Currently, rpm only ignores md5, size, mtime when verifying /etc/passwd,
/etc/group, and /var/log/lastlog. There are other files in the rpm which
should not be verified however:
/etc/services - may have local services added
/etc/exports - may have local exports added
/etc/hosts.allow - may have local access rules added
/etc/hosts.deny - may have local access rules added
/etc/motd - may have the local motd
/etc/securetty - may have default entries edited
Pedantically speaking, some sites may need to add entries to /etc/protocols
as well, although I haven't had to myself.
Created attachment 1652 [details]
proposed spec file, _WITHOUT_ updated version or changelog
Thanks for the suggestion; some of this is done in setup-2.3.4-1.