[pkg-apparmor] Bug#934735: Bug#934735: dh-apparmor: please improve dh integration

[intrigeri]

Hi,

thanks for the quick answer. For now I'll focus on Andrej's plans
(not potential future improvements) and the bits I know best,
leaving it to Andrej to reply about the other aspects :)

Niels Thykier (2021-02-06):
> intrigeri:
> As I read dh_apparmor, it generates maintscript based on the
> --profile-name parameter.  That name must match a file installed
> in /etc/apparmor.d (of same name).  This implies that something else
> have (or will) install the actual file into /etc/apparmor.d.
>
>  => Is this correctly understood?

Right.

>> Possible improvements for further iterations, definitely not blocking
>> this plan IMO, i.e. food for future thought:
>> 
>>  - Either drop support for --profile-name or, if for some reason it's
>>    still needed, support declarative syntax to configure it.
>> 
>
> What about manifests?  We can have them declarative by providing them in
> a "guessible" location (e.g. debian/apparmor-manifests/<foo> would match
> debian/.../etc/apparmor.d/<foo>).  But that implies that "omission"
> (including accidental) is silently accepted as "no manifest".
>   I do not know the consequence of that, so I cannot say if this
> approach is good or not.

FTR, I've not found any trace of a package in the archive using
the --manifest=manifestfile facility.

> Accordingly, I am not going to take a decision in the near future
> about whether dh_apparmor should be enabled by default via debhelper
> itself.

Fully agreed, this was merely food for thought for potential future
iterations :)