[pkg-apparmor] Bug#1100007: apparmor-profiles: conffiles not removed: /etc/apparmor.d/zgrep

Alban Browaeys prahal at yahoo.com
Mon Mar 31 23:29:23 BST 2025 

Control: reopen -1 

confirmed the zgrep conffile was not removed, ie I upgraded to
4.1.0~beta5-5 and still have this conffile.

This is liekly due to the "rm_conffile 4.1.0\~beta5-1\~" instead of
"rm_conffile 4.1.0`\~beta5-4\~" ie the version the rm_conffile was
intrroduced in, instead of the version it should have been added to
intiially.

man dpkg-mainscript-helper

COMMON PARAMETERS
       prior-version
           Defines the latest version of the package whose upgrade should trigger the operation.  It is important to calculate prior-version correctly so that the operations are correctly performed even if  the
           user  rebuilt  the package with a local version.  If prior-version is empty or omitted, then the operation is tried on every upgrade (note: it's safer to give the version and have the operation tried
           only once).

           If the conffile has not been shipped for several versions, and you are now modifying the maintainer scripts to clean up the obsolete file, prior-version should be based on the version of the  package
           that you are now preparing, not the first version of the package that lacked the conffile.  This applies to all other actions in the same way.

           For  example,  for  a  conffile removed in version 2.0-1 of a package, prior-version should be set to 2.0-1~.  This will cause the conffile to be removed even if the user rebuilt the previous version
           1.0-1 as 1.0-1local1.  Or a package switching a path from a symlink (shipped in version 1.0-1) to a directory (shipped in version 2.0-1), but only performing  the  actual  switch  in  the  maintainer
           scripts in version 3.0-1, should set prior-version to 3.0-1~.

that is :
If the conffile has not been shipped for several versions, and you are now modifying the maintainer scripts to clean up the obsolete file, prior-version should be based on the version of the  package
           that you are now preparing, not the first version of the package that lacked the conffile. 


So next release should be shipped with zgrep rm_conffile with the
release identifier of the release being shipped, likely with
dpkg-maintscript-helper rm_conffile /etc/apparmor.d/zgrep 4.1.0\~beta5-6\~ -- "$@"

because likely setting a prior-version to a version that have already
been installed will not work. THe conffile would then only be removed
for users upgrading from an earlier version. At least that is my
understanding of rm_conffile internals.

Cheers,
Alban

More information about the pkg-apparmor-team mailing list