We run a system on Centos 5.5 and install our software using one RPM containing all of our software. When we need to apply a hot fix or patch the current system is simply to stick on a tar and untar it.
I'm trying to develop a trackable, repeatable system for applying hot fixes and patches but I'm a little unsure as to what role RPM plays in this process.
From what I understand if we up the version number and reinstall even with just one file changed then RPM will blast the whole lot. This requires us being absolutely sure that noone has put another hotfix on the system that we're not aware of as it will be replaced.
Is it possible to make an RPM that contains JUST the new files and apply that on top of an existing RPM? How would that affect subsequent upgrades of the system?
The problem is changing files locally installed by the rpm and forgetting about them.
If you use this as a hotfix procedure, right after the hotfix you should build the new rpm and then deploy that new rpm.
If people are allowed to put hotfix after hotfix on top of a machine without ever committing it to the normal process, you're inviting disaster.
One thing you can do to be reminded of the fact that you have hotfixes lying around is to use
rpm -q --verify (your rpm name)
This will print a list of files that have been changed since the rpm was installed. That way you at least know which files were patched and should be taken into account.