gitea-mirror/git-crypt
1
0
Fork 0
mirror of https://github.com/AGWA/git-crypt.git synced 2026-01-02 00:00:12 -08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: gitea-mirror:0.7.0
Branches Tags
gitea-mirror:master gitea-mirror:pristine-tar gitea-mirror:skip_empty gitea-mirror:debian
gitea-mirror:0.8.0 gitea-mirror:0.7.0 gitea-mirror:debian/0.6.0-1 gitea-mirror:0.6.0 gitea-mirror:debian/0.5.0-2 gitea-mirror:debian/0.5.0-1 gitea-mirror:0.5.0 gitea-mirror:debian/0.4.2-1_agwa1 gitea-mirror:0.4.2 gitea-mirror:0.4.1 gitea-mirror:0.4 gitea-mirror:debian/0.3-1 gitea-mirror:0.3 gitea-mirror:0.2 gitea-mirror:0.1
..
compare: gitea-mirror:debian/0.5.0-1
Branches Tags
gitea-mirror:master gitea-mirror:pristine-tar gitea-mirror:skip_empty gitea-mirror:debian
gitea-mirror:0.8.0 gitea-mirror:0.7.0 gitea-mirror:debian/0.6.0-1 gitea-mirror:0.6.0 gitea-mirror:debian/0.5.0-2 gitea-mirror:debian/0.5.0-1 gitea-mirror:0.5.0 gitea-mirror:debian/0.4.2-1_agwa1 gitea-mirror:0.4.2 gitea-mirror:0.4.1 gitea-mirror:0.4 gitea-mirror:debian/0.3-1 gitea-mirror:0.3 gitea-mirror:0.2 gitea-mirror:0.1

8 Commits
0.7.0 ... debian/0.5

Author SHA1 Message Date
Andrew Ayer
f741d1aded Update Debian packaging for 0.5.0-1 2015-05-30 20:22:29 -07:00
Andrew Ayer
6bf8cb262c Add debian/watch file 2015-05-30 20:22:19 -07:00
Andrew Ayer
3513c22082 Merge tag '0.5.0' into debian 
git-crypt 0.5.0

git-crypt 0.5.0 brings a substantial performance boost to 'git-crypt
unlock' and 'git-crypt lock' under Git 1.8.5 and higher.  The improvement
should be particularly noticeable in repositories with lots of files.

In addition, there are some minor bug fixes and usability improvements.
'git-crypt gpg-add-user' now has a --trusted option which you can use
to force the addition of a user even if GPG doesn't trust the key.

Finally, git-crypt now has a man page!  To install it, pass ENABLE_MAN=yes
to 'make' and 'make install' (this will be the default once I iron out
the build system).

See the NEWS file, or the Git commit history, for a more detailed list
of changes.
 2015-05-30 20:01:44 -07:00
Andrew Ayer
f3890bed32 Update debian/changelog for 0.4.2-1~agwa1 2015-01-31 19:44:08 -08:00
Andrew Ayer
78fb6ab052 debian packaging: install additional docs 2015-01-31 19:42:45 -08:00
Andrew Ayer
1fc9664036 Merge tag '0.4.2' into debian 
git-crypt 0.4.2

git-crypt 0.4.2 is a bugfix-only release that fixes the unlock (and lock)
commands under Git 2.2.2 and newer.  Due to an optimization introduced in
Git 2.2.2, 'git-crypt unlock' would not decrypt files in the working tree.

In addition, this version of git-crypt officially drops support for
versions of Git older than 1.7.2.
 2015-01-31 19:41:21 -08:00
Andrew Ayer
2fa2cffba6 Freshen Debian packaging 2015-01-27 21:36:55 -08:00
Andrew Ayer
6b78ef0548 Add initial Debian packaging 2014-03-29 17:39:53 -07:00
36 changed files with 446 additions and 499 deletions
Expand all files Collapse all files

46
.github/workflows/release-linux.yml vendored
View File

@@ -1,46 +0,0 @@
on:
release:
types: [published]
name: Build Release Binary (Linux)
jobs:
build:
name: Build Release Binary
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Install dependencies
run: sudo apt install libssl-dev
- name: Build binary
run: make
- name: Upload release artifact
uses: actions/upload-artifact@v3
with:
name: git-crypt-artifacts
path: git-crypt
upload:
name: Upload Release Binary
runs-on: ubuntu-latest
needs: build
permissions:
contents: write
steps:
- name: Download release artifact
uses: actions/download-artifact@v3
with:
name: git-crypt-artifacts
- name: Upload release asset
uses: actions/github-script@v3
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const fs = require("fs").promises;
const { repo: { owner, repo }, sha } = context;
await github.repos.uploadReleaseAsset({
owner, repo,
release_id: ${{ github.event.release.id }},
name: 'git-crypt-${{ github.event.release.name }}-linux-x86_64',
data: await fs.readFile('git-crypt'),
});

56
.github/workflows/release-windows.yml vendored
View File

@@ -1,56 +0,0 @@
on:
release:
types: [published]
name: Build Release Binary (Windows)
jobs:
build:
name: Build Release Binary
runs-on: windows-2022
permissions:
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Setup msys2
uses: msys2/setup-msys2@v2
with:
msystem: MINGW64
update: true
install: >-
base-devel
msys2-devel
mingw-w64-x86_64-toolchain
mingw-w64-x86_64-openssl
openssl-devel
- name: Build binary
shell: msys2 {0}
run: make LDFLAGS="-static-libstdc++ -static -lcrypto -lws2_32"
- name: Upload release artifact
uses: actions/upload-artifact@v3
with:
name: git-crypt-artifacts
path: git-crypt.exe
upload:
name: Upload Release Binary
runs-on: ubuntu-latest
needs: build
permissions:
contents: write
steps:
- name: Download release artifact
uses: actions/download-artifact@v3
with:
name: git-crypt-artifacts
- name: Upload release asset
uses: actions/github-script@v3
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const fs = require("fs").promises;
const { repo: { owner, repo }, sha } = context;
await github.repos.uploadReleaseAsset({
owner, repo,
release_id: ${{ github.event.release.id }},
name: 'git-crypt-${{ github.event.release.name }}-x86_64.exe',
data: await fs.readFile('git-crypt.exe'),
});

6
CONTRIBUTING.md
View File

@@ -4,7 +4,8 @@ documentation, bug reports, or anything else that improves git-crypt.
When contributing code, please consider the following guidelines:
* You are encouraged to open an issue on GitHub to discuss any non-trivial
* You are encouraged to open an issue on GitHub or send mail to
git-crypt-discuss@lists.cloudmutt.com to discuss any non-trivial
changes before you start coding.
* Please mimic the existing code style as much as possible. In
@@ -14,7 +15,8 @@ When contributing code, please consider the following guidelines:
* To minimize merge commits, please rebase your changes before opening
a pull request.
* To submit your patch, open a pull request on GitHub.
* To submit your patch, open a pull request on GitHub or send a
properly-formatted patch to git-crypt-discuss@lists.cloudmutt.com.
Finally, be aware that since git-crypt is security-sensitive software,
the bar for contributions is higher than average. Please don't be

14
INSTALL
View File

@@ -2,19 +2,19 @@ DEPENDENCIES
To build git-crypt, you need:
Debian/Ubuntu package RHEL/CentOS package
Debian/Ubuntu package RHEL/CentOS package
-----------------------------------------------------------------------------
Make make make
A C++11 compiler (e.g. gcc 4.9+) g++ gcc-c++
OpenSSL development files libssl-dev openssl-devel
Make make make
A C++ compiler (e.g. gcc) g++ gcc-c++
OpenSSL development files libssl-dev openssl-devel
To use git-crypt, you need:
Debian/Ubuntu package RHEL/CentOS package
Debian/Ubuntu package RHEL/CentOS package
-----------------------------------------------------------------------------
Git 1.7.2 or newer git git
OpenSSL openssl openssl
Git 1.7.2 or newer git git
OpenSSL openssl openssl
Note: Git 1.8.5 or newer is recommended for best performance.

18
INSTALL.md
View File

@@ -2,19 +2,19 @@
To build git-crypt, you need:
| Software | Debian/Ubuntu package | RHEL/CentOS package|
|---------------------------------|-----------------------|--------------------|
|Make | make | make |
|A C++11 compiler (e.g. gcc 4.9+) | g++ | gcc-c++ |
|OpenSSL development files | libssl-dev | openssl-devel |
| Debian/Ubuntu package | RHEL/CentOS package
---------------------------|-----------------------|------------------------
Make | make | make
A C++ compiler (e.g. gcc) | g++ | gcc-c++
OpenSSL development files | libssl-dev | openssl-devel
To use git-crypt, you need:
| Software | Debian/Ubuntu package | RHEL/CentOS package|
|---------------------------------|-----------------------|--------------------|
|Git 1.7.2 or newer | git | git |
|OpenSSL | openssl | openssl |
| Debian/Ubuntu package | RHEL/CentOS package
---------------------------|-----------------------|------------------------
Git 1.7.2 or newer | git | git
OpenSSL | openssl | openssl
Note: Git 1.8.5 or newer is recommended for best performance.

5
Makefile
View File

@@ -5,7 +5,6 @@
#
CXXFLAGS ?= -Wall -pedantic -Wno-long-long -O2
CXXFLAGS += -std=c++11
PREFIX ?= /usr/local
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
@@ -24,7 +23,7 @@ OBJFILES = \
coprocess.o \
fhstream.o
OBJFILES += crypto-openssl-10.o crypto-openssl-11.o
OBJFILES += crypto-openssl.o
LDFLAGS += -lcrypto
XSLTPROC ?= xsltproc
@@ -55,7 +54,7 @@ coprocess.o: coprocess.cpp coprocess-unix.cpp coprocess-win32.cpp
build-man: man/man1/git-crypt.1
man/man1/git-crypt.1: man/git-crypt.xml
$(XSLTPROC) $(DOCBOOK_FLAGS) $(DOCBOOK_XSL) man/git-crypt.xml
$(XSLTPROC) $(DOCBOOK_FLAGS) $(DOCBOOK_XSL) $<
#
# Clean

18
NEWS
View File

@@ -1,21 +1,3 @@
v0.7.0 (2022-04-21)
* Avoid "argument list too long" errors on macOS.
* Fix handling of "-" arguments.
* Minor documentation improvements.
v0.6.0 (2017-11-26)
* Add support for OpenSSL 1.1 (still works with OpenSSL 1.0).
* Switch to C++11 (gcc 4.9 or higher now required to build).
* Allow GPG to fail on some keys (makes unlock work better if there are
multiple keys that can unlock the repo but only some are available).
* Allow the repo state directory to be configured with the
git-crypt.repoStateDir git config option.
* Respect the gpg.program git config option.
* Don't hard code path to git-crypt in .git/config on Linux (ensures
repo continues to work if git-crypt is moved).
* Ensure git-crypt's gpg files won't be treated as text by Git.
* Minor improvements to build system, documentation.
v0.5.0 (2015-05-30)
* Drastically speed up lock/unlock when used with Git 1.8.5 or newer.
* Add git-crypt(1) man page (pass ENABLE_MAN=yes to make to build).

18
NEWS.md
View File

@@ -1,24 +1,6 @@
News
====
######v0.7.0 (2022-04-21)
* Avoid "argument list too long" errors on macOS.
* Fix handling of "-" arguments.
* Minor documentation improvements.
######v0.6.0 (2017-11-26)
* Add support for OpenSSL 1.1 (still works with OpenSSL 1.0).
* Switch to C++11 (gcc 4.9 or higher now required to build).
* Allow GPG to fail on some keys (makes unlock work better if there are
multiple keys that can unlock the repo but only some are available).
* Allow the repo state directory to be configured with the
git-crypt.repoStateDir git config option.
* Respect the gpg.program git config option.
* Don't hard code path to git-crypt in .git/config on Linux (ensures
repo continues to work if git-crypt is moved).
* Ensure git-crypt's gpg files won't be treated as text by Git.
* Minor improvements to build system, documentation.
######v0.5.0 (2015-05-30)
* Drastically speed up lock/unlock when used with Git 1.8.5 or newer.
* Add git-crypt(1) man page (pass `ENABLE_MAN=yes` to make to build).

41
README
View File

@@ -30,7 +30,6 @@ Specify files to encrypt by creating a .gitattributes file:
secretfile filter=git-crypt diff=git-crypt
*.key filter=git-crypt diff=git-crypt
secretdir/** filter=git-crypt diff=git-crypt
Like a .gitignore file, it can match wildcards and should be checked into
the repository. See below for more information about .gitattributes.
@@ -55,7 +54,7 @@ are added to your repository):
$ git-crypt export-key /path/to/key
After cloning a repository with encrypted files, unlock with GPG:
After cloning a repository with encrypted files, unlock with with GPG:
$ git-crypt unlock
@@ -70,7 +69,7 @@ encryption and decryption happen transparently.
CURRENT STATUS
The latest version of git-crypt is 0.7.0, released on 2022-04-21.
The latest version of git-crypt is 0.5.0, released on 2015-05-30.
git-crypt aims to be bug-free and reliable, meaning it shouldn't
crash, malfunction, or expose your confidential data. However,
it has not yet reached maturity, meaning it is not as documented,
@@ -80,7 +79,7 @@ backwards-incompatible changes introduced before version 1.0.
SECURITY
git-crypt is more secure than other transparent git encryption systems.
git-crypt is more secure that other transparent git encryption systems.
git-crypt encrypts files using AES-256 in CTR mode with a synthetic IV
derived from the SHA-1 HMAC of the file. This mode of operation is
provably semantically secure under deterministic chosen-plaintext attack.
@@ -99,7 +98,7 @@ all of the files in a repository. Where git-crypt really shines is where
most of your repository is public, but you have a few files (perhaps
private keys named *.key, or a file with API credentials) which you
need to encrypt. For encrypting an entire repository, consider using a
system like git-remote-gcrypt <https://spwhitton.name/tech/code/git-remote-gcrypt/>
system like git-remote-gcrypt <https://github.com/joeyh/git-remote-gcrypt>
instead. (Note: no endorsement is made of git-remote-gcrypt's security.)
git-crypt does not encrypt file names, commit messages, symlink targets,
@@ -109,16 +108,6 @@ git-crypt does not hide when a file does or doesn't change, the length
of a file, or the fact that two files are identical (see "Security"
section above).
git-crypt does not support revoking access to an encrypted repository
which was previously granted. This applies to both multi-user GPG
mode (there's no del-gpg-user command to complement add-gpg-user)
and also symmetric key mode (there's no support for rotating the key).
This is because it is an inherently complex problem in the context
of historical data. For example, even if a key was rotated at one
point in history, a user having the previous key can still access
previous repository history. This problem is discussed in more detail in
<https://github.com/AGWA/git-crypt/issues/47>.
Files encrypted with git-crypt are not compressible. Even the smallest
change to an encrypted file requires git to store the entire changed file,
instead of just a delta.
@@ -149,12 +138,20 @@ specifying merely a directory (e.g. `/dir/`) is NOT sufficient to
encrypt all files beneath it.
Also note that the pattern `dir/*` does not match files under
sub-directories of dir/. To encrypt an entire sub-tree dir/, use `dir/**`:
dir/** filter=git-crypt diff=git-crypt
The .gitattributes file must not be encrypted, so make sure wildcards don't
match it accidentally. If necessary, you can exclude .gitattributes from
encryption like this:
sub-directories of dir/. To encrypt an entire sub-tree dir/, place the
following in dir/.gitattributes:
* filter=git-crypt diff=git-crypt
.gitattributes !filter !diff
The second pattern is essential for ensuring that .gitattributes itself
is not encrypted.
MAILING LISTS
To stay abreast of, and provide input to, git-crypt development, consider
subscribing to one or both of our mailing lists:
Announcements: https://lists.cloudmutt.com/mailman/listinfo/git-crypt-announce
Discussion: https://lists.cloudmutt.com/mailman/listinfo/git-crypt-discuss

43
README.md
View File

@@ -31,7 +31,6 @@ Specify files to encrypt by creating a .gitattributes file:
secretfile filter=git-crypt diff=git-crypt
*.key filter=git-crypt diff=git-crypt
secretdir/** filter=git-crypt diff=git-crypt
Like a .gitignore file, it can match wildcards and should be checked into
the repository. See below for more information about .gitattributes.
@@ -56,7 +55,7 @@ are added to your repository):
git-crypt export-key /path/to/key
After cloning a repository with encrypted files, unlock with GPG:
After cloning a repository with encrypted files, unlock with with GPG:
git-crypt unlock
@@ -71,8 +70,8 @@ encryption and decryption happen transparently.
Current Status
--------------
The latest version of git-crypt is [0.7.0](NEWS.md), released on
2022-04-21. git-crypt aims to be bug-free and reliable, meaning it
The latest version of git-crypt is [0.5.0](NEWS.md), released on
2015-05-30. git-crypt aims to be bug-free and reliable, meaning it
shouldn't crash, malfunction, or expose your confidential data.
However, it has not yet reached maturity, meaning it is not as
documented, featureful, or easy-to-use as it should be. Additionally,
@@ -82,7 +81,7 @@ there may be backwards-incompatible changes introduced before version
Security
--------
git-crypt is more secure than other transparent git encryption systems.
git-crypt is more secure that other transparent git encryption systems.
git-crypt encrypts files using AES-256 in CTR mode with a synthetic IV
derived from the SHA-1 HMAC of the file. This mode of operation is
provably semantically secure under deterministic chosen-plaintext attack.
@@ -101,7 +100,7 @@ all of the files in a repository. Where git-crypt really shines is where
most of your repository is public, but you have a few files (perhaps
private keys named *.key, or a file with API credentials) which you
need to encrypt. For encrypting an entire repository, consider using a
system like [git-remote-gcrypt](https://spwhitton.name/tech/code/git-remote-gcrypt/)
system like [git-remote-gcrypt](https://github.com/joeyh/git-remote-gcrypt)
instead. (Note: no endorsement is made of git-remote-gcrypt's security.)
git-crypt does not encrypt file names, commit messages, symlink targets,
@@ -111,16 +110,6 @@ git-crypt does not hide when a file does or doesn't change, the length
of a file, or the fact that two files are identical (see "Security"
section above).
git-crypt does not support revoking access to an encrypted repository
which was previously granted. This applies to both multi-user GPG
mode (there's no del-gpg-user command to complement add-gpg-user)
and also symmetric key mode (there's no support for rotating the key).
This is because it is an inherently complex problem in the context
of historical data. For example, even if a key was rotated at one
point in history, a user having the previous key can still access
previous repository history. This problem is discussed in more detail in
<https://github.com/AGWA/git-crypt/issues/47>.
Files encrypted with git-crypt are not compressible. Even the smallest
change to an encrypted file requires git to store the entire changed file,
instead of just a delta.
@@ -151,12 +140,20 @@ specifying merely a directory (e.g. `/dir/`) is *not* sufficient to
encrypt all files beneath it.
Also note that the pattern `dir/*` does not match files under
sub-directories of dir/. To encrypt an entire sub-tree dir/, use `dir/**`:
dir/** filter=git-crypt diff=git-crypt
The .gitattributes file must not be encrypted, so make sure wildcards don't
match it accidentally. If necessary, you can exclude .gitattributes from
encryption like this:
sub-directories of dir/. To encrypt an entire sub-tree dir/, place the
following in dir/.gitattributes:
* filter=git-crypt diff=git-crypt
.gitattributes !filter !diff
The second pattern is essential for ensuring that .gitattributes itself
is not encrypted.
Mailing Lists
-------------
To stay abreast of, and provide input to, git-crypt development,
consider subscribing to one or both of our mailing lists:
* [Announcements](https://lists.cloudmutt.com/mailman/listinfo/git-crypt-announce)
* [Discussion](https://lists.cloudmutt.com/mailman/listinfo/git-crypt-discuss)

4
THANKS.md
View File

@@ -12,10 +12,6 @@ For their contributions to git-crypt, I thank:
* Linus G Thiel
* Michael Schout
* Simon Kotlinski
* Kevin Menard
* Wael M. Nasreddine
* Kevin Borgolte
* Adrian Cohea
* And everyone who has tested git-crypt, provided feedback, reported
bugs, and participated in discussions about new features.

84
commands.cpp
View File

@@ -48,15 +48,8 @@
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <exception>
#include <vector>
enum {
// # of arguments per git checkout call; must be large enough to be efficient but small
// enough to avoid operating system limits on argument length
GIT_CHECKOUT_BATCH_SIZE = 100
};
static std::string attribute_name (const char* key_name)
{
if (key_name) {
@@ -189,19 +182,15 @@ static void deconfigure_git_filters (const char* key_name)
}
}
static bool git_checkout_batch (std::vector<std::string>::const_iterator paths_begin, std::vector<std::string>::const_iterator paths_end)
static bool git_checkout (const std::vector<std::string>& paths)
{
if (paths_begin == paths_end) {
return true;
}
std::vector<std::string> command;
command.push_back("git");
command.push_back("checkout");
command.push_back("--");
for (auto path(paths_begin); path != paths_end; ++path) {
for (std::vector<std::string>::const_iterator path(paths.begin()); path != paths.end(); ++path) {
command.push_back(*path);
}
@@ -212,18 +201,6 @@ static bool git_checkout_batch (std::vector<std::string>::const_iterator paths_b
return true;
}
static bool git_checkout (const std::vector<std::string>& paths)
{
auto paths_begin(paths.begin());
while (paths.end() - paths_begin >= GIT_CHECKOUT_BATCH_SIZE) {
if (!git_checkout_batch(paths_begin, paths_begin + GIT_CHECKOUT_BATCH_SIZE)) {
return false;
}
paths_begin += GIT_CHECKOUT_BATCH_SIZE;
}
return git_checkout_batch(paths_begin, paths.end());
}
static bool same_key_name (const char* a, const char* b)
{
return (!a && !b) || (a && b && std::strcmp(a, b) == 0);
@@ -277,27 +254,6 @@ static std::string get_internal_key_path (const char* key_name)
return path;
}
std::string get_git_config (const std::string& name)
{
// git config --get
std::vector<std::string> command;
command.push_back("git");
command.push_back("config");
command.push_back("--get");
command.push_back(name);
std::stringstream output;
if (!successful_exit(exec_command(command, output))) {
throw Error("'git config' missing value for key '" + name +"'");
}
std::string value;
std::getline(output, value);
return value;
}
static std::string get_repo_state_path ()
{
// git rev-parse --show-toplevel
@@ -320,18 +276,7 @@ static std::string get_repo_state_path ()
throw Error("Could not determine Git working tree - is this a non-bare repo?");
}
// Check if the repo state dir has been explicitly configured. If so, use that in path construction.
if (git_has_config("git-crypt.repoStateDir")) {
std::string repoStateDir = get_git_config("git-crypt.repoStateDir");
// The repoStateDir value must always be relative to git work tree to ensure the repoStateDir can be committed
// along with the remainder of the repository.
path += '/' + repoStateDir;
} else {
// There is no explicitly configured repo state dir configured, so use the default.
path += "/.git-crypt";
}
path += "/.git-crypt";
return path;
}
@@ -510,7 +455,7 @@ static bool check_if_file_is_encrypted (const std::string& filename)
static bool is_git_file_mode (const std::string& mode)
{
return (std::strtoul(mode.c_str(), nullptr, 8) & 0170000) == 0100000;
return (std::strtoul(mode.c_str(), NULL, 8) & 0170000) == 0100000;
}
static void get_encrypted_files (std::vector<std::string>& files, const char* key_name)
@@ -531,8 +476,8 @@ static void get_encrypted_files (std::vector<std::string>& files, const char* ke
ls_files.spawn(ls_files_command);
Coprocess check_attr;
std::ostream* check_attr_stdin = nullptr;
std::istream* check_attr_stdout = nullptr;
std::ostream* check_attr_stdin = NULL;
std::istream* check_attr_stdout = NULL;
if (git_version() >= make_version(1, 8, 5)) {
// In Git 1.8.5 (released 27 Nov 2013) and higher, we use a single `git check-attr` process
// to get the attributes of all files at once. In prior versions, we have to fork and exec
@@ -612,20 +557,13 @@ static void load_key (Key_file& key_file, const char* key_name, const char* key_
static bool decrypt_repo_key (Key_file& key_file, const char* key_name, uint32_t key_version, const std::vector<std::string>& secret_keys, const std::string& keys_path)
{
std::exception_ptr gpg_error;
for (std::vector<std::string>::const_iterator seckey(secret_keys.begin()); seckey != secret_keys.end(); ++seckey) {
std::ostringstream path_builder;
path_builder << keys_path << '/' << (key_name ? key_name : "default") << '/' << key_version << '/' << *seckey << ".gpg";
std::string path(path_builder.str());
if (access(path.c_str(), F_OK) == 0) {
std::stringstream decrypted_contents;
try {
gpg_decrypt_from_file(path, decrypted_contents);
} catch (const Gpg_error&) {
gpg_error = std::current_exception();
continue;
}
gpg_decrypt_from_file(path, decrypted_contents);
Key_file this_version_key_file;
this_version_key_file.load(decrypted_contents);
const Key_file::Entry* this_version_entry = this_version_key_file.get(key_version);
@@ -640,11 +578,6 @@ static bool decrypt_repo_key (Key_file& key_file, const char* key_name, uint32_t
return true;
}
}
if (gpg_error) {
std::rethrow_exception(gpg_error);
}
return false;
}
@@ -1193,7 +1126,7 @@ int lock (int argc, const char** argv)
}
if (!git_checkout(encrypted_files)) {
std::clog << "Error: 'git checkout' failed" << std::endl;
std::clog << "git-crypt has been locked up but existing decrypted files have not been encrypted" << std::endl;
std::clog << "git-crypt has been locked but up but existing decrypted files have not been encrypted" << std::endl;
return 1;
}
@@ -1269,7 +1202,6 @@ int add_gpg_user (int argc, const char** argv)
state_gitattributes_file << "# Do not edit this file. To specify the files to encrypt, create your own\n";
state_gitattributes_file << "# .gitattributes file in the directory where your files are.\n";
state_gitattributes_file << "* !filter !diff\n";
state_gitattributes_file << "*.gpg binary\n";
state_gitattributes_file.close();
if (!state_gitattributes_file) {
std::clog << "Error: unable to write " << state_gitattributes_path << std::endl;

3
commands.hpp
View File

@@ -70,7 +70,4 @@ void help_migrate_key (std::ostream&);
void help_refresh (std::ostream&);
void help_status (std::ostream&);
// other
std::string get_git_config (const std::string& name);
#endif

10
coprocess-unix.cpp
View File

@@ -41,7 +41,7 @@ static int execvp (const std::string& file, const std::vector<std::string>& args
for (std::vector<std::string>::const_iterator arg(args.begin()); arg != args.end(); ++arg) {
args_c_str.push_back(arg->c_str());
}
args_c_str.push_back(nullptr);
args_c_str.push_back(NULL);
return execvp(file.c_str(), const_cast<char**>(&args_c_str[0]));
}
@@ -50,10 +50,10 @@ Coprocess::Coprocess ()
pid = -1;
stdin_pipe_reader = -1;
stdin_pipe_writer = -1;
stdin_pipe_ostream = nullptr;
stdin_pipe_ostream = NULL;
stdout_pipe_reader = -1;
stdout_pipe_writer = -1;
stdout_pipe_istream = nullptr;
stdout_pipe_istream = NULL;
}
Coprocess::~Coprocess ()
@@ -79,7 +79,7 @@ std::ostream* Coprocess::stdin_pipe ()
void Coprocess::close_stdin ()
{
delete stdin_pipe_ostream;
stdin_pipe_ostream = nullptr;
stdin_pipe_ostream = NULL;
if (stdin_pipe_writer != -1) {
close(stdin_pipe_writer);
stdin_pipe_writer = -1;
@@ -107,7 +107,7 @@ std::istream* Coprocess::stdout_pipe ()
void Coprocess::close_stdout ()
{
delete stdout_pipe_istream;
stdout_pipe_istream = nullptr;
stdout_pipe_istream = NULL;
if (stdout_pipe_writer != -1) {
close(stdout_pipe_writer);
stdout_pipe_writer = -1;

50
coprocess-win32.cpp
View File

@@ -96,14 +96,14 @@ static HANDLE spawn_command (const std::vector<std::string>& command, HANDLE std
std::string cmdline(format_cmdline(command));
if (!CreateProcessA(nullptr, // application name (nullptr to use command line)
if (!CreateProcessA(NULL, // application name (NULL to use command line)
const_cast<char*>(cmdline.c_str()),
nullptr, // process security attributes
nullptr, // primary thread security attributes
NULL, // process security attributes
NULL, // primary thread security attributes
TRUE, // handles are inherited
0, // creation flags
nullptr, // use parent's environment
nullptr, // use parent's current directory
NULL, // use parent's environment
NULL, // use parent's current directory
&start_info,
&proc_info)) {
throw System_error("CreateProcess", cmdline, GetLastError());
@@ -117,13 +117,13 @@ static HANDLE spawn_command (const std::vector<std::string>& command, HANDLE std
Coprocess::Coprocess ()
{
proc_handle = nullptr;
stdin_pipe_reader = nullptr;
stdin_pipe_writer = nullptr;
stdin_pipe_ostream = nullptr;
stdout_pipe_reader = nullptr;
stdout_pipe_writer = nullptr;
stdout_pipe_istream = nullptr;
proc_handle = NULL;
stdin_pipe_reader = NULL;
stdin_pipe_writer = NULL;
stdin_pipe_ostream = NULL;
stdout_pipe_reader = NULL;
stdout_pipe_writer = NULL;
stdout_pipe_istream = NULL;
}
Coprocess::~Coprocess ()
@@ -143,7 +143,7 @@ std::ostream* Coprocess::stdin_pipe ()
// Set the bInheritHandle flag so pipe handles are inherited.
sec_attr.nLength = sizeof(SECURITY_ATTRIBUTES);
sec_attr.bInheritHandle = TRUE;
sec_attr.lpSecurityDescriptor = nullptr;
sec_attr.lpSecurityDescriptor = NULL;
// Create a pipe for the child process's STDIN.
if (!CreatePipe(&stdin_pipe_reader, &stdin_pipe_writer, &sec_attr, 0)) {
@@ -163,14 +163,14 @@ std::ostream* Coprocess::stdin_pipe ()
void Coprocess::close_stdin ()
{
delete stdin_pipe_ostream;
stdin_pipe_ostream = nullptr;
stdin_pipe_ostream = NULL;
if (stdin_pipe_writer) {
CloseHandle(stdin_pipe_writer);
stdin_pipe_writer = nullptr;
stdin_pipe_writer = NULL;
}
if (stdin_pipe_reader) {
CloseHandle(stdin_pipe_reader);
stdin_pipe_reader = nullptr;
stdin_pipe_reader = NULL;
}
}
@@ -182,7 +182,7 @@ std::istream* Coprocess::stdout_pipe ()
// Set the bInheritHandle flag so pipe handles are inherited.
sec_attr.nLength = sizeof(SECURITY_ATTRIBUTES);
sec_attr.bInheritHandle = TRUE;
sec_attr.lpSecurityDescriptor = nullptr;
sec_attr.lpSecurityDescriptor = NULL;
// Create a pipe for the child process's STDOUT.
if (!CreatePipe(&stdout_pipe_reader, &stdout_pipe_writer, &sec_attr, 0)) {
@@ -202,27 +202,27 @@ std::istream* Coprocess::stdout_pipe ()
void Coprocess::close_stdout ()
{
delete stdout_pipe_istream;
stdout_pipe_istream = nullptr;
stdout_pipe_istream = NULL;
if (stdout_pipe_writer) {
CloseHandle(stdout_pipe_writer);
stdout_pipe_writer = nullptr;
stdout_pipe_writer = NULL;
}
if (stdout_pipe_reader) {
CloseHandle(stdout_pipe_reader);
stdout_pipe_reader = nullptr;
stdout_pipe_reader = NULL;
}
}
void Coprocess::spawn (const std::vector<std::string>& args)
{
proc_handle = spawn_command(args, stdin_pipe_reader, stdout_pipe_writer, nullptr);
proc_handle = spawn_command(args, stdin_pipe_reader, stdout_pipe_writer, NULL);
if (stdin_pipe_reader) {
CloseHandle(stdin_pipe_reader);
stdin_pipe_reader = nullptr;
stdin_pipe_reader = NULL;
}
if (stdout_pipe_writer) {
CloseHandle(stdout_pipe_writer);
stdout_pipe_writer = nullptr;
stdout_pipe_writer = NULL;
}
}
@@ -243,7 +243,7 @@ int Coprocess::wait ()
size_t Coprocess::write_stdin (void* handle, const void* buf, size_t count)
{
DWORD bytes_written;
if (!WriteFile(static_cast<Coprocess*>(handle)->stdin_pipe_writer, buf, count, &bytes_written, nullptr)) {
if (!WriteFile(static_cast<Coprocess*>(handle)->stdin_pipe_writer, buf, count, &bytes_written, NULL)) {
throw System_error("WriteFile", "", GetLastError());
}
return bytes_written;
@@ -257,7 +257,7 @@ size_t Coprocess::read_stdout (void* handle, void* buf, size_t count)
// fails with ERROR_BROKEN_PIPE.
DWORD bytes_read;
do {
if (!ReadFile(static_cast<Coprocess*>(handle)->stdout_pipe_reader, buf, count, &bytes_read, nullptr)) {
if (!ReadFile(static_cast<Coprocess*>(handle)->stdout_pipe_reader, buf, count, &bytes_read, NULL)) {
const DWORD read_error = GetLastError();
if (read_error != ERROR_BROKEN_PIPE) {
throw System_error("ReadFile", "", read_error);

119
crypto-openssl-11.cpp
View File

@@ -1,119 +0,0 @@
/*
* Copyright 2012, 2014 Andrew Ayer
*
* This file is part of git-crypt.
*
* git-crypt is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* git-crypt is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with git-crypt. If not, see <http://www.gnu.org/licenses/>.
*
* Additional permission under GNU GPL version 3 section 7:
*
* If you modify the Program, or any covered work, by linking or
* combining it with the OpenSSL project's OpenSSL library (or a
* modified version of that library), containing parts covered by the
* terms of the OpenSSL or SSLeay licenses, the licensors of the Program
* grant you additional permission to convey the resulting work.
* Corresponding Source for a non-source form of such a combination
* shall include the source code for the parts of OpenSSL used as well
* as that of the covered work.
*/
#include <openssl/opensslconf.h>
#if defined(OPENSSL_API_COMPAT)
#include "crypto.hpp"
#include "key.hpp"
#include "util.hpp"
#include <openssl/aes.h>
#include <openssl/sha.h>
#include <openssl/hmac.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/err.h>
#include <sstream>
#include <cstring>
void init_crypto ()
{
ERR_load_crypto_strings();
}
struct Aes_ecb_encryptor::Aes_impl {
AES_KEY key;
};
Aes_ecb_encryptor::Aes_ecb_encryptor (const unsigned char* raw_key)
: impl(new Aes_impl)
{
if (AES_set_encrypt_key(raw_key, KEY_LEN * 8, &(impl->key)) != 0) {
throw Crypto_error("Aes_ctr_encryptor::Aes_ctr_encryptor", "AES_set_encrypt_key failed");
}
}
Aes_ecb_encryptor::~Aes_ecb_encryptor ()
{
// Note: Explicit destructor necessary because class contains an unique_ptr
// which contains an incomplete type when the unique_ptr is declared.
explicit_memset(&impl->key, '\0', sizeof(impl->key));
}
void Aes_ecb_encryptor::encrypt(const unsigned char* plain, unsigned char* cipher)
{
AES_encrypt(plain, cipher, &(impl->key));
}
struct Hmac_sha1_state::Hmac_impl {
HMAC_CTX *ctx;
};
Hmac_sha1_state::Hmac_sha1_state (const unsigned char* key, size_t key_len)
: impl(new Hmac_impl)
{
impl->ctx = HMAC_CTX_new();
HMAC_Init_ex(impl->ctx, key, key_len, EVP_sha1(), nullptr);
}
Hmac_sha1_state::~Hmac_sha1_state ()
{
HMAC_CTX_free(impl->ctx);
}
void Hmac_sha1_state::add (const unsigned char* buffer, size_t buffer_len)
{
HMAC_Update(impl->ctx, buffer, buffer_len);
}
void Hmac_sha1_state::get (unsigned char* digest)
{
unsigned int len;
HMAC_Final(impl->ctx, digest, &len);
}
void random_bytes (unsigned char* buffer, size_t len)
{
if (RAND_bytes(buffer, len) != 1) {
std::ostringstream message;
while (unsigned long code = ERR_get_error()) {
char error_string[120];
ERR_error_string_n(code, error_string, sizeof(error_string));
message << "OpenSSL Error: " << error_string << "; ";
}
throw Crypto_error("random_bytes", message.str());
}
}
#endif

13
crypto-openssl-10.cpp → crypto-openssl.cpp
View File

@@ -28,10 +28,6 @@
* as that of the covered work.
*/
#include <openssl/opensslconf.h>
#if !defined(OPENSSL_API_COMPAT)
#include "crypto.hpp"
#include "key.hpp"
#include "util.hpp"
@@ -63,8 +59,8 @@ Aes_ecb_encryptor::Aes_ecb_encryptor (const unsigned char* raw_key)
Aes_ecb_encryptor::~Aes_ecb_encryptor ()
{
// Note: Explicit destructor necessary because class contains an unique_ptr
// which contains an incomplete type when the unique_ptr is declared.
// Note: Explicit destructor necessary because class contains an auto_ptr
// which contains an incomplete type when the auto_ptr is declared.
explicit_memset(&impl->key, '\0', sizeof(impl->key));
}
@@ -86,8 +82,8 @@ Hmac_sha1_state::Hmac_sha1_state (const unsigned char* key, size_t key_len)
Hmac_sha1_state::~Hmac_sha1_state ()
{
// Note: Explicit destructor necessary because class contains an unique_ptr
// which contains an incomplete type when the unique_ptr is declared.
// Note: Explicit destructor necessary because class contains an auto_ptr
// which contains an incomplete type when the auto_ptr is declared.
HMAC_cleanup(&(impl->ctx));
}
@@ -117,4 +113,3 @@ void random_bytes (unsigned char* buffer, size_t len)
}
}
#endif

4
crypto.hpp
View File

@@ -57,7 +57,7 @@ public:
private:
struct Aes_impl;
std::unique_ptr<Aes_impl> impl;
std::auto_ptr<Aes_impl> impl;
public:
Aes_ecb_encryptor (const unsigned char* key);
@@ -102,7 +102,7 @@ public:
private:
struct Hmac_impl;
std::unique_ptr<Hmac_impl> impl;
std::auto_ptr<Hmac_impl> impl;
public:
Hmac_sha1_state (const unsigned char* key, size_t key_len);

5
debian/changelog vendored Normal file
View File

@@ -0,0 +1,5 @@
git-crypt (0.5.0-1) unstable; urgency=medium
* Initial release. (Closes: #785346)
-- Andrew Ayer <agwa@andrewayer.name> Sat, 30 May 2015 20:22:22 -0700

1
debian/compat vendored Normal file
View File

@@ -0,0 +1 @@
9

24
debian/control vendored Normal file
View File

@@ -0,0 +1,24 @@
Source: git-crypt
Maintainer: Andrew Ayer <agwa@andrewayer.name>
Section: vcs
Priority: optional
Standards-Version: 3.9.6
Build-Depends: debhelper (>= 9), libssl-dev, xsltproc, docbook-xml, docbook-xsl
Vcs-Git: https://www.agwa.name/git/git-crypt.git -b debian
Homepage: https://www.agwa.name/projects/git-crypt
Package: git-crypt
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, git (>= 1.7.2)
Recommends: gnupg
Enhances: git
Description: Transparent file encryption in git
git-crypt enables transparent encryption and decryption of files in a
git repository. Files which you choose to protect are encrypted when
committed, and decrypted when checked out. git-crypt lets you freely
share a repository containing a mix of public and private content.
git-crypt gracefully degrades, so developers without the secret key
can still clone and commit to a repository with encrypted files.
This lets you store your secret material (such as keys or passwords)
in the same repository as your code, without requiring you to lock down
your entire repository.

64
debian/copyright vendored Normal file
View File

@@ -0,0 +1,64 @@
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: git-crypt
Source: https://www.agwa.name/projects/git-crypt
Files: *
Copyright: Copyright 2012-2015 Andrew Ayer
License: GPL-3+ with OpenSSL exception
Files: fhstream.cpp fhstream.hpp parse_options.cpp parse_options.hpp
Copyright: Copyright 2012, 2014, 2015 Andrew Ayer
License: X11
License: GPL-3+ with OpenSSL exception
git-crypt is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
.
git-crypt is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
.
You should have received a copy of the GNU General Public License
along with git-crypt. If not, see <http://www.gnu.org/licenses/>.
.
On Debian systems, the full text of the GNU General Public
License version 3 can be found in the file
`/usr/share/common-licenses/GPL-3'.
.
Additional permission under GNU GPL version 3 section 7:
.
If you modify the Program, or any covered work, by linking or
combining it with the OpenSSL project's OpenSSL library (or a
modified version of that library), containing parts covered by the
terms of the OpenSSL or SSLeay licenses, the licensors of the Program
grant you additional permission to convey the resulting work.
Corresponding Source for a non-source form of such a combination
shall include the source code for the parts of OpenSSL used as well
as that of the covered work.
License: X11
Permission is hereby granted, free of charge, to any person obtaining a
copy of this software and associated documentation files (the "Software"),
to deal in the Software without restriction, including without limitation
the rights to use, copy, modify, merge, publish, distribute, sublicense,
and/or sell copies of the Software, and to permit persons to whom the
Software is furnished to do so, subject to the following conditions:
.
The above copyright notice and this permission notice shall be included
in all copies or substantial portions of the Software.
.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR
OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE.
.
Except as contained in this notice, the name(s) of the above copyright
holders shall not be used in advertising or otherwise to promote the
sale, use or other dealings in this Software without prior written
authorization.

5
debian/gbp.conf vendored Normal file
View File

@@ -0,0 +1,5 @@
[DEFAULT]
pristine-tar = True
pristine-tar-commit = True
debian-branch = debian
upstream-tag = %(version)s

8
debian/git-crypt.docs vendored Normal file
View File

@@ -0,0 +1,8 @@
CONTRIBUTING.md
NEWS
NEWS.md
README
README.md
RELEASE_NOTES-0.4.1.md
RELEASE_NOTES-0.4.md
THANKS.md

7
debian/rules vendored Executable file
View File

@@ -0,0 +1,7 @@
#!/usr/bin/make -f
export PREFIX=/usr
export ENABLE_MAN=yes
%:
dh $@

1
debian/source/format vendored Normal file
View File

@@ -0,0 +1 @@
3.0 (quilt)

1
debian/source/options vendored Normal file
View File

@@ -0,0 +1 @@
single-debian-patch

17
debian/source/patch-header vendored Normal file
View File

@@ -0,0 +1,17 @@
Subject: Collected Debian patches for git-crypt
Author: Andrew Ayer <agwa@andrewayer.name>
Since I am also upstream for this package, there will normally not be
any patches to apply to the upstream source. However, occasionally
I'll pull up specific upstream commits prior to making an upstream
release. When this happens, this patch will collect all of those
modifications.
I use Git to maintain both the upstream source and the Debian
packages, and generating individual patches rather than using git
cherry-pick takes extra work for no gain. Since I'm also upstream,
there's no need to separate the patches for later upstream submission.
Hence, I take this approach with a unified patch when it's necessary.
For full commit history and separated commits, see the upstream Git
repository.

135
debian/upstream/signing-key.asc vendored Normal file
View File

@@ -0,0 +1,135 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFNTDEsBEACiZ+AWNaj80CvSIV9T+mlPClETM+pxEHuB+vldasG+BWsyyb2d
AH390MSjXzs4RaiDGAXgZKnP9bhlWV/6BYcF0edz+G+Ux89L+D/c6miWFqwywQ7G
FRBh10WDriNbSF6UoD6TJX9Kc2KIgeDQ7LFL1PsiFjsO/cUBfDmSvMWd/zzIV4Ug
QdqFjjHdPSTr5w9D5YDS5FY2UOmcrxyNU66PoGkIp0Cqjgaieszxx3/CkGtktn0T
M/dwP+yafgH5uUDRfgFR5McTvu4E53CAimsiv05wodXmnoELojVDrEYciJIrfGRx
fCj+tiWsz0IcJCJ/ND1UExlI5so5tx0YaYMapx3PCb7+ZrZEUrRa3xK6m+ZU2Qfk
XQJmUSnKuIsKP4Uo8ysMPxDuWrCap4nxw2uNsGgPXXnExJgVoWfyR0qMr16+BUSu
Yrtfng19npv/Y381Y6hB8uRWRNRbaG8MEAHrgdPkb6853cbXT6A+k3KbZJVcEZsv
XCS2lFuWaZTQGA1G4mj7TbudjvHLuDV8VbPsyxotgAHITSh6pekBuJFPOVhAZN41
HyPNMZnE7eoW6DmShrdC+TjIVpzliqiLytDfGabIMNbnQDWdHxhzqq/Vn07ObOVp
0MGn7PaGeyF+rmi0h1ttab3Dioku49dljjuz+uNhBcu1CB/CegIdtRVyDwARAQAB
tCJBbmRyZXcgQXllciA8YWd3YUBhbmRyZXdheWVyLm5hbWU+iQI6BBMBCAAkAhsB
BQsJCAcDBRUKCQgLBRYDAgEAAh4BAheABQJTUwz6AhkBAAoJEBA3jvwggAgM0BwQ
AI8tAYxpeHyN+6StVAiu+wY2n2SNuunsORVmqyiICDOruxPTr4ulsP8vKM7Y4L9H
lpJqfW/g65cByuZ48dFciQmI97RfZjjZgAxejM1dq/Y0RJGpZ6I7pNNbWIxvDm7o
8mMeEQYT5S4vZKmreYZpzjLLZin+3gpBfljapGRikZNC1dzQu5JA0iCkWqIWmgto
O/kEmGKID9ShLB0H/f26K+jKfKuQ2unqlPgUPlQfd65yBN0m0SaESozs5hnCjMxS
oJSDnI0Kst0W/E/c0RZp5WJ3PECqnV0ru7xazMPLP3yNMrJVv3s6rKdiwzkQYUDj
10KxCDOChc9UfVRZfiVc4OlnK77L5EM3AWLrNOwx8ntcs67hJXrppoDVin87PyMG
SJE+DNKZk40oHLIrWCE43zS8p0k4OSGpJhiVev/o2FJImIiZXdYrm0gA3rA5OOM2
nDSyPlB0kOzMN03z7pzT319OMhf5KZgYRuoAU59IqdW+Iz2q1vfusuh0UU5GfP+U
XOuiiv9O9VqPTxpDOzmk5qnw8p3NNdwnqzop64wcBsNebyWGM52Hetd8bIwdFniI
XsBhzRxnMVmNdXwQ7zhPKwpgGA9vWkyZ15EuhDK0Wc3XQf51NWVjY9Pt/NgpwKli
CEqnd+sUszM78jXhvZjsWEkophudU6O615zYEEpTe+b/tB5BbmRyZXcgQXllciA8
YW5kcmV3QGFnd2EubmFtZT6JAjcEEwEIACEFAlNTDM8CGwEFCwkIBwMFFQoJCAsF
FgMCAQACHgECF4AACgkQEDeO/CCACAxWoA/+NYvxCoJ4V/TGZnYQJxT95qK+8uGS
sQmlAYlIbYAAr0zxe1+U0HxMVMh0pj211B8Nd6Qq46X2ZYmWSyAPA6tiiSg+Y5C9
2IGyCZ11oG98Op99nnPOEnKAPVgTtGgpMeomTPo768ucj0kvvbibGg3yMs1JBH2p
wBULHZLCswlKzDOgg4YZfa5eicXRJOjl1EVbdhPyMZrnJB5bFnkno8rSIJ1h3QkV
kWAJ0bPggHxsWiYOEJUjEkzr4zXjcCJKIyPWY9rZcgJNvo1Bwqx/E7Cs+XABuPtU
0OPIysXROANzsUMVt0NpcSJsAPJxt5L5EoCVRhTDjaK6kXglEcxqOqSzTsu61cKj
MAAyZY+qfTA2ILzPYgxiy+h4ReUxAHx0Bzd7w6L+tn1aPlc9nqDm1nzk9U8rzA5j
XDJJJOuC5yCzhQ2tpsAp/RRE+1sgiGV8D+LSXf2ZYBQbV9V6icFdhHUrqKzQsw7m
5C4n2Fk1wk54JTFO1j4rWarHiVeKuKWiBrQhhUJqFtJ/lpr6tIVsI5KuoWczHpQ0
RhCnUNFPj1JaMM09pLEkg9u/RRrVo6eSHy0vHKCqYZYUAldTGpE18kRlpTDgrN8T
jhBaiFrk8PBKPiE4Pt+5BgDZr8jP+CWA9Bc06E6EtV+fDdTexAj2Uw0JE0zZdhQc
1J1NNIMHc4WpS6+0JEFuZHJldyBBeWVyIDxhbmRyZXdAYW5kcmV3YXllci5uYW1l
PokCNwQTAQgAIQUCU1MMjQIbAQULCQgHAwUVCgkICwUWAwIBAAIeAQIXgAAKCRAQ
N478IIAIDDg1EACQ+stApB16L54LnS7YMFUHeUgaG3Hfu+WmIrvRn5UcT4hxRNsY
/c7nDumrwAmg8HiOXwe7V8MJMFUEEoQylWpYLFzOTlwDmVGUMczQScgi7RvK9zwJ
0475Wlpr/7wUrG0LyinLVf7GoKPtIkefzlydTzMu4xSr52t1sSGQqcWXDVJ2bCGf
KuvmDpv1gOORdp4g2lI0wOPWgPzm4ctqhzT58jFR5vQpzpr+H0qB35prcKa9TAIG
sbtF1bdSaOBkXev/IFhY07Fq35aqEuv27+aMJkYjhzIVSnm+/9Io/1L0RTpHZpgc
px08yfllq7Vf0buCiC8uEvdFVL4sHOlp9gVU21boLj4JJnZvlJ1m+gfIMAfhtt4R
2QNxKxC+jO2bBvj4j9dHBz0MQvAoJl121cjOAxZGMHye3eV0sHtE7UntxA5pQQv0
U2hx7A70yAlN2Np76xVDO9cae4aVUV7lCdY14L9e5Ww4mAknFMeIgbkoxWT2lMA+
1pfn541c6XUuuNfr1D9flYHbDFEYTUOFZ6ypAgOxkK+/wPYlz4d6MTBJ4fcoEhSF
qX0JVFW8Jrnqs4GsDmej9dibfYdk2a0qG69oSRF8Bujxdh41R+/C03LSnRBXhjHJ
SG/xSYoCcOL6y3aiJb2gK2lbrLxmeysCn7goGPp16VikSxHNFJkigRUqDbQhQW5k
cmV3IEF5ZXIgPGFnd2FAYW5kcmV3YXllci5jb20+iQI3BBMBCAAhBQJTUwyrAhsB
BQsJCAcDBRUKCQgLBRYDAgEAAh4BAheAAAoJEBA3jvwggAgMfWsP/2F+Ds4lIn7p
rdgEeK2kT4Sxn4ldATU8ZKjVe/RnTxWx+jqEHdsXkUAVEHNuUPYwtvETub2mMFBr
lguL1WWW09J1ihYEk4ErDT81kNP+8cGGDjLkv8FWjlLPUGrcZRMj52JP0saW7AIJ
2/OxvpC00xkpb5goy5yXUKVgzBhVUAcSx1a3vY92y+RnmcwhnQmlhAy+xpyO0Ju+
dEhNfBny+gc/YdWfha6sWed6fL0VWut2l1euEU9WIH/Mcd8NWGs10ez9iqVhRWi3
zpTWxkVBY0+PaPaHkqh6N3cCDEdFXXmVtP3nPvC+4k6vIUK+frIIffjDlOXhXaPB
bGZ2SyJcYJdsh6Lb3cnQ2ISHrlKy2CgVkExdgz8JeSF296OInQJmS/U9XFH2iN/w
Yivi93pUV9xvPaJTXOSUMA+szKXapPTH8zUNQ99tm7KiwV0aMXWKG0iNxjg7C0kO
vVuKGBKEpFdyNLL7uAE/bzs7WVZ8ztebZJTlScIU7KZUr931kR++VAzIFr7yYlaC
4c2TjiinStFsHgfRqaVoJfQIWQzxrli46LkaIVur3rzBJERNSpDcPlpF1wngXkFo
Jqt+c7MTVBeoaaAv5TAK0a/D027fUNtAyxtCPmkoHs6BWh38NDGO7VNBRNog0Vnm
ItcFmFtM0rcQV6DbUjUZdTYygPGq0MAWtCNBbmRyZXcgQXllciA8YW5kcmV3QGFu
ZHJld2F5ZXIuY29tPokCNwQTAQgAIQUCU1MMwgIbAQULCQgHAwUVCgkICwUWAwIB
AAIeAQIXgAAKCRAQN478IIAIDDN4D/0eINLgeE2mHs68kM6fXRf0jfDdyVYMvxnK
ZO0jq1sjurEYgw+tHQRHo5bsu52E1yneoam5pzucu6TXUVc2X7dGKfuqvsU55+Qo
IlqE0ai0tXlmc7orVzZFgLCTGrZgL2NL208h3EvlSeqy//6yA/rirMIRiD/vSb3A
u0EBXSav+x/o092W904jPzeLGGL9c9G6HxmAzGxRO0q5FfB7u1sI9bpgljC3mBVb
jUhD/ynIwkIZfTgQFRlBHtzy0HpcnlzxzcY7b/SB+8was1aEDetzuEeXOdTDXxd6
gVBFDZMyKtZU5jsprZDU6/nleka6/ji6ZMNIJvMgcJbgwV3i/ipKH3FfItcnTt+F
gx2q3j/pVYPyKo05tp2dBCgdyEKsTgc+QTqo0EOk5to8Gz7ebkyPGIELqIfBtPjp
hoB9oTpgmnAsgSnSGDfz4yD+8uU3FBOjrMNe5tucq+N8VVYZhCQFs8fAbrghh568
ahBcLDu4n9OvjZz5hHnpARtSOw2WmLdQ43JAnFa6F8rN98ymlP6X8CT3lTnPwkRL
+9l008KXP64nZStISozKwDb4zMfRn7iHbqs6reIlvgIOevkiMmPTyhhQ0zz6aLwy
ZNcQPK7wdXtynPydzAPfKbxfQkVpkQb/mgBgr2blZSu4Z5W491tDOTI/MF0gMTfA
eqavC9PhRrkCDQRTUw1OARAAyr3w+DujjQ+oiLrlnGu+DArnxK5lf8DzeVokFlSX
TJXSgCl4niJeQhodn3EtnDRdKimdvMxgW+iVU4MKhK/2xbf0rNSQDJv4iIub0wHH
Y8kkqsBU3vDjoTYraoFMjKWIvZEr9FJTiDgX4VruJAhwydjknrSWdK7As9PzqU0l
C7ReHRJIJLu20EeVCVoGuyVmRfendTXDbflvZhUhTitcgJbNek272u521lYbk3g1
knMWhwmdsy95ZqNbjk4iMJ6eq4l2MA/yka4V4zA7P9L0WBjuFyImVix4WyaF+TIN
/t8eX+zF6VfImoKlMer8qpMmGaFBKxOdGdAH+YpoP8sysSrFDV0iSbA/WwbNa4e7
F8eras4B/sFWIldXlSd0yLqdNe8ZB0vPDS44tNcmDYz3cWIH1mDF1AbHDBbOxwa+
FkcHDPjYrnIQbFI3Z+rzOqc8vOeiNPHggPSDRjM6duah4aOLp6RYEYc/2ouO1yMD
UlWQ+eGDvqAvIt3HH2y78fbkl3K2VVA+gd5w9oxDKxXKZxp/y5RVVYCZUAv1lllT
87dRMXignTVEIsF8VdESrHhRYUQW+2wP40hKZIPEaWS5BSH/d/qGgDSBsVPbDlas
4n3FJ+SVil6xm0hJ+29Xw/GDMc+uQfs8TkPxbM0cjn59oZb6I3Zhxy+KWSxdCN2g
8nMAEQEAAYkERAQYAQgADwIbAgUCU1MO8wUJB4TPXQIpwV0gBBkBCAAGBQJTUw1O
AAoJEJ0V9ORH5MgyJTQP/0cSeXYZ+G7EKEjM+xHfjUyNavahVZ+rfiLzZpU+os4s
SGwd4annJ4Z56UMA+1U5Qm34+rH+E72qTJAEhg512CQJnFejVKqBuVzBsxaO5aLK
nSafGk3Ixev4JraspFtDmSflVHrQFVKeu3oF+tjE2elHHhhV8I1N8eA2HTiwlTpD
9RgQ1nFw9KM4+ncBm56dK3lVQbgT7XPz6noIPhXpAKH1THthvIyjUDyTqeRUrgHL
eeFtKXWnsiUMi5z3dz1lK0QacGaykl+VtLXlUIffh7IpLp3MoiaboXV2UdocIrZ3
vg00wBrZ01w7L10LB0Jl1NEH5ccbezAVCaW3/2MT6C7BnQZqpjQiKncrnx2YoupJ
+OWJT2QOQoLOKwL4ShHB8Dae4RD0aTcmTTVBEteSvH32hhcsXChMi1Dzsf6cvNmV
pl54VkfWmZqyfTl7LjqpQsOcUtDshFPQMziKF8pSyhSYiuImvLFwypTe4KtDqA/U
d1v9XB40mniAUTC5dWO+80MhOB4NpXNNSXP22DzpDZvfhdTxSCwc70bpWJIRVpuT
gVvVjqOiCVanNXqwh14Nn+/SaRDx19BglXhniBWNEXN8f2dhI3YkZ2ovS/t6mfxn
aymghsKL1yvu8zdTFZsmAhYdpTBIB9zMjoNs3TNb8I+X26oPUjSKZ1/+oAacGTtJ
CRAQN478IIAIDBXvD/sG09+tMC30Tcq6DuycebKiuHfIioBdWTNLTz3Pahi0C/4e
WDcd0H8hcxUz9cdBnUs5uvUwdo07bqVb+zJ0PidDdCpCSDwNH9Zn98Duy7QVPtAU
psPApSe2Y23zh4tr37c31dlUIsRCiGfjIjjoCFg3NZMxmw4y3UhUMPNemDt+rB+t
XmstUc03xdaUrrssAxZf/qhNy9tPucHGl1Uuq1c8ANhdgmosMacfxb9i/kcCErTl
Kz3DwZPVdE4Q/KcaiTOBxBthlvpZM27h//BeT/Yo2Hy/X7nzhhyscPqaDj/HOCbt
O/wyH/kv4z++bzy7FSERMJTQvAaYEbhWE71l+sSBJT1ZJnafDXX+b9ZlSE7Im5C8
mjGc1XX9Mw1eXzLh7wiC+BEEr4S9qOkyKtSKcQ/m+UjOARXrqA1qhDp1mmhSVNsW
UnhWabsO9TwxcRdSX98ql+rNYBjN7tsqzq3G3R3oFeaGevAqPqJFbAFhGhB33UP1
yolOPxGP6u2NdNFmGQ2vVlzJNzY5QAk2cekIZWJLd8YEcXeijPo1BX4eTg4V6d61
EWIKoSHBeKVwhuCg9l6ZFrNzUoHGP4yKDXJood71KBulDSSUkzIM05ngfcajz1RS
R9szqJlNAuLHpQHOZEI1k38sQrnPoqwzyshgU7S/vLAT6hr666bJ2i9l82X077kC
DQRTUw4RARAA30ouhOBeAX4ORzDmeyP9MjuDZWArkJv22PI5ijISIyRjUdYogvqY
XAm2z0RTzD4waW9lSabumDqVGd5MzTm0GTaIw/E+7rx08vnBVRlHLpAOZMUogNEG
p+3uXhgHmar0uhVhYar1v6SUqscray+wtnkRnXQkitkD0zzTWGx17LnWPOguNDsU
uYjWoAYgEiS9g3UYLfexQRVxae7n6YTDedNfjuMKAmmc+ixWDHQ9Dcjc4oJacV5z
iz78NYdXoPA3101lKPzUGqRye/Rvm0/GXzht5nhsIMB/X/FIk6qlbCAP/VpVRpYD
KE7N3juJY7jwoCze9d3TZx6jU8IR/rD1uuDW/gjyPVAHAcE1fRwjErtR1TsFcXdY
wtTJx+Rzq6gaS1mfeV90/V2RY0i+nqGhmY+o+lLt1uozX3iTO2X9cF/REp9i6Rly
TOUMAPW7mOryN9Yv/WAkG4S/WgtnZRCA0M88jFSgX8go+Y2Z6yAUynEXDREH9VMI
rw0kNhvOzfWSAyBOuNfNrehShR6RMtAKs/JC+VEwhvDD+avFNHywpn7fGMa2WqFw
x337Yz6wARJ5g9vBCMJBWMhWT62cMQK62TLVkW5lbULSVwUAsbNyZMaQks7kfas3
9w3gr66Bc/2v4PaQMUQ3I79yO/f6zsxu9vZ1yxPtKOGwGHQvnCdRMlMAEQEAAYkC
JQQYAQgADwIbDAUCU1MPDQUJB4TO+QAKCRAQN478IIAIDFQcEACFi6e4/++dhkPT
e1dnaifmSINXthSFkOAp8OR0mK2/0Ged6UmbyxPd7gKQJUXFV5Mz5Sj8G6N4YCLl
+55k67gwZwzZ62EYB41FnjkXKILBgP+mt2c0SCuwwwz9g8Jx351l2Cfatz6SoviE
XjQURDHPxsqK1mfKMmoMWo4Ii68hzKrBg0mcdxeJeYj/t8l0ug2JQApnJsaE+5QC
3U9txBYm1Rpsaz/IFvlGJS9CkZyQA7ci/eMmoKn+/R8Gk48avkM0vFmUz9T8saIr
g0F5T7ThjC8575PNtInpDZRp9V3PdeKtiA9Fky11fNi0VS7luurKQ3I0UJfdyxe1
Sb/kvwSu++zEDEG5/li4GfMBqiZTV6oZJ9fzZnrGjEyiRSLN7GA4T1KC795zm/63
MrTaTf/3G6iRLNcvEdcWTiSHlFSkpx+qQHoijs0KU6uzdvHwtKKX/UBrk837SOFL
AEqn8ebsOKYiO4gA0ismpAt9NQwqsKq0rhyZAIDl9hSjwGBqX24NA7qnkoZNZySC
YBn0ZZRr3VGyeNWgtZg/KIiyKX7xmEUgBswt/U42x5wG3SdhAiSn6If/y8dTpfzT
kXF2+jp/tbGpm1qHi6qrkdMqCHCf67beh9SmlKa8nYyb1fpEcNBBElA8AAFgaYKh
zZq3C24mS3JwlqDwjT/Ut1/tChr3wQ==
=ZMwd
-----END PGP PUBLIC KEY BLOCK-----

2
debian/watch vendored Normal file
View File

@@ -0,0 +1,2 @@
version=3
opts=pgpsigurlmangle=s/$/.asc/ https://www.agwa.name/projects/git-crypt/ .*/git-crypt-(\d.*)\.(?:zip|tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz)))

2
git-crypt.hpp
View File

@@ -31,7 +31,7 @@
#ifndef GIT_CRYPT_GIT_CRYPT_HPP
#define GIT_CRYPT_GIT_CRYPT_HPP
#define VERSION "0.7.0"
#define VERSION "0.5.0"
extern const char* argv0; // initialized in main() to argv[0]

20
gpg.cpp
View File

@@ -30,18 +30,8 @@
#include "gpg.hpp"
#include "util.hpp"
#include "commands.hpp"
#include <sstream>
static std::string gpg_get_executable()
{
std::string gpgbin = "gpg";
try {
gpgbin = get_git_config("gpg.program");
} catch (...) {
}
return gpgbin;
}
static std::string gpg_nth_column (const std::string& line, unsigned int col)
{
std::string::size_type pos = 0;
@@ -72,7 +62,7 @@ std::string gpg_get_uid (const std::string& fingerprint)
{
// gpg --batch --with-colons --fixed-list-mode --list-keys 0x7A399B2DB06D039020CD1CE1D0F3702D61489532
std::vector<std::string> command;
command.push_back(gpg_get_executable());
command.push_back("gpg");
command.push_back("--batch");
command.push_back("--with-colons");
command.push_back("--fixed-list-mode");
@@ -104,7 +94,7 @@ std::vector<std::string> gpg_lookup_key (const std::string& query)
// gpg --batch --with-colons --fingerprint --list-keys jsmith@example.com
std::vector<std::string> command;
command.push_back(gpg_get_executable());
command.push_back("gpg");
command.push_back("--batch");
command.push_back("--with-colons");
command.push_back("--fingerprint");
@@ -135,7 +125,7 @@ std::vector<std::string> gpg_list_secret_keys ()
{
// gpg --batch --with-colons --list-secret-keys --fingerprint
std::vector<std::string> command;
command.push_back(gpg_get_executable());
command.push_back("gpg");
command.push_back("--batch");
command.push_back("--with-colons");
command.push_back("--list-secret-keys");
@@ -164,7 +154,7 @@ void gpg_encrypt_to_file (const std::string& filename, const std::string& recipi
{
// gpg --batch -o FILENAME -r RECIPIENT -e
std::vector<std::string> command;
command.push_back(gpg_get_executable());
command.push_back("gpg");
command.push_back("--batch");
if (key_is_trusted) {
command.push_back("--trust-model");
@@ -184,7 +174,7 @@ void gpg_decrypt_from_file (const std::string& filename, std::ostream& output)
{
// gpg -q -d FILENAME
std::vector<std::string> command;
command.push_back(gpg_get_executable());
command.push_back("gpg");
command.push_back("-q");
command.push_back("-d");
command.push_back(filename);

4
man/git-crypt.xml
View File

@@ -7,8 +7,8 @@
-->
<refentryinfo>
<title>git-crypt</title>
<date>2022-04-21</date>
<productname>git-crypt 0.7.0</productname>
<date>2015-05-30</date>
<productname>git-crypt 0.5.0</productname>
<author>
<othername>Andrew Ayer</othername>

2
parse_options.cpp
View File

@@ -43,7 +43,7 @@ int parse_options (const Options_list& options, int argc, const char** argv)
{
int argi = 0;
while (argi < argc && argv[argi][0] == '-' && argv[argi][1] != '\0') {
while (argi < argc && argv[argi][0] == '-') {
if (std::strcmp(argv[argi], "--") == 0) {
++argi;
break;

83
util-unix.cpp
View File

@@ -125,20 +125,40 @@ void mkdir_parent (const std::string& path)
}
}
static std::string readlink (const char* pathname)
{
std::vector<char> buffer(64);
ssize_t len;
while ((len = ::readlink(pathname, &buffer[0], buffer.size())) == static_cast<ssize_t>(buffer.size())) {
// buffer may have been truncated - grow and try again
buffer.resize(buffer.size() * 2);
}
if (len == -1) {
throw System_error("readlink", pathname, errno);
}
return std::string(buffer.begin(), buffer.begin() + len);
}
std::string our_exe_path ()
{
if (argv0[0] == '/') {
// argv[0] starts with / => it's an absolute path
return argv0;
} else if (std::strchr(argv0, '/')) {
// argv[0] contains / => it a relative path that should be resolved
char* resolved_path_p = realpath(argv0, nullptr);
std::string resolved_path(resolved_path_p);
free(resolved_path_p);
return resolved_path;
} else {
// argv[0] is just a bare filename => not much we can do
return argv0;
try {
return readlink("/proc/self/exe");
} catch (const System_error&) {
if (argv0[0] == '/') {
// argv[0] starts with / => it's an absolute path
return argv0;
} else if (std::strchr(argv0, '/')) {
// argv[0] contains / => it a relative path that should be resolved
char* resolved_path_p = realpath(argv0, NULL);
std::string resolved_path(resolved_path_p);
free(resolved_path_p);
return resolved_path;
} else {
// argv[0] is just a bare filename => not much we can do
return argv0;
}
}
}
@@ -149,7 +169,7 @@ int exit_status (int wait_status)
void touch_file (const std::string& filename)
{
if (utimes(filename.c_str(), nullptr) == -1 && errno != ENOENT) {
if (utimes(filename.c_str(), NULL) == -1 && errno != ENOENT) {
throw System_error("utimes", filename, errno);
}
}
@@ -179,6 +199,19 @@ int util_rename (const char* from, const char* to)
return rename(from, to);
}
static size_t sizeof_dirent_for (DIR* p)
{
long name_max = fpathconf(dirfd(p), _PC_NAME_MAX);
if (name_max == -1) {
#ifdef NAME_MAX
name_max = NAME_MAX;
#else
name_max = 255;
#endif
}
return offsetof(struct dirent, d_name) + name_max + 1; // final +1 is for d_name's null terminator
}
std::vector<std::string> get_directory_contents (const char* path)
{
std::vector<std::string> contents;
@@ -188,23 +221,19 @@ std::vector<std::string> get_directory_contents (const char* path)
throw System_error("opendir", path, errno);
}
try {
errno = 0;
// Note: readdir is reentrant in new implementations. In old implementations,
// it might not be, but git-crypt isn't multi-threaded so that's OK.
// We don't use readdir_r because it's buggy and deprecated:
// https://womble.decadent.org.uk/readdir_r-advisory.html
// http://austingroupbugs.net/view.php?id=696
// http://man7.org/linux/man-pages/man3/readdir_r.3.html
while (struct dirent* ent = readdir(dir)) {
if (!(std::strcmp(ent->d_name, ".") == 0 || std::strcmp(ent->d_name, "..") == 0)) {
contents.push_back(ent->d_name);
std::vector<unsigned char> buffer(sizeof_dirent_for(dir));
struct dirent* dirent_buffer = reinterpret_cast<struct dirent*>(&buffer[0]);
struct dirent* ent = NULL;
int err = 0;
while ((err = readdir_r(dir, dirent_buffer, &ent)) == 0 && ent != NULL) {
if (std::strcmp(ent->d_name, ".") == 0 || std::strcmp(ent->d_name, "..") == 0) {
continue;
}
contents.push_back(ent->d_name);
}
if (errno) {
throw System_error("readdir", path, errno);
if (err != 0) {
throw System_error("readdir_r", path, errno);
}
} catch (...) {
closedir(dir);
throw;

12
util-win32.cpp
View File

@@ -46,12 +46,12 @@ std::string System_error::message () const
LPTSTR error_message;
FormatMessageA(
FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
nullptr,
NULL,
error,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
reinterpret_cast<LPTSTR>(&error_message),
0,
nullptr);
NULL);
mesg += error_message;
LocalFree(error_message);
}
@@ -100,7 +100,7 @@ void mkdir_parent (const std::string& path)
std::string prefix(path.substr(0, slash));
if (GetFileAttributes(prefix.c_str()) == INVALID_FILE_ATTRIBUTES) {
// prefix does not exist, so try to create it
if (!CreateDirectory(prefix.c_str(), nullptr)) {
if (!CreateDirectory(prefix.c_str(), NULL)) {
throw System_error("CreateDirectory", prefix, GetLastError());
}
}
@@ -114,7 +114,7 @@ std::string our_exe_path ()
std::vector<char> buffer(128);
size_t len;
while ((len = GetModuleFileNameA(nullptr, &buffer[0], buffer.size())) == buffer.size()) {
while ((len = GetModuleFileNameA(NULL, &buffer[0], buffer.size())) == buffer.size()) {
// buffer may have been truncated - grow and try again
buffer.resize(buffer.size() * 2);
}
@@ -132,7 +132,7 @@ int exit_status (int status)
void touch_file (const std::string& filename)
{
HANDLE fh = CreateFileA(filename.c_str(), FILE_WRITE_ATTRIBUTES, FILE_SHARE_READ, nullptr, OPEN_EXISTING, 0, nullptr);
HANDLE fh = CreateFileA(filename.c_str(), FILE_WRITE_ATTRIBUTES, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL);
if (fh == INVALID_HANDLE_VALUE) {
DWORD error = GetLastError();
if (error == ERROR_FILE_NOT_FOUND) {
@@ -146,7 +146,7 @@ void touch_file (const std::string& filename)
FILETIME file_time;
SystemTimeToFileTime(&system_time, &file_time);
if (!SetFileTime(fh, nullptr, nullptr, &file_time)) {
if (!SetFileTime(fh, NULL, NULL, &file_time)) {
DWORD error = GetLastError();
CloseHandle(fh);
throw System_error("SetFileTime", filename, error);