Add AUTHORS file

Add 'make install' target
Improve 'git-crypt init' usability
2026-01-02 08:10:41 -08:00 · 2013-02-07 08:08:21 -08:00 · 2013-02-07 08:08:21 -08:00 · 2013-02-06 16:14:57 -08:00 · 2013-02-06 15:45:05 -08:00 · 2013-02-06 14:52:43 -08:00
6 changed files with 33 additions and 16 deletions
--- a/1
+++ b/1
@@ -0,0 +1 @@
+Andrew Ayer <agwa@andrewayer.name>
--- a/8
+++ b/8
@@ -1,6 +1,7 @@
-CXX := g++
+CXX := c++
 CXXFLAGS := -Wall -pedantic -ansi -Wno-long-long -O2
 LDFLAGS := -lcrypto
+PREFIX := /usr/local

 OBJFILES = git-crypt.o commands.o crypto.o util.o

@@ -12,4 +13,7 @@ git-crypt: $(OBJFILES)
 clean:
 	rm -f *.o git-crypt

-.PHONY: all clean
+install:
+	install -m 755 git-crypt $(PREFIX)/bin/
+
+.PHONY: all clean install
--- a/6
+++ b/6
@@ -11,7 +11,7 @@ repository as your code, without requiring you to lock down your entire
 repository.

 git-crypt was written by Andrew Ayer <agwa at andrewayer dot name>.
-For more information, see <http://www.andrewayer.name/projects/git-crypt>.
+For more information, see <http://www.agwa.name/projects/git-crypt>.


 BUILDING GIT-CRYPT
@@ -49,8 +49,8 @@ Configure a repository to use encryption:

 Specify files to encrypt by creating a .gitattributes file:

-	secretfile: filter=git-crypt diff=git-crypt
-	*.key: filter=git-crypt diff=git-crypt
+	secretfile filter=git-crypt diff=git-crypt
+	*.key filter=git-crypt diff=git-crypt

 Like a .gitignore file, it can match wildcards and should be checked
 into the repository.  Make sure you don't accidentally encrypt the
--- a/commands.cpp
+++ b/commands.cpp
@@ -22,6 +22,7 @@
 #include "util.hpp"
 #include <sys/types.h>
 #include <sys/stat.h>
+#include <unistd.h>
 #include <stdint.h>
 #include <algorithm>
 #include <string>
@@ -179,6 +180,9 @@ void init (const char* argv0, const char* keyfile)
 		perror(keyfile);
 		std::exit(1);
 	}
+	
+	// 0. Check to see if HEAD exists.  See below why we do this.
+	bool		head_exists = system("git rev-parse HEAD >/dev/null 2>/dev/null") == 0;

 	// 1. Make sure working directory is clean
 	int		status;
@@ -187,8 +191,12 @@ void init (const char* argv0, const char* keyfile)
 	if (status != 0) {
 		std::clog << "git status failed - is this a git repository?\n";
 		std::exit(1);
-	} else if (!status_output.empty()) {
+	} else if (!status_output.empty() && head_exists) {
+		// We only care that the working directory is dirty if HEAD exists.
+		// If HEAD doesn't exist, we won't be resetting to it (see below) so
+		// it doesn't matter that the working directory is dirty.
 		std::clog << "Working directory not clean.\n";
+		std::clog << "Please commit your changes or 'git stash' them before setting up git-crypt.\n";
 		std::exit(1);
 	}

@@ -198,8 +206,8 @@ void init (const char* argv0, const char* keyfile)

 	// 2. Add config options to git

-	// git config --add filter.git-crypt.smudge "git-crypt smudge /path/to/key"
-	std::string	command("git config --add filter.git-crypt.smudge \"");
+	// git config filter.git-crypt.smudge "git-crypt smudge /path/to/key"
+	std::string	command("git config filter.git-crypt.smudge \"");
 	command += git_crypt_path;
 	command += " smudge ";
 	command += keyfile_path;
@@ -210,8 +218,8 @@ void init (const char* argv0, const char* keyfile)
 		std::exit(1);
 	}

-	// git config --add filter.git-crypt.clean "git-crypt clean /path/to/key"
-	command = "git config --add filter.git-crypt.clean \"";
+	// git config filter.git-crypt.clean "git-crypt clean /path/to/key"
+	command = "git config filter.git-crypt.clean \"";
 	command += git_crypt_path;
 	command += " clean ";
 	command += keyfile_path;
@@ -222,8 +230,8 @@ void init (const char* argv0, const char* keyfile)
 		std::exit(1);
 	}

-	// git config --add diff.git-crypt.textconv "git-crypt diff /path/to/key"
-	command = "git config --add diff.git-crypt.textconv \"";
+	// git config diff.git-crypt.textconv "git-crypt diff /path/to/key"
+	command = "git config diff.git-crypt.textconv \"";
 	command += git_crypt_path;
 	command += " diff ";
 	command += keyfile_path;
@@ -239,7 +247,7 @@ void init (const char* argv0, const char* keyfile)
 	//    will now be checked out decrypted.
 	// If HEAD doesn't exist (perhaps because this repo doesn't have any files yet)
 	// just skip the reset.
-	if (system("! git show-ref HEAD > /dev/null || git reset --hard HEAD") != 0) {
+	if (head_exists && system("git reset --hard HEAD") != 0) {
 		std::clog << "git reset --hard failed\n";
 		std::exit(1);
 	}
@@ -247,12 +255,13 @@ void init (const char* argv0, const char* keyfile)

 void keygen (const char* keyfile)
 {
-	umask(0077); // make sure key file is protected
+	mode_t		old_umask = umask(0077); // make sure key file is protected
 	std::ofstream	keyout(keyfile);
 	if (!keyout) {
 		perror(keyfile);
 		std::exit(1);
 	}
+	umask(old_umask);
 	std::ifstream	randin("/dev/random");
 	if (!randin) {
 		perror("/dev/random");
--- a/crypto.cpp
+++ b/crypto.cpp
@@ -27,7 +27,7 @@
 #include <iostream>
 #include <cstring>
 #include <cstdlib>
-#include <endian.h>
+#include <arpa/inet.h>

 void load_keys (const char* filepath, keys_t* keys)
 {
@@ -71,7 +71,7 @@ void aes_ctr_state::process (const AES_KEY* key, const uint8_t* in, uint8_t* out
 			//  first 12 bytes - nonce
 			//  last   4 bytes - block number (sequentially increasing with each block)
 			uint8_t		ctr[16];
-			uint32_t	blockno = htole32(byte_counter / 16);
+			uint32_t	blockno = htonl(byte_counter / 16);
 			memcpy(ctr, nonce, 12);
 			memcpy(ctr + 12, &blockno, 4);
 			AES_encrypt(ctr, otp, key);
--- a/util.cpp
+++ b/util.cpp
@@ -24,6 +24,7 @@
 #include <cstdlib>
 #include <sys/types.h>
 #include <sys/wait.h>
+#include <sys/stat.h>
 #include <unistd.h>
 #include <errno.h>
 #include <fstream>
@@ -82,11 +83,13 @@ void	open_tempfile (std::fstream& file, std::ios_base::openmode mode)
 	char*		path = new char[tmpdir_len + 18];
 	strcpy(path, tmpdir);
 	strcpy(path + tmpdir_len, "/git-crypt.XXXXXX");
+	mode_t		old_umask = umask(0077);
 	int		fd = mkstemp(path);
 	if (fd == -1) {
 		perror("mkstemp");
 		std::exit(9);
 	}
+	umask(old_umask);
 	file.open(path, mode);
 	if (!file.is_open()) {
 		perror("open");
Author	SHA1	Message	Date
Andrew Ayer	fb2e08d7c2	Add AUTHORS file	2013-02-07 08:08:21 -08:00
Andrew Ayer	5e89e6d4c7	Add 'make install' target	2013-02-07 08:08:21 -08:00
Andrew Ayer	84b4f7ca1a	Improve 'git-crypt init' usability * Correctly check for existence of HEAD (use 'git rev-parse' instead of 'git show-ref'). Fixes bug where hard reset might be skipped after running 'git init'. * Don't require working directory to be clean if HEAD doesn't exist. (If HEAD doesn't exist, we won't be hard resetting so the working directory doesn't need to be clean.) * Overwrite existing git config values (instead of --add'ing them) so 'git-crypt init' can be idempotent. * In the error message for a disrty working directory, advise user to commit changes or 'git stash' them.	2013-02-06 16:14:57 -08:00
Andrew Ayer	826f746a3c	Fix gitattributes example in README There should NOT be a colon after the pattern.	2013-02-06 15:45:05 -08:00
Linus G Thiel	60d96ecf80	Include unistd.h for gcc 4.7 In gcc 4.7, some includes were removed. This fixes the build. Signed-off-by: Andrew Ayer <agwa@andrewayer.name>	2013-02-06 14:52:43 -08:00
Andrew Ayer	3680884767	Restore original umask after running keygen	2013-01-24 22:02:42 -08:00
Andrew Ayer	8b5c3d5c88	Compile with 'c++' instead of 'g++' We're not relying on any g++-specific features.	2013-01-24 22:00:12 -08:00
Andrew Ayer	b2164be760	Use arpa/inet.h functions instead of endian.h Even though arpa/inet.h is "networky" and this isn't a network application, arpa/inet.h is in POSIX whereas endian.h is non-standard. This should let git-crypt build on Mac OS X.	2013-01-24 21:57:49 -08:00
Andrew Ayer	d3dcc7da64	Set a safe umask before creating temporary files Although glibc's implementation of mkstemp creates temporary files with a safe (i.e. 0600) mode, POSIX does not mandate any particular mode. So to ensure maximum cross-platform safety, we must set a umask of 0077 before calling mkstemp.	2013-01-03 15:23:35 -08:00
Andrew Ayer	42c365c77f	New website URL in README	2012-12-19 09:50:04 -08:00