Ondřej Vašík (ovasik(a)redhat.com) said:
Yep, you could not replace /etc/passwd
(and /etc/group, /etc/shadow, /etc/gshadow) file as it always differs
from the file installed by setup (new users/groups, passwords ... ). But
you need those files for installation - so they have to be in filelist
and they have to be in rpm. AFAIK there is no option to ignore files
completely in update, so .rpmnew are created although is always
completely useless (unless you have some script to add missing
users/groups from that .rpmnew file).
Right, this is why (historically) we just don't change the stock
files, so you won't get .rpmnew files in any case ; all changes
to the stock entries would be done by %post scripts in the packages
where they're needed.
Of course, with the rpm-4.6 hash change, you now get .rpmnew files
on the first upgrade that uses it, regardless of whether or not
the file changed.
Bill