Dealing with pacman’s updated .conf files

Read the edited WARNING at the bottom of the article! (Oct 17 2017)

Merge-arrows-2.pngArtix, being a modified distribution of ARCH-linux, follows Arch’s policy of updating packages and their corresponding .conf files.  In other distributions like Debian, you have to do work to protect your custom .conf files as sometimes updated packages replace your .conf files with new ones.  In Arch/Artix/Arch-Bang/Obarun etc. when a package incorporates a conf file that is new it installs a pkg-name.conf.pacnew and even when it is essential that the new conf file is mandatory for the package to work, or when the package is removed, or when it has to be first removed for the new one to be installed, it backs-up your own .conf file to a copy called .conf.pacsave.  If one already exists it becomes .pacsave.1 .pacsave.2 …etc.  During a $ pacman -Syu upgrade session you may see a warning that this is taking place and it needs your manual attention to employ your custom commands and scripts into the .pacnew file and rename it as .conf.

Usually, but not always, the .conf files are in the /etc directory.  After a while your /etc may become crowded with .pacnew and .pacsave files and if you don’t transfer your .conf.pacnew into a new .conf your packages may misbehave.  AUR has some packages to locate and compare those corresponding files for you, color the text differences, etc.  I have made a directory within /etc called /etc/paconf and store copies of my custom .conf, .pacsave, and .pacnew to keep /etc from being clattered.  But with a window manager you can open two root-editor-windows side by side (maybe use the numbered lines option as in mousepad/leafpad) and see what you need to edit before you save them.  In Debian if you weren’t careful to backup some of your .conf files they would automatically be replaced and your old settings may disappear, as Debian engineers know better than you what the settings should be.  Once in a while they got an overwhelming scream from users and would lay-off that practice but then another developer would get you again.

Below I have copied the Arch-Wiki on the subject.  If you are not sure whether you need to worry about this or not just run a couple of commands to see what you already have and where.

To just search where most global configurations are stored:

$ find /etc -regextype posix-extended -regex ".+\.pac(new|save)" 2> /dev/null

or the entire disk:

$ find / -regextype posix-extended -regex ".+\.pac(new|save)" 2> /dev/null

 

Pacman/Pacnew and Pacsave

When pacman removes a package that has a configuration file, it normally creates a backup copy of that config file and appends .pacsave to the name of the file. Likewise, when pacman upgrades a package which includes a new config file created by the maintainer differing from the currently installed file, it writes a .pacnew config file. pacman provides notice when these files are written.

Why these files are created

A .pacnew file may be created during a package upgrade (pacman -Syu, pacman -Su or pacman -U) to avoid overwriting a file which already exists and was previously modified by the user. When this happens a message like the following will appear in the output of pacman:

warning: /etc/pam.d/usermod installed as /etc/pam.d/usermod.pacnew

A .pacsave file may be created during a package removal (pacman -R), or by a package upgrade (the package must be removed first). When the pacman database has record that a certain file owned by the package should be backed up it will create a .pacsave file. When this happens pacman outputs a message like the following:

warning: /etc/pam.d/usermod saved as /etc/pam.d/usermod.pacsave

These files require manual intervention from the user and it is good practice to handle them right after every package upgrade or removal. If left unhandled, improper configurations can result in improper function of the software, or the software being unable to run altogether.

Package backup files

A package’s PKGBUILD file specifies which files should be preserved or backed up when the package is upgraded or removed. For example, the PKGBUILD for pulseaudio contains the following line:

backup=('etc/pulse/client.conf' 'etc/pulse/daemon.conf' 'etc/pulse/default.pa')

Systemwide backup files

Merge-arrows-2.pngThis article or section is a candidate for merging with Pacman#Skip_files_from_being_installed_to_system.Merge-arrows-2.png

Notes: Similar topic (Discuss in Talk:Pacman/Pacnew and Pacsave#)

To prevent any package from overwriting a certain file, add the following line to /etc/pacman.conf:

NoUpgrade = absolute/path/to/file

Note that the path must not start with a slash.

Types explained

.pacnew

For each backup file in a package being upgraded, pacman cross-compares three md5sums generated from the file’s contents: one sum for the version originally installed by the package, one for the version currently in the filesystem, and one for the version in the new package. If the version of the file currently in the filesystem has been modified from the version originally installed by the package, pacman cannot know how to merge those changes with the new version of the file. Therefore, instead of overwriting the modified file when upgrading, pacman saves the new version with a .pacnew extension and leaves the modified version untouched.

Going into further detail, the 3-way MD5 sum comparison results in one of the following outcomes:

original = X, current = X, new = X
All three versions of the file have identical contents, so overwriting is not a problem. Overwrite the current version with the new version and do not notify the user (although the file contents are the same, this overwrite will update the filesystem’s information regarding the file’s installed, modified, and accessed times, as well as ensure that any file permission changes are applied).
original = X, current = X, new = Y
The current version’s contents are identical to the original’s, but the new version is different. Since the user has not modified the current version and the new version may contain improvements or bugfixes, overwrite the current version with the new version and do not notify the user. This is the only auto-merging of new changes that pacman is capable of performing.
original = X, current = Y, new = X
The original package and the new package both contain exactly the same version of the file, but the version currently in the filesystem has been modified. Leave the current version in place and discard the new version without notifying the user.
original = X, current = Y, new = Y
The new version is identical to the current version. Overwrite the current version with the new version and do not notify the user (although the file contents are the same, this overwrite will update the filesystem’s information regarding the file’s installed, modified, and accessed times, as well as ensure that any file permission changes are applied).
original = X, current = Y, new = Z
All three versions are different, so leave the current version in place, install the new version with a .pacnew extension and warn the user about the new version. The user will be expected to manually merge any changes necessary from the new version into the current version.

.pacsave

If the user has modified one of the files specified in backup then that file will be renamed with a .pacsave extension and will remain in the filesystem after the rest of the package is removed.

Note: Use of the -n option with pacman -R will result in complete removal of all files in the specified package, therefore no .pacsave files will be created.

Locating .pac* files

Pacman does not deal with .pacnew files automatically: you will need to maintain these yourself. A few tools are presented in the next section. To do this manually, first you will need to locate them. When upgrading or removing a large number of packages, updated *.pac* files may be missed. To discover whether any *.pac* files have been installed, use one of the following:

  • To just search where most global configurations are stored:
    $ find /etc -regextype posix-extended -regex ".+\.pac(new|save)" 2> /dev/null

    or the entire disk:

    $ find / -regextype posix-extended -regex ".+\.pac(new|save)" 2> /dev/null
  • Use locate if you have installed it. First re-index the database:
    # updatedb

    Then:

    $ locate --existing --regex "\.pac(new|save)$"
  • Use pacman’s log to find them:
    $ grep --extended-regexp "pac(new|save)" /var/log/pacman.log

    Note that the log does not keep track of which files are currently in the filesystem nor of which files have already been removed; the above command will list all *.pac* files that have ever existed on your system. Use the tail command to get the 10 most recent *.pac* files:

    $ grep --extended-regexp "pac(new|save)" /var/log/pacman.log | tail

Managing .pacnew files

Pacman includes the simple pacdiff tool for managing pacnew/pacsave files. It will search all pacnew and pacsave files and ask for any actions on them. It uses vimdiff by default, but you may specify a different tool with DIFFPROG=your_editor pacdiff. See List of applications/Utilities#Comparison, diff, merge for other common comparison tools.

A few third-party utilities providing various levels of automation for these tasks are available from the AUR.

You can use one of the following tools:

  • Dotpac — Basic interactive script with ncurses-based text interface and helpful walkthrough. No merging or auto-merging features.
https://github.com/AladW/dotpac || dotpacAUR
  • etc-update — Arch port of Gentoo’s etc-update utility, providing a simple CLI to view, merge and interactively edit changes. Trivial changes (such as comments) can be merged automatically.
https://wiki.gentoo.org/wiki/Handbook:Parts/Portage/Tools#etc-update || etc-updateAUR
  • pacmarge — A tool for automatically merging .pacnew files
https://github.com/foutrelis/pacmarge || pacmargeAUR
  • pacnew-auto — Automatic pacnew merging using git rebase.
https://github.com/joanrieu/pacnew-auto || pacnew-auto-gitAUR
  • pacnews-git — A simple script aimed at finding all .pacnew files, then editing them with vimdiff.
https://github.com/pbrisbin/scripts/blob/master/pacnews || pacnews-gitAUR

See also

 

Oct 17 2017 —- WARNING —-

This came as a comment by one of the developers in the Artix forum (nous) as some of us who carelessly and with blind faith to Artix developers replaced all .conf files with pacnew files.  the passwd file was replaced and that wiped all users out of the system.  Fix:  artixtools-chroot into it, set a new root passwd and recreate users.

I always protect my important system files with directives like

Code: [Select]
NoUpgrade = etc/passwd etc/group etc/shadow
NoUpgrade = etc/fstab

in /etc/pacman.conf.

2 thoughts on “Dealing with pacman’s updated .conf files

  1. Thank you for your kind words but I should have read my own article in more detail and with care. This came a few hours too late as a comment, as the pacman monster seems to have gotten a couple of us:

    Oct 17 2017 —- WARNING —-

    This came as a comment by one of the developers in the Artix forum (nous) as some of us who carelessly and with blind faith to Artix developers replaced all .conf files with pacnew files. the passwd file was replaced and that wiped all users out of the system. Fix: artixtools-chroot into it, set a new root passwd and recreate users.

    I always protect my important system files with directives like

    Code: [Select]
    NoUpgrade = etc/passwd etc/group etc/shadow
    NoUpgrade = etc/fstab

    in /etc/pacman.conf.

    Like

If your comment is considered off-topic a new topic will be created with your comment to continue a different discussion. This community is based on open and free communication, meaning we must all respect all in minimizing the exercise of freedom to disrupt such communication. Feel free to post what you think but keep in mind the subject matter discussed. It is just as easy to start a new topic as it is to dilute the content of an existing discussion.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.