Description of problem: I just ran a yum update, which pulled in the new shorewall package (3.0.8-1.fc5). During the update I saw: warning: /etc/shorewall/zones saved as /etc/shorewall/zones.rpmsave warning: /etc/shorewall/shorewall.conf saved as /etc/shorewall/shorewall.conf.rp msave warning: /etc/shorewall/rules saved as /etc/shorewall/rules.rpmsave warning: /etc/shorewall/policy saved as /etc/shorewall/policy.rpmsave warning: /etc/shorewall/interfaces saved as /etc/shorewall/interfaces.rpmsave warning: /etc/shorewall/blacklist saved as /etc/shorewall/blacklist.rpmsave Removing : shorewall ######################### [3/6] Updating : shorewall ### [4/6]warnin g: /etc/shorewall/shorewall.conf created as /etc/shorewall/shorewall.conf.rpmnew Version-Release number of selected component (if applicable): 3.0.8-1.fc5 The problem is - all of those configuration files were moved to .rpmsave appended versions, but no replacement files were created. This essentailly unconfigures the firewall, and for anyone not seeing those messages (eg. if they have the nightly yum update enabled) they would remain unaware that there firewall configuration was lost. I suspect this is due to the following line in the spec: %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/shorewall/* These files should be marked as %config I believe. (see http://www-uxsup.csx.cam.ac.uk/~jw35/docs/rpm_config.html for a description of %config). How reproducible: Every time Steps to Reproduce: 1. Update to 0:3.0.8-1.fc5 2. 3. Actual results: Configuration files hammered. Expected results: Configuration files left untouched. Additional info:
For completeness, and to help debug, the contents of /etc/shorewall immediately after update: # ls accounting initdone modules rules~ stopped actions interfaces~ nat rules.rpmsave tcclasses blacklist~ interfaces.rpmnew netmap shorewall.conf~ tcdevices blacklist.rpmsave interfaces.rpmsave params shorewall.conf.rpmnew tcrules continue ipsec policy.rpmsave shorewall.conf.rpmsave tos ecn maclist providers start tunnels hosts Makefile proxyarp started zones.rpmsave init masq routestopped stop
And also: After the update, shorewall is no longer started on boot for any runlevels.
I reverted to the previous version to test (3.0.7) then modified all files with the line find -exec cp /etc/vimrc {} \; in order to have local modified files, then a yum update left only a new shorewall.conf.rpmnew file those files are marked %config(noreplace) so they will generate only rpmnew files if changed, but this line was added at the first iteration of shorewall 3.0.x if I remember correctly. From which version was you updating? why your "yum update" says removing then updating instead of Updating : shorewall ######################### [1/2] Cleanup : shorewall ######################### [2/2]
I was updating from 3.0.7, and the first version of the shorewall rpm installed on this machines was 3.0.6-1.fc5. I have no idea why yum decided to remove and then update - that is very odd actually. Perhaps this is a yum bug rather than a shorewall bug, as the behaviour you describe from your local test sounds correct. The same update was pulling in the new kernel and removing an old kernel - I wonder if the installonlyn plugin causes all packages that are being updated to be removed, or something. /var/log/yum also says: Jun 25 13:04:13 Installed: kernel-smp-devel.i686 2.6.17-1.2139_FC5 Jun 25 13:04:28 Installed: kernel-smp.i686 2.6.17-1.2139_FC5 Jun 25 13:04:29 Erased: shorewall Jun 25 13:04:32 Updated: shorewall.noarch 3.0.8-1.fc5 [and no other entries for today when I ran yum update] but has no entry for the kernel that was removed (2096 if i recall correctly). This looks very suspiciously like a yum bug rather than a packaging bug to me. Alas the yum output is now gone, as I rebooted the machine. :(
OK. I reproduced the issue. Recipe: 1) I backed up /etc/shorewall locally. 2) I removed shorewall 3.0.8, rm -rf /etc/shorewall to remove all remnants. 3) I installed the 3.0.7 shorewall rpm. 4) I copied back my config files to /etc/shorewall, so they were modified from the installed files from the rpm. 5) I removed the latest kernel (2139) and its -devel package. This left 3 installed kernels on my box (see below) 6) I changed tokeep to 3 in /etc/yum/pluginconf.d/installonlyn.conf 7) I did a yum update At this point what we'd expect is that yum would update to the latest kernel, removing an old kernel in the process, and also updating shorewall. But what we see is different. A c+p of the session follows: ==START== [root@pasiphae etc]# cat yum/pluginconf.d/installonlyn.conf [main] tokeep = 3 enabled = 1 [root@pasiphae etc]# ls shorewall accounting continue init interfaces.rpmsave Makefile nat policy routestopped start stopped tcrules zones actions ecn initdone ipsec masq netmap providers rules started tcclasses tos blacklist hosts interfaces maclist modules params proxyarp shorewall.conf stop tcdevices tunnels [root@pasiphae etc]# rpm -qa | grep kernel kernel-smp-devel-2.6.16-1.2122_FC5 kernel-smp-2.6.16-1.2111_FC5 kernel-smp-2.6.16-1.2122_FC5 kernel-smp-devel-2.6.16-1.2133_FC5 kernel-smp-2.6.16-1.2133_FC5 kernel-smp-devel-2.6.16-1.2111_FC5 [root@pasiphae etc]# rpm -qa | grep shorewall shorewall-3.0.7-1.fc5 [root@pasiphae etc]# yum update Loading "installonlyn" plugin Setting up Update Process Setting up repositories livna [1/5] livna 100% |=========================| 951 B 00:00 macromedia [2/5] macromedia 100% |=========================| 951 B 00:00 core [3/5] core 100% |=========================| 1.1 kB 00:00 updates [4/5] updates 100% |=========================| 951 B 00:00 extras [5/5] extras 100% |=========================| 1.1 kB 00:00 Reading repository metadata in from local files Resolving Dependencies --> Populating transaction set with selected packages. Please wait. ---> Downloading header for kernel-smp to pack into transaction set. kernel-smp-2.6.17-1.2139_ 100% |=========================| 152 kB 00:00 ---> Package kernel-smp.i686 0:2.6.17-1.2139_FC5 set to be installed ---> Downloading header for shorewall to pack into transaction set. shorewall-3.0.8-1.fc5.noa 100% |=========================| 18 kB 00:00 ---> Package shorewall.noarch 0:3.0.8-1.fc5 set to be updated ---> Downloading header for kernel-smp-devel to pack into transaction set. kernel-smp-devel-2.6.17-1 100% |=========================| 821 kB 00:00 ---> Package kernel-smp-devel.i686 0:2.6.17-1.2139_FC5 set to be installed --> Running transaction check --> Populating transaction set with selected packages. Please wait. ---> Package kernel-smp-devel.i686 0:2.6.16-1.2111_FC5 set to be erased ---> Package kernel-smp.i686 0:2.6.16-1.2111_FC5 set to be erased --> Running transaction check Dependencies Resolved ============================================================================= Package Arch Version Repository Size ============================================================================= Installing: kernel-smp i686 2.6.17-1.2139_FC5 updates 15 M kernel-smp-devel i686 2.6.17-1.2139_FC5 updates 4.5 M Updating: shorewall noarch 3.0.8-1.fc5 extras 203 k Removing: kernel-smp i686 2.6.16-1.2111_FC5 installed 39 M kernel-smp-devel i686 2.6.16-1.2111_FC5 installed 14 M Transaction Summary ============================================================================= Install 2 Package(s) Update 1 Package(s) Remove 2 Package(s) Total download size: 20 M Is this ok [y/N]: y Downloading Packages: (1/3): kernel-smp-2.6.17- 100% |=========================| 15 MB 00:05 (2/3): shorewall-3.0.8-1. 100% |=========================| 203 kB 00:00 (3/3): kernel-smp-devel-2 100% |=========================| 4.5 MB 00:01 Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing: kernel-smp-devel ######################### [1/6] Installing: kernel-smp ######################### [2/6] warning: /etc/shorewall/zones saved as /etc/shorewall/zones.rpmsave warning: /etc/shorewall/tcdevices saved as /etc/shorewall/tcdevices.rpmsave warning: /etc/shorewall/shorewall.conf saved as /etc/shorewall/shorewall.conf.rpmsave warning: /etc/shorewall/rules saved as /etc/shorewall/rules.rpmsave warning: /etc/shorewall/policy saved as /etc/shorewall/policy.rpmsave warning: /etc/shorewall/interfaces saved as /etc/shorewall/interfaces.rpmsave warning: /etc/shorewall/blacklist saved as /etc/shorewall/blacklist.rpmsave Removing : shorewall ######################### [3/6] Updating : shorewall ### [4/6]warning: /etc/shorewall/shorewall.conf created as /etc/shorewall/shorewall.conf.rpmnew Updating : shorewall ### [4/6]warning: /etc/shorewall/tcdevices created as /etc/shorewall/tcdevices.rpmnew Updating : shorewall ######################### [4/6] Cleanup : kernel-smp-devel ######################### [5/6] Cleanup : kernel-smp ######################### [6/6] Removed: kernel-smp.i686 0:2.6.16-1.2111_FC5 kernel-smp-devel.i686 0:2.6.16-1.2111_FC5 Installed: kernel-smp.i686 0:2.6.17-1.2139_FC5 kernel-smp-devel.i686 0:2.6.17-1.2139_FC5 Updated: shorewall.noarch 0:3.0.8-1.fc5 Complete! ==END== This really looks like yum is doing the wrong thing.
OK, and for completeness, I removed shorewall, installed 3.0.7 and ran a yum update (note that there is now no kernel updating to be done) and everything works as it should: [root@pasiphae shorewall]# rpm -qa | grep shorewall shorewall-3.0.7-1.fc5 [root@pasiphae shorewall]# yum update Loading "installonlyn" plugin Setting up Update Process Setting up repositories livna [1/5] macromedia [2/5] core [3/5] updates [4/5] extras [5/5] Reading repository metadata in from local files Resolving Dependencies --> Populating transaction set with selected packages. Please wait. ---> Downloading header for shorewall to pack into transaction set. shorewall-3.0.8-1.fc5.noa 100% |=========================| 18 kB 00:00 ---> Package shorewall.noarch 0:3.0.8-1.fc5 set to be updated --> Running transaction check Dependencies Resolved ============================================================================= Package Arch Version Repository Size ============================================================================= Updating: shorewall noarch 3.0.8-1.fc5 extras 203 k Transaction Summary ============================================================================= Install 0 Package(s) Update 1 Package(s) Remove 0 Package(s) Total download size: 203 k Is this ok [y/N]: y Downloading Packages: (1/1): shorewall-3.0.8-1. 100% |=========================| 203 kB 00:00 Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Updating : shorewall ### [1/2]warning: /etc/shorewall/shorewall.conf created as /etc/shorewall/shorewall.conf.rpmnew Updating : shorewall ### [1/2]warning: /etc/shorewall/tcdevices created as /etc/shorewall/tcdevices.rpmnew Updating : shorewall ######################### [1/2] Cleanup : shorewall ######################### [2/2] Updated: shorewall.noarch 0:3.0.8-1.fc5 Complete!
Reported as a bug against yum: 196590