Merge lp:~cwayne/ubuntu-touch-customization-hooks/more-apparmor-copy into lp:ubuntu-touch-customization-hooks

Tested by removing all relevant files from /var/lib/apparmor/[profiles,clicks], /var/cache/apparmor/, and removing /custom then installing the new upstart job and applying the new custom tarball that contains /custom/lib/apparmor/[profiles,clicks] and the bootup time was much quicker.

Also applied an older tarball with this branch (that does not contain the profiles/clicks) and verified that the cache's were recompiled, taking a lot longer to boot.

PASSED: Continuous integration, rev:37
http://jenkins.qa.ubuntu.com/job/ubuntu-touch-customization-hooks-ci/20/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/ubuntu-touch-customization-hooks-utopic-amd64-ci/9
    SUCCESS: http://jenkins.qa.ubuntu.com/job/ubuntu-touch-customization-hooks-utopic-armhf-ci/9
    SUCCESS: http://jenkins.qa.ubuntu.com/job/ubuntu-touch-customization-hooks-utopic-i386-ci/9

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/ubuntu-touch-customization-hooks-ci/20/rebuild

LGTM

Chris and I talked about this a bit. Policy can be recompiled when:
* the symlink in /var/lib/apparmor/clicks is newer than the profile in /var/lib/apparmor/profiles
* the profile in /var/lib/apparmor/profiles is newer than the cache file in /var/cache/apparmor

The click system hook upstart job adds the symlinks to /var/lib/apparmor/clicks and the click apparmor system hook then creates policy in /var/lib/apparmor/profiles based on this symlink. What was happening with previous attempts of the upstart job is that /var/lib/apparmor/clicks and /var/lib/apparmor/profiles were empty. This meant that even though this job copied the cache files into place correctly and at the right time, the click system hook machinery created newer symlinks and profiles than the cache, so the cache files were ignored. Previous job testing involved removing only the cache files in /var/cache/apparmor and rebooting, which left the already creating symlinks and profiles in place which is why it worked correctly on reboot.

I agree with the approach set out by this merge request. The script should probably also check for the existence of /var/lib/apparmor/clicks and /var/lib/apparmor/profiles. Also, '|| true' is not included in the other cp statements. Maybe something more like this (please include the comment):

# Ordering is important. mtimes for the following must be:
# click symlink < apparmor profile < apparmor cache
if [ -d /custom/lib/apparmor/clicks ] && [ -d /var/lib/apparmor/clicks ] ; then
    cp -Pnu /custom/lib/apparmor/clicks/* /var/lib/apparmor/clicks || true
fi
if [ -d /custom/lib/apparmor/profiles ] && [ -d /var/lib/apparmor/profiles ] ; then
    cp -nu /custom/lib/apparmor/profiles/* /var/lib/apparmor/profiles || true
fi
if [ -d /custom/cache/apparmor ] && [ -d /var/cache/apparmor ] ; then
    cp -nu /custom/cache/apparmor/* /var/cache/apparmor/ || true
fi

Still LGTM :)

Tested the update again by removing all traces of the clicks and /custom, then installing this package and then applying the tarball. The splash screen is only shown for 13 seconds in this case, and diff /custom/cache/apparmor/<some-click> /var/cache/apparmor/<same-click> shows no diff, so it's been correctly copied over

PASSED: Continuous integration, rev:38
http://jenkins.qa.ubuntu.com/job/ubuntu-touch-customization-hooks-ci/21/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/ubuntu-touch-customization-hooks-utopic-amd64-ci/10
    SUCCESS: http://jenkins.qa.ubuntu.com/job/ubuntu-touch-customization-hooks-utopic-armhf-ci/10
    SUCCESS: http://jenkins.qa.ubuntu.com/job/ubuntu-touch-customization-hooks-utopic-i386-ci/10

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/ubuntu-touch-customization-hooks-ci/21/rebuild