On Fri, 20 Jun 2025, The Wanderer wrote:
Personally, what I do in response to such a prompt is to have it show me
a diff of the two files, and then if the changes involve losing any
settings want to retain, I have it give me a shell prompt (or use
another shell I have independently) to make a copy of the existing file.
I then let it install the maintainer's version, diff the old version
against that separately, and immediately use that diff as the basis for
editing the newly-installed maintainer's version to include the changes
I want to keep.
What I do is keep my current version, then when the upgrade is done,
create a new package that diverts the conffile for the debian package
and has my modified file (where I've forgotten to do this when I
originally needed to edit the file)
For example:
apt-cache policy local-xen-blockiscsi
local-xen-blockiscsi:
Installed: 1.7+tjw+r1
Candidate: 1.7+tjw+r1
Version table:
*** 1.7+tjw+r1 995
995 http://aptmirror.home.woodall.me.uk/local bookworm/main amd64
Packages
995 http://aptmirror.home.woodall.me.uk/local bookworm/main all Packages
100 /var/lib/dpkg/status
which has the fix I've proposed for
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106420
It's debateable whether these should be conf files at all, they probably
ought to be in /usr/ somewhere.
N.B. for anyone trying this at home:
https://www.debian.org/doc/debian-policy/ap-pkg-diversions.html
Do not attempt to divert a conffile, as dpkg does not handle it well.
Obviously, where it's possible to do it without diversions (other than
completely replacing the package which is always an option) then you
should prefer that but for my case where there's only a handful of
conffiles which need editing and need their modifications preserved
around an upgrade, I do this. For example, on the machine I ran that
apt-cache policy command, replacing the modified conffile with the
maintainers conffile and rebooting will require console intervention to
fix as the VM that hosts the VPN endpoint necessary to connect remotely
will not start.
You do have to remember to review any maintainer changes just in case
there are required changes, but I find that less problematic then making
sure not to pick the wrong option while doing a dist-upgrade
particularly as the diversions themselves document what files you need
to check.
(The biggest issues I've found with diverting conffiles are if you try
to purge the diverting package where it doesn't leave things in a good
state and requires manual intervention to tidy up)
Tim.
