&sortby=id&sorto=asc|the packages we maintain]] * Fix bugs in the DebianPts:apparmor package * Fix [[https://udd.debian.org/cgi-bin/bts-usertags.cgi?user=pkg-apparmor-team@lists.alioth.debian.org|usertagged bugs]] * Read, organize and update the [[AppArmor|Documentation]] and the [[AppArmor/Progress|progress tracking page]] * As a Debian package maintainer, [[AppArmor/Contribute/FirstTimeProfileImport|use dh_apparmor to import a profile to your package]] |
Line 5: | Line 23: |
This page explains how to contribute to !AppArmor in Debian. | ---- |
Line 7: | Line 25: |
== Infrastructure == | |
Line 9: | Line 26: |
* [[http://anonscm.debian.org/gitweb/?p=collab-maint/apparmor-profiles-extra.git;a=summary|Git repository for extra profiles]] * [[https://alioth.debian.org/projects/pkg-apparmor/|Alioth project]] * [[https://udd.debian.org/bugs.cgi?release=jessie&merged=ign&fnewerval=7&flastmodval=7&apparmor=1&sortby=id&sorto=asc|Bugs in the packages we maintain]] |
== Debian / Upstream relationship == |
Line 13: | Line 28: |
<<Anchor(contactteam)>> == Interacting with the team == |
'''We want to keep our delta with upstream as low as possible.''' If you want to submit a new profile or modify an existing one, this should be done '''upstream first'''. This process will also allow for better cross-distribution sharing and maintenance of profiles. |
Line 16: | Line 30: |
* '''Email''': pkg-apparmor-team@lists.alioth.debian.org * '''IRC''': ''#apparmor'' on irc.oftc.net (general AppArmor discussion channel) |
Every distribution has adopted a different strategy to handle their profiles. Most of Debian's !AppArmor profiles are imported directly from the upstream repositories. The development of profiles takes place in Git: https://gitlab.com/apparmor/apparmor-profiles, |
Line 19: | Line 33: |
== Current status == | Ubuntu and openSUSE enable !AppArmor by default. For Ubuntu, who base their profiles on the same upstream source, once a profile is "ready", it is [[https://wiki.ubuntu.com/ApparmorProfileMigration | taken out of the profile development branch and inserted directly into the corresponding package]]: e.g. the !AppArmor profile for `evince` is included into Ubuntu's evince package. |
Line 21: | Line 35: |
* Debian Wheezy supports AppArmor. * See the [[AppArmor/Progress|progress tracking page]]. |
In Debian, on the long run, a profile should also be delivered in the package that ships the software it is confining. This is already the case for [[https://wiki.debian.org/AppArmor/Progress#Included_in_the_corresponding_package|some packages]]. However, for now package maintainers can still rely on the Debian !AppArmor packaging team which provides additional profiles via the DebianPkg:apparmor-profiles-extra package. |
Line 24: | Line 37: |
== How to participate == | ||<style="background-color: lightgrey;">Upstream ||<style="background-color: lightgrey;">Debian source package ||<style="background-color: lightgrey;">Debian binary package ||<style="background-color: lightgrey;">Ubuntu source package ||<style="background-color: lightgrey;">Ubuntu binary package || || [[https://gitlab.com/apparmor/apparmor|apparmor]] || DebianPts:apparmor || DebianPkg:apparmor and DebianPkg:apparmor-profiles || [[http://packages.ubuntu.com/source/apparmor|apparmor]] || [[http://packages.ubuntu.com/apparmor|apparmor]] || || [[https://gitlab.com/apparmor/apparmor-profiles|apparmor-profiles]] || DebianPts:apparmor-profiles-extra || DebianPkg:apparmor-profiles-extra || [[http://packages.ubuntu.com/source/apparmor-profiles-extra|apparmor-profiles-extra]] || [[http://packages.ubuntu.com/apparmor-profiles-extra|apparmor-profiles-extra]] || || Ubuntu || DebianPts:apparmor-profiles-extra || DebianPkg:apparmor-profiles-extra || [[https://launchpad.net/ubuntu/+source/tcpdump|tcpdump]] || [[http://packages.ubuntu.com/tcpdump|tcpdump]]|| || Ubuntu || DebianPts:evince || DebianPkg:evince || [[https://launchpad.net/ubuntu/+source/evince|evince]] || [[http://packages.ubuntu.com/evince|evince]]|| || libvirt || DebianPts:libvirt || DebianPkg:libvirt-daemon-system || [[https://launchpad.net/ubuntu/+source/libvirt|libvirt]] || [[http://packages.ubuntu.com/libvirt-daemon-system|libvirt-daemon-system]]|| |
Line 26: | Line 44: |
=== Ship an AppArmor profile in "your" package === * [[AppArmor/Contribute/ImportProfileFromUpstream | Import a profile from upstream]] * [[AppArmor/Contribute/ImportProfileFromExtra | Import a profile from apparmor-profiles-extra]] to the package to the package you maintain * [[AppArmor/Contribute/PackageMaintainers | Learn how to package using dh_apparmor]], ie. if your upstream already provides an !AppArmor profile * To create a completely new profile, see section "Create new profiles" on this page. * [[AppArmor/Debug | Debug and test]] |
Note: we merely use `evince` and `libvirt` as example packages in this table. The libvirt upstream tarball includes an own !AppArmor profile, whereas the evince upstream tarball does not. |
Line 33: | Line 46: |
=== Improve quality of AppArmor profiles === | == Contribute to upstream AppArmor profiles == |
Line 35: | Line 48: |
* '''Use !AppArmor''': [[AppArmor/HowToUse|enable AppArmor]], enforce a bunch of profiles, [[AppArmor/Debug | test]] and [[AppArmor/Reportbug | report and triage bugs]] and/or happiness. | [[#Debian_.2F_Upstream_relationship|Upstream AppArmor profiles live in many different repositories.]] This documentation focuses on contributing to profiles that live in the [[https://gitlab.com/apparmor/apparmor-profiles | upstream apparmor-profiles repository]], but the procedure is quite similar for the other repositories. |
Line 37: | Line 50: |
==== Upstream Debian changes to AppArmor profiles ==== * [[AppArmor/Contribute/Upstream|Contribute to Upstream]]. |
If you want to contribute to existing/upstream AppArmor profiles, you need to: |
Line 40: | Line 52: |
==== Import Upstream changes to Debian ==== * [[AppArmor/Contribute/MergeProfileFromUpstream | Update profiles shipped in apparmor-profiles-extra to the latest upstream version]] |
* Generate and update your profiles: see '''[[AppArmor/HowToUse#Edit_AppArmor_profiles]]''' * Test your profiles: see [[AppArmor/Debug]] * create an account on [[https://gitlab.com/|GitLab.com]] * upload a SSH key to be able to push your changes. * install the Git version control system: `sudo apt install git` * Fork the upstream project: https://gitlab.com/apparmor/apparmor-profiles/forks/new * `git clone` your brand new fork. * Create a topic branch `git checkout -b BRANCHNAME origin/master` * [[AppArmor/HowToUse#Edit_AppArmor_profiles|Edit the profile, install/reload it]], and [[AppArmor/Debug|test it]] * Once done, you can commit the changes to your local repository: `git add -p && git commit` * Push the changes to your remote repository on a dedicated branch: `git push -u origin BRANCHNAME` * Then you will see a link that proposes you send a merge request through the web interface. |
Line 43: | Line 65: |
==== Create new profiles ==== * '''Create''' or patch profiles: [[AppArmor/Contribute/Upstream|Contribute to Upstream]]. |
|
Line 46: | Line 66: |
=== Debug, report triage and fix bugs === * [[AppArmor/Debug | Debug AppArmor profiles]] * [[AppArmor/Reportbug | Report and triage bugs]] and/or happiness. * '''Fix bugs''' in [[https://udd.debian.org/bugs.cgi?release=jessie&merged=ign&fnewerval=7&flastmodval=7&apparmor=1&sortby=id&sorto=asc|the packages we maintain]] * '''Fix bugs''' in the DebianPts:apparmor package. * '''Fix usertagged''' [[https://udd.debian.org/cgi-bin/bts-usertags.cgi?user=pkg-apparmor-team@lists.alioth.debian.org|bugs]] |
== Get in touch with upstream == |
Line 53: | Line 68: |
=== Miscellaneous === * '''Convince''' Ubuntu to upstream their !AppArmor profiles to Debian. * '''Organize''' by keeping the [[AppArmor/Progress|progress tracking page]] up-to-date. * '''Documentation''': improve the [[AppArmor/HowToUse|documentation about the user side of things]]. |
* [[https://lists.ubuntu.com/mailman/listinfo/apparmor|AppArmor upstream mailing list]] - anything that is not a merge request * [[https://help.ubuntu.com/community/ReportingBugs|file a bug against apparmor on Launchpad]] - to get a new profile into the upstream apparmor-profiles package (see also [[https://gitlab.com/apparmor/apparmor/-/wikis/Launchpadtutorial|Launchpad tutorial]]) == Get in touch with the Debian AppArmor Packaging team == To update Debian profiles from upstream, please contact the packaging team: * pkg-apparmor-team@lists.alioth.debian.org mailing list * [[https://lists.alioth.debian.org/mailman/listinfo/pkg-apparmor-team|mailing list archives]] * `#apparmor` [[IRC|IRC channel]] on irc.oftc.net * [[AppArmor/Reportbug | report a bug with the usertag "new-profile" or "modify-profile"]] * [[https://salsa.debian.org/apparmor-team/|AppArmor Salsa project]] ---- CategorySystemSecurity |
Translation(s): none
This page describes how to contribute to AppArmor, both upstream and in Debian packages.
There are several ways to do this:
Enable AppArmor, enforce a bunch of profiles, test and report bugs and/or happiness.
Update profiles shipped in apparmor-profiles-extra to the latest upstream version
Fix bugs in the packages we maintain
Fix bugs in the apparmor package
Fix usertagged bugs
Read, organize and update the Documentation and the progress tracking page
As a Debian package maintainer, use dh_apparmor to import a profile to your package
Contents
Debian / Upstream relationship
We want to keep our delta with upstream as low as possible. If you want to submit a new profile or modify an existing one, this should be done upstream first. This process will also allow for better cross-distribution sharing and maintenance of profiles.
Every distribution has adopted a different strategy to handle their profiles. Most of Debian's AppArmor profiles are imported directly from the upstream repositories. The development of profiles takes place in Git: https://gitlab.com/apparmor/apparmor-profiles,
Ubuntu and openSUSE enable AppArmor by default. For Ubuntu, who base their profiles on the same upstream source, once a profile is "ready", it is taken out of the profile development branch and inserted directly into the corresponding package: e.g. the AppArmor profile for evince is included into Ubuntu's evince package.
In Debian, on the long run, a profile should also be delivered in the package that ships the software it is confining. This is already the case for some packages. However, for now package maintainers can still rely on the Debian AppArmor packaging team which provides additional profiles via the apparmor-profiles-extra package.
Upstream |
Debian source package |
Debian binary package |
Ubuntu source package |
Ubuntu binary package |
Ubuntu |
||||
Ubuntu |
||||
libvirt |
Note: we merely use evince and libvirt as example packages in this table. The libvirt upstream tarball includes an own AppArmor profile, whereas the evince upstream tarball does not.
Contribute to upstream AppArmor profiles
Upstream AppArmor profiles live in many different repositories. This documentation focuses on contributing to profiles that live in the upstream apparmor-profiles repository, but the procedure is quite similar for the other repositories.
If you want to contribute to existing/upstream AppArmor profiles, you need to:
Generate and update your profiles: see AppArmor/HowToUse#Edit_AppArmor_profiles
Test your profiles: see AppArmor/Debug
create an account on GitLab.com
- upload a SSH key to be able to push your changes.
install the Git version control system: sudo apt install git
Fork the upstream project: https://gitlab.com/apparmor/apparmor-profiles/forks/new
git clone your brand new fork.
Create a topic branch git checkout -b BRANCHNAME origin/master
Once done, you can commit the changes to your local repository: git add -p && git commit
Push the changes to your remote repository on a dedicated branch: git push -u origin BRANCHNAME
- Then you will see a link that proposes you send a merge request through the web interface.
Get in touch with upstream
AppArmor upstream mailing list - anything that is not a merge request
file a bug against apparmor on Launchpad - to get a new profile into the upstream apparmor-profiles package (see also Launchpad tutorial)
Get in touch with the Debian AppArmor Packaging team
To update Debian profiles from upstream, please contact the packaging team:
pkg-apparmor-team@lists.alioth.debian.org mailing list
#apparmor IRC channel on irc.oftc.net
report a bug with the usertag "new-profile" or "modify-profile"