Merge ~locnnil/ubuntu/+source/ntpsec:fix-ntpsec-apparmor into ubuntu/+source/ntpsec:ubuntu/devel

Proposed by Lincoln Wallace
Status: Work in progress
Proposed branch: ~locnnil/ubuntu/+source/ntpsec:fix-ntpsec-apparmor
Merge into: ubuntu/+source/ntpsec:ubuntu/devel
Diff against target: 47 lines (+16/-1)
3 files modified
debian/apparmor-profile (+4/-0)
debian/changelog (+10/-0)
debian/control (+2/-1)
Reviewer Review Type Date Requested Status
Andreas Hasenack Needs Fixing
Ubuntu Sponsors Pending
Review via email: mp+474025@code.launchpad.net

Commit message

Add complementary AppArmor rule

Description of the change

While creating AppArmor rules for linuxptp services, a denial on ntp binary package profile was catched that was preventing timemaster from start correctly.

To post a comment you must log in.
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

This looks good. A few comments:

a) Please also run update-maintainer, since this is adding a delta do a package that was so far in sync with debian. That will replace the maintainer in d/control to be ubuntu

b) Given the above, it would also be useful to send this change to debian, via a bug report to linuxptp[1], and/or a merge proposal in salsa[2]. I don't know which one the linuxptp maintainer prefers, but a bug report is always a good bet, and a PR would be a nice bonus. This is not a blocker for uploading to Ubuntu, though, and can happen in parallel. When/If debian takes the change, we can make the package a sync again.

c) Since we are so close to final freeze[3], I think this change needs a launchpad bug report against linuxptp as well, describing what is failing and how to trigger it. linuxptp is not seeded, and is in universe, and this is a bug fix, so I think uploading now is still fine, but a bug report will make the release team's job in checking what is going on much easier. Once you have that, don't forget to mention it in the d/changelog entry.

1. https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=no&src=linuxptp
2. https://salsa.debian.org/multimedia-team/linuxptp

review: Needs Fixing
efe33d0... by Lincoln Wallace

* Add ubuntu maintainers

  - d/control: update maintainers, add ubuntu maintainers

Signed-off-by: Lincoln Wallace <email address hidden>

7607995... by Lincoln Wallace

changelog

Signed-off-by: Lincoln Wallace <email address hidden>

Revision history for this message
Lincoln Wallace (locnnil) wrote :

Thanks for the comments!

a) Done!

b) Right, I'm going to discuss that with my team, and we're going to decide which actions are going to be taken based on this, thank you.

c) Done, I've just created the bug: LP:#2083458 and liked to this merge proposal.

Revision history for this message
Farshid Tavakolizadeh (farshidtz) wrote :

To be clear, this is a fix for ntpsec, which will only become an issue if linuxptp's timemaster gets confined[1] and tries to use ntp as it's time backend.

I agree that this change could be applied upstream[2] to avoid a delta.

There is no urgency in getting this merged in time for Oracular.

1. https://code.launchpad.net/~locnnil/ubuntu/+source/linuxptp/+git/linuxptp/+merge/473653
2. https://salsa.debian.org/debian/ntpsec

Revision history for this message
Julian Andres Klode (juliank) wrote :

I prefer not to merge this until it becomes absolutely necessary (after linuxptp is merged) and if a delta can't be avoided as this package is in universe and it's not clear anyone is paying attention to merging future versions of it.

That said this has been on the sponsorship queue for 2 months already and that's not helping either

Unmerged commits

7607995... by Lincoln Wallace

changelog

Signed-off-by: Lincoln Wallace <email address hidden>

efe33d0... by Lincoln Wallace

* Add ubuntu maintainers

  - d/control: update maintainers, add ubuntu maintainers

Signed-off-by: Lincoln Wallace <email address hidden>

15569da... by Lincoln Wallace

* Add complementary AppArmor rule (LP:#2083458)

  - d/apparmor-profile: Add aa rule to enable read access of timemaster config files

Signed-off-by: Lincoln Wallace <email address hidden>

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/apparmor-profile b/debian/apparmor-profile
2index a6224ba..e9123d2 100644
3--- a/debian/apparmor-profile
4+++ b/debian/apparmor-profile
5@@ -78,6 +78,10 @@
6 # To sign replies to MS-SNTP clients by the smbd daemon /var/lib/samba
7 /var/lib/samba/ntp_signd/socket rw,
8
9+ # Allow reading the ntpd configuration file that timemaster(8)
10+ # generates, along with any other config files and sockets.
11+ @{run}/timemaster/* r,
12+
13 # For use with clocks that report via shared memory (e.g. gpsd),
14 # you may need to give ntpd access to all of shared memory, though
15 # this can be considered dangerous. See https://launchpad.net/bugs/722815
16diff --git a/debian/changelog b/debian/changelog
17index ac5f5b7..f5f53f6 100644
18--- a/debian/changelog
19+++ b/debian/changelog
20@@ -1,3 +1,13 @@
21+ntpsec (1.2.3+dfsg1-3ubuntu1) oracular; urgency=medium
22+
23+ * Add complementary AppArmor rule (LP:#2083458)
24+ - d/apparmor-profile: Add aa rule to enable read access of timemaster config files
25+
26+ * Add ubuntu maintainers
27+ - d/control: update maintainers, add ubuntu maintainers
28+
29+ -- Lincoln Wallace <lincoln.wallace@canonical.com> Tue, 01 Oct 2024 19:26:14 -0300
30+
31 ntpsec (1.2.3+dfsg1-3) unstable; urgency=low
32
33 [ Joachim Kross ]
34diff --git a/debian/control b/debian/control
35index e6a1112..d5c3555 100644
36--- a/debian/control
37+++ b/debian/control
38@@ -1,7 +1,8 @@
39 Source: ntpsec
40 Section: net
41 Priority: optional
42-Maintainer: Richard Laager <rlaager@debian.org>
43+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
44+XSBC-Original-Maintainer: Richard Laager <rlaager@debian.org>
45 Build-Depends: asciidoctor,
46 bison,
47 debhelper-compat (= 13),

Subscribers

People subscribed via source and target branches