blob: 5b8bd37172c961793bc17b8076cc7b0b8df3974f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
#!/bin/sh
set -e
if [ "$VCS" = git ] || [ "$VCS" = hg ] || [ "$VCS" = bzr ]; then
# ensure the file exists so that it will list its own metadata
if [ ! -e .fix-metadata ]; then
touch .fix-metadata
# Make sure the file is not readable by others, since it can leak
# information about contents of non-readable directories in /etc.
chmod 700 .fix-metadata
fi
echo "# Generated by etckeeper." > .fix-metadata
echo >> .fix-metadata
# Any files that aren't owner=root, group=root, or mode=0644 or 0755
# will be fixed by the .fix-metadata script. Let's generate it.
# Find all files and directories that don't have root as the owner
# Need to be sure UNKNOWN users and groups don't end up in the .fix-metadata
# file because chown and chgrp will choke on it.
output=$(find /etc \! -user root -exec stat --format="chown %U {}" {} \; | sort)
if [ -n "$output" ]; then
echo "$output" | grep "^chown UNKNOWN" >&2 || true
echo "$output" | grep -v "^chown UNKNOWN" >> .fix-metadata || true
fi
# Find all files and directories that don't have root as the group
output=$(find /etc \! -group root -exec stat --format="chgrp %G {}" {} \; | sort)
if [ -n "$output" ]; then
echo "$output" | grep "^chgrp UNKNOWN" >&2 || true
echo "$output" | grep -v "^chgrp UNKNOWN" >> .fix-metadata || true
fi
# Find all directories that aren't 0755
find /etc -type d \! -perm 0755 -exec stat --format="chmod %a {}" {} \; \
| sort >> .fix-metadata
# Find all files that aren't either 0644 or 0755 (git keeps track of the
# executable bit so we don't have to). All the files in the
# /etc/.git/objects directory are 0444 so we'll specifically avoid it.
find /etc -wholename /etc/.git -prune -o \
-type f \! -perm 0644 \! -perm 0755 -exec stat --format="chmod %a {}" {} \; \
| sort >> .fix-metadata
# NOTE: we don't handle xattrs!
# Maybe check for getfattr/setfattr and use them if they're available?
# stage the file as part of the current commit
if [ "$VCS" = git ]; then
# this will do nothing if the metadata file is unchanged.
git add .fix-metadata
fi
# hg and bzr add not done, they will automatically
# include the file in the current commit
fi
|
