search

amazonlinux / amazon-linux-2023

Amazon Linux 2023
https://aws.amazon.com/linux/amazon-linux-2023/
Other
500 stars 38 forks source link

[Package Request] - Add git-crypt #661

Open sgleske-ias opened 3 months ago

sgleske-ias commented 3 months ago

What package is missing from Amazon Linux 2023?

git-crypt is a CLI utility which is used to decrypt secrets using GPG stored within a git repo.

Is this an update to existing package or new package request?

New request because the package is missing.

Is this package available in Amazon Linux 2? If it is available via external sources such as EPEL, please specify.

Unknown, I only care about Amazon Linux 2023 and haven't looked into Amazon Linux 2.

Any additional information you'd like to include. (use-cases, etc)

If a GPG private key is available you should be able to run git crypt unlock to decrypt secret files from gitattributes.

Current (undesirable) workaround is:

dnf localinstall https://cbs.centos.org/kojifiles/packages/git-crypt/0.6.0/12.el9/x86_64/git-crypt-0.6.0-12.el9.x86_64.rpm

We have both Graviton and AMD64 infra so this solution is fragile since it relies on a source that is currently uncontrolled.

Ideally, we should just be able to run the following on both Graviton and AMD64 instances.

dnf makecache
dnf install git-crypt
daniejstriata commented 3 months ago

It is possible to build packages like these from the Fedora or Centos Stream repos as I've done here: https://copr.fedorainfracloud.org/coprs/faramirza/al2023/package/git-crypt/ Using Fedora COPR.

BDFurlong commented 3 months ago

+1 would like this package

sgleske-ias commented 3 months ago

I normally like to also rely on GitHub releases if they're available but it doesn't provide enough cross-compiled versions.

https://github.com/AGWA/git-crypt/releases/tag/0.7.0

Ideally, for GH releases I like to see Darwin and Linux aarch64 and x86_64. git-crypt only ships Linux x86_64 and no other OS or architecture with pre-compiled binaries.

sgleske-ias commented 3 months ago

I also cross-posted a request for more binaries via GitHub releases. https://github.com/AGWA/git-crypt/issues/309

I'm okay obtaining binaries directly from projects when they're available. In general, I'd like to avoid compiling if the binaries are available (compiling is okay too; just more time consuming in the Docker build process).

daniejstriata commented 3 months ago

If you use COPR, it creates a repo that will mostly keep itself up-to-date. Ideally Amazon should add packages but I can understand that they'd want to keep the supported package number down.