Re: ca-bundle questions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Tue, 2018-09-11 at 19:38 -0500, Chuck Campbell wrote:
> Sometime in Feb, yum updated something to do with ca-bundle. I didn't 
> notice at the time, but it put these two files on my machine:
> 
> /etc/pki/tls/certs/ca-bundle.trust.crt.rpmnew and
> 
> /etc/pki/tls/certs/ca-bundle.crt.rpmnew
> 
> Both of those on the existing system are symbolic links
> 
> ca-bundle.trust.crt -> 
> /etc/pki/ca-trust/extracted/openssl/ca-bundle-trust.crt and
> 
> ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
> 
> I'm not sure how exactly I'm supposed to use thes files to update those 
> locations. one points to a .pem file, which the .rpmnew file is not, and 
> there is no file of the corresponding name in the direstory pointed to 
> by the link.
> 
> Shouldn't the rpm have "done the right thing", and put them where they 
> belong?
> 

If a file has been modified since the RPM package was last installed,
then it won't be over-written (it's configurable, but that is the
default) - the new file is installed with the .rpmnew extension so that
the admin can decide what to do with it. 

This is a "good thing". Most decent packages now have a mechanism for
users to over-ride the default configuration without altering the
installed files. But if you do decide, for some reason, that the
installed config files need to be changed, the last thing you want is
for those changes to be wipedout by an upgrade to the package.

In this case, it is certainly within the bounds of possibility that you
put in a different CA-Bundle and if you did, you wouldn't want your
version to be overwritten. From what you say, you possibly didn't
actually do so, but you may have updated the file in some other way
(such as looked at it with an editor and saved it with trivial changes.
that sort of thing, anything that makes it look like a different file).
If you want to use the new files, just copy them over the top of the
old files - make sure the symlinks still work as they should and
everything will be OK.

P.




_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]

  Powered by Linux