etc snapshots with git

I got this idea from a blog posting a few months back. I think the guy was using darcs. Unfortunately, I was unable to find the reference to link to him.

Anyway, here is how you can track your /etc directory with git, and have apt update it automatically each time a package is installed.

The following steps require root access:

• install git

   apt-get install git-core
  

• initialize /etc to be a git repo

   cd /etc
   git init-db
   chmod og-rwx .git
  

• ignore a few files

   cat > .gitignore
   *~
   *.dpkg-new
   *.dpkg-old
  

• commit the current state

   git add .
   git commit -a -m"initial import"
  

• install a snapshot script for apt to call

   cat > apt/git-snapshot-script 
   #!/bin/bash
   set -e
   caller=$(ps axww | grep "^ *$$" -B3 | grep " apt-get " | head -n1 | sed 's/^.*\(apt-get .*\)/\1/' )
   git-add .
   git-commit -a -m"snapshot after: $caller"
  

  … make it executable …

   chmod +x apt/git-snapshot-script
  

• configure apt to track changes

   cat >> /etc/apt/apt.conf
   DPkg {
             Post-Invoke {"cd /etc ; ./apt/git-snapshot-script";};
   }
  

• track these two files

   git add .
   git commit -a -m"apt will track /etc automagically using git"
  

… and you’re done.

Note that the chmod og-rwx /etc/.git step is very important. Your /etc/.git directory should only be accessible to root. If not, it’s as good as giving everyone access to your /etc/shadow and other secrets that hide in /etc. Should you clone this repository to another box, you have to make sure that the same precautions are taken.

Now when you install a package, it will be tracked in the git repository.

    # apt-get install mercurial
    ...
    Created commit daa7de7264b65cd073a1ef0f75ba50aa488d5af2
     3 files changed, 409 insertions(+), 0 deletions(-)
     create mode 100644 bash_completion.d/mercurial
     create mode 100644 mercurial/hgrc
     create mode 100644 mercurial/hgrc.d/hgext.rc

You can see what changed…

    # git whatchanged -1
    commit daa7de7264b65cd073a1ef0f75ba50aa488d5af2
    Author: Bart Trojanowski <bart@jukie.net>
    Date:   Mon Mar 12 16:09:18 2007 -0400

        snapshot after: apt-get install mercurial

    :000000 100644 0000000... a7f4740... A  bash_completion.d/mercurial
    :000000 100644 0000000... dfc3400... A  mercurial/hgrc
    :000000 100644 0000000... 8f2d526... A  mercurial/hgrc.d/hgext.rc

Update…

Only two days after writing the original posting I got two replies. In one, Michael Prokop told me that he had ported my procedure to use mercurial. Rock on!

Later still I was notified by Yannick Gingras that he also tackled the etc tracking with mercurial task.

And lastly, it should be noted that debian now has an etckeeper that trackes /etc in git.