Etckeeper: requesting help with building an OpenWrt package

For Developers
1

Hello all,

I've been using OpenWRT for over a year now, and absolutely love the capability and flexibility it provides. On all my other *nix systems, I use etckeeper and git to provide version management of /etc, and would like to do the same on my OpenWRT systems.

I've managed to get etckeeper installed manually on an emulated instance of OpenWRT, and successfully version controlled the /etc folder on my git server. I've posted detailed to GitHub on how to manually install etckeeper.

The post reference above also contains everything I've pulled together thus far in an attempt to create an OpenWRT package for etckeeper. I've followed the documentation available on OpenWRT's website for building packages, including helloworld, but still cannot get it to work.

I realize that the package is incomplete, but when I attempt to build I get the following error:

Makefile:19: /package.mk: No such file or directory
make[1]: *** No rule to make target '/package.mk'.  Stop.

Every other package Makefile I've browsed on GitHub contains the same line [19] include $(INCLUDE_DIR)/package.mk, so I'm not sure what the issue is.

I was hoping that this would be fairly straightforward since etckeeper (at least to use git) is just shell scripts with no compilation necessary. Unfortunately I'm not sure how to go forward.

Any and all help would be greatly appreciated.

Thanks,

1 Like
2

You'll need a skeletal package Makefile. Since it's all scripts, just put them into the your_package/files/ directory and say where to install them.

Not that this is the "best" example, but https://github.com/openwrt/packages/blob/openwrt-18.06/net/vpnc-scripts/Makefile is a one template for how to install files.

https://openwrt.org/docs/guide-developer/packages can provide some more insight. The build system makefiles and scripts are generally found in path/to/openwrt/include/

(As a side note, I manually manage /etc/ using git, though it is something of a large package.)

3

Is there a good place to hook e.g. uci commit in order to call etckeeper commit?

The arch docs for etckeeper are pretty succint:

There is a security warning in the etckeeper README.mdwn:

## Security warnings

First, a big warning: By checking /etc into version control, you are
creating a copy of files like /etc/shadow that must remain secret. Anytime
you have a copy of a secret file, it becomes more likely that the file
contents won't remain secret. etckeeper is careful about file permissions,
and will make sure that repositories it sets up don't allow anyone but root
to read their contents. However, you *also* must take care when cloning
or copying these repositories, not to allow anyone else to see the data.

Since git mushes all the files into packs under the .git directory, the
whole .git directory content needs to be kept secret. (Ditto for mercurial
and .hg as well as bazaar and .bzr)

Also, since version control systems don't keep track of the mode of files
like the shadow file, it will check out world readable, before etckeeper
fixes the permissions. The tutorial has some examples of safe ways to avoid
these problems when cloning an /etc repository.

Also note that `etckeeper init` runs code stored in the repository.
So don't use it on repositories from untrusted sources.
  • also:
    ## sudo integration
etckeeper will notice if it's being run by way of sudo, and makes a commit with the author set to the user who sudoed to root. This is useful when a system has multiple admins; as long as they use sudo while doing their administration, and run `sudo etckeeper commit` to commit their changes, `git blame` can show who was responsible for each change.

Is there a minified package of etckeeper that compiles?

from OpenWrt in Docker (openwrt/docker, docker-openwrt) best practices, LuCI [app] development, PQ Post-Quantum crypto (!RSA,) (2023) - #2 by westurner ::