Guidelines for %config and %config(noreplace)
Ville Skyttä
ville.skytta at iki.fi
Mon May 23 18:31:09 UTC 2005
On Mon, 2005-05-23 at 19:45 +0200, Michael Schwendt wrote:
> On Mon, 23 May 2005 19:37:47 +0200, Tomas Mraz wrote:
>
> > Are there any guidelines when to use %config and when %config
> > (noreplace)?
How about "Always use noreplace unless your best guess is that it will
break things"? AFAICS there are really only two situations where
noreplace is likely to break stuff:
1) An app is being upgraded from an earlier version which had
incompatible config files which will break the new version.
2) An app is being installed for the first time from a rpm, and a file
marked as config in the package was already present on the system before
installing the package, AND it's not likely that the app being installed
would work with the config file that was already present on the system.
> > If you look at this bug report:
> > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158568
> >
> > Currently in FC-3 the ca-bundle.pem file is not %config at all. This is
> > obviously wrong because if sysadmin changes this file (and it's
> > legitimate to do so) he will lose his changes after openssl update.
> >
> > However it's questionable if it should be %config(noreplace) because
> > then he will not get the changes (new CA certificates) on update.
>
> What's more important...?
>
> [ ] sysadmin gets an *.rpmsave config file during upgrade
> [ ] sysadmin gets an *.rpmnew config file during upgrade
(also consider the *.rpmorig case here)
If a sysadmin has installed new CA certs into ca-bundle.pem, most likely
it has been done in order to get something working. Not getting the new
CA certs is less likely to break stuff and thus less evil IMO.
Optimally, the contents of the old and new ca-bundle.pem should be
intelligently merged (ha!) on upgrades. Not sure if it's worth even
trying to implement that though.
More information about the Fedora-maintainers
mailing list