Add initial Debian packaging

Rationale:

 * /dev/random blocks unpredictably on Linux, leading to slow
   key generation.
 * OpenSSL's RNG is more cross-platform than /dev/(u)random.
   Some platforms might not have a (u)random device, or worse,
   have a /dev/(u)random that produces insecure random numbers
   (like Cygwin, apparently).

Makefile

@@ -14,6 +14,6 @@ clean:
 	rm -f *.o git-crypt
 
 install:
-	install -m 755 git-crypt $(PREFIX)/bin/
+	install -m 755 git-crypt $(DESTDIR)$(PREFIX)/bin/
 
 .PHONY: all clean install

README

@@ -52,10 +52,11 @@ git normally - encryption and decryption happen transparently.
 CURRENT STATUS
 
 The latest version of git-crypt is 0.3, released on 2013-04-05.
-git-crypt is not yet feature complete and the user experience is rough
+git-crypt aims to be bug-free and reliable, meaning it shouldn't
-in places.  There may also be compatibility-breaking changes introduced
+crash, malfunction, or expose your confidential data.  However,
-before version 1.0.  That said, git-crypt is reliable and secure and
+it has not yet reached maturity, meaning it is not as documented,
-used to protect content in real world repositories.
+featureful, or easy-to-use as it should be.  Additionally, there may be
+backwards-incompatible changes introduced before version 1.0.
 
 Development on git-crypt is currently focused on improving the user
 experience, especially around setting up repositories.  There are also
@@ -66,14 +67,14 @@ keys and keys encrypted with PGP.
 SECURITY
 
 git-crypt is more secure that other transparent git encryption systems.
-git-crypt encrypts files using AES-256 in CTR mode with a synthetic
+git-crypt encrypts files using AES-256 in CTR mode with a synthetic IV
-IV derived from the SHA-1 HMAC of the file.  This is provably
+derived from the SHA-1 HMAC of the file.  This is provably semantically
-semantically secure under deterministic chosen-plaintext attack.
+secure under deterministic chosen-plaintext attack.  That means that
-That means that although the encryption is deterministic (which is
+although the encryption is deterministic (which is required so git can
-required so git can distinguish when a file has and hasn't changed),
+distinguish when a file has and hasn't changed), it leaks no information
-it leaks no information beyond whether two files are identical or not.
+beyond whether two files are identical or not.  Other proposals for
-Other proposals for transparent git encryption use ECB or CBC with no
+transparent git encryption use ECB or CBC with a fixed IV.  These systems
-IV.  These systems are not semantically secure and leak information.
+are not semantically secure and leak information.
 
 The AES key is stored unencrypted on disk.  The user is responsible for
 protecting it and ensuring it's safely distributed only to authorized

commands.cpp

@@ -42,6 +42,8 @@
 #include <iostream>
 #include <cstddef>
 #include <cstring>
+#include <openssl/rand.h>
+#include <openssl/err.h>
 
 // Encrypt contents of stdin and write to stdout
 void clean (const char* keyfile)
@@ -282,6 +284,10 @@ void init (const char* argv0, const char* keyfile)
 
 void keygen (const char* keyfile)
 {
+	if (access(keyfile, F_OK) == 0) {
+		std::clog << keyfile << ": File already exists - please remove before continuing\n";
+		std::exit(1);
+	}
 	mode_t		old_umask = umask(0077); // make sure key file is protected
 	std::ofstream	keyout(keyfile);
 	if (!keyout) {
@@ -289,16 +295,17 @@ void keygen (const char* keyfile)
 		std::exit(1);
 	}
 	umask(old_umask);
-	std::ifstream	randin("/dev/random");
+
-	if (!randin) {
+	std::clog << "Generating key...\n";
-		perror("/dev/random");
+	std::clog.flush();
+	unsigned char	buffer[AES_KEY_BITS/8 + HMAC_KEY_LEN];
+	if (RAND_bytes(buffer, sizeof(buffer)) != 1) {
+		while (unsigned long code = ERR_get_error()) {
+			char	error_string[120];
+			ERR_error_string_n(code, error_string, sizeof(error_string));
+			std::clog << "Error: " << error_string << '\n';
+		}
 		std::exit(1);
 	}
-	char		buffer[AES_KEY_BITS/8 + HMAC_KEY_LEN];
+	keyout.write(reinterpret_cast<const char*>(buffer), sizeof(buffer));
-	randin.read(buffer, sizeof(buffer));
-	if (randin.gcount() != sizeof(buffer)) {
-		std::clog << "Premature end of random data.\n";
-		std::exit(1);
-	}
-	keyout.write(buffer, sizeof(buffer));
 }

debian/changelog

@@ -0,0 +1,5 @@
+git-crypt (0.3-1) unstable; urgency=low
+
+  * Initial release.
+
+ -- Andrew Ayer <agwa@andrewayer.name>  Sat, 29 Mar 2014 12:38:14 -0700

debian/compat

@@ -0,0 +1 @@
+9

debian/control

@@ -0,0 +1,23 @@
+Source: git-crypt
+Maintainer: Andrew Ayer <agwa@andrewayer.name>
+Section: vcs
+Priority: optional
+Standards-Version: 3.9.4
+Build-Depends: debhelper (>= 9), make (>= 3.81-5), libc6-dev (>= 2.7-18), gcc (>= 4:4.3.2-2), coreutils (>= 6.10-6), libssl-dev (>= 0.9.8o-4)
+Vcs-Git: https://www.agwa.name/git/git-crypt.git -b debian
+Homepage: https://www.agwa.name/projects/git-crypt
+
+Package: git-crypt
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, git (>= 1.7.2)
+Enhances: git
+Description: Transparent file encryption in git
+ git-crypt enables transparent encryption and decryption of files in a
+ git repository.  Files which you choose to protect are encrypted when
+ committed, and decrypted when checked out.  git-crypt lets you freely
+ share a repository containing a mix of public and private content.
+ git-crypt gracefully degrades, so developers without the secret key
+ can still clone and commit to a repository with encrypted files.
+ This lets you store your secret material (such as keys or passwords)
+ in the same repository as your code, without requiring you to lock down
+ your entire repository.

debian/copyright

@@ -0,0 +1,34 @@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: git-crypt
+Source: https://github.com/AGWA/git-crypt
+
+Files: *
+Copyright: Copyright 2014 Andrew Ayer <agwa@andrewayer.name>
+License: GPL-3+ with OpenSSL exception
+ git-crypt is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+ .
+ git-crypt is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with git-crypt.  If not, see <http://www.gnu.org/licenses/>.
+ .
+ On Debian systems, the full text of the GNU General Public
+ License version 3 can be found in the file
+ `/usr/share/common-licenses/GPL-3'.
+ .
+ Additional permission under GNU GPL version 3 section 7:
+ .
+ If you modify the Program, or any covered work, by linking or
+ combining it with the OpenSSL project's OpenSSL library (or a
+ modified version of that library), containing parts covered by the
+ terms of the OpenSSL or SSLeay licenses, the licensors of the Program
+ grant you additional permission to convey the resulting work.
+ Corresponding Source for a non-source form of such a combination
+ shall include the source code for the parts of OpenSSL used as well
+ as that of the covered work.

debian/gbp.conf

@@ -0,0 +1,4 @@
+[DEFAULT]
+debian-branch = debian
+upstream-tag = %(version)s
+

debian/git-crypt.docs

@@ -0,0 +1 @@
+README

debian/git-crypt.install

@@ -0,0 +1 @@
+git-crypt usr/bin

debian/rules

@@ -0,0 +1,15 @@
+#!/usr/bin/make -f
+# -*- makefile -*-
+# Sample debian/rules that uses debhelper.
+# This file was originally written by Joey Hess and Craig Small.
+# As a special exception, when this file is copied by dh-make into a
+# dh-make output file, you may use that output file without restriction.
+# This special exception was added by Craig Small in version 0.37 of dh-make.
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+%:
+	dh  $@
+
+override_dh_auto_install:

git-crypt.cpp

@@ -32,6 +32,7 @@
 #include "util.hpp"
 #include <cstring>
 #include <iostream>
+#include <openssl/err.h>
 
 static void print_usage (const char* argv0)
 {
@@ -62,6 +63,7 @@ try {
 		return 2;
 	}
 
+	ERR_load_crypto_strings();
 
 	if (strcmp(argv[1], "init") == 0 && argc == 3) {
 		init(argv[0], argv[2]);
@@ -81,6 +83,7 @@ try {
 	return 0;
 } catch (const std::ios_base::failure& e) {
 	std::cerr << "git-crypt: I/O error: " << e.what() << std::endl;
+	return 1;
 }