47642 – Put sendmail + apache into initial skip-list

Bug 47642 - Put sendmail + apache into initial skip-list

Summary: Put sendmail + apache into initial skip-list

Keywords:
Status:	CLOSED DEFERRED
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	up2date
Sub Component:
Version:	7.3
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Adrian Likins
QA Contact:	Jay Turner
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2001-07-06 11:20 UTC by Enrico Scholz
Modified:	2015-01-07 23:47 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2001-07-06 18:29:47 UTC
Embargoed:

Attachments	(Terms of Use)

Description Enrico Scholz 2001-07-06 11:20:54 UTC

Description of Problem:

When using up2date to update sendmail and apache automatically, it is
destroying current configuration[bug #29367 + bug #30302].

To prevent this I suggest to put these and other packages, having config
files marked %config only, into an initial skip-list.



How Reproducible:

evrytime


Steps to Reproduce:
1. make changes to the apache/sendmail configuration
2. run up2date to update packages automatically
3. wait for updated packages


Actual Results:

- boss phones, asking why emails dont arrive and why we have such a funny
webpage
- crackers are happy because they have now access to
http://.../secret-stuff prevent formerly by our manual configuration


Expected Results:

no automatic update: We can download packages manually, shutdown the
machine, call 'rpm -U sendmail/apache*' and 'mv
/etc/sendmail.cf{.rpmsave,}' or 'mv /etc/httpd/conf/httpd.conf{.rpmsave,}',
restart net & services and everybody except the cracker is happy.



Additional Information:

this bugreport can contain some sarcasm and the problems should be solved
by the other packages probably.

Comment 1 Jay Turner 2001-07-06 12:29:13 UTC

We are looking at the packages which should be included by default in the
package listing, but in the meantime, you can always run 'up2date --config' and
add sendmail, apache and any other packages that you would like to the exclusion
list.

Comment 2 Enrico Scholz 2001-07-06 12:55:00 UTC

I have no problem with `up2date' because I don't run auto-update on
production-machines.

But other people who are doing it will run into trouble. When they get the first
time a misconfigured system by up2date and phone calls from their boss, they
will probably call 'up2date --config' or change the distribution. 

To prevent such nasty incidents, at least the named packages should be in an
initial skip-list of 'up2date'.

Comment 3 Adrian Likins 2001-07-06 18:29:43 UTC

The up2date behaviour is designed to mimic default rpm handling
of config files, with the exception of the case:

oldpackage has %config file with default md5sum of valueA
newpackage has %config file with default md5sum of valueB
The version of the config file ondisk has md5sum of valueC

in which case up2date will refuse to update the package by default,
since the config has been modified, but, since the md5sum of
the default config file in the new package changed, we have to
assume the config file format changed and the old modified ondisk
file may not be valid with the update. In other words, up2date
doesnt know which version to use, and punts.

In this case, bug #29367 seems to indicate a packageing problem
in the sendmail rpm (at least, according to the reports), but the
behaviour of #30302 seems to be acting correctly. It appears
that the default version of the config files changed, so they
were updated by rpm to the new versions. If the config files
were modified, the new ones should get installed as .rpmnew.

Investigating further...

Note You need to log in before you can comment on or make changes to this bug.