Etckeeper: requesting help with building an OpenWrt package

Is there a good place to hook e.g. uci commit in order to call etckeeper commit?

The arch docs for etckeeper are pretty succint:

There is a security warning in the etckeeper README.mdwn:

## Security warnings

First, a big warning: By checking /etc into version control, you are
creating a copy of files like /etc/shadow that must remain secret. Anytime
you have a copy of a secret file, it becomes more likely that the file
contents won't remain secret. etckeeper is careful about file permissions,
and will make sure that repositories it sets up don't allow anyone but root
to read their contents. However, you *also* must take care when cloning
or copying these repositories, not to allow anyone else to see the data.

Since git mushes all the files into packs under the .git directory, the
whole .git directory content needs to be kept secret. (Ditto for mercurial
and .hg as well as bazaar and .bzr)

Also, since version control systems don't keep track of the mode of files
like the shadow file, it will check out world readable, before etckeeper
fixes the permissions. The tutorial has some examples of safe ways to avoid
these problems when cloning an /etc repository.

Also note that `etckeeper init` runs code stored in the repository.
So don't use it on repositories from untrusted sources.
  • also:
    ## sudo integration
    etckeeper will notice if it's being run by way of sudo, and makes a commit with the author set to the user who sudoed to root. This is useful when a system has multiple admins; as long as they use sudo while doing their administration, and run `sudo etckeeper commit` to commit their changes, `git blame` can show who was responsible for each change.

Is there a minified package of etckeeper that compiles?

from OpenWrt in Docker (openwrt/docker, docker-openwrt) best practices, LuCI [app] development, PQ Post-Quantum crypto (!RSA,) (2023) - #2 by westurner ::