From owner-freebsd-questions@FreeBSD.ORG Sun Jun 3 11:25:23 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 960FD16A469 for ; Sun, 3 Jun 2007 11:25:23 +0000 (UTC) (envelope-from keramida@ceid.upatras.gr) Received: from igloo.linux.gr (igloo.linux.gr [62.1.205.36]) by mx1.freebsd.org (Postfix) with ESMTP id 0B40513C45E for ; Sun, 3 Jun 2007 11:25:22 +0000 (UTC) (envelope-from keramida@ceid.upatras.gr) Received: from kobe.laptop (dialup196.ach.sch.gr [81.186.70.196]) (authenticated bits=128) by igloo.linux.gr (8.13.8/8.13.8/Debian-3) with ESMTP id l53BMntT031084 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 3 Jun 2007 14:22:59 +0300 Received: from kobe.laptop (kobe.laptop [127.0.0.1]) by kobe.laptop (8.14.1/8.14.1) with ESMTP id l53BMev1002301; Sun, 3 Jun 2007 14:22:43 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Received: (from keramida@localhost) by kobe.laptop (8.14.1/8.14.1/Submit) id l53BMbf4002296; Sun, 3 Jun 2007 14:22:37 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Date: Sun, 3 Jun 2007 14:22:36 +0300 From: Giorgos Keramidas To: Maxim Khitrov Message-ID: <20070603112236.GA2210@kobe.laptop> References: <26ddd1750706011227g224eaa1dh93233400c704595e@mail.gmail.com> <1d3ed48c0706011603k5948510ctb49e399aa2ace22f@mail.gmail.com> <26ddd1750706011635s285860c1p57c360af69596ecc@mail.gmail.com> <200706021532.09429.lacoste@miage.univ-paris12.fr> <26ddd1750706021845m56b29a47l6b06ff2a6a8e2559@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <26ddd1750706021845m56b29a47l6b06ff2a6a8e2559@mail.gmail.com> X-Hellug-MailScanner: Found to be clean X-Hellug-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-3.696, required 5, autolearn=not spam, ALL_TRUSTED -1.80, AWL 0.50, BAYES_00 -2.60, DNS_FROM_RFC_ABUSE 0.20) X-Hellug-MailScanner-From: keramida@ceid.upatras.gr X-Spam-Status: No Cc: freebsd-questions@freebsd.org Subject: Re: Recommendations for config file revision control X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Jun 2007 11:25:23 -0000 On 2007-06-02 21:45, Maxim Khitrov wrote: > Here's an update on what I ended up going with. I decided to go > with my idea of moving all configuration files to a common > directory, but with a bit of a change. I created /config and > under it base/ and user/. Everything in base/ comes from /etc > and /boot, and the rest goes under user/. I didn't want to mix > the two. So then I created a new subversion repository, but I > set permissions such that only root can read or write to > it. Basically I decided to forbid anyone on the outside from > getting their hands on the repository contents, since it will > be storing things like master.passwd and other sensitive data. > > Once all this was in place I moved all configuration files to > their appropriate locations in /config and created symlinks in > their original location. Everything under /config was then > imported into the subversion repository using the file:// > method. Since I forbid anyone from doing a check-out of the > repository to some external location, I don't need to worry > about file updates except when they are updated in > /config. This simplifies things. What I did to keep the > repository up to date was create a simple sh script that is run > by cron every 10 minutes. The script simply issues 'svn ci > --non-interactive --message "Automatic commit"' command in the > /config directory. So any changes made to the configuration > files are automatically recorded every 10 minutes. > > This works well, but does have a few flaws. First of all, when > I edit files from sftp I have no way to add a meaningful > message to the commit. Not a big deal, and I can always do a > manual commit if I had to. The other thing is that this script > will not auto-add files to the repository. Any new > configuration file that I'd like to have monitored first gets > moved to /config, then has a link created in the original > place, then is added to the repository via 'svn add'. A bit > more work, but I think it's fine. Technically I can automate > the process of adding and removing files from the repository by > using svn status output, but at this point the extra work isn't > worth it. The bigger problem is the fact that subversion does > not store owner and permission settings. That means that if I > ever want to delete the /config directory and recreate it, I > lose all permissions on things like master.passwd. What I did > was add chown and chmod commands to the monitor script for all > files that had non-standard permissions. So those get run along > with the svn ci command every 10 minutes. The alternative was > to use subversion properties, have the script parse those and > apply the appropriate settings. However, since the permissions > have to be set manually anyway there is no advantage to this > over the monitor script, which is also versioned. The permission and ownership problem is also one of the issues which Subversion (or other SCMs) do not solve for base-system binaries too. See for example the thread: Using Subversion for binary distribution? which was recently present in `freebsd-current'.