Date: Sun, 3 Jun 2007 14:22:36 +0300 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Maxim Khitrov <mkhitrov@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Recommendations for config file revision control Message-ID: <20070603112236.GA2210@kobe.laptop> In-Reply-To: <26ddd1750706021845m56b29a47l6b06ff2a6a8e2559@mail.gmail.com> References: <26ddd1750706011227g224eaa1dh93233400c704595e@mail.gmail.com> <1d3ed48c0706011603k5948510ctb49e399aa2ace22f@mail.gmail.com> <26ddd1750706011635s285860c1p57c360af69596ecc@mail.gmail.com> <200706021532.09429.lacoste@miage.univ-paris12.fr> <26ddd1750706021845m56b29a47l6b06ff2a6a8e2559@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2007-06-02 21:45, Maxim Khitrov <mkhitrov@gmail.com> wrote:
> Here's an update on what I ended up going with. I decided to go
> with my idea of moving all configuration files to a common
> directory, but with a bit of a change. I created /config and
> under it base/ and user/. Everything in base/ comes from /etc
> and /boot, and the rest goes under user/. I didn't want to mix
> the two. So then I created a new subversion repository, but I
> set permissions such that only root can read or write to
> it. Basically I decided to forbid anyone on the outside from
> getting their hands on the repository contents, since it will
> be storing things like master.passwd and other sensitive data.
>
> Once all this was in place I moved all configuration files to
> their appropriate locations in /config and created symlinks in
> their original location. Everything under /config was then
> imported into the subversion repository using the file://
> method. Since I forbid anyone from doing a check-out of the
> repository to some external location, I don't need to worry
> about file updates except when they are updated in
> /config. This simplifies things. What I did to keep the
> repository up to date was create a simple sh script that is run
> by cron every 10 minutes. The script simply issues 'svn ci
> --non-interactive --message "Automatic commit"' command in the
> /config directory. So any changes made to the configuration
> files are automatically recorded every 10 minutes.
>
> This works well, but does have a few flaws. First of all, when
> I edit files from sftp I have no way to add a meaningful
> message to the commit. Not a big deal, and I can always do a
> manual commit if I had to. The other thing is that this script
> will not auto-add files to the repository. Any new
> configuration file that I'd like to have monitored first gets
> moved to /config, then has a link created in the original
> place, then is added to the repository via 'svn add'. A bit
> more work, but I think it's fine. Technically I can automate
> the process of adding and removing files from the repository by
> using svn status output, but at this point the extra work isn't
> worth it. The bigger problem is the fact that subversion does
> not store owner and permission settings. That means that if I
> ever want to delete the /config directory and recreate it, I
> lose all permissions on things like master.passwd. What I did
> was add chown and chmod commands to the monitor script for all
> files that had non-standard permissions. So those get run along
> with the svn ci command every 10 minutes. The alternative was
> to use subversion properties, have the script parse those and
> apply the appropriate settings. However, since the permissions
> have to be set manually anyway there is no advantage to this
> over the monitor script, which is also versioned.
The permission and ownership problem is also one of the issues
which Subversion (or other SCMs) do not solve for base-system
binaries too.
See for example the thread:
Using Subversion for binary distribution?
which was recently present in `freebsd-current'.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070603112236.GA2210>