[pkg-apparmor] Bug#934735: Bug#934735: Bug#934735: dh-apparmor: please improve dh integration
Andrej Shadura
andrewsh at debian.org
Fri Feb 5 17:07:10 GMT 2021
Hi,
On Fri, 5 Feb 2021, at 17:54, Andrej Shadura wrote:
> On Fri, 5 Feb 2021, at 17:45, intrigeri wrote:
> > intrigeri (2019-12-11):
> > > Could you please describe what problem this solution would solve?
> > > One way to explain this could be to show us how you envision this
> > > improved integration would be used in a package, compared to the
> > > status quo.
> > Ping? :)
> I was thinking I should actually find time for this :D
I’ll start with explaining the idea.
The status quo is:
* Each profile needs to be installed manually
* dh_apparmor needs to be told which profiles to use
* dh_apparmor needs to be told to only run on specific packages
* override_* or execute_after_* are mandatory
My proposal is:
* For dh compat level <= 13:
- allow running dh_apparmor without arguments;
- without arguments, scan binary packages for apparmor profiles and use their names automatically
- dh_apparmor can be enabled with --with=apparmor or B-D: dh-sequence-apparmor
- without arguments, dh_apparmor only generates maintainer scripts for packages with apparmor profiles
- with arguments, dh_apparmor does everything like it does now, no changes
* For dh compat level 14:
- as above, but with arguments, only generate maintainer scripts for the corresponding binary packages
The above will allow processing apparmor profiles without extra rules in d/rules, while maintaining compatibility with existing packages.
--
Cheers,
Andrej
More information about the pkg-apparmor-team
mailing list