[apparmor] [PATCH] local site-specific changes
John Johansen
john.johansen at canonical.com
Thu Aug 5 23:40:23 BST 2010
On 08/05/2010 02:40 PM, Seth Arnold wrote:
> What I'm tired of doing is removing all those Ux rules from the packaged
> firefox profile on every upgrade OR reading the diff to figure out what
> new wonky java thing I should put back in.
>
> This #include in profiles won't let me undo "big profile design" decisions.
>
no it won't, and I have been heard to whine about this too
> I really wish for something more like a git repo for profiles, so maintaining
> local changes would be far more feasible. The #include is additive-only, and
> I'm worried dropping it into profiles would just reintroduce the "chunks"
> nonsense I introduced a few years ago. (And it took forever to get that back out).
>
gah, I really don't think a git repo is the correct tool. Though it can serve as
a complimentary tool if you want to track individual local changes.
> And, if the tools are modifying the main profile, but not the site-local piece,
> it'll just be noise.
>
yep.
> So, take this as a suggestion that bandaids might not be the best answer for
> maintaining local modifications while still allowing distro venders to push
> updates.
no but it is better than nothing, and we have held off on doing something
waiting for a better solution.
> Significantly better tools (git) are now ubiquitous, and I wish the whole
> profile repo mess had happened after git had matured further -- it'd
> definitely be a better tool than my hand-rolled stuff.
please feel free to rewrite it :) That is only half tongue in check, we
need such a tool but the problem as always is finding time to do it.
However back to the topic of this email, I think the repo is only complementary
it is not the solution to the above problem.
We need to change the way we do packaging and we need a merge tool, to make
merging changes work as transparently as possible. Much of this can be
simulated with a 3 way diff, but this will break when rules get reordered
or moved into/out of includes.
Oh well at least your mail convinced me, I need to send out a packaging email.
More information about the AppArmor
mailing list