yum updates - are .rpmnew files ever critical / important to act upon?

centos redhat yum

Solution 1:

It's very rare for changes to the default configuration to have security or stability implications. However, "very rare" is not "never", and it's a good system hygiene practice to review all .rpmnew files and double-check that they don't contain important changes, and then delete them.

As a double-check, you should also arrange to receive security notices and information on all updates available to apply -- reading over the changelogs and bulletins will give you a good idea of the nature of the problems that are being fixed.

Solution 2:

I would recommend to act on both *.rpmnew and *.rpmsave files after updates. The creation of these files generally indicates one of the following three things:

  1. you were not careful (or there was no other way to do it) and modified a configuration file that is under the package management. Usually, if a package provides a directory for configuration snippets (e.g. /etc/<package>.d/ like in /etc/php.d/ for PHP) you are supposed to drop your local changes there and not to be affected by the package provided configuration changes.

  2. a packager was not careful and changed a definition of the corresponding file entry in the spec file (e.g. they forgot to mark a particular file as %config or changed modifiers to the %config() macro.

  3. there is something fishy going on and the configuration file in question was tampered with.

In any case it's good to do the following if an update produced either *.rpmnew or *.rpmsave:

  1. do a diff between the old file and the new one with diff -uw old_file new_file (the -w option will ignore changes in the amount of whitespace);

  2. if there are no differences (except for the white space) and you are investigating the creation of the *.rpmnew file replace the original file with *.rpmnew one using mv config_file.rpmnew config_file. This will ensure that the package set metadata is preserved (e.g. timestamps, file permissions, and possibly capabilities)

  3. if there are differences then rebase your changes upon the file provided by the package (i.e. if you are working with *.rpmnew - copy that *.rpmnew file under a temporary name and adjust it to match the desired changes from the original configuration file; if you work with *.rpmsave - apply changes to the configuration file the package provided). This will ensure that further updates would be easier and if a new configuration file format was introduced that you are utilising it

  4. when you resolved that "conflict" remove the corresponding *.rpmnew or *.rpmsave file since they are untracked by the package management.

This will give you a clean and nice system to work with and also ensures that you are in touch with the latest changes to the configuration files.

Related

How to protect from dangerous bash commands? [closed]
top is only showing current user processes
Wisdom of switching from Windows to redundant linux boxes for DHCP servers? [closed]
What are Site Link Bridges
Nginx location match working only when matching root
Can't access https despite port 443 is opened
is it possible to convert dataset to sparse volume (thin provisioning)?
SMTP defer vs reject
How can I get a property of an object in powershell without using parentheses?
Which program can open a .DJVU file?
Can access Windows share by IP or FQDN address but not by hostname
Notepad++: cursor past end of line / virtual spaces?