2 files changed, 57 insertions, 17 deletions

diff --git a/pre-commit.d/30store-metadata b/pre-commit.d/30store-metadata
index 86e974c..5b8bd37 100755
--- a/pre-commit.d/30store-metadata
+++ b/pre-commit.d/30store-metadata
@@ -2,25 +2,58 @@
 set -e
 
 if [ "$VCS" = git ] || [ "$VCS" = hg ] || [ "$VCS" = bzr ]; then
-	# Make sure the file is not readable by others, since it can leak
-	# information about contents of non-readable directories in /etc.
-	umask 077
-
 	# ensure the file exists so that it will list its own metadata
-	if [ ! -e .metadata ]; then
-		metastore --save
+	if [ ! -e .fix-metadata ]; then
+		touch .fix-metadata
+		# Make sure the file is not readable by others, since it can leak
+		# information about contents of non-readable directories in /etc.
+		chmod 700 .fix-metadata
 	fi
 
-	# metastore doesn't produce the same output file for the same metadata
-	# everytime, so avoid changing the file if nothing really changed.
-	if [ ! -z "$(metastore --compare)" ]; then
-		metastore --save
-
-		# stage the file as part of the current commit
-		if [ "$VCS" = git ]; then
-			git add .metadata
-		fi
-		# hg and bzr add not done, they will automatically
-		# include the file in the current commit
+	echo "# Generated by etckeeper." > .fix-metadata
+	echo >> .fix-metadata
+
+
+	# Any files that aren't owner=root, group=root, or mode=0644 or 0755
+	# will be fixed by the .fix-metadata script.  Let's generate it.
+
+	# Find all files and directories that don't have root as the owner
+	# Need to be sure UNKNOWN users and groups don't end up in the .fix-metadata
+	# file because chown and chgrp will choke on it.
+	output=$(find /etc \! -user root -exec stat --format="chown %U {}" {} \; | sort)
+	if [ -n "$output" ]; then
+		echo "$output" | grep "^chown UNKNOWN" >&2 || true
+		echo "$output" | grep -v "^chown UNKNOWN" >> .fix-metadata || true
+	fi
+
+	# Find all files and directories that don't have root as the group
+	output=$(find /etc \! -group root -exec stat --format="chgrp %G {}" {} \; | sort)
+	if [ -n "$output" ]; then
+		echo "$output" | grep "^chgrp UNKNOWN" >&2 || true
+		echo "$output" | grep -v "^chgrp UNKNOWN" >> .fix-metadata || true
+	fi
+
+	# Find all directories that aren't 0755
+	find /etc -type d \! -perm 0755 -exec stat --format="chmod %a {}" {} \; \
+		| sort >> .fix-metadata
+
+	# Find all files that aren't either 0644 or 0755 (git keeps track of the
+	# executable bit so we don't have to).  All the files in the
+	# /etc/.git/objects directory are 0444 so we'll specifically avoid it.
+	find /etc -wholename /etc/.git -prune -o \
+		-type f \! -perm 0644 \! -perm 0755 -exec stat --format="chmod %a {}" {} \; \
+		| sort >> .fix-metadata
+
+
+	# NOTE: we don't handle xattrs!
+	# Maybe check for getfattr/setfattr and use them if they're available?
+
+
+	# stage the file as part of the current commit
+	if [ "$VCS" = git ]; then
+		# this will do nothing if the metadata file is unchanged.
+		git add .fix-metadata
 	fi
+	# hg and bzr add not done, they will automatically
+	# include the file in the current commit
 fi
diff --git a/pre-commit.d/40warn-old-metadata b/pre-commit.d/40warn-old-metadata
new file mode 100755
index 0000000..374dd7b
--- /dev/null
+++ b/pre-commit.d/40warn-old-metadata
@@ -0,0 +1,7 @@
+#!/bin/sh
+set -e
+
+# Tell the user if the .metadata binary file is still lying around.
+if [ -f .metadata ] && [ -f .fix-metadata ]; then
+	echo "etckeeper warning: The .metadata file is obsolete.  You should delete it." >&2
+fi