[Pkg-privacy-maintainers] Bug#908463: Bug#908463: torbrowser-launcher: Fails to start "Web Content" processes due to outdated AppArmor policy

Roger Shimizu rosh at debian.org
Mon Sep 17 06:17:01 BST 2018 

On Sat, Sep 15, 2018 at 2:11 PM, intrigeri <intrigeri at debian.org> wrote:
> Roger Shimizu:
>> On Mon, Sep 10, 2018 at 11:58 PM, gregor herrmann <gregoa at debian.org> wrote:
>>> On Mon, 10 Sep 2018 10:43:32 -0400, Antoine Beaupré wrote:
>>> After upgrading to 0.2.9-4, adequate complains:
>>>
>>> torbrowser-launcher: obsolete-conffile /etc/apparmor.d/local/torbrowser.Tor.tor
>>> torbrowser-launcher: obsolete-conffile /etc/apparmor.d/local/torbrowser.Browser.plugin-container
>>> torbrowser-launcher: obsolete-conffile /etc/apparmor.d/local/torbrowser.Browser.firefox
>
>> Sorry, I don't have these errors when upgrading package.
>
> To reproduce, I think you need 1. adequate installed;
> 2. upgrading from a specific version of the package.

I confirmed I already had adequate installed previously.

$ dpkg -l adequate
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                     Version           Architecture      Description
+++-========================-=================-=================-======================================================
ii  adequate                 0.15.1            all
Debian package quality testing tool

On Sun, Sep 16, 2018 at 2:35 AM, gregor herrmann <gregoa at debian.org> wrote:
>> > After getting rid of them, I have a starting torbrowser again.
>> >
>> > Looks like some dpkg-maintscript-helper(1) magic is needed here ...
>>
>> Could you provide an example, or even patch?
>> Thanks!
>
> After looking at the package/repo:
>
> The files under /etc/apparmor.d/local were created in 0.2.9-1 (with
> the upstream import) and were removed in 0.2.9-2, probably with
> 0016-Remove-apparmor-local-path-from-setup.py.patch. Or maybe with
> debian/patches/0015-AppArmor-remove-boilerplate-from-local-override-file.patch.
> Or with both :)
>
> This is somewhat confusing but 0.2.9-1 seems to be the only release
> with
>
> drwxr-xr-x root/root         0 2018-01-29 15:17 ./etc/apparmor.d/local/
> -rw-r--r-- root/root       134 2018-01-28 19:33 ./etc/apparmor.d/local/torbrowser.Browser.firefox
> -rw-r--r-- root/root       133 2018-01-28 19:33 ./etc/apparmor.d/local/torbrowser.Browser.plugin-container
> -rw-r--r-- root/root       133 2018-01-28 19:33 ./etc/apparmor.d/local/torbrowser.Tor.tor
>
> (That also means that adequate must have warned me earlier?)
>
> Anyway, these conffiles are not shipped any more; either that's a
> mistake or they need to be properly removed.

I tried to install 0.2.9-1 and upgrade to 0.2.9-4, but still didn't reproduced.
I tested it again after enabling adequate by set 'Adequate::Enabled
"true";' in /etc/apt/apt.conf.d/20adequate
But same result.

BTW. Old packages can be found on snapshot.d.o [1].

[1] http://snapshot.debian.org/package/torbrowser-launcher/

====
# dpkg -i torbrowser-launcher_0.2.9-1_amd64.deb
(Reading database ... 272854 files and directories currently installed.)
Preparing to unpack torbrowser-launcher_0.2.9-1_amd64.deb ...
Unpacking torbrowser-launcher (0.2.9-1) over (0.2.9-1) ...
Setting up torbrowser-launcher (0.2.9-1) ...
Processing triggers for desktop-file-utils (0.23-1) ...
Processing triggers for mime-support (3.60) ...
Processing triggers for man-db (2.7.6.1-2) ...
# dpkg -i torbrowser-launcher_0.2.9-4_amd64.deb
(Reading database ... 272854 files and directories currently installed.)
Preparing to unpack torbrowser-launcher_0.2.9-4_amd64.deb ...
Unpacking torbrowser-launcher (0.2.9-4) over (0.2.9-1) ...
Setting up torbrowser-launcher (0.2.9-4) ...
Installing new version of config file
/etc/apparmor.d/torbrowser.Browser.firefox ...
Installing new version of config file
/etc/apparmor.d/torbrowser.Browser.plugin-container ...
Installing new version of config file /etc/apparmor.d/torbrowser.Tor.tor ...
Processing triggers for desktop-file-utils (0.23-1) ...
Processing triggers for mime-support (3.60) ...
Processing triggers for man-db (2.7.6.1-2) ...
====

> There is already debian/torbrowser-launcher.maintscript which IMO
> needs three new lines:
>
> rm_conffile /etc/apparmor.d/local/torbrowser.Tor.tor 0.2.9-2~ torbrowser-launcher
> rm_conffile /etc/apparmor.d/local/torbrowser.Browser.plugin-container 0.2.9-2~ torbrowser-launcher
> rm_conffile /etc/apparmor.d/local/torbrowser.Browser.firefox 0.2.9-2~ torbrowser-launcher
>
> Or maybe s/0.2.9-2~/0.2.9-5~/ , if I'm reading dpkg-maintscript-helper(1)
> correctly.

Thanks for the hint!
I'll try this snippet.

Cheers,
-- 
Roger Shimizu, GMT +9 Tokyo
PGP/GPG: 4096R/6C6ACD6417B3ACB1

More information about the Pkg-privacy-maintainers mailing list