Quali dati personali identificativi fa la linea di comando Git send?

3

Quali dati identificativi (come il nome host) eseguono la riga di comando Git send quando:

  • clonazione
  • commettere / spingendo

Mi aspetto che i dati di git config (email e nome completo specificati) vengano inviati al momento del commit / push. Git invia qualsiasi altra cosa e / o quando clonazione ?

    
posta Samuel Shifterovich 16.10.2016 - 19:49
fonte

1 risposta

4

Questo è davvero facile da provare. GIT usa CURL per le operazioni clone e push / pull, e usa una variabile d'ambiente che ci dirà tutto ciò che sta facendo, quindi prima facciamo:

export GIT_TRACE_CURL=1

(Questo è il modo * nix di farlo, ma funziona anche nella shell git che appare anche su Windows)

L'unico problema con questa configurazione è che praticamente tutti i repository git pubblici gratuiti (github, bitbucket, gitlab) richiedono l'uso di HTTPS, il che è un po 'difficile da eseguire il debug. Per evitare un proxy aggiuntivo ho semplicemente creato il mio server git su localhost (che non è affatto difficile, anche la documentazione ufficiale di git ha esempi di come farlo ).

git clone

Ho clonato un repository che chiamo rc e ho ottenuto il seguente output (grazie alla variabile esportata sopra):

git clone http://localhost/git/rc > log 2>&1

Il contenuto del registro è:

Cloning into 'rc'...
21:30:48.175889 http.c:558              == Info: Couldn't find host localhost in the .netrc file; using defaults
21:30:48.177516 http.c:558              == Info:   Trying ::1...
21:30:48.177542 http.c:558              == Info: TCP_NODELAY set
21:30:48.177698 http.c:558              == Info: connect to ::1 port 80 failed: Connection refused
21:30:48.177722 http.c:558              == Info:   Trying 127.0.0.1...
21:30:48.177732 http.c:558              == Info: TCP_NODELAY set
21:30:48.178015 http.c:558              == Info: Connected to localhost (127.0.0.1) port 80 (#0)
21:30:48.178266 http.c:505              => Send header, 0000000186 bytes (0x000000ba)
21:30:48.178316 http.c:517              => Send header: GET /git/rc/info/refs?service=git-upload-pack HTTP/1.1
21:30:48.178327 http.c:517              => Send header: Host: localhost
21:30:48.178335 http.c:517              => Send header: User-Agent: git/2.10.0
21:30:48.178342 http.c:517              => Send header: Accept: */*
21:30:48.178349 http.c:517              => Send header: Accept-Encoding: gzip
21:30:48.178356 http.c:517              => Send header: Accept-Language: en-GB, *;q=0.9
21:30:48.178364 http.c:517              => Send header: Pragma: no-cache
21:30:48.178371 http.c:517              => Send header:
21:30:48.196881 http.c:505              <= Recv header, 0000000017 bytes (0x00000011)
21:30:48.196914 http.c:517              <= Recv header: HTTP/1.1 200 OK
21:30:48.196928 http.c:505              <= Recv header, 0000000022 bytes (0x00000016)
21:30:48.196936 http.c:517              <= Recv header: Server: nginx/1.10.1
21:30:48.196946 http.c:505              <= Recv header, 0000000037 bytes (0x00000025)
21:30:48.196954 http.c:517              <= Recv header: Date: Sun, 16 Oct 2016 20:30:48 GMT
21:30:48.196964 http.c:505              <= Recv header, 0000000059 bytes (0x0000003b)
21:30:48.196972 http.c:517              <= Recv header: Content-Type: application/x-git-upload-pack-advertisement
21:30:48.196982 http.c:505              <= Recv header, 0000000028 bytes (0x0000001c)
21:30:48.196990 http.c:517              <= Recv header: Transfer-Encoding: chunked
21:30:48.197000 http.c:505              <= Recv header, 0000000024 bytes (0x00000018)
21:30:48.197008 http.c:517              <= Recv header: Connection: keep-alive
21:30:48.197016 http.c:505              <= Recv header, 0000000040 bytes (0x00000028)
21:30:48.197024 http.c:517              <= Recv header: Expires: Fri, 01 Jan 1980 00:00:00 GMT
21:30:48.197033 http.c:505              <= Recv header, 0000000018 bytes (0x00000012)
21:30:48.197041 http.c:517              <= Recv header: Pragma: no-cache
21:30:48.197050 http.c:505              <= Recv header, 0000000053 bytes (0x00000035)
21:30:48.197057 http.c:517              <= Recv header: Cache-Control: no-cache, max-age=0, must-revalidate
21:30:48.197067 http.c:505              <= Recv header, 0000000002 bytes (0x00000002)
21:30:48.197075 http.c:517              <= Recv header:
21:30:48.197085 http.c:531              <= Recv data, 0000000323 bytes (0x00000143)
21:30:48.197093 http.c:546              <= Recv data: 137..001e# service=git-upload-pack.000000d2af75078c1b6bb5ff6
21:30:48.197100 http.c:546              <= Recv data: 30e0acf2f9e94d934a025aa HEAD.multi_ack thin-pack side-band s
21:30:48.197108 http.c:546              <= Recv data: ide-band-64k ofs-delta shallow no-progress include-tag multi
21:30:48.197115 http.c:546              <= Recv data: _ack_detailed no-done symref=HEAD:refs/heads/master agent=gi
21:30:48.197123 http.c:546              <= Recv data: t/2.10.0.003faf75078c1b6bb5ff630e0acf2f9e94d934a025aa refs/h
21:30:48.197130 http.c:546              <= Recv data: eads/master.0000..0....
21:30:48.197166 http.c:558              == Info: Curl_http_done: called premature == 0
21:30:48.197182 http.c:558              == Info: Connection #0 to host localhost left intact
21:30:48.207536 http.c:558              == Info: Couldn't find host localhost in the .netrc file; using defaults
21:30:48.207600 http.c:558              == Info: Found bundle for host localhost: 0x1c7db00 [can pipeline]
21:30:48.207650 http.c:558              == Info: Re-using existing connection! (#0) with host localhost
21:30:48.207677 http.c:558              == Info: Connected to localhost (127.0.0.1) port 80 (#0)
21:30:48.216731 http.c:505              => Send header, 0000000225 bytes (0x000000e1)
21:30:48.216789 http.c:517              => Send header: POST /git/rc/git-upload-pack HTTP/1.1
21:30:48.216798 http.c:517              => Send header: Host: localhost
21:30:48.216805 http.c:517              => Send header: User-Agent: git/2.10.0
21:30:48.216813 http.c:517              => Send header: Accept-Encoding: gzip
21:30:48.216820 http.c:517              => Send header: Content-Type: application/x-git-upload-pack-request
21:30:48.216827 http.c:517              => Send header: Accept: application/x-git-upload-pack-result
21:30:48.216835 http.c:517              => Send header: Content-Length: 153
21:30:48.216841 http.c:517              => Send header:
21:30:48.216853 http.c:531              => Send data, 0000000153 bytes (0x00000099)
21:30:48.216861 http.c:546              => Send data: 008cwant af75078c1b6bb5ff630e0acf2f9e94d934a025aa multi_ack_
21:30:48.216868 http.c:546              => Send data: detailed no-done side-band-64k thin-pack no-progress ofs-del
21:30:48.216876 http.c:546              => Send data: ta agent=git/2.10.0.00000009done.
21:30:48.216899 http.c:558              == Info: upload completely sent off: 153 out of 153 bytes
21:30:48.235637 http.c:505              <= Recv header, 0000000017 bytes (0x00000011)
21:30:48.235702 http.c:517              <= Recv header: HTTP/1.1 200 OK
21:30:48.235719 http.c:505              <= Recv header, 0000000022 bytes (0x00000016)
21:30:48.235726 http.c:517              <= Recv header: Server: nginx/1.10.1
21:30:48.235736 http.c:505              <= Recv header, 0000000037 bytes (0x00000025)
21:30:48.235745 http.c:517              <= Recv header: Date: Sun, 16 Oct 2016 20:30:48 GMT
21:30:48.235755 http.c:505              <= Recv header, 0000000052 bytes (0x00000034)
21:30:48.235763 http.c:517              <= Recv header: Content-Type: application/x-git-upload-pack-result
21:30:48.235774 http.c:505              <= Recv header, 0000000028 bytes (0x0000001c)
21:30:48.235781 http.c:517              <= Recv header: Transfer-Encoding: chunked
21:30:48.235791 http.c:505              <= Recv header, 0000000024 bytes (0x00000018)
21:30:48.235799 http.c:517              <= Recv header: Connection: keep-alive
21:30:48.235808 http.c:505              <= Recv header, 0000000040 bytes (0x00000028)
21:30:48.235817 http.c:517              <= Recv header: Expires: Fri, 01 Jan 1980 00:00:00 GMT
21:30:48.235826 http.c:505              <= Recv header, 0000000018 bytes (0x00000012)
21:30:48.235833 http.c:517              <= Recv header: Pragma: no-cache
21:30:48.235843 http.c:505              <= Recv header, 0000000053 bytes (0x00000035)
21:30:48.235850 http.c:517              <= Recv header: Cache-Control: no-cache, max-age=0, must-revalidate
21:30:48.235861 http.c:505              <= Recv header, 0000000002 bytes (0x00000002)
21:30:48.235869 http.c:517              <= Recv header:
21:30:48.235879 http.c:531              <= Recv data, 0000008027 bytes (0x00001f5b)
21:30:48.235888 http.c:546              <= Recv data: 1f53..0008NAK.2004.PACK..........x...I..0...zE............#

#### And the rest is simply gzipped repo files

La parte interessante di tutto questo è che possiamo vedere che GIT sta eseguendo un HTTP GET e un HTTP POST per ottenere l'operazione clone:

GET /git/rc/info/refs?service=git-upload-pack HTTP/1.1
Host: localhost
User-Agent: git/2.10.0
Accept: */*
Accept-Encoding: gzip
Accept-Language: en-GB, *;q=0.9
Pragma: no-cache

POST /git/rc/git-upload-pack HTTP/1.1
Host: localhost
User-Agent: git/2.10.0
Accept-Encoding: gzip
Content-Type: application/x-git-upload-pack-request
Accept: application/x-git-upload-pack-result
Content-Length: 153

008cwant af75078c1b6bb5ff630e0acf2f9e94d934a025aa multi_ack_
detailed no-done side-band-64k thin-pack no-progress ofs-del
ta agent=git/2.10.0.00000009done.

Niente di particolarmente preoccupante qui. Quella stringa esadecimale deriva da ciò che GIT ha ottenuto nel corpo restituito da GET, e lo sono anche tutte le altre opzioni.

git commit

Bene, questa è un'operazione locale. Qui non viene trasferito nulla sulla rete.

Tuttavia, l'operazione di commit, invia alcuni dati (oggetti GIT) nel repository (directory .git ) che viene sincronizzata con tutte le altre copie del repository con le operazioni push / pull. Vedi le note extra alla fine per alcuni file nel commit rilevanti per la divulgazione di informazioni.

git push

Qui le cose sono un po 'diverse. L'ho provato solo fino al punto in cui ho visto l'avvio del PUT (sul lato server) ma ci ha dato buone informazioni.

Ho modificato un file, l'ho aggiunto, impegnato e ora lo spingo indietro all'origine. Ho configurato use.name e user.email per assicurarmi che compaiano nei log (vedi sotto):

$ git config user.name grochmal
$ git config user.email [email protected]
$ git commit -m 'yay'
$ git push origin master > log2 2>&1
Username for 'http://localhost': grochmal
Password for 'http://grochmal@localhost':

Per GIT per consentirmi di passare da HTTP ho bisogno di configurare l'autenticazione di base sul server, poiché (per impostazione predefinita) consente solo un push se il server esegue l'autenticazione. Comunque, l'output:

21:53:54.779437 http.c:558              == Info: Couldn't find host localhost in the .netrc file; using defaults
21:53:54.781338 http.c:558              == Info:   Trying ::1...
21:53:54.781423 http.c:558              == Info: TCP_NODELAY set
21:53:54.781618 http.c:558              == Info: connect to ::1 port 80 failed: Connection refused
21:53:54.781643 http.c:558              == Info:   Trying 127.0.0.1...
21:53:54.781654 http.c:558              == Info: TCP_NODELAY set
21:53:54.781851 http.c:558              == Info: Connected to localhost (127.0.0.1) port 80 (#0)
21:53:54.781998 http.c:505              => Send header, 0000000187 bytes (0x000000bb)
21:53:54.782028 http.c:517              => Send header: GET /git/rc/info/refs?service=git-receive-pack HTTP/1.1
21:53:54.782038 http.c:517              => Send header: Host: localhost
21:53:54.782047 http.c:517              => Send header: User-Agent: git/2.10.0
21:53:54.782056 http.c:517              => Send header: Accept: */*
21:53:54.782065 http.c:517              => Send header: Accept-Encoding: gzip
21:53:54.782073 http.c:517              => Send header: Accept-Language: en-GB, *;q=0.9
21:53:54.782082 http.c:517              => Send header: Pragma: no-cache
21:53:54.782090 http.c:517              => Send header:
21:53:54.782555 http.c:505              <= Recv header, 0000000027 bytes (0x0000001b)
21:53:54.782569 http.c:517              <= Recv header: HTTP/1.1 401 Unauthorized
21:53:54.782586 http.c:505              <= Recv header, 0000000022 bytes (0x00000016)
21:53:54.782595 http.c:517              <= Recv header: Server: nginx/1.10.1
21:53:54.782605 http.c:505              <= Recv header, 0000000037 bytes (0x00000025)
21:53:54.782613 http.c:517              <= Recv header: Date: Sun, 16 Oct 2016 20:53:54 GMT
21:53:54.782623 http.c:505              <= Recv header, 0000000025 bytes (0x00000019)
21:53:54.782632 http.c:517              <= Recv header: Content-Type: text/html
21:53:54.782645 http.c:505              <= Recv header, 0000000021 bytes (0x00000015)
21:53:54.782654 http.c:517              <= Recv header: Content-Length: 195
21:53:54.782664 http.c:505              <= Recv header, 0000000024 bytes (0x00000018)
21:53:54.782673 http.c:517              <= Recv header: Connection: keep-alive
21:53:54.782685 http.c:505              <= Recv header, 0000000044 bytes (0x0000002c)
21:53:54.782693 http.c:517              <= Recv header: WWW-Authenticate: Basic realm="Restricted"
21:53:54.782704 http.c:505              <= Recv header, 0000000002 bytes (0x00000002)
21:53:54.782713 http.c:517              <= Recv header:
21:53:54.782723 http.c:531              <= Recv data, 0000000195 bytes (0x000000c3)
21:53:54.782732 http.c:546              <= Recv data: <html>..<head><title>401 Authorization Required</title></hea
21:53:54.782740 http.c:546              <= Recv data: d>..<body bgcolor="white">..<center><h1>401 Authorization Re
21:53:54.782748 http.c:546              <= Recv data: quired</h1></center>..<hr><center>nginx/1.10.1</center>..</b
21:53:54.782756 http.c:546              <= Recv data: ody>..</html>..
21:53:54.782778 http.c:558              == Info: Curl_http_done: called premature == 0
21:53:54.782848 http.c:558              == Info: Connection #0 to host localhost left intact
21:53:59.617614 http.c:558              == Info: Couldn't find host localhost in the .netrc file; using defaults
21:53:59.617755 http.c:558              == Info: Found bundle for host localhost: 0x136d680 [can pipeline]
21:53:59.617806 http.c:558              == Info: Hostname localhost was found in DNS cache
21:53:59.617870 http.c:558              == Info:   Trying ::1...
21:53:59.617894 http.c:558              == Info: TCP_NODELAY set
21:53:59.618064 http.c:558              == Info: connect to ::1 port 80 failed: Connection refused
21:53:59.618102 http.c:558              == Info:   Trying 127.0.0.1...
21:53:59.618122 http.c:558              == Info: TCP_NODELAY set
21:53:59.618332 http.c:558              == Info: Connected to localhost (127.0.0.1) port 80 (#1)
21:53:59.618453 http.c:505              => Send header, 0000000187 bytes (0x000000bb)
21:53:59.618559 http.c:517              => Send header: GET /git/rc/info/refs?service=git-receive-pack HTTP/1.1
21:53:59.618575 http.c:517              => Send header: Host: localhost
21:53:59.618591 http.c:517              => Send header: User-Agent: git/2.10.0
21:53:59.618607 http.c:517              => Send header: Accept: */*
21:53:59.618621 http.c:517              => Send header: Accept-Encoding: gzip
21:53:59.618637 http.c:517              => Send header: Accept-Language: en-GB, *;q=0.9
21:53:59.618652 http.c:517              => Send header: Pragma: no-cache
21:53:59.618667 http.c:517              => Send header:
21:53:59.618731 http.c:505              <= Recv header, 0000000027 bytes (0x0000001b)
21:53:59.618750 http.c:517              <= Recv header: HTTP/1.1 401 Unauthorized
21:53:59.618772 http.c:505              <= Recv header, 0000000022 bytes (0x00000016)
21:53:59.618788 http.c:517              <= Recv header: Server: nginx/1.10.1
21:53:59.618807 http.c:505              <= Recv header, 0000000037 bytes (0x00000025)
21:53:59.618822 http.c:517              <= Recv header: Date: Sun, 16 Oct 2016 20:53:59 GMT
21:53:59.618841 http.c:505              <= Recv header, 0000000025 bytes (0x00000019)
21:53:59.618857 http.c:517              <= Recv header: Content-Type: text/html
21:53:59.618876 http.c:505              <= Recv header, 0000000021 bytes (0x00000015)
21:53:59.618892 http.c:517              <= Recv header: Content-Length: 195
21:53:59.618912 http.c:505              <= Recv header, 0000000024 bytes (0x00000018)
21:53:59.618927 http.c:517              <= Recv header: Connection: keep-alive
21:53:59.618949 http.c:505              <= Recv header, 0000000044 bytes (0x0000002c)
21:53:59.618965 http.c:517              <= Recv header: WWW-Authenticate: Basic realm="Restricted"
21:53:59.618986 http.c:505              <= Recv header, 0000000002 bytes (0x00000002)
21:53:59.619001 http.c:517              <= Recv header:
21:53:59.619017 http.c:558              == Info: Ignoring the response-body
21:53:59.619037 http.c:531              <= Recv data, 0000000195 bytes (0x000000c3)
21:53:59.619052 http.c:546              <= Recv data: <html>..<head><title>401 Authorization Required</title></hea
21:53:59.619068 http.c:546              <= Recv data: d>..<body bgcolor="white">..<center><h1>401 Authorization Re
21:53:59.619083 http.c:546              <= Recv data: quired</h1></center>..<hr><center>nginx/1.10.1</center>..</b
21:53:59.619098 http.c:546              <= Recv data: ody>..</html>..
21:53:59.619127 http.c:558              == Info: Curl_http_done: called premature == 0
21:53:59.619150 http.c:558              == Info: Connection #1 to host localhost left intact
21:53:59.619178 http.c:558              == Info: Issue another request to this URL: 'http://localhost/git/rc/info/refs?service
=git-receive-pack'
21:53:59.619289 http.c:558              == Info: Couldn't find host localhost in the .netrc file; using defaults
21:53:59.619322 http.c:558              == Info: Found bundle for host localhost: 0x136d680 [can pipeline]
21:53:59.619351 http.c:558              == Info: Re-using existing connection! (#1) with host localhost
21:53:59.619387 http.c:558              == Info: Connected to localhost (127.0.0.1) port 80 (#1)
21:53:59.619426 http.c:558              == Info: Server auth using Basic with user 'grochmal'
21:53:59.619600 http.c:505              => Send header, 0000000226 bytes (0x000000e2)
21:53:59.619631 http.c:517              => Send header: GET /git/rc/info/refs?service=git-receive-pack HTTP/1.1
21:53:59.619646 http.c:517              => Send header: Host: localhost
21:53:59.619661 http.c:517              => Send header: Authorization: Basic <redacted>
21:53:59.619677 http.c:517              => Send header: User-Agent: git/2.10.0
21:53:59.619691 http.c:517              => Send header: Accept: */*
21:53:59.619706 http.c:517              => Send header: Accept-Encoding: gzip
21:53:59.619720 http.c:517              => Send header: Accept-Language: en-GB, *;q=0.9
21:53:59.619753 http.c:517              => Send header: Pragma: no-cache
21:53:59.619768 http.c:517              => Send header:
21:53:59.633633 http.c:505              <= Recv header, 0000000024 bytes (0x00000018)
21:53:59.633669 http.c:517              <= Recv header: HTTP/1.1 403 Forbidden
21:53:59.633683 http.c:505              <= Recv header, 0000000022 bytes (0x00000016)
21:53:59.633692 http.c:517              <= Recv header: Server: nginx/1.10.1
21:53:59.633702 http.c:505              <= Recv header, 0000000037 bytes (0x00000025)
21:53:59.633711 http.c:517              <= Recv header: Date: Sun, 16 Oct 2016 20:53:59 GMT
21:53:59.633722 http.c:505              <= Recv header, 0000000028 bytes (0x0000001c)
21:53:59.633730 http.c:517              <= Recv header: Transfer-Encoding: chunked
21:53:59.633740 http.c:505              <= Recv header, 0000000024 bytes (0x00000018)
21:53:59.633749 http.c:517              <= Recv header: Connection: keep-alive
21:53:59.633758 http.c:505              <= Recv header, 0000000040 bytes (0x00000028)
21:53:59.633767 http.c:517              <= Recv header: Expires: Fri, 01 Jan 1980 00:00:00 GMT
21:53:59.633776 http.c:505              <= Recv header, 0000000018 bytes (0x00000012)
21:53:59.633785 http.c:517              <= Recv header: Pragma: no-cache
21:53:59.633795 http.c:505              <= Recv header, 0000000053 bytes (0x00000035)
21:53:59.633803 http.c:517              <= Recv header: Cache-Control: no-cache, max-age=0, must-revalidate
21:53:59.633813 http.c:505              <= Recv header, 0000000040 bytes (0x00000028)
21:53:59.633822 http.c:517              <= Recv header: Expires: Fri, 01 Jan 1980 00:00:00 GMT
21:53:59.633831 http.c:505              <= Recv header, 0000000018 bytes (0x00000012)
21:53:59.633840 http.c:517              <= Recv header: Pragma: no-cache
21:53:59.633849 http.c:505              <= Recv header, 0000000053 bytes (0x00000035)
21:53:59.633858 http.c:517              <= Recv header: Cache-Control: no-cache, max-age=0, must-revalidate
21:53:59.633868 http.c:505              <= Recv header, 0000000002 bytes (0x00000002)
21:53:59.633858 http.c:517              <= Recv header: Cache-Control: no-cache, max-age=0, must-revalidate
21:53:59.633868 http.c:505              <= Recv header, 0000000002 bytes (0x00000002)
21:53:59.633876 http.c:517              <= Recv header:
21:53:59.633887 http.c:531              <= Recv data, 0000000005 bytes (0x00000005)
21:53:59.633895 http.c:546              <= Recv data: 0....
21:53:59.633923 http.c:558              == Info: Curl_http_done: called premature == 0
21:53:59.633940 http.c:558              == Info: Connection #1 to host localhost left intact
fatal: unable to access 'http://localhost/git/rc/': The requested URL returned error: 403

HTTP 403! Oh beh, non potevo essere configurato per configurare un file htpaswd corretto. Ma questo ci dà già abbastanza informazioni su ciò che GIT fa su una spinta, le parti interessanti sono:

GET /git/rc/info/refs?service=git-receive-pack HTTP/1.1
Host: localhost
User-Agent: git/2.10.0
Accept: */*
Accept-Encoding: gzip
Accept-Language: en-GB, *;q=0.9
Pragma: no-cache

GET /git/rc/info/refs?service=git-receive-pack HTTP/1.1
Host: localhost
User-Agent: git/2.10.0
Accept: */*
Accept-Encoding: gzip
Accept-Language: en-GB, *;q=0.9
Pragma: no-cache

Questi due GET sono quelli che attivano il prompt dell'utente e il prompt della password, tutto a posto fino ad ora. Avanti:

GET /git/rc/info/refs?service=git-receive-pack HTTP/1.1
Host: localhost
Authorization: Basic <redacted>
User-Agent: git/2.10.0
Accept: */*
Accept-Encoding: gzip
Accept-Language: en-GB, *;q=0.9
Pragma: no-cache

Ouch! Quella parte <redacted> (CURL la ridimensiona anche in modalità traccia!) È una intestazione di autenticazione di base , e il suo contenuto è equivalente a:

echo -n username:password | base64

In sostanza, la password viene inviata in testo (quasi) chiaro. Questo è previsto poiché GIT vuole che il server esegua l'autenticazione e un server HTTP eseguirà un'autenticazione HTTP semplice.

È davvero una buona cosa molto che praticamente tutti gli archivi disponibili tramite Internet utilizzano HTTPS. Non utilizzare un repository autenticato HTTP su HTTP semplice su Internet, qualsiasi cosa può essere falsificata e la password viene immediatamente compromessa.

Nota aggiuntiva

Ma aspetta, dove diavolo sono finite quelle opzioni di configurazione user.name e user.email ? Risposta: nel registro:

$ git log
commit 4aa5546090030c4d9196b6a4a2547b77a8c5a394
Author: grochmal <[email protected]>
Date:   Sun Oct 16 21:52:22 2016 +0100

    yay

commit af75078c1b6bb5ff630e0acf2f9e94d934a025aa
Author: grochmal <[email protected]>
Date:   Mon Oct 27 00:39:41 2014 +0000

    some simple configs plus dummy email configuration

commit 421b7dce992a67940422e5a0612f0d2d253d1a55
Author: Michal Grochmal <[email protected]>
Date:   Sun Feb 17 01:01:12 2013 +0000

    remove stuff

commit 3e2d568bb260d12a31b76141c782a655e44eef64
Author: Michal Grochmal <[email protected]>
Date:   Fri Feb 15 22:36:30 2013 +0000

    create depot

Questi provengono dai file in .git/logs combinati con i file in .git/objects e contengono tutto ciò che è stato configurato come l'e-mail e il nome utente al momento. Questo è un vecchio repository, più vecchio di GIT 2, che ha iniziato ad aggrottare le sopracciglia sui commit senza i due parametri. Durante quel periodo il nome utente è stato preso come nome utente del sistema e l'e-mail come host.

E dal momento che i file di registro sono in ogni clone (o sincronizzazione) di un repository, questi file sono in realtà i più grandi vettori di divulgazione delle informazioni. Un file può apparire ad esempio come ( .git/objects/42/1b7dce992a67940422e5a0612f0d2d253d1a55 ):

$ git cat-file -p 421b7dce992a67940422e5a0612f0d2d253d1a55
tree 222cb8fbbddc6d6d79d9ec6a83bd95228994a46c
parent 3e2d568bb260d12a31b76141c782a655e44eef64
author Michal Grochmal <[email protected]> 1361062872 +0000
committer Michal Grochmal <[email protected]> 1361062872 +0000

remove stuff

Che descrive il nome utente e il nome host del sistema, perché non ho configurato user.name o user.email prima di commit + push.

Le nuove versioni GIT (in particolare tutte le versioni 2.x) risolvono la divulgazione rinunciando a commit che non dispongono di un repository correttamente configurato. Eppure, ci sono ancora sistemi che usano vecchi binari GIT là fuori.

    
risposta data 16.10.2016 - 23:27
fonte

Leggi altre domande sui tag