At CSHL, we keep all of our configuration files under revision control. For various reasons (not the least of which being the .svn directories scattered everywhere which really throw off whatever.d config directories, like modprobe.d), we’ve opted to migrate from Subversion to Mercurial. However, it became incredibly apparent that this would be difficult because Mercurial does not retain any file metadata other than the executable bit — no ownership, no modification time, nothing. This meant that we couldn’t update /etc with a working copy converted off of the existing SVN repo, because this would clobber all of our file permissions, among other things.
I had been looking at etckeeper, because it has the ability to manage this metadata. However, it’s only built to manage /etc. On Red Hat systems, for better or for worse, a number of important system configurations live in /var. BIND zone files, OSSEC rulesets, and others are among these. While it didn’t work out for us (yet; development is moving along quickly), etckeeper did lead me to metastore, which etckeeper uses on the backend to track metadata.
metastore is an application by David Hardeman which uses libattr to obtain all of the POSIX extended attributes, including SELinux contexts, present on a file. It then dumps this information into a file separate from the filesystem metadata, in much the same manner as SubInACL.exe on the Windows side (but with more attributes than just file permissions). Simply dump the metadata, update your working copy, restore the metadata from file and presto, you’ve got your working copy, metadata fully intact. Once you version the .metadata file it generates, you can also use your revision control system to monitor permission changes and the like as well.
Rather kindly, the application is written in C, and doesn’t require any complex bindings to run. Just make sure you have libattr installed.
Do note that modification times aren’t dumped by default — you need to specifically use the “-m” flag.
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.