search

AGWA / git-crypt

Transparent file encryption in git
https://www.agwa.name/projects/git-crypt/
GNU General Public License v3.0
8.18k stars 475 forks source link

System needs a reboot after sleep for git-crypt to work? #175

Closed krish7919 closed 5 years ago

krish7919 commented 5 years ago

I don't know if this is a real issue but I am putting it out there.

I worked with git-crypt yesterday; everything was perfectly fine - clone, init, work, commit.

As usual, I put the laptop to sleep at night.

The next day, I cloned the same repo and tried to unlock it, and it fails.

I am not sure if this was due to an auto-upgrade of some of the components, and I am not even sure if its a MacOS issue or a git-crypt issue, but just putting it out there for folks who might be hitting similar issues.

alerque commented 5 years ago

This sounds like a problem with your GPG agent and user login session, not with git-crypt. The latter is reliant on being able to call out to the agent to decrypt its keys, if it can't do that it will fail. Agents that unlock your GPG key and keep in in memory for future use might shut down, be locked, or otherwise inoperative after a system sleep. The problem you need to fix is with the agent and how it gets its authentication data after a system sleep.

krish7919 commented 5 years ago

Thanks!

I will close this issue; just wanted to ensure that others, if stuck on this problem affecting git-crypt, can just resolve that by a reboot, instead of banging my head like I did.

alerque commented 5 years ago

@krish7919 I'm glad you got your problem solved.

For the record and for anybody else having issues, there is nothing in git-crypt itself that should require a reboot to fix. If and when you have troubles with git-crypt the first thing to to check should be whether your gpg client is working and able to encrypt/decrypt things on its own. Without access to a functional gpg command git-crypt can't do much.

There is really no reason you'd ever need to reboot to fix GPG related issues either, but there are some agents that hook into Systemd and might be a bit hard to fix without logging out (because they embed variables in the login session environment). Even those could be fixed without a reboot but if troubleshooting Systemd user services isn't your thing logging out and back in can be one way to clean it up and start over.

For the record you can test if your GPG subsystem is working by encrypting and decrypting a string. If you don't get the original string back out then GPG isn't working:

$ echo test | gpg -e | gpg -d
gpg: encrypted with 4096-bit RSA key, ID 7B588E2EB89B1E86, created 2014-07-31
      "Caleb Maclennan <caleb@alerque.com>"
test