[pkg-apparmor] Bug#1039668: apparmor: prompting due to modified conffiles which were not modified by the user: /etc/apparmor.d/abstractions/ubuntu-browsers.d/chromium-browser

[intrigeri]

Hi,

Andreas Beckmann (2023-06-28):
> This bug only manifests if the test system originated in jessie and had
> apparmor-profiles from jessie installed before it got upgraded release
> by release until bookworm.

Indeed, before 3.0.0-1, apparmor-profiles.postinst did that:

        if [ ! -e /etc/apparmor.d/abstractions/ubuntu-browsers.d/chromium-browser ]; then
            cp /usr/share/apparmor/extra-profiles/abstractions/ubuntu-browsers.d/chromium-browser /etc/apparmor.d/abstractions/ubuntu-browsers.d || true
        fi

This code snippet was removed in 3.0.0-1 but at the same time,
upstream changed made it so we started shipping
/etc/apparmor.d/abstractions/ubuntu-browsers.d/chromium-browser in the
apparmor binary package, which causes the conflict.

This abstraction is only used by the upstream chromium_browser
profile, which we don't ship.

So I'm going to solve this bug in the simplest possible way: stop
shipping the offending
/etc/apparmor.d/abstractions/ubuntu-browsers.d/chromium-browser.

(Ideally, on top of this apparmor-profile should remove its own copy
on upgrades, but that's much less important, so I'm not going to
fiddle with this right now.)

For additional context, all this stuff has never been really
maintained in Debian proper; it was once used by Ubuntu, together with
their own AppArmor profile for Chromium, but since they moved to
shipping Chromium as a Snap and don't use this AppArmor
policy anymore.

Cheers,
-- 
intrigeri