summaryrefslogtreecommitdiff
path: root/hg
diff options
context:
space:
mode:
Diffstat (limited to 'hg')
-rw-r--r--hg/init.d/10restore-etckeeper8
-rw-r--r--hg/init.d/20restore-metadata10
-rw-r--r--hg/init.d/40git-init6
-rw-r--r--hg/init.d/50git-ignore22
-rw-r--r--hg/init.d/50git-perm3
-rw-r--r--hg/init.d/50git-pre-commit-hook15
-rw-r--r--hg/init.d/70git-add5
-rw-r--r--hg/init.d/README13
-rw-r--r--hg/post-apt.d/10git-test6
-rw-r--r--hg/post-apt.d/30git-add7
-rw-r--r--hg/post-apt.d/40git-rm12
-rw-r--r--hg/post-apt.d/50git-commit12
-rw-r--r--hg/post-apt.d/README2
-rw-r--r--hg/pre-apt.d/50uncommitted-changes22
-rw-r--r--hg/pre-apt.d/README2
-rw-r--r--hg/pre-commit.d/20store-empty-directory19
-rw-r--r--hg/pre-commit.d/20warn-hardlinks7
-rw-r--r--hg/pre-commit.d/20warn-special-file9
-rw-r--r--hg/pre-commit.d/30store-metadata18
-rw-r--r--hg/pre-commit.d/README2
20 files changed, 200 insertions, 0 deletions
diff --git a/hg/init.d/10restore-etckeeper b/hg/init.d/10restore-etckeeper
new file mode 100644
index 0000000..376524c
--- /dev/null
+++ b/hg/init.d/10restore-etckeeper
@@ -0,0 +1,8 @@
+#!/bin/sh
+set -e
+
+# Yes, this runs code from the repository. As documented, etckeeper-init
+# should only be run on repositories you trust.
+if [ -e .etckeeper ]; then
+ . ./.etckeeper
+fi
diff --git a/hg/init.d/20restore-metadata b/hg/init.d/20restore-metadata
new file mode 100644
index 0000000..01c45e4
--- /dev/null
+++ b/hg/init.d/20restore-metadata
@@ -0,0 +1,10 @@
+#!/bin/sh
+set -e
+
+# Note that metastore doesn't check that the .metastore file only changes
+# perms of files in the current directory. It's ok to trust the .metastore
+# file won't do anything shady, because, as documented, etckeeper-init
+# should only be run on repositories you trust.
+if [ -e .metadata ]; then
+ metastore --apply --mtime
+fi
diff --git a/hg/init.d/40git-init b/hg/init.d/40git-init
new file mode 100644
index 0000000..69867c4
--- /dev/null
+++ b/hg/init.d/40git-init
@@ -0,0 +1,6 @@
+#!/bin/sh
+set -e
+if [ ! -e .git ]; then
+ git-init
+ echo "$(hostname) /etc repository" > .git/description
+fi
diff --git a/hg/init.d/50git-ignore b/hg/init.d/50git-ignore
new file mode 100644
index 0000000..f931592
--- /dev/null
+++ b/hg/init.d/50git-ignore
@@ -0,0 +1,22 @@
+#!/bin/sh
+set -e
+if [ ! -e .gitignore ]; then
+ cat >.gitignore <<EOF
+*~
+
+# new and old versions of conffiles, stored by dpkg
+*.dpkg-*
+
+# mount(8) records system state here, no need to keep these in git
+blkid.tab
+blkid.tab.old
+
+# some other files in /etc that typically do not need to be tracked
+ld.so.cache
+mtab
+.pwd.lock
+network/run
+adjtime
+
+EOF
+fi
diff --git a/hg/init.d/50git-perm b/hg/init.d/50git-perm
new file mode 100644
index 0000000..564e489
--- /dev/null
+++ b/hg/init.d/50git-perm
@@ -0,0 +1,3 @@
+#!/bin/sh
+set -e
+chmod 700 .git
diff --git a/hg/init.d/50git-pre-commit-hook b/hg/init.d/50git-pre-commit-hook
new file mode 100644
index 0000000..0efd5e4
--- /dev/null
+++ b/hg/init.d/50git-pre-commit-hook
@@ -0,0 +1,15 @@
+#!/bin/sh
+set -e
+if [ -x .git/hooks/pre-commit ]; then
+ if ! grep -q "etckeeper pre-commit" .git/hooks/pre-commit; then
+ echo "etckeeper warning: .git/hooks/pre-commit needs to be manually modifed to run: etckeeper pre-commit `pwd`" >&2
+ fi
+else
+ cat >.git/hooks/pre-commit <<EOF
+#!/bin/sh
+# pre-commit hook for etckeeper, to store metadata and do sanity checks
+set -e
+etckeeper pre-commit `pwd`
+EOF
+ chmod +x .git/hooks/pre-commit
+fi
diff --git a/hg/init.d/70git-add b/hg/init.d/70git-add
new file mode 100644
index 0000000..06504b4
--- /dev/null
+++ b/hg/init.d/70git-add
@@ -0,0 +1,5 @@
+#!/bin/sh
+set -e
+if ! git-add .; then
+ echo "etckeeper warning: git-add failed" >&2
+fi
diff --git a/hg/init.d/README b/hg/init.d/README
new file mode 100644
index 0000000..90aec67
--- /dev/null
+++ b/hg/init.d/README
@@ -0,0 +1,13 @@
+Executable files in this directory are run to initialise the working directory
+for use by etckeeper. If the working directory is not already in version
+control, that includes setting up the version control, but not actually
+committing anything. If the working directory is in version control,
+it includes applying stored metadata to the checked out files in the
+working directory.
+
+Please be careful to *never* overwrite existing files/directories
+in the working directory (or use absolute care when doing so). If a file
+you need to write already exists, check if its contents are sane, and
+if not, emit a warning on stderr.
+
+If initialisation fails, exit nonzero and no later files will be run.
diff --git a/hg/post-apt.d/10git-test b/hg/post-apt.d/10git-test
new file mode 100644
index 0000000..e72f195
--- /dev/null
+++ b/hg/post-apt.d/10git-test
@@ -0,0 +1,6 @@
+#!/bin/sh
+set -e
+if [ ! -d .git ]; then
+ echo "etckeeper warning: etckeeper is not yet enabled for $(pwd)" >&2
+ echo "etckeeper warning: run etckeeper init to enable it" >&2
+fi
diff --git a/hg/post-apt.d/30git-add b/hg/post-apt.d/30git-add
new file mode 100644
index 0000000..79aa406
--- /dev/null
+++ b/hg/post-apt.d/30git-add
@@ -0,0 +1,7 @@
+#!/bin/sh
+set -e
+if [ -d .git ]; then
+ if ! git-add .; then
+ echo "etckeeper warning: git-add failed" >&2
+ fi
+fi
diff --git a/hg/post-apt.d/40git-rm b/hg/post-apt.d/40git-rm
new file mode 100644
index 0000000..680dac0
--- /dev/null
+++ b/hg/post-apt.d/40git-rm
@@ -0,0 +1,12 @@
+#!/bin/sh
+set -e
+
+TAB=" "
+
+if [ -d .git ]; then
+ for file in $(git ls-files --deleted); do
+ if [ ! -d "$file" ]; then
+ git rm --quiet "$file"
+ fi
+ done
+fi
diff --git a/hg/post-apt.d/50git-commit b/hg/post-apt.d/50git-commit
new file mode 100644
index 0000000..1a5c55a
--- /dev/null
+++ b/hg/post-apt.d/50git-commit
@@ -0,0 +1,12 @@
+#!/bin/sh
+set -e
+
+if [ -d .git ]; then
+
+ # TODO: figure out what packages were acted on by the apt run, and
+ # include that info in the commit message
+ message="committing changes after apt run"
+
+ # ignore exit code since it exits nonzero if there is nothing to do
+ git commit $GIT_COMMIT_OPTIONS -m "$message" || true
+fi
diff --git a/hg/post-apt.d/README b/hg/post-apt.d/README
new file mode 100644
index 0000000..befa5c0
--- /dev/null
+++ b/hg/post-apt.d/README
@@ -0,0 +1,2 @@
+Files in this directory are run after apt has run. They should commit
+changes and new files in /etc to repository.
diff --git a/hg/pre-apt.d/50uncommitted-changes b/hg/pre-apt.d/50uncommitted-changes
new file mode 100644
index 0000000..d39401c
--- /dev/null
+++ b/hg/pre-apt.d/50uncommitted-changes
@@ -0,0 +1,22 @@
+#!/bin/sh
+set -e
+if [ -d .git ] && ! LANG=C git-status 2>&1 | grep -q "working directory clean"; then
+ . /usr/share/debconf/confmodule
+ db_capb escape
+ db_title etckeeper
+
+ db_reset etckeeper/unclean || true
+ db_subst etckeeper/unclean STATUS $(git-status | debconf-escape -e) || true
+ db_input critical etckeeper/unclean || true
+ db_go || true
+ db_get etckeeper/unclean
+ if [ "$RET" = true ]; then
+ git add .
+ if ! git commit $GIT_COMMIT_OPTIONS -m "saving uncommitted changes in /etc prior to apt run"; then
+ db_input critical etckeeper/commit_failed || true
+ db_go || true
+ db_reset etckeeper/commit_failed || true
+ fi
+ fi
+ db_reset etckeeper/unclean || true
+fi
diff --git a/hg/pre-apt.d/README b/hg/pre-apt.d/README
new file mode 100644
index 0000000..47001b4
--- /dev/null
+++ b/hg/pre-apt.d/README
@@ -0,0 +1,2 @@
+Files in this directory are run before apt is run. This is mostly used for
+sanity checks, ie, does /etc have any uncommitted changes?
diff --git a/hg/pre-commit.d/20store-empty-directory b/hg/pre-commit.d/20store-empty-directory
new file mode 100644
index 0000000..e0f9538
--- /dev/null
+++ b/hg/pre-commit.d/20store-empty-directory
@@ -0,0 +1,19 @@
+#!/bin/sh
+set -e
+
+# Make sure the file is not readable by others, since it can leak
+# information about contents of non-readable directories in /etc.
+umask 077
+
+if [ -e .etckeeper ]; then
+ egrep -v '^mkdir ' .etckeeper > .etckeeper.new || true
+fi
+find -type d -empty | grep -v /.git/ | sort |
+ sed -e "s/^/mkdir -p '/" -e "s/\$/'/" >> .etckeeper.new
+
+if [ ! -e .etckeeper ] || ! cmp -s .etckeeper .etckeeper.new ; then
+ mv -f .etckeeper.new .etckeeper
+ git add .etckeeper
+else
+ rm -f .etckeeper.new
+fi
diff --git a/hg/pre-commit.d/20warn-hardlinks b/hg/pre-commit.d/20warn-hardlinks
new file mode 100644
index 0000000..3dd7a96
--- /dev/null
+++ b/hg/pre-commit.d/20warn-hardlinks
@@ -0,0 +1,7 @@
+#!/bin/sh
+set -e
+hardlinks=$(find -type f -not -links 1 | grep -v /.git/) || true
+if [ -n "$hardlinks" ]; then
+ echo "etckeeper warning: hardlinked files could cause problems with git:" >&2
+ echo "$hardlinks" >&2
+fi
diff --git a/hg/pre-commit.d/20warn-special-file b/hg/pre-commit.d/20warn-special-file
new file mode 100644
index 0000000..cb4d019
--- /dev/null
+++ b/hg/pre-commit.d/20warn-special-file
@@ -0,0 +1,9 @@
+#!/bin/sh
+set -e
+special=$(find -not -type d -not -type f -not -type l | grep -v /.git/) || true
+if [ -n "$special" ]; then
+ echo "etckeeper warning: special files could cause problems with git:" >&2
+ echo "$special" >&2
+fi
+
+true
diff --git a/hg/pre-commit.d/30store-metadata b/hg/pre-commit.d/30store-metadata
new file mode 100644
index 0000000..b878abd
--- /dev/null
+++ b/hg/pre-commit.d/30store-metadata
@@ -0,0 +1,18 @@
+#!/bin/sh
+set -e
+
+# Make sure the file is not readable by others, since it can leak
+# information about contents of non-readable directories in /etc.
+umask 077
+
+# ensure the file exists so that it will list its own metadata
+if [ ! -e .metadata ]; then
+ metastore --save
+fi
+
+# metastore doesn't produce the same output file for the same metadata
+# everytime, so avoid changing the file if nothing really changed.
+if [ ! -z "$(metastore --compare)" ]; then
+ metastore --save
+ git add .metadata
+fi
diff --git a/hg/pre-commit.d/README b/hg/pre-commit.d/README
new file mode 100644
index 0000000..051d094
--- /dev/null
+++ b/hg/pre-commit.d/README
@@ -0,0 +1,2 @@
+This is run by a git pre-commit hook before committing changes to the
+repository. This can be used for storing metadata, and for sanity checks.