drkhsh.at

 (DIR) << back
       
       etc management on OpenBSD
       =========================
       Unfortunately, the widely used tool [etckeeper](https://etckeeper.branchable.com/)
       has not been ported to OpenBSD (yet? *x-doubt*). After taking a look at the
       codebase and functionality, I decided that it won't be worth porting, and there
       may be simpler, less sucking, solutions to achieve everything the tool should
       do, at least for me.
       
       First, initialize */etc* as a git repository. Beware of some binary files in
       etc: adjust the git ignore list accordingly.
       
       > [!Warning]
       > Also, as usual, beware of possible information leaks when publishing
       > configuration repositories on the interwebz!
       
       ```
       # git init
       # cat
 (HTM)  
       > firmware/
       > mail/aliases.db
       > pwd.db
       > random.seed
       > spwd.db
       > EOF
       > [...]
       # git add .
       # git commit -m "initial commit"
       ```
       
       Then add two shell scripts in */usr/local/sbin* to cheaply hook *pkg_add(1)*
       and *pkg_delete(1)*:
       
       ```
       # cat
 (HTM)  
       #!/bin/sh
       git -C /etc add /etc
       git -C /etc commit -a -m "(pre) [by $(ls -ld $(tty) | \
           awk '{print $3}')] $(basename $0): $@"
       /usr/sbin/$(basename $0) "$@"
       git -C /etc add /etc
       git -C /etc commit -a -m "(post) [by $(ls -ld $(tty) | \
           awk '{print $3}')] $(basename $0): $@"
       # chmod +x /usr/local/bin/pkg_add
       # ln -s /usr/local/bin/pkg_{add,delete}
       ```
       
       The script's user detection works also when invoked by *doas(1)* by checking the
       tty's owner.
       
       Adjust the *$PATH* environment variable in */root/.profile*: Move
       */usr/local/sbin/* before */usr/sbin* to execute the wrapper script.
       
       `PATH=/usr/local/sbin:/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/bin`
       
       Finally, add a *cron(8)* entry for the root user, to commit any occurring
       changes in */etc* daily with a timestamp. When nothing is changed, no commits
       are made. Everything is logged to *syslog* conveniently.
       
       ```
       # crontab -e -u root
       SHELL=/bin/sh
       PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin
       [...]
       
       0 * * * -s git -C /etc add /etc && \
           git -C /etc commit -a -m "cron: $(date)" | \
           egrep -v "On branch master|nothing to commit, working tree clean"
       
       [...]
       ```
       
       Maybe someone could find this useful for managing puffy environments. 🐡
       
       Keep in mind, that one downside to this approach is that OpenBSD chroot's some
       programs to */var* which won't be tracked by git.
       
       
       ---------------------------------------------------------------=|
       powered by openbsd & geomyidae(8) | accessible via tls & tor
       (c) 2016-2025 drkhsh. CC BY-NC-SA 4.0