From 984bb61505926971b88529b55239d9901cb49799 Mon Sep 17 00:00:00 2001 From: Yu Feng Date: Thu, 12 Mar 2015 17:08:40 -0700 Subject: [PATCH 1/3] Recomment not to commit .gitfat for S3 backend. Just received an Email from amazon about compromized identity because .gitfat has been pushed to github! --- README.md | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8e1c7fe..cb01f28 100644 --- a/README.md +++ b/README.md @@ -31,12 +31,16 @@ Run `git fat init` to activate the extension. Now add and commit as usual. Matched files will be transparently stored externally, but will appear complete in the working tree. +### rsync remote + Set a remote store for the fat objects by editing `.gitfat`. [rsync] remote = your.remote-host.org:/share/fat-store -This file should typically be committed to the repository so that others +This file should typically be distributed to other users of the repository. +For the rsync backend, no identification information is stored, and .gitfat +can be committed to the repository so that others will automatically have their remote set. This remote address can use any protocol supported by rsync. @@ -59,7 +63,11 @@ Edit your .gitfat file and add the following: key={access_key_id} secret={secret_access_key} -And then you're done. +And then you're done. + +Warning: If the repository is hosted publicly, do not add .gitfat into the repository. +Doing so will expose your S3 identity to the world, and anybody can modify the files +hosted on your S3, thus tainting the version history. # A worked example From 5b5a89d8682b68a980bf8fea1ed829d693db5d49 Mon Sep 17 00:00:00 2001 From: Yu Feng Date: Thu, 12 Mar 2015 17:11:57 -0700 Subject: [PATCH 2/3] Better structure --- README.md | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index cb01f28..bd5f27b 100644 --- a/README.md +++ b/README.md @@ -31,19 +31,13 @@ Run `git fat init` to activate the extension. Now add and commit as usual. Matched files will be transparently stored externally, but will appear complete in the working tree. -### rsync remote +## rsync remote Set a remote store for the fat objects by editing `.gitfat`. [rsync] remote = your.remote-host.org:/share/fat-store -This file should typically be distributed to other users of the repository. -For the rsync backend, no identification information is stored, and .gitfat -can be committed to the repository so that others -will automatically have their remote set. This remote address can use -any protocol supported by rsync. - Most users will configure it to use remote ssh in a directory with shared access. To do this, set the `sshuser` and `sshport` variables in `.gitfat` configuration file. For example, to use rsync with ssh, with the default @@ -65,9 +59,19 @@ Edit your .gitfat file and add the following: And then you're done. -Warning: If the repository is hosted publicly, do not add .gitfat into the repository. +This file should typically be distributed to other users of the repository. + +## Distributing .gitfat + +For the rsync backend, no identification information is stored, and .gitfat +can be committed to the repository so that others +will automatically have their remote set. This remote address can use +any protocol supported by rsync. + +For the S3 backend, it is more complicated. +If the repository is (or will ever be) hosted publicly, do not commit .gitfat into the repository. Doing so will expose your S3 identity to the world, and anybody can modify the files -hosted on your S3, thus tainting the version history. +hosted on the S3 bucket. Distribute the file via a secure channel instead. # A worked example From 2ea87938c5750f59c6485126747882972d915dff Mon Sep 17 00:00:00 2001 From: Yu Feng Date: Thu, 12 Mar 2015 17:15:06 -0700 Subject: [PATCH 3/3] comment in the example too. --- README.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index bd5f27b..c95a35f 100644 --- a/README.md +++ b/README.md @@ -59,10 +59,9 @@ Edit your .gitfat file and add the following: And then you're done. -This file should typically be distributed to other users of the repository. - ## Distributing .gitfat +This file (.gitfat) should typically be distributed to other users of the repository. For the rsync backend, no identification information is stored, and .gitfat can be committed to the repository so that others will automatically have their remote set. This remote address can use @@ -92,7 +91,7 @@ First, we create a repository and configure it for use with `git-fat`. remote = localhost:/tmp/fat-store $ mkdir -p /tmp/fat-store # make sure the remote directory exists $ echo '*.gz filter=fat -crlf' > .gitattributes - $ git add .gitfat .gitattributes + $ git add .gitfat .gitattributes # do not add .gitfat if S3 backend is used. $ git commit -m'Initial repository' [master (root-commit) eb7facb] Initial repository 2 files changed, 3 insertions(+)