|The common prefix. |
|#define||FSVS_PROP_COMMIT_PIPE FSVS_PROP_PREFIX "commit-pipe"|
|The name for the commit-pipe property. |
|#define||FSVS_PROP_UPDATE_PIPE FSVS_PROP_PREFIX "update-pipe"|
|The name of the update-pipe property. |
|#define||FSVS_PROP_INSTALL_CMD FSVS_PROP_PREFIX "install"|
|Local install commandline. |
|#define||FSVS_PROP_ORIG_MD5 FSVS_PROP_PREFIX "original-md5"|
|The MD5 of the original (un-encoded) data. |
These are used only by
subversion doesn't know them.
|#define FSVS_PROP_COMMIT_PIPE FSVS_PROP_PREFIX "commit-pipe"|
The name for the commit-pipe property.
If this property is set for a file, this file gets filtered by the given command on its way to the repository. This is mostly used for backups, to protect data.
To make that easier to understand, here's an example. You're versioning your
cd /etc fsvs urls <your repository url>
That means that
/etc/ssh/ssh_host_key and so on would all get transmitted to the repository. Now we could say that if the machine crashes hard, a changed ssh-key is the least of our worries - so we simply exclude it from backup.
fsvs ignore './ssh/ssh_host_*key'
But the users' passwords and similar should not be lost - so we use
gpg to encrypt them on backup. You generate a key, whose private key gets kept in a secure place, but not (only) on this machine; because if the machine gets damaged, the backups could no longer be decrypted.
gpg --import-key ..... fsvs propset fsvs:commit-pipe 'gpg -er <backup-key>' shadow
The only thing left is to take the first backup:
gpgcompresses the files before encryption, so it won't be that bad.)
You might be interested in exported environment variables, too.
|#define FSVS_PROP_INSTALL_CMD FSVS_PROP_PREFIX "install"|
Local install commandline.
This is used after the temporary file (which had possibly used FSVS_PROP_UPDATE_PIPE) has been written; the normal, internal fsvs operation is approximately this:
chmod $m $tmp- set the stored access mode.
chown $u.$g $tmp || chown $U.$G $tmp- set user and group by the stored strings, and if that fails, by the uid and gid.
touch -t$t $tmp- set the stored access mode.
mv $tmp $destrename to destination name.
You could get a more or less equivalent operation by using
fsvs propset fsvs:update-pipe \ '/usr/bin/install -g$g -o$u -m$m $tmp $dest' \ [paths]
The environment gets prepared as outlined above - you get the variables
$G(group name and gid),
$U(owner name and uid),
$m(octal mode, like
$t(mtime in form yyyymmddHHMM.SS - like used with GNU touch(1)),
$tmp(name of temporary file) and
$dest(destination name) set.
After the given program completed
ENOENTis not seen as an error, in case your install program moved the file), and
|#define FSVS_PROP_ORIG_MD5 FSVS_PROP_PREFIX "original-md5"|
The MD5 of the original (un-encoded) data.
Used for encoded entries, see FSVS_PROP_COMMIT_PIPE.
If we do a sync-repos (or update), we need the cleartext-MD5 to know whether the entry has changed; this entry holds it.
|#define FSVS_PROP_UPDATE_PIPE FSVS_PROP_PREFIX "update-pipe"|
The name of the update-pipe property.
This is the reverse thing to FSVS_PROP_COMMIT_PIPE; it's used in the same way.
Extending the example before:
fsvs propset fsvs:commit-pipe 'gpg -er <backup-key>' shadow fsvs propset fsvs:update-pipe 'gpg -d' shadow