lunedì 20 dicembre 2010

Securely delete files in Linux

Shred is a command line utility which can be used to securely delete files or entire file-systems.
It overwrites the file repeatedly (on my system default is 3 times, but can be specified) in order to make harder to recover the data with professional tools.
As usual for Unix's utility you can tune the program specifying parameters such as the number of overwrites.

Examples


Delete a single file:
shred -f -u -v /home/marco/file_with_secrets.txt
  • -f change permissions to allow writing if necessary
  • -u truncate and remove file after overwriting
  • -v show progress

Wipe an entire disk partition:
shred -n 10 -z -v  /dev/sdb3
  • -n # Overwrite # times instead of the default
  • -z add a final overwrite with zeros to hide shredding

Note: shred could be not so effective overwriting files in journaled file-systems (like ext3, ext4 ReiserFS, XFS, JFS) or RAID based file-systems.

Links:


shred invocation
shred - Linux man page

venerdì 10 dicembre 2010

How to mirror a remote subversion repository

When dealing with a remote repository the svnadmin command doesn't work, because it can only be used on the machine that holds the repository. But Subversion meets our need with the svnsycn command.

Svnsync works by essentially asking the Subversion server to “replay” revisions, one at a time. Neither the source nor the target repository needs to be locally accessible to machine on which svnsync is running, all the requirements are read access to the source repository and read/write access to the target/mirror repository.

Svnsync stores its bookkeeping information in special revision properties on revision 0 of the destination repository, but in order to make changes to revision properties you'll need to explicitly implement the pre-revprop-change hook, and your script must allow svnsync to set and change its special properties.

Let's see a script for local mirroring a remote svn repository:

TARGET_REPO_PATH=/tmp/svn/mirror_repo
SOURCE_REPO_PATH=https://xyz.svn.sourceforge.net/svnroot/xyz
SOURCE_REPO_USER=anonymous

svnadmin create $TARGET_REPO_PATH
echo '#!/bin/sh' > $TARGET_REPO_PATH/hooks/pre-revprop-change
chmod +x $TARGET_REPO_PATH/hooks/pre-revprop-change
svnsync init file://$TARGET_REPO_PATH $SOURCE_REPO_PATH --source-username $SOURCE_REPO_USER
svnsync sync file://$TARGET_REPO_PATH --source-username $SOURCE_REPO_USER


In line 5 we create the local target repository

In lines 6 and 7 we create the pre-revprop-change hook and make it executable

In line 8  we register in our target repository the fact that it will be a mirror of the source repository. We do this using the svnsync initialize subcommand. Our target repository will now remember that it is a mirror of the public Subversion source code repository (in Subversion 1.5, you can use svnsync to mirror only some subtree of the repository)

In line 9  with a single subcommand, we can tell svnsync to copy all the as-yet-unmirrored revisions from the source repository to the target. Svnsync performs careful bookkeeping that allows it to be safely interrupted and restarted without ruining the integrity of the mirrored data.
Do not modify a mirror repository in such a way as to cause its version history to deviate from that of the repository it mirrors. The only commits and revision property modifications that ever occur on that mirror repository should be those performed by the svnsync tool.

Whenever we want to update the mirror applying the changes from the remote source repository we just have to call the svnsync sync command as in line 9 of the example script.


Copyright note: most of this post comes from Version Control with Subversion.

See also:

Version Control with Subversion - Repository Administration - Repository Replication
Version Control with Subversion - Repository Administration - Implementing Repository Hooks
Version Control with Subversion - Repository Hooks - pre-revprop-change