[Pkg-libvirt-maintainers] Bug#1094583: Bug#1094583: libvirt-daemon-driver-qemu: apparmor template missing from filesystem

Andrea Bolognani eof at kiyuko.org
Sun Mar 16 20:00:32 GMT 2025 

On Sun, Mar 02, 2025 at 01:00:52PM -0500, Kevin Otte wrote:
> On 2/22/25 15:20, Andrea Bolognani wrote:
> > I was hoping that recreating your setup as closely as possible would
> > allow me to reproduce the issue locally, but I have been completely
> > unsuccessful despite several attempts.
> 
> I do seem to excel at stumbling onto edge cases :)

That can be a very valuable skill :)


Anyway, I've created

  https://salsa.debian.org/libvirt-team/libvirt/-/merge_requests/256

earlier today. It should take care of the issues reported here.

I've performed pretty extensive testing and I'm convinced that all
situations are handled reasonably well - better in fact that they
were before. Here's some information about that, both for reference
and so that any interested parties can try reproducing them locally.


Since the order in which packages are unpacked is very relevant to
the process, I have temporarily added the following hack to the
package (snipped, see the attached 0001-control.patch for the full
version):

  +++ b/debian/control
  @@ -68,6 +68,8 @@ Rules-Requires-Root: no
   Package: libvirt-clients
   Section: admin
   Architecture: any
  +Pre-Depends:
  + libvirt-common (= ${binary:Version}),
   Depends:
    libvirt-common (= ${binary:Version}),
    libvirt0 (= ${binary:Version}),

This forces libvirt-common to be configured (and thus unpacked)
before libvirt-clients. The other two packages I've been monitoring
are libvirt-daemon-system and libvirt-daemon-driver-qemu, and for
those I've always seen the former being unpacked before the latter.

Furthermore, to ensure that we have full coverage of all possible
scenarios, I have added the following as well (again snipped, see
0002-test.patch for the full version):

  # debian/patches/test.patch
  diff --git a/src/libvirt.conf b/src/libvirt.conf
  index da4dfbe..91cd9e5 100644
  --- a/src/libvirt.conf
  +++ b/src/libvirt.conf
  @@ -16,3 +16,5 @@
   # (@uri_default also prevents probing of the hypervisor driver).
   #
   #uri_default = "qemu:///system"
  +
  +# dist change
  diff --git a/src/qemu/qemu.conf.in b/src/qemu/qemu.conf.in
  index 3117230..65ad243 100644
  --- a/src/qemu/qemu.conf.in
  +++ b/src/qemu/qemu.conf.in
  @@ -1026,3 +1026,5 @@
   #  "/path/to/nvram",
   #  "/path/to/swtpm"
   #]
  +
  +# dist change

This ensures that conffiles /etc/libvirt/libvirt.conf and
/etc/libvirt/qemu.conf are different in the latest version of the
package compared to the one we're upgrading from.

Now with this hacked package, starting with a fully up to date Debian
12 installation we can try different combinations and obtain the
following results:

  scr before dst .......... [daemon-system before daemon-driver-qemu]

    * changed in dist ................................. [qemu.conf]

      - local changes                  - no local changes
        => prompt                        => no prompt
                                            new version installed  

    * not changed in dist ....................... [qemu-lockd.conf]

      - local changes                  - no local changes
        => no prompt                     => no prompt
           local changes preserved

  dst before src ............................. [common before client]

    * changed in dist .............................. [libvirt.conf]

      - local changes                  - no local changes
        => prompt                        => no prompt
                                            new version installed

    * not changed in dist .................... [libvirt-admin.conf]

      - local changes                  - no local changes
        => no prompt                     => no prompt
           local changes preserved

I hope that the above is somewhat readable, I wasn't able to find a
really good way to summarize the results.

The tl;dr version is that things work pretty much how one would
expect: the user is prompted if there is no obvious way forward (the
conffile has been modified both locally and in the package),
otherwise appropriate actions is quietly taken and local changes are
preserved if they exist. In other words, same as if the conffile
wasn't being moved between packages at all.

-- 
Andrea Bolognani <eof at kiyuko.org>
Resistance is futile, you will be garbage collected.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-control.patch
Type: text/x-diff
Size: 1022 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-libvirt-maintainers/attachments/20250316/29234636/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-test.patch
Type: text/x-diff
Size: 1573 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-libvirt-maintainers/attachments/20250316/29234636/attachment-0001.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-libvirt-maintainers/attachments/20250316/29234636/attachment.sig>

More information about the Pkg-libvirt-maintainers mailing list