[pkg-apparmor] Bug#769146: openntpd: fails to upgrade from 'sid' - trying to overwrite /etc/apparmor.d/usr.sbin.ntpd

[intrigeri]

Hi,

Andreas Beckmann wrote (11 Nov 2014 19:20:37 GMT) :
>   Selecting previously unselected package openntpd.
>   Preparing to unpack .../openntpd_20080406p-11_amd64.deb ...
>   Unpacking openntpd (20080406p-11) ...
>   dpkg: error processing archive /var/cache/apt/archives/openntpd_20080406p-11_amd64.deb (--unpack):
>    trying to overwrite '/etc/apparmor.d/usr.sbin.ntpd', which is also in package apparmor-profiles-extra 1.4
>   Errors were encountered while processing:
>    /var/cache/apt/archives/openntpd_20080406p-11_amd64.deb

The ntp and openntpd packages both ship /usr/sbin/ntpd, and rightfully
conflict with each other. Since we have a 1-to-1 mapping between
absolute binary names and AppArmor profile (unless we bother confining
stuff via the initscript or systemd unit file, the later not being
supported in sid yet), I think the conflict must be reflected in the
packages that ship the AppArmor profiles. So I see a few solutions:

1. Have openntpd conflict with apparmor-profiles-extra. This would be
   sad, since it prevents openntpd users from benefiting from other,
   unrelated profiles shipped in apparmor-profiles-extra. OTOH this is
   very easy and can be temporary, until we can e.g. rename the
   profile shipped by openntpd to e.g. system_openntpd, and apply it
   with AppArmorProfile= (see systemd.exec(5), that should be possible
   soon after Jessie 8.1 is out.

2. Remove usr.sbin.ntpd from apparmor-profiles-extra or from openntpd.
   Same as above, this can be temporary, until systemd v210+ reaches
   sid and we have nicer solutions.

3. Move the usr.sbin.ntpd profile from apparmor-profiles-extra to ntp.
   This seems to be the obvious best long-term solution, I think.

Thoughts, opinions, volunteers?

Dererk: I have added the 'help-needed' usertag for
user=pkg-apparmor-team at lists.alioth.debian.org, so that this bug is on
the AppArmor team's radar.

Cheers,
--
intrigeri