Strategy for managing files in /etc, suggestions?

Chris Green cl at isbd.net
Thu Dec 17 09:41:02 UTC 2020


On Thu, Dec 17, 2020 at 08:24:26AM +0100, Marcin Kasperski wrote:
> 
> > I'm thinking that it would be an excellent idea to keep track of
> > changes I do to system configuration files in /etc, I try to keep
> > these to a minimum but some are inevitable.
> 
> Most of my /etc-s are mercurial repositories. Simply:
>     sudo -i
>     cd /etc
>     hg init
>     # … .hgignore (see below)
>     hg addremove
> and so on. Let's me `hg diff` after `apt upgrade`, `hg revert`
> after misguided changes, and so on.
> 
> To use it reasonably, one must hgignore some dynamically changing files
> (like .pwd.lock, ld.so.cache, cups/subscriptions.conf, nologin,
> blkid.tab), I also .hgignore *.dpkg-new, *.dpkg-old and similar „during
> upgrade” files. I update .hgignore from time to time, mostly when
> I review new files which appeared after some package installation.
> 
> There is small thing to be wary of: mercurial happens to remove empty
> directories in some cases (esp. hg up) and there are packages which
> expect some empty dir to be present. I tend to add some .dont-remove
> file here or there to be safe.
> 
> On Debian/Ubuntu package named etckeeper automates that (automatically
> commits changes in etc after every apt upgrade and such) – by default it
> uses git, but can be switched to mercurial. I used it for some time but
> decided that manual „review and only then commit” procedure suits me
> better.
> 
> Once /etc/.hg exists, one can of course clone it elsewhere. There are
> some security constraints to consider (don't push passwd and shadow to
> the public, please); also this repo must be purely root-owned so it's
> easier to setup `hg push` from it than to pull from it) but can be done.

Ah, that's my idea with '*' in .hgignore basically, but with ways to
manage the quirks that produces.

Yet another way to consider.

Thanks everyone, I'll go and scratch my head a bit and decide how to
do it, and more likely to get it right[ish] with the help from here.

-- 
Chris Green



More information about the Mercurial mailing list