I2P_Developers/i2p.i2p
3
1
Fork 11
Code Issues 339 Pull Requests 13 Actions 2 Packages Projects Releases Wiki Activity

Debian: confine daemon with apparmor (ticket #1061)

Browse Source
This commit is contained in:
kytv
2015-02-18 22:25:24 +00:00
parent bb9cef1e40
commit 29953ea5e4
15 changed files with 323 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
build.xml
View File

@ -67,7 +67,7 @@
<echo message="The following command will install all of the dependencies for you:" /> <echo message="The following command will install all of the dependencies for you:" />
<echo message=" " /> <echo message=" " />
<echo message="apt-get install debhelper ant debconf default-jdk gettext libgmp3-dev po-debconf fakeroot build-essential \" /> <echo message="apt-get install debhelper ant debconf default-jdk gettext libgmp3-dev po-debconf fakeroot build-essential \" />
<echo message=" quilt libcommons-logging-java" /> <echo message=" quilt libcommons-logging-java dh-apparmor" />
<echo message=" " /> <echo message=" " />
<echo message="Once the dependencies are installed, run &quot;ant debian&quot;"/> <echo message="Once the dependencies are installed, run &quot;ant debian&quot;"/>
<echo message="to patch the source and build the packages." /> <echo message="to patch the source and build the packages." />

63
debian/apparmor/i2p vendored Normal file
View File

@ -0,0 +1,63 @@
# Last Modified: Thu Jan 29 03:17:01 2015
# vim:syntax=apparmor et ts=4 sw=4
#include <abstractions/base>
#include <abstractions/fonts>
#include <abstractions/nameservice>
#include <abstractions/ssl_certs>
#include <abstractions/user-tmp>
network inet stream,
network inet6 stream,
# Needed for Java
@{PROC} r,
@{PROC}/[0-9]*/net/if_inet6 r,
@{PROC}/[0-9]*/net/ipv6_route r,
@{PROC}/[0-9]*/status r,
/dev/random r,
/dev/urandom r,
/sys/devices/system/cpu/ r,
/sys/devices/system/cpu/** r,
/etc/ssl/certs/java/** r,
/etc/timezone r,
/usr/share/javazi/** r,
/etc/java-*-openjdk/** r,
/usr/lib/jvm/default-java/jre/bin/java rix,
/usr/lib/jvm/java-*-openjdk-*/jre/bin/java rix,
/usr/lib/jvm/java-*-openjdk-*/jre/lib/i386/client/classes.jsa m,
/usr/lib/jvm/java-*-openjdk-*/jre/bin/keytool rix,
# Oracle Java is needed on the Raspberry Pi and is included in Raspbian's repositories
/usr/lib/jvm/jdk-*-oracle-*/jre/bin/java rix,
/usr/lib/jvm/jdk-*-oracle-*/jre/bin/keytool rix,
# needed for I2P's graphs
/etc/fonts/** r,
/usr/share/java/java-atk-wrapper.jar r,
# I2P specific
/etc/default/i2p r,
/usr/share/i2p/** r,
# Used by some plugins
/usr/share/java/eclipse-ecj-*.jar r,
# Tanuki java wrapper
/etc/i2p/wrapper.config r,
/usr/sbin/wrapper rix,
/usr/share/java/wrapper*.jar r,
/{,var/}tmp/ rwm,
owner /{,var/}tmp/** rwklm,
# Prevent spamming the logs
deny /dev/tty rw,
deny @{PROC}/[0-9]*/fd/ r,
deny /usr/sbin/ r,
deny /var/cache/fontconfig/ wk,
# Used by some versions of the Tanuki wrapper, not needed by I2P
deny /usr/share/java/hamcrest*.jar r,
deny /usr/share/java/junit*.jar r,

15
debian/apparmor/system_i2p vendored Normal file
View File

@ -0,0 +1,15 @@
# vim:syntax=apparmor et
#include <tunables/global>
profile system_i2p {
#include <abstractions/i2p>
owner /{,lib/live/mount/overlay/}var/lib/i2p/** rwkl,
owner /{,lib/live/mount/overlay/}var/log/i2p/* rw,
owner /{,var/}run/i2p/{i2p,routerjvm}.pid rw,
owner /{,var/}run/i2p/router.ping rw,
# Site-specific additions and overrides. See local/README for details.
#include <local/system_i2p>
}

48
debian/apparmor/usr.bin.i2prouter vendored Normal file
View File

@ -0,0 +1,48 @@
# Last Modified: Thu Jan 29 03:17:01 2015
# vim:syntax=apparmor et ts=8 sw=4
#include <tunables/global>
/usr/bin/i2prouter {
#include <abstractions/i2p>
capability sys_ptrace,
/usr/bin/i2prouter r,
@{PROC}/[0-9]*/stat r,
@{PROC}/[0-9]*/cmdline r,
@{PROC}/uptime r,
@{PROC}/sys/kernel/pid_max r,
/bin/{,b,d}ash rix,
/bin/cat rix,
/bin/grep rix,
/bin/mkdir rix,
/bin/ps rix,
/bin/rm rix,
/bin/sed rix,
/bin/sleep rix,
/bin/uname rix,
/bin/which rix,
/usr/bin/{,g,m}awk rix,
/usr/bin/cut rix,
/usr/bin/dirname rix,
/usr/bin/expr rix,
/usr/bin/id rix,
/usr/bin/ldd rix,
/usr/bin/tail rix,
/usr/bin/tr rix,
@{HOME}/.java/fonts/** r,
owner @{HOME}/.i2p/ rw,
owner @{HOME}/.i2p/** rwk,
# Prevent spamming the logs
deny owner @{HOME}/.java/ wk,
deny @{HOME}/.fontconfig/ wk,
deny @{HOME}/.java/fonts/** wk,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.bin.i2prouter>
}

83
debian/changelog vendored
View File

@ -1,8 +1,87 @@
i2p (0.9.16-1) UNRELEASED; urgency=medium i2p (0.9.18-1) UNRELEASED; urgency=medium
* New upstream release * New upstream release
* Confine with AppArmor
-- Kill Your TV <killyourtv@i2pmail.org> Thu, 30 Oct 2014 20:07:50 +0000 -- Kill Your TV <killyourtv@i2pmail.org> Sun, 22 Feb 2015 00:00:00 +0000
i2p (0.9.17-1) unstable; urgency=medium
* New Upstream Version
Changes
- Signed news
- ECDSA default for new server tunnels
- Reseeding now SSL-only by default
Bug Fixes
- Fix SSU sending corrupt ack-only packets with partial bitfields
- Fix SSU inbound connection fail from non-DSA router
- Don't select incompatible peers if we are a non-DSA router
- Fix EdDSA signature verification bug
- Set I2NP lookup type flags in all cases, not just when a reply tunnel is used
- Stop i2ptunnel server acceptor thread after close
- Fix bug preventing some plugins from stopping completely
- Fix SAM v3 bug causing failures in incoming connections
Other
- Add a warning in the console sidebar if ECDSA not supported
- Log warnings for Java 6 that we will eventually require Java 7
- Don't let proxied routers auto-floodfill
- Don't resend SSU acks that are too old
- Don't publish direct info in SSU address if introducers are required
- New default opentrackers in i2psnark
- Add support for specifiying data directory per-torrent in i2psnark
- Changes in streaming accept() error behavior
- Minor blockfile format changes
- New option for persistent random key to preserve peer ordering across restarts
- Translation updates
- Update GeoIP data
-- Kill Your TV <killyourtv@i2pmail.org> Sun, 30 Nov 2014 22:20:06 +0000
i2p (0.9.16-1) unstable; urgency=medium
* New Upstream Version
- Add support for stronger Router Info signatures
- Encrypt RI lookups and responses on faster boxes
- Require I2CP authorization for all messages when enabled (requires 0.9.11
or higher client)
- Disable TLSv3 and older ciphers for reseeding and other uses of SSL
- Use ECDSA by default for i2ptunnel IRC, SOCKS-IRC, and standard client
tunnels
- Don't prefer floodfills in some countries
- New column sorting, set-all priority buttons, and upload ratio display in
i2psnark
- Increase i2psnark tunnel default to 3 hops
- Implement bundling of multiple fragments in a single SSU message for
efficiency
- New add-to-addressbook links on netdb leaseset page
- Implement I2NP DatabaseLookupMessage search type field to improve lookup
efficiency
- CPUID fixes and updates for recent processors
- i2psnark fix magnet links with %-encoding
- Improve handling of SSU socket closing out from under us (hopefully fix
100% CPU)
- SSU bitfield handling fixes
- Fix HTTP header issues in i2psnark
- Fix rare NPE when building garlic message
- Fix console lockups (hopefully)
- Fix i2ptunnel js confirm-delete
- Move router data structures from i2p.jar to router.jar (breaks i2pcontrol
plugin)
- New router keys now stored in router.keys.dat (privKeys.dat format)
instead of router.keys
- Improve handling of unsupported encryption throughout
- More error checking of client I2CP messages by the router
- Initial work on hooks for pluggable transports
- Enforce request timestamp in tunnel build messages
- Re-enable message status in streaming, but treat no leaseset as a soft
failure for now
- Return unused DH keypairs to the pool for efficiency
- Raise failsafe tagset limit and improve deletion strategy when hit
- Change eepsite Jetty threadpool and queue configuration
- NTCP establishment refactoring in prep for NTCP2 and PT
- Jetty 8.1.16-v20140903
- Translation updates
- Update GeoIP data
i2p (0.9.15-1) unstable; urgency=medium i2p (0.9.15-1) unstable; urgency=medium

7
debian/control vendored
View File

@ -1,7 +1,7 @@
Source: i2p Source: i2p
Maintainer: Kill Your TV <killyourtv@i2pmail.org> Maintainer: Kill Your TV <killyourtv@i2pmail.org>
Section: net Section: net
Standards-Version: 3.9.5 Standards-Version: 3.9.6
Priority: optional Priority: optional
Bugs: mailto:killyourtv@i2pmail.org Bugs: mailto:killyourtv@i2pmail.org
Homepage: https://geti2p.net Homepage: https://geti2p.net
@ -10,6 +10,7 @@ Build-Depends: debhelper (>= 7.0.50~)
,ant-optional ,ant-optional
,debconf ,debconf
,default-jdk | openjdk-7-jdk | openjdk-6-jdk ,default-jdk | openjdk-7-jdk | openjdk-6-jdk
,dh-apparmor
,gettext ,gettext
,libgmp3-dev ,libgmp3-dev
# uncomment the next line for official builds # uncomment the next line for official builds
@ -71,7 +72,7 @@ Architecture: all
Section: net Section: net
Priority: optional Priority: optional
Depends: ${misc:Depends}, ${java:Depends}, ${shlibs:Depends}, Depends: ${misc:Depends}, ${java:Depends}, ${shlibs:Depends},
openjdk-7-jre-headless | openjdk-6-jre-headless | default-jre-headless | java7-runtime-headless | java6-runtime-headless, libecj-java openjdk-8-jre-headless | openjdk-7-jre-headless | openjdk-6-jre-headless | default-jre-headless | java8-runtime-headless | java7-runtime-headless | java6-runtime-headless, libecj-java
Replaces: i2p ( << 0.8.6-5) Replaces: i2p ( << 0.8.6-5)
Breaks: i2p (<< 0.8.6-5) Breaks: i2p (<< 0.8.6-5)
Recommends: libjbigi-jni, ttf-dejavu Recommends: libjbigi-jni, ttf-dejavu
@ -86,7 +87,7 @@ Suggests: tor
,mail-reader ,mail-reader
,news-reader ,news-reader
,polipo ,polipo
,privox ,privoxy
,robert ,robert
,syndie ,syndie
,www-browser ,www-browser

14
debian/i2p.config vendored
View File

@ -1,4 +1,6 @@
#!/bin/sh -e #!/bin/sh
set -e
# I2P package configuration script # I2P package configuration script
conffile="/etc/default/i2p" conffile="/etc/default/i2p"
@ -10,16 +12,17 @@ if [ -e $conffile ]; then
. $conffile . $conffile
# wrapper.config always takes priority # wrapper.config always takes priority
MEMORYLIMIT=$(sed -e '/^wrapper\.java\.maxmemory/!d' -e 's/^wrapper\.java\.maxmemory\ *=\ *//' /etc/i2p/wrapper.config) MEMORYLIMIT=$(awk -F= '/^wrapper\.java\.maxmemory/{print $2}' /etc/i2p/wrapper.config)
db_set i2p/daemon "$RUN_DAEMON" db_set i2p/daemon "$RUN_DAEMON"
db_set i2p/user "$I2PUSER" db_set i2p/user "$I2PUSER"
db_set i2p/memory "$MEMORYLIMIT" db_set i2p/memory "$MEMORYLIMIT"
db_set i2p/aa "$CONFINE_WITH_APPARMOR"
fi fi
db_input medium i2p/daemon || true db_input medium i2p/daemon || true
db_go db_go
db_get i2p/daemon || true db_get i2p/daemon || true
if [ "$RET" = "true" ]; then if [ "$RET" = "true" ]; then
db_input medium i2p/user || true db_input medium i2p/user || true
@ -28,3 +31,8 @@ fi
db_input medium i2p/memory || true db_input medium i2p/memory || true
db_go db_go
db_input medium i2p/aa || true
db_go
# vim: tabstop=8 expandtab shiftwidth=4 softtabstop=4

1
debian/i2p.dirs vendored Normal file
View File

@ -0,0 +1 @@
etc/apparmor.d/abstractions

50
debian/i2p.init vendored
View File

@ -32,6 +32,7 @@ WRAPPERLOG="/var/log/i2p/wrapper.log"
RUN_DAEMON="False" RUN_DAEMON="False"
NICE=0 NICE=0
I2PUSER="i2psvc" I2PUSER="i2psvc"
USE_AA="yes"
I2P_ARGS="/etc/i2p/wrapper.config \ I2P_ARGS="/etc/i2p/wrapper.config \
wrapper.java.additional.1=-DloggerFilenameOverride=/var/log/i2p/log-router-@.txt \ wrapper.java.additional.1=-DloggerFilenameOverride=/var/log/i2p/log-router-@.txt \
@ -43,31 +44,18 @@ I2P_ARGS="/etc/i2p/wrapper.config \
wrapper.java.pidfile=$JVMPIDFILE \ wrapper.java.pidfile=$JVMPIDFILE \
wrapper.daemonize=TRUE" wrapper.daemonize=TRUE"
[ -r /lib/lsb/init-functions ] && . /lib/lsb/init-functions . /lib/lsb/init-functions
[ -r /lib/init/vars.sh ] && . /lib/init/vars.sh . /lib/init/vars.sh
for ENV_FILE in /etc/environment /etc/default/locale; do for ENV_FILE in /etc/environment /etc/default/locale; do
[ -r "$ENV_FILE" ] || continue [ -r "$ENV_FILE" ] || continue
[ -s "$ENV_FILE" ] || continue [ -s "$ENV_FILE" ] || continue
for var in LANG LANGUAGE LC_ALL LC_CTYPE; do for var in LANG LANGUAGE LC_ALL LC_CTYPE; do
value=`egrep "^${var}=" "$ENV_FILE" | tail -n1 | cut -d= -f2` value=`egrep "^${var}=" "$ENV_FILE" | tail -n1 | cut -d= -f2`
[ -n "$value" ] && eval export $var=$value [ -n "$value" ] && eval export $var=$value
# This is commented out for Ubuntu: Ubuntu still creates
# /etc/environment in the most recent release
# (currently 'Precise').
#
# TODO Add logic to automatically handle this
#
# Commented for Ubuntu since PPA packages 0.9-1$DISTRO1.
# Packages for Debian systems will have this stanza uncommented.
#
# if [ -n "$value" ] && [ "$ENV_FILE" = /etc/environment ]; then
# log_warning_msg "/etc/environment has been deprecated for locale information; use /etc/default/locale for $var=$value instead"
# fi
done done
done done
@ -111,8 +99,29 @@ do_start()
fi fi
chown -Rf $I2PUSER:$I2PUSER $I2PTEMP $RUN > /dev/null 2>&1 chown -Rf $I2PUSER:$I2PUSER $I2PTEMP $RUN > /dev/null 2>&1
chown -f -R $I2PUSER:i2psvc /var/log/$NAME > /dev/null 2>&1 chown -f -R $I2PUSER:i2psvc /var/log/$NAME > /dev/null 2>&1
TZ=UTC start-stop-daemon --start --quiet -c $I2PUSER --pidfile $PIDFILE --exec $DAEMON -n $NICE -- \ if [ "$USE_AA" = "yes" ] && \
$I2P_ARGS || return 2 [ -x /usr/sbin/aa-status ] && \
[ -x /usr/sbin/aa-exec ] && \
[ -e /etc/apparmor.d/system_i2p ] && \
/usr/sbin/aa-status --enabled ; then
AA="--startas /usr/sbin/aa-exec"
AA_ARGS="--profile=system_i2p -- $DAEMON"
else
AA=""
AA_ARGS=""
fi
TZ=UTC start-stop-daemon --start --quiet --chuid $I2PUSER --pidfile $PIDFILE $AA --exec $DAEMON --nicelevel $NICE -- \
$AA_ARGS $I2P_ARGS || return 2
# FIXME Temporary hack
# Files from /usr/share/i2p should have been copied, if need be, well before the 15 seconds are up.
if [ ! -f /var/lib/i2p/i2p-config/.perms ] && [ $I2PUSER = "i2psvc" ]; then
sleep 15
find /var/lib/i2p/ -type d -exec chmod 770 {} \;
find /var/lib/i2p/ -type f -exec chmod 660 {} \;
touch /var/lib/i2p/i2p-config/.perms
fi
} }
do_stop() do_stop()
@ -124,7 +133,8 @@ do_stop()
start-stop-daemon --stop --quiet --oknodo --retry=0/60/KILL/20 --exec $DAEMON start-stop-daemon --stop --quiet --oknodo --retry=0/60/KILL/20 --exec $DAEMON
rm -rf "$I2PTEMP" > /dev/null 2>&1 rm -rf "$I2PTEMP" > /dev/null 2>&1
[ -d "$RUN" ] && rmdir --ignore-fail-on-non-empty "$RUN" > /dev/null 2>&1 [ -d "$RUN" ] && rm -f "$RUN/*" > /dev/null 2>&1
[ -d "$RUN" ] && rmdir "$RUN" > /dev/null 2>&1
} }
do_dump() do_dump()

3
debian/i2p.install vendored
View File

@ -1,3 +1,6 @@
pkg-temp/i2prouter usr/bin pkg-temp/i2prouter usr/bin
pkg-temp/wrapper.config etc/i2p pkg-temp/wrapper.config etc/i2p
pkg-temp/locale usr/share/i2p pkg-temp/locale usr/share/i2p
debian/apparmor/i2p etc/apparmor.d/abstractions
debian/apparmor/usr.bin.i2prouter etc/apparmor.d
debian/apparmor/system_i2p etc/apparmor.d

35
debian/i2p.postinst vendored
View File

@ -6,7 +6,7 @@ I2PHOME=/var/lib/i2p
I2PSYSUSER=i2psvc I2PSYSUSER=i2psvc
conffile="/etc/default/i2p" conffile="/etc/default/i2p"
systemdservice="/lib/systemd/system/i2p.service" #systemdservice="/lib/systemd/system/i2p.service"
# Source debconf library -- we have a Depends line # Source debconf library -- we have a Depends line
# to make sure it is there... # to make sure it is there...
@ -25,6 +25,7 @@ case "$1" in
echo >> $conffile echo >> $conffile
echo "RUN_DAEMON=" >> $conffile echo "RUN_DAEMON=" >> $conffile
echo "I2PUSER=" >> $conffile echo "I2PUSER=" >> $conffile
echo "CONFINE_WITH_APPARMOR=" >> $conffile
echo "# The next value is also wrapper.java.maxmemory in /etc/i2p/wrapper.config" >> $conffile echo "# The next value is also wrapper.java.maxmemory in /etc/i2p/wrapper.config" >> $conffile
echo "MEMORYLIMIT=" >> $conffile echo "MEMORYLIMIT=" >> $conffile
fi fi
@ -35,6 +36,8 @@ case "$1" in
I2PUSER="$RET" I2PUSER="$RET"
db_get i2p/memory db_get i2p/memory
MEMORYLIMIT="$RET" MEMORYLIMIT="$RET"
db_get i2p/aa
CONFINE_WITH_APPARMOR="$RET"
cp -a -f $conffile $conffile.tmp cp -a -f $conffile $conffile.tmp
@ -46,6 +49,8 @@ case "$1" in
echo "I2PUSER=" >> $conffile echo "I2PUSER=" >> $conffile
test -z "$MEMORYLIMIT" || grep -Eq '^ *MEMORYLIMIT=' $conffile || \ test -z "$MEMORYLIMIT" || grep -Eq '^ *MEMORYLIMIT=' $conffile || \
echo "MEMORYLIMIT=" >> $conffile echo "MEMORYLIMIT=" >> $conffile
test -z "$CONFINE_WITH_APPARMOR" || grep -Eq '^ *CONFINE_WITH_APPARMOR=' $conffile || \
echo "CONFINE_WITH_APPARMOR=" >> $conffile
if [ -z $RUN_DAEMON ]; then if [ -z $RUN_DAEMON ]; then
RUN_DAEMON="false" RUN_DAEMON="false"
@ -57,22 +62,23 @@ case "$1" in
sed -e "s/^ *RUN_DAEMON=.*/RUN_DAEMON=\"$RUN_DAEMON\"/" \ sed -e "s/^ *RUN_DAEMON=.*/RUN_DAEMON=\"$RUN_DAEMON\"/" \
-e "s/^ *I2PUSER=.*/I2PUSER=\"$I2PUSER\"/" \ -e "s/^ *I2PUSER=.*/I2PUSER=\"$I2PUSER\"/" \
-e "s/^ *MEMORYLIMIT=.*/MEMORYLIMIT=\"$MEMORYLIMIT\"/" \ -e "s/^ *MEMORYLIMIT=.*/MEMORYLIMIT=\"$MEMORYLIMIT\"/" \
-e "s/^ *CONFINE_WITH_APPARMOR=.*/CONFINE_WITH_APPARMOR=\"$CONFINE_WITH_APPARMOR\"/" \
< $conffile > $conffile.tmp < $conffile > $conffile.tmp
mv -f $conffile.tmp $conffile mv -f $conffile.tmp $conffile
if [ -e "$systemdservice" ]; then # if [ -e "$systemdservice" ]; then
sed -e "s/User=.*/User=$I2PUSER/" < "$systemdservice" > "$systemdservice.tmp" # sed -e "s/User=.*/User=$I2PUSER/" < "$systemdservice" > "$systemdservice.tmp"
mv -f "$systemdservice.tmp" "$systemdservice" # mv -f "$systemdservice.tmp" "$systemdservice"
chmod 0644 -f "$systemdservice" # chmod 0644 -f "$systemdservice"
if [ -x /bin/systemctl ]; then # if grep -q 'systemd' /proc/1/comm > /dev/null 2>&1; then
systemctl --system daemon-reload # systemctl --system daemon-reload
if [ $RUN_DAEMON = 'true' ]; then # if [ $RUN_DAEMON = 'true' ]; then
systemctl enable i2p.service # systemctl enable i2p.service
else # else
systemctl disable i2p.service # systemctl disable i2p.service
fi # fi
fi # fi
fi # fi
sed -e "s/^ *wrapper\.java\.maxmemory=.*/wrapper\.java\.maxmemory=$MEMORYLIMIT/" \ sed -e "s/^ *wrapper\.java\.maxmemory=.*/wrapper\.java\.maxmemory=$MEMORYLIMIT/" \
< /etc/i2p/wrapper.config > /etc/i2p/wrapper.config.tmp < /etc/i2p/wrapper.config > /etc/i2p/wrapper.config.tmp
@ -117,3 +123,4 @@ esac
#DEBHELPER# #DEBHELPER#
exit 0 exit 0
# vim: tabstop=8 expandtab shiftwidth=4 softtabstop=4

7
debian/i2p.templates vendored
View File

@ -33,3 +33,10 @@ _Description: Memory that can be allocated to I2P:
. .
High bandwidth routers, as well as routers with a lot of active torrents / plugins, may High bandwidth routers, as well as routers with a lot of active torrents / plugins, may
need to have this value increased. need to have this value increased.
Template: i2p/aa
Type: boolean
Default: true
_Description: Run I2P daemon confined with AppArmor
With this option enabled I2P will be sandboxed with AppArmor, restricting which files and
directories may be accessed by I2P.

18
debian/po/templates.pot vendored
View File

@ -6,9 +6,9 @@
#, fuzzy #, fuzzy
msgid "" msgid ""
msgstr "" msgstr ""
"Project-Id-Version: PACKAGE VERSION\n" "Project-Id-Version: i2p\n"
"Report-Msgid-Bugs-To: https://trac.i2p2.de/\n" "Report-Msgid-Bugs-To: https://trac.i2p2.de/\n"
"POT-Creation-Date: 2011-12-27 22:25+0000\n" "POT-Creation-Date: 2015-02-18 22:14+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n" "Language-Team: LANGUAGE <LL@li.org>\n"
@ -74,3 +74,17 @@ msgid ""
"High bandwidth routers, as well as routers with a lot of active torrents / " "High bandwidth routers, as well as routers with a lot of active torrents / "
"plugins, may need to have this value increased." "plugins, may need to have this value increased."
msgstr "" msgstr ""
#. Type: boolean
#. Description
#: ../i2p.templates:5001
msgid "Run I2P daemon confined with AppArmor"
msgstr ""
#. Type: boolean
#. Description
#: ../i2p.templates:5001
msgid ""
"With this option enabled I2P will be sandboxed with AppArmor, restricting "
"which files and directories may be accessed by I2P."
msgstr ""

5
debian/rules vendored
View File

@ -103,6 +103,11 @@ createcopyright:
override_dh_compress: override_dh_compress:
dh_compress -X.xsl -X.xml dh_compress -X.xsl -X.xml
override_dh_install:
dh_install --list-missing
dh_apparmor --profile-name=system_i2p -pi2p
dh_apparmor --profile-name=usr.bin.i2prouter -pi2p
override_dh_installchangelogs: override_dh_installchangelogs:
dh_installchangelogs history.txt dh_installchangelogs history.txt