cups fails to install when kernel does not provide block_suspend capability

pitti, can you have a look into this? It is an AppArmor issue.

Jamie, as you added this, do you have a recommendation how to ignore it if the capability doesn't exist on the system? Or should AppArmor itself be fixed to not stumble over nonexisting deny capabilities?

There is not a way to 'ignore it if the capability doesn't exist on the system'. We might be able to adjust the parser, but that might not be desirable for a number of reasons.

I don't understand how this is happening-- this capability rule should only exist in 12.10's profile, yet 12.10 kernels have this capability. Can you describe the test environment?

> I don't understand how this is happening
For example this bug maybe reproduced if you replace "precise" to "quantal" in sources.list and run aptitude dist-upgrade.

RussionNeuroMancer,

Ah, yes. While cups.postinst uses 'apparmor_parser -r -T -W "$APP_PROFILE" || true' so this shouldn't fail, the upstart job uses /sbin/apparmor_parser -r -W "$profile" which would fail.

This is an important bug that will affect upgrades from 12.04 LTS to 12.10.

Minimal patch to /lib/init/apparmor-profile-load to 'exit 0' on apparmor_parser errors.

Hello Ted, or anyone else affected,

Accepted upstart into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/upstart/1.5-0ubuntu9 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Uploaded to quantal-proposed.

I can reproduce the failure of cups to start, but have not been able to reproduce upgrading from 12.04 to 12.10.

Downgrading the priority for now. I still believe we should fix this in an SRU because this is the 3rd bug we've seen on this, so people are hitting it.

This bug was fixed in the package upstart - 1.5-0ubuntu9

---------------
upstart (1.5-0ubuntu9) quantal-proposed; urgency=low

  * debian/apparmor-profile-load: exit 0 if apparmor_parser fails to not
    block upgrades (errors will still be logged by upstart). This can be
    removed once apparmor_parser better deals with new policy on old kernels
    - LP: #1058356
 -- Jamie Strandboge <email address hidden> Fri, 12 Oct 2012 13:54:10 -0500

It looks like cups need a versioned depend on quantal's apparmor as well, or else you can get into the state where apparmor is precise, and cups is quantal. This happened after an upgrade failed for other reasons and I tried to continue the installs.

The upstart package in quantal-proposed was released so removing the verification-needed tag.

quantal has seen the end of its life and is no longer receiving any updates. Marking the quantal task for this ticket as "Won't Fix".