Cannot add chezmoi.toml after setting up GPG

leonfeng commented 1 year ago

What exactly are you trying to do?

Push the changes made in chezmoi.toml after setting up GPG encryption. But the command fails with the error message:

$ chezmoi add ~/.config/chezmoi/chezmoi.toml
chezmoi: /home/leon/.config/chezmoi/chezmoi.toml: cannot add chezmoi file to chezmoi (/home/leon/.config/chezmoi/chezmoi.toml is protected)

What have you tried so far?

I generated a GPG key pair following GitHub's guide, and configured chezmoi to use GPG following the User Guide.

Afterwards, I was able to chezmoi add --encrypt ~/.wget-hsts and chezmoi add ~/.gitconfig without issue, but wasn't able to chezmoi add ~/.config/chezmoi/chezmoi.toml.

Where else have you checked for solutions?

[x] I have read chezmoi's user guide, and not found the answer.
[x] I have searched chezmoi's reference guide, and not found the answer.
[x] Other, please give details.
- Searched Issues and Discussions, and not found the answer.
- Searched Google, and not found the answer.

Output of any commands you've tried with `--verbose` flag

$ chezmoi --verbose $COMMAND

Output of `chezmoi doctor`

```console $ chezmoi doctor RESULT CHECK MESSAGE warning version v2.32.0, built at 2023-03-12T11:50:15Z ok latest-version v2.32.0 ok os-arch linux/amd64 (Arch Linux) ok uname Linux Delvesa 5.15.90.1-microsoft-standard-WSL2 #1 SMP Fri Jan 27 02:56:13 UTC 2023 x86_64 GNU/Linux ok go-version go1.20.2 (gc) ok executable /usr/bin/chezmoi ok config-file ~/.config/chezmoi/chezmoi.toml, last modified 2023-03-14T07:26:09+04:00 ok source-dir ~/.local/share/chezmoi is a git working tree (clean) warning suspicious-entries ~/.local/share/chezmoi/dot_config/chezmoi/chezmoi.toml ok working-tree ~/.local/share/chezmoi is a git working tree (clean) ok dest-dir ~ is a directory ok umask 022 ok cd-command found /usr/bin/zsh ok cd-args /usr/bin/zsh info diff-command not set ok edit-command found /usr/sbin/nvim ok edit-args /usr/sbin/nvim ok git-command found /usr/sbin/git, version 2.39.2 ok merge-command found /usr/sbin/vimdiff ok shell-command found /usr/bin/zsh ok shell-args /usr/bin/zsh info age-command age not found in $PATH ok gpg-command found /usr/sbin/gpg, version 2.2.41 info pinentry-command not set info 1password-command op not found in $PATH info bitwarden-command bw not found in $PATH info dashlane-command dcli not found in $PATH info gopass-command gopass not found in $PATH info keepassxc-command keepassxc-cli not found in $PATH info keepassxc-db not set info keeper-command keeper not found in $PATH info lastpass-command lpass not found in $PATH info pass-command pass not found in $PATH info passhole-command ph not found in $PATH info rbw-command rbw not found in $PATH info vault-command vault not found in $PATH info secret-command not set ```

Additional context

Here is my chezmoi.toml:

encryption = "gpg"
[git]
    autoCommit = true
    autoPush = true
[gpg]
    recipient = "D7E0272100815347"

halostatue commented 1 year ago

Chezmoi cannot manage its own configuration file. This is a deliberate change recently added (#2822) because Bad Things Happen® if you try to do this (#2674, #2820; I’m sure there are others).

You can add a .chezmoi.toml.tmpl to your source directory which will be used when generating a machine-specific entry. If there are secrets with those, you will want to either prompt for them (using init prompt functions as documented) or pull them from a pre-configured secret source (still using templates, but no prompts).

leonfeng commented 1 year ago

Got it! Thank you for the detailed explanation 😃

twpayne / chezmoi