how rpm destroyed my private key

[Elan Ruusamäe]

On 27.04.2016 20:08, Jeff Johnson wrote:
> I doubt you would be surprised if you extracted a tar archive that "destroyed" secret_key.php,
> particularly if you had forgotten to add options that might have prevented overwriting. Similarly,
> if you added tar options wrongly and then found that, say, a daemon would not restart because
> some config file was_NOT_  replaced as expected, I doubt that you would be surprised.

please don't compare rpm with tar. i would never expect tar to skip 
extracting files. i always extract it to empty dir.

but rpm i use to manage configuration and expect %noreplace to mean "do 
not replace the file". that one technical detail makes it behave 
differently on high level does not change my expectation. i'd rather 
consider it flaw in implementation. and that it has been so in last two 
decades, doesn't mean it has to stay so. there are VENDOR_PLD conditions 
if that rpm5.org maintainers do not consider usable for everybody.

you explained why it overwrote. good, at least you accept that it really 
does that now. but i'm not interested preserving that behaviour, i don't 
think anybody in pld (or rpm users) like to expect such behaviour.

i can likely WORKAROUND that with rpm pretrans triggers to move away the 
file that rpm would otherwise overwrite. but it's hack, highly 
unmaintainable: i should do that only when the specific transaaction is 
done (nofile->packaged file), because if i do that always, i will lose 
the benefits of %config at all. such workarounds have been implemented 
on critical files in the past, because there doesn't seem to be solution 
from rpm-side. (and don't see anybody willing to code it)

-- 
glen