Hi, here's a status update.
tl;dr: almost everything is done or waiting to migrate to testing; there's one question for Ulrike below, and one topic (telepathy-mission-control-5) about which I'd appreciate some input from you folks. I'll keep this bug open until everything is fixed at least in sid. It would be super cool if more of us switched their testing/sid system with AppArmor enabled to merged-/usr, in order to identify remaining issues before our users face them. intrigeri: >> 1. the AppArmor profiles Git repo > Ready for review: > https://code.launchpad.net/~intrigeri/apparmor-profiles/+git/apparmor-profiles/+merge/312411 This was merged yesterday, and I've just uploaded apparmor-profiles-extra with these changes applied. >> 2. upstream software repos (at least libvirt) > Sent patch to libvirt upstream: > https://www.redhat.com/archives/libvir-list/2016-December/msg00080.html Merged upstream, applied in sid (2.5.0-2), but the migration to testing is blocked by a RC bug in src:ceph. >> 3. other profiles shipped in Debian > I've now dealt with all those that are installed on my system: > * apparmor-profiles: > - usr.bin.chromium-browser: it's been broken in Debian for many > years, and nobody bothered enough to upstream it in a way that > makes it work cross-distro, so I'll simply drop this profile in > the next upload. Fixed in 2.10.95-8, that migrated to testing already. > * apparmor-profiles-extra > - usr.bin.irssi, usr.bin.pidgin, usr.sbin.apt-cacher-ng: fixed in > my merge request against the AppArmor profiles repo; I'd rather > not carry a delta in Debian, so I'll wait a bit for comments on > my branch. Merged upstream, fixed in 1.11. > - usr.sbin.tcpdump: we import this from Ubuntu, so I've sent them > a patch > (https://bugs.launchpad.net/ubuntu/+source/tcpdump/+bug/1647188) No reply since a month on the Ubuntu front, I went ahead and it's in apparmor-profiles-extra 1.11. > * cups-daemon: patch sent (Debian#846868); Ubuntu carries no delta > against CUPS anymore so this will flow there for free Fixed in 2.2.1-4, that migrated to testing already. > * evince: patch submitted (Debian#846966); nowadays Ubuntu merges the > Debian packaging regularly, so it should flow there at some point Fixed in 3.22.1-3, that migrated to testing already. > * icedove: fix included in my merge request against the AppArmor > profiles repo This made its way to the apparmor-profiles shared repo. I guess some additional action is needed to have it in the icedove package. Ulrike, do you want to take care of this? > * telepathy-mission-control-5: patch submitted (Debian#847065); same > as evince, will flow to Ubuntu at some point No reply there, I wonder if I should NMU with my patch + the one proposed on #814900. Opinions? > * torbrowser-launcher: sent pull request upstream > (https://github.com/micahflee/torbrowser-launcher/pull/256) Merged upstream, cherry-picked in 0.2.6-3 that already migrated to testing. Cheers, -- intrigeri