[Pkg-privacy-maintainers] Bug#934119: Bug#934119: torbrowser-launcher: Erroneously manages /etc/apparmor.d/local/torbrowser.* as conffiles
Roger Shimizu
rosh at debian.org
Mon Jan 6 17:11:34 GMT 2020
On Sun, Jan 5, 2020 at 11:24 PM intrigeri <intrigeri at debian.org> wrote:
>
> Hi,
>
> Roger Shimizu (2020-01-05):
> > I find this is due to below files were shipped by previous version of
> > torbrowser-launcher, but not as conffile.
> > /etc/apparmor.d/local/torbrowser.Tor.tor
> > /etc/apparmor.d/local/torbrowser.Browser.firefox
>
> Yes.
>
> > But now they're shipped with conffile, though in size zero.
>
> That's indeed the problem IMO. See below for my reasoning.
>
> > So new conffiles complain they don't match with existing ones.
>
> Right.
Thanks for your confirmation!
> > It can be fixed by removing the old files when they match the checksum
> > of old shipped ones.
> > The fix will be uploaded soon.
>
> I think this can help for files under /etc/apparmor.d/local/ that the
> package does not install at all anymore (be it via dh-apparmor or as
> conffiles). This would clean up stuff and that's good :)
>
> But I don't think it will help for local/torbrowser.Tor.tor and
> local/torbrowser.Browser.firefox, which this bug report was initially
> about.
>
> FYI, the very purpose of the files under /etc/apparmor.d/local/ is to
> be modified by the system administrator, that is, to diverge from
> what's shipped by packages under /etc/apparmor.d/. The content of
> these files will, by design, always be: local changes, done manually,
> and that packages and dpkg should not fiddle with.
>
> So, if /etc/apparmor.d/local/* are conffiles, and if the administrator
> is using this facility, upon upgrades their local changes will
> necessarily conflict with the (empty) version installed by the
> package, and dpkg will ask what to do. That would be pretty annoying,
> since the answer to dpkg's question in this case will always be "keep
> my local changes, because that's what this file is for after all :)".
>
> I hope this clarifies the drawback I see in handling these files
> as conffiles.
Yes, I didn't find a way to exclude local profile from being listed as
conffile, until I find:
- https://stackoverflow.com/questions/3398511/prevent-creation-of-conffiles
Now I can confirmed that patch below to debian/rules can do the trick:
+override_dh_installdeb:
+ dh_installdeb
+ sed -i '\:/etc/apparmor.d/local/:d' debian/*/DEBIAN/conffiles
I'll upload this fix soon.
Cheers,
--
Roger Shimizu, GMT +9 Tokyo
PGP/GPG: 4096R/6C6ACD6417B3ACB1
More information about the Pkg-privacy-maintainers
mailing list