%config files and upgrade to F11 - consider noreplace

Bill Crawford billcrawford1970 at gmail.com
Mon Mar 2 14:03:39 UTC 2009


On Monday 02 March 2009 13:22:29 Horst H. von Brand wrote:
> Bill Crawford <billcrawford1970 at gmail.com> wrote:
> > On Thursday 26 February 2009 13:01:07 Miloslav Trmač wrote:
> > > Bill Crawford píše v Čt 26. 02. 2009 v 11:55 +0000:
> >
> > ...
> >
> > > >  ... and run the old checksum code on the file
> > > > on the machine, before replacing it with the new file and the new
> > > > hash.
> > >
> > > That answers the question whether the user has modified the file.  It
> > > doesn't answer the question whether the packager has modified the
> > > shipped file between the two rpm package versions.
> >
> > But that's the question we should be asking ... right?
>
> No.
>
> There are 3 potential files involved:
>
>   A: The original configuration as given by the installed package
>   B: The installed configuration file (as modified by the user)
>   C: The new configuration file.
>
> If B == A, rpm can safely replace the configuration file by C.
> If A != B, the user changed something, and the changes have to be ported
> forward by hand.

That's ... sort of my point. RPM only has to compare the existing hash in the 
rpmdb, with that of the file currently on the disk. This doesn't need to care 
about the new file at all ('C' doesn't appear in your 'if' conditions).

Now, if we see that the original file was unmodified (at least according to md5 
AND timestamp / size) then we replace it, and don't need to care whether the 
new file is different to the original.

If it's apparently changed, we're going to save it to one side (.rpmsave, or, if 
it's a "noreplace" file, then save the new one as .rpmnew). Why do we need to 
care whether the new config file has changed in the package, if the file has 
been modified on disk? If it hasn't, just re-hash that file with your new hash 
algorithm, and compare *that* with the new package's version of the file. If 
you're worried there might be a hash collision with md5, but not with sha-xxx, 
then always save the new file as .rpmnew, or something.





More information about the fedora-devel-list mailing list