Closed ddmee closed 2 years ago
Hi, the only way I have been able to reproduce this problem with a PEM file of my own is to make repository changes in a subtly wrong order: by staging the pem file first and only updating the .gitattributes file afterwards.
Could this be what is going wrong for you?
If have confirmed that if I change the .gitattributes file before git add
ing the pem file, I am able to transcrypt a pem file like others. Can you test with a sequence like the following?
# Copy a pem file into repo
cp ~/.ssh/example.pem .
# Configure transcrypt "crypt" attributes to encrypt pem files
# This MUST be done before you stage the pem file
echo '*.pem filter=crypt diff=crypt merge=crypt' >> .gitattributes
# Stage pem file and config changes
git add .gitattributes example.pem
# Check raw contents of staged pem file, should start with "U2FsdGVk"
git show :example.pem
# Commit works as expected
git commit -m "Add encrypted pem file"
Hi Jmurty. Thanks for trying to reproduce this. No, I had updated the .gitattributes before I staged the pem file.
I have tested the sequence as you described. And pem file did encrypt correctly.
So at least that confirms that .pem files are encryptable by transcrypt.
I suppose the other thing to note is that the .pem files I was trying to encrypt are actually mounted onto the filesystem from a docker container. I hadn't had an issue encrypting other files that were inside a docker container, mounted on the host. So I didn't think this was an issue. But maybe something strange is happening that way.
I am seeing the same issue on my system.
Environment info: OS: Pop!_OS 22.04 LTS transcrypt version: 2.1.0 git version: 2.34.1
Steps to produce issue:
mkdir test_transcrypt
cd test_transcrypt
git init
echo "123" > secret.yaml
transcrypt (accepting defaults)
echo 'secret.yaml filter=crypt diff=crypt merge=crypt' >> .gitattributes
git add .
git commit -m "test transcrypt"
The final command returns the following message:
Transcrypt managed file is not encrypted in the Git index: secret.yaml
You probably staged this file using a tool that does not apply .gitattribute filters as required by Transcrypt.
Fix this by re-staging the file with a compatible tool or with Git on the command line:
git reset -- secret.yaml
git add secret.yaml
Running the two suggested commands and attempting to commit again returned the same message.
Running transcrypt -l
returns secret.yaml
Running git show :secret.yaml
returns /1Vqnq87x17ayOQPmoBTLw==
This was also attempted with version 2.2.0-pre and 2.0.0, which did not solve the problem. It was also attempted on a machine running macOS, which installed transcrypt version 2.1.0 through homebrew. In this environment, everything worked as expected.
Having the same issue with @Ernaldis !
Hi @Ernaldis and @yambottle can you check which version of OpenSSL you are using with openssl version
?
I suspect the issue is due to an incompatible (with transcrypt) change in how the new OpenSSL version 3 encrypts files, as discussed in https://github.com/elasticdog/transcrypt/issues/133
If you are using OpenSSL 3+ can you try the fix-for-openssl3
branch (PR #135) to see if that fixes the problem for you?
We should probably get the OpenSSL 3+ fix out pretty soon, but I'd appreciate more feedback on whether or not it works for people.
Hi @jmurty, thank you for getting back to us.
openssl version
returns OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
After checking out the fix-for-openssl3
branch, transcrypt --version
returned transcrypt 2.2.0-pre
.
Initially, the same error occurred, but removing transcrypt from the repo with transcrypt -u
and setting it back up again fixed the issue. Everything appears to be in working order now.
Thanks for confirming this fix, we'll include the fix along with a bunch of other improvements in the upcoming 2.2.0 release
Hi, I've been trying to encrypt a certificate with transcrypt.
Let's say I have a certificate file in my git repo at
<repo>/cert.pem
If I add the file to transcrypt via gitattributes, when I try to commit the file I get the warning
Using https://github.com/elasticdog/transcrypt/issues/120
git rm --cached cert.pem
doesn't fix the problem.I guess transcrypt must think that the certificate file is already encrypted? As it seems to be hitting these lines of code: https://github.com/elasticdog/transcrypt/blob/fdf81c53f0ad27651e03a67ea732b164d209e948/transcrypt#L224-L226
But the certificate file isn't encrypted. I'm wondering can transcrypt encrypt certificate files?
Thanks