Changelog
apparmor (2.10.95-1) unstable; urgency=medium
* Merge from ubuntu-citrain up to revision 1590, that is changes brought
by 2.10.95-0ubuntu1 to 2.10.95-0ubuntu2, including a new upstream
release also known as AppArmor 2.11.beta1. (Closes: #810888)
Remaining changes:
- debian/apparmor.install: install tunables/home.d and tunables/multiarch.*,
to make it easier to maintain site-specific configuration.
- Don't ship empty /usr/bin and /usr/share/apparmor in apparmor-utils:
I fail to see what good they can do.
- Drop dependency from apparmor on initramfs-tools: the early modules
loading code that needed it was removed a while ago.
- apparmor-notify depends on libnotify-bin: the package's description
is explicitly about desktop notifications, and we've had #746508,
so let's stick to supporting the desktop use case as best as we can,
and ignore the server use case for now.
- debian/control: removed duplicated Section entry for apparmor-easyprof,
it's the same as the source package's one.
- Apply notify-group.patch.
- The new packaging fixes and improvements documented below.
* Remove Holger from Uploaders, at his request. (Closes: #824461)
* dh-apparmor: fix enabling policy if it's the system's first.
Thanks to Peter Palfrader <email address hidden> for the analysis and patch!
(Closes: #822349)
* Declare compliance with Standards-Version 3.9.8.
* Fix typo in dh_apparmor(1) manpage.
* Add Lintian overrides for the no-upstream-changelog check: upstream
does not ship any changelog.
* debian/README.source: document how we import new upstream releases
from Ubuntu into Debian.
* Add a systemd unit wrapping the init script. Thanks to Felipe Sateler
for coming up with a patch, to the OpenSUSE folks for some inspiration,
and to Felix Geyer for commenting on my own initial draft. (Closes: #796589)
Accordingly:
- Add a build-dependency on dh-systemd, and enable it in debian/rules.
- Disable handle_system_policy_package_updates in the init script's
start action: it is only useful for click, snappy and Ubuntu system
images, i.e. not in Debian; and it reads and writes to /var, that can
be remote-mounted, so it would prevent us from using Before=sysinit.target
(and thus, from confining early system services) without possibly
introducing dependency loops.
-- intrigeri <email address hidden> Thu, 23 Jun 2016 18:25:09 +0000