On 2007-06-02 21:45, Maxim Khitrov <[EMAIL PROTECTED]> wrote: > Here's an update on what I ended up going with. I decided to go > with my idea of moving all configuration files to a common > directory, but with a bit of a change. I created /config and > under it base/ and user/. Everything in base/ comes from /etc > and /boot, and the rest goes under user/. I didn't want to mix > the two. So then I created a new subversion repository, but I > set permissions such that only root can read or write to > it. Basically I decided to forbid anyone on the outside from > getting their hands on the repository contents, since it will > be storing things like master.passwd and other sensitive data. > > Once all this was in place I moved all configuration files to > their appropriate locations in /config and created symlinks in > their original location. Everything under /config was then > imported into the subversion repository using the file:// > method. Since I forbid anyone from doing a check-out of the > repository to some external location, I don't need to worry > about file updates except when they are updated in > /config. This simplifies things. What I did to keep the > repository up to date was create a simple sh script that is run > by cron every 10 minutes. The script simply issues 'svn ci > --non-interactive --message "Automatic commit"' command in the > /config directory. So any changes made to the configuration > files are automatically recorded every 10 minutes. > > This works well, but does have a few flaws. First of all, when > I edit files from sftp I have no way to add a meaningful > message to the commit. Not a big deal, and I can always do a > manual commit if I had to. The other thing is that this script > will not auto-add files to the repository. Any new > configuration file that I'd like to have monitored first gets > moved to /config, then has a link created in the original > place, then is added to the repository via 'svn add'. A bit > more work, but I think it's fine. Technically I can automate > the process of adding and removing files from the repository by > using svn status output, but at this point the extra work isn't > worth it. The bigger problem is the fact that subversion does > not store owner and permission settings. That means that if I > ever want to delete the /config directory and recreate it, I > lose all permissions on things like master.passwd. What I did > was add chown and chmod commands to the monitor script for all > files that had non-standard permissions. So those get run along > with the svn ci command every 10 minutes. The alternative was > to use subversion properties, have the script parse those and > apply the appropriate settings. However, since the permissions > have to be set manually anyway there is no advantage to this > over the monitor script, which is also versioned.
The permission and ownership problem is also one of the issues which Subversion (or other SCMs) do not solve for base-system binaries too. See for example the thread: Using Subversion for binary distribution? which was recently present in `freebsd-current'. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"