Hi, Romain Francoise (2021-07-03): > On Fri, Jul 2, 2021 at 1:57 AM Christoph Anton Mitterer > <cales...@scientia.net> wrote: >> So is it tcpdump's responsibility to clean this up (manually) or should >> debhelper >> do it (somehow ^^) automatically, i.e. also migrate the existing file >> automatically, because people might have had config in >> /etc/apparmor.d/local/usr.sbin.tcpdump which should have gotten moved to >> /etc/apparmor.d/local/usr.bin.tcpdump >> >> So maybe this needs to be reassigned to dh-apparmor. > > Thank you for bringing this to my attention, I wasn't aware that the > dh_apparmor script snippets would create this file upon installation. > Technically the file isn't part of the package, so indeed it's not > clear whose responsibility it is to clean it up. > > Let's add a usertag to loop in the pkg-apparmor team...
Thanks for adding us into the loop and sorry for the delay. That's a tough one. Indeed, dh-apparmor does not support profiles being renamed. I don't think it's worth adding such support because we'll soon be able to solve this class of problems in a nicer way: 1. dh-apparmor will allow _not_ creating this local include file (tracked as #993568) 2. once that's done, your profile can use "include if exists" instead of "#include" … and then the responsibility of creating/managing/renaming such include files will be the local system administrator's. Meanwhile, I'm afraid the only way to deal with such leftovers is via maintainer scripts, taking care of not deleting contents added by the user :/
