search

AGWA / git-crypt

Transparent file encryption in git
https://www.agwa.name/projects/git-crypt/
GNU General Public License v3.0
8.21k stars 476 forks source link

Problem cloning into an existing non-empty directory. #108

Closed johnlane closed 7 years ago

johnlane commented 7 years ago

I've written a little git wrapper to manage dotfiles and have used git-crypt to allow encryption of sensitive files. It works with a custom git directory at $HOME/.git-dot and working directory at $HOME.

A dotfiles repo is cloned into $HOME which is an existing non-empty directory. This requires a bit of faff but I have it working. Basically, I do a bare clone and then reconfigure it.

Everything works fine, except that I have a problem after cloning a repo. The first command after cloning gives me the following error, repeated once for each file that is encrypted within the repo:

git-crypt: Error: Unable to open key file - have you
unlocked/initialized this repository yet?
error: external filter '"git-crypt" clean' failed 1
error: external filter '"git-crypt" clean' failed

But the given command works, for example it could be a simple git status or, most likely, git crypt unlock.

I confirmed the number of encrypted files in the repository with

 $ git crypt status | | grep -v '^n' | wc -l

where git is aliased to 

 git --git-dir=/home/alice/.git-dot --work-tree=/home/alice

So I think I am missing a step required to initialise the cloned repo correctly, something which the first action manages to resolve despite reporting the errors.

But I don't know what I am missing.

I use the following script to show how i clone the repo and to reproduce the error:

#!/bin/sh
git config --global user.email "alice@example.com"
git config --global user.name "Alice"
git="git --git-dir=/home/alice/.git-dot --work-tree=/home/alice"
$git clone --bare user@server:a_dotfiles_repo.git /home/alice/.git-dot
$git config core.bare false
$git config core.logallrefupdates true
$git  reset

backup=$(mktemp -p . -d)
$git ls-tree -r master --name-only | xargs -I f cp -a --parents -l f "$backup" 2>/dev/null

$git checkout .
$git config remote.origin.fetch +refs/heads/*:refs/remotes/origin/*
$git config branch.master.remote origin
$git config branch.master.merge refs/heads/master
$git config filter.git-crypt.smudge '"git-crypt" smudge'
$git config filter.git-crypt.clean '"git-crypt" clean'
$git config diff.git-crypt.textconv '"git-crypt" diff'

After which the first works but command generates errors, i.e.

$ git --git-dir=/home/alice/.git-dot --work-tree=/home/alice status
git-crypt: Error: Unable to open key file - have you
unlocked/initialized this repository yet?
error: external filter '"git-crypt" clean' failed 1
error: external filter '"git-crypt" clean' failed

But the same command, if repeated, does not generate any errors.

I work around currently the problem by silently doing git status &> /dev/null but I'd prefer to understand what is happening.

I realise I'm probably not using git-crypt for what it was intended! If you're interested in what I've done, it's called git-dot.

update - I don't think this is caused by git-crypt because I can reproduce the problem with git only. http://stackoverflow.com/questions/41934945/why-does-git-status-run-filters