堆栈内存溢出
  简体   繁体   English

如何从GitHub完全删除敏感提交?

[英]How to completely remove sensitive commits from GitHub?

 原文  2018-08-04 14:34:05       git/ security/ privacy

问题描述

A few days ago I read article about Github's privacy basics and it says commiters' email are visible via simple Github API request. 几天前,我读了一篇有关Github隐私基础的文章,文章说提交者的电子邮件可以通过简单的Github API请求看到。

I set email alias, but I want to changed email for past commits. 我设置了电子邮件别名,但是我想更改过去提交的电子邮件。 Tried with this site and this alias for .gitconfig 尝试使用站点和.gitconfig的别名 

change-commits = "!f() { VAR1=$1; VAR='$'$1; OLD=$2; NEW=$3; 
  echo \"Are you sure for replace $VAR $OLD => $NEW ?(Y/N)\";
  read OK;
  if [ \"$OK\" = 'Y' ] ; 
  then shift 3; 
  git filter-branch --env-filter \"if [ \\\"${VAR}\\\" = '$OLD' ]; 
  then export $VAR1='$NEW';echo 'to $NEW'; fi\" $@; fi;};f "

After that steps when I'll type git log and every commit has new mail, but after API call https://api.github.com/users/(usuername)/events/public I see both old and new email 之后,当我输入git log并且每次提交都有新邮件时,但是在API调用https://api.github.com/users/(usuername)/events/public之后,我会看到新旧电子邮件

2 个解决方案

解决方案1
 3  2018-08-04 18:30:50

As commented , you cannot really "change" a commit, only create a new one with the same or similar data. 如前所述 ,您不能真正“更改”提交,只能使用相同或相似的数据创建一个新的提交。 So when you do a git filter-branch , git rebase or any other form of amend , you are still creating new commits . 因此,当您执行git filter-branchgit rebase或任何其他形式的amend时 ,您仍在创建新的commit

And when running git push -f , the only difference is that the remote branch reference is force-updated ; 并且在运行git push -f ,唯一的区别是远程分支引用是强制更新的 it still sends new commits and what is to be done with the old commits (if anything) is up to the remote repository. 它仍然会发送新的提交,而旧的提交(如果有的话)要做什么由远程存储库决定。

In the case of GitHub , it does not immediatelly remove those old commits from the repository when you do a forced push . 对于GitHub ,当您执行强制推送时,它不会立即从存储库中删除那些旧提交。

From the official GitHub Help : 来自GitHub官方帮助

Warning: Once you have pushed a commit to GitHub, you should consider any data it contains to be compromised. 警告:将提交推送到GitHub后,您应该考虑其中包含的所有数据都将被泄露。 If you committed a password, change it! 如果您输入了密码,请更改它! If you committed a key, generate a new one. 如果提交了密钥,请生成一个新密钥。

This article tells you how to make commits with sensitive data unreachable from any branches or tags in your GitHub repository. 本文告诉您如何通过GitHub存储库中的任何分支或标签使敏感数据的提交不可访问。 However, it's important to note that those commits may still be accessible in any clones or forks of your repository, directly via their SHA-1 hashes in cached views on GitHub, and through any pull requests that reference them. 但是,请务必注意,仍可以直接通过GitHub上缓存视图中的SHA-1散列并通过引用它们的任何拉取请求,在存储库的任何克隆或分支中仍可访问这些提交。 You can't do anything about existing clones or forks of your repository, but you can permanently remove all of your repository's cached views and pull requests on GitHub by contacting GitHub Support. 您无法对存储库的现有克隆或分支进行任何操作,但可以通过联系GitHub支持永久删除存储库的所有缓存视图并在GitHub上提取请求。

So, to make the old commits stop appearing in the API in a reasonable time-frame, the only options are: 因此,要使旧的提交在合理的时间范围内停止出现在API中,唯一的选择是:

Warning : While the former option is faster , it will also delete the wiki , issues and comments . 警告 :虽然前一个选项速度更快 ,但也会删除 Wiki问题评论

Note : There is a more comprehensive explanation of the implications of dangling commits here: 注意 :这里有关于悬挂提交的含义的更全面的解释:

https://stackoverflow.com/a/32840254/10095231 https://stackoverflow.com/a/32840254/10095231

解决方案2
 1  2018-08-05 22:23:16

I would use git bfg for this. 我会为此使用git bfg。

Works really well and is easy to use as well. 效果很好,并且易于使用。 It will completely remove what you need removed from the git history. 它将完全删除您需要从git历史记录中删除的内容。

Git BFG Docs Git BFG文件

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何从 Gitlab 中完全删除旧提交? - How to completely remove old commits from Gitlab? 如何从 Github 中删除用户敏感数据 - How to remove user sensitive data from Github 如何从我的Github提交中删除表情符号? - How to remove emojis from my Github commits? 如何从Git仓库中完全删除不需要的分支和提交 - How to completely remove unwanted branches and commits from Git repo 如何从git存储库中完全删除/销毁提交? - How can I completely remove/destroy commits from a git repository? 从 Git 历史记录中删除敏感文件及其提交 - Remove sensitive files and their commits from Git history 从git消息中完全删除敏感信息 - Completely remove sensitive information from a git message 从历史中完全删除(旧)git提交 - Completely remove (old) git commits from history 如何从 github 历史记录中的文件中删除敏感数据 - How to remove sensitive data from a file in github history 如何从github存储库的特定子目录中删除旧的提交历史记录? - how to remove the old commits history from a specific subdirectory of a github repo?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM