From b7c608da25fca09a95783abf313f140c3d11cd27 Mon Sep 17 00:00:00 2001 From: Andrew Ayer Date: Fri, 2 Jan 2015 10:35:57 -0800 Subject: [PATCH] Add .gitattributes file to .git-crypt dir to prevent encryption Previously, if you had a .gitattributes file in the root of your repository that matched `*`, the files under .git-crypt would also be encrypted, rendering the repository un-decryptable, unless you explicitly excluded the .git-crypt directory, which was easy to overlook. Now, `git-crypt add-gpg-user` automatically adds a .gitattributes file to the .git-crypt directory to prevent its encryption. IMPORTANT: If you are currently using GPG mode to encrypt an entire repository, it is strongly advised that you upgrade git-crypt and then do the following to ensure that the files inside .git-crypt are stored properly: 1. Remove existing key files: `rm .git-crypt/keys/*/0/*` 2. Re-add GPG user(s): `git-crypt add-gpg-user GPG_USER_ID ...` --- commands.cpp | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/commands.cpp b/commands.cpp index 658b63f..d5e141a 100644 --- a/commands.cpp +++ b/commands.cpp @@ -1040,6 +1040,19 @@ int add_gpg_user (int argc, const char** argv) encrypt_repo_key(key_name, *key, collab_keys, get_repo_keys_path(state_path), &new_files); + // Add a .gitatributes file to the repo state directory to prevent files in it from being encrypted. + const std::string state_gitattributes_path(state_path + "/.gitattributes"); + if (access(state_gitattributes_path.c_str(), F_OK) != 0) { + std::ofstream state_gitattributes_file(state_gitattributes_path.c_str()); + state_gitattributes_file << "* !filter !diff\n"; + state_gitattributes_file.close(); + if (!state_gitattributes_file) { + std::clog << "Error: unable to write " << state_gitattributes_path << std::endl; + return 1; + } + new_files.push_back(state_gitattributes_path); + } + // add/commit the new files if (!new_files.empty()) { // git add NEW_FILE ...