发布.git目录进行调试是否安全？ [英] Is it secure to publish my .git directory for debugging?

问题描述

我有一个与git相关的问题（我的Web服务器上的git pull失败），为了进一步描述我的问题，我认为可能是同时提供我的 .git 目录是一个好主意，以便git怪胎可以查看内部并找出可能是什么问题。

I have a git related question (git pull fails on my webserver) and to further describe my problem I thought it could be a good idea to offer also my .git directory so that git geeks could look inside and figure out what could be the problem.

是否公开一个 .git 文件夹是一个好主意，或者这样做时要注意什么，或者应该为git提供哪种转储消息？调试git错误？

Is it a good idea to make public a .git folder OR what to look out for when doing so OR what kind of dump message from git should be offered for debugging git errors?

推荐答案

安全性

公开 .git 目录就像将您的仓库公开。如果您的存储库中没有敏感信息（写在钩子或远程路径上的密钥包含机密，带有纯文本密码的文件），则可以共享。

Security

Making public the .git directory is just like make public your repo. If there's no sensitive information in your repo (keys written to hooks or remote-paths what contains secrets, files with plain-text passwords) then it is ok to share.

Git嵌入了相当完整的跟踪集，您可以可以用来调试git问题。

Git has a fairly complete set of traces embedded which you can use to debug your git problems.

要打开它们，可以定义以下变量：

To turn them on, you can define the following variables:

• GIT_TRACE 用于常规跟踪，


• GIT_TRACE_PACK_ACCESS


• GIT_TRACE_PACKET 用于跟踪包文件访问，


• GIT_TRACE_PERFORMANCE 用于记录性能数据，


• GIT_TRACE_SETUP 有关发现信息的信息那里与其交互的存储库和环境，


• GIT_MERGE_VERBOSITY 用于调试递归合并策略（值：0-5），


• GIT_CURL_VERBOSE 用于记录所有curl消息（相当于 curl -v ），


• GIT_TRACE_SHALLOW 用于调试浅层存储库的获取/克隆。

• GIT_TRACE for general traces,
• GIT_TRACE_PACK_ACCESS for tracing of packfile access,
• GIT_TRACE_PACKET for packet-level tracing for network operations,
• GIT_TRACE_PERFORMANCE for logging the performance data,
• GIT_TRACE_SETUP for information about discovering the repository and environment it’s interacting with,
• GIT_MERGE_VERBOSITY for debugging recursive merge strategy (values: 0-5),
• GIT_CURL_VERBOSE for logging all curl messages (equivalent to curl -v),
• GIT_TRACE_SHALLOW for debugging fetching/cloning of shallow repositories.

可能的值包括：

• true ， 1 或 2 写入stderr，


• 以 / 以将输出跟踪到指定文件。

• true, 1 or 2 to write to stderr,
• an absolute path starting with / to trace output to the specified file.

有关更多详细信息，请参见： Git内部-环境变量

For more details, see: Git Internals - Environment Variables

对于SSH问题，请尝试以下命令：

For SSH issues, try the following commands:

echo 'ssh -vvv $*' > ssh && chmod +x ssh
GIT_SSH="$PWD/ssh" git pull origin master

或使用 ssh 来验证您的凭据，例如

or use ssh to validate your credentials, e.g.

ssh -vvvT git@github.com

或通过HTTPS端口：

or over HTTPS port:

ssh -vvvT -p 443 git@ssh.github.com

^{注意：减少 -v 的数量以降低详细程度。}

^{Note: Reduce number of -v to reduce the verbosity level.}

$ GIT_TRACE=1 git status
20:11:39.565701 git.c:350               trace: built-in: git 'status'

$ GIT_TRACE_PERFORMANCE=$PWD/gc.log git gc
Counting objects: 143760, done.
...
$ head gc.log 
20:12:37.214410 trace.c:420             performance: 0.090286000 s: git command: 'git' 'pack-refs' '--all' '--prune'
20:12:37.378101 trace.c:420             performance: 0.156971000 s: git command: 'git' 'reflog' 'expire' '--all'
...

$ GIT_TRACE_PACKET=true git pull origin master
20:16:53.062183 pkt-line.c:80           packet:        fetch< 93eb028c6b2f8b1d694d1173a4ddf32b48e371ce HEAD\0multi_ack thin-pack side-band side-band-64k ofs-delta shallow no-progress include-tag multi_ack_detailed symref=HEAD:refs/heads/master agent=git/2:2.6.5~update-ref-initial-update-1494-g76b680d
...

这篇关于发布.git目录进行调试是否安全？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！