Strategy for managing files in /etc, suggestions?
Marcin Kasperski
Marcin.Kasperski at mekk.waw.pl
Thu Dec 17 07:24:26 UTC 2020
> I'm thinking that it would be an excellent idea to keep track of
> changes I do to system configuration files in /etc, I try to keep
> these to a minimum but some are inevitable.
Most of my /etc-s are mercurial repositories. Simply:
sudo -i
cd /etc
hg init
# … .hgignore (see below)
hg addremove
and so on. Let's me `hg diff` after `apt upgrade`, `hg revert`
after misguided changes, and so on.
To use it reasonably, one must hgignore some dynamically changing files
(like .pwd.lock, ld.so.cache, cups/subscriptions.conf, nologin,
blkid.tab), I also .hgignore *.dpkg-new, *.dpkg-old and similar „during
upgrade” files. I update .hgignore from time to time, mostly when
I review new files which appeared after some package installation.
There is small thing to be wary of: mercurial happens to remove empty
directories in some cases (esp. hg up) and there are packages which
expect some empty dir to be present. I tend to add some .dont-remove
file here or there to be safe.
On Debian/Ubuntu package named etckeeper automates that (automatically
commits changes in etc after every apt upgrade and such) – by default it
uses git, but can be switched to mercurial. I used it for some time but
decided that manual „review and only then commit” procedure suits me
better.
Once /etc/.hg exists, one can of course clone it elsewhere. There are
some security constraints to consider (don't push passwd and shadow to
the public, please); also this repo must be purely root-owned so it's
easier to setup `hg push` from it than to pull from it) but can be done.
More information about the Mercurial
mailing list