[pkg-apparmor] Shipping empty local/ files (was: Bug#1106045: libreoffice-common: Apparmor files do no include local override files)
Christian Boltz
apparmor at cboltz.de
Mon May 19 19:49:36 BST 2025
Hello,
intentionally posting only on the pkg-apparmor mailinglist since this
is not too related to the bugreport:
Am Montag, 19. Mai 2025, 14:43 schrieb René Engelhard:
> Am 19. Mai 2025 14:30:15 MESZ schrieb "René Engelhard":
> >(...) (btw, dh_apparmor takes care of creating the
> >"local/*profile_name*" files already)
> >
> >Obviously it does (or at least not in all cases( not since
> >libreoffice *does* use dh_apparmor:
> >https://salsa.debian.org/libreoffice-team/libreoffice/libreoffice/-/
> >blob/master/rules?ref_type=heads#L4606
> Ah, misread that. My bad. It's supposed to install it via the
> maintainer scripts... Still would need to be included.
The nice thing about "include if exists" is that the local/ file doesn't
need to exist, and doesn't need to be shipped in the package.
Actually I changed the openSUSE packaging to no longer ship empty
local/* files because
- they have limited use (users can always create them as needed)
- they add lots of noise to /etc/apparmor.d/local/ (have fun finding
the one modified file between all the empty/comment-only files)
Now I wonder - would it make sense for Debian to also stop shipping the
empty/comment-only local/* files, and let users create them as needed?
BTW: dropping the local/ files from the RPM package was a bit tricky
because simply dropping them would have renamed modified files to
*.rpmsave. Therefore I package them as %ghost to prevent the renaming,
and wrote a little script that deletes unmodified local/ files.
If you need something like that also for the Debian package, feel free
to steal that script from
https://build.opensuse.org/projects/openSUSE:Factory/packages/apparmor/files/apparmor.spec
(search for "%post profiles")
Regards,
Christian Boltz
--
For the internet search graveyard I beg a pardon, yes it is a comma not
a colon - the guy that named ";" a semi-colon will forever be hated by
me as it is in some sense also a semi-comma. [ChristianEhrhardt in
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1686621]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://alioth-lists.debian.net/pipermail/pkg-apparmor-team/attachments/20250519/a1c9dbb0/attachment.sig>
More information about the pkg-apparmor-team
mailing list