ubuntu-appstore-developers team mailing list archive
-
ubuntu-appstore-developers team
-
Mailing list archive
-
Message #00858
Re: Running scripts where host_version != click_framework_version
On 06/10/2014 02:59 PM, Daniel Holbach wrote:
> Hello everybody,
>
> I had a discussion with Jamie about backporting click-reviewers-tools to trusty
> (and maybe saucy - do we still need this?). It requires a backport of
> apparmor-easyprof-ubuntu (for a check using the framework definition at least).
> If we expect apparmor-easyprof-ubuntu to completely work on a system like this
> as well, we'd need to backport apparmor too.
>
> The issue we're seeing right now, is that only a reviewer using utopic can
> review apps using the ubuntu-sdk-14.04* frameworks. On other releases you'll get
> a "unrecognised framework" error.
>
> One solution I could think of might be to split out all data files (including
> framework definitions) into a "-data" style package which could be pulled in
> from elsewhere as well, but I don't know all the details, so this might be the
> wrong approach.
>
I thought about this too, but the problem with a -data package is that package
is likely going to be pulled in on some of the systems with click-reviewers
tools installed. I think this will leave a lot of corner cases.
An idea I had was to make click-reviewers-tools entirely self-contained. Ie, it
ships the policy files in its own click-reviewers-tools directory along with all
the frameworks it wants to support. This does add a maintenance burden, but I
don't think too much. We could automate slurping in the bits we embed in the
package. This has a lot of benefits:
* it works easily with the SDK (they don't need a separate chroot)
* we don't have to install different frameworks on the machine doing the
reviewing
* we don't have to install new apparmor policy and/or apparmor on the machine
doing the reviewing
* SRUs or -backports are pretty simple
* the automated reviews machine can stay on an LTS
I would have to spend some time on cr_security.py to make this work, but all the
pieces are there for it (ie, I shouldn't have to change anything besides click
reviewers tools themselves). The frameworks tests currently all look in the
click frameworks directory so this can be easily changed too.
--
Jamie Strandboge http://www.ubuntu.com/
Attachment:
signature.asc
Description: OpenPGP digital signature
Follow ups
References