如何在Git中将已提交的文件标记为只读？ [英] How can I mark a committed file as read-only in Git?

问题描述

我有一个被检入Git的文件。该文件需要保存一个API密钥，但我不希望将API密钥提交给Git出于安全原因。而不是API密钥，我解释了如何为每个开发人员生成API密钥。

我不希望任何开发人员意外提交其API键和覆盖基本文件。

我有：

• 到 .gitignore 文件，但是，由于它已经被提交，所以这没有任何作用。
  
• 运行命令 git update-index --assume-unchanged myFile.js


• 将该命令添加到解释文件中，以通知其他开发者他们也应该运行这个命令。
  
  
  

  然而，我只是搬到我的笔记本电脑上，忘记运行命令，并意外地提交了一个关于回购的密钥。我正在寻找更安全的方法。实质上，我想将一个初始版本的文件提交给GitHub，然后不允许对该文件进行修改。

  
  
  

  这可能吗？

  
  
  

  作为参考，该文件看起来像这样：

    define（function（）{
   //这里使用的是简单API访问API密钥
   //请注意，为了安全起见，我特别从GitHub中省略了此密钥
   //可以自由生成以便使用YouTube的API：https：//code.google.com/apis/console/ 
   //一个有效的键看起来像这样：
   //浏览器应用程序的键（带引用器）
   // API密钥：------------------------------- 
   //引用者：允许任何引用者
   / /激活时间：2014年4月6日下午2点46分
   //启动方式：------------  -  you 
   //注意：请不要对此做出任何更改文件一次下载CommandS：
   //  - 禁用跟踪：git update-index --assume-unchanged src / js / backgrou nd / key / youTubeAPI.js
   //  - 启用跟踪：git update-index --no-assume-unchanged src / js / background / key / youTubeAPI.js
   var key =' API_KEY_MISSING; 
   
   if（key ==='API_KEY_MISSING'）{
   console.error（'YouTube API key is not present。'）; 
  } 
   
   return key; 
  }）; 
    

  
  

  解决方案

  一种可能的方法是安装一些服务器端钩子（例如<$
  $ b

  
  
  1. 在推送的引用中，检查blob的散列值在code> update 中）问题仍然相同，并且
     
  2. 拒绝任何包含引用的推送，其中所讨论的blob的散列值发生变化。
     

  当然，这样的服务器端钩子不会阻止贡献者创建包含不同版本文件的提交（本地，在他们的机器上）。然而，在看到他们的一些推动被拒绝后，他们肯定会吸取教训。 ：p

  
  

  I have a file which is checked into Git. The file needs to hold an API key, but I do not wish to commit the API key to Git for security reasons. Instead of an API key, I put an explanation of how to generate an API key for each developer to use.

  I don't want any developer to accidentally commit their API key and overwrite the basic file.

  I have:

  • Added the file to the .gitignore file, but, since it is already committed, this does not do anything.
  • Ran the command git update-index --assume-unchanged myFile.js
  • Added the command to the explanation file to inform other developers that they should also run this command.

  However, I just moved to my laptop, forgot to run the command, and accidentally committed a key to the repo. I'm looking for a more fail-safe method. In essence, I want to commit an initial version of the file to GitHub and then disallow modifications of that file.

  Is this possible?

  For reference, the file looks something like:

  define(function () {
      //  The Simple API Access API key is used here.
      //  Please note that I've specifically omitted this key from GitHub for security. 
      //  Feel free to generate your own in order to use YouTube's API: https://code.google.com/apis/console/
      //  A valid key will look something like:
      //  Key for browser apps (with referers)
      //  API key: -------------------------------
      //  Referers: Any referer allowed
      //  Activated on:   Apr 6, 2014 2:46 PM
      //  Activated by:   ------------ – you
      //  NOTE: Please do not commit changes to this file once downloaded. CommandS:
      //  - Disable tracking: "git update-index --assume-unchanged src/js/background/key/youTubeAPI.js"
      //  - Enable tracking: "git update-index --no-assume-unchanged src/js/background/key/youTubeAPI.js"
      var key = 'API_KEY_MISSING';
  
      if (key === 'API_KEY_MISSING') {
          console.error('YouTube API key is not present.');
      }
  
      return key;
  });
  

  解决方案

  One possible approach would be to install some server-side hook (e.g. update) that would

  1. check, in pushed references, that the hash of the blob in question remains the same, and
  2. reject any push that contains references in which the hash of the blob in question changes.

  Of course, such a server-side hook would not stop contributors from creating commits (locally, on their machines) that contain a different version of the file. However, after seeing a few of their pushes rejected, they would surely learn the lesson. :p

  这篇关于如何在Git中将已提交的文件标记为只读？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！