diff options
Diffstat (limited to 'hg')
-rw-r--r-- | hg/init.d/10restore-etckeeper | 8 | ||||
-rw-r--r-- | hg/init.d/20restore-metadata | 10 | ||||
-rw-r--r-- | hg/init.d/40git-init | 6 | ||||
-rw-r--r-- | hg/init.d/50git-ignore | 22 | ||||
-rw-r--r-- | hg/init.d/50git-perm | 3 | ||||
-rw-r--r-- | hg/init.d/50git-pre-commit-hook | 15 | ||||
-rw-r--r-- | hg/init.d/70git-add | 5 | ||||
-rw-r--r-- | hg/init.d/README | 13 | ||||
-rw-r--r-- | hg/post-apt.d/10git-test | 6 | ||||
-rw-r--r-- | hg/post-apt.d/30git-add | 7 | ||||
-rw-r--r-- | hg/post-apt.d/40git-rm | 12 | ||||
-rw-r--r-- | hg/post-apt.d/50git-commit | 12 | ||||
-rw-r--r-- | hg/post-apt.d/README | 2 | ||||
-rw-r--r-- | hg/pre-apt.d/50uncommitted-changes | 22 | ||||
-rw-r--r-- | hg/pre-apt.d/README | 2 | ||||
-rw-r--r-- | hg/pre-commit.d/20store-empty-directory | 19 | ||||
-rw-r--r-- | hg/pre-commit.d/20warn-hardlinks | 7 | ||||
-rw-r--r-- | hg/pre-commit.d/20warn-special-file | 9 | ||||
-rw-r--r-- | hg/pre-commit.d/30store-metadata | 18 | ||||
-rw-r--r-- | hg/pre-commit.d/README | 2 |
20 files changed, 200 insertions, 0 deletions
diff --git a/hg/init.d/10restore-etckeeper b/hg/init.d/10restore-etckeeper new file mode 100644 index 0000000..376524c --- /dev/null +++ b/hg/init.d/10restore-etckeeper @@ -0,0 +1,8 @@ +#!/bin/sh +set -e + +# Yes, this runs code from the repository. As documented, etckeeper-init +# should only be run on repositories you trust. +if [ -e .etckeeper ]; then + . ./.etckeeper +fi diff --git a/hg/init.d/20restore-metadata b/hg/init.d/20restore-metadata new file mode 100644 index 0000000..01c45e4 --- /dev/null +++ b/hg/init.d/20restore-metadata @@ -0,0 +1,10 @@ +#!/bin/sh +set -e + +# Note that metastore doesn't check that the .metastore file only changes +# perms of files in the current directory. It's ok to trust the .metastore +# file won't do anything shady, because, as documented, etckeeper-init +# should only be run on repositories you trust. +if [ -e .metadata ]; then + metastore --apply --mtime +fi diff --git a/hg/init.d/40git-init b/hg/init.d/40git-init new file mode 100644 index 0000000..69867c4 --- /dev/null +++ b/hg/init.d/40git-init @@ -0,0 +1,6 @@ +#!/bin/sh +set -e +if [ ! -e .git ]; then + git-init + echo "$(hostname) /etc repository" > .git/description +fi diff --git a/hg/init.d/50git-ignore b/hg/init.d/50git-ignore new file mode 100644 index 0000000..f931592 --- /dev/null +++ b/hg/init.d/50git-ignore @@ -0,0 +1,22 @@ +#!/bin/sh +set -e +if [ ! -e .gitignore ]; then + cat >.gitignore <<EOF +*~ + +# new and old versions of conffiles, stored by dpkg +*.dpkg-* + +# mount(8) records system state here, no need to keep these in git +blkid.tab +blkid.tab.old + +# some other files in /etc that typically do not need to be tracked +ld.so.cache +mtab +.pwd.lock +network/run +adjtime + +EOF +fi diff --git a/hg/init.d/50git-perm b/hg/init.d/50git-perm new file mode 100644 index 0000000..564e489 --- /dev/null +++ b/hg/init.d/50git-perm @@ -0,0 +1,3 @@ +#!/bin/sh +set -e +chmod 700 .git diff --git a/hg/init.d/50git-pre-commit-hook b/hg/init.d/50git-pre-commit-hook new file mode 100644 index 0000000..0efd5e4 --- /dev/null +++ b/hg/init.d/50git-pre-commit-hook @@ -0,0 +1,15 @@ +#!/bin/sh +set -e +if [ -x .git/hooks/pre-commit ]; then + if ! grep -q "etckeeper pre-commit" .git/hooks/pre-commit; then + echo "etckeeper warning: .git/hooks/pre-commit needs to be manually modifed to run: etckeeper pre-commit `pwd`" >&2 + fi +else + cat >.git/hooks/pre-commit <<EOF +#!/bin/sh +# pre-commit hook for etckeeper, to store metadata and do sanity checks +set -e +etckeeper pre-commit `pwd` +EOF + chmod +x .git/hooks/pre-commit +fi diff --git a/hg/init.d/70git-add b/hg/init.d/70git-add new file mode 100644 index 0000000..06504b4 --- /dev/null +++ b/hg/init.d/70git-add @@ -0,0 +1,5 @@ +#!/bin/sh +set -e +if ! git-add .; then + echo "etckeeper warning: git-add failed" >&2 +fi diff --git a/hg/init.d/README b/hg/init.d/README new file mode 100644 index 0000000..90aec67 --- /dev/null +++ b/hg/init.d/README @@ -0,0 +1,13 @@ +Executable files in this directory are run to initialise the working directory +for use by etckeeper. If the working directory is not already in version +control, that includes setting up the version control, but not actually +committing anything. If the working directory is in version control, +it includes applying stored metadata to the checked out files in the +working directory. + +Please be careful to *never* overwrite existing files/directories +in the working directory (or use absolute care when doing so). If a file +you need to write already exists, check if its contents are sane, and +if not, emit a warning on stderr. + +If initialisation fails, exit nonzero and no later files will be run. diff --git a/hg/post-apt.d/10git-test b/hg/post-apt.d/10git-test new file mode 100644 index 0000000..e72f195 --- /dev/null +++ b/hg/post-apt.d/10git-test @@ -0,0 +1,6 @@ +#!/bin/sh +set -e +if [ ! -d .git ]; then + echo "etckeeper warning: etckeeper is not yet enabled for $(pwd)" >&2 + echo "etckeeper warning: run etckeeper init to enable it" >&2 +fi diff --git a/hg/post-apt.d/30git-add b/hg/post-apt.d/30git-add new file mode 100644 index 0000000..79aa406 --- /dev/null +++ b/hg/post-apt.d/30git-add @@ -0,0 +1,7 @@ +#!/bin/sh +set -e +if [ -d .git ]; then + if ! git-add .; then + echo "etckeeper warning: git-add failed" >&2 + fi +fi diff --git a/hg/post-apt.d/40git-rm b/hg/post-apt.d/40git-rm new file mode 100644 index 0000000..680dac0 --- /dev/null +++ b/hg/post-apt.d/40git-rm @@ -0,0 +1,12 @@ +#!/bin/sh +set -e + +TAB=" " + +if [ -d .git ]; then + for file in $(git ls-files --deleted); do + if [ ! -d "$file" ]; then + git rm --quiet "$file" + fi + done +fi diff --git a/hg/post-apt.d/50git-commit b/hg/post-apt.d/50git-commit new file mode 100644 index 0000000..1a5c55a --- /dev/null +++ b/hg/post-apt.d/50git-commit @@ -0,0 +1,12 @@ +#!/bin/sh +set -e + +if [ -d .git ]; then + + # TODO: figure out what packages were acted on by the apt run, and + # include that info in the commit message + message="committing changes after apt run" + + # ignore exit code since it exits nonzero if there is nothing to do + git commit $GIT_COMMIT_OPTIONS -m "$message" || true +fi diff --git a/hg/post-apt.d/README b/hg/post-apt.d/README new file mode 100644 index 0000000..befa5c0 --- /dev/null +++ b/hg/post-apt.d/README @@ -0,0 +1,2 @@ +Files in this directory are run after apt has run. They should commit +changes and new files in /etc to repository. diff --git a/hg/pre-apt.d/50uncommitted-changes b/hg/pre-apt.d/50uncommitted-changes new file mode 100644 index 0000000..d39401c --- /dev/null +++ b/hg/pre-apt.d/50uncommitted-changes @@ -0,0 +1,22 @@ +#!/bin/sh +set -e +if [ -d .git ] && ! LANG=C git-status 2>&1 | grep -q "working directory clean"; then + . /usr/share/debconf/confmodule + db_capb escape + db_title etckeeper + + db_reset etckeeper/unclean || true + db_subst etckeeper/unclean STATUS $(git-status | debconf-escape -e) || true + db_input critical etckeeper/unclean || true + db_go || true + db_get etckeeper/unclean + if [ "$RET" = true ]; then + git add . + if ! git commit $GIT_COMMIT_OPTIONS -m "saving uncommitted changes in /etc prior to apt run"; then + db_input critical etckeeper/commit_failed || true + db_go || true + db_reset etckeeper/commit_failed || true + fi + fi + db_reset etckeeper/unclean || true +fi diff --git a/hg/pre-apt.d/README b/hg/pre-apt.d/README new file mode 100644 index 0000000..47001b4 --- /dev/null +++ b/hg/pre-apt.d/README @@ -0,0 +1,2 @@ +Files in this directory are run before apt is run. This is mostly used for +sanity checks, ie, does /etc have any uncommitted changes? diff --git a/hg/pre-commit.d/20store-empty-directory b/hg/pre-commit.d/20store-empty-directory new file mode 100644 index 0000000..e0f9538 --- /dev/null +++ b/hg/pre-commit.d/20store-empty-directory @@ -0,0 +1,19 @@ +#!/bin/sh +set -e + +# Make sure the file is not readable by others, since it can leak +# information about contents of non-readable directories in /etc. +umask 077 + +if [ -e .etckeeper ]; then + egrep -v '^mkdir ' .etckeeper > .etckeeper.new || true +fi +find -type d -empty | grep -v /.git/ | sort | + sed -e "s/^/mkdir -p '/" -e "s/\$/'/" >> .etckeeper.new + +if [ ! -e .etckeeper ] || ! cmp -s .etckeeper .etckeeper.new ; then + mv -f .etckeeper.new .etckeeper + git add .etckeeper +else + rm -f .etckeeper.new +fi diff --git a/hg/pre-commit.d/20warn-hardlinks b/hg/pre-commit.d/20warn-hardlinks new file mode 100644 index 0000000..3dd7a96 --- /dev/null +++ b/hg/pre-commit.d/20warn-hardlinks @@ -0,0 +1,7 @@ +#!/bin/sh +set -e +hardlinks=$(find -type f -not -links 1 | grep -v /.git/) || true +if [ -n "$hardlinks" ]; then + echo "etckeeper warning: hardlinked files could cause problems with git:" >&2 + echo "$hardlinks" >&2 +fi diff --git a/hg/pre-commit.d/20warn-special-file b/hg/pre-commit.d/20warn-special-file new file mode 100644 index 0000000..cb4d019 --- /dev/null +++ b/hg/pre-commit.d/20warn-special-file @@ -0,0 +1,9 @@ +#!/bin/sh +set -e +special=$(find -not -type d -not -type f -not -type l | grep -v /.git/) || true +if [ -n "$special" ]; then + echo "etckeeper warning: special files could cause problems with git:" >&2 + echo "$special" >&2 +fi + +true diff --git a/hg/pre-commit.d/30store-metadata b/hg/pre-commit.d/30store-metadata new file mode 100644 index 0000000..b878abd --- /dev/null +++ b/hg/pre-commit.d/30store-metadata @@ -0,0 +1,18 @@ +#!/bin/sh +set -e + +# Make sure the file is not readable by others, since it can leak +# information about contents of non-readable directories in /etc. +umask 077 + +# ensure the file exists so that it will list its own metadata +if [ ! -e .metadata ]; then + metastore --save +fi + +# metastore doesn't produce the same output file for the same metadata +# everytime, so avoid changing the file if nothing really changed. +if [ ! -z "$(metastore --compare)" ]; then + metastore --save + git add .metadata +fi diff --git a/hg/pre-commit.d/README b/hg/pre-commit.d/README new file mode 100644 index 0000000..051d094 --- /dev/null +++ b/hg/pre-commit.d/README @@ -0,0 +1,2 @@ +This is run by a git pre-commit hook before committing changes to the +repository. This can be used for storing metadata, and for sanity checks. |