Handling Updated RPM Package Configuration Files

The RPM package manager has a special idea of which files in a package are configuration files. These files are treated specially during package upgrades: when a package upgrade changes configuration files for the package, the existing configuration files are not necessarily overwritten with the upstream changes. The idea here is that you may have made local changes to these files, or perhaps you didn't change anything but you want the package to keep working as it did before, and therefore don't want configuration files changed. In this situation the package manager will either create a .rpmsave copy of the existing configuration file and then replace the file with the upstream version, or it will keep the existing configuration file as-is and save the upstream version with the .rpmnew suffix.

For example, suppose we have a package named foo and it has a configuration file named /etc/foo.conf. When foo is first installed the file /etc/foo.conf will contain the default config from the package. If the package changes the definition of /etc/foo.conf, an upgrade to foo will either save the existing config to /etc/foo.conf.rpmsave and overwrite /etc/foo.conf with the new upstream version, or it will preserve /etc/foo.conf as-is and save the new upstream version of the file as /etc/foo.conf.rpmnew. Whether you get a .rpmsave or a .rpmnew file depends on some obscure spec macros, but in my experience I get .rpmnew files much more often than I get .rpmsave files.

You should periodically be checking for these .rpmnew and .rpmsave files to ensure that your system is still running with the intended configuration. In most cases the package configuration changes are relatively minor, and it may not be important whether or not you apply the configuration updates. However, sometimes the configuration changes are important, and in some cases your system can stop working if you ignore the changes for long enough. For example, some projects deprecate configuration directives over time, and if you go long enough without applying config changes your old config file may stop working one day.

Dealing with this is easy if you know about the useful (but not very well known) tool rpmconf, which is built just for this purpose. It has a few options, but I normally just use rpmconf -a, which finds all .rpmsave and .rpmnew files and prompts you about what to do about the changes. For each config file it will give you options to either install the new upstream version, keep your existing config file (ignoring the upstream changes), see a diff, skip the change, or drop into a shell for further examination. I find that rpmconf usually prompts me about config files I haven't changed, so if it prompts me about a file I'm unfamiliar with or know I didn't change I just accept the new upstream version.

In principle config files can change after any package update, but in practice on Fedora they're most common when upgrading from one Fedora release to another. I usually run rpmconf -a after using dnf system-upgrade to upgrade Fedora releases.