Strategy for managing files in /etc, suggestions?
Chris Green
cl at isbd.net
Thu Dec 17 09:41:02 UTC 2020
On Thu, Dec 17, 2020 at 08:24:26AM +0100, Marcin Kasperski wrote:
>
> > I'm thinking that it would be an excellent idea to keep track of
> > changes I do to system configuration files in /etc, I try to keep
> > these to a minimum but some are inevitable.
>
> Most of my /etc-s are mercurial repositories. Simply:
> sudo -i
> cd /etc
> hg init
> # … .hgignore (see below)
> hg addremove
> and so on. Let's me `hg diff` after `apt upgrade`, `hg revert`
> after misguided changes, and so on.
>
> To use it reasonably, one must hgignore some dynamically changing files
> (like .pwd.lock, ld.so.cache, cups/subscriptions.conf, nologin,
> blkid.tab), I also .hgignore *.dpkg-new, *.dpkg-old and similar „during
> upgrade” files. I update .hgignore from time to time, mostly when
> I review new files which appeared after some package installation.
>
> There is small thing to be wary of: mercurial happens to remove empty
> directories in some cases (esp. hg up) and there are packages which
> expect some empty dir to be present. I tend to add some .dont-remove
> file here or there to be safe.
>
> On Debian/Ubuntu package named etckeeper automates that (automatically
> commits changes in etc after every apt upgrade and such) – by default it
> uses git, but can be switched to mercurial. I used it for some time but
> decided that manual „review and only then commit” procedure suits me
> better.
>
> Once /etc/.hg exists, one can of course clone it elsewhere. There are
> some security constraints to consider (don't push passwd and shadow to
> the public, please); also this repo must be purely root-owned so it's
> easier to setup `hg push` from it than to pull from it) but can be done.
Ah, that's my idea with '*' in .hgignore basically, but with ways to
manage the quirks that produces.
Yet another way to consider.
Thanks everyone, I'll go and scratch my head a bit and decide how to
do it, and more likely to get it right[ish] with the help from here.
--
Chris Green
More information about the Mercurial
mailing list