使用BFG回购清洁剂后检查GIT回购 [英] Inspect git repo after using BFG repo-cleaner
问题描述
我将一些泄密信息上传到Github,并使用bfg清理回购站。我遵循文档并执行以下操作:
$ p $ git clone --mirror git://example.com/some- big-repo.git
$ bfg --replace-text passwords.txt my-repo.git
我收到以下输出:
找到233个对象来保护
找到9个提交指向引用:HEAD ,refs / heads / experimental,refs / heads / master,...
受保护的提交
-----------------
这些是你的保护提交,所以它们的内容不会被改变:
* commit 497fc1c8(受'HEAD'保护)
清理
--------
发现80次提交
清理提交:100%(80/80)
清理提交在301毫秒内完成。
BFG中止:没有引用更新 - 没有发现脏提交?
我想查看私密信息是否已从我的回购库中清除,但我不确定如何检查镜像回购中的文件。任何想法?
快速检查密码是否仍在您的历史记录中的方法可能是使用'git pickaxe' ,也就是 -S 选项。这是一个检查字符串 password1 的例子:
git log - Spassword1
但是,从您的问题中显示的输出中,它看起来像BFG找不到任何的条目来自你的仓库中的 passwords.txt (提示messsage '没有发现脏提交吗?',你在结尾处看到输出),如果你确定它们在那里,这有点奇怪。这是您第一次在回购中运行BFG吗?也许这是第二次,BFG已经删除了密码?
passwords.txt 文件给BFG应该有一行密码,即:
pre $ changeme
password1
password2
默认情况下,BFG仅查看1MB以下的文本文件。您的密码是否可能是二进制文件,或大于1MB?
更新:要查看repo中更改的内容,清理,你也可以尝试Eric S. Raymond的 repodiffer (他的 reposurgeon 项目): http:// www。 catb.org/~esr/reposurgeon/repodiffer.html - 你这样使用它:
$ repodiffer old -repo-copy.git new-repo-copy.git
该脚本可能需要一段时间才能运行,但它会准确地告诉你这两个回购协议之间的变化。
完全披露:我是BFG Repo-Cleaner的作者。 em>
Very basic git question:
I uploaded some compromising information to Github and am using bfg to clean the repo. I followed the documentation and performed the following actions:
$ git clone --mirror git://example.com/some-big-repo.git
$ bfg --replace-text passwords.txt my-repo.git
I received the following output:
Found 233 objects to protect
Found 9 commit-pointing refs : HEAD, refs/heads/experimental, refs/heads/master, ...
Protected commits
-----------------
These are your protected commits, and so their contents will NOT be altered:
* commit 497fc1c8 (protected by 'HEAD')
Cleaning
--------
Found 80 commits
Cleaning commits: 100% (80/80)
Cleaning commits completed in 301 ms.
BFG aborting: No refs to update - no dirty commits found??
I'd like to see if the private information was cleared from my repo but I'm not sure how to check the files in the mirrored repo. Any ideas?
A quick way to check if a password is still in your history might be to use the 'git pickaxe', aka the -S option. Here's an example that checks for the string password1:
git log -Spassword1
However, from the output shown in your question, it looks like The BFG couldn't find any of the entries from passwords.txt in your repo (prompting the messsage 'no dirty commits found??' which you see at the end of the output), which is a bit strange if you're sure they're in there. Was this the first time you'd run the BFG on the repo? Perhaps it was the second time, and The BFG had already removed the passwords?
The passwords.txt file you give to The BFG should have one password per line, ie:
changeme
password1
password2
The BFG only looks at text files under 1MB by default. Are your passwords in some file that might appear to be binary, or bigger than 1MB?
Update: For seeing what's changed in a repo-clean-up, you could also try Eric S. Raymond's repodiffer (part of his reposurgeon project): http://www.catb.org/~esr/reposurgeon/repodiffer.html - you use it like this:
$ repodiffer old-repo-copy.git new-repo-copy.git
The script may take a while to run, but it will tell you precisely what has changed between those two repos.
Full disclosure: I'm the author of the BFG Repo-Cleaner.
这篇关于使用BFG回购清洁剂后检查GIT回购的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
