X-Debbugs-CC: a...@andrewayer.name Control: tags -1 +patch +pending Dear maintainer,
I've prepared an NMU for git-crypt (versioned as 0.7.0-0.1) and uploaded it to DELAYED/5. Please feel free to tell me if I should delay it longer. Regards. diff -Nru git-crypt-0.6.0/commands.cpp git-crypt-0.7.0/commands.cpp --- git-crypt-0.6.0/commands.cpp 2017-11-26 13:24:03.000000000 -0500 +++ git-crypt-0.7.0/commands.cpp 2022-04-21 13:08:16.000000000 -0400 @@ -51,6 +51,12 @@ #include <exception> #include <vector> +enum { + // # of arguments per git checkout call; must be large enough to be efficient but small + // enough to avoid operating system limits on argument length + GIT_CHECKOUT_BATCH_SIZE = 100 +}; + static std::string attribute_name (const char* key_name) { if (key_name) { @@ -183,15 +189,19 @@ } } -static bool git_checkout (const std::vector<std::string>& paths) +static bool git_checkout_batch (std::vector<std::string>::const_iterator paths_begin, std::vector<std::string>::const_iterator paths_end) { + if (paths_begin == paths_end) { + return true; + } + std::vector<std::string> command; command.push_back("git"); command.push_back("checkout"); command.push_back("--"); - for (std::vector<std::string>::const_iterator path(paths.begin()); path != paths.end(); ++path) { + for (auto path(paths_begin); path != paths_end; ++path) { command.push_back(*path); } @@ -202,6 +212,18 @@ return true; } +static bool git_checkout (const std::vector<std::string>& paths) +{ + auto paths_begin(paths.begin()); + while (paths.end() - paths_begin >= GIT_CHECKOUT_BATCH_SIZE) { + if (!git_checkout_batch(paths_begin, paths_begin + GIT_CHECKOUT_BATCH_SIZE)) { + return false; + } + paths_begin += GIT_CHECKOUT_BATCH_SIZE; + } + return git_checkout_batch(paths_begin, paths.end()); +} + static bool same_key_name (const char* a, const char* b) { return (!a && !b) || (a && b && std::strcmp(a, b) == 0); @@ -1171,7 +1193,7 @@ } if (!git_checkout(encrypted_files)) { std::clog << "Error: 'git checkout' failed" << std::endl; - std::clog << "git-crypt has been locked but up but existing decrypted files have not been encrypted" << std::endl; + std::clog << "git-crypt has been locked up but existing decrypted files have not been encrypted" << std::endl; return 1; } diff -Nru git-crypt-0.6.0/CONTRIBUTING.md git-crypt-0.7.0/CONTRIBUTING.md --- git-crypt-0.6.0/CONTRIBUTING.md 2017-11-26 13:24:03.000000000 -0500 +++ git-crypt-0.7.0/CONTRIBUTING.md 2022-04-21 13:08:16.000000000 -0400 @@ -4,8 +4,7 @@ When contributing code, please consider the following guidelines: - * You are encouraged to open an issue on GitHub or send mail to - git-crypt-disc...@lists.cloudmutt.com to discuss any non-trivial + * You are encouraged to open an issue on GitHub to discuss any non-trivial changes before you start coding. * Please mimic the existing code style as much as possible. In @@ -15,8 +14,7 @@ * To minimize merge commits, please rebase your changes before opening a pull request. - * To submit your patch, open a pull request on GitHub or send a - properly-formatted patch to git-crypt-disc...@lists.cloudmutt.com. + * To submit your patch, open a pull request on GitHub. Finally, be aware that since git-crypt is security-sensitive software, the bar for contributions is higher than average. Please don't be diff -Nru git-crypt-0.6.0/debian/changelog git-crypt-0.7.0/debian/changelog --- git-crypt-0.6.0/debian/changelog 2017-11-26 13:35:28.000000000 -0500 +++ git-crypt-0.7.0/debian/changelog 2022-05-14 11:20:28.000000000 -0400 @@ -1,3 +1,14 @@ +git-crypt (0.7.0-0.1) unstable; urgency=high + + * Non-maintainer upload. + * New upstream release. + * Cherry-pick Ubuntu patch to fix compatibility with OpenSSL 3.0. + (Closes: #996287) + * debian/control: Drop obsolete build-dependency libssl1.0-dev. + (Closes: #917346) + + -- Boyuan Yang <by...@debian.org> Sat, 14 May 2022 11:20:28 -0400 + git-crypt (0.6.0-1) unstable; urgency=medium * New upstream release. diff -Nru git-crypt-0.6.0/debian/control git-crypt-0.7.0/debian/control --- git-crypt-0.6.0/debian/control 2017-11-26 13:32:28.000000000 -0500 +++ git-crypt-0.7.0/debian/control 2022-05-14 11:20:28.000000000 -0400 @@ -3,7 +3,7 @@ Section: vcs Priority: optional Standards-Version: 3.9.8 -Build-Depends: debhelper (>= 9), libssl-dev | libssl1.0-dev, xsltproc, docbook-xml, docbook-xsl +Build-Depends: debhelper (>= 9), libssl-dev, xsltproc, docbook-xml, docbook- xsl Vcs-Git: https://www.agwa.name/git/git-crypt.git -b debian Homepage: https://www.agwa.name/projects/git-crypt diff -Nru git-crypt-0.6.0/debian/patches/openssl-compat.patch git-crypt- 0.7.0/debian/patches/openssl-compat.patch --- git-crypt-0.6.0/debian/patches/openssl-compat.patch 1969-12-31 19:00:00.000000000 -0500 +++ git-crypt-0.7.0/debian/patches/openssl-compat.patch 2022-05-14 11:18:22.000000000 -0400 @@ -0,0 +1,27 @@ +Subject: Use OpenSSL version numbers to pick the compat layer +Author: Simon Chopin <simon.cho...@canonical.com> + +OPENSSL_API_COMPAT doesn't ensure we have the necessary API exposed. Using +OPENSSL_VERSION_NUMBER makes things a bit easier with new versions of OpenSSL. +--- a/crypto-openssl-11.cpp ++++ b/crypto-openssl-11.cpp +@@ -30,7 +30,7 @@ + + #include <openssl/opensslconf.h> + +-#if defined(OPENSSL_API_COMPAT) ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L + + #include "crypto.hpp" + #include "key.hpp" +--- a/crypto-openssl-10.cpp ++++ b/crypto-openssl-10.cpp +@@ -30,7 +30,7 @@ + + #include <openssl/opensslconf.h> + +-#if !defined(OPENSSL_API_COMPAT) ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + + #include "crypto.hpp" + #include "key.hpp" diff -Nru git-crypt-0.6.0/debian/patches/series git-crypt- 0.7.0/debian/patches/series --- git-crypt-0.6.0/debian/patches/series 1969-12-31 19:00:00.000000000 -0500 +++ git-crypt-0.7.0/debian/patches/series 2022-05-14 11:17:57.000000000 -0400 @@ -0,0 +1 @@ +openssl-compat.patch diff -Nru git-crypt-0.6.0/debian/upstream/metadata git-crypt- 0.7.0/debian/upstream/metadata --- git-crypt-0.6.0/debian/upstream/metadata 1969-12-31 19:00:00.000000000 -0500 +++ git-crypt-0.7.0/debian/upstream/metadata 2022-05-14 11:14:41.000000000 -0400 @@ -0,0 +1,2 @@ +--- +Repository-Browse: https://github.com/AGWA/git-crypt diff -Nru git-crypt-0.6.0/git-crypt.hpp git-crypt-0.7.0/git-crypt.hpp --- git-crypt-0.6.0/git-crypt.hpp 2017-11-26 13:24:03.000000000 -0500 +++ git-crypt-0.7.0/git-crypt.hpp 2022-04-21 13:08:16.000000000 -0400 @@ -31,7 +31,7 @@ #ifndef GIT_CRYPT_GIT_CRYPT_HPP #define GIT_CRYPT_GIT_CRYPT_HPP -#define VERSION "0.6.0" +#define VERSION "0.7.0" extern const char* argv0; // initialized in main() to argv[0] diff -Nru git-crypt-0.6.0/man/git-crypt.xml git-crypt-0.7.0/man/git-crypt.xml --- git-crypt-0.6.0/man/git-crypt.xml 2017-11-26 13:24:03.000000000 -0500 +++ git-crypt-0.7.0/man/git-crypt.xml 2022-04-21 13:08:16.000000000 -0400 @@ -7,8 +7,8 @@ --> <refentryinfo> <title>git-crypt</title> - <date>2017-11-26</date> - <productname>git-crypt 0.6.0</productname> + <date>2022-04-21</date> + <productname>git-crypt 0.7.0</productname> <author> <othername>Andrew Ayer</othername> diff -Nru git-crypt-0.6.0/NEWS git-crypt-0.7.0/NEWS --- git-crypt-0.6.0/NEWS 2017-11-26 13:24:03.000000000 -0500 +++ git-crypt-0.7.0/NEWS 2022-04-21 13:08:16.000000000 -0400 @@ -1,3 +1,8 @@ +v0.7.0 (2022-04-21) + * Avoid "argument list too long" errors on macOS. + * Fix handling of "-" arguments. + * Minor documentation improvements. + v0.6.0 (2017-11-26) * Add support for OpenSSL 1.1 (still works with OpenSSL 1.0). * Switch to C++11 (gcc 4.9 or higher now required to build). diff -Nru git-crypt-0.6.0/NEWS.md git-crypt-0.7.0/NEWS.md --- git-crypt-0.6.0/NEWS.md 2017-11-26 13:24:03.000000000 -0500 +++ git-crypt-0.7.0/NEWS.md 2022-04-21 13:08:16.000000000 -0400 @@ -1,6 +1,11 @@ News ==== +######v0.7.0 (2022-04-21) +* Avoid "argument list too long" errors on macOS. +* Fix handling of "-" arguments. +* Minor documentation improvements. + ######v0.6.0 (2017-11-26) * Add support for OpenSSL 1.1 (still works with OpenSSL 1.0). * Switch to C++11 (gcc 4.9 or higher now required to build). diff -Nru git-crypt-0.6.0/parse_options.cpp git-crypt-0.7.0/parse_options.cpp --- git-crypt-0.6.0/parse_options.cpp 2017-11-26 13:24:03.000000000 -0500 +++ git-crypt-0.7.0/parse_options.cpp 2022-04-21 13:08:16.000000000 -0400 @@ -43,7 +43,7 @@ { int argi = 0; - while (argi < argc && argv[argi][0] == '-') { + while (argi < argc && argv[argi][0] == '-' && argv[argi][1] != '\0') { if (std::strcmp(argv[argi], "--") == 0) { ++argi; break; diff -Nru git-crypt-0.6.0/README git-crypt-0.7.0/README --- git-crypt-0.6.0/README 2017-11-26 13:24:03.000000000 -0500 +++ git-crypt-0.7.0/README 2022-04-21 13:08:16.000000000 -0400 @@ -30,6 +30,7 @@ secretfile filter=git-crypt diff=git-crypt *.key filter=git-crypt diff=git-crypt + secretdir/** filter=git-crypt diff=git-crypt Like a .gitignore file, it can match wildcards and should be checked into the repository. See below for more information about .gitattributes. @@ -54,7 +55,7 @@ $ git-crypt export-key /path/to/key -After cloning a repository with encrypted files, unlock with with GPG: +After cloning a repository with encrypted files, unlock with GPG: $ git-crypt unlock @@ -69,7 +70,7 @@ CURRENT STATUS -The latest version of git-crypt is 0.6.0, released on 2017-11-26. +The latest version of git-crypt is 0.7.0, released on 2022-04-21. git-crypt aims to be bug-free and reliable, meaning it shouldn't crash, malfunction, or expose your confidential data. However, it has not yet reached maturity, meaning it is not as documented, @@ -108,6 +109,16 @@ of a file, or the fact that two files are identical (see "Security" section above). +git-crypt does not support revoking access to an encrypted repository +which was previously granted. This applies to both multi-user GPG +mode (there's no del-gpg-user command to complement add-gpg-user) +and also symmetric key mode (there's no support for rotating the key). +This is because it is an inherently complex problem in the context +of historical data. For example, even if a key was rotated at one +point in history, a user having the previous key can still access +previous repository history. This problem is discussed in more detail in +<https://github.com/AGWA/git-crypt/issues/47>. + Files encrypted with git-crypt are not compressible. Even the smallest change to an encrypted file requires git to store the entire changed file, instead of just a delta. @@ -138,20 +149,12 @@ encrypt all files beneath it. Also note that the pattern `dir/*` does not match files under -sub-directories of dir/. To encrypt an entire sub-tree dir/, place the -following in dir/.gitattributes: - - * filter=git-crypt diff=git-crypt - .gitattributes !filter !diff +sub-directories of dir/. To encrypt an entire sub-tree dir/, use `dir/**`: -The second pattern is essential for ensuring that .gitattributes itself -is not encrypted. + dir/** filter=git-crypt diff=git-crypt +The .gitattributes file must not be encrypted, so make sure wildcards don't +match it accidentally. If necessary, you can exclude .gitattributes from +encryption like this: -MAILING LISTS - -To stay abreast of, and provide input to, git-crypt development, consider -subscribing to one or both of our mailing lists: - -Announcements: https://lists.cloudmutt.com/mailman/listinfo/git-crypt-announce -Discussion: https://lists.cloudmutt.com/mailman/listinfo/git-crypt-discuss + .gitattributes !filter !diff diff -Nru git-crypt-0.6.0/README.md git-crypt-0.7.0/README.md --- git-crypt-0.6.0/README.md 2017-11-26 13:24:03.000000000 -0500 +++ git-crypt-0.7.0/README.md 2022-04-21 13:08:16.000000000 -0400 @@ -31,6 +31,7 @@ secretfile filter=git-crypt diff=git-crypt *.key filter=git-crypt diff=git-crypt + secretdir/** filter=git-crypt diff=git-crypt Like a .gitignore file, it can match wildcards and should be checked into the repository. See below for more information about .gitattributes. @@ -55,7 +56,7 @@ git-crypt export-key /path/to/key -After cloning a repository with encrypted files, unlock with with GPG: +After cloning a repository with encrypted files, unlock with GPG: git-crypt unlock @@ -70,8 +71,8 @@ Current Status -------------- -The latest version of git-crypt is [0.6.0](NEWS.md), released on -2017-11-26. git-crypt aims to be bug-free and reliable, meaning it +The latest version of git-crypt is [0.7.0](NEWS.md), released on +2022-04-21. git-crypt aims to be bug-free and reliable, meaning it shouldn't crash, malfunction, or expose your confidential data. However, it has not yet reached maturity, meaning it is not as documented, featureful, or easy-to-use as it should be. Additionally, @@ -110,6 +111,16 @@ of a file, or the fact that two files are identical (see "Security" section above). +git-crypt does not support revoking access to an encrypted repository +which was previously granted. This applies to both multi-user GPG +mode (there's no del-gpg-user command to complement add-gpg-user) +and also symmetric key mode (there's no support for rotating the key). +This is because it is an inherently complex problem in the context +of historical data. For example, even if a key was rotated at one +point in history, a user having the previous key can still access +previous repository history. This problem is discussed in more detail in +<https://github.com/AGWA/git-crypt/issues/47>. + Files encrypted with git-crypt are not compressible. Even the smallest change to an encrypted file requires git to store the entire changed file, instead of just a delta. @@ -140,20 +151,12 @@ encrypt all files beneath it. Also note that the pattern `dir/*` does not match files under -sub-directories of dir/. To encrypt an entire sub-tree dir/, place the -following in dir/.gitattributes: - - * filter=git-crypt diff=git-crypt - .gitattributes !filter !diff +sub-directories of dir/. To encrypt an entire sub-tree dir/, use `dir/**`: -The second pattern is essential for ensuring that .gitattributes itself -is not encrypted. + dir/** filter=git-crypt diff=git-crypt -Mailing Lists -------------- +The .gitattributes file must not be encrypted, so make sure wildcards don't +match it accidentally. If necessary, you can exclude .gitattributes from +encryption like this: -To stay abreast of, and provide input to, git-crypt development, -consider subscribing to one or both of our mailing lists: - -* [Announcements](https://lists.cloudmutt.com/mailman/listinfo/git-crypt-announce ) -* [Discussion](https://lists.cloudmutt.com/mailman/listinfo/git-crypt-discuss) + .gitattributes !filter !diff
signature.asc
Description: This is a digitally signed message part