One of my co-workers checked in a some files in SVN and one of the files has a password in it. The password has been removed from the file and a new version checked in but the password is obviously still in the repository if we look at the revision history and go to that revision. (We're using TortoiseSVN as the client.)
So how do I securely delete that single file from the repository in SVN?
-
I'm not sure. You could always create a new file and copy the latest revision into that, wiping out prior revision history.
From Bernard -
Maybe you should change your production password to avoid the svn problem altogether.
From Mike Thompson -
link to subversion FAQ entry on this
From Jason Baker -
it isn't pretty : How do I completely remove a file from the repository's history?
From Adam -
@Jason, Adam:
O_o;;I think I prefer my stupid-brute force solution. Wow.
From Bernard -
@Bernard - How would you do that? If I deleted the file from SVN and then loaded a new file in there would the revision history be removed? That would work at this stage if that's the case.
From Guy -
That seemed to work. So what I did was:
- Copy the file to another folder.
- Do a TortoiseSVN delete from the current folder followed by a commit.
- Copy the file back in to the folder.
- Add the file using TortoiseSVN and commit again.
I can't seem to find any revision history now - however, it could just be that I'm not looking in the right place.
So a modified question would now be, how can I find the revision history of the file that was deleted and then resubmitted to SVN?
(BTW I apologize for not asking the question more accurately earlier as I never mentioned that one of the options was to obliterate all revision history as it hadn't occurred to me.)
Greg Domjan : The procedure you have outlines will break the links so that viewing the current HEAD file and it;s history won't easily show you the original checking. However if you set the revision back to the version before you did the delete you will be able to see it again.From Guy -
I can't seem to find any revision history now - however, it could just be that I'm not looking in the right place.
You can see it by looking at the folder history, which will give you the revision where the file was still there, and thus you'll be able to recover the confidential file. So it's a bad solution.
From Damien B -
@Damien:
You are correct. I hadn't thought of that.From Bernard -
If it's the last revision (HEAD) you can (BACKING UP your repo beforehand) delete that revision's files in
db\revs
anddb\revprops
and then run the following python script to fix what revision you repo thinks HEAD is.e.g. if head is 522 and the password was commited in 520, you'd have to delete revisions 520,521 and 522.
(This script shouldn't be necessary once SVN obliterate is implemented)
(I didn't write this script, I got it from here)
#!/usr/bin/python def dec_to_36(dec): key = '0123456789abcdefghijklmnopqrstuvwxyz' result = '' while 1: div = dec / 36 mod = dec % 36 dec = div result = key[mod] + result if dec == 0: break return result import os, re, sys repo_path = sys.argv[1] rev_path = os.path.join(repo_path, 'db', 'revs') current_path = os.path.join(repo_path, 'db', 'current') id_re = re.compile(r'^id:\ ([a-z0-9]+)\.([a-z0-9]+)\.r([0-9]+).*') max_node_id = 0 max_copy_id = 0 max_rev_id = 0 for rev in os.listdir(rev_path): f = open(os.path.join(rev_path, rev), 'r') for line in f: m = id_re.match(line) if m: node_id = int(m.group(1), 36) copy_id = int(m.group(2), 36) rev_id = int(m.group(3), 10) if copy_id > max_copy_id: max_copy_id = copy_id if node_id > max_node_id: max_node_id = node_id if rev_id > max_rev_id: max_rev_id = rev_id f = open(current_path, 'w+b') f.write("%d %s %s\n" % (max_rev_id, dec_to_36(max_node_id+1), dec_to_36(max_copy_id+1))) f.close()
Greg Domjan : script seems to work, takes a long time to run over every revision when you get into 10's of thousands of revisions. I wonder how safe it would be to shortcut and use just the last 20 revisions say.From Sam Hasler -
your password is still there (svn cat file@2342 where 2342 is a revision the file was still there).
you can ''svnadmin dump'' you repos to a file, search and replace you password with "ultrasecret', ''svnadmin create'' a new repos and ''svnadmin load'' the modified dump into that new repos. be aware of binary data in your dump, so use a proper editor/sed.
0 comments:
Post a Comment