Merged. This is now in Whonix testers repository. Untested. Please test. I don’t recall config-package-dev displaceing a systemd unit file or config-package-dev hideing an apparmor profile. Good chance it will work, also possible this needs further work.
Failed to preset unit: Unit file sdwdate.service.dist.service does not exist.
/usr/bin/deb-systemd-helper: error: systemctl preset failed on sdwdate.service.dist: No such file or directory
Failed to get unit file state for sdwdate.service.dist.service: No such file or directory
sdwdate.service.dist is a disabled or a static unit, not starting it.
It doesn’t seem to actually affect anything though and everything works fine.
I think the 2 main issues now are:
Splitting everything up more so everything get its own profile. All system services should have their own profile and the entire user session should be in its own profile too. Apps will then transition to sandbox-app-launcher which brings up issue 2.
sandbox-app-launcher compatibility. This might be difficult since the script that starts the sandbox needs a lot of permissions and we need to ensure that the app transitions into the right profile. Initial testing of this broke though.
config-package-dev hide sdwdate.service. Not displace.
And add (rename sdwdate.service.dist to) sdwdate-aae.service or so instead.
I speculate Debian maintainer scripts don’t like any files in the systemd folder ending with anything other than the .service file extension.
Though, I don’t see need to install rsyslog by default (wasn’t suggested
either) but it might still be lingering on upgraded systems or otherwise
installed by users or even pulled by dependencies.
Should we add to debian/control (which readme is based on) “developers only” or “testers only” and mention that the suggested way to get support is this forum thread only for now?
Yeah. That shouldn’t be supported?
Package should only be removed using sudo apt purge apparmor-profile-everything?
Package should not be removed using sudo apt remove apparmor-profile-everything?
Not sure we can enforce that. However, on package remove the Debian prerm maintainer script of apparmor-profile-everything could look at /var/lib/dpkg/info/apparmor-profile-everything.conffiles and delete all “conffiles” (/etc/apparmor.d/…)?