[pkg-apparmor] Bug#829030: dh_apparmor snippet requires 2.10.95-2

Guido Günther agx at sigxcpu.org
Thu Jun 30 09:14:50 UTC 2016


Hi,
On Thu, Jun 30, 2016 at 10:30:12AM +0200, intrigeri wrote:
[..snip..]
> So far, we've managed to avoid the need for packages that ship
> AppArmor profiles (and use dh-apparmor) to depend on the apparmor
> package itself. I'd like to keep it this way (e.g. for #702030),

That's nice and it would be great to keep it that way - didn't think
about this when filing the report, sorry.

> so here are the best cheap solutions I could think of:
> 
> a. re-add the "aa-status --enabled" -based code as a fallback, that
>    would be used when aa-enabled is not present. This should
>    facilitate upgrades from Jessie to Stretch, as well as partial
>    testing/sid upgrades, and can be dropped once Stretch and next
>    Ubuntu LTS are released;
> 
> b. move aa-enabled to a separate binary package, that dh-apparmor
>    snippets can add a dependency on;
> 
> c. simply revert to using "aa-status --enabled" in
>    debian/debhelper/postinst-apparmor
> 
> I'm personally tempted to go with (a), since it seems to give us the
> best of both worlds: a nicer implementation (compared to c), but
> without additional long-term maintenance costs (compared to b).

Not that my opinion is relevant here but a) sounds best to me too.

Cheers,
 -- Guido



More information about the pkg-apparmor-team mailing list