[pkg-apparmor] Bug#981442: apparmor: Please do not install by default or depend on python3
intrigeri
intrigeri at debian.org
Fri Feb 5 08:06:54 GMT 2021
Hi Samuel,
tl;dR: Help! I have a tentative fix ready, but in order to see this
fixed in Bullseye, someone else has to test the tentative fix by
Saturday, 17:00 UTC.
Samuel Thibault (2021-02-01):
> intrigeri, le lun. 01 févr. 2021 09:16:23 +0100, a ecrit:
>> > or avoid making it hardly depend on python3?
>>
>> The only reason why apparmor "Depends: python3" in current testing/sid
>> is that /usr/sbin/aa-status is written in Python.
>>
>> Upstream commit 8f9046b1b179190d0003ae1beacf460ee93c5090, included in
>> upstream 3.0.0 release, and thus in Debian experimental already,
>> ported that program to C, which should allow dropping the dependency
>> on python3. I did not check how hard it would be to backport
>> this commit.
>
> That would be great to backport!
I did the backporting work in a topic branch:
https://salsa.debian.org/apparmor-team/apparmor/-/tree/debian-bug-981442
The resulting apparmor binary package has no dependency on python3.
Salsa CI will tell us about obvious breakage in other areas, but
AFAICT it does not exercise aa-status, so that's not sufficient
to make me comfortable uploading this significant dependency change,
so close to the freeze, in a package we install by default on any
system that has a Linux kernel.
I would like this to be tested:
1. build packages from the debian-bug-981442 branch
2. install the resulting apparmor binary package into a testing/sid VM
(I don't think a chroot will do) that has no python3 installed
3. ensure step 2 did not install python3
4. ensure aa-status works (compare with how it works in a regular
testing/sid system)
If you, or someone else, has time to go through this test procedure by
Saturday 17:00 UTC, and if the test result is successful, then I'll
try hard to upload on Saturday night (UTC), which should hopefully
allow this improvement to migrate to testing in time for the freeze :)
Thanks for caring about the size of minimal systems installed by d-i!
Cheers!
More information about the pkg-apparmor-team
mailing list