git reports files changed when there are no changes

brianmay commented 2 years ago

I have had this often happen. And it kind of makes transcrypt very difficult to use, as git thinks the work tree is not clean.

$ git checkout .
$ git status
[ reports files as being modified ]
$ git diff
[ reports no changes ]
$ git checkout .
[ no change ]

The files in question were never modified locally.

A work around seems to be to commit the non-existent changes anyway, but that doesn't appear to be a good a long term solution. Eventually it will happen again.

marcelcremer commented 2 years ago

This one occured to us since about two or three weeks ago.

we have mac and WSL/Ubuntu in use
I thought it might have something to do with different openssl versions (1.1.1f in ubuntu vs. LibreSSL 2.8.3 on mac), but even after installing and using LibreSSL via homebrew it still shows changes where no changes are present
transcrypt is for all of my team members 2.1.0
resetting or checking out changes from the "original" branch does not change anything (still showing changes, where no changes are present)

andreineculau commented 2 years ago

Which git version? I'm guessing https://github.com/elasticdog/transcrypt/issues/37 is back maybe due to a newer git.

Also could you please copy-paste an exact output of transcrypt? It's always good to iron out that we're taking about the same thing.

andreineculau commented 2 years ago

I misread. You're saying it's 100% git. So you're saying that you have cloned, worked etc and then all of a sudden you get dirty files though not dirty? Assuming the files in question are transcrypted, and they haven't been changed between checkouts i.e. empty diff pre-checkout-HEAD..HEAD

coxjc commented 2 years ago

FWIW, I'm getting same the issue. I'm checking out #37 now.

Git version: git version 2.24.3 (Apple Git-128) On the latest Transcrypt.

coxjc commented 2 years ago

I keep getting the following anytime I run a git command:

*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.

I also can't get unchanged files to say they're unchanged.

coxjc commented 2 years ago

UPDATE: I resolved this by overwriting the Xcode-packaged git w/ Homebrew. Now I'm on git 2.34.1 and all is good.

brianmay commented 2 years ago

@coxjc See #59 concerning those (annoying) warnings. I suspect fixing this might cause breakage.

I have had this problem - changes when there are no changed files - occur through a number of versions of git. Typically after I pull changes from other developers. It might be caused be differences between development environments between different developers.

Once I fix the problem - e.g. by committing the "unchanged" files I can't get it to reoccur again on demand.

jmurty commented 2 years ago

Could anyone experiencing this issue try the latest pre-release version of transcrypt from the main branch?

The fix for #37 (PR #109) was merged back in April 2021 but we haven't cut a release since 2.1 in September 2020, so there's a chance the pre-release version on main will fix it.

Or manually run git update-index -q --really-refresh in the repo to see if that fixes the incorrect stale file status: that's what the #109 fix does.

brianmay commented 2 years ago

@jmurty I think when I last experienced this I did have that change. From the git repo. git version aea3ff83c7aea95b18e18839d5beb6da29b7548c to be precise.

Will keep your suggestions in mind if I can reproduce the problem.

brianmay commented 2 years ago

I have the following version of transcrypt, which I believe is the latest in main:

commit aea3ff83c7aea95b18e18839d5beb6da29b7548c (HEAD -> main, origin/main, origin/HEAD)
Author: Aaron Bull Schaefer <aaron@elasticdog.com>
Date:   Thu Apr 29 16:25:56 2021 -0700

    Remove Ubuntu 16.04 LTS from test matrix (#123)

    The "Xenial Xerus" version of Ubuntu is EOL (end-of-life) as of 2021-04-30.

    See:
    - https://help.ubuntu.com/community/EOL

git pull on transcrypt dir does nothing:

$ git pull
Already up to date.

git status on my repo reports files changed:

brian@debian:~/tree/ea/infra/terra/values$ git status
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
On branch master
Your branch is behind 'origin/master' by 45 commits, and can be fast-forwarded.
  (use "git pull" to update your local branch)

Changes not staged for commit:
  (use "git add <file>..." to update what will be committed)
  (use "git restore <file>..." to discard changes in working directory)
    modified:   titles/central/aws/shared/net/rr3vpngw/psk.auto.tfvars
    modified:   titles/central/aws/shared/net/sfpvpngw/psk.auto.tfvars
    modified:   titles/nfs/aws/prod/services/aurora/env.auto.tfvars
    modified:   titles/nfs/aws/prod/services/coda/env.auto.tfvars
    modified:   titles/nfs/aws/stage/services/rds/env.auto.tfvars
    modified:   titles/rr3/aws/prod/services/aurora/env.auto.tfvars
    modified:   titles/rr3/aws/stage/services/rds/env.auto.tfvars
    modified:   titles/sfp/aws/prod/services/aurora/env.auto.tfvars
    modified:   titles/sfp/aws/stage/services/rds/env.auto.tfvars

Untracked files: [...]

no changes added to commit (use "git add" and/or "git commit -a")

I removed the untracked files from the output, these are expected and not related.

git diff reports no changes:

brian@debian:~/tree/ea/infra/terra/values$ git diff | cat
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.

If I run the suggested command I get:

brian@debian:~/tree/ea/infra/terra/values$ git update-index -q --really-refresh
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.

But the output of git status and git diff has not changed and is the same as above.

In this particular case it means I can't run the "git pull" on the repo, because git incorrectly thinks the local files conflict:

brian@debian:~/tree/ea/infra/terra/values$ git pull
Updating c3bba7b..2ed9510
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
error: Your local changes to the following files would be overwritten by merge:
    titles/central/aws/shared/net/rr3vpngw/psk.auto.tfvars
    titles/central/aws/shared/net/sfpvpngw/psk.auto.tfvars
Please commit your changes or stash them before you merge.

Similarly, I cannot run other commands such as rebase.

git stash will stash away something, but the phantom changes remain.

Same goes with git checkout . - it completes without errors, but the changes remain.

I have kept a copy of the working dir, so can run any other commands you want me to.

My theory is that the files were committed by another developer, and as a result there might be something different about the encryption or encoding or something that is confusing transcrypt.

jmurty commented 2 years ago

Thanks for the detailed report @brianmay. I appreciate all the reports and feedback here into what is an annoying and difficult to reproduce issue.

Unfortunately I only have some guesswork to offer in response, but it's worth looking into especially since it aligns with your suspicions about there being "something different" about commits from another developer.

In issue #118 @Aramgutang found, documented, and fixed an edge case bug in Transcrypt where a partial commit of a transcrypt-ed file on one machine would cause these kinds of symptoms on another machine. For Git client tools that permit a partial commit of transcrypt-ed files, the bug would cause the original committing machine to generate an incorrect salt from that machine's file on disk, instead of from the partially-changed file bytes actually being committed. Most Git clients do not (and should not) allow partial commits of the secret files, but some do, in particular the very popular VSCode.

The explanation in issue #118 is much better, I encourage you to go and read it.

Even though you are indeed using the latest main branch version of Transcrypt yourself, if someone else is using a version of Transcrypt without the fix (which is not in the latest released version) and they make a partial commit on a secret file using a client that permits such a thing, the salt will be incorrect by the time you pull the commit.

Can you check with the developer who committed the changes causing your problem whether:

they are using a client that permits partial commits of secret files, and
they are using a version of Transcrypt without the fix for #118?

If both of these are the case, it could explain why you keep seeing this problem. And if that bug is indeed the cause, getting all devs on your project to use the main branch version could solve the problem, pending an official release that includes the fix.

brianmay commented 2 years ago

Other developer on leave until February, will follow-up then.

fannytavart commented 2 years ago

I had the same issue, I was able to fix it by uninstalling OpenSSL (my version was OpenSSL 3.0.1 14 Dec 2021) and installing LibreSSL (brew install libressl) instead.

brianmay commented 2 years ago

I have a suspicion this might be still occurring for me too, but my coworker is rather busy, and haven't been able to confirm what version he is using yet.

jmurty commented 2 years ago

To follow up on this: until recently Transcypt was not compatible with OpenSSL version 3 (see #133).

We just released the latest official version 2.2.0 with a compatibility fix.

emcniece commented 1 year ago

I've been encountering this for a few weeks now and finally associated the phantom changes with Transcrypt, which lead me here. Investigation ongoing, I too seem to only encounter this when files are changed by other developers.

$ sw_vers
ProductName:        macOS
ProductVersion:     13.1
BuildVersion:       22C65

$ which transcrypt
/opt/homebrew/bin/transcrypt

$ transcrypt --version
transcrypt 2.2.0

$ which openssl
/usr/bin/openssl

$ openssl version
LibreSSL 3.3.6

$ which git
/opt/homebrew/bin/git

$ git --version
git version 2.37.3

brianmay commented 1 year ago

@emcniece Are you able to confirm if the other developers are using the same version?

emcniece commented 1 year ago

Indeed, they report:

transcrypt 2.2.0
LibreSSL 2.8.3
git version 2.38.1

Fairly sure they're on OSX 12.

jmurty commented 1 year ago

Hi @emcniece sorry for your problems. If you're on Mac OS 13 (Ventura) this is the likely culprit https://github.com/elasticdog/transcrypt/issues/147 and we don't yet have a fix that works reliably.

In the meantime downgrading to version 2.1.0 on systems running MacOS 13 is probably the best work-around.

jmurty commented 1 year ago

Hi, if anyone here is suffering from the compatibility bug with MacOS Ventura and has some time, I'd appreciate it if you could run some tests for me on your system(s) and give me feedback to help isolate the lingering bugs – please see instructions in my comment https://github.com/elasticdog/transcrypt/issues/147#issuecomment-1424178405

Thanks!

jmurty commented 1 year ago

For anyone experiencing phantom file changes recently – and where anyone committing to the repository has been using transcrypt version 2.2.0 with MacOS 13 Ventura (or with LibreSSL 3+ in general) – please upgrade to the new 2.2.1 release of transcrypt across all your repositories.

You may still see phantom changes after the upgrade, but re-committing the phantom changed file should fix it once and for all. More info here (#147)

elasticdog / transcrypt

git reports files changed when there are no changes #127