[apparmor] Bug#735470: Fwd: Bug#735470: Could be implemented centrally with a dpkg trigger instead of requiring every package shipping an apparmor file to use dh_apparmor

[Didier 'OdyX' Raboud]

Le vendredi, 17 janvier 2014, 11.26:59 Didier '' Raboud a écrit :
> Then the trigger can reload only the concerned profiles, and never do
> it for all of them. (Using the dpkg hashsums instead of timestamps
> would allow doing it only for _changed_ profiles too.)
> 
> I'll try implementing something along those lines this week-end.

Okay. I went and tried, which helped me understand deb-triggers quite 
better. Here it goes:

- "interest /etc/apparmor.d/" in apparmor make apparmor.postinst run
   with "triggered …" if any package unpacks a file in /etc/apparmor.d.
- "activate /etc/apparmor.d" in any other package (given the above in
  apparmor) let apparmor.postinst run with "triggered …" even if the
  package doesn't unpack a file in said directory.
- BUT in a dpkg/apt run, all package triggers run after all package
  configurations.

This means that even if apparmor could have a trigger, it would only run 
_after_ all triggering packages' configuration runs; including daemon 
restarts.

So, despite my initial thoughts, replacing dh_apparmor with a dpkg-
trigger is currently not possible, because (or thanks) of the dpkg 
triggers design.

I'm therefore closing this bug, as the (my) initial request) can't be 
fulfilled currently.

Cheers,
OdyX