diff -pruN 0.6.0-1/commands.cpp 0.7.0-0.1/commands.cpp --- 0.6.0-1/commands.cpp 2017-11-26 18:24:03.000000000 +0000 +++ 0.7.0-0.1/commands.cpp 2022-04-21 17:08:16.000000000 +0000 @@ -51,6 +51,12 @@ #include #include +enum { + // # of arguments per git checkout call; must be large enough to be efficient but small + // enough to avoid operating system limits on argument length + GIT_CHECKOUT_BATCH_SIZE = 100 +}; + static std::string attribute_name (const char* key_name) { if (key_name) { @@ -183,15 +189,19 @@ static void deconfigure_git_filters (con } } -static bool git_checkout (const std::vector& paths) +static bool git_checkout_batch (std::vector::const_iterator paths_begin, std::vector::const_iterator paths_end) { + if (paths_begin == paths_end) { + return true; + } + std::vector command; command.push_back("git"); command.push_back("checkout"); command.push_back("--"); - for (std::vector::const_iterator path(paths.begin()); path != paths.end(); ++path) { + for (auto path(paths_begin); path != paths_end; ++path) { command.push_back(*path); } @@ -202,6 +212,18 @@ static bool git_checkout (const std::vec return true; } +static bool git_checkout (const std::vector& paths) +{ + auto paths_begin(paths.begin()); + while (paths.end() - paths_begin >= GIT_CHECKOUT_BATCH_SIZE) { + if (!git_checkout_batch(paths_begin, paths_begin + GIT_CHECKOUT_BATCH_SIZE)) { + return false; + } + paths_begin += GIT_CHECKOUT_BATCH_SIZE; + } + return git_checkout_batch(paths_begin, paths.end()); +} + static bool same_key_name (const char* a, const char* b) { return (!a && !b) || (a && b && std::strcmp(a, b) == 0); @@ -1171,7 +1193,7 @@ int lock (int argc, const char** argv) } if (!git_checkout(encrypted_files)) { std::clog << "Error: 'git checkout' failed" << std::endl; - std::clog << "git-crypt has been locked but up but existing decrypted files have not been encrypted" << std::endl; + std::clog << "git-crypt has been locked up but existing decrypted files have not been encrypted" << std::endl; return 1; } diff -pruN 0.6.0-1/CONTRIBUTING.md 0.7.0-0.1/CONTRIBUTING.md --- 0.6.0-1/CONTRIBUTING.md 2017-11-26 18:24:03.000000000 +0000 +++ 0.7.0-0.1/CONTRIBUTING.md 2022-04-21 17:08:16.000000000 +0000 @@ -4,8 +4,7 @@ documentation, bug reports, or anything When contributing code, please consider the following guidelines: - * You are encouraged to open an issue on GitHub or send mail to - git-crypt-discuss@lists.cloudmutt.com to discuss any non-trivial + * You are encouraged to open an issue on GitHub to discuss any non-trivial changes before you start coding. * Please mimic the existing code style as much as possible. In @@ -15,8 +14,7 @@ When contributing code, please consider * To minimize merge commits, please rebase your changes before opening a pull request. - * To submit your patch, open a pull request on GitHub or send a - properly-formatted patch to git-crypt-discuss@lists.cloudmutt.com. + * To submit your patch, open a pull request on GitHub. Finally, be aware that since git-crypt is security-sensitive software, the bar for contributions is higher than average. Please don't be diff -pruN 0.6.0-1/debian/changelog 0.7.0-0.1/debian/changelog --- 0.6.0-1/debian/changelog 2017-11-26 18:35:28.000000000 +0000 +++ 0.7.0-0.1/debian/changelog 2022-05-14 15:20:28.000000000 +0000 @@ -1,3 +1,14 @@ +git-crypt (0.7.0-0.1) unstable; urgency=high + + * Non-maintainer upload. + * New upstream release. + * Cherry-pick Ubuntu patch to fix compatibility with OpenSSL 3.0. + (Closes: #996287) + * debian/control: Drop obsolete build-dependency libssl1.0-dev. + (Closes: #917346) + + -- Boyuan Yang Sat, 14 May 2022 11:20:28 -0400 + git-crypt (0.6.0-1) unstable; urgency=medium * New upstream release. diff -pruN 0.6.0-1/debian/control 0.7.0-0.1/debian/control --- 0.6.0-1/debian/control 2017-11-26 18:32:28.000000000 +0000 +++ 0.7.0-0.1/debian/control 2022-05-14 15:20:28.000000000 +0000 @@ -3,7 +3,7 @@ Maintainer: Andrew Ayer = 9), libssl-dev | libssl1.0-dev, xsltproc, docbook-xml, docbook-xsl +Build-Depends: debhelper (>= 9), libssl-dev, xsltproc, docbook-xml, docbook-xsl Vcs-Git: https://www.agwa.name/git/git-crypt.git -b debian Homepage: https://www.agwa.name/projects/git-crypt diff -pruN 0.6.0-1/debian/patches/openssl-compat.patch 0.7.0-0.1/debian/patches/openssl-compat.patch --- 0.6.0-1/debian/patches/openssl-compat.patch 1970-01-01 00:00:00.000000000 +0000 +++ 0.7.0-0.1/debian/patches/openssl-compat.patch 2022-05-14 15:18:22.000000000 +0000 @@ -0,0 +1,27 @@ +Subject: Use OpenSSL version numbers to pick the compat layer +Author: Simon Chopin + +OPENSSL_API_COMPAT doesn't ensure we have the necessary API exposed. Using +OPENSSL_VERSION_NUMBER makes things a bit easier with new versions of OpenSSL. +--- a/crypto-openssl-11.cpp ++++ b/crypto-openssl-11.cpp +@@ -30,7 +30,7 @@ + + #include + +-#if defined(OPENSSL_API_COMPAT) ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L + + #include "crypto.hpp" + #include "key.hpp" +--- a/crypto-openssl-10.cpp ++++ b/crypto-openssl-10.cpp +@@ -30,7 +30,7 @@ + + #include + +-#if !defined(OPENSSL_API_COMPAT) ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + + #include "crypto.hpp" + #include "key.hpp" diff -pruN 0.6.0-1/debian/patches/series 0.7.0-0.1/debian/patches/series --- 0.6.0-1/debian/patches/series 1970-01-01 00:00:00.000000000 +0000 +++ 0.7.0-0.1/debian/patches/series 2022-05-14 15:17:57.000000000 +0000 @@ -0,0 +1 @@ +openssl-compat.patch diff -pruN 0.6.0-1/debian/upstream/metadata 0.7.0-0.1/debian/upstream/metadata --- 0.6.0-1/debian/upstream/metadata 1970-01-01 00:00:00.000000000 +0000 +++ 0.7.0-0.1/debian/upstream/metadata 2022-05-14 15:14:41.000000000 +0000 @@ -0,0 +1,2 @@ +--- +Repository-Browse: https://github.com/AGWA/git-crypt diff -pruN 0.6.0-1/git-crypt.hpp 0.7.0-0.1/git-crypt.hpp --- 0.6.0-1/git-crypt.hpp 2017-11-26 18:24:03.000000000 +0000 +++ 0.7.0-0.1/git-crypt.hpp 2022-04-21 17:08:16.000000000 +0000 @@ -31,7 +31,7 @@ #ifndef GIT_CRYPT_GIT_CRYPT_HPP #define GIT_CRYPT_GIT_CRYPT_HPP -#define VERSION "0.6.0" +#define VERSION "0.7.0" extern const char* argv0; // initialized in main() to argv[0] diff -pruN 0.6.0-1/man/git-crypt.xml 0.7.0-0.1/man/git-crypt.xml --- 0.6.0-1/man/git-crypt.xml 2017-11-26 18:24:03.000000000 +0000 +++ 0.7.0-0.1/man/git-crypt.xml 2022-04-21 17:08:16.000000000 +0000 @@ -7,8 +7,8 @@ --> git-crypt - 2017-11-26 - git-crypt 0.6.0 + 2022-04-21 + git-crypt 0.7.0 Andrew Ayer diff -pruN 0.6.0-1/NEWS 0.7.0-0.1/NEWS --- 0.6.0-1/NEWS 2017-11-26 18:24:03.000000000 +0000 +++ 0.7.0-0.1/NEWS 2022-04-21 17:08:16.000000000 +0000 @@ -1,3 +1,8 @@ +v0.7.0 (2022-04-21) + * Avoid "argument list too long" errors on macOS. + * Fix handling of "-" arguments. + * Minor documentation improvements. + v0.6.0 (2017-11-26) * Add support for OpenSSL 1.1 (still works with OpenSSL 1.0). * Switch to C++11 (gcc 4.9 or higher now required to build). diff -pruN 0.6.0-1/NEWS.md 0.7.0-0.1/NEWS.md --- 0.6.0-1/NEWS.md 2017-11-26 18:24:03.000000000 +0000 +++ 0.7.0-0.1/NEWS.md 2022-04-21 17:08:16.000000000 +0000 @@ -1,6 +1,11 @@ News ==== +######v0.7.0 (2022-04-21) +* Avoid "argument list too long" errors on macOS. +* Fix handling of "-" arguments. +* Minor documentation improvements. + ######v0.6.0 (2017-11-26) * Add support for OpenSSL 1.1 (still works with OpenSSL 1.0). * Switch to C++11 (gcc 4.9 or higher now required to build). diff -pruN 0.6.0-1/parse_options.cpp 0.7.0-0.1/parse_options.cpp --- 0.6.0-1/parse_options.cpp 2017-11-26 18:24:03.000000000 +0000 +++ 0.7.0-0.1/parse_options.cpp 2022-04-21 17:08:16.000000000 +0000 @@ -43,7 +43,7 @@ int parse_options (const Options_list& o { int argi = 0; - while (argi < argc && argv[argi][0] == '-') { + while (argi < argc && argv[argi][0] == '-' && argv[argi][1] != '\0') { if (std::strcmp(argv[argi], "--") == 0) { ++argi; break; diff -pruN 0.6.0-1/README 0.7.0-0.1/README --- 0.6.0-1/README 2017-11-26 18:24:03.000000000 +0000 +++ 0.7.0-0.1/README 2022-04-21 17:08:16.000000000 +0000 @@ -30,6 +30,7 @@ Specify files to encrypt by creating a . secretfile filter=git-crypt diff=git-crypt *.key filter=git-crypt diff=git-crypt + secretdir/** filter=git-crypt diff=git-crypt Like a .gitignore file, it can match wildcards and should be checked into the repository. See below for more information about .gitattributes. @@ -54,7 +55,7 @@ are added to your repository): $ git-crypt export-key /path/to/key -After cloning a repository with encrypted files, unlock with with GPG: +After cloning a repository with encrypted files, unlock with GPG: $ git-crypt unlock @@ -69,7 +70,7 @@ encryption and decryption happen transpa CURRENT STATUS -The latest version of git-crypt is 0.6.0, released on 2017-11-26. +The latest version of git-crypt is 0.7.0, released on 2022-04-21. git-crypt aims to be bug-free and reliable, meaning it shouldn't crash, malfunction, or expose your confidential data. However, it has not yet reached maturity, meaning it is not as documented, @@ -108,6 +109,16 @@ git-crypt does not hide when a file does of a file, or the fact that two files are identical (see "Security" section above). +git-crypt does not support revoking access to an encrypted repository +which was previously granted. This applies to both multi-user GPG +mode (there's no del-gpg-user command to complement add-gpg-user) +and also symmetric key mode (there's no support for rotating the key). +This is because it is an inherently complex problem in the context +of historical data. For example, even if a key was rotated at one +point in history, a user having the previous key can still access +previous repository history. This problem is discussed in more detail in +. + Files encrypted with git-crypt are not compressible. Even the smallest change to an encrypted file requires git to store the entire changed file, instead of just a delta. @@ -138,20 +149,12 @@ specifying merely a directory (e.g. `/di encrypt all files beneath it. Also note that the pattern `dir/*` does not match files under -sub-directories of dir/. To encrypt an entire sub-tree dir/, place the -following in dir/.gitattributes: - - * filter=git-crypt diff=git-crypt - .gitattributes !filter !diff +sub-directories of dir/. To encrypt an entire sub-tree dir/, use `dir/**`: -The second pattern is essential for ensuring that .gitattributes itself -is not encrypted. + dir/** filter=git-crypt diff=git-crypt +The .gitattributes file must not be encrypted, so make sure wildcards don't +match it accidentally. If necessary, you can exclude .gitattributes from +encryption like this: -MAILING LISTS - -To stay abreast of, and provide input to, git-crypt development, consider -subscribing to one or both of our mailing lists: - -Announcements: https://lists.cloudmutt.com/mailman/listinfo/git-crypt-announce -Discussion: https://lists.cloudmutt.com/mailman/listinfo/git-crypt-discuss + .gitattributes !filter !diff diff -pruN 0.6.0-1/README.md 0.7.0-0.1/README.md --- 0.6.0-1/README.md 2017-11-26 18:24:03.000000000 +0000 +++ 0.7.0-0.1/README.md 2022-04-21 17:08:16.000000000 +0000 @@ -31,6 +31,7 @@ Specify files to encrypt by creating a . secretfile filter=git-crypt diff=git-crypt *.key filter=git-crypt diff=git-crypt + secretdir/** filter=git-crypt diff=git-crypt Like a .gitignore file, it can match wildcards and should be checked into the repository. See below for more information about .gitattributes. @@ -55,7 +56,7 @@ are added to your repository): git-crypt export-key /path/to/key -After cloning a repository with encrypted files, unlock with with GPG: +After cloning a repository with encrypted files, unlock with GPG: git-crypt unlock @@ -70,8 +71,8 @@ encryption and decryption happen transpa Current Status -------------- -The latest version of git-crypt is [0.6.0](NEWS.md), released on -2017-11-26. git-crypt aims to be bug-free and reliable, meaning it +The latest version of git-crypt is [0.7.0](NEWS.md), released on +2022-04-21. git-crypt aims to be bug-free and reliable, meaning it shouldn't crash, malfunction, or expose your confidential data. However, it has not yet reached maturity, meaning it is not as documented, featureful, or easy-to-use as it should be. Additionally, @@ -110,6 +111,16 @@ git-crypt does not hide when a file does of a file, or the fact that two files are identical (see "Security" section above). +git-crypt does not support revoking access to an encrypted repository +which was previously granted. This applies to both multi-user GPG +mode (there's no del-gpg-user command to complement add-gpg-user) +and also symmetric key mode (there's no support for rotating the key). +This is because it is an inherently complex problem in the context +of historical data. For example, even if a key was rotated at one +point in history, a user having the previous key can still access +previous repository history. This problem is discussed in more detail in +. + Files encrypted with git-crypt are not compressible. Even the smallest change to an encrypted file requires git to store the entire changed file, instead of just a delta. @@ -140,20 +151,12 @@ specifying merely a directory (e.g. `/di encrypt all files beneath it. Also note that the pattern `dir/*` does not match files under -sub-directories of dir/. To encrypt an entire sub-tree dir/, place the -following in dir/.gitattributes: - - * filter=git-crypt diff=git-crypt - .gitattributes !filter !diff +sub-directories of dir/. To encrypt an entire sub-tree dir/, use `dir/**`: -The second pattern is essential for ensuring that .gitattributes itself -is not encrypted. + dir/** filter=git-crypt diff=git-crypt -Mailing Lists -------------- +The .gitattributes file must not be encrypted, so make sure wildcards don't +match it accidentally. If necessary, you can exclude .gitattributes from +encryption like this: -To stay abreast of, and provide input to, git-crypt development, -consider subscribing to one or both of our mailing lists: - -* [Announcements](https://lists.cloudmutt.com/mailman/listinfo/git-crypt-announce) -* [Discussion](https://lists.cloudmutt.com/mailman/listinfo/git-crypt-discuss) + .gitattributes !filter !diff