Update URL for docbook.xsl

Closes: #142

.github/workflows/release-linux-arm64.yml

@@ -0,0 +1,46 @@
+on:
+  release:
+    types: [published]
+name: Build Release Binary (Linux ARM64)
+jobs:
+  build:
+    name: Build Release Binary
+    runs-on: ubuntu-22.04-arm
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Install dependencies
+        run: sudo apt install libssl-dev
+      - name: Build binary
+        run: make
+      - name: Upload release artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: git-crypt-artifacts
+          path: git-crypt
+  upload:
+    name: Upload Release Binary
+    runs-on: ubuntu-latest
+    needs: build
+    permissions:
+      contents: write
+    steps:
+      - name: Download release artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: git-crypt-artifacts
+      - name: Upload release asset
+        uses: actions/github-script@v6
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const fs = require("fs").promises;
+            const { repo: { owner, repo }, sha } = context;
+            await github.rest.repos.uploadReleaseAsset({
+              owner, repo,
+              release_id: ${{ github.event.release.id }},
+              name: 'git-crypt-${{ github.event.release.name }}-linux-aarch64',
+              data: await fs.readFile('git-crypt'),
+            });

.github/workflows/release-linux.yml

@@ -0,0 +1,46 @@
+on:
+  release:
+    types: [published]
+name: Build Release Binary (Linux)
+jobs:
+  build:
+    name: Build Release Binary
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Install dependencies
+        run: sudo apt install libssl-dev
+      - name: Build binary
+        run: make
+      - name: Upload release artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: git-crypt-artifacts
+          path: git-crypt
+  upload:
+    name: Upload Release Binary
+    runs-on: ubuntu-latest
+    needs: build
+    permissions:
+      contents: write
+    steps:
+      - name: Download release artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: git-crypt-artifacts
+      - name: Upload release asset
+        uses: actions/github-script@v6
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const fs = require("fs").promises;
+            const { repo: { owner, repo }, sha } = context;
+            await github.rest.repos.uploadReleaseAsset({
+              owner, repo,
+              release_id: ${{ github.event.release.id }},
+              name: 'git-crypt-${{ github.event.release.name }}-linux-x86_64',
+              data: await fs.readFile('git-crypt'),
+            });

.github/workflows/release-windows.yml

@@ -0,0 +1,56 @@
+on:
+  release:
+    types: [published]
+name: Build Release Binary (Windows)
+jobs:
+  build:
+    name: Build Release Binary
+    runs-on: windows-2022
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Setup msys2
+        uses: msys2/setup-msys2@v2
+        with:
+          msystem: MINGW64
+          update: true
+          install: >-
+            base-devel
+            msys2-devel
+            mingw-w64-x86_64-toolchain
+            mingw-w64-x86_64-openssl
+            openssl-devel
+      - name: Build binary
+        shell: msys2 {0}
+        run: make LDFLAGS="-static-libstdc++ -static -lcrypto -lws2_32 -lcrypt32"
+      - name: Upload release artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: git-crypt-artifacts
+          path: git-crypt.exe
+  upload:
+    name: Upload Release Binary
+    runs-on: ubuntu-latest
+    needs: build
+    permissions:
+      contents: write
+    steps:
+      - name: Download release artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: git-crypt-artifacts
+      - name: Upload release asset
+        uses: actions/github-script@v6
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const fs = require("fs").promises;
+            const { repo: { owner, repo }, sha } = context;
+            await github.rest.repos.uploadReleaseAsset({
+              owner, repo,
+              release_id: ${{ github.event.release.id }},
+              name: 'git-crypt-${{ github.event.release.name }}-x86_64.exe',
+              data: await fs.readFile('git-crypt.exe'),
+            });

CONTRIBUTING.md

@@ -4,8 +4,7 @@ documentation, bug reports, or anything else that improves git-crypt.
 
 When contributing code, please consider the following guidelines:
 
- * You are encouraged to open an issue on GitHub or send mail to
+ * You are encouraged to open an issue on GitHub to discuss any non-trivial
-   git-crypt-discuss@lists.cloudmutt.com to discuss any non-trivial
    changes before you start coding.
 
  * Please mimic the existing code style as much as possible.  In
@@ -15,8 +14,7 @@ When contributing code, please consider the following guidelines:
  * To minimize merge commits, please rebase your changes before opening
    a pull request.
 
- * To submit your patch, open a pull request on GitHub or send a
+ * To submit your patch, open a pull request on GitHub.
-   properly-formatted patch to git-crypt-discuss@lists.cloudmutt.com.
 
 Finally, be aware that since git-crypt is security-sensitive software,
 the bar for contributions is higher than average.  Please don't be

Makefile

@@ -11,7 +11,7 @@ BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
 
 ENABLE_MAN ?= no
-DOCBOOK_XSL ?= http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl
+DOCBOOK_XSL ?= http://cdn.docbook.org/release/xsl-nons/current/manpages/docbook.xsl
 
 OBJFILES = \
     git-crypt.o \
@@ -24,7 +24,7 @@ OBJFILES = \
     coprocess.o \
     fhstream.o
 
-OBJFILES += crypto-openssl-10.o crypto-openssl-11.o
+OBJFILES += crypto-openssl-11.o
 LDFLAGS += -lcrypto
 
 XSLTPROC ?= xsltproc

NEWS

@@ -1,70 +0,0 @@
-v0.6.0 (2017-11-26)
-  * Add support for OpenSSL 1.1 (still works with OpenSSL 1.0).
-  * Switch to C++11 (gcc 4.9 or higher now required to build).
-  * Allow GPG to fail on some keys (makes unlock work better if there are
-    multiple keys that can unlock the repo but only some are available).
-  * Allow the repo state directory to be configured with the
-    git-crypt.repoStateDir git config option.
-  * Respect the gpg.program git config option.
-  * Don't hard code path to git-crypt in .git/config on Linux (ensures
-    repo continues to work if git-crypt is moved).
-  * Ensure git-crypt's gpg files won't be treated as text by Git.
-  * Minor improvements to build system, documentation.
-
-v0.5.0 (2015-05-30)
-  * Drastically speed up lock/unlock when used with Git 1.8.5 or newer.
-  * Add git-crypt(1) man page (pass ENABLE_MAN=yes to make to build).
-  * Add --trusted option to 'git-crypt gpg-add-user' to add user even if
-    GPG doesn't trust user's key.
-  * Improve 'git-crypt lock' usability, add --force option.
-  * Ignore symlinks and other non-files when running 'git-crypt status'.
-  * Fix compilation on old versions of Mac OS X.
-  * Fix GPG mode when with-fingerprint enabled in gpg.conf.
-  * Minor bug fixes and improvements to help/error messages.
-
-v0.4.2 (2015-01-31)
-  * Fix unlock and lock under Git 2.2.2 and higher.
-  * Drop support for versions of Git older than 1.7.2.
-  * Minor improvements to some help/error messages.
-
-v0.4.1 (2015-01-08)
-  * Important usability fix to ensure that the .git-crypt directory
-    can't be encrypted by accident (see RELEASE_NOTES-0.4.1.md for
-    more information).
-
-v0.4 (2014-11-16)
-  (See RELEASE_NOTES-0.4.md for important details.)
-  * Add optional GPG support: GPG can be used to share the repository
-    between one or more users in lieu of sharing a secret key.
-  * New workflow: the symmetric key is now stored inside the .git
-    directory.  Although backwards compatibility has been preserved
-    with repositories created by old versions of git-crypt, the
-    commands for setting up a repository have changed.  See the
-    release notes file for details.
-  * Multiple key support: it's now possible to encrypt different parts
-    of a repository with different keys.
-  * Initial 'git-crypt status' command to report which files are
-    encrypted and to fix problems that are detected.
-  * Numerous usability, documentation, and error reporting improvements.
-  * Major internal code improvements that will make future development
-    easier.
-  * Initial experimental Windows support.
-
-v0.3 (2013-04-05)
-  * Fix 'git-crypt init' on newer versions of Git.  Previously,
-    encrypted files were not being automatically decrypted after
-    running 'git-crypt init' with recent versions of Git.
-  * Allow 'git-crypt init' to be run even if the working tree contains
-    untracked files.
-  * 'git-crypt init' now properly escapes arguments to the filter
-    commands it configures, allowing both the path to git-crypt and the
-    path to the key file to contain arbitrary characters such as spaces.
-
-v0.2 (2013-01-25)
-  * Numerous improvements to 'git-crypt init' usability.
-  * Fix gitattributes example in README: the old example showed a colon
-    after the filename where there shouldn't be one.
-  * Various build fixes and improvements.
-
-v0.1 (2012-11-29)
-  * Initial release.

NEWS.md

@@ -1,7 +1,15 @@
-News
+# Change Log
-====
 
-######v0.6.0 (2017-11-26)
+## v0.8.0 (2025-09-23)
+* Remove OpenSSL 1.0 support, fix compilation with OpenSSL 3.
+* Avoid use of problematic short GPG key IDs.
+
+## v0.7.0 (2022-04-21)
+* Avoid "argument list too long" errors on macOS.
+* Fix handling of "-" arguments.
+* Minor documentation improvements.
+
+## v0.6.0 (2017-11-26)
 * Add support for OpenSSL 1.1 (still works with OpenSSL 1.0).
 * Switch to C++11 (gcc 4.9 or higher now required to build).
 * Allow GPG to fail on some keys (makes unlock work better if there are
@@ -14,7 +22,7 @@ News
 * Ensure git-crypt's gpg files won't be treated as text by Git.
 * Minor improvements to build system, documentation.
 
-######v0.5.0 (2015-05-30)
+## v0.5.0 (2015-05-30)
 * Drastically speed up lock/unlock when used with Git 1.8.5 or newer.
 * Add git-crypt(1) man page (pass `ENABLE_MAN=yes` to make to build).
 * Add --trusted option to `git-crypt gpg-add-user` to add user even if
@@ -25,49 +33,49 @@ News
 * Fix GPG mode when with-fingerprint enabled in gpg.conf.
 * Minor bug fixes and improvements to help/error messages.
 
-######v0.4.2 (2015-01-31)
+## v0.4.2 (2015-01-31)
 * Fix unlock and lock under Git 2.2.2 and higher.
 * Drop support for versions of Git older than 1.7.2.
 * Minor improvements to some help/error messages.
 
-######v0.4.1 (2015-01-08)
+## v0.4.1 (2015-01-08)
 * Important usability fix to ensure that the .git-crypt directory
   can't be encrypted by accident (see
   [the release notes](RELEASE_NOTES-0.4.1.md) for more information).
 
-######v0.4 (2014-11-16)
+## v0.4 (2014-11-16)
 (See [the release notes](RELEASE_NOTES-0.4.md) for important details.)
-*   Add optional GPG support: GPG can be used to share the repository
+* Add optional GPG support: GPG can be used to share the repository
-    between one or more users in lieu of sharing a secret key.
+  between one or more users in lieu of sharing a secret key.
-*   New workflow: the symmetric key is now stored inside the .git
+* New workflow: the symmetric key is now stored inside the .git
-    directory.  Although backwards compatibility has been preserved
+  directory.  Although backwards compatibility has been preserved
-    with repositories created by old versions of git-crypt, the
+  with repositories created by old versions of git-crypt, the
-    commands for setting up a repository have changed.  See the
+  commands for setting up a repository have changed.  See the
-    release notes file for details.
+  release notes file for details.
-*   Multiple key support: it's now possible to encrypt different parts
+* Multiple key support: it's now possible to encrypt different parts
-    of a repository with different keys.
+  of a repository with different keys.
-*   Initial `git-crypt status` command to report which files are
+* Initial `git-crypt status` command to report which files are
-    encrypted and to fix problems that are detected.
+  encrypted and to fix problems that are detected.
-*   Numerous usability, documentation, and error reporting improvements.
+* Numerous usability, documentation, and error reporting improvements.
-*   Major internal code improvements that will make future development
+* Major internal code improvements that will make future development
-    easier.
+  easier.
-*   Initial experimental Windows support.
+* Initial experimental Windows support.
 
-######v0.3 (2013-04-05)
+## v0.3 (2013-04-05)
-*   Fix `git-crypt init` on newer versions of Git.  Previously,
+* Fix `git-crypt init` on newer versions of Git.  Previously,
-    encrypted files were not being automatically decrypted after running
+  encrypted files were not being automatically decrypted after running
-    `git-crypt init` with recent versions of Git.
+  `git-crypt init` with recent versions of Git.
-*   Allow `git-crypt init` to be run even if the working tree contains
+* Allow `git-crypt init` to be run even if the working tree contains
-    untracked files.
+  untracked files.
-*   `git-crypt init` now properly escapes arguments to the filter
+* `git-crypt init` now properly escapes arguments to the filter
-    commands it configures, allowing both the path to git-crypt and the
+  commands it configures, allowing both the path to git-crypt and the
-    path to the key file to contain arbitrary characters such as spaces.
+  path to the key file to contain arbitrary characters such as spaces.
 
-######v0.2 (2013-01-25)
+## v0.2 (2013-01-25)
-*   Numerous improvements to `git-crypt init` usability.
+* Numerous improvements to `git-crypt init` usability.
-*   Fix gitattributes example in [README](README.md): the old example
+* Fix gitattributes example in [README](README.md): the old example
-    showed a colon after the filename where there shouldn't be one.
+  showed a colon after the filename where there shouldn't be one.
-*   Various build fixes and improvements.
+* Various build fixes and improvements.
 
-######v0.1 (2012-11-29)
+## v0.1 (2012-11-29)
-*   Initial release.
+* Initial release.

README

@@ -1,157 +0,0 @@
-ABOUT GIT-CRYPT
-
-git-crypt enables transparent encryption and decryption of files in a
-git repository.  Files which you choose to protect are encrypted when
-committed, and decrypted when checked out.  git-crypt lets you freely
-share a repository containing a mix of public and private content.
-git-crypt gracefully degrades, so developers without the secret key can
-still clone and commit to a repository with encrypted files.  This lets
-you store your secret material (such as keys or passwords) in the same
-repository as your code, without requiring you to lock down your entire
-repository.
-
-git-crypt was written by Andrew Ayer <agwa@andrewayer.name>.  For more
-information, see <https://www.agwa.name/projects/git-crypt>.
-
-
-BUILDING GIT-CRYPT
-
-See the INSTALL file.
-
-
-USING GIT-CRYPT
-
-Configure a repository to use git-crypt:
-
-	$ cd repo
-	$ git-crypt init
-
-Specify files to encrypt by creating a .gitattributes file:
-
-	secretfile filter=git-crypt diff=git-crypt
-	*.key filter=git-crypt diff=git-crypt
-
-Like a .gitignore file, it can match wildcards and should be checked into
-the repository.  See below for more information about .gitattributes.
-Make sure you don't accidentally encrypt the .gitattributes file itself
-(or other git files like .gitignore or .gitmodules).  Make sure your
-.gitattributes rules are in place *before* you add sensitive files, or
-those files won't be encrypted!
-
-Share the repository with others (or with yourself) using GPG:
-
-	$ git-crypt add-gpg-user USER_ID
-
-USER_ID can be a key ID, a full fingerprint, an email address, or anything
-else that uniquely identifies a public key to GPG (see "HOW TO SPECIFY
-A USER ID" in the gpg man page).  Note: `git-crypt add-gpg-user` will
-add and commit a GPG-encrypted key file in the .git-crypt directory of
-the root of your repository.
-
-Alternatively, you can export a symmetric secret key, which you must
-securely convey to collaborators (GPG is not required, and no files
-are added to your repository):
-
-	$ git-crypt export-key /path/to/key
-
-After cloning a repository with encrypted files, unlock with with GPG:
-
-	$ git-crypt unlock
-
-Or with a symmetric key:
-
-	$ git-crypt unlock /path/to/key
-
-That's all you need to do - after git-crypt is set up (either with
-`git-crypt init` or `git-crypt unlock`), you can use git normally -
-encryption and decryption happen transparently.
-
-
-CURRENT STATUS
-
-The latest version of git-crypt is 0.6.0, released on 2017-11-26.
-git-crypt aims to be bug-free and reliable, meaning it shouldn't
-crash, malfunction, or expose your confidential data.  However,
-it has not yet reached maturity, meaning it is not as documented,
-featureful, or easy-to-use as it should be.  Additionally, there may be
-backwards-incompatible changes introduced before version 1.0.
-
-
-SECURITY
-
-git-crypt is more secure than other transparent git encryption systems.
-git-crypt encrypts files using AES-256 in CTR mode with a synthetic IV
-derived from the SHA-1 HMAC of the file.  This mode of operation is
-provably semantically secure under deterministic chosen-plaintext attack.
-That means that although the encryption is deterministic (which is
-required so git can distinguish when a file has and hasn't changed),
-it leaks no information beyond whether two files are identical or not.
-Other proposals for transparent git encryption use ECB or CBC with a
-fixed IV.  These systems are not semantically secure and leak information.
-
-
-LIMITATIONS
-
-git-crypt relies on git filters, which were not designed with encryption
-in mind.  As such, git-crypt is not the best tool for encrypting most or
-all of the files in a repository. Where git-crypt really shines is where
-most of your repository is public, but you have a few files (perhaps
-private keys named *.key, or a file with API credentials) which you
-need to encrypt.  For encrypting an entire repository, consider using a
-system like git-remote-gcrypt <https://spwhitton.name/tech/code/git-remote-gcrypt/>
-instead.  (Note: no endorsement is made of git-remote-gcrypt's security.)
-
-git-crypt does not encrypt file names, commit messages, symlink targets,
-gitlinks, or other metadata.
-
-git-crypt does not hide when a file does or doesn't change, the length
-of a file, or the fact that two files are identical (see "Security"
-section above).
-
-Files encrypted with git-crypt are not compressible.  Even the smallest
-change to an encrypted file requires git to store the entire changed file,
-instead of just a delta.
-
-Although git-crypt protects individual file contents with a SHA-1
-HMAC, git-crypt cannot be used securely unless the entire repository is
-protected against tampering (an attacker who can mutate your repository
-can alter your .gitattributes file to disable encryption).  If necessary,
-use git features such as signed tags instead of relying solely on
-git-crypt for integrity.
-
-Files encrypted with git-crypt cannot be patched with git-apply, unless
-the patch itself is encrypted.  To generate an encrypted patch, use `git
-diff --no-textconv --binary`.  Alternatively, you can apply a plaintext
-patch outside of git using the patch command.
-
-git-crypt does not work reliably with some third-party git GUIs, such
-as Atlassian SourceTree <https://jira.atlassian.com/browse/SRCTREE-2511>
-and GitHub for Mac.  Files might be left in an unencrypted state.
-
-
-GITATTRIBUTES FILE
-
-The .gitattributes file is documented in the gitattributes(5) man page.
-The file pattern format is the same as the one used by .gitignore,
-as documented in the gitignore(5) man page, with the exception that
-specifying merely a directory (e.g. `/dir/`) is NOT sufficient to
-encrypt all files beneath it.
-
-Also note that the pattern `dir/*` does not match files under
-sub-directories of dir/.  To encrypt an entire sub-tree dir/, place the
-following in dir/.gitattributes:
-
-	* filter=git-crypt diff=git-crypt
-	.gitattributes !filter !diff
-
-The second pattern is essential for ensuring that .gitattributes itself
-is not encrypted.
-
-
-MAILING LISTS
-
-To stay abreast of, and provide input to, git-crypt development, consider
-subscribing to one or both of our mailing lists:
-
-Announcements: https://lists.cloudmutt.com/mailman/listinfo/git-crypt-announce
-Discussion:    https://lists.cloudmutt.com/mailman/listinfo/git-crypt-discuss

README.md

@@ -31,6 +31,7 @@ Specify files to encrypt by creating a .gitattributes file:
 
     secretfile filter=git-crypt diff=git-crypt
     *.key filter=git-crypt diff=git-crypt
+    secretdir/** filter=git-crypt diff=git-crypt
 
 Like a .gitignore file, it can match wildcards and should be checked into
 the repository.  See below for more information about .gitattributes.
@@ -55,7 +56,7 @@ are added to your repository):
 
     git-crypt export-key /path/to/key
 
-After cloning a repository with encrypted files, unlock with with GPG:
+After cloning a repository with encrypted files, unlock with GPG:
 
     git-crypt unlock
 
@@ -70,8 +71,8 @@ encryption and decryption happen transparently.
 Current Status
 --------------
 
-The latest version of git-crypt is [0.6.0](NEWS.md), released on
+The latest version of git-crypt is [0.8.0](NEWS.md), released on
-2017-11-26.  git-crypt aims to be bug-free and reliable, meaning it
+2025-09-23.  git-crypt aims to be bug-free and reliable, meaning it
 shouldn't crash, malfunction, or expose your confidential data.
 However, it has not yet reached maturity, meaning it is not as
 documented, featureful, or easy-to-use as it should be.  Additionally,
@@ -110,6 +111,16 @@ git-crypt does not hide when a file does or doesn't change, the length
 of a file, or the fact that two files are identical (see "Security"
 section above).
 
+git-crypt does not support revoking access to an encrypted repository
+which was previously granted. This applies to both multi-user GPG
+mode (there's no del-gpg-user command to complement add-gpg-user)
+and also symmetric key mode (there's no support for rotating the key).
+This is because it is an inherently complex problem in the context
+of historical data. For example, even if a key was rotated at one
+point in history, a user having the previous key can still access
+previous repository history. This problem is discussed in more detail in
+<https://github.com/AGWA/git-crypt/issues/47>.
+
 Files encrypted with git-crypt are not compressible.  Even the smallest
 change to an encrypted file requires git to store the entire changed file,
 instead of just a delta.
@@ -140,20 +151,12 @@ specifying merely a directory (e.g. `/dir/`) is *not* sufficient to
 encrypt all files beneath it.
 
 Also note that the pattern `dir/*` does not match files under
-sub-directories of dir/.  To encrypt an entire sub-tree dir/, place the
+sub-directories of dir/.  To encrypt an entire sub-tree dir/, use `dir/**`:
-following in dir/.gitattributes:
+
+    dir/** filter=git-crypt diff=git-crypt
+
+The .gitattributes file must not be encrypted, so make sure wildcards don't
+match it accidentally.  If necessary, you can exclude .gitattributes from
+encryption like this:
 
-    * filter=git-crypt diff=git-crypt
     .gitattributes !filter !diff
-
-The second pattern is essential for ensuring that .gitattributes itself
-is not encrypted.
-
-Mailing Lists
--------------
-
-To stay abreast of, and provide input to, git-crypt development,
-consider subscribing to one or both of our mailing lists:
-
-* [Announcements](https://lists.cloudmutt.com/mailman/listinfo/git-crypt-announce)
-* [Discussion](https://lists.cloudmutt.com/mailman/listinfo/git-crypt-discuss)

commands.cpp

@@ -51,6 +51,12 @@
 #include <exception>
 #include <vector>
 
+enum {
+	// # of arguments per git checkout call; must be large enough to be efficient but small
+	// enough to avoid operating system limits on argument length
+	GIT_CHECKOUT_BATCH_SIZE = 100
+};
+
 static std::string attribute_name (const char* key_name)
 {
 	if (key_name) {
@@ -183,15 +189,19 @@ static void deconfigure_git_filters (const char* key_name)
 	}
 }
 
-static bool git_checkout (const std::vector<std::string>& paths)
+static bool git_checkout_batch (std::vector<std::string>::const_iterator paths_begin, std::vector<std::string>::const_iterator paths_end)
 {
+	if (paths_begin == paths_end) {
+		return true;
+	}
+
 	std::vector<std::string>	command;
 
 	command.push_back("git");
 	command.push_back("checkout");
 	command.push_back("--");
 
-	for (std::vector<std::string>::const_iterator path(paths.begin()); path != paths.end(); ++path) {
+	for (auto path(paths_begin); path != paths_end; ++path) {
 		command.push_back(*path);
 	}
 
@@ -202,6 +212,18 @@ static bool git_checkout (const std::vector<std::string>& paths)
 	return true;
 }
 
+static bool git_checkout (const std::vector<std::string>& paths)
+{
+	auto paths_begin(paths.begin());
+	while (paths.end() - paths_begin >= GIT_CHECKOUT_BATCH_SIZE) {
+		if (!git_checkout_batch(paths_begin, paths_begin + GIT_CHECKOUT_BATCH_SIZE)) {
+			return false;
+		}
+		paths_begin += GIT_CHECKOUT_BATCH_SIZE;
+	}
+	return git_checkout_batch(paths_begin, paths.end());
+}
+
 static bool same_key_name (const char* a, const char* b)
 {
 	return (!a && !b) || (a && b && std::strcmp(a, b) == 0);
@@ -1171,7 +1193,7 @@ int lock (int argc, const char** argv)
 	}
 	if (!git_checkout(encrypted_files)) {
 		std::clog << "Error: 'git checkout' failed" << std::endl;
-		std::clog << "git-crypt has been locked but up but existing decrypted files have not been encrypted" << std::endl;
+		std::clog << "git-crypt has been locked up but existing decrypted files have not been encrypted" << std::endl;
 		return 1;
 	}
 
@@ -1275,7 +1297,8 @@ int add_gpg_user (int argc, const char** argv)
 			std::ostringstream	commit_message_builder;
 			commit_message_builder << "Add " << collab_keys.size() << " git-crypt collaborator" << (collab_keys.size() != 1 ? "s" : "") << "\n\nNew collaborators:\n\n";
 			for (std::vector<std::pair<std::string, bool> >::const_iterator collab(collab_keys.begin()); collab != collab_keys.end(); ++collab) {
-				commit_message_builder << '\t' << gpg_shorten_fingerprint(collab->first) << ' ' << gpg_get_uid(collab->first) << '\n';
+				commit_message_builder << "    " << collab->first << '\n';
+				commit_message_builder << "        " << gpg_get_uid(collab->first) << '\n';
 			}
 
 			// git commit -m MESSAGE NEW_FILE ...

crypto-openssl-10.cpp

@@ -1,120 +0,0 @@
-/*
- * Copyright 2012, 2014 Andrew Ayer
- *
- * This file is part of git-crypt.
- *
- * git-crypt is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * git-crypt is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with git-crypt.  If not, see <http://www.gnu.org/licenses/>.
- *
- * Additional permission under GNU GPL version 3 section 7:
- *
- * If you modify the Program, or any covered work, by linking or
- * combining it with the OpenSSL project's OpenSSL library (or a
- * modified version of that library), containing parts covered by the
- * terms of the OpenSSL or SSLeay licenses, the licensors of the Program
- * grant you additional permission to convey the resulting work.
- * Corresponding Source for a non-source form of such a combination
- * shall include the source code for the parts of OpenSSL used as well
- * as that of the covered work.
- */
-
-#include <openssl/opensslconf.h>
-
-#if !defined(OPENSSL_API_COMPAT)
-
-#include "crypto.hpp"
-#include "key.hpp"
-#include "util.hpp"
-#include <openssl/aes.h>
-#include <openssl/sha.h>
-#include <openssl/hmac.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/err.h>
-#include <sstream>
-#include <cstring>
-
-void init_crypto ()
-{
-	ERR_load_crypto_strings();
-}
-
-struct Aes_ecb_encryptor::Aes_impl {
-	AES_KEY key;
-};
-
-Aes_ecb_encryptor::Aes_ecb_encryptor (const unsigned char* raw_key)
-: impl(new Aes_impl)
-{
-	if (AES_set_encrypt_key(raw_key, KEY_LEN * 8, &(impl->key)) != 0) {
-		throw Crypto_error("Aes_ctr_encryptor::Aes_ctr_encryptor", "AES_set_encrypt_key failed");
-	}
-}
-
-Aes_ecb_encryptor::~Aes_ecb_encryptor ()
-{
-	// Note: Explicit destructor necessary because class contains an unique_ptr
-	// which contains an incomplete type when the unique_ptr is declared.
-
-	explicit_memset(&impl->key, '\0', sizeof(impl->key));
-}
-
-void Aes_ecb_encryptor::encrypt(const unsigned char* plain, unsigned char* cipher)
-{
-	AES_encrypt(plain, cipher, &(impl->key));
-}
-
-struct Hmac_sha1_state::Hmac_impl {
-	HMAC_CTX ctx;
-};
-
-Hmac_sha1_state::Hmac_sha1_state (const unsigned char* key, size_t key_len)
-: impl(new Hmac_impl)
-{
-	HMAC_Init(&(impl->ctx), key, key_len, EVP_sha1());
-}
-
-Hmac_sha1_state::~Hmac_sha1_state ()
-{
-	// Note: Explicit destructor necessary because class contains an unique_ptr
-	// which contains an incomplete type when the unique_ptr is declared.
-
-	HMAC_cleanup(&(impl->ctx));
-}
-
-void Hmac_sha1_state::add (const unsigned char* buffer, size_t buffer_len)
-{
-	HMAC_Update(&(impl->ctx), buffer, buffer_len);
-}
-
-void Hmac_sha1_state::get (unsigned char* digest)
-{
-	unsigned int len;
-	HMAC_Final(&(impl->ctx), digest, &len);
-}
-
-
-void random_bytes (unsigned char* buffer, size_t len)
-{
-	if (RAND_bytes(buffer, len) != 1) {
-		std::ostringstream	message;
-		while (unsigned long code = ERR_get_error()) {
-			char		error_string[120];
-			ERR_error_string_n(code, error_string, sizeof(error_string));
-			message << "OpenSSL Error: " << error_string << "; ";
-		}
-		throw Crypto_error("random_bytes", message.str());
-	}
-}
-
-#endif

crypto-openssl-11.cpp

@@ -28,10 +28,6 @@
  * as that of the covered work.
  */
 
-#include <openssl/opensslconf.h>
-
-#if defined(OPENSSL_API_COMPAT)
-
 #include "crypto.hpp"
 #include "key.hpp"
 #include "util.hpp"
@@ -115,5 +111,3 @@ void random_bytes (unsigned char* buffer, size_t len)
 		throw Crypto_error("random_bytes", message.str());
 	}
 }
-
-#endif

git-crypt.hpp

@@ -31,7 +31,7 @@
 #ifndef GIT_CRYPT_GIT_CRYPT_HPP
 #define GIT_CRYPT_GIT_CRYPT_HPP
 
-#define VERSION "0.6.0"
+#define VERSION "0.8.0"
 
 extern const char*	argv0;	// initialized in main() to argv[0]
 

gpg.cpp

@@ -61,12 +61,6 @@ static std::string gpg_nth_column (const std::string& line, unsigned int col)
 	       line.substr(pos);
 }
 
-// given a key fingerprint, return the last 8 nibbles
-std::string gpg_shorten_fingerprint (const std::string& fingerprint)
-{
-	return fingerprint.size() == 40 ? fingerprint.substr(32) : fingerprint;
-}
-
 // given a key fingerprint, return the key's UID (e.g. "John Smith <jsmith@example.com>")
 std::string gpg_get_uid (const std::string& fingerprint)
 {

gpg.hpp

@@ -41,7 +41,6 @@ struct Gpg_error {
 	explicit Gpg_error (std::string m) : message(m) { }
 };
 
-std::string			gpg_shorten_fingerprint (const std::string& fingerprint);
 std::string			gpg_get_uid (const std::string& fingerprint);
 std::vector<std::string>	gpg_lookup_key (const std::string& query);
 std::vector<std::string>	gpg_list_secret_keys ();

man/git-crypt.xml

@@ -7,8 +7,8 @@
 	-->
 	<refentryinfo>
 		<title>git-crypt</title>
-		<date>2017-11-26</date>
+		<date>2022-04-21</date>
-		<productname>git-crypt 0.6.0</productname>
+		<productname>git-crypt 0.8.0</productname>
 
 		<author>
 			<othername>Andrew Ayer</othername>

parse_options.cpp

@@ -43,7 +43,7 @@ int parse_options (const Options_list& options, int argc, const char** argv)
 {
 	int	argi = 0;
 
-	while (argi < argc && argv[argi][0] == '-') {
+	while (argi < argc && argv[argi][0] == '-' && argv[argi][1] != '\0') {
 		if (std::strcmp(argv[argi], "--") == 0) {
 			++argi;
 			break;