store empty directories and restore in etckeeper init

While working on this, I had to consider security policies -- is it ok if
etckeeper init can run code from the /etc repository? I've decided this
should be ok, and documented that it should only be run on trusted repos.
Note that metastore could also be exploited by untrusted repos, and of
course, note that you're checking out your *** /etc *** so it damn well
better be trusted!

With that determined, I decided to use a simple shell script to hold the
empty directory info and allow them to be easily created. Expanding this for
other files git can't represent is a possibility..

2 files changed, 13 insertions, 0 deletions

diff --git a/init.d/05restore-etckeeper b/init.d/05restore-etckeeper
new file mode 100755
index 0000000..376524c
--- /dev/null
+++ b/init.d/05restore-etckeeper
@@ -0,0 +1,8 @@
+#!/bin/sh
+set -e
+
+# Yes, this runs code from the repository. As documented, etckeeper-init
+# should only be run on repositories you trust.
+if [ -e .etckeeper ]; then
+	. ./.etckeeper
+fi
diff --git a/init.d/10restore-metadata b/init.d/10restore-metadata
index fdb1f8e..cd6174c 100755
--- a/init.d/10restore-metadata
+++ b/init.d/10restore-metadata
@@ -1,5 +1,10 @@
 #!/bin/sh
 set -e
+
+# Note that metastore doesn't check that the .metastore file only changes
+# perms of files in the current directory. It's ok to trust the .metastore
+# file won't do anything shady, because, as documented, etckeeper-init
+# should only be run on repositories you trust.
 if [ -e .metadata ]; then
 	metastore --apply
 fi