aconfmgr - A configuration manager for Arch Linux

CyberShadow · 2016-09-16 07:44:29

aconfmgr is a package to track, manage, and restore the configuration of an Arch Linux system. Its goals are:

- Quickly configure a new system, or restore an existing system according to a saved configuration
- Track temporary/undesired changes to the system's configuration
- Identify obsolete packages and maintain a lean system

aconfmgr tracks the list of installed packages (both native and external), as well as changes to configuration files (/etc/). Since the system configuration is described as shell scripts, it is trivially extensible.

More information on the GitHub project page:
https://github.com/CyberShadow/aconfmgr

AUR package:
https://aur.archlinux.org/packages/aconfmgr-git/

jeremejevs · 2018-10-04 20:13:32

This is a continuation of this discussion on GitHub.

> It sounds like in this case, the files were initially installed by pacman, then upgraded by npm?

Possible, but not sure how. Took a quick look, Nativefier itself never invokes npm, nor does Whatsapp's PKGBUILD.

> npm and 777

I agree with everything you say, but this is a bit in the impractical "fixing the world" territory. The main reason I'm not on NixOS is to save time, since almost everything imaginable is already packaged by somebody in Arch, and then tested by an order of magnitude more people. Maintaining a little collection of better PKGBUILDs is exactly what NixOS feels like as a desktop OS, and exactly what I prefer not to invest time into. Hope this makes sense.

> I think it's worth reporting this

The app which depends on node-nativefier - whatsapp-web-desktop - already has a four months old comment in it, with a PKGBUILD which doesn't even need a globally-installed Nativefier, with no reactions.

> /var/log/journal

Nothing out of the ordinary reported by paccheck or pacman -Qo. I'll be reinstalling very soon, will see if the permissions remain out-of-sync.

> tmpfiles

I see, TIL! Indeed, would be nice to have automatic handling of this.

> a medium for open-ended discussion

Trying out the forums. One post in, and I'm already missing GFM and page-reload-less previews, haha (no Ctrl + Z). But does get the job done. I personally wouldn't mind Reddit either. But maybe not worth it, not a very hot topic.

CyberShadow · 2018-10-04 20:32:00

jeremejevs wrote:

Possible, but not sure how. Took a quick look, Nativefier itself never invokes npm, nor does Whatsapp's PKGBUILD.

Hmm. I don't know then. If the app itself was ever invoked as root, maybe node itself changed the permissions of the files it loaded? I don't know much about the ecosystem, so I can only guess.

jeremejevs wrote:

I agree with everything you say, but this is a bit in the impractical "fixing the world" territory. The main reason I'm not on NixOS is to save time, since almost everything imaginable is already packaged by somebody in Arch, and then tested by an order of magnitude more people. Maintaining a little collection of better PKGBUILDs is exactly what NixOS feels like as a desktop OS, and exactly what I prefer not to invest time into. Hope this makes sense.

Sure. Though, identifying such issues with running systems is one of the emergent goals of aconfmgr. Then, it's up to the machine's owner how much they want to turn the dial between "not my problem" and "let's fix the world". For the former case, I believe you already found a workaround (either ignore the whole directory, or just fix the filesystem to conform to the packaged files' state).

jeremejevs wrote:

The app which depends on node-nativefier - whatsapp-web-desktop - already has a four months old comment in it, with a PKGBUILD which doesn't even need a globally-installed Nativefier, with no reactions.

I wish I could send pull requests to AUR packages.

jeremejevs wrote:

Trying out the forums. One post in, and I'm already missing GFM and page-reload-less previews, haha (no Ctrl + Z). But does get the job done. I personally wouldn't mind Reddit either. But maybe not worth it, not a very hot topic.

Hopefully bumping this topic won't run afoul of the necroposting rules. Though, the disproportionate difference between the number of initial responses posted here vs. the Reddit thread is pretty strange.

As for an IgnorePermissionsPath command, I think we need to determine some well-defined, practical use cases where we know that such a helper is definitely the best solution. The issue's original comment described one such situation (FAT32 filesystems), however "ignoring" permissions doesn't entirely fit the problem: it would be slightly more correct to say that we expect that the permissions on the FAT32 drive to be 777. In that case, we can achieve the goal with a helper which modifies the expected system state programmatically, without modifying aconfmgr's comparison logic.

Can we extract similar well-defined use cases from the problems you've encountered?

jeremejevs · 2018-10-04 21:17:18

CyberShadow wrote:

If the app itself was ever invoked as root, maybe node itself changed the permissions of the files it loaded?

Node definitely wouldn't do that by itself. Maybe Nativefier would? Hard to say for sure, it's a big project, but doubtful, too. I have switched from pacaur to yay at one point, maybe that somehow has caused the discrepancy?

CyberShadow wrote:

Though, identifying such issues with running systems is one of the emergent goals of aconfmgr.

Agreed, there should be no "sane default ignores".

CyberShadow wrote:

I wish I could send pull requests to AUR packages.

In this case, it would probably go stale for the same amount of months. Though it would improve ergonomics a lot, indeed.

CyberShadow wrote:

Hopefully bumping this topic won't run afoul of the necroposting rules.

There are a few 2009 topics on the first page of this section right now, I think we're safe :D

Responded about ignoring back in the issue.

Last edited by jeremejevs (2018-10-04 21:17:42)

jasonwryan · 2018-10-04 21:23:07

jeremejevs wrote:

CyberShadow wrote:
Hopefully bumping this topic won't run afoul of the necroposting rules.
There are a few 2009 topics on the first page of this section right now, I think we're safe

This board is different insofar as the threads are the responsibility of the OP; as long as they are willing to respond, then it is all good.

eschwartz · 2018-10-04 23:51:51

That npm package is incredibly gross, for example downloading a source=() tarball but then telling npm to install from the npm registry rather than the just-downloaded tarball...

More importantly, it fails the https://wiki.archlinux.org/index.php/No … guidelines which explicitly include

    # Non-deterministic race in npm gives 777 permissions to random directories.
    # See https://github.com/npm/npm/issues/9359 for details.
    find "${pkgdir}"/usr -type d -exec chmod 755 {} +

It isn't specific to this package -- anything that is installed using npm, would suffer the same problem.

Dieter@be · 2021-11-21 23:08:10

Fantastic piece of software! Why is no one talking about how good this is?

I love how it can take my arch system, which has been accumulating cruft for the better part of a decade, distill it into a highlevel representation (after adding some ignore rules after the initial run), which I can then modify/organize/clean up and apply again.

this is great for many things:
* keeping a _documented_ list of packages I want, where i can make my own notes about why i have certain packages, facilitating cleanup later on
* seeing where I have made a mess in the filesystem or any changes i've applied to /etc or other files where i could instead revert to the standard files that come in a package
* keeping an eye on system stuff that gets installed (for example i just noticed after a system update that a new systemd service was added to run an ssh-agent for gnome).

This is also a much smoother workflow than trying to use, say, ansible, where you need to construct all the manifests by hand.
I can see how this could also be used to clone systems, but i only use 1 machine. if this one dies, i will build a new machine and restore a full backup (which includes all directories that I ignore in aconfmgr, such as /home etc)

Last edited by Dieter@be (2021-11-21 23:09:02)

Arch Linux

#1 2016-09-16 07:44:29

aconfmgr - A configuration manager for Arch Linux

#2 2018-10-04 20:13:32

Re: aconfmgr - A configuration manager for Arch Linux

#3 2018-10-04 20:32:00

Re: aconfmgr - A configuration manager for Arch Linux

#4 2018-10-04 21:17:18

Re: aconfmgr - A configuration manager for Arch Linux

#5 2018-10-04 21:23:07

Re: aconfmgr - A configuration manager for Arch Linux

#6 2018-10-04 23:51:51

Re: aconfmgr - A configuration manager for Arch Linux

#7 2021-11-21 23:08:10

Re: aconfmgr - A configuration manager for Arch Linux

Board footer