config() {
  NEW="$1"
  OLD="$(dirname $NEW)/$(basename $NEW .new)"
  # If there's no config file by that name, mv it over:
  if [ ! -r $OLD ]; then
    mv $NEW $OLD
  elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
    # toss the redundant copy
    rm $NEW
  fi
  # Otherwise, we leave the .new copy for the admin to consider...
}

preserve_perms() {
  NEW="$1"
  OLD="$(dirname $NEW)/$(basename $NEW .new)"
  if [ -e $OLD ]; then
    cp -a $OLD ${NEW}.incoming
    cat $NEW > ${NEW}.incoming
    mv ${NEW}.incoming $NEW
  fi
  config $NEW
}

preserve_perms etc/rc.d/rc.shibd.new
config etc/httpd/extra/mod_shib.conf.new
find etc/shibboleth/ -name *.html.new | while read cfg ; do config $cfg ; done
find etc/shibboleth/ -name *.logger.new | while read cfg ; do config $cfg ; done
find etc/shibboleth/ -name *.pem.new | while read cfg ; do config $cfg ; done
find etc/shibboleth/ -name *.xml.new | while read cfg ; do config $cfg ; done