search

AGWA / git-crypt

Transparent file encryption in git
https://www.agwa.name/projects/git-crypt/
GNU General Public License v3.0
8.1k stars 472 forks source link

Statically linked version? #263

Closed approximate closed 1 year ago

approximate commented 1 year ago

First off, thanks for the awesome tool!

Would it be possible to provide a statically-linked git-crypt release, maybe in addition to existing releases?

We're using git-crypt in our containerized CI/CD pipelines, and we prefer to use slimmer images (alpine, busybox or *-slim variants). They usually require some extra packages in order to make git-crypt work, and some of those packages aren't even available in the official repos - e.g. latest Ubuntu doesn't have libssl1.1 that provides libcrypto.so.1.1, so I had to get that package from Debian security update repos.

Another situation where the statically-linked version is very useful: our hosting provider doesn't let us install any packages, but we would like to use git-crypt to manage local deployment configuration synced to master repo on our VCS. Without git-crypt we either have to keep secrets in plaintext and manage them using file permissions (our current setup), or ask the hosting provider to redesign their deployment process (with very slim changes of that happening). I realize that our current situation is suboptimal, but having git-crypt that can simply be dropped on a box and executed without and extra fiddling would be perfect.

skj-dev commented 1 year ago

You should be able to build it without too much trouble. I added -static -DOPENSSL_API_COMPAT=0x30000000L to CXXFLAGS, and a static binary was produced.

❯ ldd git-crypt
    not a dynamic executable

The OPENSSL_API_COMPAT bit came from: https://github.com/AGWA/git-crypt/issues/232 as a work around for building with a new OpenSSL. I built this on an RPi running Ubuntu 22.04, just because it was convenient.

approximate commented 1 year ago

Thank you for the response! It worked quite well for us: we ended up having our own cloned repo, and auto-building/publishing the static binary for the rest of our tooling to use.

eggbean commented 1 year ago

I'm getting this error when I try:

$ CXXFLAGS='-Wall -pedantic -Wno-long-long -O2 -static -DOPENSSL_API_COMPAT=0x30000000L' make
g++ -Wall -pedantic -Wno-long-long -O2 -static -DOPENSSL_API_COMPAT=0x30000000L -std=c++11   -c -o crypto-openssl-11.o crypto-openssl-11.cpp
crypto-openssl-11.cpp: In function ‘void init_crypto()’:
crypto-openssl-11.cpp:49:2: error: ‘ERR_load_crypto_strings’ was not declared in this scope; did you mean ‘ERR_load_ERR_strings’?
   49 |  ERR_load_crypto_strings();
      |  ^~~~~~~~~~~~~~~~~~~~~~~
      |  ERR_load_ERR_strings
make: *** [<builtin>: crypto-openssl-11.o] Error 1

Am I missing dependencies?