(DIR) <- Back
# etc management on OpenBSD
Last modification on 2024-04-05
(HTM) Unfortunately, the widely used tool »etckeeper«
has not been ported to OpenBSD (yet? *x-doubt*). After taking a look at the
codebase and functionality, I decided that it won't be worth porting, and there
may be simpler, less sucking, solutions to achieve everything the tool should
do, at least for me.
First, initialize */etc* as a git repository. Beware of some binary files in
etc: adjust the git ignore list accordingly.
⚠️ Also, as usual, beware of possible information leaks when publishing
configuration repositories on the interwebz!
```
# git init
# cat << EOF > .gitignore
> firmware/
> mail/aliases.db
> pwd.db
> random.seed
> spwd.db
> EOF
> [...]
# git add .
# git commit -m "initial commit"
```
Then add two shell scripts in */usr/local/sbin* to cheaply hook *pkg_add(1)*
and *pkg_delete(1)*:
```
# cat << EOF > /usr/local/sbin/pkg_add
#!/bin/sh
git -C /etc add /etc
[i|git -C /etc commit -a -m "(pre) [by $(ls -ld $(tty) | awk '{print $3}')] $(basename $0): $@"||drkhsh.at|70
]
/usr/sbin/$(basename $0) "$@"
git -C /etc add /etc
[i|git -C /etc commit -a -m "(post) [by $(ls -ld $(tty) | awk '{print $3}')] $(basename $0): $@"||drkhsh.at|70
]
# chmod +x /usr/local/bin/pkg_add
# ln -s /usr/local/bin/pkg_{add,delete}
```
The script's user detection works also when invoked by *doas(1)* by checking the
tty's owner.
⚠️ Adjust the *$PATH* environment variable in */root/.profile*: Move
*/usr/local/sbin/* before */usr/sbin* to execute the wrapper script:
`PATH=/usr/local/sbin:/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin:/usr/local/bin`
Finally, add a *cron(8)* entry for the root user, to commit any occurring
changes in */etc* daily with a timestamp. When nothing is changed, no commits
are made. Everything is logged to *syslog* conveniently.
```
# crontab -e -u root
SHELL=/bin/sh
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin
[...]
[i|0 * * * -s git -C /etc add /etc && git -C /etc commit -a -m "cron: $(date)" | egrep -v "On branch master|nothing to commit, working tree clean"||drkhsh.at|70
]
[...]
```
Maybe someone could find this useful for managing puffy environments. 🐡
Keep in mind, that one downside to this approach is that OpenBSD chroot's some
programs to */var* which won't be tracked by git.
.