On Tue, 2018-09-11 at 19:38 -0500, Chuck Campbell wrote: > Sometime in Feb, yum updated something to do with ca-bundle. I didn't > notice at the time, but it put these two files on my machine: > > /etc/pki/tls/certs/ca-bundle.trust.crt.rpmnew and > > /etc/pki/tls/certs/ca-bundle.crt.rpmnew > > Both of those on the existing system are symbolic links > > ca-bundle.trust.crt -> > /etc/pki/ca-trust/extracted/openssl/ca-bundle-trust.crt and > > ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem > > I'm not sure how exactly I'm supposed to use thes files to update those > locations. one points to a .pem file, which the .rpmnew file is not, and > there is no file of the corresponding name in the direstory pointed to > by the link. > > Shouldn't the rpm have "done the right thing", and put them where they > belong? > If a file has been modified since the RPM package was last installed, then it won't be over-written (it's configurable, but that is the default) - the new file is installed with the .rpmnew extension so that the admin can decide what to do with it. This is a "good thing". Most decent packages now have a mechanism for users to over-ride the default configuration without altering the installed files. But if you do decide, for some reason, that the installed config files need to be changed, the last thing you want is for those changes to be wipedout by an upgrade to the package. In this case, it is certainly within the bounds of possibility that you put in a different CA-Bundle and if you did, you wouldn't want your version to be overwritten. From what you say, you possibly didn't actually do so, but you may have updated the file in some other way (such as looked at it with an editor and saved it with trivial changes. that sort of thing, anything that makes it look like a different file). If you want to use the new files, just copy them over the top of the old files - make sure the symlinks still work as they should and everything will be OK. P.