Package: thunderbird
Version: 1:52.5.0-1~deb8u1
Severity: normal
Tags: upstream
User: pkg-apparmor-t...@lists.alioth.debian.org
Usertags: help-needed
Dear Maintainer,
I have tried to use latest upstream Thunderbird profile available in
Debin VCS-Git on Debian Jessie (where this profile will ship I
presume) and got this error:
```
$ sudo sudo aa-enforce /etc/apparmor.d/usr.bin.thunderbird
Setting /etc/apparmor.d/usr.bin.thunderbird to enforce mode.
Traceback (most recent call last):
File "/usr/sbin/aa-enforce", line 30, in <module>
tool.cmd_enforce()
File "/usr/lib/python3/dist-packages/apparmor/tools.py", line
166, in cmd_enforce
raise apparmor.AppArmorException(cmd_info[1])
apparmor.common.AppArmorException: 'AppArmor parser error
for /etc/apparmor.d/usr.bin.thunderbird in
/etc/apparmor.d/usr.bin.thunderbird at line 12: syntax
error, unexpected TOK_SET_VAR, expecting TOK_OPEN\n'
```
This was due to my latest pull request [0] that made AppArmor profile
to use variable for thunderbird executable path, to reduce duplication
and to make it more flexible in the future (when coditional includes
comes, for example, for overriding stuff):
```
-profile thunderbird /usr/lib/thunderbird/thunderbird {
+profile thunderbird @{thunderbird_executable} {
```
It seems older parser does not digest this (it works fine on Debian Stretch
though).
I have added "help-needed" usertag in order to discuss how to work in the
future in this regard. Some day Buster might be too old for some profile
changes too.
Do we always test on oldest supported distro version and cap what's used
in policy file by it? Since Thunderbird profile is upstream, this might
bring conflicts with other distributions that might actual want some
latest and greatest parser features...
Or we shuld have multiple profiles versions for sid/stable/oldstable..?
But that's kinda burder for a maintainer (and policy contributors too).
Anyway, I surely can send PR to fix it, but maybe it's worth to discuss
this first.
[0]
https://gitlab.com/apparmor/apparmor-profiles/commit/f5a5587e9262dc327cfb3f0036615cfd01a3bee8
-- System Information:
Debian Release: 8.10
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=lt_LT.UTF-8, LC_CTYPE=lt_LT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages thunderbird depends on:
ii debianutils 4.4+b1
ii fontconfig 2.11.0-6.3+deb8u1
ii libatk1.0-0 2.14.0-1
ii libc6 2.19-18+deb8u10
ii libcairo2 1.14.0-2.1+deb8u2
ii libdbus-1-3 1.8.22-0+deb8u1
ii libdbus-glib-1-2 0.102-1
ii libevent-2.0-5 2.0.21-stable-2+deb8u1
ii libffi6 3.1-2+deb8u1
ii libfontconfig1 2.11.0-6.3+deb8u1
ii libfreetype6 2.5.2-3+deb8u2
ii libgcc1 1:4.9.2-10
ii libgdk-pixbuf2.0-0 2.31.1-2+deb8u6
ii libglib2.0-0 2.42.1-1+b1
ii libgtk2.0-0 2.24.25-3+deb8u2
ii libhunspell-1.3-0 1.3.3-3
ii libpango-1.0-0 1.36.8-3
ii libpangocairo-1.0-0 1.36.8-3
ii libpangoft2-1.0-0 1.36.8-3
ii libpixman-1-0 0.32.6-3
ii libstartup-notification0 0.12-4
ii libstdc++6 4.9.2-10
ii libx11-6 2:1.6.2-3+deb8u1
ii libx11-xcb1 2:1.6.2-3+deb8u1
ii libxcb-shm0 1.10-3+b1
ii libxcb1 1.10-3+b1
ii libxcomposite1 1:0.4.4-1
ii libxdamage1 1:1.1.4-2+b1
ii libxext6 2:1.3.3-1
ii libxfixes3 1:5.0.1-2+deb8u1
ii libxrender1 1:0.9.8-1+b1
ii libxt6 1:1.1.4-1+b1
ii psmisc 22.21-2
ii x11-utils 7.7+2
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages thunderbird recommends:
ii hunspell-en-us [hunspell-dictionary] 20070829-6+deb8u1
ii lightning 1:52.5.0-1~deb8u1
ii myspell-lt [myspell-dictionary] 1.2.1-4
Versions of packages thunderbird suggests:
ii apparmor 2.9.0-3
pn fonts-lyx <none>
ii libgssapi-krb5-2 1.12.1+dfsg-19+deb8u4
-- Configuration Files:
/etc/apparmor.d/usr.bin.thunderbird changed [not included]
-- no debconf information
