[2980] in RedHat Linux List
Re: RPM clobbers files
daemon@ATHENA.MIT.EDU (Donnie Barnes)
Wed Nov 6 11:44:42 1996
To: redhat-list@redhat.com
In-reply-to: Your message of "Wed, 06 Nov 1996 10:07:31 GMT."
<199611061007.KAA08889@weasel.mmm.co.uk>
Date: Wed, 06 Nov 1996 11:30:05 -0500
From: Donnie Barnes <djb@redhat.com>
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
> Donnie Barnes <djb@redhat.com> wrote:
> [Tim Baverstock <warwick@mmm.co.uk> wrote:]
> >> It sounds like it would be handy to be able to list all those files which
> >> would be clobbered by a given RPM, which no longer match the original
> >> installation. rpm -Vp, perhaps? Or have I missed something which does
> >> this already? (I imagine it wouldn't be too hard to cook something up with
> >> sort and uniq)
> >
> > Come on folks...think about what you are saying. "All" files that
> > no longer match the original installation would be all the
> > binaries, libs, etc. I think here you mean "All" the config files.
>
> I meant, of course, `the extant installation' - `original' in the sense of
> `before the proposed upgrade' rather than `factory fresh' - that is, any
> file which this RPM intends to clobber, but whose checksum no longer
> matches the one recorded for it in the current RPM database (as per -V).
> I had imagined this to be evident from foregoing posts.
>
> As someone pointed out, this would usually only flag changed config files,
> but I can think of a particularly nightmarish day when another brand of
> Linux cheerfully deleted a whole slew of customised binaries, only four
> hours after a complete system backup (mercifully). The specifics were
> different, but the principle very much the same.
>
> I can think of no file which should not be preserved by default if it
> fails to match its signature in the RPM database - even binaries and
> logfiles - with the singular exception of cache files or other transients.
Well, that's just where we disagree. By your way, if someone hacks your
system, puts their own copy of /bin/bash on the system, and you then upgrade
your copy of bash, the hacked one remains. It may be nice to *keep* the
file, but *not* leave it in place.
Also, you lose alot of RPM performance. You'd have to md5 every single file.
Waiting on that to happen on your X server would suck. Waiting on it for
emacs would suck worse.
> Surely it would be a much safer mistake in RPM building to forget to mark
> something as `can be deleted, even if its signature is different'?
>
> --saveall could instruct RPM to make .rpmsaves of any files which don't
> match their checksum, even if marked as a transient - a sort of stronger
> default.
We're probably going to implement a --keepconfigs to do that with config
files.
> Granted, we should be vigilant and careful as root, but since the
> computer's much better at spotting this sort of thing than we are, it
> makes sense to me that it should assist, in much the same way that many
> alias rm="rm -i". It's far easier to \rm `find \ -name \*.rpmsave` after
> the event, than back things up beforehand and miss something.
Everything that should *change* should be marked as a config file. If
you update, you get a .rpmsave on all those.
> It may also be an idea to have .rpmsave become .rpmsave.YYMMDD.vvvv?
>
> Forgive me if I sound a bit short, but I'm unused to being told `think
> about what you are saying' in a constructive dialogue, by a relative
> stranger.
Sorry...I'm not running a good track record over the last 24 hours at
being diplomatic.
--Donnie
--
Donnie Barnes http://www.redhat.com/~djb "Bah."
djb@redhat.com http://www.turner.com/lazarusman/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
_Things You'd NEVER Expect A Southerner To Say_ by Vic Henley:
** I only smoke menthol.
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
________________________________________________________________________
http://www.redhat.com/RedHat-FAQ http://www.redhat.com/RedHat-Errata
http://www.redhat.com/RedHat-Tips http://www.redhat.com/mailing-lists
------------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe redhat-list-request@redhat.com < /dev/null
