3

has anyone tried versioning your all the files of operating system, ie git init at root directory ? is that possible? I want to see which file is being changed by which action, but i am guessing it would be very tricky to do so with the usual git

Comments
  • 4
    It would be very inefficient and dangerous, as many parts of an OS - e.g. devices / symlinks - are files that shouldn't be touched.

    Some OSes implement this by utilizing file system techniques, e.g. making the OS "immutable" by utilizing snapshots. when something goes wrong, revert to previous snapshot.
  • 3
    To what end would that be beneficial?

    The amount of useless junk files would far exceed the use of .git on its own.
  • 1
    I guess git/your machine would collapse if you would do that. I mean, remove node_modules from your git ignore and see what happens :D you could write a script which collects meta data of all your files on your machine, store that shit in a db and implement kind of a diff mechanism in your program.
  • 4
    Boot a VM and try it out.
  • 0
    interesting
  • 1
    Git doesn't do well with binary files
  • 1
    A source based distro like Funtoo can sync using git, your dotfiles, docs etc can too.
    But that's about it.
    bins & artifacts are a hazzle through git. I'm not sure about git-lfs.
  • 0
    I think it would be easier to make a change watcher script that wrote a log output every time files that match a criteria changed. Then you can get a list of all of the changes and maybe drill down into the ones that are of interest.

    Or if you did make git do it it would need a comprehensive .gitignore file.
  • 0
    lol, i tried it, the git started and tried to access some folders and gave some permission denied error on most directoroes but still kept going . i force stopped it , deleted .git manually and then commended git init with a sudo.
    it stll gave permission denied for a lot of folders aand kept on going for 30 mins. i just stopped it . i will try with a vm , as @Makenshi suggested sometime this weekend

    @IntrusionCM @C0D4 i have an additional question. to what end is an os like mac or linux "hackable"? i mean there should be atleast some directory with code for bootloaders and the os itself, which could only be only accessed via a particular command triggered by a particular system flows like installation etc, right? otherwise a s/w running on OS manipulating the OS sequences itself seems kinda weird/impossible, no?
  • 0
    @prodigy214
    root can write all files¹. Programs for operating system updates are not different from any other program. Why should you limit the user?

    The bootloader and kernel (image and modules) may require a digital signature on systems with secure boot enabled. Usually one can add custom keys for e.g. for custom kernel modules.
    That said everything in user space is not protected by secure boot.

    How boot security of Linux works and what its shortcomings are is described here (note: the author is commonly criticised for his software "systemd"): https://0pointer.net/blog/...

    ¹: While there is this thing called SELinux that can restrict even root, by default a user opening a root shell with su/sudo will still get an unconstrained root shell. Oh and SELinux is usually not enabled/enforced.
  • 0
    @prodigy214 Linux had it's fair share of rootkits and other things, mac too.

    The important thing about security is that you should never assume that the security is safe / impenetrable.

    That said, you have in Linux a wide range of tools to lock down the kernel (ie baking hardened kernel, panic, module checksumming, security frameworks, ....), audit and react (e.g. audit) and a lot of other stuff that could increase security.

    It's your choice how far you go.

    But GIT ing isn't a good idea still :) You could look at audit maybe as @irene pointed out.
Add Comment