One of my co-workers checked in a some files in SVN and one of the files has a password in it. The password has been removed from the file and a new version checked in but the password is obviously still in the repository if we look at the revision history and go to that revision. (We're using TortoiseSVN as the client.)
So how do I securely delete that single file from the repository in SVN?
I'm not sure. You could always create a new file and copy the latest revision into that, wiping out prior revision history.
Maybe you should change your production password to avoid the svn problem altogether.
it isn't pretty : How do I completely remove a file from the repository's history?
@Jason, Adam:
O_o;;
I think I prefer my stupid-brute force solution. Wow.
@Bernard - How would you do that? If I deleted the file from SVN and then loaded a new file in there would the revision history be removed? That would work at this stage if that's the case.
That seemed to work. So what I did was:
I can't seem to find any revision history now - however, it could just be that I'm not looking in the right place.
So a modified question would now be, how can I find the revision history of the file that was deleted and then resubmitted to SVN?
(BTW I apologize for not asking the question more accurately earlier as I never mentioned that one of the options was to obliterate all revision history as it hadn't occurred to me.)
I can't seem to find any revision history now - however, it could just be that I'm not looking in the right place.
You can see it by looking at the folder history, which will give you the revision where the file was still there, and thus you'll be able to recover the confidential file. So it's a bad solution.
If it's the last revision (HEAD) you can (BACKING UP your repo beforehand) delete that revision's files in db\revs and db\revprops and then run the following python script to fix what revision you repo thinks HEAD is.
e.g. if head is 522 and the password was commited in 520, you'd have to delete revisions 520,521 and 522.
(This script shouldn't be necessary once SVN obliterate is implemented)
(I didn't write this script, I got it from here)
#!/usr/bin/python
def dec_to_36(dec):
key = '0123456789abcdefghijklmnopqrstuvwxyz'
result = ''
while 1:
div = dec / 36
mod = dec % 36
dec = div
result = key[mod] + result
if dec == 0:
break
return result
import os, re, sys
repo_path = sys.argv[1]
rev_path = os.path.join(repo_path, 'db', 'revs')
current_path = os.path.join(repo_path, 'db', 'current')
id_re = re.compile(r'^id:\ ([a-z0-9]+)\.([a-z0-9]+)\.r([0-9]+).*')
max_node_id = 0
max_copy_id = 0
max_rev_id = 0
for rev in os.listdir(rev_path):
f = open(os.path.join(rev_path, rev), 'r')
for line in f:
m = id_re.match(line)
if m:
node_id = int(m.group(1), 36)
copy_id = int(m.group(2), 36)
rev_id = int(m.group(3), 10)
if copy_id > max_copy_id:
max_copy_id = copy_id
if node_id > max_node_id:
max_node_id = node_id
if rev_id > max_rev_id:
max_rev_id = rev_id
f = open(current_path, 'w+b')
f.write("%d %s %s\n" % (max_rev_id, dec_to_36(max_node_id+1),
dec_to_36(max_copy_id+1)))
f.close()
your password is still there (svn cat file@2342 where 2342 is a revision the file was still there).
you can ''svnadmin dump'' you repos to a file, search and replace you password with "ultrasecret', ''svnadmin create'' a new repos and ''svnadmin load'' the modified dump into that new repos. be aware of binary data in your dump, so use a proper editor/sed.