On Sun, Jan 5, 2020 at 11:24 PM intrigeri <intrig...@debian.org> wrote: > > Hi, > > Roger Shimizu (2020-01-05): > > I find this is due to below files were shipped by previous version of > > torbrowser-launcher, but not as conffile. > > /etc/apparmor.d/local/torbrowser.Tor.tor > > /etc/apparmor.d/local/torbrowser.Browser.firefox > > Yes. > > > But now they're shipped with conffile, though in size zero. > > That's indeed the problem IMO. See below for my reasoning. > > > So new conffiles complain they don't match with existing ones. > > Right.
Thanks for your confirmation! > > It can be fixed by removing the old files when they match the checksum > > of old shipped ones. > > The fix will be uploaded soon. > > I think this can help for files under /etc/apparmor.d/local/ that the > package does not install at all anymore (be it via dh-apparmor or as > conffiles). This would clean up stuff and that's good :) > > But I don't think it will help for local/torbrowser.Tor.tor and > local/torbrowser.Browser.firefox, which this bug report was initially > about. > > FYI, the very purpose of the files under /etc/apparmor.d/local/ is to > be modified by the system administrator, that is, to diverge from > what's shipped by packages under /etc/apparmor.d/. The content of > these files will, by design, always be: local changes, done manually, > and that packages and dpkg should not fiddle with. > > So, if /etc/apparmor.d/local/* are conffiles, and if the administrator > is using this facility, upon upgrades their local changes will > necessarily conflict with the (empty) version installed by the > package, and dpkg will ask what to do. That would be pretty annoying, > since the answer to dpkg's question in this case will always be "keep > my local changes, because that's what this file is for after all :)". > > I hope this clarifies the drawback I see in handling these files > as conffiles. Yes, I didn't find a way to exclude local profile from being listed as conffile, until I find: - https://stackoverflow.com/questions/3398511/prevent-creation-of-conffiles Now I can confirmed that patch below to debian/rules can do the trick: +override_dh_installdeb: + dh_installdeb + sed -i '\:/etc/apparmor.d/local/:d' debian/*/DEBIAN/conffiles I'll upload this fix soon. Cheers, -- Roger Shimizu, GMT +9 Tokyo PGP/GPG: 4096R/6C6ACD6417B3ACB1
