Open brianmay opened 2 years ago
This one occured to us since about two or three weeks ago.
Which git version? I'm guessing https://github.com/elasticdog/transcrypt/issues/37 is back maybe due to a newer git.
Also could you please copy-paste an exact output of transcrypt? It's always good to iron out that we're taking about the same thing.
I misread. You're saying it's 100% git. So you're saying that you have cloned, worked etc and then all of a sudden you get dirty files though not dirty? Assuming the files in question are transcrypted, and they haven't been changed between checkouts i.e. empty diff pre-checkout-HEAD..HEAD
FWIW, I'm getting same the issue. I'm checking out #37 now.
Git version: git version 2.24.3 (Apple Git-128) On the latest Transcrypt.
I keep getting the following anytime I run a git command:
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
I also can't get unchanged files to say they're unchanged.
UPDATE: I resolved this by overwriting the Xcode-packaged git w/ Homebrew. Now I'm on git 2.34.1 and all is good.
@coxjc See #59 concerning those (annoying) warnings. I suspect fixing this might cause breakage.
I have had this problem - changes when there are no changed files - occur through a number of versions of git. Typically after I pull changes from other developers. It might be caused be differences between development environments between different developers.
Once I fix the problem - e.g. by committing the "unchanged" files I can't get it to reoccur again on demand.
Could anyone experiencing this issue try the latest pre-release version of transcrypt from the main
branch?
The fix for #37 (PR #109) was merged back in April 2021 but we haven't cut a release since 2.1 in September 2020, so there's a chance the pre-release version on main
will fix it.
Or manually run git update-index -q --really-refresh
in the repo to see if that fixes the incorrect stale file status: that's what the #109 fix does.
@jmurty I think when I last experienced this I did have that change. From the git repo. git version aea3ff83c7aea95b18e18839d5beb6da29b7548c to be precise.
Will keep your suggestions in mind if I can reproduce the problem.
I have the following version of transcrypt, which I believe is the latest in main:
commit aea3ff83c7aea95b18e18839d5beb6da29b7548c (HEAD -> main, origin/main, origin/HEAD)
Author: Aaron Bull Schaefer <aaron@elasticdog.com>
Date: Thu Apr 29 16:25:56 2021 -0700
Remove Ubuntu 16.04 LTS from test matrix (#123)
The "Xenial Xerus" version of Ubuntu is EOL (end-of-life) as of 2021-04-30.
See:
- https://help.ubuntu.com/community/EOL
git pull
on transcrypt dir does nothing:
$ git pull
Already up to date.
git status
on my repo reports files changed:
brian@debian:~/tree/ea/infra/terra/values$ git status
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
On branch master
Your branch is behind 'origin/master' by 45 commits, and can be fast-forwarded.
(use "git pull" to update your local branch)
Changes not staged for commit:
(use "git add <file>..." to update what will be committed)
(use "git restore <file>..." to discard changes in working directory)
modified: titles/central/aws/shared/net/rr3vpngw/psk.auto.tfvars
modified: titles/central/aws/shared/net/sfpvpngw/psk.auto.tfvars
modified: titles/nfs/aws/prod/services/aurora/env.auto.tfvars
modified: titles/nfs/aws/prod/services/coda/env.auto.tfvars
modified: titles/nfs/aws/stage/services/rds/env.auto.tfvars
modified: titles/rr3/aws/prod/services/aurora/env.auto.tfvars
modified: titles/rr3/aws/stage/services/rds/env.auto.tfvars
modified: titles/sfp/aws/prod/services/aurora/env.auto.tfvars
modified: titles/sfp/aws/stage/services/rds/env.auto.tfvars
Untracked files: [...]
no changes added to commit (use "git add" and/or "git commit -a")
I removed the untracked files from the output, these are expected and not related.
git diff
reports no changes:
brian@debian:~/tree/ea/infra/terra/values$ git diff | cat
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
If I run the suggested command I get:
brian@debian:~/tree/ea/infra/terra/values$ git update-index -q --really-refresh
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
But the output of git status
and git diff
has not changed and is the same as above.
In this particular case it means I can't run the "git pull" on the repo, because git incorrectly thinks the local files conflict:
brian@debian:~/tree/ea/infra/terra/values$ git pull
Updating c3bba7b..2ed9510
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
error: Your local changes to the following files would be overwritten by merge:
titles/central/aws/shared/net/rr3vpngw/psk.auto.tfvars
titles/central/aws/shared/net/sfpvpngw/psk.auto.tfvars
Please commit your changes or stash them before you merge.
Similarly, I cannot run other commands such as rebase.
git stash
will stash away something, but the phantom changes remain.
Same goes with git checkout .
- it completes without errors, but the changes remain.
I have kept a copy of the working dir, so can run any other commands you want me to.
My theory is that the files were committed by another developer, and as a result there might be something different about the encryption or encoding or something that is confusing transcrypt.
Thanks for the detailed report @brianmay. I appreciate all the reports and feedback here into what is an annoying and difficult to reproduce issue.
Unfortunately I only have some guesswork to offer in response, but it's worth looking into especially since it aligns with your suspicions about there being "something different" about commits from another developer.
In issue #118 @Aramgutang found, documented, and fixed an edge case bug in Transcrypt where a partial commit of a transcrypt-ed file on one machine would cause these kinds of symptoms on another machine. For Git client tools that permit a partial commit of transcrypt-ed files, the bug would cause the original committing machine to generate an incorrect salt from that machine's file on disk, instead of from the partially-changed file bytes actually being committed. Most Git clients do not (and should not) allow partial commits of the secret files, but some do, in particular the very popular VSCode.
The explanation in issue #118 is much better, I encourage you to go and read it.
Even though you are indeed using the latest main
branch version of Transcrypt yourself, if someone else is using a version of Transcrypt without the fix (which is not in the latest released version) and they make a partial commit on a secret file using a client that permits such a thing, the salt will be incorrect by the time you pull the commit.
Can you check with the developer who committed the changes causing your problem whether:
If both of these are the case, it could explain why you keep seeing this problem. And if that bug is indeed the cause, getting all devs on your project to use the main
branch version could solve the problem, pending an official release that includes the fix.
Other developer on leave until February, will follow-up then.
I had the same issue, I was able to fix it by uninstalling OpenSSL (my version was OpenSSL 3.0.1 14 Dec 2021
) and installing LibreSSL (brew install libressl
) instead.
I have a suspicion this might be still occurring for me too, but my coworker is rather busy, and haven't been able to confirm what version he is using yet.
To follow up on this: until recently Transcypt was not compatible with OpenSSL version 3 (see #133).
We just released the latest official version 2.2.0 with a compatibility fix.
I've been encountering this for a few weeks now and finally associated the phantom changes with Transcrypt, which lead me here. Investigation ongoing, I too seem to only encounter this when files are changed by other developers.
$ sw_vers
ProductName: macOS
ProductVersion: 13.1
BuildVersion: 22C65
$ which transcrypt
/opt/homebrew/bin/transcrypt
$ transcrypt --version
transcrypt 2.2.0
$ which openssl
/usr/bin/openssl
$ openssl version
LibreSSL 3.3.6
$ which git
/opt/homebrew/bin/git
$ git --version
git version 2.37.3
@emcniece Are you able to confirm if the other developers are using the same version?
Indeed, they report:
Fairly sure they're on OSX 12.
Hi @emcniece sorry for your problems. If you're on Mac OS 13 (Ventura) this is the likely culprit https://github.com/elasticdog/transcrypt/issues/147 and we don't yet have a fix that works reliably.
In the meantime downgrading to version 2.1.0 on systems running MacOS 13 is probably the best work-around.
Hi, if anyone here is suffering from the compatibility bug with MacOS Ventura and has some time, I'd appreciate it if you could run some tests for me on your system(s) and give me feedback to help isolate the lingering bugs – please see instructions in my comment https://github.com/elasticdog/transcrypt/issues/147#issuecomment-1424178405
Thanks!
For anyone experiencing phantom file changes recently – and where anyone committing to the repository has been using transcrypt version 2.2.0 with MacOS 13 Ventura (or with LibreSSL 3+ in general) – please upgrade to the new 2.2.1 release of transcrypt across all your repositories.
You may still see phantom changes after the upgrade, but re-committing the phantom changed file should fix it once and for all. More info here (#147)
I have had this often happen. And it kind of makes transcrypt very difficult to use, as git thinks the work tree is not clean.
The files in question were never modified locally.
A work around seems to be to commit the non-existent changes anyway, but that doesn't appear to be a good a long term solution. Eventually it will happen again.