Why I am not enthused about etckeeper and similar systems

December 8, 2009

There are a number of programs like etckeeper, systems for keeping your /etc and similar things in various forms of version control system repositories. I'm not enthused about any of them as compared to, say, keeping selected files in /etc in RCS, because I see several problems with them.

First off, you're fighting with your regular package management system; both it and your etckeeper system feel that they own files in /etc and can change them. Even if you try to integrate the two systems together, my general experience is that this is going to cause you and your system heartburn in the long run.

Next is the mixed directory problem of shoving a lot of otherwise unrelated files into a single repository. (That one's big enough that I gave it its own entry.)

Finally is the problem that as far as I know, no current VCS natively preserves all of the file attributes that you want preserved for files in /etc and other system areas. You really do want the permissions, the ownership, and at least the modification timestamp preserved, and these days you may need ACLs and security labels and so on as well. While some systems will try to preserve (some of) this information, they're doing so outside of the VCS itself, and un-integrated workarounds of VCS limitations generally have their own problems.

All of this seems like a lot of work and problems in exchange for what is basically a point in time history of /etc, with the ability to revert things under certain circumstances. (Basically, as long as there are not package updates or changes that you would also need to roll back.)

Now, to be fair I should present the other view.

The devil's advocate view is that using a system like this is easier than using RCS on everything that you change, and it also gives you a history of what the packaging system changed. You can get around many of the file attribute problems most of the time by using a VCS that never alters the live version of the file unless you explicitly tell it to; then the workarounds are only necessary if you have to revert to an older version of a file, and you can assume that that's a rare event.

Written on 08 December 2009.
« Why whitelists (and blacklists) are long-term poison for online systems
My views on inheritance versus interface »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Tue Dec 8 01:08:18 2009
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.