Bug 47642

Summary: Put sendmail + apache into initial skip-list
Product: [Retired] Red Hat Linux Reporter: Enrico Scholz <rh-bugzilla>
Component: up2dateAssignee: Adrian Likins <alikins>
Status: CLOSED DEFERRED QA Contact: Jay Turner <jturner>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.3CC: srevivo
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-07-06 18:29:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Enrico Scholz 2001-07-06 11:20:54 UTC
Description of Problem:

When using up2date to update sendmail and apache automatically, it is
destroying current configuration[bug #29367 + bug #30302].

To prevent this I suggest to put these and other packages, having config
files marked %config only, into an initial skip-list.



How Reproducible:

evrytime


Steps to Reproduce:
1. make changes to the apache/sendmail configuration
2. run up2date to update packages automatically
3. wait for updated packages


Actual Results:

- boss phones, asking why emails dont arrive and why we have such a funny
webpage
- crackers are happy because they have now access to
http://.../secret-stuff prevent formerly by our manual configuration


Expected Results:

no automatic update: We can download packages manually, shutdown the
machine, call 'rpm -U sendmail/apache*' and 'mv
/etc/sendmail.cf{.rpmsave,}' or 'mv /etc/httpd/conf/httpd.conf{.rpmsave,}',
restart net & services and everybody except the cracker is happy.



Additional Information:

this bugreport can contain some sarcasm and the problems should be solved
by the other packages probably.

Comment 1 Jay Turner 2001-07-06 12:29:13 UTC
We are looking at the packages which should be included by default in the
package listing, but in the meantime, you can always run 'up2date --config' and
add sendmail, apache and any other packages that you would like to the exclusion
list.

Comment 2 Enrico Scholz 2001-07-06 12:55:00 UTC
I have no problem with `up2date' because I don't run auto-update on
production-machines.

But other people who are doing it will run into trouble. When they get the first
time a misconfigured system by up2date and phone calls from their boss, they
will probably call 'up2date --config' or change the distribution. 

To prevent such nasty incidents, at least the named packages should be in an
initial skip-list of 'up2date'.


Comment 3 Adrian Likins 2001-07-06 18:29:43 UTC
The up2date behaviour is designed to mimic default rpm handling
of config files, with the exception of the case:

oldpackage has %config file with default md5sum of valueA
newpackage has %config file with default md5sum of valueB
The version of the config file ondisk has md5sum of valueC

in which case up2date will refuse to update the package by default,
since the config has been modified, but, since the md5sum of
the default config file in the new package changed, we have to
assume the config file format changed and the old modified ondisk
file may not be valid with the update. In other words, up2date
doesnt know which version to use, and punts.

In this case, bug #29367 seems to indicate a packageing problem
in the sendmail rpm (at least, according to the reports), but the
behaviour of #30302 seems to be acting correctly. It appears
that the default version of the config files changed, so they
were updated by rpm to the new versions. If the config files
were modified, the new ones should get installed as .rpmnew.

Investigating further...