http://bugzilla.suse.com/show_bug.cgi?id=1081947
http://bugzilla.suse.com/show_bug.cgi?id=1081947#c68
--- Comment #68 from Stanislav Brabec ---
Important note to all package maintainers who use
%config(noreplace) /etc/pam.d/foo
If you use this, pam_keyinit will not be integrated on upgrade of systems with
custom modifications of the PAM file.
I recommend to use:
%config /etc/pam.d/foo
Note: Most RPM documentation doesn't say true about "%config". Following is
correct:
%config(noreplace)
If the old and new packaged config files have the same MD5:
Installed file is left as it is, update is completely skipped.
If the old and new packaged config files have different MD5:
Installed file is left as it is and .rpmnew file with a new packaged contents
is created.
%config
If the old and new packaged config files have the same MD5:
Installed file is left as it is, update is completely skipped.
If the old and new packaged config files have different MD5:
Installed file is replaced and .rpmorig file with the previous installed file
is created.
It implies:
1) %config /etc/pam.d/foo
is what most maintainers want:
- If the package maintainer does not change the pam file, custom modifications
are kept forever.
- If the package maintainer changes the pam file, custom modification are
removed (and backed up) in favor of the new contents.
2) If you integrate pam_keyinit first and later remove "(noreplace)", and these
changes are installed by two steps on a system with custom modifications, then
the custom modifications are kept forever, and pam_keyinit is not integrated.
A simple work around: Together with removal of "(noreplace)", do pam files
modification (e. g. use "expand" command, change number of spaces or so).
--
You are receiving this mail because:
You are on the CC list for the bug.