Put /etc Under Revision Control (with git)

UPDATE: There is a much easier way now:

sudo aptitude install etckeeper

There, now etc is under revision control and changes are automatically committed with a helpful message after you install new packages. Thanks for the tip, Marcelo! Read on for the original blog entry.

---

I put my /etc directory under revision control. I used git. It's awesome. Not that I think I'm going to wholesale copy my /etc from one machine to another, nor because I'm going to branch my /etc directory and spend weeks developing some cool new feature (whatever that would look like...) and then merge it back into the main branch. No, it's mostly because I like the idea of having the big "undo" option that having things under revision control provides. Having to commit changes and write check-in comments when I make changes helps me stay more organized too. It's never good when I go in willy-nilly to make a "quick change" to some configuration file.

I relied heavily on this blog entry for using git, and this blog entry for using mercurial (hg). I decided to go with git because mercurial quietly ignores symbolic links, and it seems like there are just a few important symbolic links in /etc. It also seems that git handles these just fine. Oh, and I didn't choose bzr or darcs mainly because they are slow, and because I want to get to know git better.

Here's how I did it (on Ubuntu Feisty Fawn, do all this as root):

First, initialize the repository:

cd /etc
git init-db
chmod og-rwx .git

The chmod is so non-root users can't go poking around in your repository. Next, ignore a few files: 

cat > .gitignore << EOF
*~
*.dpkg-new
*.dpkg-old
blkid.tab(|.old)
mtab
# add other files if necessary, depends on your setup...
EOF

Do the initial commit: 

git add .
git commit -a -m "initial import"

Set up a script to check in any change made when installing new packages. Put this in /etc/apt and call it something like, git-snapshot-script. Here is the script I use (UPDATED: Jul 11, 2007): 

#!/bin/bash
set -e
caller=$(ps axww | mawk '/aptitude|apt-get/ {for (i=5; i<=NF ; i++) printf ("%s ",$i); printf ("\n") }' | head -1)
git-add .

# the || true is to make sure we don't error out because of the set -e
# above
STATUS="$(git status)" || true

if echo $STATUS | grep '\(Changed\|Update\)' > /dev/null ; then
   echo "git-snapshot-script: found changed files"
   echo $STATUS
   git-commit -a -m "snapshot after: $caller"
else
   echo "git-snapshot-script: no changes"
fi
echo "git-snapshot-script: done"

Then tell apt to run this script after it's invoked: 

cat >> /etc/apt/apt.conf << EOF
DPkg {
          Post-Invoke {"cd /etc ; ./apt/git-snapshot-script";};
}
EOF

chmod +x /etc/apt/git-snapshot-script

Now, check in the script and the change to apt.conf: 

git add .
git commit -a -m "set up apt to track changes with git automatically"

And that should do it.

Comments

Anonymous said…
Oi, achei teu blog pelo google tá bem interessante gostei desse post. Quando der dá uma passada pelo meu blog, é sobre camisetas personalizadas, mostra passo a passo como criar uma camiseta personalizada bem maneira. Se você quiser linkar meu blog no seu eu ficaria agradecido, até mais e sucesso. (If you speak English can see the version in English of the Camiseta Personalizada. If he will be possible add my blog in your blogroll I thankful, bye friend).
July 10, 2007 at 11:02 AM
Bryan said…
Is this my first official comment spam? I believe it is. Maybe I'll leave it here as a memorial of sorts. But you follow-on spammers, don't expect any kind of enshrinement.
July 10, 2007 at 11:36 AM
Phil said…
Thanks! I've been meaning to take a look at git and also to start versioning /etc, so this gives me an excuse to do both.
July 10, 2007 at 3:13 PM
Bryan said…
I just noticed that there was a bug in my git-snapshot-script so that it wouldn't do anything if there were only new files added. It only caught changed files. Basically, the regexp in my grep wasn't good enough. I've fixed it now.
July 11, 2007 at 11:18 PM
Anonymous said…
I do something similar myself. I only track files that I've modified from the default settings, though, so that I can use it as a backup solution (rather than tracking everything in /etc). Also, I accompany this with a script that "bootstraps" my system from a reinstall by installing packages, changing ownership of /etc/passwd, and so on.
July 12, 2007 at 5:16 AM
Jakub Narebski said…
Why don't you use IsiSetup, git based /etc management tool?
August 1, 2007 at 5:12 PM
Bryan said…
I had never heard of IsiSetup. Looks interesting, but I'm not sure I'd want to have to use a whole 'nother set of commands. Here are some links:

http://www.isisetup.ch/
http://huerlisi.wordpress.com/2006/08/26/howto-use-isisetup/
August 2, 2007 at 8:29 AM
Anonymous said…
hey.
just trying to install the update-script for apt-get.

i made some smaller changes, the most significant should be:

caller=$(ps --no-header -p $PPID -o "%a")

instead of your pipeline.
might be faster, and sure is shorter.

feel free to use it if you like it.

btw: grep -q doesnt produce output -> no need for the i/o-redirection.

jakob
October 31, 2007 at 9:50 AM
Anonymous said…
oh, and thanks for the great post.

(sometimes i just forget being polite)

jakob
October 31, 2007 at 9:52 AM
Anonymous said…
oh and i replaced the

echo $STATUS | grep '\(Changed\|Update\)' > /dev/null

with

git status > /dev/null

as the former didnt work for me,
also the manpage said that the exit status of "git status" would be nonzero only with untracked changes.

jakob
October 31, 2007 at 10:08 AM
Anonymous said…
I don't know which version did you try, but now mercurial seems to handle symlinks quite well :-)
January 8, 2008 at 7:26 AM
xndxn said…
Have a look at the rpath distro for a complete operating system under a RCS

http://www.rpath.com/rbuilder/
February 28, 2008 at 7:19 AM
Anonymous said…
@Jakob:

Would it have helped to post your changes as a patch!
March 30, 2008 at 11:15 PM
Anonymous said…
Since this post shows up among the first results when googling "etc git" I guess it's appropriate to drop a link here: Debian now includes etckeeper, courtesy of Joey Hess and a whole lot other people. It supports Git as well as other VCSs. Recent versions don't require any setup to work, just install the package and everything under /etc is put under revision control. Of course you are free to customize if you wish.
February 15, 2010 at 6:13 AM
Post a Comment

Popular posts from this blog

SystemVerilog Fork Disable "Gotchas"

This is a long post with a lot of SystemVerilog code. The purpose of this entry is to hopefully save you from beating your head against the wall trying to figure out some of the subtleties of SystemVerilog processes (basically, threads). Subtleties like these are commonly referred to in the industry as "Gotchas" which makes them sound so playful and fun, but they really aren't either. I encourage you to run these examples with your simulator (if you have access to one) so that a) you can see the results first hand and better internalize what's going on, and b) you can tell me in the comments if this code works fine for you and I'll know I should go complain to my simulator vendor. OK, I'll start with a warm-up that everyone who writes any Verilog or SystemVerilog at all should be aware of, tasks are static by default. If you do this: module top; task do_stuff ( int wait_time); #wait_time $display ( "waited %0d, then did stuff" , wa
Read more

'git revert' Is Not Equivalent To 'svn revert'

I just learned that if you have some changes in your working tree that you want to get rid of, you don't type 'git revert' like you might guess. No, that's what cvs, subversion, mercurial, and bazaar (to name a few) use revert to mean, but not git. With git, revert is used to undo actual commits. Thankfully, you can undo your revert with another 'git revert', I just learned. So let me repeat to be clear, if you have changes to your working files that you want to abandon, DO NOT do this: git revert HEAD That will undo your last commit. Do this instead: git reset --hard HEAD I'm glad I have that straightened out now. I'm wondering if /etc was really a good place for me to start out playing with git. UPDATE: Nearly two years later and I'm still getting comments on this. I'm glad I've been able to help people out this way. The discussion in the comments is good, and one thing I'd like to point out is that I now always use
Read more