ubuntu-appstore-developers team mailing list archive

Thread
Date

Re: Running scripts where host_version != click_framework_version

To: ubuntu-appstore-developers@xxxxxxxxxxxxxxxxxxx
From: Jamie Strandboge <jamie@xxxxxxxxxxxxx>
Date: Tue, 10 Jun 2014 15:30:41 -0500
In-reply-to: <539763B3.6020206@ubuntu.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0

On 06/10/2014 02:59 PM, Daniel Holbach wrote:
> Hello everybody,
> 
> I had a discussion with Jamie about backporting click-reviewers-tools to trusty
> (and maybe saucy - do we still need this?). It requires a backport of
> apparmor-easyprof-ubuntu (for a check using the framework definition at least).
> If we expect apparmor-easyprof-ubuntu to completely work on a system like this
> as well, we'd need to backport apparmor too.
> 
> The issue we're seeing right now, is that only a reviewer using utopic can
> review apps using the ubuntu-sdk-14.04* frameworks. On other releases you'll get
> a "unrecognised framework" error.
> 
> One solution I could think of might be to split out all data files (including
> framework definitions) into a "-data" style package which could be pulled in
> from elsewhere as well, but I don't know all the details, so this might be the
> wrong approach.
> 

I thought about this too, but the problem with a -data package is that package
is likely going to be pulled in on some of the systems with click-reviewers
tools installed. I think this will leave a lot of corner cases.

An idea I had was to make click-reviewers-tools entirely self-contained. Ie, it
ships the policy files in its own click-reviewers-tools directory along with all
the frameworks it wants to support. This does add a maintenance burden, but I
don't think too much. We could automate slurping in the bits we embed in the
package. This has a lot of benefits:
 * it works easily with the SDK (they don't need a separate chroot)
 * we don't have to install different frameworks on the machine doing the
   reviewing
 * we don't have to install new apparmor policy and/or apparmor on the machine
   doing the reviewing
 * SRUs or -backports are pretty simple
 * the automated reviews machine can stay on an LTS

I would have to spend some time on cr_security.py to make this work, but all the
pieces are there for it (ie, I shouldn't have to change anything besides click
reviewers tools themselves). The frameworks tests currently all look in the
click frameworks directory so this can be easily changed too.

-- 
Jamie Strandboge                 http://www.ubuntu.com/

Attachment: signature.asc
Description: OpenPGP digital signature

Follow ups

Re: Running scripts where host_version != click_framework_version
From: Martin Albisetti, 2014-06-11

References

Running scripts where host_version != click_framework_version
From: Daniel Holbach, 2014-06-10