[pkg-apparmor] Bug#1064151: apparmor: install PAM module, binaries and helper scripts into /usr

Michael Biebl biebl at debian.org
Sat Feb 17 19:18:17 GMT 2024 

Source: apparmor
Version: 3.0.12-1
Severity: normal
Tags: patch
User: helmutg at debian.org
Usertags: dep17m2

We want to finalize the /usr-merge via DEP17 by moving all files to
/usr. apparmor installs files into /lib and /sbin; these should be moved
into the respective canonical locations in /usr/.

Please find a patch attached. It has been build-tested.

This should not be backported to bookworm. If you intend to
backport, please use dh_movetousr instead.

If your package will change for the t64 transition or otherwise
rename/split/move its binaries (packages) during trixie, please
then upload to experimental and get in touch with the UsrMerge
driver, please see the wiki [1].

Michael

[1] https://wiki.debian.org/UsrMerge
-------------- next part --------------
diff -Nru apparmor-3.0.12/debian/apparmor.dirs apparmor-3.0.12/debian/apparmor.dirs
--- apparmor-3.0.12/debian/apparmor.dirs	2023-07-16 16:39:37.000000000 +0200
+++ apparmor-3.0.12/debian/apparmor.dirs	2024-02-17 20:14:05.000000000 +0100
@@ -4,5 +4,4 @@
 /etc/apparmor.d/tunables/home.d
 /etc/apparmor.d/tunables/multiarch.d
 /etc/apparmor.d/tunables/xdg-user-dirs.d
-/lib/apparmor/
 /var/cache/apparmor
diff -Nru apparmor-3.0.12/debian/apparmor.install apparmor-3.0.12/debian/apparmor.install
--- apparmor-3.0.12/debian/apparmor.install	2023-07-16 16:39:37.000000000 +0200
+++ apparmor-3.0.12/debian/apparmor.install	2024-02-17 20:14:05.000000000 +0100
@@ -23,16 +23,16 @@
 etc/apparmor.d/tunables/xdg-user-dirs
 etc/apparmor.d/tunables/xdg-user-dirs.d
 etc/apparmor/parser.conf
-lib/apparmor/profile-load
-sbin/apparmor_parser
 parser/aa-teardown /usr/sbin/
-parser/apparmor.systemd /lib/apparmor/
-lib/apparmor/rc.apparmor.functions
+parser/apparmor.systemd usr/lib/apparmor/
+usr/lib/apparmor/profile-load
+usr/lib/apparmor/rc.apparmor.functions
 usr/bin/aa-enabled
 usr/bin/aa-exec
 usr/bin/aa-features-abi
 usr/sbin/aa-remove-unknown
 usr/sbin/aa-status
+usr/sbin/apparmor_parser
 usr/sbin/apparmor_status
 usr/share/locale/*/LC_MESSAGES/aa-binutils.mo
 usr/share/locale/*/LC_MESSAGES/apparmor-parser.mo
diff -Nru apparmor-3.0.12/debian/changelog apparmor-3.0.12/debian/changelog
--- apparmor-3.0.12/debian/changelog	2023-07-16 16:39:37.000000000 +0200
+++ apparmor-3.0.12/debian/changelog	2024-02-17 20:14:10.000000000 +0100
@@ -1,3 +1,10 @@
+apparmor (3.0.12-1.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Install PAM module, binaries and helper scripts into /usr. (Closes: #-1)
+
+ -- Michael Biebl <biebl at debian.org>  Sat, 17 Feb 2024 20:14:10 +0100
+
 apparmor (3.0.12-1) unstable; urgency=medium
 
   * New upstream releases: 3.0.9, 3.0.10, 3.0.11, and 3.0.12
diff -Nru apparmor-3.0.12/debian/libpam-apparmor.install apparmor-3.0.12/debian/libpam-apparmor.install
--- apparmor-3.0.12/debian/libpam-apparmor.install	2023-07-16 16:39:37.000000000 +0200
+++ apparmor-3.0.12/debian/libpam-apparmor.install	2024-02-17 20:14:05.000000000 +0100
@@ -1 +1 @@
-lib/security/pam_apparmor.so
+usr/lib/*/security/pam_apparmor.so
diff -Nru apparmor-3.0.12/debian/rules apparmor-3.0.12/debian/rules
--- apparmor-3.0.12/debian/rules	2023-07-16 16:39:37.000000000 +0200
+++ apparmor-3.0.12/debian/rules	2024-02-17 20:14:05.000000000 +0100
@@ -1,11 +1,10 @@
 #!/usr/bin/make -f
 
 include /usr/share/dpkg/pkg-info.mk
+include /usr/share/dpkg/architecture.mk
 
 export DEB_BUILD_MAINT_OPTIONS = hardening=+bindnow optimize=+lto
 
-export DEB_HOST_ARCH_OS   ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_OS)
-
 export PERL_VENDORARCH := $(shell perl -MConfig -e 'print substr($$Config{vendorarch},1)' )
 export PYTHON=/usr/bin/python3
 export PYTHON_VERSION=3
@@ -108,7 +107,7 @@
 	    install-indep
 
 	install -D -m 755 $(CURDIR)/debian/non-linux/fake_apparmor_util \
-		$(CURDIR)/debian/tmp/sbin/apparmor_parser
+		$(CURDIR)/debian/tmp/usr/sbin/apparmor_parser
 	install -D -m 755 $(CURDIR)/debian/non-linux/fake_apparmor_util \
 		$(CURDIR)/debian/tmp/usr/bin/aa-enabled
 	install -D -m 755 $(CURDIR)/debian/non-linux/fake_apparmor_util \
@@ -123,6 +122,8 @@
 
 	cd parser && $(MAKE) \
 	    DESTDIR=$(CURDIR)/debian/tmp \
+	    SBINDIR=$(CURDIR)/debian/tmp/usr/sbin \
+	    APPARMOR_BIN_PREFIX=$(CURDIR)/debian/tmp/usr/lib/apparmor \
 	    install
 endif
 
@@ -148,9 +149,10 @@
 	# Changehat via libpam-apparmor
 	cd changehat/pam_apparmor && $(MAKE) \
 	    DESTDIR=$(CURDIR)/debian/tmp \
+	    SECDIR=$(CURDIR)/debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/security \
 	    install
 	# Fix rpath in pam_apparmor.so
-	chrpath -d $(CURDIR)/debian/tmp/lib/security/pam_apparmor.so
+	chrpath -d $(CURDIR)/debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/security/pam_apparmor.so
 
 	# Profiles
 	# We'd like to keep site.local from being a conffile
@@ -192,4 +194,4 @@
 	done
 	dh_install
 	# Fix permissions so that aa-teardown can execute this file
-	chmod 0755 $(CURDIR)/debian/apparmor/lib/apparmor/apparmor.systemd
+	chmod 0755 $(CURDIR)/debian/apparmor/usr/lib/apparmor/apparmor.systemd

More information about the pkg-apparmor-team mailing list