Config files in etc need updating
(As you do so, you also have the added safety net of The first line will show you the files modified since the last check-in &mdash hopefully only the files you intended to modify, although this is a good point to check to make sure an inadvertent change didn’t happen. Not only to you have your brief description of what you did but you also have the exact changes made to the configuration files.
The second line will copy changes to the /server-rcs directory into the RCS along with the free-text note describing why you made the change. If a change doesn’t work out, you have easy access to past configurations that allow you to revert back to a previous state.
Note that there is no file locking going on here, so there is a remote chance that the /server-rcs version (but not the /var/lib/portage version) could get corrupted. With the /server-rcs directory prepared, we now just need to get it into the RCS.
These are Subversion commands: Because of the in-place import problem for pre-existing directories (described earlier), we likely had to create some of the repository directory structure already.
Our servers are generally configured with few filesystems, so in many cases the files we need to track in the RCS are within the same filesystem and we can use hard links to put them into the /server-rcs directory.
Questions of who did what when and why can be exacerbated by the lack of physical proximity — in other words, I can’t simply yell over the cubical wall to the colleague down the hall to ask him about the new package installed on the server.We are using the Subversion RCS, but the same concepts apply whether you are using other systems (such as CVS or Arch).The RCS will want to act on a single directory tree, but in most cases our configuration files are spread out over the file system. (The portage “world” file, a record of everything installed on your system, for instance, is in /var/lib/portage.) What we do is create a directory called /server-rcs that will be managed by the RCS, and in that directory is copies or links to all of the configuration files on the system.The first that runs in the off-hours via cron that syncs the local portage copy, download and compiles updated packages, and stages ready-to-install binary distributions of those updates.The second piece has the human interface: seeing the list of updated packages in the staging area, selecting which to install, and prompting the sysadmin to install any updates as a result of Gentoo Linux Security Announcements (GLSAs).