search

AGWA / git-crypt

Transparent file encryption in git
https://www.agwa.name/projects/git-crypt/
GNU General Public License v3.0
8.1k stars 472 forks source link

git-crypt unlock fails #300

Open Pepper-X opened 7 months ago

Pepper-X commented 7 months ago

Environment

mac, OS 14.x, git-crypt 0

Background

Somehow the colleague generated the key to me, but when I try to unlock it started show me next errors:

git-crypt: error: encrypted file has been tampered with!
error: external filter "/home/stavros/bin/git-crypt" smudge failed 1
error: external filter "/home/stavros/bin/git-crypt" smudge failed
fatal: my-path/properties.yaml: smudge filter git-crypt failed

The issue itself

When I had the error above the repository became dirty (had some changes) and if I update the encrypted key (second time encrypted with mt gpg) the unlock did not work for me and said:

Error: Working directory not clean.
Please commit your changes or 'git stash' them before running 'git-crypt unlock'.

But in the same time I could not make git stash or git reset --hard because I saw this:

git-crypt: error: encrypted file has been tampered with!
error: external filter '"git-crypt" smudge' failed 1
error: external filter '"git-crypt" smudge' failed
fatal: my-path/properties.yaml: smudge filter git-crypt failed

(In fact I realized that the key was broken somehow, so other colleague generated the key for me - this time all work on newly cloned the repo)

Known way to fix

Thus, I had only way to delete repository and clone it once again. Then the unlock worked even if I update the encrypted (by my gpg) key manually with valid one (secondly encrypted).

Expected behavior

I believe that git reset --hard should work in any case - otherwise it seems like a stoppage issue.

How to reproduce

This is not real my case, but I reproduced similar issue, so it could help to reproduce and fix this:

  1. clone a repo with valid encrypted key (by gpg)
  2. make git-crypt init (yeah, it is not correct but it helps to reproduce similar behavior)
  3. run git-crypt unlock - done!
  4. now you have dirty working directory and cannot do git reset --hard as can not git-crypt unlock and so on

There is theory (I did not verify that), how to reproduce it once again... Probably 1st time there was additional git-crypt init run before adding new gpg user. But I guess this reproducing will also work as well.

Summary

the biggest stoppage in that case that git reset --hard does not work, but git-crypt we use as tool for git and it seems very strange that git-crypt corrupt whole git repo. Or there is other workaround ? (I looked at this issue-59 but it does not help)

RedHoes commented 7 months ago

I have the same issues with you

danisztls commented 3 months ago

Same issue. Deleting and cloning again doesn't solve. Not sure why I wasn't having this issue before. The workaround is to checkout the repo first commit, unlock and then checkout main.

git checkout $(git rev-list --max-parents=0 HEAD)
git-crypt unlock
git checkout main