DevHeads.net

Guidelines for scriptlets modifying %config(noreplace) files

Hi,

I noticed on an Ansible run that a recent update to bind changed
/etc/named.conf directly, instead of creating a separate rpmnew file.
(It's running sed in a scriptlet.)

I couldn't find clear packaging policy on this. The guidelines [0] talk
about %config(noreplace) vs %config, but /etc/named.conf is installed as
a "noreplace" file.

I've not really been a particularly active packager in a long time so I
could be wrong, but my expectation was that you're not meant to edit
"noreplace" files in scriptlets. I was sure this must be in the
guidelines somewhere?

[0]
<a href="https://docs.fedoraproject.org/en-US/packaging-guidelines/#_configuration_files" title="https://docs.fedoraproject.org/en-US/packaging-guidelines/#_configuration_files">https://docs.fedoraproject.org/en-US/packaging-guidelines/#_configuratio...</a>

Kind regards,

Comments

Re: Guidelines for scriptlets modifying %config(noreplace) files

By Jason L Tibbitts III at 07/26/2019 - 13:07

JN> I couldn't find clear packaging policy on this. The guidelines [0]
JN> talk about %config(noreplace) vs %config, but /etc/named.conf is
JN> installed as a "noreplace" file.

I don't think there's a guideline about this. %config and
%config(noreplace) are simply flags that tell RPM what to do when the
packaged version of a file differs from what's on disk and has no
bearing on scriptlets. And note that the only guideline which could be
meaningful is "don't modify config files in scriptlets", because RPM
will simply overwrite the file on disk with what is in the package
(perhaps keeping a backup) if the file isn't marked %config(noreplace).

The only applicable guidelines are the general ones from the updates
policy: Updates within a single Fedora version must not break user
systems, and disruptive updates must be restricted to updates between
distro versions. But always note that sometimes not breaking systems
requires modifying a configuration file.

- J<

Re: Guidelines for scriptlets modifying %config(noreplace) files

By Jamie Nguyen at 07/28/2019 - 08:31

Hi Jason,

Thanks for that :-)

Sounds like I don't need to file a bug report. (Though I guess I'll be
watching ansible runs more closely, since /etc seems to be fair game.)

Kind regards,