On Fri, 20 Jun 2025, The Wanderer wrote:
Personally, what I do in response to such a prompt is to have it show me a diff of the two files, and then if the changes involve losing any settings want to retain, I have it give me a shell prompt (or use another shell I have independently) to make a copy of the existing file. I then let it install the maintainer's version, diff the old version against that separately, and immediately use that diff as the basis for editing the newly-installed maintainer's version to include the changes I want to keep.
What I do is keep my current version, then when the upgrade is done, create a new package that diverts the conffile for the debian package and has my modified file (where I've forgotten to do this when I originally needed to edit the file)
For example:
apt-cache policy local-xen-blockiscsi
local-xen-blockiscsi:
Installed: 1.7+tjw+r1
Candidate: 1.7+tjw+r1
Version table:
*** 1.7+tjw+r1 995
995 http://aptmirror.home.woodall.me.uk/local bookworm/main amd64 Packages
995 http://aptmirror.home.woodall.me.uk/local bookworm/main all Packages
100 /var/lib/dpkg/status
which has the fix I've proposed for https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106420
It's debateable whether these should be conf files at all, they probably
ought to be in /usr/ somewhere.
N.B. for anyone trying this at home: https://www.debian.org/doc/debian-policy/ap-pkg-diversions.html Do not attempt to divert a conffile, as dpkg does not handle it well.Obviously, where it's possible to do it without diversions (other than completely replacing the package which is always an option) then you should prefer that but for my case where there's only a handful of conffiles which need editing and need their modifications preserved around an upgrade, I do this. For example, on the machine I ran that apt-cache policy command, replacing the modified conffile with the maintainers conffile and rebooting will require console intervention to fix as the VM that hosts the VPN endpoint necessary to connect remotely will not start.
You do have to remember to review any maintainer changes just in case there are required changes, but I find that less problematic then making sure not to pick the wrong option while doing a dist-upgrade particularly as the diversions themselves document what files you need to check.
(The biggest issues I've found with diverting conffiles are if you try to purge the diverting package where it doesn't leave things in a good state and requires manual intervention to tidy up)
Tim.