diff --git a/debian/changelog b/debian/changelog index cb336e6f..6471e288 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +livecd-rootfs (2.351) xenial; urgency=medium + + * live-build/ubuntu-core/hooks/21-snappy-security-policy-stamp.chroot: + - create a /usr/share/snappy/security-policy-version so that + snappy can re-generate the security profiles if any of the versions + of apparmor or ubuntu-core-security-* changes + + -- Michael Vogt Wed, 04 Nov 2015 08:45:49 +0100 + livecd-rootfs (2.350) xenial; urgency=medium [ Oliver Grawert ] diff --git a/live-build/ubuntu-core/hooks/21-snappy-security-policy-stamp.chroot b/live-build/ubuntu-core/hooks/21-snappy-security-policy-stamp.chroot new file mode 100644 index 00000000..4a2f11b4 --- /dev/null +++ b/live-build/ubuntu-core/hooks/21-snappy-security-policy-stamp.chroot @@ -0,0 +1,18 @@ +#!/bin/sh +# +# Create the security policy version file. Its important that the file +# content changes every time an of the "apparmor" or "seccomp" policies +# (or its generators) get updated. +# +# snappy will use this file for its "snappy policygen --regenerate-all" +# systemd unit. It will store the security-policy-version file on each +# --regenerate-all call. On each boot it will compare the stored version +# with the version on the image and if they are different regenerate the +# policies + +set -e + + +echo "create security policy version" >&2 +mkdir -p /usr/share/snappy/ +apt list --installed apparmor ubuntu-core-security-* > /usr/share/snappy/security-policy-version