diff options
Diffstat (limited to 'debian/patches/apparmor-gnupg-tofu.diff')
-rw-r--r-- | debian/patches/apparmor-gnupg-tofu.diff | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/debian/patches/apparmor-gnupg-tofu.diff b/debian/patches/apparmor-gnupg-tofu.diff new file mode 100644 index 0000000000..a2ee52f404 --- /dev/null +++ b/debian/patches/apparmor-gnupg-tofu.diff @@ -0,0 +1,28 @@ +From: Benjamin Barenblat <bbaren@google.com> +Subject: Support tofu+pgp trust model in GnuPG +Bug-Debian: https://bugs.debian.org/955271 +Forwarded: no + +GnuPG supports a trust-on-first-use layer that sits on top of the +standard PGP trust model. If this is enabled, 'gpg --list-keys' needs +write and lock permissions on the TOFU database to return any useful +data. Allow this access through AppArmor. + +--- libreoffice-7.1.2.2/sysui/desktop/apparmor/program.soffice.bin ++++ libreoffice-7.1.2.2/sysui/desktop/apparmor/program.soffice.bin +@@ -2,6 +2,7 @@ + # + # Copyright (C) 2016 Canonical Ltd. + # Copyright (C) 2018 Software in the Public Interest, Inc. ++# Copyright (C) 2021 Google LLC + # + # This Source Code Form is subject to the terms of the Mozilla Public + # License, v. 2.0. If a copy of the MPL was not distributed with this +@@ -215,6 +216,7 @@ profile gpg { + + owner @{HOME}/.gnupg/* r, + owner @{HOME}/.gnupg/random_seed rk, ++ owner @{HOME}/.gnupg/tofu.db rwk, + } + + # probably should become a subprofile like gpg above, but then it doesn't |